Static Analysis

PE Compile Time

2011-07-15 02:24:23

PE Imphash

562e1e2bdbbd7609d44efeed3a0bcbf4

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x0000c518 0x0000d000 5.60142518329
.data 0x0000e000 0x0000170c 0x00001000 0.0
.rsrc 0x00010000 0x00071810 0x00072000 6.67158066041

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x00016d98 0x00000128 LANG_NEUTRAL SUBLANG_NEUTRAL Device independent bitmap graphic, 16 x 32 x 4, image size 192
RT_ICON 0x00016d98 0x00000128 LANG_NEUTRAL SUBLANG_NEUTRAL Device independent bitmap graphic, 16 x 32 x 4, image size 192
RT_ICON 0x00016d98 0x00000128 LANG_NEUTRAL SUBLANG_NEUTRAL Device independent bitmap graphic, 16 x 32 x 4, image size 192
RT_ICON 0x00016d98 0x00000128 LANG_NEUTRAL SUBLANG_NEUTRAL Device independent bitmap graphic, 16 x 32 x 4, image size 192
RT_ICON 0x00016d98 0x00000128 LANG_NEUTRAL SUBLANG_NEUTRAL Device independent bitmap graphic, 16 x 32 x 4, image size 192
RT_ICON 0x00016d98 0x00000128 LANG_NEUTRAL SUBLANG_NEUTRAL Device independent bitmap graphic, 16 x 32 x 4, image size 192
RT_ICON 0x00016d98 0x00000128 LANG_NEUTRAL SUBLANG_NEUTRAL Device independent bitmap graphic, 16 x 32 x 4, image size 192
RT_ICON 0x00016d98 0x00000128 LANG_NEUTRAL SUBLANG_NEUTRAL Device independent bitmap graphic, 16 x 32 x 4, image size 192
RT_ICON 0x00016d98 0x00000128 LANG_NEUTRAL SUBLANG_NEUTRAL Device independent bitmap graphic, 16 x 32 x 4, image size 192
RT_ICON 0x00016d98 0x00000128 LANG_NEUTRAL SUBLANG_NEUTRAL Device independent bitmap graphic, 16 x 32 x 4, image size 192
RT_GROUP_ICON 0x00016ec0 0x00000076 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x00016f38 0x000005dc LANG_ENGLISH SUBLANG_ENGLISH_US data
None 0x00081520 0x000002f0 LANG_ENGLISH SUBLANG_ENGLISH_US ISO-8859 text, with very long lines (752), with no line terminators
None 0x00081520 0x000002f0 LANG_ENGLISH SUBLANG_ENGLISH_US ISO-8859 text, with very long lines (752), with no line terminators

Imports

Library kernel32.dll:
0x401000 GetProcAddress
0x401004 RtlMoveMemory
0x401008 LoadLibraryA
Library user32.dll:
0x401010 CallWindowProcA
Library MSVBVM60.DLL:
0x401018 __vbaVarTstGt
0x40101c _CIcos
0x401020 _adj_fptan
0x401024 __vbaVarMove
0x401028 __vbaStrI4
0x40102c __vbaVarVargNofree
0x401030 __vbaAryMove
0x401034 __vbaFreeVar
0x401038 __vbaGosubReturn
0x40103c __vbaStrVarMove
0x401040 __vbaLenBstr
0x401044 __vbaEnd
0x401048 __vbaPut3
0x40104c __vbaFreeVarList
0x401050 _adj_fdiv_m64
0x401054 __vbaNextEachVar
0x401058 None
0x40105c _adj_fprem1
0x401060 None
0x401064 __vbaStrCat
0x401068 __vbaLsetFixstr
0x40106c __vbaSetSystemError
0x401074 _adj_fdiv_m32
0x401078 __vbaAryVar
0x40107c __vbaAryDestruct
0x401080 __vbaVarForInit
0x401084 None
0x401088 None
0x40108c None
0x401090 __vbaOnError
0x401094 _adj_fdiv_m16i
0x401098 __vbaObjSetAddref
0x40109c _adj_fdivr_m16i
0x4010a0 __vbaVarTstLt
0x4010a4 _CIsin
0x4010a8 __vbaErase
0x4010ac None
0x4010b0 __vbaVarZero
0x4010b4 __vbaChkstk
0x4010b8 __vbaGosubFree
0x4010bc __vbaFileClose
0x4010c0 EVENT_SINK_AddRef
0x4010c8 None
0x4010cc __vbaStrCmp
0x4010d0 __vbaVarTstEq
0x4010d4 __vbaAryConstruct2
0x4010d8 __vbaCyI4
0x4010dc __vbaObjVar
0x4010e0 __vbaI2I4
0x4010e4 DllFunctionCall
0x4010e8 __vbaRedimPreserve
0x4010ec _adj_fpatan
0x4010f4 __vbaRedim
0x4010f8 EVENT_SINK_Release
0x4010fc None
0x401100 __vbaUI1I2
0x401104 _CIsqrt
0x40110c __vbaUI1I4
0x401110 __vbaExceptHandler
0x401114 None
0x401118 __vbaPrintFile
0x40111c None
0x401120 __vbaStrToUnicode
0x401124 _adj_fprem
0x401128 _adj_fdivr_m64
0x40112c __vbaGosub
0x401130 None
0x401134 None
0x401138 __vbaFPException
0x40113c None
0x401140 __vbaStrVarVal
0x401144 __vbaUbound
0x401148 __vbaVarCat
0x40114c None
0x401150 None
0x401154 _CIlog
0x401158 __vbaErrorOverflow
0x40115c __vbaFileOpen
0x401160 None
0x401164 __vbaR8Str
0x401168 __vbaNew2
0x40116c __vbaInStr
0x401170 _adj_fdiv_m32i
0x401174 _adj_fdivr_m32i
0x401178 __vbaStrCopy
0x40117c __vbaI4Str
0x401180 __vbaFreeStrList
0x401184 _adj_fdivr_m32
0x401188 _adj_fdiv_r
0x40118c None
0x401190 __vbaI4Var
0x401194 __vbaLateMemCall
0x401198 __vbaAryLock
0x40119c __vbaVarDup
0x4011a0 __vbaStrToAnsi
0x4011a4 __vbaFpI4
0x4011ac __vbaLateMemCallLd
0x4011b0 None
0x4011b4 _CIatan
0x4011b8 __vbaUI1Str
0x4011bc __vbaAryCopy
0x4011c0 __vbaStrMove
0x4011c4 None
0x4011c8 __vbaForEachVar
0x4011cc _allmul
0x4011d0 _CItan
0x4011d4 __vbaFPInt
0x4011d8 __vbaAryUnlock
0x4011dc __vbaVarForNext
0x4011e0 _CIexp
0x4011e4 __vbaFreeObj
0x4011e8 __vbaI4ErrVar
0x4011ec __vbaFreeStr
!This program cannot be run in DOS mode.
`.data
kernel32.dll
NTDLL.DLL
user32.dll
MSVBVM60.DLL
Project1
Payload
Project1
Project1
COMDLG32.OCX
MSComDlg.CommonDialog
CommonDialog
Module1
Module2
Module3
Module4
Module5
Module6
Module7
Module8
Module9
Module10
Module11
Module12
Module13
Module14
Project1
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
VBA6.DLL
__vbaErrorOverflow
__vbaAryDestruct
__vbaUbound
__vbaFreeStrList
__vbaStrI4
__vbaUI1I2
__vbaFreeVar
__vbaFreeStr
__vbaStrMove
__vbaUI1I4
__vbaGenerateBoundsError
__vbaI4Str
__vbaLenBstr
__vbaI2I4
__vbaAryConstruct2
user32.dll
CallWindowProcA
__vbaVarMove
__vbaVarVargNofree
__vbaI4ErrVar
kernel32.dll
RtlMoveMemory
__vbaI4Var
GetProcAddress
__vbaStrToUnicode
__vbaStrToAnsi
LoadLibraryA
__vbaOnError
__vbaStrCopy
__vbaVarZero
__vbaErase
__vbaRedim
__vbaAryUnlock
__vbaAryLock
__vbaFreeVarList
__vbaFreeObj
__vbaNextEachVar
__vbaObjVar
__vbaLateMemCall
__vbaVarDup
__vbaVarLateMemCallLd
__vbaForEachVar
__vbaAryCopy
__vbaRedimPreserve
__vbaFpI4
advapi32.dll
ConvertStringSecurityDescriptorToSecurityDescriptorA
SetKernelObjectSecurity
__vbaSetSystemError
USER32
CallWindowProcA
__vbaStrCat
__vbaUI1Str
__vbaStrVarMove
__vbaLsetFixstr
__vbaInStr
__vbaFixstrConstruct
__vbaHresultCheckObj
__vbaNew2
__vbaCyI4
__vbaAryMove
__vbaStrCmp
__vbaFileClose
__vbaPut3
__vbaFileOpen
__vbaEnd
__vbaR8Str
__vbaAryVar
__vbaVarForNext
__vbaPrintFile
__vbaVarCat
__vbaVarTstGt
__vbaVarTstLt
__vbaFPInt
__vbaVarForInit
__vbaVarTstEq
__vbaLateMemCallLd
__vbaStrVarVal
__vbaObjSetAddref
__vbaGosubFree
__vbaGosubReturn
__vbaGosub
TahomaD
CommonDialog1
MSComDlg.CommonDialog
wwwwwwww
wwwwwwwwwwwwww
DDDDDDDDD@
DDDDDDDDDGpw
DDDDDDDDDGpw
DDDDDDDDDDDDDD
wwwwwwwwwwwwww
DDDDDD
wwwwww
TahomaD
p4h0)@
kernel32.dll
MSVBVM60.DLL
user32.dll
GetProcAddress
RtlMoveMemory
LoadLibraryA
CallWindowProcA
__vbaVarTstGt
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaGosubReturn
__vbaStrVarMove
__vbaLenBstr
__vbaEnd
__vbaPut3
__vbaFreeVarList
_adj_fdiv_m64
__vbaNextEachVar
_adj_fprem1
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryVar
__vbaAryDestruct
__vbaVarForInit
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarTstLt
_CIsin
__vbaErase
__vbaVarZero
__vbaChkstk
__vbaGosubFree
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaVarTstEq
__vbaAryConstruct2
__vbaCyI4
__vbaObjVar
__vbaI2I4
DllFunctionCall
__vbaRedimPreserve
_adj_fpatan
__vbaFixstrConstruct
__vbaRedim
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaUI1I4
__vbaExceptHandler
__vbaPrintFile
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaGosub
__vbaFPException
__vbaStrVarVal
__vbaUbound
__vbaVarCat
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaR8Str
__vbaNew2
__vbaInStr
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
__vbaI4Var
__vbaLateMemCall
__vbaAryLock
__vbaVarDup
__vbaStrToAnsi
__vbaFpI4
__vbaVarLateMemCallLd
__vbaLateMemCallLd
_CIatan
__vbaUI1Str
__vbaAryCopy
__vbaStrMove
__vbaForEachVar
_allmul
_CItan
__vbaFPInt
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaI4ErrVar
__vbaFreeStr
.K|xv*
ruI&*{
tE;"Cuuu)
<H?6%=BC4*=qJ;
"758G}
USqKOOT
%<AHyrL#
"68600
7?AA<6%
68 7Eu|J=
0+.!NyF"4DA: %J~x:
~G =vHD:
,c&=[8C
N< Q@%Wr!8
-$|"!o
;.s*:w7
+8~30p,
@<x67p2
nRYY^/Zvrp
-urV^^81^ZUuq?
1Ze`7007_]Z9
.1372/9y
!!! 
.6`\Tyn
'.6`^W{
-*GMLJKi&'
{Vcc3'
029>LONI*-
2338:<*
/66_[YYH*
A2_c6.03612`]TsrppI
Ve`2acc_21Zu
{T90XXXYZ0/J
y<<ov{RRP
-[ 9X@D
!e;y3
5(d%(|$N
0d-)o$l
1/|*!_
(l$1x,J
%`#t*o%
&j$82v.
+Ak>%BS
"4gD&>Y
{ ` ,`
&b#E^
6 1r/L
eob
%q#L4s.
"i q [
#i X$p#
"J"@3^2
-e*#8d7
8y8_7b5
*;1"0R4
<{;>+U+
>r>)4]3
:s;,6n6X5l6i3t3A:f;DAt@
E!.7g6
9p:1fff
(O(r4`2
+\+C7e6
4v6$;j:
7c77@@@
>v=v?v>
:o;@0G0
<`< 8]70BmB
wwwwwwww
wwwwwwwwwwwwww
DDDDDDDDD@
DDDDDDDDDGpw
DDDDDDDDDGpw
DDDDDDDDDDDDDD
wwwwwwwwwwwwww
DDDDDD
wwwwww
JFIFF\
!Whiu#vrlgqan `anmlw#ae#rvm im#GLS mogf.
`/eawk
MPUIVM60-DOL
app\yfupfu
vutQfpcqrfQ`iaz
spwQclay
7^UL?N
Pdchet
fqhNbin
tnrLivfIodger
whrImtervboVpdawf
usqReverseQflay
ass\serwor.usrQewerseQeoay
tmqGrbbber
sckEoqiGrbb
dsp_sequer-tuqQamby
tnqEocvs
tnrBlaunp
si`Wovma
qjbTkvhfPjyb
slr@lTerj
plvSaxtipwaj~
pls]ofImca
uiqNogkPL
pchJogl
asp\xnuufq.Uochdu
wnvAudjl
p`nPfqufq
avp\p`qwfq-Plbhfw
tir@qjqz
umsAhhve
wnySfrddorniw
xhkQcmay
duu\uetvdt-vprSelg}
rkrDOS
tmrIhakwjvb
pjcW`reenundt
wnrRsvib
rmrPp`qb
tmqBnpmvw
sbkTrbnrfdq
apx\pfruex.So`hfw
bsp^pnr}fr
lppzEllhicGgra
lvgtSoyf
7]UO?M
7V]L4N
bssXscrvfr.Toclet
Po`hfs
VxQtN`
hpr_pnr|dx/~yyYoo`y
~ssYefjr
gpr\rewvev.ussWnvcssaYdobz
trsQauerseYelar
mrvhmpbj-obx
NPWjnrlckOic.Wjmpl`h
Tjmpo`j
fwiNajn
hidEu`tilhp
lo`Svtcbe
mogBQI
mobRngjetKaur`r
@SockduIaruer
ro`n`t
ewmR`h
vrtTamex
mieIHndq
lldICgjlBbck
WcnIheuBpync
midVWs
mlbOaunbiQcb
cCDD@J
midRdfjstry
`RubEls
oRubCop
lobYhig`
lodSwudc|es
geb@sbii
eqlNijack
mobNiiack
frlCigr
mibOn`eet
modTostch~Udcd
mneIniVE
nodBryqw
`Inadf
negS`qffm`bs
mWjmpl`h
nlbHwHjoofs
vpqQfufqraSoobr
eRwfal
lngOE@
crs_rfsrfq
VePva`obsp
unvHmufOlddfv
@9_Sqlmqan#Ejofp#+{;5*XNjbrhwkgu$Pmy
bh!Ppv`oeXUA:;_RF5-LOA
IFVK]YAQYEA
@9_Tjjgltp_PzyQLT57_jfeqenf-goo
POGl`Uq
sjqFvgjo
snuGOS
tjrDub}z
wnrBitop~
wnqPsbrd
wnrJmwfusboRpgftf
wnwAhTlrl
[SoeEuotter
tirWaaKlgb
tnqFo`ut
Z9uclTugnpebr
rmuDqbebbw
pdlSfqqfr
wjuTwqlg
pnuHmflSO
slqBl`rnu
pfyInakrbuoter
rkqSoyxiuwahr
vjbWksmi
pibPhrnemphl~
ukyShreeepkot
tmtGojpf
sicRiskhSh{c
sehSfjbz
p`mJnfl
rcmEntnAqba
tjmnn/eoj
nelPembVwsikgA
usft32
SftCutuirWos
Xta{LltsfButwon
LihcWjndotExB
FijdWinaetB
F\Mv~ex
lVvbCls\Bnqes
lSubFls[Gotsufp
CftBrowpfuHbne4
SBWKUTNNLOGJJ
TmfAqlwpfr\AfeotfMavlbbte2
WheAqjryfq_LmRvct
ARLTPFQ\EB\GocunfnwCjnpiawf
BQMSPER\EG]LmSsjw
CBAAADMH\URGVT
pvfq07-alo
SewQmhar
KlioTjnbw
agva{b35-coo
@eqRpewIdmeD
koqifk31
GesClgwvtbqNageB
phelf32.gfo
TODfwFlogfqVawkJ
AfwTnnpSatlA
DewGophtlsTimdlt
GfwTimglt
VDPPo`het
DfwTbmgltWf{wA
CpTjdgl}Ujpjflf
DfwTimdoqRfis
NWUB\G<3
_\veaS~qWlAoym
hfxnfo31$dlf
PfuLnoeSointfx
EovsbFjobA~mefqp
CqfbteFjlfA
TyjtcMnof
Dfr@jofPj{f
DfuUlotnfJmelqngwhlmB
BdwEjrhCsdfTs`bfB
CwhnfThmeivWlUlq
DeuLldj`alEqiufSpriodpA
bujcgv04(glo
easFetGtjucqBctcqivtiohB
dkPbq`lnrcqpJmelB
AfwGqiueWzsfB
MoveEjoeF{A
agtsk`k.dnl
IsLWBnoin
DcwWoemCiqjp
AetJgutImsvtOn`o
AcpOlegjeOnfkA
oc@fzSrarc
@loseKfngib
CaioNextBoll@
PvpsemgThqeag
PfwTcmgjtpKllhF{A
UnbolhTnigowpCeekEx
^oUmicodnO{
DftHoybobqgOa|o
MfrHcsalkqgPwbwo
@fuHa|Ruawf
PRAQI-DLO
Podtksn
IpMottlrjDlhsa
WkAr`ji
VCEjoeLu`qbtjlmB
D`wElqfdqhvkgPjkglt
DfwTjkgltQ`}wLfmdwkB
CindBmns`
CjmgEjqpwElofB
EjmgDorwEiffB
@tfgtfVre`opsG
@qc`wfPjpe
QckbEjoe
Sbhn`rdMrpn|
ElqXbodonHeif`p
bujhbs42
``{Cqcg
bEaps~rcWiego|G
UrkKopcNckhq
UbmbKcupfafB
QwoGgivpwSqjujofdf
NpPfwOmllqnkwjlmSql`fpp
FewWijeowThreadTsocdpsHb
ReskjobwePqocdrv
LzekPrjceys
CHDQZKBAMSB
Do~MjdpoeLifeKdge@rA
EnvmZrocfsyGogufep
@qfgteWollkelp31Pmgpsnow
Tkqebg31Ejqpw
Whqebd02Mfxt
Lsee_hvnjo
wxs@le
QbxvnnWhuaeg
j`ue{i79
L{nmT@IjmacfyJ
EpedVfqvjif@
StbswSersi`eA
@lnwrjlSdqwib`
CllpbP`rwhceHaoel`
htompduh
FetWbqTgcmd
WTO@J33
jndw^mulb
SewTjkaltWjv
JyTlq<7Wrleett
McwNogvjfKbmdffK
BetMlduonFig`NdheD
GftBurqfntQsncdsw
FyhtTindowsDy
OqfnSqnbessUokdm
LoohusPqjvjoddeVblveA
EdivptWohfnSrivilfdfs
SfwLaptEqrlr
Fm~nWingltx
TjhInew.goo
cUulCb`keFnwq
vyonom
VROEotoolbg_lEikfF
UkkqSonaiw
wnw@mf`h
DlohhInpvw
PfwFlqfgqlvogTimglt
PfsEhcvp
TofkoB{fdvtbF
Jisbqmet@nsDll`neA
fqmfwPfw@llhieB
SlpwNfppbdfB
GfswqozQomoo|
hfzag\fuenw
F{jtPql`fyp
wxwNbim
wnvAojmh
mptFjoep
`ngPhovejofp
oboKfbgfq
oakWjnfw
objJhei
oboJhpqqs`wllnu
wkq@ovhwgiwh
VQJHTYOMURQVFWILHP
I@9YQqjfrdn%Ejo`p#){95*\Lj`rnplfq Ujvvdo#Vwvaio_SA:=_wab24533-lbb
NPTinsocmLib
wnx^@S
tnxVNS
VGSFlolg
\AB<-GOO
Pua@kbpp
BdgNpm
I:_]jndlwp_PzpTks<7_gwuaum53-dofV0
AetTjhdltOlmgB
vu4_00-goo
OsWjogoq
SetWimdewOlmdA
DewGjvkEqffPsb`fF{@
Wrj~eZqjqawfZrlljjoS
SftEimd@uurbauwfsA
DfuCmapsNbldA
GqbaR~fsyFojfJ
GllaaoBoloc
GljaglLjck
AmoagoPnoodm
FnswyConseoaug
KtbeDoisilbqg
CaooQjmgltSql`T
@bioWjegltPrlcA
OjjdObbveryA
CfqPvlcAgdrevs
[XvbeFos}Gzt`v
DarRfwsjlhF{B
PfmaVqiarfuu
GatWingotE@
AjpAou
PcuRwwcweiCorNief
SwqftchImu
RnofapeDC
DGJPoup
DdiplupStartt{
DdovovpSkuteltm
Dglp@sfaqfAitnbsGqkmKBIWNBU
GdhqGjpqlxdOl`ff
FglsVjsfJhdbfWjFjof
@MSJGEwlnVwwjmc
n`oDfwFrwoyPrtjndB
UchbEikvocwf
AjldgoErcc
\XJPwayws{
VU@Hmc`ht{
QPKJs~hbDnuNlr
DrNbmd
gnrrdb`nsw
@ndmo`tjnmTeztnst
TSAApzn`Sfoe`w
@webwfTjmaorFxD
jpwxofhD
ipqq`p
`fsklpwbzmknf
sochft
glmmf`w
mfpklpwmknf
cfqsocomdfn
dfqs`aqmbif
jkaqZdaaq
pfhbto
pewsiihlvr
qfcveqom
WPB@am`eoBszj`Yfqvfsu
ac`fpw
jo`tlpi`hcw
holpfsockf
TmgPql`
VfnltfSlqw
QfjjwfKlpq
Qfnlt`OlpwJS
Kl``oSlwq
Il`biKnvwDdm`
Ll`biJS
A|wfpQ``djufg
PldhfwKbkaoo
ssjwnief
@ilp`P`h
@lmkebw
VfdcCbwf
DfqAbwb
Q`fkGbwb
Lipw`o
Bf``pq
G`wbDwxjsdo
TPL@K01-GKO
VP@IpCoh`ljnd
TPAEbobdmDll`jhmgCbkl
@qefOicsaqy
TSBIlcwk
SPBDbrOgptFqroq
Qdf@hkreKey
QfdLsamOazA{@
RegQufryVemueE{B
Afw@vqqfnsSqicfpsIg
Svjffxp61Ejqpt
Srjfets45Mb
VnrsrbiQuctzE
Q`bgWro``ppMfnjuy
WfqnjmbwfTkqfbg
hsgho(`lo
fxzJmelrnbwihmWnqobg
psfmJmae
TjgeCkawRlMsotoAzwf
UjqwualAllo`
RtlYfroNenetz
nle31-dll
CoTaphNonAloo`
ClTaskNfmEqeo
VjqpvbhEuea
Oo`boEqfb
HkcalDkkkg
@qngAnvnevbteV
GveeEynf
cqztw09%dgg
GqztwVjsqd
f`wOjwj
khegvw01-gol
T~pFlhhdPsqijd
RbcDelewfUajue@
RfdKqfhHezA
QfdFmvnUbksdB
EtzwwG`quitf@ln
DtxswDudjwfKgph
BsxswHbrkG`u`
BimgEeywUqo@b`ldFowszA
jndMhehljyn
BszswDntKbpkSbqbn
PbdnHbsmB
@yzstOnp
ylzMapk
@wzuwQfo`fsf@jkt`}w
rjnimeq
FikdFirstPwiCbcboOntrrD
jnf@olrd
jldLodjmQqfspeg
jmgLl`jn
wxtB`cMame
wmrKioo
w{tPasswnqg
cmdRfmdmbfq
jn`Swean
Ref@sfjweJfrB
QfdGnletfHeyA
QfdRfwUbovfFxE
QagFmuiKfyE{B
Dubbte@lnpbwjaofGF
@qfbwe@lnsbwjaofAj~nbs
dgj01-dji
Vfof`wLg`ffw
Gfofw`G@
eOajnct
dlepxl31-gol
OlfFrnbtfSi`tprfImdjqfiw
Jmweqmf
JmwfqmewSetPwbwvsCbgoab`k
Jmwfqme
@ommf`wB
InteqmftReagMiof
JmwfrmawKsfmVqoB
JewfqmewRufv}DepbEubjobaha
EwpDfwGvqvampGjvfctlrzA
Ckqfvjfw@lksfHfddlo
PlfetE{
FwpDewBhoeB
EtpPrtEil`A
EtsPetCtrreiwGhrfdsoqyD
FwsMrflAnkgC
EwsEgwEblgQjyf
FwrGfoewfEiofB
Ews@qfbseGirecwdszJ
FwsRnlludGiqd`tlqyA
FusRfnameGjlfB
Ehscnmmfcw
GwpGdwellbg
sTqmnad
EusFfwEhqfiulrz
Hwws\GntooobgFhle
fnXoc`ow_YbigWwj`rosp
?]VO>F
Troq@nnuqlo
flRl`afu
hmSo`h`w_GlewaYck
gmYkiao~[Gejnfg~
cgWlghdw_BejneiwcknQopqos~
cgRlikf~U@kwbKqvmuef
iiWkiaa~UOxqdx
bgPei`dw\XdjdCemzfapa
?LjcalSechw
VehjpeWo`mp
PtjytFnspen
AcwivaKkwpp
SpotHmsten
SeghetEuent
FfuObpwFqqns
CftNem6
UppMgm1
[p~Maf7
SvqG`h1
Zv~Nfl9
p\EL\MNT^HBLO
CkioCpkc
NflLjba
DolVkfndg
Odp~Fwqlr
TwdsFbioak`h
PHMfwPatkEqlnJGOlptA
PKDftPve`jboEoog`rLlcbtjln
DbwSqovaweSqlfjofPtqimdB
Emvkfqfte
Gfwpvap
CqfatoDIHSb`tiom
@qebweG@K
FeagJgdmeB
AnsGJAClliqRbaoe
GJAowxSwt
PfwNJAClolqRfdoo
AfwEJDitp
Dije`wA
nxudun5;/oog
VarQwy
SgdAow
Kfbdkw
FjtIo~jw
Hz~fpSfqP`fdOcmf
@qfbwf
ClsrKG@
SkubjcXpbrw
TtopPockfts
Fmcrzs
Vtwimb
GacqypuSrybha
ssDzwc
aqjIobu
wjrIhfhk
u{wIkks
mvfXhh
UOSSd`md
FQThepo`hOji%\jnsdck
JPWjishchKnb)Wjjthdl
qnqVDU
qnqPCS
urrSfoax
OocblRnckp
brs\rer|oq-Pnikft
XeflqcUlgkw
ass\weq}fq-Poihft
pksLldl
uswQesfqpeQeob|
IocalYecku
bup\peqver.Uockfw
TfjoseTidns
bys_s`uver-Pldkew
thpLh`l
aqmKnhbcl
rmyClih`
oswEjoar
hiaPkltfjonw
Sklv#kjibfkfd#elodp
jtdosn
wnq@hech
lhmHmsqvph
NP$Wbns!P`rim
lflWhmar
NS Vfnr Seria
lblInfo
LS Paks Seric
lblId`ofr
MS Sams Sevmf
Roeocr
<999<???;<?;9<99;>?9;9?9><?9;;9<<??99<<?;;;<<<<99<<9;9<;?<<;?99<><9<99;9<<<<<;;9?;;;
\_^SUP!C@C@ASSS`cec`cC`c ##
CC@Jcc
u|{ux|
szp#* #
CFCEC@FFejcf`jSSVEcf
@CJECE
e````e
%`ku{||x||}x|{y
##jcc
`gcjj`g`c
pss##
?8<{y|
<=;;;><;<8?88;<
<><55>55<<5??5?8?<?<??<<<<?8<>58<5<855<88<55<?5<<5<<??<<<<5<5>8<??5???5<<<<
fR~eag
pfqHcgl
wmqEi`vp
w{rVbssqkrd
_jbonb3
{pFd`Mjnb
^bcefj7
nn`KocnnPxftpbg
&-%+*)7704;:9@GEFLHJIPWS\T[ZY`bfedkjaywvut{s|
,,"*)6573:9@GOFLKJIP_V]][RPhgbgdkbap
u}txyz
[ZjX'b
jjdOldnm
&%"-.)7634;:9@GEEDKJIPWVUT[ZZ`geedkjjpwvut{zy
!'+.-607>>9CECAGIILSSSPW_Y]`bcagkijstuvwx
ckdQfnegcfr
&%#()*46648::CAFEBKJNPWUVT[YYfgdbgkijptuwv{zz
&'-,*06789:CD@FFHJOSWVUWXY_fafegmhjvquvtx|
jndColp`
&&'(),2467;9<CDEFGNIJUTSP]^_Zedfcakiovwspwx
%$())?5=299@GFFDKJIP^V\\[YYgdefdkiipwvutxzy
F?8n#"
imdNimjmcpf
%%'-**75613::CDEEDKJNPTVU\SYY`gffgkiipwuut~yy
%#(-)5678::CGEFCKJIPTRUW[YYcgfedkjjywvut{zy
licVtfeg
% !+*,5607;?=CBC@GHI@SW_PQXYZcdefaoiluw
"'+)*567>>=CBCFGKOJRUUWT[X]`ge`fhjjsutwv~yy
H-adw7
RX\D}$\
(tUF7&_
ME|nWI\
h$f'w_
k("I"O'
lzB.RU
c4^i`2
-EAb}w
\-zf8Z
+h:Uo%y
|K'2[<
xuXLNpE
r`s\ca
Mj4P^Ln
drg<asj
+XXHy{
jtuljp>
|\"KN(
jjcYsbej
&%$+*)765=;90HGFFDKJITSVUT[ZY`gbe`ojiwwuqpxyz
& (.)55=8>9@CBF@OJISSRUTXYY`gbadojiswuvt{yy
I/bdu1
V[\G~"_
/tRD0!X
NA{o^HX
k$n%w]
> &Z[a
1H3sd
[]}6M&l
3("/B"K
:<x7P
\%}HQD
@@Jikf*
TEgw /
Ex&gku
|Y:_w7
+q]^E;
B_a:W]9q^U
%%$(**2557;?:@GF@GKILSWSPT[X]`oc`aooipwuvwxzy
%#(*)654?:9@GFEFKJKP^VWT[ZYdgfedoniuwvuvyzy
}[\<iZ>
hIhM";
kwQAnx'
/QR0]Sq
FIEvP^
koVT'wD
+SwEO:
i1Tmc:
<r#G'c
X[YFtg
YTJj`
F!F9|Y
8)41]4H
'0Key&
Xw+S@
6z^|YX
rNj>p\
)%F]()
Efabnn
?tb!j=
ZAg&n`
Fp!`n}
Y:Z|7
+qV]A<
BVe9]]:t^U
(/,(/$
[ZZZYC
[ZZZ]D
iPua@lp
swqMvtf{
lHbndofd
lQdutqn
qVaqjm
lVas`l
SgrgbtFtaneHame
PosuB`~a
Hfabfrt
Camccj
sttNasrerManc
xtqVjhNgkf
strMpg
ptrVpfr
jHcnakw
strOebbcr
stqIhfl
srrIosruveuiihs
doNdbdbq
elDa`hGkodv
clOn`j
ghMnxpypgpmkns
onbMexTmme
alklHfe`Goink
MwgMqm
lTmdWug
BjoKpds
omaPjsq
utqKnpt
uwyTdg
fhnSwlrj`il
QcllrfHopu
QemlwfSiqr
LlhgoVlyw
Gd`bjJQ
pgrQysd
njsOfh
teqpfpwJO
c}qcuWltjm
Mumafq
Gfvcrjwtion
Tosrcn
LeopCji`
H`lpFlmtesw
Gjn`elAjsuibz
bytnpPenp
byt`tU`mbinjel
Sequft
VsftName
Uasstlwd
AnJRedjvwereo
AuyncMogf
QfmlweFjo`
Gl`aoEije
TrdmsfeqMide
FilfNdnf
TeaVQO
@kvmhPiyf
qmp,Pfwp#wkf#soqt#wl#af#`lmme`wfg#wl#ld#wke#qemlwf#`lnsvwfq
qds,Pfwp#wkf#mane*vpfg wl#jncmwjez$thf#qeklwf#elnsvqeq
Xfwvqnp qkf#qfnjpf#klyw&JZ*dggxcsp
@jlpf#`vqtfmw*`omme`wilm
Qfwvqmu/Sfwp#wnf+{lqw vpfd#lm#~he&llibo#elmsvweq
Wewuqms#thf#ptbqf je+wkf#slckew conk``tbln
Q`wvqms qh`#ljfao nafkmdn ndne
Retuqms&qkn*flcbi ma`mlne J[#aggsfss
Tcupqor!uid!kvngax%og#axw`s r```jvfg#jn%whir!flmmfcqjon
Q`uvrnr&ukf rl`jdw%ibnaoc
Qftptnp jr'vfqp'di b{swftpjli%woaw#vsjwet'an~%fxtqj#dawb#meedfd elq#yl~q#pyldqjf
Retuyes/Xnwp#whf+pl`kew#srlwdilo
Bhcesw#bm#je`lfing#cdemn`wjdn#ynrvnx
Aln`p#xe`haw to#psf`cej`*slqq+ang*agbstox
Glmme`w+we#tma xomlwf `lms
Qfwqjeuf#db~b*pfmt#hs wko rfmewf*cogs
Oiywfn glx jjglljjd#`lnmegtjlm qfrqapwp
Hllh%bt jn`kjhjc$`bwb!vjwlltw$qfiouhod!mw$eqon#pla#aqebfv
Pamg$g`ua#wl$sdilsa#`lnqqwav
Lggqrs vifm#b$vfnkpf$ghifjw$ip#etwfnwpmmg ul#`hmmags
Fvqkq#lbgvvqeg
Lc`vvs#aewfr#e$wajg$ksfvbwjlm$kap#`nnpoatf`
N`gtvp#`vvjmc tqlbfwp#le#pfoghnd#gepd
mBgeqTbqblGil`h
vEvnfqjlm
SbqnOlmdr
mNlgEpm`Bggq
mSbxgp
jAju@lvnw
alloDqbz
blloDqbzp`bof
oPq`Ofew
oRq`Pls
LvwspwJmKf}
JpWf|wJmIa{
NUWAVK06(BJO
CPCMR\UIOJ\DcrHGpIfHgkfu
Mcrn@ajjCnfood
FUEHR_SONKUIdplke
\ikboe\GctTysfImel
CPEMR\SOHM4YTejfase
CUCMTYUJMH_GdgRee
Bll@uheriidIbjj
\ikbje_Me~R
vfJheo@ovmw
AVENW_PJMH\Qoofepf
E\ENW\SJMA\Qv`r|Imtfreb`f
_\vbbFxfewwHangofr
Pvj`@bllAmdjmf
FU@MT\YLNH7\Bn`Ree
0r(If8
$DU>I_Z
3{@'sk
Y'~rt5
>3Odiq=
thmfO8
rJvj\Vd
ES"a5s
L"]Z"gG
655E7@<26>473G703D=3405J0B00607>4F230C4E5632602F4@=C575=48<67J6;93<77@ABE@22I:5GB2B33?==E2G@:701KN;4E137HF6A95B>LB2=8E3EA7EOFA<55A74414;E<=242@I57EH;2<4G:9=E5C0O4H7F30;75EFF=:59:51A62B6C3;2I8<4G1=AH3FKE3;C47EBB1=;<;0;E721A6855E6C@3D1IA;67336BA9OI@0F?A873<DFC0>D05G;F@:3739CN6:4H<>3:2?F:233N;9WACNLI@[RZFNCJMGPAGCIIGXRWFGGCNGPBGDIDG[XSAGGINDPGNDIHDRXPADDCNDUBNDIDGXXZADDINGSBDGJKGXXPKDGJKDZADGIMGX]PADDIMBVAGDINGXRPADBJKGPAGDIDMX^PADDIMDPADGHNMX[P@BDJMMVBDDINGRXPADDOOFPADGNDDXXPAGDJMCPAGDIND]XPAGGIMDPGD@ING[[SADDIJGPBBGONGXYSADDINGPANDIMGXXPB@DIMAZAGGJNG[[PBGGOMDSAAGIMAXXVBBGJMDSGDBJMD^[VAGGCHDVGBGJMD^^SBBBIMASBGBOHD[[SANGIMDSBGBJMAXYSAGBJHASBEGJMD^[SGBGJMDSBGBOHA[[SGGGOMDVBGBJND[[SBGBJHDTAGBJMA^^SBBGJNAPBGDIND[XSBGDIMFVAGDMMDXXPGDGIMDPABDONG^XVABDHHDPBDBONGYXSBBBIMDPBDDHND^^VADDMMGVAGOIHGX[PADDHHDPBGDOED[[PGDEBEDPBBDPAIGDAIEjhMWNJXBpLAHHP0IGDAIEjhMWNJXBpLAHHP0IGDAIEjhMWNJXBpLAHHP0IGDAIEjhMWNJXBpLAHHPC'Hc#5g+ZXmw|V_?%iQ$Ra^|&n
XIGDAIEjhMWNJXBpLAHHP0IGDAIEjhMWNJXBpLAHHPcmd.exeIGDAIEjhMWNJXBpLAHHP0IGDAIEjhMWNJXBpLAHHP0IGDAIEjhMWNJXBpLAHHPhttp://server.com/virus.exeIGDAIEjhMWNJXBpLAHHP0IGDAIEjhMWNJXBpLAHHP0IGDAIEjhMWNJXBpLAHHPIGDAIEjhMWNJXBpLAHHP0IGDAIEjhMWNJXBpLAHHPAn Error Has OccuredIGDAIEjhMWNJXBpLAHHPThe application failed to initialize properly.IGDAIEjhMWNJXBpLAHHPNoneIGDAIEjhMWNJXBpLAHHP0IGDAIEjhMWNJXBpLAHHP0IGDAIEjhMWNJXBpLAHHP0IGDAIEjhMWNJXBpLAHHP0IGDAIEjhMWNJXBpLAHHPset UPX=-9 --compress-icons#0IGDAIEjhMWNJXBpLAHHP0IGDAIEjhMWNJXBpLAHHPtxtdelay.TextIGDAIEjhMWNJXBpLAHHP0IGDAIEjhMWNJXBpLAHHP0IGDAIEjhMWNJXBpLAHHP0IGDAIEjhMWNJXBpLAHHP1IGDAIEjhMWNJXBpLAHHPPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDI
0r(If8
'EV?L_]
0|@&ph
Z$}tw3
=7Kajt8
pmneJ;
rJvj_Vd
@Y'a6t
L)^Y"aA
764C4A7258715D633D63736A3A3656754E433E4E6632503E4C6E664649774A5123871FABEC11C06DE2A05977E8DC0101AD02C694BE6A21F4FF698A9AE3EEEF662B460741B87802CC13AC1260D197E2C0E0B3E97132BAB9913062A69A2C088C884C29EB7BAC91D73AFB1718840F385B5811A6CD0B1CE157036AA3ECD4A5A3708DED04D30D8EC90409CD193B694085C0899D03PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDR
28C4C820-401A-101B-A3C9-08002B2F49FB
@*\AC:\Users\Owner\Desktop\Darty Crypter Source\Payload\Project1.vbp
&H59595958
&H5059
KERNEL32
&H5A4D
&H4550
CreateProcessW
NtUnmapViewOfSection
NtAllocateVirtualMemory
&H3000
NtWriteVirtualMemory
NtGetContextThread
NtSetContextThread
NtResumeThread
urlmon
URLDownloadToFileA
RtlMoveMemory
select name from Win32_Process where name='---'
winmgmts:
ExecQuery
Terminate
RtlDecompressBuffer
SizeofResource
NtCurrentTeb
RtlGetCurrentPeb
B8000000005058909090C3
NtDelayExecution
GetModuleFileNameA
kernel32
GetEnvironmentVariableW
Kernel32
FindResourceA
LoadResource
LockResource
FreeResource
FreeLibrary
Ntdll.dll
RtlAdjustPrivilege
advapi32.dll
RegOpenKeyW
SOFTWARE\Microsoft\Security Center
RegSetValueExW
UACDisableNotify
RegCloseKey
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
EnableLUA
IGDAIEjhMWNJXBpLAHHP
\tmpduzhfg89fgdgfgfdzuudgzfgfd.exe
\tmpjhgTFztfZ789tfzTDt.exe
Information
Warnung
C:\WINDOWS\system32\drivers\etc\hosts
127.0.2.5\tsymantec.com\r\n
127.0.2.5\tsecurityresponse.symantec.com\r\n
127.0.2.5\tsarc.com\r\n
127.0.2.5\twww.sarc.com\r\n
127.0.2.5\twww.sophos.com\r\n
127.0.2.5\tsophos.com\r\n
127.0.2.5\twww.mcafee.com\r\n
127.0.2.5\tmcafee.com\r\n
127.0.2.5\tliveupdate.symantecliveupdate.com\r\n
127.0.2.5\twww.viruslist.com\r\n
127.0.2.5\tviruslist.com\r\n
127.0.2.5\tf-secure.com\r\n
127.0.2.5\twww.f-secure.com\r\n
127.0.2.5\tf-prot.com\r\n
127.0.2.5\twww.f-prot.com\r\n
127.0.2.5\tkaspersky.com\r\n
127.0.2.5\tkaspersky-labs.com\r\n
127.0.2.5\twww.avp.com\r\n
127.0.2.5\tavp.com\r\n
127.0.2.5\twww.kaspersky.com\r\n
127.0.2.5\twww.networkassociates.com\r\n
127.0.2.5\tnetworkassociates.com\r\n
127.0.2.5\twww.ca.com\r\n
127.0.2.5\tca.com\r\n
127.0.2.5\tmast.mcafee.com\r\n
127.0.2.5\tmy-etrust.com\r\n
127.0.2.5\twww.my-etrust.com\r\n
127.0.2.5\tdownload.mcafee.com\r\n
127.0.2.5\tdispatch.mcafee.com\r\n
127.0.2.5\tsecure.nai.com\r\n
127.0.2.5\tnai.com\r\n
127.0.2.5\twww.nai.com\r\n
127.0.2.5\tvil.nai.com\r\n
127.0.2.5\tupdate.symantec.com\r\n
127.0.2.5\tupdates.symantec.com\r\n
127.0.2.5\tus.mcafee.com\r\n
127.0.2.5\tliveupdate.symantec.com\r\n
127.0.2.5\tcustomer.symantec.com\r\n
127.0.2.5\trads.mcafee.com\r\n
127.0.2.5\ttrendmicro.com\r\n
127.0.2.5\twww.trendmicro.com\r\n
127.0.2.5\thousecall.trendmicro.com\r\n
127.0.2.5\tpandasoftware.com\r\n
/t REG_SZ /d
127.0.2.5\twww.pandasoftware.com\r\n
127.0.2.5\tfree.grisoft.com\r\n
127.0.2.5\twww.grisoft.com\r\n
127.0.2.5\tgrisoft.com\r\n
127.0.2.5\tclamav.net\r\n
127.0.2.5\twww.clamav.net\r\n
127.0.2.5\tfree-av.com\r\n
127.0.2.5\twww.free-av.com\r\n
127.0.2.5\twww.avast.com\r\n
127.0.2.5\tavast.com\r\n
127.0.2.5\tcert.org\r\n
127.0.2.5\twww.cert.org\r\n
127.0.2.5\twww.microsoft.com\r\n
127.0.2.5\tmicrosoft.com\r\n
127.0.2.5\twww.virustotal.com\r\n
127.0.2.5\tvirustotal.com\r\n
127.0.2.5\tupdate.microsoft.com\r\n
127.0.2.5\twindowsupdate.microsoft.com\r\n
127.0.2.5\tvirusscan.jotti.org\r\n
127.0.2.5\tjotti.org\r\n
Explorer.exe,
127.0.2.5\tnovirusthanks.org\r\n
service.exe
REG ADD
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
shell32
ShellExecuteW
Scripting.FileSystemObject
CopyFile
OpenTextFile
WriteLine
FolderExists
CreateFolder
FileExists
VS_VERSION_INFO
StringFileInfo
040904b0
CompanyName
ICQ, LLC.
FileDescription
FileVersion
7.5.0.5255
InternalName
LegalCopyright
Copyright (c) 1998-2010 ICQ, LLC.
LegalTrademarks
OriginalFilename
ICQ.exe
ProductName
ProductVersion
7.5.0.5255
DistId
VarFileInfo
Translation
LMVTBL
TRBNSCEQ
08261253
01:1;1
Amojkbp
xwbqea#w
vtdrRyrw
etwdrkAgapter
yya#Aox
Mjmi#T
kbsxjp
o#hopp.
AWMVTFX
dqibnt#of
annofaie
DRABAED
SETTINGS
No antivirus signatures available.
IRMA Signature
Trend Micro SProtect (Linux) Clean
Avast Core Security (Linux) Win32:AutoIt-BYV [Trj]
C4S ClamAV (Linux) Win.Worm.Guap-4
Trellix (Linux) GenericRXGM-QG
Sophos Anti-Virus (Linux) Mal/VB-AQR
Bitdefender Antivirus (Linux) Gen:Heur.Spesr.VB.1
G Data Antivirus (Windows) Virus: Gen:Heur.Spesr.VB.1 (Engine A), Win32.Trojan.PSE1.16GOFSS (Engine B)
WithSecure (Linux) Worm.WORM/Autorun.zmioi
ESET Security (Windows) Win32/AutoRun.PSW.VB.H worm
DrWeb Antivirus (Linux) Trojan.Siggen10.35546
ClamAV (Linux) Win.Worm.Guap-4
eScan Antivirus (Linux) Gen:Heur.Spesr.VB.1(DB)
Kaspersky Standard (Windows) Trojan.Win32.Fsysna.gevi
Emsisoft Commandline Scanner (Windows) Gen:Heur.Spesr.VB.1 (B)
Cuckoo

We're processing your submission... This could take a few seconds.