cab589f15ae4ad5f569b4fe5b603b4a955edf8c4bd2deea7539127d8529a6129

Sharing

Copy URL Twitter E-mail

General

Target

cab589f15ae4ad5f569b4fe5b603b4a955edf8c4bd2deea7539127d8529a6129
Size

1.1MB
MD5

2b58841896fc244ff0048d64022f2be1
SHA1

7e968be4fc83b517901fec5959df7de9168b8ed3
SHA256

cab589f15ae4ad5f569b4fe5b603b4a955edf8c4bd2deea7539127d8529a6129
SHA512

f536f4937c4e482d00d3af15886de440d1de49b4e0b755b95c752218666d964228b72795eec3ce588d33c8f0063bd91f152a51deaf15caf7f8618d7728b60076
SSDEEP

12288:rH5AVy9xQyqc7JS2LZEOFDs6MVVp9f+WvSrPPD8aiuiMWdOAOf/jJhgm3+ER:reViJ7JSwArBGWvSrPPD8aiKWZOftU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cab589f15ae4ad5f569b4fe5b603b4a955edf8c4bd2deea7539127d8529a6129

Files

cab589f15ae4ad5f569b4fe5b603b4a955edf8c4bd2deea7539127d8529a6129
.exe windows:4 windows x86 arch:x86

f5c229f6a9a0912485ffa4d42a2d57f7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

j:\BR5.0\output\win32\release\ABService.pdb

Imports

uilogic

CreateUiLogic
CreateUiPolicyPtr
GetRecordObj
GetScheduleObj

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock
GetUserProfileDirectoryW
UnloadUserProfile
LoadUserProfileW

wtsapi32

WTSQueryUserToken
WTSEnumerateSessionsW
WTSFreeMemory
WTSEnumerateProcessesW
WTSRegisterSessionNotification

rpcrt4

RpcServerListen
RpcMgmtStopServerListening
RpcBindingFree
RpcStringFreeW
RpcRevertToSelf
RpcImpersonateClient
NdrServerCall2
NdrClientCall2
RpcServerRegisterIf
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcServerUseProtseqEpW
RpcServerUnregisterIf

comn

GetObjectSys
GetObjectLog
GetObjectLang

ws2_32

connect
WSACleanup
sendto
setsockopt
recvfrom
WSAIoctl
select
accept
htons
socket
closesocket
WSAStartup
listen
gethostbyname
ntohs
WSAGetLastError
inet_ntoa
htonl
send
bind
recv
inet_addr

encrypt

HexToStr
CreateEncryptObject
StrToHex

diskmgr

CreateDdmManager

shlwapi

PathFileExistsW

amnet

?ToCharacter@Amnet@@YAPADK@Z
?InitAdapter@Amnet@@YAX_N@Z
?CalcIPAndMask@Amnet@@YAKPAD0@Z
?Sendto@Amnet@@YA_NHPADI0H_N@Z
?Disconnect@Amnet@@YA_NH_N@Z
?Install@Amnet@@YA_NXZ
?StoppedTcpEngine@Amnet@@YA_NK@Z
?Send@Amnet@@YA_NHPADI_N@Z
?StartupTcpEngine@Amnet@@YA_NPAVIAttemperEngineSink@1@@Z
?GetLastError@Amnet@@YAHXZ
?Uninstall@Amnet@@YAXXZ
?GetIpAddress@Amnet@@YAXHPAD@Z
?Listen@Amnet@@YA_NHPADI@Z
?GetAdapterCount@Amnet@@YAHXZ
?GetHostName@Amnet@@YAXPAD@Z
?CleanVirtualAdapter@Amnet@@YAXXZ
?Socket@Amnet@@YAHH@Z
?GetAdapterAt@Amnet@@YA_NIAAUTAdapter@1@@Z
?Accept@Amnet@@YA_NHH_N@Z
?ToInteger@Amnet@@YAKPAD@Z
?ToInteger@Amnet@@YAKPA_W@Z

ntlog

?CloseLog@NTLOG@@YAXH@Z
?WriteLog@NTLOG@@YAHHIPB_WZZ
?OpenLog@NTLOG@@YAHIPA_W@Z

nthelp

?GetAddrInIPv4@Help32@@YAXKPA_W@Z
?StringToGUID@Help32@@YAXPA_WAAU_GUID@@@Z
?SplitString@Help32@@YAXPA_W_WAAV?$vector@PA_WV?$allocator@PA_W@std@@@std@@@Z
?Decrypto@Help32@@YAXPAEK@Z
?IsEmpty@Help32@@YAHPA_W@Z
?IsEmpty@Help32@@YAHPAD@Z
?IsValidUserAndHasAdmin@Help32@@YAHPA_WAAH@Z
?GUIDToString@Help32@@YAXAAU_GUID@@PA_WH@Z
?FileIsExist@Help32@@YAHPA_W@Z
?Compress@Help32@@YAHPAEI@Z
?Wchartochar@Help32@@YAXPB_WPADH@Z
?Encrypto@Help32@@YAXPAEK@Z
?InternetCheckResult@Help32@@YAHPBDH@Z
?GetIPv4InAddr@Help32@@YAKPBD@Z
?MakeGUID@Help32@@YAXAAU_GUID@@@Z
?ReadFile@Help32@@YAKPA_WKPAXK@Z
?EqualString@Help32@@YAHPA_W0@Z
?EqualString@Help32@@YAHPA_WPAD@Z
?GetModuleFilePath@Help32@@YAXPAD@Z
?GetModuleFilePath@Help32@@YAXPA_W@Z
?Chartowchar@Help32@@YAXPBDPA_WH@Z
?CheckWindowsUserAndPasswordIsValid@Help32@@YAHPA_W0@Z
?CopyString@Help32@@YAXPA_W0@Z
?CopyString@Help32@@YAXPAD0@Z
?CopyString@Help32@@YAPA_WPA_W@Z
?Expansion@Help32@@YAXPAEIPADI@Z
?WriteFile@Help32@@YAKPA_WKPAXK@Z
?GetIPv4InAddr@Help32@@YAKPB_W@Z

usbdetect

?GetCurRemovableDrives@DeviceUtil@@SAXPAV?$set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@Z
?GetCurRemovablePartitions@DeviceUtil@@SAXPAV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@DU?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@D@std@@@2@@std@@@Z
?Get@USBDriveDetector@@SAAAV1@XZ
?RegisterNotification@USBDriveDetector@@QAE_NPAUSERVICE_STATUS_HANDLE__@@PAVHandler@1@@Z
?EventHandler@USBDriveDetector@@QAEXKKPAX@Z

funclogic

CreateEnumDisk

kernel32

IsDebuggerPresent
UnhandledExceptionFilter
HeapFree
GetProcessHeap
QueryPerformanceCounter
GetSystemTimeAsFileTime
UnlockFile
InterlockedCompareExchange
LocalAlloc
LocalFree
GenerateConsoleCtrlEvent
GetCurrentThread
FreeLibrary
GetVersion
FlushFileBuffers
GetWindowsDirectoryW
GetSystemDirectoryW
GetStdHandle
WriteConsoleA
GetSystemInfo
GetVersionExA
SetLastError
WriteConsoleW
GetFileSizeEx
LockFile
SetFilePointerEx
GetModuleFileNameW
GetLastError
DeleteCriticalSection
CreateThread
DeleteFileW
CreateMutexW
InitializeCriticalSection
FindClose
WaitForSingleObject
ReleaseMutex
GetTickCount
Sleep
GetLocalTime
CreateEventW
SetEvent
CloseHandle
FindFirstFileW
lstrcpyW
QueueUserWorkItem
LeaveCriticalSection
EnterCriticalSection
GetVersionExW
Process32FirstW
GetCurrentProcess
Process32NextW
CreateToolhelp32Snapshot
OpenProcess
GetProcAddress
LoadLibraryW
CreateProcessW
GetFileAttributesW
GetPrivateProfileIntW
TerminateProcess
ReadFile
GetModuleFileNameA
SetFilePointer
WTSGetActiveConsoleSessionId
GetPrivateProfileStringW
CreateFileW
WriteFile
CreateDirectoryW
MultiByteToWideChar
GetExitCodeProcess
GetStartupInfoW
WritePrivateProfileStringW
SetProcessPriorityBoost
SetPriorityClass
GetLogicalDriveStringsW
GetDriveTypeW
OpenMutexW
GetCurrentThreadId
OutputDebugStringA
FindNextFileW
OutputDebugStringW
GetEnvironmentVariableW
GetModuleHandleW
SetUnhandledExceptionFilter
InterlockedIncrement
LoadLibraryA
InterlockedExchange
InterlockedDecrement
WideCharToMultiByte
GetCurrentProcessId
PostQueuedCompletionStatus
CreateIoCompletionPort
GetQueuedCompletionStatus
CreateFileA
GetFileSize
DeviceIoControl
CreatePipe
PeekNamedPipe
TerminateThread
GetComputerNameW
GetFileAttributesA
CreateDirectoryA
IsBadReadPtr
IsBadWritePtr
CopyFileA

user32

GetUserObjectSecurity
GetWindowLongW
SetThreadDesktop
CloseWindowStation
OpenWindowStationW
OpenDesktopW
SetUserObjectSecurity
CloseDesktop
SetProcessWindowStation
DefWindowProcW
PostQuitMessage
UnregisterDeviceNotification
LoadCursorW
RegisterClassExW
SetWindowLongW
SendMessageW
CreateWindowExW
GetMessageW
wsprintfW
wvsprintfW
GetProcessWindowStation
RegisterDeviceNotificationW
TranslateMessage
GetThreadDesktop
DispatchMessageW

advapi32

GetAce
OpenThreadToken
ImpersonateLoggedOnUser
CopySid
InitializeSecurityDescriptor
RegDeleteKeyA
AddAce
GetAclInformation
SetSecurityDescriptorDacl
RevertToSelf
LogonUserW
RegOpenKeyExA
InitializeAcl
AddAccessAllowedAce
GetLengthSid
RegFlushKey
RegQueryValueExA
RegOpenKeyA
RegSetValueExA
RegEnumKeyW
RegQueryInfoKeyW
RegOpenKeyW
LookupAccountSidW
RegQueryValueExW
DeleteService
CloseServiceHandle
OpenServiceW
CreateServiceW
QueryServiceStatus
OpenSCManagerW
ControlService
ChangeServiceConfig2W
DeregisterEventSource
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
ReportEventW
RegisterEventSourceW
SetServiceStatus
RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
SetTokenInformation
DuplicateTokenEx
GetTokenInformation
CreateProcessAsUserW
OpenProcessToken
GetSecurityDescriptorDacl

shell32

ShellExecuteExW
SHGetFolderPathA
SHGetFolderPathW

ole32

CoUninitialize
CLSIDFromString
CoTaskMemFree
CoInitializeEx
CoInitialize
CoCreateInstance
StringFromCLSID

oleaut32

SysStringLen
SysFreeString
SysAllocString

msvcp80

??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHPBD@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??0?$allocator@_W@std@@QAE@XZ
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??0?$allocator@_W@std@@QAE@ABV01@@Z
?deallocate@?$allocator@_W@std@@QAEXPA_WI@Z
?allocate@?$allocator@_W@std@@QAEPA_WI@Z
?max_size@?$allocator@_W@std@@QBEIXZ
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?eof@?$char_traits@D@std@@SAHXZ
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?width@ios_base@std@@QAEHH@Z
?uncaught_exception@std@@YA_NXZ
?width@ios_base@std@@QBEHXZ
?flags@ios_base@std@@QBEHXZ
?length@?$char_traits@D@std@@SAIPBD@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?good@ios_base@std@@QBE_NXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z

activeds

ord9

msvcr80

ferror
fputc
ftell
_CIpow
_get_osfhandle
fread
strcat_s
fseek
_fsopen
memmove
isalnum
tolower
isalpha
fprintf
printf
fopen_s
_wcsicmp
fclose
memmove_s
??2@YAPAXI@Z
swprintf_s
wcstombs
_swprintf
_vswprintf
wcsncmp
_invalid_parameter_noinfo
_localtime64
free
swscanf_s
??3@YAXPAX@Z
??_V@YAXPAX@Z
_localtime64_s
sprintf
_fileno
_vsnprintf_s
_itoa
_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
__CxxFrameHandler3
__set_app_type
__p__fmode
_beginthread
_purecall
strstr
_mktime64
_wtoi
wcsrchr
_itow
strchr
fopen
_wcsnicmp
wcschr
_vsnwprintf
wprintf
_beginthreadex
wcsncpy
strncpy
fgets
vswprintf_s
strtok
fwrite
towupper
_wcsupr
_vsnprintf
__p__commode
srand
_endthreadex
strncmp
mbstowcs
wcsstr
strcpy_s
atoi
strtol
calloc
_vscprintf
_vscwprintf
vsprintf
rand
gets
memcpy
strlen
wcscpy
div
memset
_CxxThrowException
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
__winitenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
feof
isspace
_adjust_fdiv
strrchr
_time64
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABQBD@Z
wcscat_s
wcscpy_s
??0exception@std@@QAE@ABV01@@Z
malloc

iphlpapi

AddIPAddress

winhttp

WinHttpCrackUrl
WinHttpReceiveResponse
WinHttpSetTimeouts
WinHttpCloseHandle
WinHttpSendRequest
WinHttpQueryDataAvailable
WinHttpOpen
WinHttpConnect
WinHttpReadData
WinHttpOpenRequest

enumfolder

CreateEnumRemoteFolder

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z

Sections

.text
Size: 512KB - Virtual size: 511KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 532KB - Virtual size: 692KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f5c229f6a9a0912485ffa4d42a2d57f7

Headers

File Characteristics

PDB Paths

Imports

uilogic

userenv

wtsapi32

rpcrt4

comn

ws2_32

encrypt

diskmgr

shlwapi

amnet

ntlog

nthelp

usbdetect

funclogic

kernel32

user32

advapi32

shell32

ole32

oleaut32

msvcp80

activeds

msvcr80

iphlpapi

winhttp

enumfolder

Exports

Exports

Sections

.text Size: 512KB - Virtual size: 511KB

.rdata Size: 96KB - Virtual size: 92KB

.data Size: 4KB - Virtual size: 86KB

.rsrc Size: 532KB - Virtual size: 692KB

.text
Size: 512KB - Virtual size: 511KB

.rdata
Size: 96KB - Virtual size: 92KB

.data
Size: 4KB - Virtual size: 86KB

.rsrc
Size: 532KB - Virtual size: 692KB