1.5
低危
66 个模型检测该样本为恶意!
重新分析
更多

04c9c2bd32bf81e9203132ddcb81606dd9daa7f6c9a619f2e5b0a62a0f9be97d

04c9c2bd32bf81e9203132ddcb81606dd9daa7f6c9a619f2e5b0a62a0f9be97d.exe

分析耗时

222s

最近分析

393天前

文件大小

94.3KB
静态报毒 动态报毒 CVE FAMILY METATYPE PLATFORM TYPE UNKNOWN WIN32 TROJAN BACKDOOR WABOT
鹰眼引擎
DACN 0.15
FACILE 1.00
IMCLNet 0.78
MFGraph 0.00
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba None 20190527 0.3.0.5
Avast Win32:Delf-VJY [Trj] 20200728 18.4.3895.0
Baidu Win32.Backdoor.Wabot.a 20190318 1.0.0.2
CrowdStrike win/malicious_confidence_100% (D) 20190702 1.0
Kingsoft None 20200728 2013.8.14.323
McAfee W32/Wabot 20200728 6.0.6.653
Tencent Trojan.Win32.Wabot.a 20200728 1.0.0.1
行为判定
动态指标
在文件系统上创建可执行文件 (27 个事件)
file C:\Windows\System32\DC++ Share\ShapeCollector.exe
file C:\Windows\System32\DC++ Share\wab.exe
file C:\Windows\System32\xdccPrograms\Procmon.exe
file C:\Windows\System32\DC++ Share\wmlaunch.exe
file C:\Windows\System32\DC++ Share\wmpenc.exe
file C:\Windows\System32\DC++ Share\wmpshare.exe
file C:\Windows\System32\DC++ Share\Journal.exe
file C:\Windows\System32\DC++ Share\mip.exe
file C:\Windows\System32\xdccPrograms\InkWatson.exe
file C:\Windows\System32\xdccPrograms\install.exe
file C:\Windows\System32\DC++ Share\WMPDMC.exe
file C:\Windows\System32\DC++ Share\setup_wm.exe
file C:\Windows\System32\DC++ Share\ielowutil.exe
file C:\Windows\System32\DC++ Share\wmpconfig.exe
file C:\Windows\System32\DC++ Share\setup_wm.exe.exe
file C:\Windows\System32\DC++ Share\InputPersonalization.exe
file C:\Windows\System32\DC++ Share\DVDMaker.exe
file C:\Windows\System32\DC++ Share\wmprph.exe
file C:\Windows\System32\DC++ Share\wordpad.exe
file C:\Windows\System32\DC++ Share\iexplore.exe
file C:\Windows\System32\DC++ Share\MpCmdRun.exe
file C:\Windows\System32\DC++ Share\wmpnetwk.exe
file C:\Windows\System32\DC++ Share\PDIALOG.exe
file C:\Windows\System32\DC++ Share\MSASCui.exe
file C:\Windows\System32\DC++ Share\wmplayer.exe
file C:\Windows\System32\xdccPrograms\inject-x86.exe
file C:\Windows\System32\DC++ Share\ieinstal.exe
网络通信
与未执行 DNS 查询的主机进行通信 (2 个事件)
host 114.114.114.114
host 8.8.8.8
在 Windows 启动时自我安装以实现自动运行 (1 个事件)
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\shell reg_value Explorer.exe sIRC4.exe
文件已被 VirusTotal 上 66 个反病毒引擎识别为恶意 (50 out of 66 个事件)
ALYac Trojan.Agent.DQQD
APEX Malicious
AVG Win32:Delf-VJY [Trj]
Acronis suspicious
Ad-Aware Trojan.Agent.DQQD
AhnLab-V3 Backdoor/Win32.Wabot.R231859
Antiy-AVL Trojan[Backdoor]/Win32.Wabot.a
Arcabit Trojan.Agent.DQQD
Avast Win32:Delf-VJY [Trj]
Avira TR/Dldr.Delphi.Gen
Baidu Win32.Backdoor.Wabot.a
BitDefender Trojan.Agent.DQQD
BitDefenderTheta AI:Packer.E2C7CD2621
Bkav W32.BackdoorWabot.Trojan
CAT-QuickHeal Trojan.Wabot.A8
ClamAV Win.Trojan.Wabot-6113548-0
Comodo Backdoor.Win32.Wabot.A@4knk5y
CrowdStrike win/malicious_confidence_100% (D)
Cybereason malicious.c5fbf4
Cylance Unsafe
Cynet Malicious (score: 100)
Cyren W32/Backdoor.PJEB-4161
DrWeb Trojan.MulDrop6.64369
ESET-NOD32 Win32/Delf.NRF
Emsisoft Trojan.Agent.DQQD (B)
Endgame malicious (high confidence)
F-Prot W32/Wabot.A
F-Secure Trojan.TR/Dldr.Delphi.Gen
FireEye Generic.mg.588df8fc5fbf429d
Fortinet W32/Wabot.A!tr
GData Win32.Backdoor.Wabot.A
Ikarus P2P-Worm.Win32.Delf
Invincea heuristic
Jiangmin Backdoor/Wabot.z
K7AntiVirus Trojan ( 0055c5c91 )
K7GW Trojan ( 0055c5c91 )
Kaspersky Backdoor.Win32.Wabot.a
MAX malware (ai score=80)
Malwarebytes Backdoor.Wabot
McAfee W32/Wabot
MicroWorld-eScan Trojan.Agent.DQQD
Microsoft Backdoor:Win32/Wabot.A
NANO-Antivirus Trojan.Win32.Wabot.dmukv
Panda Backdoor Program
Qihoo-360 HEUR/QVM05.1.DDA9.Malware.Gen
Rising Worm.Chilly!1.661C (RDMK:cmRtazozAIFhMgYuZx1mbuPLTnsB)
SUPERAntiSpyware Backdoor.Wabot/Variant
Sangfor Malware
SentinelOne DFI - Malicious PE
Sophos Troj/Luiha-M
可视化分析
二进制图像
数据导入图像 288x288
数据导入图像 224x224
数据导入图像 192x192
数据导入图像 160x160
数据导入图像 128x128
数据导入图像 96x96
数据导入图像 64x64
数据导入图像 32x32
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:40:53

PE Imphash

5662cfcdfd9da29cb429e7528d5af81e

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
CODE 0x00001000 0x0000c984 0x0000ca00 6.572458888267131
DATA 0x0000e000 0x00000a1c 0x00000c00 4.533685500040435
BSS 0x0000f000 0x00001111 0x00000000 0.0
.idata 0x00011000 0x0000083e 0x00000a00 4.169474579751151
.tls 0x00012000 0x00000008 0x00000000 0.0
.rdata 0x00013000 0x00000018 0x00000200 0.2108262677871819
.reloc 0x00014000 0x00000710 0x00000800 6.25716095476406
.rsrc 0x00015000 0x0000167c 0x00001800 3.2124871953120624

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x000164a8 0x00000128 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_ICON 0x000164a8 0x00000128 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_ICON 0x000164a8 0x00000128 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_RCDATA 0x000165e0 0x00000078 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_RCDATA 0x000165e0 0x00000078 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_GROUP_ICON 0x00016658 0x00000022 LANG_ENGLISH SUBLANG_ENGLISH_US None

Imports

Library kernel32.dll:
0x4110d8 VirtualFree
0x4110dc VirtualAlloc
0x4110e0 LocalFree
0x4110e4 LocalAlloc
0x4110e8 GetCurrentThreadId
0x4110ec GetStartupInfoA
0x4110f0 GetModuleFileNameA
0x4110f4 GetLastError
0x4110f8 GetCommandLineA
0x4110fc FreeLibrary
0x411100 ExitProcess
0x411104 CreateThread
0x411108 WriteFile
0x411110 SetFilePointer
0x411114 SetEndOfFile
0x411118 RtlUnwind
0x41111c ReadFile
0x411120 RaiseException
0x411124 GetStdHandle
0x411128 GetFileSize
0x41112c GetSystemTime
0x411130 GetFileType
0x411134 CreateFileA
0x411138 CloseHandle
Library user32.dll:
0x411140 GetKeyboardType
0x411144 MessageBoxA
0x411148 CharNextA
Library advapi32.dll:
0x411150 RegQueryValueExA
0x411154 RegOpenKeyExA
0x411158 RegCloseKey
Library oleaut32.dll:
0x411160 SysFreeString
Library kernel32.dll:
0x411168 TlsSetValue
0x41116c TlsGetValue
0x411170 LocalAlloc
0x411174 GetModuleHandleA
Library advapi32.dll:
0x41117c RegQueryValueExA
0x411180 RegOpenKeyExA
0x411184 RegCloseKey
Library kernel32.dll:
0x411190 WinExec
0x411194 UpdateResourceA
0x411198 Sleep
0x41119c SetFilePointer
0x4111a0 ReadFile
0x4111a4 GetSystemDirectoryA
0x4111a8 GetLastError
0x4111ac GetFileAttributesA
0x4111b0 FindNextFileA
0x4111b4 FindFirstFileA
0x4111b8 FindClose
0x4111c4 ExitProcess
0x4111c8 EndUpdateResourceA
0x4111cc DeleteFileA
0x4111d0 CreateThread
0x4111d4 CreateMutexA
0x4111d8 CreateFileA
0x4111dc CreateDirectoryA
0x4111e0 CopyFileA
0x4111e4 CloseHandle
Library user32.dll:
0x4111f0 SetTimer
0x4111f4 GetMessageA
0x4111f8 DispatchMessageA
0x4111fc CharUpperBuffA
Library wsock32.dll:
0x411204 WSACleanup
0x411208 WSAStartup
0x41120c gethostbyname
0x411210 socket
0x411214 send
0x411218 select
0x41121c recv
0x411220 ntohs
0x411224 listen
0x411228 inet_ntoa
0x41122c inet_addr
0x411230 htons
0x411234 htonl
0x411238 getsockname
0x41123c connect
0x411240 closesocket
0x411244 bind
0x411248 accept
L!This program must be run under Win32
.idata
.rdata
P.reloc
P.rsrc
StringX
TObject%8
;u3YZ]_^[
SVWUL$
]_^[SVWUL$
uZ]_^[
YZ]_^[
_^[U3Uh
d2d"h@
d2d"=5@
u3ZYYd
#_^[SVWU
SVW<$L$
uSVWU@
]_^[USVW
d1d!=5@
2E3ZYYd
E_^[YY]
UQSVW3@
3Uh6"@
d1d!=5@
E3ZYYd
E_^[Y]
YZ]_^[
d2d"=5@
}3ZYYd
E_^[Y]
$PRQ$"
_^SVWU
< v;"u
3C<"u1S@
>3Q<"u8S
< w]_^[
Ek<1fU
Ht Ht.g
6Huv=L
VI3E?E3s
3EE_^[Y]
f=r/f=w)f%f=u
f=v)f=w#j
RPCHPt$
-CGL$
SVWPtl11
-tb+t_$t_xtZXtU0u
FxtHXtCt
~ExC[)A
FuY12_^[
PRQYZXt5x
@~d@PQ@
YXYX
uM3UhU3@
EP3ZYYd
f%fUf?f
SOFTWARE\Borland\Delphi\RTL
FPUMaskValue
Iu9u_^[
PRQQTj
YZXtpH
S1VWUd
SPRQT$(j
Zd$,1Yd
t=HtN`
r6t0R=
t/=t&,*&"
3UhB:@
USVW$@
d2d";~
P'v_^[]
aSVWt@
^v]_^[
QRZX1Yd
PVSY_^[]
PQiZXSVW
ISVWRP1L
JZ_^[X$
thtkFW)w
9uXJt
8uAJt
t8JIt2S
PHXHI|
St-Xt&J|
t0JN|*9}&~")9~
tVSVWU
t@t1SVW
1Z)_^[
@+u<E@
USVWE(@
d0d ]ES
u_^[YY]
UQE3UhF@
d2d"E@
t3ZYYd
%3ZYYd
U3UhH@
U3UhH@
3U3UhAJ@
P~SD$
U3UhK@
U3UhK@
U3UhL@
TFileNameL@
TSearchRecX
U3UhdM@
EEb3Uh
tC&EPU
U3ZYYd
U3QQQQQEE3UhN@
d0d EM
EPU3EPtKh
EcPh0O@
system.ini
Explorer.exe
UEEEz3Uh.P@
d0d U,
EP3ZYYd
IuQSEE3UhpR@
tjtfhR@
t-u)hR@
u-t)hR@
" -a -r "
" a -idp -inul -c- -m5 "
software\microsoft\windows\currentversion\app paths\winzip32.exe
software\microsoft\windows\currentversion\app paths\WinRAR.exe
C:\rar.bat
C:\zip.bat
PHuES3
E.E&3UhT@
EPEPEP?
a3ZYYd
IuSVWEE3UhX@
d0d UEJ
U3YEU.Ef
EU\EUQE;}>%
EnSEcPd
to3Uh2X@
EP3ZYYd
IuQSVWEE
3Uhh\@
U3UhY@
d0d G3ZYYd
$UFuh\@
VUEL@t}0EUm3E
EZPE~h
=3_^[]
abcdefghijklmnopqrstuvwxyz-_.1234567890
IuQMSVWMUEEEE
+3Uha@
d0d 3Uha@
d0d EU|
u?8.t4uha@
u|U|ttx
yupUkp0hwhlj
uXUXPPT
uLUrL7D~DHq
-u@U@8+8<
u4U4,,0
u(Uy(6 $x
3Uh"d@
d0d 3Uhc@
d0d EE
8.teChTd@
N3ZYYd
_y_^[]
NOTICE
:to get this, type !xdcc_get
bytes)
uTC,PSC
EE>3Uhe@
d0d SU
E3ZYYd
EE3Uhf@
d0d SUf@
PRIVMSG
UdSVW3
dhEE3UhSh@
d0d 8lPh
d2d"EP
s3ZYYd
c3ZYYd
ZE.H_^[]
BFKu_^[
USEE"3Uhh@
d0d UE3ZYYd
U3QQQQQQQQS3Uh
| v;}
N|7 vU+A
M3Uhj@
U3ZYYd
EE3UhPk@
EPE!PS63ZYYd
E1K[Y]
3UhYl@
\DC++ Share
\xdccPrograms
EE33Uh?m@
d0d EUFUTm@
a~&EPUTm@
EZSUTm@
U3ZYYd
f\[YY]
EE3Uhm@
d0d EEPEePt,P3
EU3ZYYd
U3UhQn@
TWarBotUj
SV3Uho@
EPSE/Eo@
03ZYYd
IuQSVWd3Uhs@
`U\E\U\
EPSEPcfC
PfEEU:E
X/XUX8
3EU,t@
~&EPU,t@
EZU,t@
\uh8t@
L3LP P
PcPhlt@
EIHhlt@
DE0Dhxt@
\E>EPj
EPtPEP
SfPV j
EPzVt3ZYYd
PRIVMSG #hellothere :
&%->=
PRIVMSG
DCC SEND
IuMSVU
EN3Uhy@
d0d EUaE
EEPUy@
;~iEPUy@
EEU8EPU
EZWEPU
EZ1EPU
EEPUy@
EZEUUy@
:3ZYYd
PING :
type !list for my list
!list
 for my list
!xdcc_get
#helloThere
#helloThere,
JOIN #HelloThere
LIST >4,<10000
U3QQQQSE
3Uh,|@
YUuhp|@
?Uuh||@
G3ZYYd
PRIVMSG
ACTION
!list
 for my list
SVWE3Uh@
E3ZYYd
NICK [xdcc]
NICK [mp3]
NICK [rar]
NICK [zip]
NICK [share]
NfrSF3
Pzu _^[
31ff%3vcc%%112c23J33c22322332crc3cr233J2fJffJv%1[J33JccJccfcc2fc2JfJ223rrcrrJ2cc3f2r3r233Jcf2rf3ffJfrJrr3f2]fr[2rvJ23%1JJJc1fc22%J[rr]ff2rr2%ff32f2J23r323223J2rc333cc2fJJ3JJ2ccrfrJr2r3JJrcfc322f3cr3rcJ33f33rcrrrcf3cfrffJ2cff2r22fJJf3rr33rJ2f3cJJc33r3crrcf33cJJrffr2fJ2f22fc3ffrrJ32cJf
]2]3r]31111rfr2crcJ3[%%]]vJf3233Jr22fJrvvv[v[Jc3Jc3rcccrfJ3ccfffJ3c32Jfrc2ffr3cJ222JcfrJrJ322r2ff3Jr2JJcffcc3vJ]c2[2%Jv%2]rf2J213]3[v2]33[2[J32c2r33rrf2c2cff23rJJf22cf3crJc2fJJrcc33c2fccJ332rJJcrrffJr2ffrcJ3frJc23frcr22c2rcJc2cJcff2c3cfrJrf2rfr2c232cff3332fJ2r2c2cfJ23f3J3f333J22r2f33
J]"^^"^^^^^""""""""""""""""""""""""""""""""""""""""^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^"=~\=yw$="^^"^^^"jCzyw6=^"^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^=
ff^ ."k^"=!24G;. .. .!nzL4OJ"~~.. . .=
]J^ . .!sG!7{^!s8G=.. .^68Vs2!;.;*}.. =
f1" ............. ._Inzoz6$295. ..^lkcv".."";"L. .=
1c^ . ,!%6***O8Izy. .!j_". .;w=;]. . =
ff^ . . . . . . . . . . .. .. . ... . . .. . .. .^|uuzw94V9=. .. :"=^,..uS?^. . . . .. . . . . . . . . ... . . . . . . . . . =
Jf^ .. . . . . . . . . . . . . . . . . .. .. . .. .. . .}6T6$i!+~,.. ~O4u{!!je^. . . . . .. . . . . . . . . . . . . . . . . . . ... . . . ... . . =
22^ ... . . . . . . . . . . . . .......... . . .. ... ... ...... . .6Ic35I=. . . ...^v}ca$l^. . . . . . . .. . . .. ... ...... . .. .. .. ... . . . ....:... . ......,.... .. . =
fJ^ . ....:..... ...... ........... . . . .:,!!<-!==!"... . . ...:...:..:..,. . .^!\, ..,,..:.,.. . . ..:,^^.... .. . .....:.... ... ....,:..,., ..\((?>(==^:. . . . ......,,.:.. ,."!!.. . . . ...^"~?(|^ .... . .. =
cJ^ .."J4nTn5TaL<.;"clJws2:. ..."=i?2ai<,.. . . ..^~%yehY3CAh5Ti~|~. . . ^11J3399T16c;..^)JL5o.^]ff2t??]3+=. .^?t{$]t=~|]t. .isfanzCC%". . .rsyz4LVYT9C~. ..^j5*hPDPe0TmaT1~;. .54wjtffi%J!. ."+jjwc%i]=^. ..;!?2t+mFDK=;(zs?;... =
r2^ .=gYDFSQUgDj-GkK5oVhFJ!. "!9m*JaPa?. . .;!Jau$UFU*a*n$y1VOb~.. . =UG0LskShqpU"^n5gpq8.=ATIIn2*m*U... "J6n3)!!=pd. .;*PpdUk}v+t^ . ..bZAgFPDUonPb.. . .!GZQPPms%+tij6DQ9=. .%UszufL4s4mj..)5m58T9&f! .:tnS$_!+&PDDl"IpDg=";. =
fJ^ .tXeT0kVqDF]xDqhs04GmZ^.]wTTCrkFV2[^ . ..^7Tr}":.....8CcVwu%"". ..=ZkasJ[%rOm&"{nZqff}\.=Vu1]rOk]zTk ..."royC3wDQx8 .+%bQDFFFh}". . .x8VYhhgg4oTk .:-az0{"... :wkkOpPP*T;. . (tv0gPUpAGbc"+kyw69*&mUG0&G.. .. ,~I&Qi. ....=21UPmTP2 . =
3J^ .+#d04kO5VUL#AFFL8&YOFFc=sanCv*qZac_,. . .|c3V~, . iVuIrsY5y... .=OC23c3cfI54"k4V?(69t.)g9I$JVUi!t[ . .."CCTyL*Zhe4....6!obQFUDD8i. .. :xasaePQUkSPx. . ~Fprn^ ..SFPPDbGz&$". .iyuJeFk5O4Ta$5w|i1oC8*4eG*O:. . .jcTh- ..,J=3gDOddh.. =
32^ .tWx50GGs$Ca"^=*h4xhyXWAx^-JII*gW52C^. .^ny$~:... . "9sC%]uGnb5v... ~8kkny6u$$2+~It^.:^^^.?Ume4zsbn~<l. .^+zJkhqDSkG.. .Sc?c5qDPFX1:. . :hOzfOxL8dWKg. ..=khb7. .. .9PDPQJ4GY%,. .%ghTkxOru]7wxu^.;|JnT*T&8Oh{.. .Ja$"... . . )+%mF8Feh~,. =
cc^ .+#h%l[6okkL..!x0*Zq5Zqde. "VsJ*XXpJ$" . !n37.... . ;++cj1+iyACi^.. ~CCuw9LOY4Vo[i, . .?d532taFULy8 .. ."jJ$5gqpDmIs ...Dp5rrsDDFX. .wVXQ6VKWKK#d .)qPU ...}WA*njyZkXF! ..}bFPpkx611axI!.. /%aOmmr!ti6... ,vn\. .=3w&pO*LG^. =
ff^ :tbuy6o0ZQW(..>x&ZAeDnbAs. ^sTrg#SAI+. +7". .. . ^$iilvr+&m]i" ~a9kk*G88TCc|... . .=LCJ2nSd&uT ..!ltfdZZFk]|s....WFV3nvlwdF$. .4OPdVdQQFpxT.. ~be!. .. . .[e55T5eFVFb!. .tQpQqPGzrT&G, ..<nfnn8$+i%w^. !^... . . +ombY&q9,^. =
rr^ . ?gxPSZFqFZ) .<AZUdVDC9bz "&f$qXPb6zf. ..... . . :tT6}JIck5t%|. )p*&890VcCy~ . .(shI+2FFxyi . /r9pAFQp$j!Y... #FD4s!/}*Pf, . .*pO*hO8nTf+. . .... . .. .lxUhLQDdLQq7. .=$khAQS8T*4j ...:=a!i+35*8oT=. . .. . .|o]IyZFA[Ve" =
Jr^ .iDSFgpqZxh= .!QdQSTXk$&T "e%veDFPzz1 .. .... .. :~VqCtju8z2Y) ..)8k8522%$5mc; .(aO7+IsxQFV=. ."$dddDeY$vQ. .eFQD5%kPh3>. .YZeqQPZU06uz. . . . .. . .)65OgDFAqUPu. .tTw$*Ud8Oa). .~xc!|jkaTs6!. .... .. .. .|Off4PVT8Fb^ =
c1^ =ZggAA*auv!..=SgQPwUn2r. "#V$TQPQss% . . ,";^;.. .t*dk3++*T6V= |YnC)"tI4*0+... .i82]ww6aPpx6 ...<8AqFhsu9uF . *PS#q1+!~<. . ,4QDqdDpDxw5b.. . . "!"\^...=?78xPdkUPA.. .[Gk0c]TLm&2_. .?0o$u[TLCzw). . . . ;^"";...+dmsYGO&DF*^ =
21^ ..)ggAO0n11]~ !*SbP8LI]t.."Kh6IdPUna] . . .."${C}:...|y4$a[=sTV*| . =3ti~!1GepG+. .. .ib$fC3CSDQF ..!eFDUnuIC5W.. nUFXSfvttCi: .. :ygPQGSDSh*gb . ..ia4h]^..|i$mVd*CAUDu.. .lhYeZVTs5&!.. .=u96zI6$n=.. . ...?s*n|...iPbq*Y8pA*n;. =
c%^ ..=OLCa&YIn8= ."J4L86yG4k+ "DWQxDQSsIs . ..!}=oZicz{3{"rOdbA*DnyCC~ ?8kL8Oonzc2t. .=*o|"^~lZPgK . .!qDQarvuCJ2L . .ITPW#uooont... .%qPbLJSpmUPh. ...!YZYG&aDOsg2swY9ZTrD5Lu. .iDx&bFdDPPz~ . .!3Cft"!t$8J!. .. "sT*GFDXKWWS]QqQxq0hPXq^. =
3[^ ..?PFamG&LpF( .!Gxh*nyr3&J. "KFDUUFFonV. . ;|3o3o8c+~"\~~7Cnbgx8C333! |G0O4mGkVnu+.. .=Y**TYGTmeFW ...!DUO1yzys8xx . IfsxFuow6y+, .|FZPL2rTmQWS. -xakmdUe8!!nPe9e&o?iT]ao. .jQZY6TGbZgnl . ..\IVhm7=z9)... ./wfJc}]w==0hUbQm400*&Qd^ =
f1^ . ,?SZ*n5cQAQi .!ASdegZ4*4} ."epQQmAFy*0. .=smS5yLa<; :!y0VAGko]ftJ? ?pp4VGV40GG{ .!asO4gDq44dX.. !q&6&bQXFQpP . 3u4qo&5yC(, .. .~dbph1cYKXG.. }p*0Tm*qg.. "pSaey/^_r0Uw. ..+UQh7)[y&dZ{ . .?na*kG{Cz%C!.. ;o9v%jJur=,.^)ObOuY*aOSFU^ =
f]^ ..=4OpT%2FgPi "VdUdUDDbUw .^5ZFDY#WzV* .*WK#qnQp". ~pbZx9T61vi~ =*GOGOGmL4Lt. .1oa&ApFe4gK . \hxpSFPFSWQq ..sncsAkCIC+. :=FAPh[1ikWA6. ,2DKQaUpYx. .&Z8A$^.>6qPz. .[AFps9aa88k{. .<L8*G89wu$$=. ..)051vCY6!.. ,tYy3kUk&ppQ^. =
r3^ . . .tQnQbywY4Y~ .!o&&AAAdFPs "U$%8#&Y9xb. .uPPLurVXF+.. ."d*YIf5*[[G&=. !raazIas&4*7.. . . .?U2aWxsDF*P . ..!ePDQDQFDOu]. OIo2u+uT447. .!sPWdl+7n[Ia. .)GWWgO$LG {ggqo++1PFS.. .=dAUdy4Y&&g{ . ./CyIC]]r$&i. .!$GT+c*wmL). . =1[khQb*nDg^ =
c2^ . ,tXGt5VTfaO= .>h5L&hgUQn.."XGzoae8*Xg .!F5(~)IYWPv: "mw5h&2r**= =yJO5J]vf96(.. . ..(D8~thFC1nOP . .ppdhLsCui1$....69nVwfuzr. ..\$#Xx]$Tynw%..=mhKQPV06CJ .+hhxivcyFpU. ..)VqdZVx$fLZl ..,t6OwC7f6ws(. :IxxT[Ynnw~. ^=TdpqQUYxZ^ =
Jf^ :.. .,tKxi6%ausm= .!psGf]5kYe5,."XgDhJqSmF&. "Zi?!!vTKgj.. ^G5Vab08$wk*( )L$r1uII6zt.. .)dUT%LPWJv4Q . ..^J$cuttt[fkm. 22*kwaYT647.. ./3pPhwm9o5k$..i#hbbqw$IC(. .7Z&9|w?iPbg$ . >+5hSg6urIZv ;c8mw2[2JV[/.."&Z*zfwma9a= . ,iUdPFdDs(o" =
Jf^ ;^:,..|ZFiJ1LarV=../Ys52|0aJct:;"bFx8&48xFb :ppTnYV%LXUI. . "P095d&&$5k4t .|8Or1C9TyG8i. .. =g&[yqXeVkg. . .;=Ja[$u35*Y. ci$Cn*948Lt: . .~&phT55$5G6..=Aoosa[{]u~ (9*0wy=?nUQI.. ^6sVb4?1$TQ7 .!OYz$3%iTSf=..~S4GC+cT98x?. .^nAFDQFPG;!; =
f2^ .=!/;:|SD{w$L*fI-..!ezLJ!nY49=.;"FFSO4mbdY0..XXUTT4O0PPn, "bctx*m*Ta48t. =O84$oosoG4+. . . .!}~;^!hPbaqD . ..!aTf$%L&[kmk. . ${IITmT69i:. .:!IaZez3Iw6YT..(zosTa&Ta49 !vom84Vx*5V3. .=DVGeS(Iyq1. =o6f]uw5DUI)..(U8Vvlr&sQW|. ~PQF4DQUP^:. =
fJ^ ^tTnt?2mOszzqSc:^^!hmk6]i99Oo.;_Xb*50Lxd01;"TebbeV0smD]:...^u(rU0O9GLYm)...)8kV*z$cwG*%.,,.:.,:,.jKZJ~")gQFFa...,.(SQPDhV6rJ$Y....cICY&TC6C9j;,,,.^(3rzm]2Ircx8:~0Yq08m8G4hL:.:.tCCw6r(t4eZ+....[AQ&7inmwcU}.... ~m2fc9VUdg3~. =OYme8L9Tnf". ..(&0kT*Qbg), ....... =
fr" v5Zm9r*a5IqZ&^C"<eV0+CkZaTl.;<Lry04as9t13?wQDDSForn0n:^.^^uI8e0JtxGLm)...)L0Lk*T[f**],;^;^;;^^.7XDAholoDPK5..^^:>0PQPQWqrfcY:,^.rw$50O4O5n+^^^^^;t6u3sIo91c89;!zSe48*8GGAn^;^^!=$TVOTt7sa! ^^^vFq2=!sh0+01..:. ^^!12cY&40f!..=qqAew949&o!....{pV84TQDZn!...,..^^^.. . =
2r" >58qpLnIaJegh!s^!6u+=f&As0s^;!CJ4O5{Jwayu"?lQDPF*)7*a^;^;^3TO8n^5x*m|..,=0mLG84TCy4},^;;^.";^.+KDAqSGaDbPa.^^;^-wkbPSDU*ocL.^;.20zswVzys6i^^:;^;fa$fy$m8itvr^;{LG**8maaa;^;^^+ysm4q4YT".^^^%g$"ifIs0+a+::^. ..^iII45Om$!..?pxU8tTP*x0!...,|ksb&wdQAUv^.,:,;^^^; .. =
rc" rmGqA*If1mbU{n;_yur5f6bJ!!Im5$]aGV9".!"feQZZ}5n^^;^"s6bkt^.?Tk*t^,.(yaG*O*4nn&l;^;^^^_^;,=k*FdpAgZQPk^^^;^/%0nhpFKS0]5:;^;C4CuJI3$+^;^^;;zo9su8m(=%[^^iY5$$nu1f9"""^|5I6Ls*Skz[";^^^{6!.iY5y6iCt.;^..^!t6&L&VPkC_..)pUxT+kDOGk=...:taGZs1VDSQ^:^.;^^;;^^ . =
J3" :/yhxxGGf6*Sh0!!a+7J9L*8*G8m$65TTzuwu^^~n]$epqDxa6"^^^!YG*91?".^}O+^^^tuifnYLzmnIi^"^;^Ii^"^jg*~?+{%zmxg^"""^(rtjrwzo0*&^^^;^vzaLsmG*&sj"^^"~Js[C*J*a6CL&5/^==3uJv~OmxT"""^fxO8e6+ze+(3^^"^]e0naYeqT=T];^;;:?U84a$AFLJnj.^"dx4IkWP*45);^^^(ZFLzzIhPDq<;^^",.,^"":.. =
fc" . ?r8OVphC8pbk~!]1!?2]CC$wIL$wI6Cwc$Y*""+xDWFU4hgV]""""!ffomKXS=;!&7""^(ryT24Ooh6u1^""^=a?"""%n7=t{71a*Q^"^""to^=t2GOa5i^""^^}xAmGG4Vnft"!""lmCC4f9II50*f~"!t6$rii*m0w<";_CYoTmT+=o%!J^"""%VSgAP0xZuo7^;"";)en%C0Dbu{h%^"\o7tIqDpzsTt^""^lQ4Tk8cfVdU!^"";. . ;"",. =
3J" +Cl&mLhzomxs~+%""$01J]9Cj$uCk8onTuc""=ubFFPqbLG>""^=aJCxDFXejt9{"""{k4]n53mnT{"""!fJ!""+OkGeZFSaaYS""^;"iO^^i+3owV!"""""jh8k8kos9cc!!_ifiwCTuICz58a](!!+$11[&kG8f!!"!5*8*m&u"=1|%!";.=$0h8U&hG&ni;"""^tT2+aqF0}$q1^"^>i]fVZOn4U7"""^9&&fwaJ[CLO!^"^.....^^";. =
Jr" .j6(fOqVGoTe3"!fv_^lw%%kC+i1%CuG*Y09a=!!iSQZFbXSkz<"^!tG%jQPDDQhw9t"""jXdr1]1LTO%!-!=4J!/!!CSQPPQFOk44x!()"^+e"./)tI*&"!!"--|mY4YyC$163]+1Oat}JIwC$C8s52tv!!(%]uT8mGm2!_<+*8I5gky"=i=i!":.-!}y0wuoswk7"""";)fuJ0PDTcLD];"^"vS$0ATaZPl!">+mTC]zT5$Tkai_";,.^^!\.^". =
2f" .^"""!!7ffji~ti1rannxs1lcaaVnau=t]uC$n9oT5wwzI}8?$aw{nwY0s3DGtPboI&*eDhs5}!!-]0rr1]Csh4zO3_[g8(~|(=c8a6y6$z9[$S(Uh4~rh[=ijt}s{!!!!!!!}fjtI9o$*t3C*y="Tl|fut+j9c$x5?t=%&O88**J[?!8&m=7m9v}%j~_^"|zy^"+[jsv)iui>!\~~vxOs6Y*pDPPI!!!_~&nzO$*QKb612VmSSgpqYs*een~;"!1dGv++{i?~"^,. =
v3" .!$$Is40&hpbZgbp&k2c]In*&OCzOG8T0v+[5J3Cf6w$r3Ifz2bj|Is0hV4gU0S4=AWg+1ne9TZ]=!>tj7tj5sok3Aj=*gx!)=|}24T&O5Ow+t*Dtqn%]aPqZsGd0C?!<!!=!=~1Cf$f}0k+fYJ?!+wfs&6i=+31LpT?=tJw8LGkatv9iJ}+1=?utn5="_+cY9!+f56sUo!ir?-=!|tnZksY*a4qD*1=!!!!t300aGmL4VhgGkPbQpdoGxkYxl+c0bm}3azyi^;. =
22" ,>6L48eA0meG*GmLm4*i[Iyw$+&m***r1Jizw3[I198Yw1[+{jfFjj[YSQVkUx31i=Z#XJ&Gxs5Fp2t!iTsu%T0YO%spJuS8a~=iJOGV4Y84yf!]ZF)Tmt5APPq0mbS}~!!!()=||+lo828Dn|lt!=(&dSA2%v]f4eT!tvvJYVm2?"[$t$]n5C6$tvCm5t!y5)+f4h*s*G{7[?!=(=+fYuTmknozTrt~_)i+iCgVaGx*YOn$]4AUPDVo4QIUAJsxDQ9}JICaI{>.. . =
J%".^|Aqx*8epO0hV8meGG6stCCC*u%]8yGs$!)=i86c2]t1Oz*v!!"!yFClil8AgU05a!)~9KD$==))kX&~!<!=|=t~~)=~=TS%8gL]{IsV84V*kkf{="?tt?+hCi1w0m4eLY?!!=/~i?===|+5wgDsit==;!lUdU4it+2tIkST(1cccuVI^^!Iwv+%Ogg*0z*G0iuu[t$Z0&s1zhc=|=-==|)?+{+iiti=!=tii1v%t3dmzUqgp837}25s9u(ihU%69{SDUg[3no3i!^. . . =
[f" .;\(lCL*xU4&syCo0YaTV7$Clru6+)ttitnk9$o4&Jfu9o]i~=zWei|l2aC]7tt((?ipDe{~=%KXw~=~~((==?==~=}V&20OwaVLem4V5f%lt|~=}j+ti2%"-{f&Irv+=~~~(|?lt+iti1xSQril+vuLUqxuu+1ll]8pbn}JI3ftt~+]vuwj3{~)t$n0Ts5kC$oIzTI3{=!sFx2=(!"ii|=9[=)t{{7?(t]%r3{jYp5{55o3i|)|}3[[7+]PF{czkqghJ~(=_^;...... ..=
J2" . .!([mm*8oIYT8&ssSbT}}vtuwoCc4cqULv3s6w+(nWQ!tFZAL}+t+++=$WFh+|*FWu=!|=?tti)=i?=nmmyw88m8m&8i|?+}7j)tv7v+)}l}it7]i!tlt~+ts1tiA[+ii5PDg7j+IddAqkizQtff1CSqh5InJ2j]l8F43o8=: "2%[I$%1ooy8zf+(nQDd++=^+it]g%ii=|{+tJ+iju[lyggyj]j}t=\!!=1r{ot2FXvaDPASt^.,;^!()+++("^..=
2v- .==Ch*V8eiv8a8*8wASgkj+ta6oJvLv4DFswIo+9KFr^!zgAFdt=|?|t8QDt!hDZ%)(=i7tt+(!(i=[9*&*Gm4O8nl!i7%}7t+t111t>7v7j+Tli/)]v=!j6&f]iDsi[j8QQPt+7*SPqA!wFftJcyZdPsJC]j+caSPL%$ao!.,?2[vuGti[+$w*88ksIzSPpl1t!+7sDv++t=+ttntt]%t7Gxbf+uTn5T5ojj[]L(%Ue3dFPGt^,!t{aGxpxge8w+"^)
J[/ tc4qkG*5uG4GVUp[0*xPY!3Tmw++nreZPZwu$${IWQw"tjmFdKD&v>^!!IDpI=PXQ{(=i][}+i}yn*TI9Tw9u]TyoIl+}+i{t"+tIu7^t$I%i0$!^tc%!tLAn%%}De}{2xgFU~1*ADeQg}+6pz=$5sUUD6I2c7%3sAK*+z&IJ^:^1r9w*m+=t]lIf9mw*6&uZgD[ji/"(T4F1ttl}[1+*1|=j16eAh%{9TaTG4s9yari*lIPhGbFSw!"=0AZZZdgpSUzt". =
J3- . ^CY8*8T2|*8GahhxC={CVn2n4mt!!s9r6mKKenoIc{eF4+c6G0OFXPqVt=/"hgxnQQ&6$%7}]3(+2mxgUG9u$f20kY*&V0o6t=yt9$67^![cltmO!=Co9xPx[%uzQPh2jDFbm1GSASni=tfceerjw5DgD5oyfruu$6r|!Iz&6j=|$TV8af(tcJ$lt$osCcuT3gqZG+7+"}hPe1rfljII1S5%j%2xQQmjtoknYY8&4ekOeTVgUQQSZLa0hpZgUbd8yt!". . =
Jf/ ..=TG0r!;(Gm45b8mh.,;/+w0To;!^$w52{DKDFQ3u73Ae2JQF!IQZPDQD=IAqDDPp#4u1t[n7!uxFU8mivCfnJO*0Gm86C4O3nrl?(]$uilqg{IVFUULuo2iyIQQ05PDA0FgFDj...6n[VD0{vOAFZ]7uJk2$5^.^f5*$(80*Go9t~"y*$L*{756I}t==YpPQo=+t4A#012171+jDU0cz4bPUv2j2mT94FFQ0&V&TkLZQk4ZFSDPDPPPhs|";. . =
JJ> . .:&oLV*&":;]dG*CqmVh,..,!nGz3.!"a9ou)Y#PFFkcv%FZzyKWt.!L#DgFFgG%&pDPQWPTav=7IufeSq8kG2f2oGL29nV*&Jw$IGaJ5vlT$CIjCUb3f5DQUm1[57/%3xP4VDQh4qPPA^ ..O%bDsikeAF=/+yAJJyy",;3$$][V56y6!!~+yw2xO9fykfi%?zPPps}i+hDAarfucIt+APkCzOgPh]59362apgDDwoa6xUYSUYpPFSFZFG5%=^ . .. ..=
23\ .^ckG*gC.."w0Om7bGk8^..,taw5!."^u9as~+xPpPFntcPZO0PD\..!LdDFQDAsrGDqF#4uy+^=TAbg&8fo6viuaV4w[1uCLnJafu*5vCCzznIvurQpwzebdF3vss1i7tYQgYPPeAQQxl. .^TIttVxLisFAe!:i&PLu90i^^}J[fCocI^;~aLzzrdbGsvI9%{{JQQpktt{FUP6JIrJ%ortAPAz$bQp8]Y8}oVhSFpa}$C$0AZqLLkqZFeGni!;.. . . . . =
r2\ .;t$sV*0f(..^tGm&e~8V8G".,>2J1|!>|?%TTz(^>{shFxLC8PxghO?~!\=1[SbAxhTLeg*ouf)!|9*e0ortjsa{]Two4Yf2ura]{al5n$TasIcjc45QYOxPQe+!20n5$GwoeZxegZh$+~!=ilJOn6YZxn&hdG~l8gZ*iin9[=]3JC>rwIt:"%GLT5zebgV5cc{~8Zde[%0QQZ]6TzIo7nGZ85DDF8wTuxFQAGy?^>|I0Aekk8x84&nIJC2(".. . .. =
Jr\ ._Ca4&4%. .=mhmG4^3G8m=,.(aemmSKXFdPDbA&j]&hpDF[nTww8ksAFqAFPAFFbGA4q4FUc)!tt|t{6)!&xC?c4YTsV1iC$saC$$ouz*Lmw!;;(D{aqOUDQx57IZDFFVwKeaSAxYOG15GZFPPpQQgbbWPdhOsiQgZx=,;tmozuwwo~azkz"iCTG4wuL[r*xAAeIc~tQpqorpQZZTJJ9J3l}CCYAFkFDqmY$IxDQD*sgz_[xXWbpkYeDADAPQhf2f7". .. . =
2c_ .^+8TnTz . ^[dm0GJ;7OGm|..={CLAhKFdAZFPQQbQqxS*pFl3kdPUQUQdFQDDAUUWkkmZDFd[;.:,;+8y]LG+!ukZma**3[J[IOsuCI50*9[".^~b[apbQPZO44bFpQdPTPUmpgzCoUxPQFbSAggPUZQWPesskCoUDdv...!w*ns96u?wTY[=rGTy]|s9uTdSQFxyvt!kbFVJbPQaPC7%7fsLYbFD*DQb9waYPQPd8pb*+hPAqDPa&Ad&pQbDbAd8c(;: .. =
rJ< .!n8ayt;. "JL0*mf,t&Gm!::+^|rGXQSDQPQAAZQFFUY5IYqWWDpApFbbbUUPPFI+v&O0DF3.. ."sD1+*kk!!u&Z8$zm4oI+Jys$uzaoCIv!(=tba4bZdApqpqbUDSQDPwpUD0k*DUDPDDhFFADdPFqpn6*U8cVbpDi;"!+wL8sz89i6z$u240LY==LaJ4qAdDh3v"2ADgngQF1WO+%ueQdV2WPDeDge{9xdQqgO0XZYzI*SPZD55D&GmPFFpUQPb5_^.. . . =
c3- ."~~-;. .)0m4YT~.>$&G),;"...;<1$G*dQQQpgASGYVeeAbKFgpFPqgeSx4T3tVTYheTkx3....temi*hef;^7kmhn)Y8Gaf3Iww$JJ6uc$CfcCe*xZd*eUDDPDdPx8z+%nLhhe4hPphSA*O4aOmO5u6hhZg06hPAh$nVLxo4k4wwwcwr9y6ms4!;"9o5J7USASpOr+tDDDOFpG=FJrOSXxnJfdPDZdQ6ugFqZ0+"iKQhl+8DqxFh3PFexGheSdZSPg85)^.... =
cJ> . . &GYm5!...-uk=:... . ...:(2C=""~!(=i]lvzYyzj)_~t)>"%dZZZFDhDd{[=: ^j!,(UZ0+..<688d~!+ra8Gowu]=|ITnYz$]2dgO8wGwv}!^"!%rC?,iFqbcIhXPFFx\,,.."inFDxd*35UxanaVmwsmyo9$v=iifa9jw6T{..^owoT%tlkpQZd5uxDFqQ8!"yDDQF40PXx0dDZq51mDPZi;.,^ion5pFpJ5DA%sUFb3/;"9SSDUdZWK+>. . =
J3- . . .VVom]^. .^7a<: . . <[3^ .;^-ir80&Vk5T!.."";,.sDSDpUFPhQb(!+! ^"..+UG4~ ^C8*8+"t58*8o6fu3cJv=!?ticTghSV0GJti;;^yak="xPDF4?}gFFFPTi"^. ,"$DYpG5k&kAd&6a*&e*6$uII+7+I$?%soy!. ;$56yf^.|GApbF4yqPbDs/!pDXFg=2xQbVUQLkYahdgd)=?tlv3ossan!OQPu|pDDD{^.^!iaZPeXgxy/ . =
2v! :0kw8!. .!s". . .. ,tJ:..^|}eZq&LbUaei..^...!QQpDqbgP8QWt.^^.;...%mL4^ .^JmmYJ::!I*9o[icz$+;;!1eDSS0GkQ4mx$t"^yhY!jPPdDD]=+QQPPPd8+. ..~smbxVmnxDpg*1[c4Tmoo$uf{+~""CaVt. ,1yC?..;!sQpUO}eDVDJ!wDPQP*;^isPZUd44LeSdQYaOhgUASd*G5t"agDC"7UQSA],..."(nbpeex". =
3v! ^k5*k:.. .;[^. ."(:=j0SFggZeFUUzIx;..._vGPDge8DQFIQPe".. . .^z*$~. ..t**h$;"i06$y9$$Jzz$?~LbKDPmfzhepUQZh*sGYu_PQKKgbg6=thDPUPWF=!i$VeeVoI7tt~";:::^!?iwo91?)?lyz3t~"^"tu$$[?=!"~LxZDVGAxxtupPe5i".:^=Gxebk4LheAAqbPPPFPZPZQk$)n&xC.^?eDDP) ..,^"~(|{=;.=
3%! "5ws{. ..^^. . ..^!wUFhPFpGhFPYGDV^J+./&QPpUa/^gDQG"5DX+ . ,i$!... "dGZC5G0$!kTC6yIIV62zUQFFQ1tqQ8qUFDZPShpptcFQq$PPA:,.^eDQKPpJ"\|IqGDFPFAPh|.. ;nkO4L3{aI$r[c$G*8mm[=LeUDSqZADSpPbYa9Y$VQFJ+!^;^+VqhVV*0OsyGFUUb&5ksvjl==!^:hFQa .!FDK*.. . . ... ..=
3v! 6s6! :^. . .;+TAQpDqF9chbDowDx,!]"$DUbFG!:;DQby:tUZt . .;2t,.. . ^hAO3Yko~"2kzwo6o3aGuC&KK8YSu)yFpSOTbSQPhT0oG#KViFQg^ ..~seWQDbt,^tyCFAPQQpDq<^"(}%=C!!5ouii(JT4mmLat$uexPPDAPppPQ4m&8shqDs4ay6=^<+ZAee*0utjl{i?!><"""".^<";SDPI . ;qWWx^ ... .. . =
3%! .!T43, . .^ . ;=pSpQdZe+cZDZlJDq,.")FdDpDv.:!PQUt.^}x+. . ./J! .. :kVsa]!;)ayCIu*mCtry3UKP9kD6!ipQbn|vbAZDgdsxQK6!QDD(. :"=9dQUS!.++7#dd*ADQPWe7^.^;,t^^o8mc(.^!=++]2tCCIz4QPbgQQFdphV8ObQQFFDpAGr="iap4xVori!^;,....:,. ."^.hSF[. .y#KA. .. . =
2%! .=V]^. : .^lmUgpgG5=,^GbAS"JgW^:iYeASgV;.;jAZs"..^~( .;~_, .. . .z3Iy^:..ukT7+2Y&o^^i8KK8$qp4\"eFPh~^"~9GZg5PDXs!mqP. .;|zmmj^!;+DPPs|rLPDWDn^...".,20wz=....:::;JC/"~(lu6Tx8SeUAeDPPFdUPphk+"t7(FPQpxn[!;. . ...ZD#i >fSD[^.. ... =
Jr! .|;.. . . .^wb*p0nJ!...-yqD*=.!gq"1edPz!....|ZQ;. . ^^...;. . }4qz. .:Ym5!.^{0o3^jb43PDS^."LFQK+. ;:^_gKC7&taFF=. ..^!",?S9qb(.."C&PPA6\.:..:i;!x8=... . "$C; .vOZDxzPP1=4Qx~:... . ^;:(FDAL5UQdk?;.. . .nXP" . ;wh7^. . . =
fJ! ^=. ...^jqx&a(!;. .vgFSi^.^wd!kdgw\.. .thg!. . ..:;. .. )08z ^&*T^ .!T6o!5h!!23FPU!..+QdX9;. :..;e&!_~=+hX+. ...;,^^~u?2Xy;..^!tyDxI; . .!.^3dI". . .:=2:. ."qU#pi3QAC^^=mz^ . .^.,\DFg47LpDPO+".. .A*; . ..=qI". . =
JJ! ."_. . ,;=v{t~"... ^Vbh0". :tauqgn!. .. ,tQ&^... .. . . ."n*{ ..^G9J; :;wyuc6+,.!lDUAt^.!eFK8>. ...;h|...:"yX]^. .^ ..~+;?gQ=.. .."J*q=. .."..<JOt. . ."+. .;6dQUt!4p)t"...)!. ..;, .>gp#Z=t*DQFh1; . . .re%, ;0L!. . =
f2! .,: . ..,:,:..... . .~PFm!. .^vC)":.. .^3Q!... . . . .+&t >m9=.. ,7Gr:. ,!PQP%t.;ieKgf". ^),.. ."P0. ..;;. ^^.;zWu^. . ..:^";. .:...^29;. .. .". ;CxeC";1x|^;".. :^. .^"...^]aDW|,+&PQD).. .jz". . ..!i|, =
3r! .. . . . .. ..IZP|.. .:"!". . .^9e; .. .. . .^{~ .=Ti^. ~a2z^ . ."SPh+%".^iXAg{. ^;. ,nx<. . . ... .=#Z!. . .. . . ^!^ . . . .=F8=: .8t:. ;^.. .;^:. "^igDl .!nDAI^.. . =_. . . . ;!; .. =
cc! . .. .. .^kI-... ...". . .."+^.. . . . . . . ^^ ..(!:. .,{aw! . ^SKI,:"; .uPPG^. . . .. .!G>. . . .. . :$x).. . .. . .. :. . . . ..!~^. .". ."". ... . ^.^1b: ..^"C", . ". . .. .:.. =
fr! . .. .. . ../9<: . .. . . . "".. . . .. . .;;. .(^.. .!y6~. .;pK%...^../0qq^ . . . . ^7!. . . ."o(. . . . . .. .. . . ^",. . ...^!.. . . . ..!oo. .. ."+(;. ;. . . . . =
c[! . .^>"... . .^. ..: :!.. .:ow~ :hF=. . .~8p~. . .<>. ^!. . ... .^. ,!r, .:^^, .. =
r3! . ^^... . .. . . . ,; ....{9~. ..&V^ :|$7,. . ,;... . .;... . .). . ... . =
13! . . . ... ^=~.. .}!. . ,i^ .. . . . . . ; . .. . . =
J2 ....... ... . .. . . . ... . ... . ^/. |;. .. .. . "^ . . . ... . .; . .=
crt??()iii++++it++ttt+iiititi+itt+++|?()(|?|)(?(?()??(|)((?|)||)))(|?()?)()()?)?()|))|?)?|)|)|||||)(?|?=?====()?======)l====|})============+==================================================================================================||=)=========================================i
e3ZYYd
sIRC4.exe
C:\marijuana.txt
uk.undernet.org
Runtime error at 00000000
0123456789ABCDEF
kernel32.dll
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetCurrentThreadId
GetStartupInfoA
GetModuleFileNameA
GetLastError
GetCommandLineA
FreeLibrary
ExitProcess
CreateThread
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetSystemTime
GetFileType
CreateFileA
CloseHandle
user32.dll
GetKeyboardType
MessageBoxA
CharNextA
advapi32.dll
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
oleaut32.dll
SysFreeString
kernel32.dll
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
advapi32.dll
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
kernel32.dll
WritePrivateProfileStringA
WinExec
UpdateResourceA
SetFilePointer
ReadFile
GetSystemDirectoryA
GetLastError
GetFileAttributesA
FindNextFileA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExitProcess
EndUpdateResourceA
DeleteFileA
CreateThread
CreateMutexA
CreateFileA
CreateDirectoryA
CopyFileA
CloseHandle
BeginUpdateResourceA
user32.dll
SetTimer
GetMessageA
DispatchMessageA
CharUpperBuffA
wsock32.dll
WSACleanup
WSAStartup
gethostbyname
socket
select
listen
inet_ntoa
inet_addr
getsockname
connect
closesocket
accept
0,080<0@0D0H0L0P0T0b0j0r0z00000000000000000
1"1*121^1f1n1v1~11111110272
33E444
5X5555567
8/8:8E8M8W8a8k888888888888
9 9&93999S9Z9d9n9x9999999999
:2:J:R::::
;5;_<l<<<<<<<<<<
=#=|==
>'>,>2>>>>>
?!?G?S?[?????
0#0,03080>0Q0Z0x0~00000000
1*1J1b1111111
2$2,2222222
3!3+31393?3E3L3V33%4C4O4W44444
5+5D5]5n55557
8/9X9_9f96:K:~:::0;7;f;
=$=5=>=T?[?l?x???
U1]1f11222
313G3^3s33'5555555
6.6:6N6X6k6666
7A7H7j777'9O9V9n99999
:c:v:::::::::::
;4;?;\;f;;;;;;;;;;;
<#<E<Y<<<<<
1U5^5i5n5v555&6-6?6]6f6r6y666666
7"7)7-7G7P7Y7j7t7~77777777
8,8=8N8Z8_8d8k8r8|8888888888
9&9.969>9f9n9v9~99999999999999999
:#:/:<:N:;;;;;;;;
<"<*<2<:<B<J<R<Z<b<j<r<z<<<<<<<<<<<
=$=.=8=B=M=_=r======5>}>>>>>>>v??
0l0{000000
1$191X1q111111
212I23g4444A5s5{5555555
6'666E6T6c6r6677z8C9V9g9w9999
:Z:M;;;;;0<Q<
=)=7=W=g=== >s>>
1A111222
3M3U3`3|33
4555)686\66677]7776888 9>9i9999::
;C;;;;
<2<D<<<<
=-=p==3>?>L>^>d>p>>>>>>>>>>>>>>>>>>>
? ?-?5?<?U?Z?d?s??????
0q1111111182R2k23444
5I5V5v555
636Z6o6666666
7R7o777777
8-8M8e8o8v8}88888888
9+9J9y992;:;];;;;;;;;
<<\================
> >+>6>A>L>W>b>|>>>>>>>>>>>
?%?0?J?U?`?k?v????????????
400111
2,212@2N2222222
8 8$8(8,8084888<8@8D8H8L8P8T8X8\8`8h8s8}88888888888888
,000409999
WinSock
System
SysInit
KWindows
UTypes
3Messages
iconchanger
sDeclares
PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD
HSy2mU
z'I"RgXR}!8bQ82+
!qWzq&fy4VSb
ap*Dwz
LGU[E:y
D-2;8j
j4Q_OcM
YFkaqkC
u`7{.s
TBeS|>BD
&L8wuaY3
Bv*@P`
/])>.r
VN]PF;}
,~ ctz1
s=|Z+T
"&4,B3kL
EI%j"Hj`
J7FRWks`vN
J6ChMG;8C
J-2+"!
be6~(_k
\$ hTR?zd
53JnIq
~dy3\?
wp fa
$&&|Dz
,R?W<y
e&j5lP%f
k+08$f
Y-F`>#
i L%@{Z
?e\,Dx]
{{Sxk-
ea"<x)LR5&IM{/s
g\2S :
]Okl+A )fT
$<xUBcJ:
wI'zuDE
TgjjG\G
"F#D<Jh#`
to:}6@
"mhpw?0C
|#YU{}Y"Ib%6SC)7E/DJ5hP
+g)Z85.+}
P^jvx:
y-nY$:J&
[`/jCX
,\:x`7
l;U1R&
Ct%;P0
G(4tf7
]=jY.V'.%
:0|SkEr@}0t~"
$#GuxHs]@X
"w)NN*
,U?G_GR
u^w-"F
:K+mI\
U0>di88#X+,pm>r
>;Yv%fa.;
7'v -5l<BR
s&fF"6Ml'
1}5d(me
'1s\46E
R#2!617 (lg
_t& ex
Y:C9P0{ftJ80}(t
r}Kc"Mj0
q{|R?z*
DtV1~V_
>nT]X#
e)!iGe`iZsZHgC
j2W >IvFt
X?[&R$d+
[Eb6Ja
T'ZoC}&
L|Onx
<H~~#S16
%ij,|3m0Y
6&]B5 K,I
ll;^|5
=CNC;P
[pIi]rwdh
5,mN</{B
RWGlC v
v$#-6J
NR11P5X96
Rx{qk-
rIEgkmA_M;
\O80kRd
C'~D94
GWW_m5pH
.7];b;tX
euOT5
kT.s]wW'V="[
Hf4[8NN
K|cIy9{UC
(aI32'"
EXo,4_h
T%_)'O_
~'o s%`o
!Jq@X^
yCvL5k"1K
<4"(i5
&wyv8$Q6
<Obk=
#)P4Zlj:
~z_Afb
P?_aHW
k?"CGy
L-pLoU
CzM'pFT
[4&y>V
L&ew+5
=VHI(O7Q
.kcx,Mk"7^pp5
$7cOA\
# ;!B
;H6gkX[uI
0yJ^-mh_|_
_{wq9"
L5zNZB!
iQ+.N=v
[a!)?=
X#Pvq1
kTJAF'
-f@7tI=nu62"9!
)[W~K7R&,
26B@+Q
^&fBhOcCz.@_CTakzII
KFWPU`
p~?FZzE
!4ARlh
N?x_-u
X7]u64D
EF8AAIpxMFbH;O"
_/2c0|$>W
8!P77"Xg5
hLC`hg>
u{NJ(tTA"
jfmx(s
`wS%0;_p
/Y=v=hqy-
T^*pm+
]g.aMj)*
2fTz!oMS/y
KBOt:<1o:ji7tgW|n?;4
S;/8gq
pJ*JSk
*'Fs}T0,
=n%L)1h0I
J(:xap
K/x7V^dr&To[j .
(G7duO!
mIW$A[jQqylY
w#.zXq<
sF%QUT
7TlGsL8
FK"XII6`.*7LX3&
jXro(NipIKYIginyT
zLHhTu>$cT]X~qz9LD
[]h;J!
_0\p{N
9"^gh_"'
40$_xOj&y{EY|zi
rU><Tm$:h.5
_xSYN%N130+h
^Y:b2OMJ
oF)DiG@
7Nlr~4
N'`e]^
:/MRPz1U
`(:izR
h*!i9HV
%c&}|0xStBU
9Lt:"|
+-2NO}
D`:z#|o4
pb^lx7
6nCG_gy8
xsXnxnld^qj
72Q8k\
V&H:+QeUN"(
7'KvAZ
l{P-c^
2=|c;U
\NCcK{D
YCN}^E
-{hFi6-a\(
lJ"tZ8
Vx-UDa^X
&U=2i?
b{PRS)
'#BYT 7
hwu7Y@
8+Wx\f
Z8pQYV4w2G}r!eHtt
2E+i\E
y)VS~hJPw
xn^OORxb|YA]
XSaH1L1
s=t@WC1_=SK
DPLKBl3gW:5
.:OsnnLj
Mq|B|'$
+{- rFA
]6+<5M>T
j)t-,
&5\/"lvk
{[^"M/@n)~Z
5('Li6
(;X#g1`f{~[sJ7B
f^w rP2kzu
=&U>EY~1xU
tov:`"
Ky?8r'
U>3jCh/P.e:l;_
OhR.A11?d
~sw%wW6U
E^^H-5Qk
ym)29\*r&Oas
EMMsDV2
2Xs)xq'
&|X/Vm/g@d!"
xAX(cuD;
T^}=6
UqE_..A~
D"1m|)
8aU{JVo
\{6?Ua
k }%Fx
R]CZ(m6A
Zdefn=T?a
r^'AbuM
|[7G&mT99$0
"Xpju9tA
^ars7
d6:3AR
.;["@5
F|]kZIk
_*SxAwB6
I-',fF|O#~d"
$XAVbIO&elGb1f
2R1g/Qn
V+1]jx
KS"=wc
ZVq-mo
XQ`&-Ps
k$O@)nU,3
J$eF^4p`r\#a(M
8"=~4"n
Po-Lgv2kl
hr}24^s''K
+7T8Z)
3Ga#O?1PM
kgTS!a+DJ!iAb346
sBshI3KpZm8
F$yg},m
$;PJglVx~MU
P]*j]|`\v
/f^J31
d iMI&O
Wg.Bc}
:*Cb[l
QnKj9@x<ll
`a~eWEh$
v0W;.qi2
8i+`Wp
nU45kf~;
` S@@E
^SV.Sq
D{>K-`
^,,6Fs,E_G
8m,4kk`_KI
K{I_l%%
&=asqY(#
HCA[+2
9EeE\`
02leYwR*
g.drW(
2aZ}b;TK<[4
a.Dui,p`yR
IBmV>grn~!3D/
^F0+O2eF
y}MY"Y
'?ObVw
ghVzpQd?[GIW
^zEie~8?@
PQS+KuD9spCG
h<Pqmu
6(juxc
QhC_o@1t)Nq:DJ0
b[OwsII.Hk
H!%4r,]5
)@( &\6eB
[J!)\B}lhUP
mmuE@S
x3?g.+
+%--R|EF
[BYsP~XNQ5|fAoB:PXv
V}0#<7=W>k
rF^__[#
n-Te(\
I69Zr=B
3(x;g>*-i
S|Y#KXEOJ
6Z_+x$X
$&${[$SQ\([n
32MxW)H!
f4k42mJ)
'-pr1lwQx|
(McT-3
^Q3C:qJ//]
`EtW|!tWN/
Wa$!Q~+
9Ya!n4j.5I>
(>.THk|
QKy5?t$Bh
!7[HvN
~@iG3';2Y
S>gM>e1
K'JIZu!'
|#@<q?
r /QlEh
bd?D'g
3# ,[N
{b$]dkn7Z62j
H&5~L17
6Q2aFTV
e<d"<!&J%":mQ,
vO%dyg]
ka$HzF~vj
'Zwi?iA&O
?zNbQ[m;
O|vzz>SV+xc8WRg
x]u[}[
HZRzqjzb!-@
LEAV*uM
+X(T!B DENcZU
AyL :G
L!^om'?w
_t=~.*S%!R
Dd_]].&:
"?W}:7Hb
Z[[G.k3t
\WA8ZM
c0h47!}
l~LCK(5;?
GB4D/c
0))Z#I
noos\
@VrB Ivn:
Yc;;0rjW'B
?:xDJJ_q*
b$^RWL-
a^lxLj
bM Qboq:YH;eO4>;~
-e85*BfVgW
*wvL/i
oqV5)H
x|QDEyrW
A|"ZPy
'3gF]~:35r
%r}hp>EPW0x'
;4|P5tZ'G
4!Phw.
+//^<s>]w=! "L`
\?nf-T
gln@6r:`
&|y>`p7
_u\W3_{&
q3Q9@)b
6@)at!D
a(ALk<dztL@*G
*6(rO04W1
v!~W(}4<2
u5|G=C
i`q]6 ;Sk9[
<JB~s3
m*Y#+ro
NPZVr Jq@
N1 |2;.+DGwiX
xiSIy%
|ZN-0as
ae2mYj
SfH 2rj$')<
lKGyP"mi
&P?zf>I
&W/_VJ
e6-kA
n;[%i0
C}G?^`
S7l\o*
LgX2.Xoj+Q#r(c0ho
*kFNOX
;>u?\
iGioxb
7I.Pdm5yfvi
o4W<u3li
,'ES^DR
xh&H@:
XQfO;1l(R4
bihxr'
XiuyUAI
*cs$5)
U4N}*u{_
gk0Nu[
;2=FoY~ElqT1p
N]k' MDTcr
8o1HlTfC=n=#e<#
Li1Ri]:Br.E,jna
tY@W18~
zi9aa')[.5w
O*nrfV+
p6-0fP`r-;
!fV)dG.~O`
1,JAgWg2i
hHqT9 9<=OjuyN"1S3^X~I^>;_
*+Rb)HM
hFw@yZ# QC>lF|
zONa2=9.ZT/>a
Y?|Wr>;ji
ZNN>*lV
/M\?wJ
eIy=)y
k(ac,
4|/hQwzI
+Cc":+%)%
`kq-HJ!C?
(%=HeE]SP|kX9
lh3W<5
_&EGW+
+GfhMz'<!@
&g9Yp:
I?4{G`d
HqQ5Vm-y&
pu/=}4
qM?RRzP|
hhXWq#hr,hC4:n
I<?I'h^c}
OY9y8;tYLn%_
5Cp'ut
Mb(vvQfn!
XAIX[9tR,v
0;+qIi
(^hKX<_
7 ciW!Y awBz
2g NQh#z
_"HAD(wB
ok.@n[I
RyR6b]r8i
SRYe,KjD0*#Oxpy
X0 1LH
:F9`pN
Z"]+#N-
+R2meBE
5f7]}J
AW[5.{F
2S~51VT
e!+H\"
s`RG#_%C/
d|&2`f
pI0E{t)6DaIwC
VoQ8uYY:A
+)=|i3?-+
yI/0$u^|
AL.h lt
Jn<0>mjP
Qc1Y9dAWTd_VfjUL
7.p*#$gM
$"]IQu?
OBJTF(
Kj\*e |a'
dB-:K6eR
FL4Zv:J'
zJr@kL
#8bXFf`
:O ;zy
l*}j-^
w],ib3
^MdYC9BfoAy
+RP%}QE
1 ?pH7`w
l)0 h
tQ0oa[ap
TSl@-
4,IOv(
shb0G5t?;-=
poJ8-Y
z-[Bpx
oRWHua3PB
?:7^VV~Y
b~*N\~
WH[f[]
]y)C@icaBzqJ
fH#>5"f
b+j\Y/
/PT!NN#L
Ha1X*\J!p
"7Ao1^H
?63aW$lJjLtFJr
aeQ?pu`
_al>',q#kde
,nOvKP^-<z4a~T5x}&
!qR },b
3{F2e#[
m{76A@M
_T?+v_H-
+e>7m{.fh
"$tm]Khii
jP80Mpz_C1a
of1"8hCq
,#Ys~1b'>^Nb ?[
9IdVC3
{G&Sy7
"t\ 9F4
~4ZdzSJ'|;%=
D|DJQw(
~ZUeeGe#jQ
-`X2@KQ_
c3<7"4g-
}45l:h[P(.Vf,OUA)
,?$cY*s
dUh`k*'E
no1\dhW-QuMw
k,%uJO
\&\_.<
$rId4(1!
`9zc$j[
ahkvrfehv#
cZ#bn(Y;|q
<Ba-@6
f\wh$,J*|C2kYuv;}
jviDrqt
#pd0s4nM
fTbvzE 7N.
K&`1IH&0V
ify&l0
2~p4_.
DE"%g7
05n9h8EV%]
>\fV46A4S
[~ C1`J
YzI_Ta;eH 'bfU
Z\IU]t$
^2Jg/C
gOMkhooY:[pv
!,$f0Zg'
#3%AaqN9&"jf%
H%'Pc"dZ
wwF87gF
mBjI@7no
9L!Gas
"4_f#2M
Iyxo7~2d_>
noOZWg
3bM3:KT6
Y?x&<\o
;(%-$+Z24:
:MwRn.
kh:)Cc"B4
f#m3kYYN
9Bd>@ej
&Y 5O8
9'(UO%YbAVSQ
{$#m1-MEZ
Izuhkq8F
z\-(!r}=
zCeTQGE#N-
CeZ u'
.\Q_ckl:
KE]7>dd
O?f\/{fro
;oD(rp<InZRb
1D;gsg
cGUZ:Gy4)W
kaduvDn*|B
DVCLAL
PACKAGEINFO
MAINICON(

Process Tree

04c9c2bd32bf81e9203132ddcb81606dd9daa7f6c9a619f2e5b0a62a0f9be97d.exe, PID: 1064, Parent PID: 2284

default registry file network process services synchronisation iexplore office pdf

DNS

Name Response Post-Analysis Lookup
dns.msftncsi.com A 131.107.255.255 131.107.255.255
dns.msftncsi.com AAAA fd3e:4f5a:5b81::1 131.107.255.255

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 53179 224.0.0.252 5355
192.168.56.101 49642 224.0.0.252 5355
192.168.56.101 137 192.168.56.255 137
192.168.56.101 61714 114.114.114.114 53
192.168.56.101 61714 8.8.8.8 53
192.168.56.101 56933 8.8.8.8 53
192.168.56.101 138 192.168.56.255 138

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Name ebcbfa5e08b52914_inputpersonalization.exe
Filepath C:\Windows\SysWOW64\DC++ Share\InputPersonalization.exe
Size 374.4KB
Processes 1064 (04c9c2bd32bf81e9203132ddcb81606dd9daa7f6c9a619f2e5b0a62a0f9be97d.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 d049c8eeb1dea3ebcd4df8544ef36164
SHA1 4ed687d5cda0131e04a02ea096b8d4922ab74cf6
SHA256 ebcbfa5e08b52914b4f779ac653f959b2d8c7e795c2758b2a70341ea13f2edc4
CRC32 6811F711
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 7812d7762fb014f7_ielowutil.exe
Filepath C:\Windows\SysWOW64\DC++ Share\ielowutil.exe
Size 112.9KB
Processes 1064 (04c9c2bd32bf81e9203132ddcb81606dd9daa7f6c9a619f2e5b0a62a0f9be97d.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 8956896bb3653f3be084ddd7f1a5dfab
SHA1 7cf82b4db899a1a7d192fce0e7db972533d2e7e5
SHA256 7812d7762fb014f7524d380dea71d6b49e32b60aabf53a918630fada957d20bb
CRC32 E50BD5D3
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 882c79f3b5fa5968_iexplore.exe
Filepath C:\Windows\SysWOW64\DC++ Share\iexplore.exe
Size 678.6KB
Processes 1064 (04c9c2bd32bf81e9203132ddcb81606dd9daa7f6c9a619f2e5b0a62a0f9be97d.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 f939fbf26cc051524379cb380214e3c6
SHA1 2deec43969692455fce53f9c894c30132ceed159
SHA256 882c79f3b5fa59688b0467fba5af2fdb540560cfa42a2a269d292dc6ecd306b4
CRC32 D6844211
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name b821c129d2e003df_wmplayer.exe
Filepath C:\Windows\SysWOW64\DC++ Share\wmplayer.exe
Size 163.4KB
Processes 1064 (04c9c2bd32bf81e9203132ddcb81606dd9daa7f6c9a619f2e5b0a62a0f9be97d.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 e19e44dd206de8bb1e6a84b1d8a10e02
SHA1 8a53a556a62f47a383b4fc5100278d04da54a213
SHA256 b821c129d2e003df97769d3d7648938ec37e9eec47a67bbcc043a260aafe5c90
CRC32 10E69A8C
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 90badd959d7e82fd_wmpconfig.exe
Filepath C:\Windows\SysWOW64\DC++ Share\wmpconfig.exe
Size 99.9KB
Processes 1064 (04c9c2bd32bf81e9203132ddcb81606dd9daa7f6c9a619f2e5b0a62a0f9be97d.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 29df76e09b9a8b2db5cfcc4f22c9160d
SHA1 4d0db69091eb48094c4858b3a8ed2abd420c8eac
SHA256 90badd959d7e82fd01f65bff025011a64d72138bfbb94a3c4860a365f76311e9
CRC32 E3D977A8
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 30926dc1b19b6f68_wmpdmc.exe
Filepath C:\Windows\SysWOW64\DC++ Share\WMPDMC.exe
Size 1.2MB
Processes 1064 (04c9c2bd32bf81e9203132ddcb81606dd9daa7f6c9a619f2e5b0a62a0f9be97d.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 bfeadba3c73a19121803974f3aad1ade
SHA1 cd93a4167deb16bdc832b53d259422624f4fdc62
SHA256 30926dc1b19b6f68a8db37731b7496bc7db3041cc5ba1f13b0fed86c3cdfb563
CRC32 CC80005F
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name fbc7f1c8854366a5_dvdmaker.exe
Filepath C:\Windows\SysWOW64\DC++ Share\DVDMaker.exe
Size 2.2MB
Processes 1064 (04c9c2bd32bf81e9203132ddcb81606dd9daa7f6c9a619f2e5b0a62a0f9be97d.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 dff9f0e98d6f8ca8860aa4179c091d69
SHA1 3cde8a75c6d14188c21ea76305e3550b3af38970
SHA256 fbc7f1c8854366a55d67ba35f7c71c9cd7319ff6f96f8e4b0b60bbd8ce245807
CRC32 0542CB14
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 57817762048487b0_inject-x86.exe
Filepath C:\Windows\SysWOW64\xdccPrograms\inject-x86.exe
Size 125.6KB
Processes 1064 (04c9c2bd32bf81e9203132ddcb81606dd9daa7f6c9a619f2e5b0a62a0f9be97d.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 a2defc473bad6129015173898d8225f4
SHA1 cbf132cf614e648f945206b74b2e6c0cf815ad59
SHA256 57817762048487b0e031d13afe9e9999ff51b75d35e9ec54ada057c271eec2ef
CRC32 785391B6
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 3584b8a0ccc11869_mpcmdrun.exe
Filepath C:\Windows\SysWOW64\DC++ Share\MpCmdRun.exe
Size 186.4KB
Processes 1064 (04c9c2bd32bf81e9203132ddcb81606dd9daa7f6c9a619f2e5b0a62a0f9be97d.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 985da8d196cf9a0e8b90f3e6b80a4481
SHA1 081b92319aec9fbedc8395d7a8cdcb9d8b736163
SHA256 3584b8a0ccc118695946bcea6cd31f3f76b19391bf2e31e29d099e6ad4f29f9e
CRC32 A5B2A36E
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name d45604f9e65447bd_setup_wm.exe.exe
Filepath C:\Windows\SysWOW64\DC++ Share\setup_wm.exe.exe
Size 128.5KB
Processes 1064 (04c9c2bd32bf81e9203132ddcb81606dd9daa7f6c9a619f2e5b0a62a0f9be97d.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 a4e4c6dfe332ed8a5dcd3d6c636ebadc
SHA1 b99e5011c4cc0da5e338066e24afa4845f8ae2fe
SHA256 d45604f9e65447bda41c7ea307fb5f5384393082337520bc3a2dba181ba79b63
CRC32 771E39E7
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 1e454304229aaac8_pdialog.exe
Filepath C:\Windows\SysWOW64\DC++ Share\PDIALOG.exe
Size 131.9KB
Processes 1064 (04c9c2bd32bf81e9203132ddcb81606dd9daa7f6c9a619f2e5b0a62a0f9be97d.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 d0a9edde6fbc24d60a9d90be5ec6e074
SHA1 52d1a5b0f0dbe2cbb95b39b46ef2cb15fb1cc242
SHA256 1e454304229aaac8fb1aef2d36501410e2655d442a5a552e919b7c2beeb030ab
CRC32 F0D311CB
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name c9e8958329d3e93b_wmpshare.exe
Filepath C:\Windows\SysWOW64\DC++ Share\wmpshare.exe
Size 100.4KB
Processes 1064 (04c9c2bd32bf81e9203132ddcb81606dd9daa7f6c9a619f2e5b0a62a0f9be97d.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 0d70a1d5d7e921f3f431a1279a533788
SHA1 515899143b096847463daf69625dac0e82e50d97
SHA256 c9e8958329d3e93bb7c47a3b26ac40f06d0126a6b321f3d3d7de480ba9ec994f
CRC32 90963EAD
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 4830e7c9bb9bdcaa_mip.exe
Filepath C:\Windows\SysWOW64\DC++ Share\mip.exe
Size 1.5MB
Processes 1064 (04c9c2bd32bf81e9203132ddcb81606dd9daa7f6c9a619f2e5b0a62a0f9be97d.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 793d35f230ea9132cb4b70c2a9c2b7fa
SHA1 2c7e4e8aa4a21d00bd886a27a2c17e57181e92d4
SHA256 4830e7c9bb9bdcaa7c6ee0251464402972b3b67772027d1e143ea0b3d53106d9
CRC32 499B664D
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name f6a73a973170f1fc_wordpad.exe
Filepath C:\Windows\SysWOW64\DC++ Share\wordpad.exe
Size 4.4MB
Processes 1064 (04c9c2bd32bf81e9203132ddcb81606dd9daa7f6c9a619f2e5b0a62a0f9be97d.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 143ee55b7df63fae93d1f08dc3b60436
SHA1 8261b508994c0f9e5e4f19bd8f68ed56f0f8ad45
SHA256 f6a73a973170f1fcb8e0bb67bc12b6d300112690fbd966f2139d1184cb9f9b0f
CRC32 2A0086F1
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 574dd8e0564f8d5a_wmlaunch.exe
Filepath C:\Windows\SysWOW64\DC++ Share\wmlaunch.exe
Size 256.9KB
Processes 1064 (04c9c2bd32bf81e9203132ddcb81606dd9daa7f6c9a619f2e5b0a62a0f9be97d.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 d97c3945932c5b46a7a7681004a4c184
SHA1 b39ab0cf418aebb820d5dba49847e3780dbfc390
SHA256 574dd8e0564f8d5a965bc76fc6a5502fed1bd9c5dd6030c7ff980c873b21bcde
CRC32 2036EA8F
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 10edc430447f0662_install.exe
Filepath C:\Windows\SysWOW64\xdccPrograms\install.exe
Size 549.4KB
Processes 1064 (04c9c2bd32bf81e9203132ddcb81606dd9daa7f6c9a619f2e5b0a62a0f9be97d.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 d483c09069c8b768bac1a8a48d4fc105
SHA1 2cb976e8410c8f0e5035fc5665122d2c3cbeffe8
SHA256 10edc430447f0662af4e92039872e7e59f5e3d02ca26ef80f5a3ff2eeb639b8e
CRC32 13B601A2
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name f7edee76eb26e027_inkwatson.exe
Filepath C:\Windows\SysWOW64\xdccPrograms\InkWatson.exe
Size 387.9KB
Processes 1064 (04c9c2bd32bf81e9203132ddcb81606dd9daa7f6c9a619f2e5b0a62a0f9be97d.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 39714b902d3e7b969d7a3e49c611ee60
SHA1 4d37876e96635f2930b00ea8e20c1c9fc651448f
SHA256 f7edee76eb26e027bae56cd40fff65ab49245364019908a2261dac5c0ef80bdf
CRC32 1F4356EE
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 8b234981e03179dd_wmpenc.exe
Filepath C:\Windows\SysWOW64\DC++ Share\wmpenc.exe
Size 130.4KB
Processes 1064 (04c9c2bd32bf81e9203132ddcb81606dd9daa7f6c9a619f2e5b0a62a0f9be97d.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 034c0f7ac62697a892f4ab84752ef1da
SHA1 920818f2710e636d1d0276929bb5579a45ee2bb0
SHA256 8b234981e03179dd7ef43720fc26b6db88a2e57613c63f6bb6fc36e12a73df38
CRC32 B51DADC5
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name accfa4f2bed9159a_journal.exe
Filepath C:\Windows\SysWOW64\DC++ Share\Journal.exe
Size 2.1MB
Processes 1064 (04c9c2bd32bf81e9203132ddcb81606dd9daa7f6c9a619f2e5b0a62a0f9be97d.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 ac9030b75c7e4c72cfd20b70e5984610
SHA1 d26ace814b42af5848d7c747f29721a844086532
SHA256 accfa4f2bed9159a50831de6f6dc7cb1755d02b95dcf2aaa4016db9a28a7b065
CRC32 E328919B
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 494b7fad9ca7a70e_setup_wm.exe
Filepath C:\Windows\SysWOW64\DC++ Share\setup_wm.exe
Size 2.0MB
Processes 1064 (04c9c2bd32bf81e9203132ddcb81606dd9daa7f6c9a619f2e5b0a62a0f9be97d.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 4e98ebe60f188aa8ed97ee1c41d48463
SHA1 525c4c7cae8ec1c475fcc1c06b5cfbd889c465bd
SHA256 494b7fad9ca7a70eeb6d3cdaf45c8713d50c8a3f504cd30ab8405f988853eef2
CRC32 904DE224
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name daaf4ec2af4b3348_shapecollector.exe
Filepath C:\Windows\SysWOW64\DC++ Share\ShapeCollector.exe
Size 678.9KB
Processes 1064 (04c9c2bd32bf81e9203132ddcb81606dd9daa7f6c9a619f2e5b0a62a0f9be97d.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 f169b9b174b1a71e1c615760a273c274
SHA1 7de00fbb1d89ef0ada37d00853231a3531411a85
SHA256 daaf4ec2af4b3348f0d811a7a382500c645574d4db648d998f77b2e1aa889399
CRC32 1C1C9731
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name e3774ac821692bfd_msascui.exe
Filepath C:\Windows\SysWOW64\DC++ Share\MSASCui.exe
Size 938.4KB
Processes 1064 (04c9c2bd32bf81e9203132ddcb81606dd9daa7f6c9a619f2e5b0a62a0f9be97d.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 d0fe780efc2cd7e80e1de81c6283291e
SHA1 db7842f00b89060d81d3fe68330b834cfe21f26e
SHA256 e3774ac821692bfdc84cb67b3dd5d6377aa3b229f5e331c2136b228369be2208
CRC32 E03F05A4
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name ecf11efb2bb7f653_wab.exe
Filepath C:\Windows\SysWOW64\DC++ Share\wab.exe
Size 503.9KB
Processes 1064 (04c9c2bd32bf81e9203132ddcb81606dd9daa7f6c9a619f2e5b0a62a0f9be97d.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 39437cd515f5606bd791f563036c0af3
SHA1 3b0f07a303d8d138e75e3374932a5c10fd53feb6
SHA256 ecf11efb2bb7f6533b3cfd30a09309a3124a738ed6cdf5150eb2355c4be4befd
CRC32 283DBCD9
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 8d3fc60cc6242417_procmon.exe
Filepath C:\Windows\SysWOW64\xdccPrograms\Procmon.exe
Size 2.0MB
Processes 1064 (04c9c2bd32bf81e9203132ddcb81606dd9daa7f6c9a619f2e5b0a62a0f9be97d.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 c97f73a6ae14c52b350d664c92ee74ac
SHA1 ceafea4df6ef5e7813506dc2a958398da48d7d18
SHA256 8d3fc60cc6242417d2e33d1184ea3742ad5a06de23edd311b1198bb8b34058dc
CRC32 A4081BF8
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name da8157fa527003c4_ieinstal.exe
Filepath C:\Windows\SysWOW64\DC++ Share\ieinstal.exe
Size 263.4KB
Processes 1064 (04c9c2bd32bf81e9203132ddcb81606dd9daa7f6c9a619f2e5b0a62a0f9be97d.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 fb9417650e3a7c32677bbae62e523066
SHA1 33181687b949540c30358b6d44d5ea018ad99267
SHA256 da8157fa527003c4c430feb9f1473bc4b49c4b0c4c0581621f55d6621234ede4
CRC32 4584A3BF
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name a1e88659a4ad4f4f_marijuana.txt
Filepath C:\marijuana.txt
Size 21.2KB
Processes 1064 (04c9c2bd32bf81e9203132ddcb81606dd9daa7f6c9a619f2e5b0a62a0f9be97d.exe)
Type ISO-8859 text, with CRLF line terminators
MD5 c0214c7723fe7bde6bc2834742bcc506
SHA1 f3d8e78975bf169fc1ed3ae95ad41d84ff6a36c3
SHA256 a1e88659a4ad4f4fd55f246ab076dee048881fcac3ea8a300e2fe8cdffd88b73
CRC32 0D0BD2E9
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 6bee15a0327b29b4_wmpnetwk.exe
Filepath C:\Windows\SysWOW64\DC++ Share\wmpnetwk.exe
Size 1.5MB
Processes 1064 (04c9c2bd32bf81e9203132ddcb81606dd9daa7f6c9a619f2e5b0a62a0f9be97d.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 3dbfaa1c9a0cbd4fb5714ca9f6adfa7f
SHA1 23839568022f8a8e2a4c32599253e1329174716c
SHA256 6bee15a0327b29b47ba6a79ab74b2063360b4c255af712877a070ee6dca4704d
CRC32 8771A1CA
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 112bc9aa37dbd393_wmprph.exe
Filepath C:\Windows\SysWOW64\DC++ Share\wmprph.exe
Size 136.2KB
Processes 1064 (04c9c2bd32bf81e9203132ddcb81606dd9daa7f6c9a619f2e5b0a62a0f9be97d.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 b4b112686d9fa3d3321bed028f00d09d
SHA1 b755af7da9f996b4b8e557c7788eaa3740ac56ab
SHA256 112bc9aa37dbd39378dd07355648e6b194f805ae62c9d38431ac532216d3da6e
CRC32 A3AE3E5A
ssdeep None
Yara None matched
VirusTotal Search for analysis
Sorry! No dropped buffers.