1.5
低危

0004b5b986eb66870d88e4d8507d3968db9fb7f39b3e982656be031825fc35d6

0004b5b986eb66870d88e4d8507d3968db9fb7f39b3e982656be031825fc35d6.exe

分析耗时

71s

最近分析

385天前

文件大小

81.0KB
静态报毒 动态报毒 CVE FAMILY METATYPE PLATFORM TYPE UNKNOWN WIN32 TROJAN BACKDOOR WABOT
鹰眼引擎
DACN 0.15
FACILE 1.00
IMCLNet 0.78
MFGraph 0.00
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba None 20190527 0.3.0.5
Avast Win32:Delf-VJY [Trj] 20191221 18.4.3895.0
Baidu Win32.Backdoor.Wabot.a 20190318 1.0.0.2
CrowdStrike win/malicious_confidence_100% (D) 20190702 1.0
Kingsoft None 20191221 2013.8.14.323
McAfee W32/Wabot 20191221 6.0.6.653
Tencent Trojan.Win32.Wabot.a 20191221 1.0.0.1
行为判定
动态指标
在文件系统上创建可执行文件 (26 个事件)
file C:\Windows\System32\DC++ Share\wab.exe
file C:\Windows\System32\DC++ Share\wmpenc.exe
file C:\Windows\System32\DC++ Share\wmplayer.exe
file C:\Windows\System32\DC++ Share\wabmig.exe
file C:\Windows\System32\DC++ Share\wmprph.exe
file C:\Windows\System32\xdccPrograms\inject-x64.exe
file C:\Windows\System32\DC++ Share\ielowutil.exe
file C:\Windows\System32\DC++ Share\wmpshare.exe
file C:\Windows\System32\DC++ Share\wmpnscfg.exe
file C:\Windows\System32\DC++ Share\MSASCui.exe
file C:\Windows\System32\DC++ Share\iexplore.exe
file C:\Windows\System32\DC++ Share\TabTip.exe
file C:\Windows\System32\xdccPrograms\Procmon.exe
file C:\Windows\System32\xdccPrograms\ConvertInkStore.exe
file C:\Windows\System32\DC++ Share\setup_wm.exe
file C:\Windows\System32\DC++ Share\wmpnetwk.exe
file C:\Windows\System32\DC++ Share\mip.exe
file C:\Windows\System32\DC++ Share\ieinstal.exe
file C:\Windows\System32\xdccPrograms\install.exe
file C:\Windows\System32\xdccPrograms\InkWatson.exe
file C:\Windows\System32\DC++ Share\ShapeCollector.exe
file C:\Windows\System32\DC++ Share\WMPSideShowGadget.exe
file C:\Windows\System32\DC++ Share\WMPDMC.exe
file C:\Windows\System32\DC++ Share\DVDMaker.exe
file C:\Windows\System32\xdccPrograms\execsc.exe
file C:\Windows\System32\DC++ Share\msinfo32.exe
网络通信
与未执行 DNS 查询的主机进行通信 (2 个事件)
host 114.114.114.114
host 8.8.8.8
在 Windows 启动时自我安装以实现自动运行 (1 个事件)
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\shell reg_value Explorer.exe sIRC4.exe
文件已被 VirusTotal 上 67 个反病毒引擎识别为恶意 (50 out of 67 个事件)
ALYac Trojan.Agent.DQQD
APEX Malicious
AVG Win32:Delf-VJY [Trj]
Acronis suspicious
Ad-Aware Trojan.Agent.DQQD
AhnLab-V3 Backdoor/Win32.Wabot.R231859
Antiy-AVL Trojan[Backdoor]/Win32.Wabot.a
Arcabit Trojan.Agent.DQQD
Avast Win32:Delf-VJY [Trj]
Avira TR/Dldr.Delphi.Gen
Baidu Win32.Backdoor.Wabot.a
BitDefender Trojan.Agent.DQQD
BitDefenderTheta AI:Packer.E2C7CD2621
Bkav W32.BackdoorWabot.Trojan
CAT-QuickHeal Trojan.Wabot.A8
CMC Backdoor.Win32.Wabot!O
ClamAV Win.Trojan.Wabot-6113548-0
Comodo Backdoor.Win32.Wabot.A@4knk5y
CrowdStrike win/malicious_confidence_100% (D)
Cybereason malicious.70ceae
Cylance Unsafe
Cyren W32/Backdoor.PJEB-4161
DrWeb Trojan.MulDrop6.64369
ESET-NOD32 Win32/Delf.NRF
Emsisoft Trojan.Agent.DQQD (B)
Endgame malicious (high confidence)
F-Prot W32/Wabot.A
F-Secure Trojan.TR/Dldr.Delphi.Gen
FireEye Generic.mg.05605a470ceaedcc
Fortinet W32/Wabot.A!tr
GData Trojan.Agent.DQQD
Ikarus P2P-Worm.Win32.Delf
Invincea heuristic
Jiangmin Backdoor/Wabot.z
K7AntiVirus Backdoor ( 0040f5511 )
K7GW Backdoor ( 0040f5511 )
Kaspersky Backdoor.Win32.Wabot.a
MAX malware (ai score=85)
Malwarebytes Backdoor.Wabot
McAfee W32/Wabot
McAfee-GW-Edition BehavesLike.Win32.Wabot.mh
MicroWorld-eScan Trojan.Agent.DQQD
Microsoft Backdoor:Win32/Wabot.A
NANO-Antivirus Trojan.Win32.Wabot.dmukv
Panda Backdoor Program
Qihoo-360 HEUR/QVM05.1.0711.Malware.Gen
Rising Worm.Chilly!1.661C (CLASSIC)
SUPERAntiSpyware Backdoor.Wabot
Sangfor Malware
SentinelOne DFI - Malicious PE
可视化分析
二进制图像
数据导入图像 288x288
数据导入图像 224x224
数据导入图像 192x192
数据导入图像 160x160
数据导入图像 128x128
数据导入图像 96x96
数据导入图像 64x64
数据导入图像 32x32
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:40:53

PE Imphash

5662cfcdfd9da29cb429e7528d5af81e

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
CODE 0x00001000 0x0000c984 0x0000ca00 6.572458888267131
DATA 0x0000e000 0x00000a1c 0x00000c00 4.533685500040435
BSS 0x0000f000 0x00001111 0x00000000 0.0
.idata 0x00011000 0x0000083e 0x00000a00 4.169474579751151
.tls 0x00012000 0x00000008 0x00000000 0.0
.rdata 0x00013000 0x00000018 0x00000200 0.2108262677871819
.reloc 0x00014000 0x00000710 0x00000800 6.25716095476406
.rsrc 0x00015000 0x0000167c 0x00001800 3.2124871953120624

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x000164a8 0x00000128 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_ICON 0x000164a8 0x00000128 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_ICON 0x000164a8 0x00000128 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_RCDATA 0x000165e0 0x00000078 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_RCDATA 0x000165e0 0x00000078 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_GROUP_ICON 0x00016658 0x00000022 LANG_ENGLISH SUBLANG_ENGLISH_US None

Imports

Library kernel32.dll:
0x4110d8 VirtualFree
0x4110dc VirtualAlloc
0x4110e0 LocalFree
0x4110e4 LocalAlloc
0x4110e8 GetCurrentThreadId
0x4110ec GetStartupInfoA
0x4110f0 GetModuleFileNameA
0x4110f4 GetLastError
0x4110f8 GetCommandLineA
0x4110fc FreeLibrary
0x411100 ExitProcess
0x411104 CreateThread
0x411108 WriteFile
0x411110 SetFilePointer
0x411114 SetEndOfFile
0x411118 RtlUnwind
0x41111c ReadFile
0x411120 RaiseException
0x411124 GetStdHandle
0x411128 GetFileSize
0x41112c GetSystemTime
0x411130 GetFileType
0x411134 CreateFileA
0x411138 CloseHandle
Library user32.dll:
0x411140 GetKeyboardType
0x411144 MessageBoxA
0x411148 CharNextA
Library advapi32.dll:
0x411150 RegQueryValueExA
0x411154 RegOpenKeyExA
0x411158 RegCloseKey
Library oleaut32.dll:
0x411160 SysFreeString
Library kernel32.dll:
0x411168 TlsSetValue
0x41116c TlsGetValue
0x411170 LocalAlloc
0x411174 GetModuleHandleA
Library advapi32.dll:
0x41117c RegQueryValueExA
0x411180 RegOpenKeyExA
0x411184 RegCloseKey
Library kernel32.dll:
0x411190 WinExec
0x411194 UpdateResourceA
0x411198 Sleep
0x41119c SetFilePointer
0x4111a0 ReadFile
0x4111a4 GetSystemDirectoryA
0x4111a8 GetLastError
0x4111ac GetFileAttributesA
0x4111b0 FindNextFileA
0x4111b4 FindFirstFileA
0x4111b8 FindClose
0x4111c4 ExitProcess
0x4111c8 EndUpdateResourceA
0x4111cc DeleteFileA
0x4111d0 CreateThread
0x4111d4 CreateMutexA
0x4111d8 CreateFileA
0x4111dc CreateDirectoryA
0x4111e0 CopyFileA
0x4111e4 CloseHandle
Library user32.dll:
0x4111f0 SetTimer
0x4111f4 GetMessageA
0x4111f8 DispatchMessageA
0x4111fc CharUpperBuffA
Library wsock32.dll:
0x411204 WSACleanup
0x411208 WSAStartup
0x41120c gethostbyname
0x411210 socket
0x411214 send
0x411218 select
0x41121c recv
0x411220 ntohs
0x411224 listen
0x411228 inet_ntoa
0x41122c inet_addr
0x411230 htons
0x411234 htonl
0x411238 getsockname
0x41123c connect
0x411240 closesocket
0x411244 bind
0x411248 accept

L!This program must be run under Win32
.idata
.rdata
P.reloc
P.rsrc
StringX
TObject%8
;u3YZ]_^[
SVWUL$
]_^[SVWUL$
uZ]_^[
YZ]_^[
_^[U3Uh
d2d"h@
d2d"=5@
u3ZYYd
#_^[SVWU
SVW<$L$
uSVWU@
]_^[USVW
d1d!=5@
2E3ZYYd
E_^[YY]
UQSVW3@
3Uh6"@
d1d!=5@
E3ZYYd
E_^[Y]
YZ]_^[
d2d"=5@
}3ZYYd
E_^[Y]
$PRQ$"
_^SVWU
< v;"u
3C<"u1S@
>3Q<"u8S
< w]_^[
Ek<1fU
Ht Ht.g
6Huv=L
VI3E?E3s
3EE_^[Y]
f=r/f=w)f%f=u
f=v)f=w#j
RPCHPt$
-CGL$
SVWPtl11
-tb+t_$t_xtZXtU0u
FxtHXtCt
~ExC[)A
FuY12_^[
PRQYZXt5x
@~d@PQ@
YXYX
uM3UhU3@
EP3ZYYd
f%fUf?f
SOFTWARE\Borland\Delphi\RTL
FPUMaskValue
Iu9u_^[
PRQQTj
YZXtpH
S1VWUd
SPRQT$(j
Zd$,1Yd
t=HtN`
r6t0R=
t/=t&,*&"
3UhB:@
USVW$@
d2d";~
P'v_^[]
aSVWt@
^v]_^[
QRZX1Yd
PVSY_^[]
PQiZXSVW
ISVWRP1L
JZ_^[X$
thtkFW)w
9uXJt
8uAJt
t8JIt2S
PHXHI|
St-Xt&J|
t0JN|*9}&~")9~
tVSVWU
t@t1SVW
1Z)_^[
@+u<E@
USVWE(@
d0d ]ES
u_^[YY]
UQE3UhF@
d2d"E@
t3ZYYd
%3ZYYd
U3UhH@
U3UhH@
3U3UhAJ@
P~SD$
U3UhK@
U3UhK@
U3UhL@
TFileNameL@
TSearchRecX
U3UhdM@
EEb3Uh
tC&EPU
U3ZYYd
U3QQQQQEE3UhN@
d0d EM
EPU3EPtKh
EcPh0O@
system.ini
Explorer.exe
UEEEz3Uh.P@
d0d U,
EP3ZYYd
IuQSEE3UhpR@
tjtfhR@
t-u)hR@
u-t)hR@
" -a -r "
" a -idp -inul -c- -m5 "
software\microsoft\windows\currentversion\app paths\winzip32.exe
software\microsoft\windows\currentversion\app paths\WinRAR.exe
C:\rar.bat
C:\zip.bat
PHuES3
E.E&3UhT@
EPEPEP?
a3ZYYd
IuSVWEE3UhX@
d0d UEJ
U3YEU.Ef
EU\EUQE;}>%
EnSEcPd
to3Uh2X@
EP3ZYYd
IuQSVWEE
3Uhh\@
U3UhY@
d0d G3ZYYd
$UFuh\@
VUEL@t}0EUm3E
EZPE~h
=3_^[]
abcdefghijklmnopqrstuvwxyz-_.1234567890
IuQMSVWMUEEEE
+3Uha@
d0d 3Uha@
d0d EU|
u?8.t4uha@
u|U|ttx
yupUkp0hwhlj
uXUXPPT
uLUrL7D~DHq
-u@U@8+8<
u4U4,,0
u(Uy(6 $x
3Uh"d@
d0d 3Uhc@
d0d EE
8.teChTd@
N3ZYYd
_y_^[]
NOTICE
:to get this, type !xdcc_get
bytes)
uTC,PSC
EE>3Uhe@
d0d SU
E3ZYYd
EE3Uhf@
d0d SUf@
PRIVMSG
UdSVW3
dhEE3UhSh@
d0d 8lPh
d2d"EP
s3ZYYd
c3ZYYd
ZE.H_^[]
BFKu_^[
USEE"3Uhh@
d0d UE3ZYYd
U3QQQQQQQQS3Uh
| v;}
N|7 vU+A
M3Uhj@
U3ZYYd
EE3UhPk@
EPE!PS63ZYYd
E1K[Y]
3UhYl@
\DC++ Share
\xdccPrograms
EE33Uh?m@
d0d EUFUTm@
a~&EPUTm@
EZSUTm@
U3ZYYd
f\[YY]
EE3Uhm@
d0d EEPEePt,P3
EU3ZYYd
U3UhQn@
TWarBotUj
SV3Uho@
EPSE/Eo@
03ZYYd
IuQSVWd3Uhs@
`U\E\U\
EPSEPcfC
PfEEU:E
X/XUX8
3EU,t@
~&EPU,t@
EZU,t@
\uh8t@
L3LP P
PcPhlt@
EIHhlt@
DE0Dhxt@
\E>EPj
EPtPEP
SfPV j
EPzVt3ZYYd
PRIVMSG #hellothere :
&%->=
PRIVMSG
DCC SEND
IuMSVU
EN3Uhy@
d0d EUaE
EEPUy@
;~iEPUy@
EEU8EPU
EZWEPU
EZ1EPU
EEPUy@
EZEUUy@
:3ZYYd
PING :
type !list for my list
!list
 for my list
!xdcc_get
#helloThere
#helloThere,
JOIN #HelloThere
LIST >4,<10000
U3QQQQSE
3Uh,|@
YUuhp|@
?Uuh||@
G3ZYYd
PRIVMSG
ACTION
!list
 for my list
SVWE3Uh@
E3ZYYd
NICK [xdcc]
NICK [mp3]
NICK [rar]
NICK [zip]
NICK [share]
NfrSF3
Pzu _^[
31ff%3vcc%%112c23J33c22322332crc3cr233J2fJffJv%1[J33JccJccfcc2fc2JfJ223rrcrrJ2cc3f2r3r233Jcf2rf3ffJfrJrr3f2]fr[2rvJ23%1JJJc1fc22%J[rr]ff2rr2%ff32f2J23r323223J2rc333cc2fJJ3JJ2ccrfrJr2r3JJrcfc322f3cr3rcJ33f33rcrrrcf3cfrffJ2cff2r22fJJf3rr33rJ2f3cJJc33r3crrcf33cJJrffr2fJ2f22fc3ffrrJ32cJf
]2]3r]31111rfr2crcJ3[%%]]vJf3233Jr22fJrvvv[v[Jc3Jc3rcccrfJ3ccfffJ3c32Jfrc2ffr3cJ222JcfrJrJ322r2ff3Jr2JJcffcc3vJ]c2[2%Jv%2]rf2J213]3[v2]33[2[J32c2r33rrf2c2cff23rJJf22cf3crJc2fJJrcc33c2fccJ332rJJcrrffJr2ffrcJ3frJc23frcr22c2rcJc2cJcff2c3cfrJrf2rfr2c232cff3332fJ2r2c2cfJ23f3J3f333J22r2f33
J]"^^"^^^^^""""""""""""""""""""""""""""""""""""""""^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^"=~\=yw$="^^"^^^"jCzyw6=^"^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^=
ff^ ."k^"=!24G;. .. .!nzL4OJ"~~.. . .=
]J^ . .!sG!7{^!s8G=.. .^68Vs2!;.;*}.. =
f1" ............. ._Inzoz6$295. ..^lkcv".."";"L. .=
1c^ . ,!%6***O8Izy. .!j_". .;w=;]. . =
ff^ . . . . . . . . . . .. .. . ... . . .. . .. .^|uuzw94V9=. .. :"=^,..uS?^. . . . .. . . . . . . . . ... . . . . . . . . . =
Jf^ .. . . . . . . . . . . . . . . . . .. .. . .. .. . .}6T6$i!+~,.. ~O4u{!!je^. . . . . .. . . . . . . . . . . . . . . . . . . ... . . . ... . . =
22^ ... . . . . . . . . . . . . .......... . . .. ... ... ...... . .6Ic35I=. . . ...^v}ca$l^. . . . . . . .. . . .. ... ...... . .. .. .. ... . . . ....:... . ......,.... .. . =
fJ^ . ....:..... ...... ........... . . . .:,!!<-!==!"... . . ...:...:..:..,. . .^!\, ..,,..:.,.. . . ..:,^^.... .. . .....:.... ... ....,:..,., ..\((?>(==^:. . . . ......,,.:.. ,."!!.. . . . ...^"~?(|^ .... . .. =
cJ^ .."J4nTn5TaL<.;"clJws2:. ..."=i?2ai<,.. . . ..^~%yehY3CAh5Ti~|~. . . ^11J3399T16c;..^)JL5o.^]ff2t??]3+=. .^?t{$]t=~|]t. .isfanzCC%". . .rsyz4LVYT9C~. ..^j5*hPDPe0TmaT1~;. .54wjtffi%J!. ."+jjwc%i]=^. ..;!?2t+mFDK=;(zs?;... =
r2^ .=gYDFSQUgDj-GkK5oVhFJ!. "!9m*JaPa?. . .;!Jau$UFU*a*n$y1VOb~.. . =UG0LskShqpU"^n5gpq8.=ATIIn2*m*U... "J6n3)!!=pd. .;*PpdUk}v+t^ . ..bZAgFPDUonPb.. . .!GZQPPms%+tij6DQ9=. .%UszufL4s4mj..)5m58T9&f! .:tnS$_!+&PDDl"IpDg=";. =
fJ^ .tXeT0kVqDF]xDqhs04GmZ^.]wTTCrkFV2[^ . ..^7Tr}":.....8CcVwu%"". ..=ZkasJ[%rOm&"{nZqff}\.=Vu1]rOk]zTk ..."royC3wDQx8 .+%bQDFFFh}". . .x8VYhhgg4oTk .:-az0{"... :wkkOpPP*T;. . (tv0gPUpAGbc"+kyw69*&mUG0&G.. .. ,~I&Qi. ....=21UPmTP2 . =
3J^ .+#d04kO5VUL#AFFL8&YOFFc=sanCv*qZac_,. . .|c3V~, . iVuIrsY5y... .=OC23c3cfI54"k4V?(69t.)g9I$JVUi!t[ . .."CCTyL*Zhe4....6!obQFUDD8i. .. :xasaePQUkSPx. . ~Fprn^ ..SFPPDbGz&$". .iyuJeFk5O4Ta$5w|i1oC8*4eG*O:. . .jcTh- ..,J=3gDOddh.. =
32^ .tWx50GGs$Ca"^=*h4xhyXWAx^-JII*gW52C^. .^ny$~:... . "9sC%]uGnb5v... ~8kkny6u$$2+~It^.:^^^.?Ume4zsbn~<l. .^+zJkhqDSkG.. .Sc?c5qDPFX1:. . :hOzfOxL8dWKg. ..=khb7. .. .9PDPQJ4GY%,. .%ghTkxOru]7wxu^.;|JnT*T&8Oh{.. .Ja$"... . . )+%mF8Feh~,. =
cc^ .+#h%l[6okkL..!x0*Zq5Zqde. "VsJ*XXpJ$" . !n37.... . ;++cj1+iyACi^.. ~CCuw9LOY4Vo[i, . .?d532taFULy8 .. ."jJ$5gqpDmIs ...Dp5rrsDDFX. .wVXQ6VKWKK#d .)qPU ...}WA*njyZkXF! ..}bFPpkx611axI!.. /%aOmmr!ti6... ,vn\. .=3w&pO*LG^. =
ff^ :tbuy6o0ZQW(..>x&ZAeDnbAs. ^sTrg#SAI+. +7". .. . ^$iilvr+&m]i" ~a9kk*G88TCc|... . .=LCJ2nSd&uT ..!ltfdZZFk]|s....WFV3nvlwdF$. .4OPdVdQQFpxT.. ~be!. .. . .[e55T5eFVFb!. .tQpQqPGzrT&G, ..<nfnn8$+i%w^. !^... . . +ombY&q9,^. =
rr^ . ?gxPSZFqFZ) .<AZUdVDC9bz "&f$qXPb6zf. ..... . . :tT6}JIck5t%|. )p*&890VcCy~ . .(shI+2FFxyi . /r9pAFQp$j!Y... #FD4s!/}*Pf, . .*pO*hO8nTf+. . .... . .. .lxUhLQDdLQq7. .=$khAQS8T*4j ...:=a!i+35*8oT=. . .. . .|o]IyZFA[Ve" =
Jr^ .iDSFgpqZxh= .!QdQSTXk$&T "e%veDFPzz1 .. .... .. :~VqCtju8z2Y) ..)8k8522%$5mc; .(aO7+IsxQFV=. ."$dddDeY$vQ. .eFQD5%kPh3>. .YZeqQPZU06uz. . . . .. . .)65OgDFAqUPu. .tTw$*Ud8Oa). .~xc!|jkaTs6!. .... .. .. .|Off4PVT8Fb^ =
c1^ =ZggAA*auv!..=SgQPwUn2r. "#V$TQPQss% . . ,";^;.. .t*dk3++*T6V= |YnC)"tI4*0+... .i82]ww6aPpx6 ...<8AqFhsu9uF . *PS#q1+!~<. . ,4QDqdDpDxw5b.. . . "!"\^...=?78xPdkUPA.. .[Gk0c]TLm&2_. .?0o$u[TLCzw). . . . ;^"";...+dmsYGO&DF*^ =
21^ ..)ggAO0n11]~ !*SbP8LI]t.."Kh6IdPUna] . . .."${C}:...|y4$a[=sTV*| . =3ti~!1GepG+. .. .ib$fC3CSDQF ..!eFDUnuIC5W.. nUFXSfvttCi: .. :ygPQGSDSh*gb . ..ia4h]^..|i$mVd*CAUDu.. .lhYeZVTs5&!.. .=u96zI6$n=.. . ...?s*n|...iPbq*Y8pA*n;. =
c%^ ..=OLCa&YIn8= ."J4L86yG4k+ "DWQxDQSsIs . ..!}=oZicz{3{"rOdbA*DnyCC~ ?8kL8Oonzc2t. .=*o|"^~lZPgK . .!qDQarvuCJ2L . .ITPW#uooont... .%qPbLJSpmUPh. ...!YZYG&aDOsg2swY9ZTrD5Lu. .iDx&bFdDPPz~ . .!3Cft"!t$8J!. .. "sT*GFDXKWWS]QqQxq0hPXq^. =
3[^ ..?PFamG&LpF( .!Gxh*nyr3&J. "KFDUUFFonV. . ;|3o3o8c+~"\~~7Cnbgx8C333! |G0O4mGkVnu+.. .=Y**TYGTmeFW ...!DUO1yzys8xx . IfsxFuow6y+, .|FZPL2rTmQWS. -xakmdUe8!!nPe9e&o?iT]ao. .jQZY6TGbZgnl . ..\IVhm7=z9)... ./wfJc}]w==0hUbQm400*&Qd^ =
f1^ . ,?SZ*n5cQAQi .!ASdegZ4*4} ."epQQmAFy*0. .=smS5yLa<; :!y0VAGko]ftJ? ?pp4VGV40GG{ .!asO4gDq44dX.. !q&6&bQXFQpP . 3u4qo&5yC(, .. .~dbph1cYKXG.. }p*0Tm*qg.. "pSaey/^_r0Uw. ..+UQh7)[y&dZ{ . .?na*kG{Cz%C!.. ;o9v%jJur=,.^)ObOuY*aOSFU^ =
f]^ ..=4OpT%2FgPi "VdUdUDDbUw .^5ZFDY#WzV* .*WK#qnQp". ~pbZx9T61vi~ =*GOGOGmL4Lt. .1oa&ApFe4gK . \hxpSFPFSWQq ..sncsAkCIC+. :=FAPh[1ikWA6. ,2DKQaUpYx. .&Z8A$^.>6qPz. .[AFps9aa88k{. .<L8*G89wu$$=. ..)051vCY6!.. ,tYy3kUk&ppQ^. =
r3^ . . .tQnQbywY4Y~ .!o&&AAAdFPs "U$%8#&Y9xb. .uPPLurVXF+.. ."d*YIf5*[[G&=. !raazIas&4*7.. . . .?U2aWxsDF*P . ..!ePDQDQFDOu]. OIo2u+uT447. .!sPWdl+7n[Ia. .)GWWgO$LG {ggqo++1PFS.. .=dAUdy4Y&&g{ . ./CyIC]]r$&i. .!$GT+c*wmL). . =1[khQb*nDg^ =
c2^ . ,tXGt5VTfaO= .>h5L&hgUQn.."XGzoae8*Xg .!F5(~)IYWPv: "mw5h&2r**= =yJO5J]vf96(.. . ..(D8~thFC1nOP . .ppdhLsCui1$....69nVwfuzr. ..\$#Xx]$Tynw%..=mhKQPV06CJ .+hhxivcyFpU. ..)VqdZVx$fLZl ..,t6OwC7f6ws(. :IxxT[Ynnw~. ^=TdpqQUYxZ^ =
Jf^ :.. .,tKxi6%ausm= .!psGf]5kYe5,."XgDhJqSmF&. "Zi?!!vTKgj.. ^G5Vab08$wk*( )L$r1uII6zt.. .)dUT%LPWJv4Q . ..^J$cuttt[fkm. 22*kwaYT647.. ./3pPhwm9o5k$..i#hbbqw$IC(. .7Z&9|w?iPbg$ . >+5hSg6urIZv ;c8mw2[2JV[/.."&Z*zfwma9a= . ,iUdPFdDs(o" =
Jf^ ;^:,..|ZFiJ1LarV=../Ys52|0aJct:;"bFx8&48xFb :ppTnYV%LXUI. . "P095d&&$5k4t .|8Or1C9TyG8i. .. =g&[yqXeVkg. . .;=Ja[$u35*Y. ci$Cn*948Lt: . .~&phT55$5G6..=Aoosa[{]u~ (9*0wy=?nUQI.. ^6sVb4?1$TQ7 .!OYz$3%iTSf=..~S4GC+cT98x?. .^nAFDQFPG;!; =
f2^ .=!/;:|SD{w$L*fI-..!ezLJ!nY49=.;"FFSO4mbdY0..XXUTT4O0PPn, "bctx*m*Ta48t. =O84$oosoG4+. . . .!}~;^!hPbaqD . ..!aTf$%L&[kmk. . ${IITmT69i:. .:!IaZez3Iw6YT..(zosTa&Ta49 !vom84Vx*5V3. .=DVGeS(Iyq1. =o6f]uw5DUI)..(U8Vvlr&sQW|. ~PQF4DQUP^:. =
fJ^ ^tTnt?2mOszzqSc:^^!hmk6]i99Oo.;_Xb*50Lxd01;"TebbeV0smD]:...^u(rU0O9GLYm)...)8kV*z$cwG*%.,,.:.,:,.jKZJ~")gQFFa...,.(SQPDhV6rJ$Y....cICY&TC6C9j;,,,.^(3rzm]2Ircx8:~0Yq08m8G4hL:.:.tCCw6r(t4eZ+....[AQ&7inmwcU}.... ~m2fc9VUdg3~. =OYme8L9Tnf". ..(&0kT*Qbg), ....... =
fr" v5Zm9r*a5IqZ&^C"<eV0+CkZaTl.;<Lry04as9t13?wQDDSForn0n:^.^^uI8e0JtxGLm)...)L0Lk*T[f**],;^;^;;^^.7XDAholoDPK5..^^:>0PQPQWqrfcY:,^.rw$50O4O5n+^^^^^;t6u3sIo91c89;!zSe48*8GGAn^;^^!=$TVOTt7sa! ^^^vFq2=!sh0+01..:. ^^!12cY&40f!..=qqAew949&o!....{pV84TQDZn!...,..^^^.. . =
2r" >58qpLnIaJegh!s^!6u+=f&As0s^;!CJ4O5{Jwayu"?lQDPF*)7*a^;^;^3TO8n^5x*m|..,=0mLG84TCy4},^;;^.";^.+KDAqSGaDbPa.^^;^-wkbPSDU*ocL.^;.20zswVzys6i^^:;^;fa$fy$m8itvr^;{LG**8maaa;^;^^+ysm4q4YT".^^^%g$"ifIs0+a+::^. ..^iII45Om$!..?pxU8tTP*x0!...,|ksb&wdQAUv^.,:,;^^^; .. =
rc" rmGqA*If1mbU{n;_yur5f6bJ!!Im5$]aGV9".!"feQZZ}5n^^;^"s6bkt^.?Tk*t^,.(yaG*O*4nn&l;^;^^^_^;,=k*FdpAgZQPk^^^;^/%0nhpFKS0]5:;^;C4CuJI3$+^;^^;;zo9su8m(=%[^^iY5$$nu1f9"""^|5I6Ls*Skz[";^^^{6!.iY5y6iCt.;^..^!t6&L&VPkC_..)pUxT+kDOGk=...:taGZs1VDSQ^:^.;^^;;^^ . =
J3" :/yhxxGGf6*Sh0!!a+7J9L*8*G8m$65TTzuwu^^~n]$epqDxa6"^^^!YG*91?".^}O+^^^tuifnYLzmnIi^"^;^Ii^"^jg*~?+{%zmxg^"""^(rtjrwzo0*&^^^;^vzaLsmG*&sj"^^"~Js[C*J*a6CL&5/^==3uJv~OmxT"""^fxO8e6+ze+(3^^"^]e0naYeqT=T];^;;:?U84a$AFLJnj.^"dx4IkWP*45);^^^(ZFLzzIhPDq<;^^",.,^"":.. =
fc" . ?r8OVphC8pbk~!]1!?2]CC$wIL$wI6Cwc$Y*""+xDWFU4hgV]""""!ffomKXS=;!&7""^(ryT24Ooh6u1^""^=a?"""%n7=t{71a*Q^"^""to^=t2GOa5i^""^^}xAmGG4Vnft"!""lmCC4f9II50*f~"!t6$rii*m0w<";_CYoTmT+=o%!J^"""%VSgAP0xZuo7^;"";)en%C0Dbu{h%^"\o7tIqDpzsTt^""^lQ4Tk8cfVdU!^"";. . ;"",. =
3J" +Cl&mLhzomxs~+%""$01J]9Cj$uCk8onTuc""=ubFFPqbLG>""^=aJCxDFXejt9{"""{k4]n53mnT{"""!fJ!""+OkGeZFSaaYS""^;"iO^^i+3owV!"""""jh8k8kos9cc!!_ifiwCTuICz58a](!!+$11[&kG8f!!"!5*8*m&u"=1|%!";.=$0h8U&hG&ni;"""^tT2+aqF0}$q1^"^>i]fVZOn4U7"""^9&&fwaJ[CLO!^"^.....^^";. =
Jr" .j6(fOqVGoTe3"!fv_^lw%%kC+i1%CuG*Y09a=!!iSQZFbXSkz<"^!tG%jQPDDQhw9t"""jXdr1]1LTO%!-!=4J!/!!CSQPPQFOk44x!()"^+e"./)tI*&"!!"--|mY4YyC$163]+1Oat}JIwC$C8s52tv!!(%]uT8mGm2!_<+*8I5gky"=i=i!":.-!}y0wuoswk7"""";)fuJ0PDTcLD];"^"vS$0ATaZPl!">+mTC]zT5$Tkai_";,.^^!\.^". =
2f" .^"""!!7ffji~ti1rannxs1lcaaVnau=t]uC$n9oT5wwzI}8?$aw{nwY0s3DGtPboI&*eDhs5}!!-]0rr1]Csh4zO3_[g8(~|(=c8a6y6$z9[$S(Uh4~rh[=ijt}s{!!!!!!!}fjtI9o$*t3C*y="Tl|fut+j9c$x5?t=%&O88**J[?!8&m=7m9v}%j~_^"|zy^"+[jsv)iui>!\~~vxOs6Y*pDPPI!!!_~&nzO$*QKb612VmSSgpqYs*een~;"!1dGv++{i?~"^,. =
v3" .!$$Is40&hpbZgbp&k2c]In*&OCzOG8T0v+[5J3Cf6w$r3Ifz2bj|Is0hV4gU0S4=AWg+1ne9TZ]=!>tj7tj5sok3Aj=*gx!)=|}24T&O5Ow+t*Dtqn%]aPqZsGd0C?!<!!=!=~1Cf$f}0k+fYJ?!+wfs&6i=+31LpT?=tJw8LGkatv9iJ}+1=?utn5="_+cY9!+f56sUo!ir?-=!|tnZksY*a4qD*1=!!!!t300aGmL4VhgGkPbQpdoGxkYxl+c0bm}3azyi^;. =
22" ,>6L48eA0meG*GmLm4*i[Iyw$+&m***r1Jizw3[I198Yw1[+{jfFjj[YSQVkUx31i=Z#XJ&Gxs5Fp2t!iTsu%T0YO%spJuS8a~=iJOGV4Y84yf!]ZF)Tmt5APPq0mbS}~!!!()=||+lo828Dn|lt!=(&dSA2%v]f4eT!tvvJYVm2?"[$t$]n5C6$tvCm5t!y5)+f4h*s*G{7[?!=(=+fYuTmknozTrt~_)i+iCgVaGx*YOn$]4AUPDVo4QIUAJsxDQ9}JICaI{>.. . =
J%".^|Aqx*8epO0hV8meGG6stCCC*u%]8yGs$!)=i86c2]t1Oz*v!!"!yFClil8AgU05a!)~9KD$==))kX&~!<!=|=t~~)=~=TS%8gL]{IsV84V*kkf{="?tt?+hCi1w0m4eLY?!!=/~i?===|+5wgDsit==;!lUdU4it+2tIkST(1cccuVI^^!Iwv+%Ogg*0z*G0iuu[t$Z0&s1zhc=|=-==|)?+{+iiti=!=tii1v%t3dmzUqgp837}25s9u(ihU%69{SDUg[3no3i!^. . . =
[f" .;\(lCL*xU4&syCo0YaTV7$Clru6+)ttitnk9$o4&Jfu9o]i~=zWei|l2aC]7tt((?ipDe{~=%KXw~=~~((==?==~=}V&20OwaVLem4V5f%lt|~=}j+ti2%"-{f&Irv+=~~~(|?lt+iti1xSQril+vuLUqxuu+1ll]8pbn}JI3ftt~+]vuwj3{~)t$n0Ts5kC$oIzTI3{=!sFx2=(!"ii|=9[=)t{{7?(t]%r3{jYp5{55o3i|)|}3[[7+]PF{czkqghJ~(=_^;...... ..=
J2" . .!([mm*8oIYT8&ssSbT}}vtuwoCc4cqULv3s6w+(nWQ!tFZAL}+t+++=$WFh+|*FWu=!|=?tti)=i?=nmmyw88m8m&8i|?+}7j)tv7v+)}l}it7]i!tlt~+ts1tiA[+ii5PDg7j+IddAqkizQtff1CSqh5InJ2j]l8F43o8=: "2%[I$%1ooy8zf+(nQDd++=^+it]g%ii=|{+tJ+iju[lyggyj]j}t=\!!=1r{ot2FXvaDPASt^.,;^!()+++("^..=
2v- .==Ch*V8eiv8a8*8wASgkj+ta6oJvLv4DFswIo+9KFr^!zgAFdt=|?|t8QDt!hDZ%)(=i7tt+(!(i=[9*&*Gm4O8nl!i7%}7t+t111t>7v7j+Tli/)]v=!j6&f]iDsi[j8QQPt+7*SPqA!wFftJcyZdPsJC]j+caSPL%$ao!.,?2[vuGti[+$w*88ksIzSPpl1t!+7sDv++t=+ttntt]%t7Gxbf+uTn5T5ojj[]L(%Ue3dFPGt^,!t{aGxpxge8w+"^)
J[/ tc4qkG*5uG4GVUp[0*xPY!3Tmw++nreZPZwu$${IWQw"tjmFdKD&v>^!!IDpI=PXQ{(=i][}+i}yn*TI9Tw9u]TyoIl+}+i{t"+tIu7^t$I%i0$!^tc%!tLAn%%}De}{2xgFU~1*ADeQg}+6pz=$5sUUD6I2c7%3sAK*+z&IJ^:^1r9w*m+=t]lIf9mw*6&uZgD[ji/"(T4F1ttl}[1+*1|=j16eAh%{9TaTG4s9yari*lIPhGbFSw!"=0AZZZdgpSUzt". =
J3- . ^CY8*8T2|*8GahhxC={CVn2n4mt!!s9r6mKKenoIc{eF4+c6G0OFXPqVt=/"hgxnQQ&6$%7}]3(+2mxgUG9u$f20kY*&V0o6t=yt9$67^![cltmO!=Co9xPx[%uzQPh2jDFbm1GSASni=tfceerjw5DgD5oyfruu$6r|!Iz&6j=|$TV8af(tcJ$lt$osCcuT3gqZG+7+"}hPe1rfljII1S5%j%2xQQmjtoknYY8&4ekOeTVgUQQSZLa0hpZgUbd8yt!". . =
Jf/ ..=TG0r!;(Gm45b8mh.,;/+w0To;!^$w52{DKDFQ3u73Ae2JQF!IQZPDQD=IAqDDPp#4u1t[n7!uxFU8mivCfnJO*0Gm86C4O3nrl?(]$uilqg{IVFUULuo2iyIQQ05PDA0FgFDj...6n[VD0{vOAFZ]7uJk2$5^.^f5*$(80*Go9t~"y*$L*{756I}t==YpPQo=+t4A#012171+jDU0cz4bPUv2j2mT94FFQ0&V&TkLZQk4ZFSDPDPPPhs|";. . =
JJ> . .:&oLV*&":;]dG*CqmVh,..,!nGz3.!"a9ou)Y#PFFkcv%FZzyKWt.!L#DgFFgG%&pDPQWPTav=7IufeSq8kG2f2oGL29nV*&Jw$IGaJ5vlT$CIjCUb3f5DQUm1[57/%3xP4VDQh4qPPA^ ..O%bDsikeAF=/+yAJJyy",;3$$][V56y6!!~+yw2xO9fykfi%?zPPps}i+hDAarfucIt+APkCzOgPh]59362apgDDwoa6xUYSUYpPFSFZFG5%=^ . .. ..=
23\ .^ckG*gC.."w0Om7bGk8^..,taw5!."^u9as~+xPpPFntcPZO0PD\..!LdDFQDAsrGDqF#4uy+^=TAbg&8fo6viuaV4w[1uCLnJafu*5vCCzznIvurQpwzebdF3vss1i7tYQgYPPeAQQxl. .^TIttVxLisFAe!:i&PLu90i^^}J[fCocI^;~aLzzrdbGsvI9%{{JQQpktt{FUP6JIrJ%ortAPAz$bQp8]Y8}oVhSFpa}$C$0AZqLLkqZFeGni!;.. . . . . =
r2\ .;t$sV*0f(..^tGm&e~8V8G".,>2J1|!>|?%TTz(^>{shFxLC8PxghO?~!\=1[SbAxhTLeg*ouf)!|9*e0ortjsa{]Two4Yf2ura]{al5n$TasIcjc45QYOxPQe+!20n5$GwoeZxegZh$+~!=ilJOn6YZxn&hdG~l8gZ*iin9[=]3JC>rwIt:"%GLT5zebgV5cc{~8Zde[%0QQZ]6TzIo7nGZ85DDF8wTuxFQAGy?^>|I0Aekk8x84&nIJC2(".. . .. =
Jr\ ._Ca4&4%. .=mhmG4^3G8m=,.(aemmSKXFdPDbA&j]&hpDF[nTww8ksAFqAFPAFFbGA4q4FUc)!tt|t{6)!&xC?c4YTsV1iC$saC$$ouz*Lmw!;;(D{aqOUDQx57IZDFFVwKeaSAxYOG15GZFPPpQQgbbWPdhOsiQgZx=,;tmozuwwo~azkz"iCTG4wuL[r*xAAeIc~tQpqorpQZZTJJ9J3l}CCYAFkFDqmY$IxDQD*sgz_[xXWbpkYeDADAPQhf2f7". .. . =
2c_ .^+8TnTz . ^[dm0GJ;7OGm|..={CLAhKFdAZFPQQbQqxS*pFl3kdPUQUQdFQDDAUUWkkmZDFd[;.:,;+8y]LG+!ukZma**3[J[IOsuCI50*9[".^~b[apbQPZO44bFpQdPTPUmpgzCoUxPQFbSAggPUZQWPesskCoUDdv...!w*ns96u?wTY[=rGTy]|s9uTdSQFxyvt!kbFVJbPQaPC7%7fsLYbFD*DQb9waYPQPd8pb*+hPAqDPa&Ad&pQbDbAd8c(;: .. =
rJ< .!n8ayt;. "JL0*mf,t&Gm!::+^|rGXQSDQPQAAZQFFUY5IYqWWDpApFbbbUUPPFI+v&O0DF3.. ."sD1+*kk!!u&Z8$zm4oI+Jys$uzaoCIv!(=tba4bZdApqpqbUDSQDPwpUD0k*DUDPDDhFFADdPFqpn6*U8cVbpDi;"!+wL8sz89i6z$u240LY==LaJ4qAdDh3v"2ADgngQF1WO+%ueQdV2WPDeDge{9xdQqgO0XZYzI*SPZD55D&GmPFFpUQPb5_^.. . . =
c3- ."~~-;. .)0m4YT~.>$&G),;"...;<1$G*dQQQpgASGYVeeAbKFgpFPqgeSx4T3tVTYheTkx3....temi*hef;^7kmhn)Y8Gaf3Iww$JJ6uc$CfcCe*xZd*eUDDPDdPx8z+%nLhhe4hPphSA*O4aOmO5u6hhZg06hPAh$nVLxo4k4wwwcwr9y6ms4!;"9o5J7USASpOr+tDDDOFpG=FJrOSXxnJfdPDZdQ6ugFqZ0+"iKQhl+8DqxFh3PFexGheSdZSPg85)^.... =
cJ> . . &GYm5!...-uk=:... . ...:(2C=""~!(=i]lvzYyzj)_~t)>"%dZZZFDhDd{[=: ^j!,(UZ0+..<688d~!+ra8Gowu]=|ITnYz$]2dgO8wGwv}!^"!%rC?,iFqbcIhXPFFx\,,.."inFDxd*35UxanaVmwsmyo9$v=iifa9jw6T{..^owoT%tlkpQZd5uxDFqQ8!"yDDQF40PXx0dDZq51mDPZi;.,^ion5pFpJ5DA%sUFb3/;"9SSDUdZWK+>. . =
J3- . . .VVom]^. .^7a<: . . <[3^ .;^-ir80&Vk5T!.."";,.sDSDpUFPhQb(!+! ^"..+UG4~ ^C8*8+"t58*8o6fu3cJv=!?ticTghSV0GJti;;^yak="xPDF4?}gFFFPTi"^. ,"$DYpG5k&kAd&6a*&e*6$uII+7+I$?%soy!. ;$56yf^.|GApbF4yqPbDs/!pDXFg=2xQbVUQLkYahdgd)=?tlv3ossan!OQPu|pDDD{^.^!iaZPeXgxy/ . =
2v! :0kw8!. .!s". . .. ,tJ:..^|}eZq&LbUaei..^...!QQpDqbgP8QWt.^^.;...%mL4^ .^JmmYJ::!I*9o[icz$+;;!1eDSS0GkQ4mx$t"^yhY!jPPdDD]=+QQPPPd8+. ..~smbxVmnxDpg*1[c4Tmoo$uf{+~""CaVt. ,1yC?..;!sQpUO}eDVDJ!wDPQP*;^isPZUd44LeSdQYaOhgUASd*G5t"agDC"7UQSA],..."(nbpeex". =
3v! ^k5*k:.. .;[^. ."(:=j0SFggZeFUUzIx;..._vGPDge8DQFIQPe".. . .^z*$~. ..t**h$;"i06$y9$$Jzz$?~LbKDPmfzhepUQZh*sGYu_PQKKgbg6=thDPUPWF=!i$VeeVoI7tt~";:::^!?iwo91?)?lyz3t~"^"tu$$[?=!"~LxZDVGAxxtupPe5i".:^=Gxebk4LheAAqbPPPFPZPZQk$)n&xC.^?eDDP) ..,^"~(|{=;.=
3%! "5ws{. ..^^. . ..^!wUFhPFpGhFPYGDV^J+./&QPpUa/^gDQG"5DX+ . ,i$!... "dGZC5G0$!kTC6yIIV62zUQFFQ1tqQ8qUFDZPShpptcFQq$PPA:,.^eDQKPpJ"\|IqGDFPFAPh|.. ;nkO4L3{aI$r[c$G*8mm[=LeUDSqZADSpPbYa9Y$VQFJ+!^;^+VqhVV*0OsyGFUUb&5ksvjl==!^:hFQa .!FDK*.. . . ... ..=
3v! 6s6! :^. . .;+TAQpDqF9chbDowDx,!]"$DUbFG!:;DQby:tUZt . .;2t,.. . ^hAO3Yko~"2kzwo6o3aGuC&KK8YSu)yFpSOTbSQPhT0oG#KViFQg^ ..~seWQDbt,^tyCFAPQQpDq<^"(}%=C!!5ouii(JT4mmLat$uexPPDAPppPQ4m&8shqDs4ay6=^<+ZAee*0utjl{i?!><"""".^<";SDPI . ;qWWx^ ... .. . =
3%! .!T43, . .^ . ;=pSpQdZe+cZDZlJDq,.")FdDpDv.:!PQUt.^}x+. . ./J! .. :kVsa]!;)ayCIu*mCtry3UKP9kD6!ipQbn|vbAZDgdsxQK6!QDD(. :"=9dQUS!.++7#dd*ADQPWe7^.^;,t^^o8mc(.^!=++]2tCCIz4QPbgQQFdphV8ObQQFFDpAGr="iap4xVori!^;,....:,. ."^.hSF[. .y#KA. .. . =
2%! .=V]^. : .^lmUgpgG5=,^GbAS"JgW^:iYeASgV;.;jAZs"..^~( .;~_, .. . .z3Iy^:..ukT7+2Y&o^^i8KK8$qp4\"eFPh~^"~9GZg5PDXs!mqP. .;|zmmj^!;+DPPs|rLPDWDn^...".,20wz=....:::;JC/"~(lu6Tx8SeUAeDPPFdUPphk+"t7(FPQpxn[!;. . ...ZD#i >fSD[^.. ... =
Jr! .|;.. . . .^wb*p0nJ!...-yqD*=.!gq"1edPz!....|ZQ;. . ^^...;. . }4qz. .:Ym5!.^{0o3^jb43PDS^."LFQK+. ;:^_gKC7&taFF=. ..^!",?S9qb(.."C&PPA6\.:..:i;!x8=... . "$C; .vOZDxzPP1=4Qx~:... . ^;:(FDAL5UQdk?;.. . .nXP" . ;wh7^. . . =
fJ! ^=. ...^jqx&a(!;. .vgFSi^.^wd!kdgw\.. .thg!. . ..:;. .. )08z ^&*T^ .!T6o!5h!!23FPU!..+QdX9;. :..;e&!_~=+hX+. ...;,^^~u?2Xy;..^!tyDxI; . .!.^3dI". . .:=2:. ."qU#pi3QAC^^=mz^ . .^.,\DFg47LpDPO+".. .A*; . ..=qI". . =
JJ! ."_. . ,;=v{t~"... ^Vbh0". :tauqgn!. .. ,tQ&^... .. . . ."n*{ ..^G9J; :;wyuc6+,.!lDUAt^.!eFK8>. ...;h|...:"yX]^. .^ ..~+;?gQ=.. .."J*q=. .."..<JOt. . ."+. .;6dQUt!4p)t"...)!. ..;, .>gp#Z=t*DQFh1; . . .re%, ;0L!. . =
f2! .,: . ..,:,:..... . .~PFm!. .^vC)":.. .^3Q!... . . . .+&t >m9=.. ,7Gr:. ,!PQP%t.;ieKgf". ^),.. ."P0. ..;;. ^^.;zWu^. . ..:^";. .:...^29;. .. .". ;CxeC";1x|^;".. :^. .^"...^]aDW|,+&PQD).. .jz". . ..!i|, =
3r! .. . . . .. ..IZP|.. .:"!". . .^9e; .. .. . .^{~ .=Ti^. ~a2z^ . ."SPh+%".^iXAg{. ^;. ,nx<. . . ... .=#Z!. . .. . . ^!^ . . . .=F8=: .8t:. ;^.. .;^:. "^igDl .!nDAI^.. . =_. . . . ;!; .. =
cc! . .. .. .^kI-... ...". . .."+^.. . . . . . . ^^ ..(!:. .,{aw! . ^SKI,:"; .uPPG^. . . .. .!G>. . . .. . :$x).. . .. . .. :. . . . ..!~^. .". ."". ... . ^.^1b: ..^"C", . ". . .. .:.. =
fr! . .. .. . ../9<: . .. . . . "".. . . .. . .;;. .(^.. .!y6~. .;pK%...^../0qq^ . . . . ^7!. . . ."o(. . . . . .. .. . . ^",. . ...^!.. . . . ..!oo. .. ."+(;. ;. . . . . =
c[! . .^>"... . .^. ..: :!.. .:ow~ :hF=. . .~8p~. . .<>. ^!. . ... .^. ,!r, .:^^, .. =
r3! . ^^... . .. . . . ,; ....{9~. ..&V^ :|$7,. . ,;... . .;... . .). . ... . =
13! . . . ... ^=~.. .}!. . ,i^ .. . . . . . ; . .. . . =
J2 ....... ... . .. . . . ... . ... . ^/. |;. .. .. . "^ . . . ... . .; . .=
crt??()iii++++it++ttt+iiititi+itt+++|?()(|?|)(?(?()??(|)((?|)||)))(|?()?)()()?)?()|))|?)?|)|)|||||)(?|?=?====()?======)l====|})============+==================================================================================================||=)=========================================i
e3ZYYd
sIRC4.exe
C:\marijuana.txt
uk.undernet.org
Runtime error at 00000000
0123456789ABCDEF
kernel32.dll
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetCurrentThreadId
GetStartupInfoA
GetModuleFileNameA
GetLastError
GetCommandLineA
FreeLibrary
ExitProcess
CreateThread
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetSystemTime
GetFileType
CreateFileA
CloseHandle
user32.dll
GetKeyboardType
MessageBoxA
CharNextA
advapi32.dll
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
oleaut32.dll
SysFreeString
kernel32.dll
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
advapi32.dll
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
kernel32.dll
WritePrivateProfileStringA
WinExec
UpdateResourceA
SetFilePointer
ReadFile
GetSystemDirectoryA
GetLastError
GetFileAttributesA
FindNextFileA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExitProcess
EndUpdateResourceA
DeleteFileA
CreateThread
CreateMutexA
CreateFileA
CreateDirectoryA
CopyFileA
CloseHandle
BeginUpdateResourceA
user32.dll
SetTimer
GetMessageA
DispatchMessageA
CharUpperBuffA
wsock32.dll
WSACleanup
WSAStartup
gethostbyname
socket
select
listen
inet_ntoa
inet_addr
getsockname
connect
closesocket
accept
0,080<0@0D0H0L0P0T0b0j0r0z00000000000000000
1"1*121^1f1n1v1~11111110272
33E444
5X5555567
8/8:8E8M8W8a8k888888888888
9 9&93999S9Z9d9n9x9999999999
:2:J:R::::
;5;_<l<<<<<<<<<<
=#=|==
>'>,>2>>>>>
?!?G?S?[?????
0#0,03080>0Q0Z0x0~00000000
1*1J1b1111111
2$2,2222222
3!3+31393?3E3L3V33%4C4O4W44444
5+5D5]5n55557
8/9X9_9f96:K:~:::0;7;f;
=$=5=>=T?[?l?x???
U1]1f11222
313G3^3s33'5555555
6.6:6N6X6k6666
7A7H7j777'9O9V9n99999
:c:v:::::::::::
;4;?;\;f;;;;;;;;;;;
<#<E<Y<<<<<
1U5^5i5n5v555&6-6?6]6f6r6y666666
7"7)7-7G7P7Y7j7t7~77777777
8,8=8N8Z8_8d8k8r8|8888888888
9&9.969>9f9n9v9~99999999999999999
:#:/:<:N:;;;;;;;;
<"<*<2<:<B<J<R<Z<b<j<r<z<<<<<<<<<<<
=$=.=8=B=M=_=r======5>}>>>>>>>v??
0l0{000000
1$191X1q111111
212I23g4444A5s5{5555555
6'666E6T6c6r6677z8C9V9g9w9999
:Z:M;;;;;0<Q<
=)=7=W=g=== >s>>
1A111222
3M3U3`3|33
4555)686\66677]7776888 9>9i9999::
;C;;;;
<2<D<<<<
=-=p==3>?>L>^>d>p>>>>>>>>>>>>>>>>>>>
? ?-?5?<?U?Z?d?s??????
0q1111111182R2k23444
5I5V5v555
636Z6o6666666
7R7o777777
8-8M8e8o8v8}88888888
9+9J9y992;:;];;;;;;;;
<<\================
> >+>6>A>L>W>b>|>>>>>>>>>>>
?%?0?J?U?`?k?v????????????
400111
2,212@2N2222222
8 8$8(8,8084888<8@8D8H8L8P8T8X8\8`8h8s8}88888888888888
,000409999
WinSock
System
SysInit
KWindows
UTypes
3Messages
iconchanger
sDeclares
PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDL)9j+/r
ie[V!j
!U/r?j
l>'/g-SE
Xg3G9y
9*!@c(
PDm[uKk!K
v?gAzQ;$
'FpiSJ;w
&Ut`3}
8CH y5
]gIv;
p=3;,y
6Eog5r
\Z%O5M
=&$$XnD
r?-p,`v
{dhx9[kdk{
0en1&wGD
?:Jj8_hCX
W16g@\
]ZHQ,z
h|*[Pd
pK/d*fZXFN[
B}hHvR
AqE;Q(<
0{N>h,
/SFJ;}8
."Hu3H?,Cxze
Awcjgs+
J<kHO\
gy_,*V"5fMH
n3CvT%*
j5>H`eK
q$fS@[$Pv
w(U~}?
Ve6r_l
u>.]=b1Q"
KO6@3@t
0a8&KM
_,OzvuFz
pW,Uf8)
c4 ?x:
{9hC&tq
945v%3f
}N;u=m\D\c='mRCMX5D+O7U8h6
srgB[m
0v%*"1A{-pl
B)a)uBn~\:
PT(Z+k
^_<]?fcD
,}*>x
!uBuP@3
h>caYz@SkxW|
ZXw1/<B&ju
8FSz75B;gB])J.@P
{ CH*`
xN0x>Zq
=zcN;2s1+=
.Rkrf[`
p?O0=2;
SX<}1;9[tI>
*ZRyra
E:u/N1cp
ze)KFq
4phZYU$
{V$-.|J-sq
>sv&2.b
jL:P1&(G2mi
Fj_^6\`"*\&-*
[E]=&C
8bg;U4|o*"
a@Nj_;
S|!FR2E
"D=8O$B38^M
k|DoO65>5mM
S@}Co@}?
;)w/Z\_
O@{?i9
NXJSR=W
}Z59j<o
5Qhce0s1=k;s&n
b:Wwbn
'|q .,
pZl*\a
-@]jkifDt
Fp"*_?
5+@vIj{oi5
B}~Gh 9
2&yg;^^M
P`1eoL
5&CT;:{[=q4
9b,LL]s`
,CSFA\^
GCRz{r
/*/,\&k
( Sz\v
0y*lx[3%2P^%\
ugNZda
a6(hO(
p3sj|b
VR<O^0
uUCM2x@O2
3Eb4y@"
~@ lGU
X+Rds_J*
QlI@?z
ve>3Hb
!:'N=(Y{
q8/Jk'<
+i9&;p
/G@gp1
2jVk2d
^_SodzZ
L>'d>pX
Qn7zt;-[tl
9[]^t9z`
G/\N+
S|B(?0S
??wCw8[C~M?
12%`t87F
?X)sMP<[Z@
cF7JWcS
vZAO? mhC
JC8_fnZa
6w^1bB?O
&LM'pTjT6l
S)Saiu'Ee&Rc
!5l(# Iq
7{Nu3 8
d QHk+
#^C6g%
~2r\D{efJ
hM5SP}sZ
Mza()H^:eu2Q
W]Ckt48
.#GUvydFM
|5;_F
[f5 f
ONGUXl
W~I`z*
b+wgC4]NL
K@v9!(1+
GwB0TWl%9zdMCp]Q
NBsNc"
K\'L(P
dc!uCo']RG
6Q"igMjGZh7
\(n<><kG
5m|y73EM
LXXAJg
78~K*v
h"Kwt4$y
tI)fmn0V
yKMWJ#Tt
Je7?=:A#sj,bD[
TAQyA%h@Q`
%^nJ?UT;
m~r58"2XNg1'vY&hZA
AW>~Ao$*
Pfzr4`0
!0yO#;
kx=h,"
M~J_6f
me;wxP/
dqU"W8OCV&
?6N,oC
!>n@ge$H
yTbg}pU:
@j*v</JG63
k6a#~52
c,6u_uSe
*oV@=vU'J
1}&e_;Ty.
#(}eM'9
sQ_J2C
z;2ql6~
}Ot[q8
&S(&:yc(
I2Cs_|V7b
mTc{hp
%oHB~c
yWA#&mb!uV
F,PU[ED,
Dx>M&24/M7m-
[<]SN-
A{?2R_uD:O
AZztIag
DiqC3'bz2
0 PCk/6L&#>wRPf
sIB2?q"U
B&N$#BCj
lZeu"+
%&pUX-
|U(h))nO)1PGkd
+.tYg&p*w
3+w}V_s?V
!F _xt
x;v)wJ|
(>yai&8
]KfBxMyrIx
r4HWh/SCJ
15/Ur
53vw7L
LzF}Ex?
cH!M(JI*-W
YgTl* v?q
)'+g(2`h
tC;-U2
;vsO1O
%6I\Ud
4nd^aKu
D7DV]/
"9nk$IcCUC
qq\62V
1<Mc[&
IBk_`l
u0xl3'8e
~|ZP2;Ngs
/qQ v;L|
H*%]v5_me
*NBaWf
0AcSNE
xt:szXer
T{JivM
ozTNKUh`#zvXTh
\cffw0k
\`Yg)N
#1A)t0)Nv
Ow>UjOJZ
HtY<dO{;Y
,:sk+Q
zxMDis
8<`Un#FR'
"u`@NqJA_
ElF#P\fbs:"
eTAzQ[[*mj
)Qe'Vrm
%_X&"<{O
8X4!*|
@olXL'o:X/?c|n1
H<Us*|
4vgf-uV
>c1w2_/252
&fVOo`,M9k3X
`xQ1$\w^
Q1,&@.=
O%Np@+dk{9
b"w<F8
%l`E{&a
3/Dkn Tv9t
%l]#f#E
vy~"`IE
iI1$a!
db[<c;:N
.gkqh
YYHH7Tu2
PPy`(wBv
u-T%>F
~1dLkt\(
Yox%T>:X..
~~NZ3/1nJ]
xWK|eLp@
)fr Z|yX5
_;Y(+jK
}#glmJ
>K+Ts_4Yi@r?
vhLg0}r
O2K>>Zo
#u^i=l
`>1n:g
>Br:"5?
k2Grho%
8$A2X%F|@
Sj-Ng3ID]`
}/qonc
'l;g.eo;F<
OJXwG~L?
cMn>5~
;p-pI3 V
D$^/8A
z'ueE/
l6JlUV!J2
HP5~P3
}6@sm-
4Qh2)B#W
+5bJqe_T'm
Q0@&2
mXKv\yoTs::
[\ ?9LH3=r&XsLcu
wAH+~,))&
5gIhj$Tp
d<G52<
fEn*"'
e~XE>@a:u
Bm5'wD
DVCLAL
PACKAGEINFO
MAINICON(

Process Tree


0004b5b986eb66870d88e4d8507d3968db9fb7f39b3e982656be031825fc35d6.exe, PID: 1064, Parent PID: 2284

default registry file network process services synchronisation iexplore office pdf

DNS

Name Response Post-Analysis Lookup
dns.msftncsi.com A 131.107.255.255
dns.msftncsi.com

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 53179 224.0.0.252 5355
192.168.56.101 49642 224.0.0.252 5355
192.168.56.101 137 192.168.56.255 137
192.168.56.101 61714 114.114.114.114 53
192.168.56.101 61714 8.8.8.8 53
192.168.56.101 56933 8.8.8.8 53
192.168.56.101 138 192.168.56.255 138
192.168.56.101 58485 114.114.114.114 53
192.168.56.101 58485 8.8.8.8 53

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Name 57e929b1259ff62e_wmplayer.exe
Filepath C:\Windows\SysWOW64\DC++ Share\wmplayer.exe
Size 163.5KB
Processes 1064 (0004b5b986eb66870d88e4d8507d3968db9fb7f39b3e982656be031825fc35d6.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 b700cc92f886e68bb9fa9fc23020184c
SHA1 5f3ea0d76ba6dc26e4f9945bdafcbd582545e820
SHA256 57e929b1259ff62e864aa70440f06d5da068c612627cb2c36078c8ec0f3ab01d
CRC32 16352129
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name e565ecaecd686cdf_ieinstal.exe
Filepath C:\Windows\SysWOW64\DC++ Share\ieinstal.exe
Size 263.5KB
Processes 1064 (0004b5b986eb66870d88e4d8507d3968db9fb7f39b3e982656be031825fc35d6.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 73712fc400ef34b1821a2e8a98e5131e
SHA1 018dc43ed526f1173eb9bdab45ed211d9faffd95
SHA256 e565ecaecd686cdfe5cfcb0199113200673de4f0a30203a2a6c222f00531f515
CRC32 1B90F99B
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 472fe3df0cc9fa10_msinfo32.exe
Filepath C:\Windows\SysWOW64\DC++ Share\msinfo32.exe
Size 370.0KB
Processes 1064 (0004b5b986eb66870d88e4d8507d3968db9fb7f39b3e982656be031825fc35d6.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 0d541d93153537d93dd8013e81d9344e
SHA1 f780d6cf626c62bcfd3a0a5519064fc0094c4b46
SHA256 472fe3df0cc9fa1058cff13303194f0fafaedbbaa0c737697d2b2518f5b9a5c1
CRC32 5E36107A
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name a130b6890662f74e_inkwatson.exe
Filepath C:\Windows\SysWOW64\xdccPrograms\InkWatson.exe
Size 388.0KB
Processes 1064 (0004b5b986eb66870d88e4d8507d3968db9fb7f39b3e982656be031825fc35d6.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 373898dd0b585650b15f7c302e89bf59
SHA1 cba8cbf84fb823049472142d1d033d25020b65c4
SHA256 a130b6890662f74e86f0234f9604f42b86ffae81da294120dad83ae1969b984a
CRC32 B3750C64
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 96b28b086bb52b31_wmprph.exe
Filepath C:\Windows\SysWOW64\DC++ Share\wmprph.exe
Size 86.9KB
Processes 1064 (0004b5b986eb66870d88e4d8507d3968db9fb7f39b3e982656be031825fc35d6.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 4c173d4f9b51dcebb64d6eb257375eb9
SHA1 77145d8042d26afde8b6175aa29b3a46331f4ae6
SHA256 96b28b086bb52b3162b0860b133e4532ccade7ccbaabda5b2929d402148f58dd
CRC32 565A73F1
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 845751267bff156b_inject-x64.exe
Filepath C:\Windows\SysWOW64\xdccPrograms\inject-x64.exe
Size 98.4KB
Processes 1064 (0004b5b986eb66870d88e4d8507d3968db9fb7f39b3e982656be031825fc35d6.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 30e638b4a76a5dd7290ecc11fe3b5a47
SHA1 4510b25a2099be70e80a8dcbaca6198d364bb747
SHA256 845751267bff156bf09d3c018b5238fd78b4f7ae5d90ec371bc9fa3f234d01ae
CRC32 5E0906F8
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 891054391614627b_shapecollector.exe
Filepath C:\Windows\SysWOW64\DC++ Share\ShapeCollector.exe
Size 679.0KB
Processes 1064 (0004b5b986eb66870d88e4d8507d3968db9fb7f39b3e982656be031825fc35d6.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 296f1e34d1eaa8e7b8cdc152a230642b
SHA1 2972ad212c2777aed141472184fc9c7db8b0f06e
SHA256 891054391614627b114422df30a148ba03f5f1b3eea70b94c6db11084e364cab
CRC32 2BE4BC2C
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name f051d86296b69a48_wmpdmc.exe
Filepath C:\Windows\SysWOW64\DC++ Share\WMPDMC.exe
Size 1.2MB
Processes 1064 (0004b5b986eb66870d88e4d8507d3968db9fb7f39b3e982656be031825fc35d6.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 e47bada98bfa7522fc8c8820a57e73fc
SHA1 641ea64a17e6e1b75e069319de17a9e9da910c4c
SHA256 f051d86296b69a48e6bf8651b8c4ed43fffc5f3da2503cdf3d51bca29c6f3661
CRC32 12AC45AC
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 022e9ea34116ba5c_msascui.exe
Filepath C:\Windows\SysWOW64\DC++ Share\MSASCui.exe
Size 938.5KB
Processes 1064 (0004b5b986eb66870d88e4d8507d3968db9fb7f39b3e982656be031825fc35d6.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 bbf85b81e336279d690a9f5c5bb64fb0
SHA1 c20786d18b504380c0f7fdf51c46b4f849bf039c
SHA256 022e9ea34116ba5c1091517934c0df36494bd5c0f0b5dab155e9e9f008fef911
CRC32 D61A6E81
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 9e88b9f1808eb03a_iexplore.exe
Filepath C:\Windows\SysWOW64\DC++ Share\iexplore.exe
Size 678.8KB
Processes 1064 (0004b5b986eb66870d88e4d8507d3968db9fb7f39b3e982656be031825fc35d6.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 afdbcfc614c75469c82bd6d21afc98e2
SHA1 a219bee58042945b3aabf90d1c8abfe9fe8cb27d
SHA256 9e88b9f1808eb03aef9232f5c171ec1e196b1931afacdb789807af972bf4f6ce
CRC32 47E1CC97
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 8a337f8cb10c6d90_install.exe
Filepath C:\Windows\SysWOW64\xdccPrograms\install.exe
Size 549.5KB
Processes 1064 (0004b5b986eb66870d88e4d8507d3968db9fb7f39b3e982656be031825fc35d6.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 2f60883c0104cbe454a1636fa236f3ee
SHA1 6551964f5f68abd88666d30e40a6eb1bc61b012a
SHA256 8a337f8cb10c6d904bdafd579f94de2d27f7907e965e2add9d2876b5c4cc353e
CRC32 8ACA3E39
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 7a7d8f92b549f60d_execsc.exe
Filepath C:\Windows\SysWOW64\xdccPrograms\execsc.exe
Size 127.4KB
Processes 1064 (0004b5b986eb66870d88e4d8507d3968db9fb7f39b3e982656be031825fc35d6.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 8794d9fd65e3c90e262c63706929e249
SHA1 2fea86213e13651f84c4bfbbc043b422508e7b17
SHA256 7a7d8f92b549f60da4606e51c57f584f06a2e3ac66d395b5d40b5a44c8f86024
CRC32 9B8D3187
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 7df06bb15659d755_mip.exe
Filepath C:\Windows\SysWOW64\DC++ Share\mip.exe
Size 1.5MB
Processes 1064 (0004b5b986eb66870d88e4d8507d3968db9fb7f39b3e982656be031825fc35d6.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 9bda869a5a2bc96c1af6689122f7615b
SHA1 1f1796aace956221bf2e379feb6034019c4c0d6f
SHA256 7df06bb15659d755b1466ab6371fc02fc3a069d825306df27a7f212292c4b8c1
CRC32 A1ACB955
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 078d3638e8030786_wab.exe
Filepath C:\Windows\SysWOW64\DC++ Share\wab.exe
Size 504.0KB
Processes 1064 (0004b5b986eb66870d88e4d8507d3968db9fb7f39b3e982656be031825fc35d6.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 0f12115ee562f75f73bb4f022556a887
SHA1 b814af6455445ab4a49fd59eb81734d0b759ac33
SHA256 078d3638e8030786ee5f9d1f055c9cf40715c3dbd8f0219fd49822bf8ca327c4
CRC32 D228BE38
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 94909395ad232ba2_procmon.exe
Filepath C:\Windows\SysWOW64\xdccPrograms\Procmon.exe
Size 2.0MB
Processes 1064 (0004b5b986eb66870d88e4d8507d3968db9fb7f39b3e982656be031825fc35d6.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 3e3e2aed4ed3df405a2a6dc0d0f4b4c7
SHA1 ea7b1a3c3fd97607f7491cbbda61507983d0623f
SHA256 94909395ad232ba207cb63141da0d5de4f8d2052f1185d9e97528f3bb031f835
CRC32 A3AD0519
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 021e472d507e0026_wabmig.exe
Filepath C:\Windows\SysWOW64\DC++ Share\wabmig.exe
Size 83.7KB
Processes 1064 (0004b5b986eb66870d88e4d8507d3968db9fb7f39b3e982656be031825fc35d6.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 33f3a96575b20970e45ff6e9c4856677
SHA1 5474c09b6d0ae2969ebb9df5ae054d6c07033ee6
SHA256 021e472d507e002667819a4b72ce6e92b6c55ce047d30101786df09e9cfdccbc
CRC32 5C3F3EAC
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name f901f3f1a652bbe5_setup_wm.exe
Filepath C:\Windows\SysWOW64\DC++ Share\setup_wm.exe
Size 2.0MB
Processes 1064 (0004b5b986eb66870d88e4d8507d3968db9fb7f39b3e982656be031825fc35d6.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 81eca0b415d20e2e060e7fc7732e70e3
SHA1 be7d3fd31f874d61dd20308c2aebb72d9a3442e4
SHA256 f901f3f1a652bbe5ef1208153d064c8123985cc7ffae5569c5c42608408a7dcf
CRC32 078287E1
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name a5d244cb4db49d37_dvdmaker.exe
Filepath C:\Windows\SysWOW64\DC++ Share\DVDMaker.exe
Size 2.2MB
Processes 1064 (0004b5b986eb66870d88e4d8507d3968db9fb7f39b3e982656be031825fc35d6.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 ebd87e33ec78040f3ca2661bad15d3af
SHA1 620983261b7b623b69a3b5be438d00a06bc9c84a
SHA256 a5d244cb4db49d37a2c0257a3e657dc1096cbb0bd8031040d1c0ee0a3eb4ca06
CRC32 A26C7031
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 8d907f583e906c1e_tabtip.exe
Filepath C:\Windows\SysWOW64\DC++ Share\TabTip.exe
Size 219.0KB
Processes 1064 (0004b5b986eb66870d88e4d8507d3968db9fb7f39b3e982656be031825fc35d6.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 d1695808580c5c71157369faf596f0ba
SHA1 03cb1e2f1c514e0251caff5de384f970adbd0193
SHA256 8d907f583e906c1e482f98c847e35defcd4a1f194becc8bcf3a95e6cdd0b66e6
CRC32 BE3AE343
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name c9a8d2df50cd1b4a_convertinkstore.exe
Filepath C:\Windows\SysWOW64\xdccPrograms\ConvertInkStore.exe
Size 188.5KB
Processes 1064 (0004b5b986eb66870d88e4d8507d3968db9fb7f39b3e982656be031825fc35d6.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 64db0ee5a8c34546bfd0de46849ab7fc
SHA1 046a9283333f489bf99d3cda869297c45be5b813
SHA256 c9a8d2df50cd1b4a14b4d17bf15aa5c464a86511f41a1b64e59ba86d065d6368
CRC32 78289017
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 59475ce8d5e10186_wmpnscfg.exe
Filepath C:\Windows\SysWOW64\DC++ Share\wmpnscfg.exe
Size 114.6KB
Processes 1064 (0004b5b986eb66870d88e4d8507d3968db9fb7f39b3e982656be031825fc35d6.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 98f216a99169d133ec314f174c30a281
SHA1 df6bf4e85e09738137ea7f9cd4c1a78f5f6c82b9
SHA256 59475ce8d5e10186e948108bd07e1e616f33744d9a0ab022c7949a418c4a595e
CRC32 C57EED90
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 0873f17e1e52ad2c_wmpshare.exe
Filepath C:\Windows\SysWOW64\DC++ Share\wmpshare.exe
Size 100.5KB
Processes 1064 (0004b5b986eb66870d88e4d8507d3968db9fb7f39b3e982656be031825fc35d6.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 9923bfad5563ff4cf37bedcade4f637d
SHA1 72aa1dab71c35e026cf4356339aa6e5700f694e8
SHA256 0873f17e1e52ad2c6968e227d4325ce42029b65dc06184c75d2e642365df83c7
CRC32 442AA8A3
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name a1e88659a4ad4f4f_marijuana.txt
Filepath C:\marijuana.txt
Size 21.2KB
Processes 1064 (0004b5b986eb66870d88e4d8507d3968db9fb7f39b3e982656be031825fc35d6.exe)
Type ISO-8859 text, with CRLF line terminators
MD5 c0214c7723fe7bde6bc2834742bcc506
SHA1 f3d8e78975bf169fc1ed3ae95ad41d84ff6a36c3
SHA256 a1e88659a4ad4f4fd55f246ab076dee048881fcac3ea8a300e2fe8cdffd88b73
CRC32 0D0BD2E9
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name db37042546d08fe2_wmpnetwk.exe
Filepath C:\Windows\SysWOW64\DC++ Share\wmpnetwk.exe
Size 1.5MB
Processes 1064 (0004b5b986eb66870d88e4d8507d3968db9fb7f39b3e982656be031825fc35d6.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 ab75627c469168310aa4b24640abb71b
SHA1 ca4fc943e27f4758e7727ed16edda98276934d1a
SHA256 db37042546d08fe22bcc5987d3820ada854ec2d8b9bcd8b9a2ecf50a6153c6c0
CRC32 4AB7EDDA
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name a69d123070202ff5_ielowutil.exe
Filepath C:\Windows\SysWOW64\DC++ Share\ielowutil.exe
Size 113.0KB
Processes 1064 (0004b5b986eb66870d88e4d8507d3968db9fb7f39b3e982656be031825fc35d6.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 dd9862767f0d3121b47d781f408d40b1
SHA1 250e97086e45796cd02a28018eeea206b3940abb
SHA256 a69d123070202ff531898f2dcd7a55b54834ff4054f4848914dcd21ee413ad5f
CRC32 C5EE2893
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 38e2e3b377d11f8c_wmpenc.exe
Filepath C:\Windows\SysWOW64\DC++ Share\wmpenc.exe
Size 95.7KB
Processes 1064 (0004b5b986eb66870d88e4d8507d3968db9fb7f39b3e982656be031825fc35d6.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 a33846dc37ca8ccdab5c351f0c396067
SHA1 5e9d425ef17ba5ecbfb0b9f801dc872d16657768
SHA256 38e2e3b377d11f8c7c6cb7b7d87568c16a04e59cc44fa6ef71c7107b0df951ee
CRC32 4E264B4E
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name eefd9e996ae6d5dd_wmpsideshowgadget.exe
Filepath C:\Windows\SysWOW64\DC++ Share\WMPSideShowGadget.exe
Size 162.0KB
Processes 1064 (0004b5b986eb66870d88e4d8507d3968db9fb7f39b3e982656be031825fc35d6.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 9a33c42a14dedb91c0b4e53991bcbf58
SHA1 03c5c013f7e8295962e7f59725bdb8f05bb73d6a
SHA256 eefd9e996ae6d5ddcf58d978a0ea4315cd4750dc801b486a67acc4249dcb991f
CRC32 619C5352
ssdeep None
Yara None matched
VirusTotal Search for analysis
Sorry! No dropped buffers.