Bcc86c024f6bd004772c4bef39249e2c
Jump to navigation
Jump to search
Description
Summary
INCOMPLETE SECTION OR ARTICLE
This section/article is being written and is therefore not complete.
Thank you for your comprehension.
Thank you for your comprehension.
Identification
| MD5 | bcc86c024f6bd004772c4bef39249e2c |
|---|---|
| SHA1 | 815c92f5061d6c3a7c094003975acdd68f714084 |
| SHA256 | caaaf550aa0e5a6cc81af048b5a7155e2aa5a52fc14c0a29867ecf4a36f7eeec |
| ssdeep | 3072:p8DTumuhez9/Xwwb50UUgaonCgV8c3Jc6gMxU+d9axMoPu:pFm7z9vwwb5RUga/s+6HeysO |
| File size | 100.6 KB ( 103030 bytes ) |
| File type | Win32 EXE |
| Magic literal | PE32 executable for MS Windows (GUI) Intel 80386 32-bit |
| TrID |
|
Detection
Antivirus detection
| Antivirus | Result | Update |
|---|---|---|
| Ad-Aware | Trojan.Generic.7224364 | 20140415 |
| AegisLab | 20140415 | |
| Agnitum | Worm.Ngrbot!nBqqjl///rY | 20140414 |
| AhnLab-V3 | Trojan/Win32.Agent | 20140414 |
| AntiVir | TR/Graftor.617589 | 20140415 |
| Antiy-AVL | Worm/Win32.Ngrbot | 20140415 |
| Avast | Win32:Flooder-HQ [Trj] | 20140415 |
| AVG | Dropper.Generic5.EHG | 20140415 |
| Baidu-International | Worm.Win32.Ngrbot.aON | 20140414 |
| BitDefender | Trojan.Generic.7224364 | 20140415 |
| Bkav | 20140415 | |
| ByteHero | 20140415 | |
| CAT-QuickHeal | Backdoor.Bifrose.AE6 | 20140415 |
| ClamAV | Win.Trojan.Ngrbot-13 | 20140415 |
| CMC | Worm.Win32.Ngrbot!O | 20140411 |
| Commtouch | W32/Dorkbot.G.gen!Eldorado | 20140415 |
| Comodo | Worm.Win32.Agent.BSM | 20140415 |
| DrWeb | BackDoor.Bifrost.40 | 20140415 |
| Emsisoft | Worm.Win32.Ngrbot (A) | 20140415 |
| ESET-NOD32 | a variant of Win32/Injector.URT | 20140415 |
| F-Prot | W32/Dorkbot.G.gen!Eldorado | 20140415 |
| F-Secure | Trojan.Generic.7224364 | 20140414 |
| Fortinet | W32/Dorkbot.AS!tr | 20140413 |
| GData | Trojan.Generic.7224364 | 20140415 |
| Ikarus | Backdoor.Win32.Bifrose | 20140415 |
| Jiangmin | Backdoor/Ruskill.ce | 20140415 |
| K7AntiVirus | Riskware ( b8133cd50 ) | 20140414 |
| K7GW | EmailWorm ( 002d22d51 ) | 20140414 |
| Kaspersky | Worm.Win32.Ngrbot.bzm | 20140415 |
| Kingsoft | Worm.Ngrbot.(kcloud) | 20140415 |
| Malwarebytes | 20140415 | |
| McAfee | Generic BackDoor.aew | 20140415 |
| McAfee-GW-Edition | Generic BackDoor.aew | 20140415 |
| Microsoft | Trojan:Win32/Injector.AB | 20140415 |
| MicroWorld-eScan | Trojan.Generic.7224364 | 20140415 |
| NANO-Antivirus | Trojan.Win32.Bublik.cjgnqh | 20140415 |
| Norman | Bifrose.CJGL | 20140415 |
| nProtect | Trojan.Generic.7224364 | 20140414 |
| Panda | Bck/Bifrost.gen | 20140414 |
| Qihoo-360 | HEUR/Malware.QVM02.Gen | 20140415 |
| Rising | PE:Backdoor.Win32.Fednu.qw!1075350914 | 20140414 |
| Sophos | Troj/Kazy-S | 20140415 |
| SUPERAntiSpyware | Trojan.Agent/Gen-Ruskill | 20140415 |
| Symantec | Backdoor.Trojan | 20140415 |
| TheHacker | W32/Ngrbot.bzm | 20140413 |
| TotalDefense | 20140415 | |
| TrendMicro | TSPY_NGRBOT_CA08296D.TOMC | 20140415 |
| TrendMicro-HouseCall | TSPY_NGRBOT_CA08296D.TOMC | 20140415 |
| VBA32 | Worm.Ngrbot | 20140414 |
| VIPRE | Trojan.Win32.Injector.ab (v) | 20140415 |
| ViRobot | Worm.Win32.A.Ngrbot.93696 | 20140415 |
Snort detection
INCOMPLETE SECTION OR ARTICLE
This section/article is being written and is therefore not complete.
Thank you for your comprehension.
Thank you for your comprehension.
Links
- Virustotal: https://www.virustotal.com/en/file/caaaf550aa0e5a6cc81af048b5a7155e2aa5a52fc14c0a29867ecf4a36f7eeec/analysis/1397545927/
- Malwr: https://malwr.com/analysis/MDc3ZDg1YTQ4MGY0NDg5NzhmY2ZiYTc1YWRmMzRlMzQ/
- Download: https://www.dropbox.com/s/3dh22x2pgczufsb/bcc86c024f6bd004772c4bef39249e2c.zip (pass: infected)
Artifacts
Persistence
The malware achieves persistence by creating following registry keys:
| Key | Name | Type | Value |
|---|---|---|---|
| HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{9D71D88C-C598-4935-C5D1-43AA4DB90836} | stubpath | REG_EXPAND_SZ | C:\WINDOWS\system32\Bifrost\server.exe s |
| HKCU\Software\Microsoft\Windows\CurrentVersion\Run | ctfmon | REG_SZ | C:\WINDOWS\TEMP\services.exe |
| HKCU\Software\Microsoft\Windows\CurrentVersion\Run | msmmsgr | REG_SZ | C:\WINDOWS\TEMP\x\services.exe |
Files activity
Following files are created:
| File | Size | Type | Hash |
|---|---|---|---|
| C:\Documents and Settings\malware\Application Data\addons.dat | 25 KB (24821 bytes) | data (encrypted) |
|
| C:\WINDOWS\system32\Bifrost\logg.dat | 2.4 KB (2411 bytes) | Non-ISO extended-ASCII text, with NEL line terminators |
|
| C:\WINDOWS\system32\Bifrost\server.exe | 101KB (103030 bytes) | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows |
|
| C:\WINDOWS\Temp\services.exe | 101 KB (103030 bytes) | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows |
|
The malware copies itself to 2 locations:
- C:\WINDOWS\system32\Bifrost\server.exe
- C:\WINDOWS\Temp\services.exe
Registry database
Created entries
| Key | Name | Type | Value |
|---|---|---|---|
| HKLM\SOFTWARE\Bifrost | nck | REG_BINARY | ed 1b e6 27 b9 28 d6 32 74 c3 cd 74 fa 93 5b 67 |
| HKCU\Software\Bifrost | klg | REG_BINARY | 01 |
| HKCU\Software\Bifrost | plg1 | REG_BINARY | ea 44 dc 02 a3 27 d7 5f 11 ad b9 07 da f2 35 03 2a 35 8e 58 1b 0e 11 94 d4 f9 10 0d 18 48 b7 af da 5d 59 bf cd e5 bc b0 21 a8 58 eb 14 e8 13 8a ad 69 39 70 95 91 53 5e 9c 3c 53 77 15 3a c2 06 5b 13 df f5 40 38 26 56 14 e7 0f 84 ab b3 1d f6 b0 c6 b0 1e 68 5b 70 93 28 05 0a c5 2d 69 e5 88 99 b6 9d 02 12 80 47 d5 fd e3 11 cf 82 2a 3f eb dc db fe 5c fc a9 e2 24 96 58 84 2f 39 9b 65 8f 07 dd 00 93 9f 17 44 40 e1 28 66 c5 5f 99 d8 45 16 96 7b c9 61 11 f8 90 18 95 d1 97 26 05 44 ba e3 e1 73 99 ed c0 24 97 e5 6a b7 c4 f3 fd 87 5e a7 4e e8 38 35 4c 6d a6 66 fc 51 8e 31 64 b2 44 71 3d 2b d0 e8 b3 0f 9c d0 a8 c5 ef 3f d2 cb a2 57 73 4c d8 1a 15 1a fc 0c 29 05 4e 74 a2 f7 21 12 c6 a2 54 cf db 59 8a c3 ce ef 8f 8f 35 ba a5 0f 93 8d b2 29 5f f3 4d 04 fb 9b 74 85 41 36 3a d8 5a 8f 41 |
Deleted entries
| Key | Name | Type | Value |
|---|---|---|---|
| HKLM\SYSTEM\ControlSet001\Services\kmixer\Enum | 0 | REG_SZ | SW\{b7eafdc0-a680-11d0-96d8-00aa0051e51d}\{9B365890-165F-11D0-A195-0020AFD156E4} |
| HKLM\SYSTEM\CurrentControlSet\Services\kmixer\Enum | 0 | REG_SZ | SW\{b7eafdc0-a680-11d0-96d8-00aa0051e51d}\{9B365890-165F-11D0-A195-0020AFD156E4} |
Modified entries
| Key | Name | Type | Prev. value | New value |
|---|---|---|---|---|
| HKLM\SYSTEM\ControlSet001\Services\kmixer\Enum | Count | REG_DWORD | 0x00000001 | 0x00000000 |
| HKLM\SYSTEM\ControlSet001\Services\kmixer\Enum | NextInstance | REG_DWORD | 0x00000001 | 0x00000000 |
| HKLM\SYSTEM\CurrentControlSet\Services\kmixer\Enum | Count | REG_DWORD | 0x00000001 | 0x00000000 |
| HKLM\SYSTEM\CurrentControlSet\Services\kmixer\Enum | NextInstance | REG_DWORD | 0x00000001 | 0x00000000 |
Mutexes
The malware creates following mutex: qqq
Network indicators
Contacted domains
- semaa.no-ip.biz
Encrypted payloads
Encrypted payloads are regularly sent to semaa.no-ip.biz on port 81/tcp:
00000000 b2 00 fa 00 e2 2d d6 67 cc 44 a2 c8 8c bf b2 4b .....-.g .D.....K
00000010 d5 e4 9c 8a f2 91 97 52 77 61 41 ac 34 65 3f 3e .......R waA.4e?>
00000020 16 2c 84 1e fc c1 c8 df 7c f9 c4 f3 1f b3 e2 67 .,...... |......g
00000030 82 cd 52 17 5a 16 73 81 67 ee ac a9 fd 8c 2f 6a ..R.Z.s. g...../j
00000040 1c e5 71 39 23 64 6f 6c df db a6 19 67 e6 db b8 ..q9#dol ....g...
00000050 51 d3 05 0e 0c 02 ce 9a 3a f2 4e 67 5f 9b f7 71 Q....... :.Ng_..q
00000060 21 ae 70 cc 31 8f 74 8b ef ab f9 7b 8f 5c 5b 14 !.p.1.t. ...{.\[.
00000070 3b 94 a0 9c ab 14 17 2f 47 74 6b 45 81 25 10 6f ;....../ GtkE.%.o
00000080 90 b1 0e e7 53 31 ef bd e5 72 c5 53 eb b3 5f 38 ....S1.. .r.S.._8
00000090 07 7c 6b 53 0d 7a 2f a8 6b e6 4c e0 f5 8a b8 a8 .|kS.z/. k.L.....
000000A0 bd d0 a3 ce 0d 12 e7 4d 7f 4d b9 35 6e 10 fd 5e .......M .M.5n..^
000000B0 37 b0 ea ec e7 4e 7....N
Static analysis
Sections
Name VirtAddr VirtSize RawSize Entropy ------------------------------------------------------------ .text 0x1000 0x773c 0x7800 6.387610 .data 0x9000 0x11b0 0x1200 7.547794 .rdata 0xb000 0xf20 0x1000 5.051954 .bss 0xc000 0x57e4 0x0 0.000000 .idata 0x12000 0x810 0xa00 4.399176 .rsrc 0x13000 0x8750 0x8800 7.917358
Resources
Name RVA Size Lang Sublang Type -------------------------------------------------------------------------------- RT_ICON 0x13100 0x777d LANG_NEUTRAL SUBLANG_NEUTRAL data RT_ICON 0x1a880 0xf LANG_NEUTRAL SUBLANG_NEUTRAL data RT_ICON 0x1a890 0xea8 LANG_NEUTRAL SUBLANG_NEUTRAL data RT_GROUP_ICON 0x1b738 0x14 LANG_NEUTRAL SUBLANG_NEUTRAL MS Windows icon resource - 1 icon
IAT
Strings
1+P@
XX+Z
X8+Z
X[^_
;MZt
0[^_
Y[^_
5adoy
\[^_
\[^_
<[^_
,[^_
,[^_
TEMP
TEMPf
TEMP
TEMPf
%4"A
%("A
%8"A
% "A
%$"A
,[^_
t6~
,[^_
,[^_
,[^_
<[^_
<[^_
,[^_
,[^_
}$;] t-
,[^_
,[^_
,[^_
$|c@
@DCUNG
t'Bt<
t3Bt6
$ t@
< tT< tP
Y[^]
8Pu#
<[^_
%d"A
%p"A
%x"A
%t"A
%T"A
%P"A
%@"A
%<"A
%L"A
%H"A
%0"A
%,"A
%X"A
%D"A
%?/?!
"o;h(Y
T*_}x:
j Bz
u\B&
y7bT
Ab61
T<*2
a.z9
DGt2
&5 M{
yM;-
jMG\^
C?9z
bcKU
!+g\
"%-U^7
PaH?
dv&4
wj-K
.n\
g&H`
~8lI
d^AE
;]>r
^(O=
W1O g_?
*,]I
Fv\;
Eub'z
\j#M
SRqDIK
_maz
mn`I:T`H
{OJW
z(~c
5_
=;&o
~?Pa w
WFgO
(>nH&p
gTzu
|k .T
B=!&|
!\1c
libgcj_s.dll
_Jv_RegisterClasses
Mars
UIIaaa12areplcervariablsse
5UIreplcervariablsse
OOIefwreplcervariablsse
IOO6replcervariablsse
IOreplcervariablsse
OO4s4replcervariablsse
Oreplcervariablsse
Ys3s3replcervariablsse
Y3replcervariablsse
Ys2s2replcervariablsse
Y4replcervariablsse
Yaaa12areplcervariablsse
Y5replcervariablsse
Yefwreplcervariablsse
Y6replcervariablsse
UYreplcervariablsse
Ureplcervariablsse
Js4s4replcervariablsse
Jreplcervariablsse
FRs3s3replcervariablsse
SDF3replcervariablsse
FSFs2s2replcervariablsse
SDFS4replcervariablsse
FDSaaa12areplcervariablsse
SDF5replcervariablsse
DFefwreplcervariablsse
6SFDreplcervariablsse
sqsreplcervariablsse
qsreplcervariablsse
qs4s4replcervariablsse
sqw3s3replcervariablsse
qw3replcervariablsse
wqs2s2replcervariablsse
qw4replcervariablsse
wqaaa12areplcervariablsse
qw5replcervariablsse
ewqfwreplcervariablsse
qw6replcervariablsse
wqreplcervariablsse
qwreplcervariablsse
des4s4replcervariablsse
aq1replcervariablsse
1bs3s3replcervariablsse
1a3replcervariablsse
1bs2s2replcervariablsse
1a4replcervariablsse
1baaa12areplcervariablsse
1a1b5replcervariablsse
1befwreplcervariablsse
1a6replcervariablsse
1breplcervariablsse
1areplcervariablsse
s4s4replcervariablsse
replcervariablsse
s3s3replcervariablsse
3replcervariablsse
s2s2replcervariablsse
4replcervariablsse
aaa12areplcervariablsse
5replcervariablsse
efwreplcervariablsse
6replcervariablsse
DEPACKEND
ERROR
%.2x
ee250412268cbd418c02a0fce843a69c
failed compatibility
Expected: %s
Got: %s
windir
services.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
msmmsgr
cmd /c REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v msmmsgr /t REG_SZ /d
ctfmon
cmd /c REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v ctfmon /t REG_SZ /d
CreateProcessA
KERNEL32
NtUnmapViewOfSection
NtSetContextThread
VirtualAllocEx
NTDLL
GetThreadContext
NtWriteVirtualMemory
ResumeThread
tModuleHandleA
VirtualProtect
GetModuleFileNameA
CreateFileA
GlobalAlloc
GlobalFree
ReadFile
GetFileSize
CloseHandle
IsDebuggerPresent
FiLe encrypted successfully !
File access error :(
Invalid PE file !
Not enough memory :(
Files with a filesize of 0 aren't allowed !
There's no room for a new section :(
Too many sections !
Too much ImageImportDescriptors !
KeRnEl32.dLl
LoadLibraryA
GetProcAddress
sdS@
std::exception
std::bad_exception
__gnu_cxx::__concurrence_lock_error
__gnu_cxx::__concurrence_unlock_error
pure virtual method called
std::bad_alloc
../../runtime/pseudo-reloc.c
VirtualQuery (addr, &b, sizeof(b))
../../../../gcc-4.4.1/libgcc/../gcc/config/i386/cygming-shared-data.c
0 && "Couldn't retrieve name of GCClib shared data atom"
ret->size == sizeof(__cygming_shared) && "GCClib shared data size mismatch"
0 && "Couldn't add GCClib shared data atom"
-GCCLIBCYGMING-EH-TDM1-SJLJ-GTHR-MINGW32
N10__cxxabiv115__forced_unwindE
N10__cxxabiv117__class_type_infoE
N10__cxxabiv119__foreign_exceptionE
N10__cxxabiv120__si_class_type_infoE
N9__gnu_cxx24__concurrence_lock_errorE
N9__gnu_cxx26__concurrence_unlock_errorE
St13bad_exception
St9bad_alloc
St9exception
St9type_info
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
AddAtomA
CloseHandle
CopyFileA
CreateMutexA
CreateProcessA
CreateSemaphoreA
ExitProcess
FindAtomA
FindResourceA
GetAtomNameA
GetCommandLineA
GetCurrentThreadId
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetTickCount
GlobalAlloc
GlobalFree
InterlockedDecrement
InterlockedIncrement
LoadResource
LockResource
OpenMutexA
ReleaseSemaphore
SetLastError
SetUnhandledExceptionFilter
SizeofResource
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
VirtualProtect
VirtualQuery
WaitForSingleObject
_write
__getmainargs
__p__environ
__p__fmode
__set_app_type
_assert
_cexit
_iob
_onexit
_setmode
abort
atexit
free
getenv
malloc
memcpy
memmove
printf
puts
remove
signal
sprintf
strcat
strcmp
strcpy
strncpy
GetActiveWindow
MessageBoxA
ADVAPI32.DLL
KERNEL32.dll
msvcrt.dll
msvcrt.dll
USER32.dll
@}3y
RWaf
4o i
HFw,
}SX"0K
wp+x
>|Fui
1cB1t"0
}c=g
Ap~rO
[S^HN
o-SMs
|SNj
z%t
HQzpH
.sCTA
|.?iI
.*aac
/5"Gz
V[d_4W
N7'=
xsx9
r$hY6
XcR+N
?q#3
Kf77
v,iF]
m>a1
kSi
"N,u
l%Vc
RyT'
rr~8
puj.%
Z6.)
n)J3*
!OUcK
mU9<i
6nuH
y_z\k:<q
x>\jn
[=HmJ
`~{C
l-RD
5Wzd
tN]Ev
mm|o
mn9IN
_T( a"n
>Z]
_Oi /
|n+;
b;$3
'dNBZ
I-):
K^|\
L_*@<
5}Rz
qntY
CH:^
aiIGH
sTs~
/X=~T
,bkI
g "(
EyMD
{DfL
L{Jo
aRgL3
$v+\
Lh_Pu
.FV`
` J
Rl#0
2j|$,
[`7Ra
`:0N
R(l2%
Tn"O
~+##
@a2f
n2AB
,Y S
o0{z
klfPSp
Yb/!
<~q:
%sn[
\'ci
&n}ot
jbHd
N`'-
p.U\
t}Y*
zhsi
&IsM
w7&5X
f]v4,I
0b?p
'6V}
2wm}
P/C|
Ag7W
< p_
7mVQ#
1+\?
S!_>L
}#:S
h&s<
@?W]x)
1C^N
gOx}
y6]Qs
Lzb_
- h3
IL.x
@C0H
r7cS
Uy?q
9x{s
}jis
RW aW
R13'\
H)o[:f
k5wa
,3|+L
iAx8A
jWV#
G>HY
,hgN}
Aw7%
6EKp
6~CW
0^rk
2{9
!]RW
S4^]
,Xc9
F`p?
Ol.n
O4=u
BB}'V
"?IE
"M@V~
Y!Y7
aEh'U
g)C;
}u9U
`W'F
_<Y%
cdHKF
$Oh4
-rF2
%9I-
7GdP
_Ym`L.0^
U$T.
iP{%
.#8$Gs
3tCQZ)Yi
8Fv%
9b8~
cJLk
Ovs`
mXe#*
>p[:F
`CKV#
8eM(<
b5rhe
%@|+AC$=
[':%l
BOU^O
|R_ Z
0P:/p
CWwN
F?\B
/mJ1F
c:f`w+
,z41:
YV3-
ceIzP
o\lCv
6%t[
HKE~~
*G`I
ybrMwy
3u&?
Up\9N
eZ?
d%]>
us4h)
,Nd+
qP%?
zly~
wV)3
Z<[5_
@-bN
*m_EwY
}J_d
]c;vz
1A_'_A[
wd_[
/Z>G
`lEEd&
1_.xV
gZmz
\C)1o
LME8n4?
|ta;XJi
`~+s
r8ai
H%M|
9L]8
XF[H
1#GJ{
8d#6<
iM&|
*U/|v>
xmMY
zd=F,
?'no
%eb)
@DDa
&91#[
@|IB
|8nO
]wb&
'w5{
+iS=P
0N8~X
:K[E
%8YR
FM2Xizp\e
_()f
zd9t
#^x#X
={5i
D0z,
8wd\`
[)M}Dfar
'7d(
N5dh
=\V5
U|ZR
cey~
)Ej@
Fq1f
'O81
,2ol
]:i|
=T"41
If@s
{Mxe
',K2K
AnMZK/4
6Gc>
$Z!(
(ZQC#
cg<&+u
ky~.
[7h?rV
%edjws
L)Oh
EGOoW
LaPL
@T-;
4,>2
su*_
$K^b
1P_=@
ZkA?
2*cm
.~AkW
z.%v
u6O@
~wlE&
v@`G
jRq`
.\Y6
Z0ca.ua)
{Jd/
iV/Y
"owvS
<>@B}0A
W,fx
<{Q
H&?#`
&`[M
|zP(d
QT R{
.9%}
QdeR
R?uV
}P@`
w8L#
]Ld4
hxm<
+~Mr
[{89
z8-[F
Cd%y
0V|Zd
DoC'
35Ld^
/ 99>8yzz
Yd@-D
hn$Y
z3Y;
e2|Pzn
{>^}
~0 kM
F{9O
j^J
+&M4X
Yi!(a1
y/^}!
B`s=
LlSa
cv~
2TWOIy
qA ?5
zfcp
7YEo
J:!8
}gY.
s_M>
8$8B
!9%9
J]-o
97P @c4-
Nc(L3
:Ar,n
ZLTM
7]-
qh<hj
?0(C6
^Y[r
E,j)
;PdZJ
rlad
#,7@
*ZCTc
j^P-o@B,^
w^af
0&|A
^U-.
(azSxv
c*+h
Lc A
~[`~T
g+kq}
:lKj
jr<a
L<*]%
W77A
C#[/>iiD>8!#7
SSSSSSSS
WU'%]469=EFHJNl0#A
!d"(.469=EFHJMTr
$(.469=EFHJ
$(.469=EFM
$(.469=ET
P!AW
$(.469F
$(.46J
fm,&
%53,&
/953,&
]:953,&
XYYYYO#
i=:953,&H
d*g
Ysssssss
i=;:953,M
qqqqqqq)A
m:::::::R
svvvvvvvgA
]:::::::M
B$1_`ajbgA
^::::::;M
K[d[
$(.469+A
)::::EMT
$(.46%A
`=JS
$(]#
R:953,&
=:953,&
TFB=:953,&
RHEB=:953,&
HEB=:953,&"\f
xgsTMJ
HEB=:953-\2
nNMJ
HEB=:`^[@
8nDDbih/[g
x!!ff
?[8?GOQY
0c%%\\))8?GlQV
lc%%\\))dd++ee//>nl
ed))dd++ee///^^^O
{{]^///^^^^Q
SMJJ
}zwmmhvLHFFHJMZ
YYYY
}}}yyyti=BF
JMRS
}}}yyytt
JMRS
}}}yyyttp
JMRT
}}}yyyttpD
OMRT
}}}yyyttppGW
luunniiDu
Comments
Keywords: NGRBot qqq Bifrost bcc86c024f6bd004772c4bef39249e2c