_ .. .. u dF dF 88Nu. u. uL .. x. . u. u. '88bu. .u . .u . u. x. . u. u. '88bu. '88888.o888c .@88b @88R .@88k z88u x@88k u@88c. '*88888bu .u .d88B :@8c uL .d88B :@8c ...ue888b .@88k z88u x@88k u@88c. '*88888bu ^8888 8888 '"Y888k/"*P ~"8888 ^8888 ^"8888""8888" ^"*8888N ud8888. ="8888f8888r .ue888Nc.. ="8888f8888r 888R Y888r ~"8888 ^8888 ^"8888""8888" ^"*8888N 8888 8888 Y888L 8888 888R 8888 888R beWE "888L :888'8888. 4888>'88" d88E`"888E` 4888>'88" 888R I888> 8888 888R 8888 888R beWE "888L 8888 8888 8888 8888 888R 8888 888R 888E 888E d888 '88%" 4888> ' 888E 888E 4888> ' 888R I888> 8888 888R 8888 888R 888E 888E 8888 8888 `888N 8888 888R 8888 888R 888E 888E 8888.+" 4888> 888E 888E 4888> 888R I888> 8888 888R 8888 888R 888E 888E .8888b.888P .u./"888& 8888 ,888B . 8888 888R 888E 888F 8888L .d888L .+ 888E 888E .d888L .+ u8888cJ888 8888 ,888B . 8888 888R 888E 888F ^Y8888*"" d888" Y888*" "8888Y 8888" "*88*" 8888" .888N..888 '8888c. .+ ^"8888*" 888& .888E ^"8888*" "*888*P" "8888Y 8888" "*88*" 8888" .888N..888 `Y" ` "Y Y" `Y" 'YP "" 'Y" `"888*"" "88888% "Y" *888" 888& "Y" 'Y" `Y" 'YP "" 'Y" `"888*"" "" "YP' `" "888E "" .dWi `88E 4888~ J8% ^"===*"`
archive | code | zines | papers | threat collection | apt collection | samples | supporters | contact
 ______   ______     ______   ______     ______     ______    
/\  == \ /\  __ \   /\  == \ /\  ___\   /\  == \   /\  ___\   
\ \  _-/ \ \  __ \  \ \  _-/ \ \  __\   \ \  __<   \ \___  \  
 \ \_\    \ \_\ \_\  \ \_\    \ \_____\  \ \_\ \_\  \/\_____\ 
  \/_/     \/_/\/_/   \/_/     \/_____/   \/_/ /_/   \/_____/ 
                                                              
Windows VX
EVASION
ANTI-VIRUS ARTIFACTS III Author(s): Devisha Rochlani ANTI-VIRUS ARTIFACTS III
The Ultimate Anti-Reversing Reference Author(s): Peter Ferrie The Ultimate Anti-Reversing Reference
Fake Entry Point Trick Author(s): Rafael S Marques Fake EP trick Трюк с фейковым EP Fake EP Falso EP
Masking Malicious Memory Artifacts series Author(s): Forrest Orr Part I: Phantom DLL Hollowing (Mirror) Part II: Insights from Moneta Part III: Bypassing Defensive Scanners
Bypassing User-Mode Hooks and Direct Invocation of System Calls for Red Teams Author(s): ModExpBlog/MDSEC Bypassing User-Mode Hooks and Direct Invocation of System Calls for Red Teams
Hiding your .NET - COMPlus_ETWEnabled Author(s): XPN Original link: Hiding your .NET - COMPlus_ETWEnabled (Mirror)
Hiding your .NET - ETW Author(s): XPN Original link: Hiding your .NET - ETW (Mirror)
Heresy's Gate: Ring 0 to Ring 3 via Worker Factories Author(s): zerosum0x0 Original link: Heresy's Gate: Ring 0 to Ring 3 via Worker Factories (Mirror)
Defeating Userland Hooks ft. BitDefender Author(s): 0x00dtm Defeating Userland Hooks ft. BitDefender
Protecting Your Malware with blockdlls and ACG Author(s): XPN Protecting Your Malware with blockdlls and ACG (Mirror)
Hell's Gate: invoking syscalls from in-memory modules Author(s): Paul Laîné and smelly__vx Hell's Gate + Source
INFECTION
Detailed Guide To Pe Infection Author(s): KOrUPt Paper in English Детальный гайд по заражению PE Detailed Guide to PE Infection (AR) Guide detaille de linfection de PE A Jouter Une Nouvelle Section Dans Un PE
Another detailed guide to PE infection Author(s): Athena Another detailed guide to PE infection Another Detailed Guide to PE Infection (AR) Another detailed guide to PE infection (GR) Еще один детальный гайд по заражению PE
Add a new PE section & Code inside of it Author(s): Athena Add a new PE section & Code inside of it Добавление новой секции с кодом в PE файл Codigo En Secciones PE
KERNEL MODE
Hiding loaded driver with DKOM Author(s): ZwClose7 Hiding loaded driver with DKOM Сокрытие загружаемого драйвера, используя технику DKOM Hiding Loaded Drivers with DKOM (AR) Ofuscando driver carregado com DKOM Αποκρύπτοντας φορτωμένους οδηγούς πυρήνα με τη χρήση DKOM Ocultando Driver Cargado Con DKOM Cacher des Drivers Charges avec DKOM
Hide process with DKOM without hardcoded offsets Author(s): ZwClose7 Hide process with DKOM without hardcoded offsets Сокрытие процесса, используя технику DKOM, без хардкодинга смещений Cacher Des Processus Avec DKOM sans Offsets Hardcode Ocultar Procesos Con DKOM Sin Offset Hardcodeado
INJECTION
Win32 Callback Injection Author(s): Dreamer && Clover EnumChildWindows EnumDateFormatsA EnumDesktopW EnumDesktopWindows EnumSystemCodePagesA EnumSystemCodePagesW EnumSystemGeoID EnumSystemLanguageGroupsA EnumSystemLocalesA EnumThreadWindows EnumUILanguagesA EnumWindow
The state of advanced code injections Author(s): Adalogics.com The state of advanced code injections
Process Injection Techniques - Gotta Catch Them All Author(s): Amit Klein, VP Security Research | Itzik Kotler, CTO and co-founder Process Injection Techniques - Gotta Catch Them All
PE Injection Author(s): ired.team || Spot the Planet PE Injection: Executing PEs inside Remote Processes ___________________________________________ Author(s): Emeric Nasi PE Injection Explained: Advanced memory code injection technique ___________________________________________ Author(s): urstrewly PE Injection demonstration PE Injection demonstration //full download ___________________________________________ Author(s): Stefan Stokic PE Injection demonstration PE Injection demonstration //full download
Ghostwriting Weaponize GhostWriting Injection by Petit Sio Ghostwriting Technique POC by c0de90e7
CTRL + INJECT Author(s): Rotem Kerner CTRL + INJECT Paper
Ctrl Inject POC by TheEvilBit (Mirror)
Ctrl Inject POC by SafeBreach Labs (Mirror)
Code Injection using Taskbar Author(s): x0r19x91 (C Code) (ASM code) Code Injection using Taskbar
Weaponizing Mapping Injection w/ Instru Callback for proc inject Author(s): Splinter Code Original paper: Weaponizing Mapping Injection w/ Instru Callback for proc inject (Mirror)
An Alternative Method To Enumerate Processes Author(s):smelly__vx An Alternative Method To Enumerate Processes
GetEnvironmentVariable alternative to WriteProcessMemory in proc inject Author(s): J. M. Fernández GetEnvironmentVariable alternative to WriteProcessMemory in proc inject إستخدام GetEnvironmentVariableكبديل ل WriteProcessMemoryفي حقن عمليات الحوسبة
NINA: x64 Process Injection Author(s): 0x1337dtm NINA: x64 Process Injection
ACADEMIA / OTHER
Windows Network Services Internals Author(s): Jean-Baptiste Marchand Windows network services internals
Growth and Commoditization of Remote Access Trojans Author(s): Veronica Valeros and Sebastian Garcia Growth and Commoditization of Remote Access Trojans
PERSISTENCE
A Fresh Outlook on Mail Based Persistence Author(s): MDSEC/Dominic Chell A Fresh Outlook on Mail Based Persistence
Abusing Windows Telemetry for Persistence Author(s): Christopher Paschen (Mirror) Использование телеметрии Windows, для закрепления в системе
Covert Data Persistence with Windows Registry Key Author(s): Jackson T.
Covert Data Persistence with Windows Registry Key
Common Language Runtime Hook for Persistence Author(s): Paul Laîné
Common Language Runtime Hook for Persistence
Masquerading HKCU run keys Author(s): smelly__vx & Ethereal Masquerading HKCU run keys (Code) Маскировка малвари в ключе реестра HKCURUN (RU)
Commandeering Context Menu Entries Author(s): smelly__vx & Ethereal Commandeering Context Menu Entries (Code)
Cryogenically Frozen Malware Author(s): smelly__vx & Ethereal Cryogenically Frozen Malware (Code)
Kusarigama: Demonstrating non-modular chained attacks for malware persistence Author(s): smelly__vx & Ethereal Kusarigama: Demonstrating non-modular chained attacks for malware persistence Main.cpp Main header (Peb.h) Dropped dll
SYSTEM COMPONENTS AND ABUSE
Stealthy Process Communication Between Threads on Windows 10 Author(s): Lloyd Davies Stealthy Process Communication Between Threads on Windows 10
Detecting Manual Syscalls from User Mode Author(s): winternl (original)Detecting Manual Syscalls from User Mode
(mirror)Detecting Manual Syscalls from User Mode
The worst of the two worlds: Excel meets Outlook Author(s): J. M. Fernández The worst of the two worlds: Excel meets Outlook
Abusing the Windows Power Management API Author(s): smelly__vx and am0nsec Proof-of-Concept: (Full source) Paper in English Paper in French
Weaponizing Windows Virtualization Author(s): smelly__vx Proof-of-Concept: (Full source) Paper in English Paper in Russian
Cmd Hijack - a command/argument confusion with path traversal in cmd.exe Author(s): Julian Horoszkiewicz Original link: Cmd Hijack - a command/argument confusion with path traversal in cmd.exe (Mirror) CMD Hijack CMD Hijacka command/argument confusion with path traversal in cmd.exe (AR)
From a C project, through assembly, to shellcode Author(s): Hasherezade From a C project, through assembly, to shellcode De C a shellcode pasando por ensamblador Путь от проекта на Си и ассемблера, к шеллкоду
Linux VX EVASION
Anti-Reverse Engineering Linux Author(s): Jacob Baines Anti-Reverse Engineering Linux
dsym_obfuscate Author(s): ElfMaster dsym_obfuscate (Mirror)
INFECTION
Writing virus in MIPS assembly for fun (and no profit) Author(s): s01den Writing virus in MIPS assembly for fun (and no profit) Linux.Bak0unin.asm
Wormable SSH Author(s): Anonymous_ Wormable SSH (Full source)
INJECTION
Saruman - anti-forensics executable injector [TR2] Author(s): ElfMaster Saruman - anti-forensics executable injector [TR2] (Mirror)
Mobile VX
Infecting Android Applications: The New Way Author(s): Thatskriptkid Infecting Android Applications: The New Way
MacOS VX
MacOS Filename Homoglyphs Revisited Author(s): XPN MacOS Filename Homoglyphs Revisited (Mirror)
Self-modifying Code METAMORPHISM
Advanced Metamorphic Techniques in Computer Viruses Author(s): Advanced Metamorphic Techniques in Computer Viruses
Mutation Engines Author(s): JHB Mutation Engines
An Introduction to (Mutation) Encryption Author(s): MidNyte
Part I Part I
Part II Part II
Part III Part III
Recompiling the metamorphism Author(s): herm1t Recompiling the metamorphism
Metamorphism Author(s): Lord Julus Metamorphism
The Complete Re-write Engine Author(s): MidNyte The Complete Re-write Engine
Metamorphism and Self-Compilation in JavaScript Author(s): SPTH Metamorphism and Self-Compilation in JavaScript
Metamorphism in practice or "How I made MetaPHOR and what I've learnt" Author(s): The Mental Driller Metamorphism in practice or "How I made MetaPHOR and what I've learnt"
Automated reverse engineering: Mistfall engine Author(s): Z0mbie Automated reverse engineering: Mistfall engine
Data encoding in meta viruses Author(s): Z0mbie Data encoding in meta viruses
Metamorphism Author(s): Z0mbie Metamorphism
Metamorphism and permutation: feel the difference Author(s): Z0mbie Metamorphism and permutation: feel the difference
POLYMORPHISM
Demonstration of assembler based Polymorphism Author(s): Rafael S Marques Demonstration of assembler based Polymorphism Полиморфный движок Mocoh Mocoh Moteur Polymorphique Mocoh Poly Engine
Polymorphism - A Discussion Of Methodology And Implementation Author(s): Buz Polymorphism - A Discussion Of Methodology And Implementation
Polymorphism: Level 6B (Polymorphism: Chaotic Permutations) Author(s): Changeling Polymorphism: Level 6B (Polymorphism: Chaotic Permutations)
Advanced Polymorphism Primer Author(s): Dark Angel Advanced Polymorphism Primer
Other techniques of polymorphism Author(s): flush && MGL Other techniques of polymorphism
GLiTCH's Polymorphic Batch Tutorial Author(s): GLiTCH GLiTCH's Polymorphic Batch Tutorial
The 'bliem' polymorphic engine for VBA Author(s): jack twoflower The 'bliem' polymorphic engine for VBA
Viral polymorphism Author(s): Stephen Pearce Viral polymorphism
Guide to improving Polymorphic Engines Author(s): Rogue Warrior Guide to improving Polymorphic Engines
A general description of the methods behind a polymorph engine Author(s): The Black Baron A general description of the methods behind a polymorph engine
OTHER
"Smart" trash: building of logic Author(s): pr0mix "Smart" trash: building of logic
Hasherezade Collection Complete Work of Hasherezade (PDFs) download
Code Pe-sieve
libpeconv
asm16 projects
hollows_hunter
mal_unpack
antianalysis_demos
tiny_tracer
libpeconv_tpl
ida_ifl
detours_cmake_tpl
pe_check
IAT_patcher
bearparser
exe_to_dll
tag_converter
persistence_demos
process_doppelganging
process_chameleon
demos
pe-bear-releases
shellconv
pe_to_shellcode
IAT_patcher_samples
ViDi
paramkit
bearparser_tests
dll_to_exe
module_overloading
malware_analysis
challs
beardisasm
chimera_pe
password_scrambler
hidden_bee_tools
flareon2019
libpeconv_wrappers
wke_exercises
crypto_utils
loaderine
libpeconv_demo
decryptors_archive
jpassword_scrambler
petya_key
petya_green
bootldr_demo
7ev3n_decoders
petya_recovery
mal_sort
metasploit_modules
bunitu_tests
mastercoder2014
Video Playlists
CrackMe DEMO: FlareOn4 Challenge6 solved with libPeConv DEMO: a custom PE loader using libpeconv
Demos My experiments with enSilo's Process Doppelganging My experiments with ProcessDoppelganging - running a PE from any file More fun with ProcessDoppelganging: running Mimikatz from hacker manifesto ;) Experiment: ProcessExplorer vs my "lil_calc" WarCon 2018 - demo
FAQ Unpacking PrincessLocker in 5 minutes - using ImmunityDbg and pe_unmapper Unpacking Cerber out of NSIS crypter + dumping the configuration (example #2)
Malware DEMO: A malware bypassing UAC set to max (Windows 7 32bit) Using IAT_Patcher in malware analysis PE_unmapper demo: unpacking TrickBot and FlokiBot Unpacking PrincessLocker in 5 minutes - using ImmunityDbg and pe_unmapper Unpacking Locky in 5 minutes - using ImmunityDbg and pe_unmapper Unpacking Cerber ransomware in 5 minutes + dumping the configuration (example #1) Unpacking Goldeneye ransomware in 2 minutes Unpacking SmokeLoader (Dofoil) in 5 minutes + converting the payload (DLL) into EXE Unpacking Andromeda (Gamaure) + initial analysis Unpacking Ursnif variant Unpacking Terdot.A/Zloader. Unpacking Ursnif variant Unpacking a MalPack with multiple payloads - part 1 Unpacking a MalPack with multiple payloads - part 2 DEMO: Man-In-The-Browser (Zbot intercepting HTTPS) Petya Eternal - is the Salsa key lost forever? How Kronos malware is paired with a browser Kronos malware - let's take a look at the webinjects DEMO: what happens when we run maliciou VBS script - attack of ransomware (GlobeImposter 2.0) Unpacking Ursnif Deobfuscating TrickBot's strings with libPeConv Unpacking ISFB (including the custom 'PX' format)
Malware Unpacking Unpacking Ursnif with Hollows Hunter Unpacking Smoke Loader Unpacking Kronos Unpacking Ursnif Unpacking Ramnit with HollowsHunter/PE-sieve Unpacking Loki Bot with HollowsHunter/PE-sieve Unpacking a monero miner with HollowsHunter [DEMO] HollowsHunter detects impersonated processes Unpacking TrickBot with PE-sieve DEMO: Unpackig process hollowing with PE-sieve Unpacking Magniber ransomware with PE-sieve (former: 'hook_finder') Unpacking Magniber ransomware Unpacking a cryptocurrency miner (from NSIS-based cryptor) Unpacking BitPaymer ransomware Unpacking TrickBot and decoding config Unpacking Dridex loader Unpacking YoungLotus malware Unpacking Cerber ransomware (example #3) Unpacking Diamond Fox Unpacking Dreambot (aka ISFB, Ursnif) Unpacking a self overwriting PE (Neutrino bot - stage #1) Unpacking a self-overwriting PE (Zbot) Unpacking ISFB (including the custom 'PX' format) Unpacking Baldr stealer Unpacking Cerber out of NSIS crypter + dumping the configuration (example #2) Unpacking a MalPack with multiple payloads - part 1 Unpacking a MalPack with multiple payloads - part 2 Unpacking Terdot.A/Zloader. Unpacking Ursnif variant Unpacking Andromeda (Gamaure) + initial analysis Unpacking Goldeneye ransomware in 2 minutes Unpacking Cerber ransomware in 5 minutes + dumping the configuration (example #1) Unpacking SmokeLoader (Dofoil) in 5 minutes + converting the payload (DLL) into EXE Unpacking PrincessLocker in 5 minutes - using ImmunityDbg and pe_unmapper Unpacking Locky in 5 minutes - using ImmunityDbg and pe_unmapper PE_unmapper demo: unpacking TrickBot and FlokiBot
My Tools Using IAT_Patcher in malware analysis PE_unmapper demo: unpacking TrickBot and FlokiBot DEMO: imports_unerase - tool to recover erased imports Decoder for Latent Bot's strings DEMO: ChimeraPE v0.2 hook_finder - a small tool for investigating in-memory patches RunPE - 32 and 64 bit IFL - Interactive Functions List - a plugin for IDA Pro DEMO: a custom PE loader using libpeconv DEMO: FlareOn4 Challenge6 solved with libPeConv DEMO: Retrieving function names by checksums using libPeConv + code of the original malware hook finder vs Process Doppelganging DEMO: Unpackig process hollowing with PE-sieve [DEMO] HollowsHunter detects impersonated processes Unpacking Loki Bot with HollowsHunter/PE-sieve Tracing executables with a Pin Tool (tiny_tracer) PE-sieve 0.1.5 release notes - what are the dump modes about? ParamKit library
PeSeive Unpacking Ursnif with Hollows Hunter Unpacking Ursnif Unpacking Kronos PE-sieve 0.1.5 release notes - what are the dump modes about? PE-sieve v0.2.1 release notes - import recovery & unpacking UPX (part 1)
Ransomware Decryptors PrincessLocker - how to recover files Recovering files encrypted by 7ev3n ransomware (variant C) Recovering files encrypted by 7ev3n ransomware (variant B) Anti-Petya Live CD in action (antipetya_multi.iso) Recovering system after Petya ransomware attack AntiPetya Ultimate - LiveCD Using the obtained key petya key recovery
Tutorials Unpacking Locky in 5 minutes - using ImmunityDbg and pe_unmapper Unpacking PrincessLocker in 5 minutes - using ImmunityDbg and pe_unmapper PE_unmapper demo: unpacking TrickBot and FlokiBot Unpacking Cerber ransomware in 5 minutes + dumping the configuration (example #1) Unpacking Goldeneye ransomware in 2 minutes Unpacking SmokeLoader (Dofoil) in 5 minutes + converting the payload (DLL) into EXE Unpacking Andromeda (Gamaure) + initial analysis Unpacking Ursnif variant Unpacking a MalPack with multiple payloads - part 1 Unpacking a MalPack with multiple payloads - part 2 Deobfuscating TrickBot's strings with libPeConv Tracing executables with a Pin Tool (tiny_tracer) PE-sieve v0.2.1 release notes - import recovery & unpacking UPX (part 1)
WKE Installing HEVD Getting familiar with HackSys Extreme Vulnerable Driver Stealing an Access Token using WinDbg HEVD stack overflow
With Voice Unpacking Ursnif Deobfuscating TrickBot's strings with libPeConv Tracing executables with a Pin Tool (tiny_tracer) PE-sieve 0.1.5 release notes - what are the dump modes about? Unpacking Ursnif with Hollows Hunter Unpacking Baldr stealer Unpacking ISFB (including the custom 'PX' format) PE-sieve v0.2.1 release notes - import recovery & unpacking UPX (part 1) Mark & Hasherezade Funky Malware Formats How to make a PE with no sections (using Crinkler)
2020 The “Silent Night” Zloader/Zbot
2019 New version of IcedID Trojan uses steganographic payloads The Hidden Bee infection chain, part 1: the stegano pack A deep dive into Phobos ransomware Hidden Bee: Let’s go down the rabbit hole “Funky malware format” found in Ocean Lotus sample Analyzing a new stealer written in Golang
2018 What’s new in TrickBot? Deobfuscating elements Fake browser update seeks to compromise more MikroTik routers Reversing malware in a custom format: Hidden Bee elements Process Doppelgänging meets Process Hollowing in Osiris dropper ‘Hidden Bee’ miner delivered via improved drive-by download toolkit Magniber ransomware improves, expands within Asia PBot: a Python-based adware Blast from the past: stowaway Virut delivered with Chinese DDoS bot Avzhan DDoS bot dropped by Chinese drive-by attack LockCrypt ransomware: weakness in code can lead to recovery Hermes ransomware distributed to South Koreans via recent Flash zero-day A coin miner with a “Heaven’s Gate”
2017 Napoleon: a new version of Blind ransomware BadRabbit: a closer look at the new version of Petya/NotPetya Magniber ransomware: exclusively for South Koreans Inside the Kronos malware – part 2 Inside the Kronos malware – part 1 TrickBot comes up with new tricks: attacking Outlook and browsing data Bye, bye Petya! Decryptor for old versions released. Keeping up with the Petyas: Demystifying the malware family EternalPetya – yet another stolen piece in the package? EternalPetya and the lost Salsa20 key LatentBot piece by piece Elusive Moker Trojan is back Diamond Fox – part 2: let’s dive in the code Diamond Fox – part 1: introduction and unpacking Explained: Sage ransomware Explained: Spora ransomware Zbot with legitimate applications on board From a fake wallet to a Java RAT Post-holiday spam campaign delivers Neutrino Bot
2016 Goldeneye Ransomware – the Petya/Mischa combo rebranded Simple userland rootkit – a case study PrincessLocker – ransomware with not so royal encryption Floki Bot and the stealthy dropper Introducing TrickBot, Dyreza’s successor Lesser known tricks of spoofing extensions Unpacking the spyware disguised as antivirus Shakti Trojan: Technical Analysis Decrypting Chimera ransomware Unpacking yet another .NET crypter From Locky with love – reading malicious attachments Third time (un)lucky – improved Petya is out Untangling Kovter’s persistence methods Satana ransomware – threat coming soon? DMA Locker 4.0: Known ransomware preparing for a massive distribution Petya and Mischa – Ransomware Duet (Part 2) Petya and Mischa – Ransomware Duet (Part 1) 7ev3n ransomware turning ‘HONE$T’ Rokku Ransomware shows possible link with Chimera Petya – Taking Ransomware To The Low Level Maktub Locker – Beautiful And Dangerous Cerber ransomware: new, but mature Look Into Locky Ransomware LeChiffre, Ransomware Ran Manually Ransom32 – look at the malicious package
2015 Inside Chimera Ransomware – the first ‘doxingware’ in wild Malware Crypters – the Deceptive First Layer No money, but Pony! From a mail to a trojan horse A Technical Look At Dyreza Unpacking Fraudulent “Fax”: Dyreza Malware from Spam Rainbows, Steganography and Malware in a new .NET cryptor Who’s Behind Your Proxy? Uncovering Bunitu’s Secrets Revisiting The Bunitu Trojan Elusive HanJuan EK Drops New Tinba Version (updated) Unusual Exploit Kit Targets Chinese Users (Part 2)
.d- . :d-h/ - . `+ +h```yo /- . -/ h. ss :N/ os `d :: .` o+ oyy+ +MMMo /hys /s . /: ho ` /N: sMMNMMy`:N+ ` +d` :/ :y- .Ns /oh-`hMMy`sMMh`-ho+ oN. .y/ `:- -ds` o./My+d..dMMo +MMm.`hosM/`o``od- -:. -o+` ``ym/-m+sMy`-mMN/ /NMN:`sMy+m-/mh.` `/o- :yy: :o:oNdyMms`/NMN: -mMN+ omMyhNs:o: :sy:` ---` `:hdo/ddhMMM+ oNMm- .dMMo`/NMMhdd/+dh/` --- `.+o+-` /+/+dNdNMMN:`sMMh. `hMMy`:NMMMdNdo//. `-+o+-` `-ohho+ydmNMMMm-`hMMy` `sMMh..dMMMNmy+:+yho:` ..` .:/sdmmMMMMd..dMMo +NMm-`hMMMNdmds/:. ..` `.:+++/:--:ohdmMMMMy`:mMN/ .-://+//:-.` /NMN:`sMMMMmdhs/--:/+++:.` `.:+syhddmMMMMs`/NMm:`-+ydmNmmdddmmNmdy+-`-mMN+`oMMMMmdddhs+:.` -:+oydMMMN+`oNMm+sdNMmy+:::----::/sdNNms+mMMo`/NMMMdys+:- ..--::::::/+shNMMN:`sMMMmNMMmhyhdhhNNNNNdhhhyyhNMMmMMMy`:mMMNhs+/::::::--.. ``..-:/+oshdmNMm-`hMMMMMMNdhosMo.yMMMMMm./Mh+ydNMMMMMMd..dMNmdyso+/:-..`` `:+sydMh..dMMMMNs:-` /Mo yMMMMMm :M/ `.:oNMMMMm-`hMdys+:. ``..-:/oyhmy`:mMNsdMMd+. `hN/./ydho.-mh .+dMMmsNMN:`smdyo/:-..`` .-:://+++++omo`/NMm: `/hNMNh/.``+dhs+//ohdo``./ymMNh/` -mMN+`omo+++++//::-. -om+`oMMd. -odNMNds+:+oyyys+/+sdNMNdo- .dMMs`/do- `./h:`yMMh` -/ydmNMMNmmmNMMNNdy+- `yMMy`-h/.` ``-/oohm-.hMMs` .-:+oosoo+/-. sMMd..ddoo/-`` ...` /y.-dMNo +NMm-`y+ `..` +y`:NMMmsssssssssssssssssssssssssssssssssssssssssssssssmMMN/`so` `so :mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm: +y` `hy--:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::--sh` ./////////omd+/sdohMmyMNMMMMMMMMMMMMMMMMMMMMMNMhmMh+hs/+hmo/::::::::. .+o- .`oNs-mssMdmMmMMMMMMMMMNMmMNhMssm-oNs`. -oo. `-:` `hh. o--Nh.NoyMoNmsMymN+Mh+M-hM:-s .yh. `::` -h: `mh`/o Nm d//M+:m dN`++ ym` ` :h- ` :+` yy . -M: o -M: o -M: . sh +/ .. /s oh `M. ys o+ `- .+ h. N` .d +- . `s h o. . -` + :