1.7
低危
DACN
0.15
FACILE
1.00
IMCLNet
0.70
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:Warezov-FL [Wrm] | 20200411 | 18.4.3895.0 |
| Baidu | None | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (D) | 20190702 | 1.0 |
| Kingsoft | None | 20200412 | 2013.8.14.323 |
| McAfee | GenericRXFJ-CM!0C88767C275B | 20200412 | 6.0.6.653 |
| Tencent | Malware.Win32.Gencirc.10b3b0b6 | 20200412 | 1.0.0.1 |
静态指标
一个或多个进程崩溃
(1 个事件)
动态指标
提取了一个或多个潜在有趣的缓冲区,这些缓冲区通常包含注入的代码、配置数据等。
一个进程试图延迟分析任务。
(1 个事件)
| description | tserv.exe 试图睡眠 127.0 秒,实际延迟分析时间 127.0 秒 | |||
网络通信
Attempts to identify installed AV products by registry key
(4 个事件)
| registry | HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Internet Security |
| registry | HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps |
| registry | HKEY_LOCAL_MACHINE\SOFTWARE\McAfee.com\Personal Firewall |
| registry | HKEY_LOCAL_MACHINE\SOFTWARE\Zone Labs\ZoneAlarm |
在 Windows 启动时自我安装以实现自动运行
(2 个事件)
| reg_key | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs | reg_value | msji449c14b7.dll | ||||||
| reg_key | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\tserv | reg_value | C:\Windows\tserv.exe s | ||||||
文件已被 VirusTotal 上 60 个反病毒引擎识别为恶意
(50 out of 60 个事件)
| ALYac | Trojan.GenericKD.30865232 |
| APEX | Malicious |
| AVG | Win32:Warezov-FL [Wrm] |
| Acronis | suspicious |
| Ad-Aware | Trojan.GenericKD.30865232 |
| AhnLab-V3 | Worm/Win32.Warezov.R227713 |
| Antiy-AVL | Worm[Email]/Win32.Warezov |
| Arcabit | Trojan.Generic.D1D6F750 |
| Avast | Win32:Warezov-FL [Wrm] |
| Avira | WORM/Stration.C |
| BitDefender | Trojan.GenericKD.30865232 |
| BitDefenderTheta | Gen:NN.ZexaF.34106.AqZ@aKt0LPd |
| CAT-QuickHeal | Trojan.Mauvaise.SL1 |
| CMC | Email-Worm.Win32.Warezov!O |
| ClamAV | Win.Worm.Warezov-6804540-0 |
| Comodo | Worm.Win32.Stration.DR@13yt |
| CrowdStrike | win/malicious_confidence_100% (D) |
| Cybereason | malicious.c275b9 |
| Cylance | Unsafe |
| Cyren | W32/Warezov.YBCD-4106 |
| DrWeb | Win32.HLLM.Limar.based |
| ESET-NOD32 | Win32/Stration.DR |
| Emsisoft | Trojan.GenericKD.30865232 (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/Warezov.AI@mm |
| F-Secure | Worm.WORM/Stration.C |
| FireEye | Generic.mg.0c88767c275b9993 |
| Fortinet | W32/Stration.46FD!tr |
| GData | Trojan.GenericKD.30865232 |
| Ikarus | Win32.Warezov |
| Invincea | heuristic |
| Jiangmin | Worm.Warezov.avj |
| K7AntiVirus | Trojan ( 00010be51 ) |
| K7GW | Trojan ( 00010be51 ) |
| Kaspersky | Email-Worm.Win32.Warezov.gen |
| MAX | malware (ai score=81) |
| Malwarebytes | Worm.Stration |
| MaxSecure | Worm.Warezov.GEN |
| McAfee | GenericRXFJ-CM!0C88767C275B |
| McAfee-GW-Edition | BehavesLike.Win32.Generic.gz |
| MicroWorld-eScan | Trojan.GenericKD.30865232 |
| Microsoft | Worm:Win32/Stration.M@mm |
| NANO-Antivirus | Trojan.Win32.Warezov.fadsim |
| Panda | W32/Spamta.BV.worm |
| Qihoo-360 | HEUR/QVM08.0.82BF.Malware.Gen |
| Rising | Worm.Stration!1.B560 (RDMK:cmRtazpyf9xE+OG/arblLhBaU1Iz) |
| Sangfor | Malware |
| SentinelOne | DFI - Suspicious PE |
| Sophos | W32/Stration-AZ |
| Symantec | W32.Stration!gen |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2006-09-20 21:16:16
PE Imphash
547cd05356c429dc57b17bf0fd6daf12
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| .text | 0x00001000 | 0x0002c5a4 | 0x0002d000 | 6.353296576388688 |
| .rdata | 0x0002e000 | 0x00002efc | 0x00003000 | 4.955424298416429 |
| .data | 0x00031000 | 0x000028c0 | 0x00001000 | 2.393489922190786 |
| .rsrc | 0x00034000 | 0x00030118 | 0x00031000 | 0.5850956669974066 |
Imports
Library KERNEL32.dll:
• 0x42e05c WriteProcessMemory
• 0x42e060 VirtualAllocEx
• 0x42e064 lstrlenA
• 0x42e068 OpenProcess
• 0x42e06c Process32Next
• 0x42e070 Process32First
• 0x42e074 CreateToolhelp32Snapshot
• 0x42e078 GetFileAttributesA
• 0x42e07c lstrcatA
• 0x42e080 GetSystemDirectoryA
• 0x42e084 lstrcmpiA
• 0x42e088 UnmapViewOfFile
• 0x42e08c GetFileSize
• 0x42e090 MapViewOfFile
• 0x42e094 CreateFileMappingA
• 0x42e098 FindClose
• 0x42e09c FindNextFileA
• 0x42e0a0 lstrcmpA
• 0x42e0a4 GetLastError
• 0x42e0a8 FindFirstFileA
• 0x42e0ac lstrcpyA
• 0x42e0b0 SetFilePointer
• 0x42e0b4 ReadFile
• 0x42e0b8 GetTimeZoneInformation
• 0x42e0bc GetModuleHandleA
• 0x42e0c0 LoadLibraryA
• 0x42e0c4 GetModuleFileNameA
• 0x42e0c8 GetCurrentDirectoryA
• 0x42e0cc MoveFileExA
• 0x42e0d0 CopyFileA
• 0x42e0d4 GetOverlappedResult
• 0x42e0d8 LockResource
• 0x42e0dc SizeofResource
• 0x42e0e0 LoadResource
• 0x42e0e4 FindResourceA
• 0x42e0e8 ResetEvent
• 0x42e0ec GetVersionExA
• 0x42e0f0 HeapReAlloc
• 0x42e0f4 IsBadWritePtr
• 0x42e0f8 GetVolumeInformationA
• 0x42e0fc DeviceIoControl
• 0x42e100 DefineDosDeviceA
• 0x42e104 QueryDosDeviceA
• 0x42e108 SetEndOfFile
• 0x42e10c GetProcAddress
• 0x42e110 CreateRemoteThread
• 0x42e114 GetCurrentProcess
• 0x42e118 CreateMutexA
• 0x42e11c ReleaseMutex
• 0x42e120 GetProcessHeap
• 0x42e124 HeapAlloc
• 0x42e128 Sleep
• 0x42e12c CloseHandle
• 0x42e130 GetTempPathA
• 0x42e134 GetTempFileNameA
• 0x42e138 WriteFile
• 0x42e13c CreateProcessA
• 0x42e140 DeleteFileA
• 0x42e144 HeapFree
• 0x42e148 GetLocalTime
• 0x42e14c CreateThread
• 0x42e150 CreateEventA
• 0x42e154 WaitForMultipleObjects
• 0x42e158 SetEvent
• 0x42e15c WaitForSingleObject
• 0x42e160 ExpandEnvironmentStringsA
• 0x42e164 CreateFileA
• 0x42e168 GetTickCount
• 0x42e16c ExitProcess
• 0x42e170 RtlUnwind
• 0x42e174 RaiseException
• 0x42e178 GetStartupInfoA
• 0x42e17c GetCommandLineA
• 0x42e180 QueryPerformanceCounter
• 0x42e184 GetCurrentThreadId
• 0x42e188 GetCurrentProcessId
• 0x42e18c GetSystemTimeAsFileTime
• 0x42e190 TlsAlloc
• 0x42e194 SetLastError
• 0x42e198 TlsFree
• 0x42e19c TlsSetValue
• 0x42e1a0 TlsGetValue
• 0x42e1a4 SetUnhandledExceptionFilter
• 0x42e1a8 DeleteCriticalSection
• 0x42e1ac LeaveCriticalSection
• 0x42e1b0 EnterCriticalSection
• 0x42e1b4 InterlockedExchange
• 0x42e1b8 VirtualQuery
• 0x42e1bc HeapDestroy
• 0x42e1c0 HeapCreate
• 0x42e1c4 VirtualFree
• 0x42e1c8 VirtualAlloc
• 0x42e1cc TerminateProcess
• 0x42e1d0 HeapSize
• 0x42e1d4 VirtualProtect
• 0x42e1d8 GetSystemInfo
• 0x42e1dc LCMapStringA
• 0x42e1e0 WideCharToMultiByte
• 0x42e1e4 MultiByteToWideChar
• 0x42e1e8 LCMapStringW
• 0x42e1ec GetStdHandle
• 0x42e1f0 UnhandledExceptionFilter
• 0x42e1f4 FreeEnvironmentStringsA
• 0x42e1f8 GetEnvironmentStrings
• 0x42e1fc FreeEnvironmentStringsW
• 0x42e200 GetEnvironmentStringsW
• 0x42e204 SetHandleCount
• 0x42e208 GetFileType
• 0x42e20c IsBadReadPtr
• 0x42e210 IsBadCodePtr
• 0x42e214 GetACP
• 0x42e218 GetOEMCP
• 0x42e21c GetCPInfo
• 0x42e220 InitializeCriticalSection
• 0x42e224 GetStringTypeA
• 0x42e228 GetStringTypeW
• 0x42e22c GetLocaleInfoA
• 0x42e230 SetStdHandle
• 0x42e234 FlushFileBuffers
Library ADVAPI32.dll:
• 0x42e000 RegOpenKeyA
• 0x42e004 RegEnumKeyExA
• 0x42e008 InitializeSecurityDescriptor
• 0x42e00c GetTokenInformation
• 0x42e010 SetSecurityDescriptorOwner
• 0x42e014 SetSecurityDescriptorGroup
• 0x42e018 AllocateAndInitializeSid
• 0x42e01c GetLengthSid
• 0x42e020 AddAce
• 0x42e024 IsValidSecurityDescriptor
• 0x42e028 QueryServiceStatusEx
• 0x42e02c OpenSCManagerA
• 0x42e030 OpenServiceA
• 0x42e034 CloseServiceHandle
• 0x42e038 RegDeleteValueA
• 0x42e03c RegSetValueExA
• 0x42e040 RegOpenKeyExA
• 0x42e044 RegQueryValueExA
• 0x42e048 RegCloseKey
• 0x42e04c OpenProcessToken
• 0x42e050 LookupPrivilegeValueA
• 0x42e054 AdjustTokenPrivileges
L!This program cannot be run in DOS mode.
frfrfrn
frj}frn/frjn/frfswfrj-
m,frj(frRichfr
`.rdata
@.data
D$ D$ tD$!FD$"D$#3I
T$,RD$
D$ D$ tD$!FD$"D$#3I
T$,RD$
SVWt$0
D$$D$$PhA
T$0T$0Rhp@
UVt$ W
D$4S\$,PSFM
(D$(L$
NuL$(D$8
D$(D$4L$([_^
D$ D$ tD$!FD$"D$#3I
T$,RD$
D$ D$ tD$!FD$"D$#3I
T$,RD$
xSD$4D$CL$DL$J
L$SVWD$8{D$9:D$:YD$;D$=D$>D$?'D$@4D$AD$B
D$CzD$D
D$E0D$FD$GD$HD$ID$JD$M2D$ND$OD$PcD$QyD$S\D$TD$UD$VD$WD$XD$YSD$ZD$\vL$]D$^D$_
D$`AL$aD$bpD$cID$dD$e}D$fD$h
D$iND$j-\$kD$lBD$mD$nD$oPD$pCD$qD$rKD$sTD$teD$uUD$vD$wD$xD$yD$zD${
D$|D$}@D$~D$
8@/|D$
D$$T$(RPQW
|$h3T$(RD$lPWWWWWW$
t2T$,R
P5tP5u
;w-r%P
^SUVt$
PU7vmO
Q+VS_^[
RU;vh{
^QVW|$
D$ P5L$
@u+PR_^
SVWej0
RPQCM_^d
PL$(t$XhB
L$(QD$,hB
C;L$l_
aL$p]G
D$`Z,[
L$L_^d
PL$,t$\h<B
L$,QD$0tB
UWL$llE
U,A,Q,E,E,
8Z,teP
V,P,^,@
V,P,^,
VX,N_,}(
D$`T$dL$P^
EC-WeuuLF
RPQPUB-t
wlr%~(
;)u.WUj
WUPL$(Q?
;0u8;u4@
;t[F-uAF
P-tQD$
SVWej8&
PL$(t$XhB
L$(QD$,hB
C;L$l_
aL$p]G
D$`Z4[
L$L_^d
W|$,L$
t\$ L$
t$,t8Q
D$(_^]
L$,gt$,
WSPL$8QL$$
D$(_^]
D$(_0^]@
HUH5VtLj
PL$,t$\Th<B
L$,QD$0tB
SWL$l\$
S4A4Q4C4D$
8Y4tcH
N4H4^4P
Z4xH4u
N4H4^4
L$dD$`
L$P^]d
W|$ Sj
WZ][_^
W|$ Rj
W ][_^
PWt\L$$\$$
A5W|$ t
PMtaL$$\$$
RW't;C
H5W|$
WY][_^
WD][_^
8Ul$LVWUG
QUL$$D$T
dPVT$\RD$X
L$D_F(^]d
;0u8;u4@
;t[F5uAF
P5tQD$
xSj2Q$
@u+PWL$,D$$PT$ M
tIx(;t
@u+PWL$,j3l$`WT$,
D$\PL$ Q
l$x|$tD$d
|$8D$(
k#PL$DVL$DQM
L$|_^]3[d
PWSD$
@:u+PRL$
\$T|$(
\$@\$0
@:u+PRL$4*D$,PO
PQL$`QLU
L$H_^][d
~TSVt$
RD$ D$
L$,D$0
(SVW3}
t`ElhB
D$plD$q
D$rqD$s
D$tmD$vp\$wD$xgj
D$p3D$q]D$r2D$sVD$teD$uWD$v<D$wND$x h\$a3
D$`D$b
\$cD$dLD$eD$fUD$g
`@L4`N;|L$aD$`T$b#4eL$iL$dD$hD$cn4%L$lL$gD$kD$f
T$jT$e4auL$osD$nT$m
D$`kD$aaD$bvL$cD$dvD$ec\$fD$TD$UD$VD$W
D$XD$YD$ZD$[D$\H3
@T4TN;|D$TT$U4=$
T$Y4U$
}D$dD$eD$fD$gD$hD$iD$jD$kD$llD$
D$efD$f
D$grD$h
D$idD$j
D$k|fD$\iD$]D$^D$_&D$`D$a
D$bD$cD$d3
\AD4\N;|D$\L$]T$^4
L$`4g$
D$ T$p$
L$$T$(D$,L$h$
L$0T$4D$8$
L$<|$@T$DD$HL$|$
D$\_l$L
lD$XwD$YuD$ZpD$[dD$\mD$]gD$^r\$_L$HT$PD$T]L
_^3[$<
QVD$$(
tpT$@R
3M~XSVt$
VaWD$TD$$D$L3j
D$]dD$^b\$_D$-sD$.p\$/D$TD$UD$V>D$W$D$
D$xD$hcD$igD$ji\$kD$,dD$-bD$.x\$/
4D$_jRD$lD$
L$]T$^D$4hD$5tD$6m\$7
D$msD$np\$oD$
fD$?L$=T$>D$
4ND$gL$eT$fD$DmD$EhD$Ft\$GD$
4`UD$xD$
L$yL$tj
g\$ D$|
D$}D$~D$
RL$ D$(oD$)dD$*s\$+D$,oD$-fD$.t\$/D$4tD$5bD$6b\$7D$<tD$=xD$>t\$?D$DuD$EiD$Fn\$GD$0D$1
D$!rD$"
D$<wD$=sD$>h\$?D$
L$ET$FD$GD$|$
L$pT$@D$h$
L$HT$xD$
L$,T$4D$<
D$LpD$MhD$Np\$OD$
D$TsD$UhD$Vt\$W
D$\D$]ID$^D$_8D$dD$eD$fD$g$
|_^3[$
T$$+;s
T$$++;w
t$ L$$
9t$$wsE
T$$RT$$
D$ ;woE
T$$RT$$
D$$+RT$$
SRP[_^[
Ul$ ++;w
;t$ sdC
++RWQP[_^
D$0SD$0
|$ t\q
;s!t$T
G;r|$
;seD$T
<_u L$T<
8rbT$<L$(F
D$(l$8
L$(T$T
WPQL$4|$<
D$(L$\j
U_]3^j
L$ Q$d
L$LQ$d
D$LP$d
PD$ .D$!wD$"aD$#bD$$
_^[]QSV5xB
z~_^3[Y
D$ D$ -D$!D$"
D$#fD$$D$%\$&T$'D$(D$)
D$*D$+{D$,
L$-D$.CD$/[D$0D$1D$2D$3D$4/D$5bD$6
D$7D$8D$9D$:D$;D$<D$=KD$>D$?ED$@zD$AxD$BUD$CcD$D
D$ED$F1D$GD$HD$I
D$JD$K4D$LD$MD$ND$OL$PD$QZD$RD$SD$TwD$UnL$\$
D$VD$WD$XD$YmD$ZD$[gD$]
D$^D$_D$`D$a2D$b?D$ceD$dD$eD$fGD$gED$h
D$iD$jhD$kD$l(D$m
D$pHD$q
\$sD$t
D$u\$vD$w
D$xD$yD$z]D${JD$|sD$}D$~jD$
WRPQT$ R$
_^[]Ul$
~PSVt$
AHu^][
P-tP-u
[VWF4jP3
Hu+N4~0Q
rBW3v*I
ty wtSU3
C;r^][
W|$,D$$
^[3_L$
D$ D$$D$(9_
T$8Rj D$
P4H0H H8H@SV~4
^UjhpB
+;euw(9F
Q@@(PMN4Q
@u+PVP_^
DV?+;^sQj
$PL$ D$P
L$ QD$$hB
PL$,t$\
L$,QD$0tB
UWL$llE
U,A,Q,E,E,
8Z,teP
V,P,^,@
VX,zP,u
V,P,^,
VX,N_,}$
D$`T$dL$P^
T$8VD$ D$@L$@PQRL$
RQPO|$
D$ hD$!D$"
D$# D$$tD$%FD$&D$'D$(D$)3T
T$0RD$
@u+PL$0QN84$0
;0u8;u4@
;t[F-uAF
P-tQD$
SVWej0
RPQM_^d
QSVWF4jP
t)x(;t
;F ^$t
;F,^0t
PL$(t$X
L$(QD$,hB
C;L$l_
aL$p]G
D$`Z,[
L$L_^d
SVWG4jP
Hu;G0t4O,
F8O(FG$t
QL$ .D$
N8RO(1
F8VG4P
W|$,L$
t\$ L$
t$,t8Q
D$(_^]
L$,Wt$,
WSPL$8QL$$
D$(_^]
D$(_0^]@
QSVWt$
<@u(SF
tN;s;D$
|T$ D$#$
D$$5D$%D$&
D$0D$1@D$2D$3\
|D$$P$
D$(D$)D$*)D$+
L$,WQ$
D$4D$5D$6
D$ ZD$!4D$"
W|$ Sj
WZ][_^
W|$ Rj
W ][_^
PWtt\L$$\$$
A-W|$ t
P}ttaL$$\$$pl$$;n
RWWtt;C
H-W|$
WY][_^
WD][_^
SUl$8VWU8G
3;t#~$
p}MjSUL$
\$0\$
w\$,L$
QVT$HR
\$D0|$(
L$0_F(^][d
EEPj MQS
MQWURS
8EPM\x}_
EPMUN8V<EV
_^[]UjhXB
@:u+PVM-uVE
9urQUR
H4X0X X8X@u
^L^<SSSD$$
D$!D$'D$
D$ hD$"
D$# D$$tD$%FD$&L$(3d$
T$4RD$
D$!D$'D$
D$ hD$"
D$# D$$tD$%FD$&L$(3T
T$4RD$
D$XxD$
D$#ND$-D$6A
D$ D$ D$!SD$"D$$vT$%D$&D$'
L$(D$,
D$.-D$/D$0BD$1D$2D$3PD$4CD$5D$7TD$8eD$9UD$:D$;D$<D$=D$>D$?
D$@D$A@D$BD$CD$D
D$FD$GrD$HD$ID$JT$KD$QD$LD$McD$ND$OD$PYD$RD$ShL$T3
_3^L$X
D$lL$hP
_3^L$Xm
r_^]3[_^]
P3VQRD$0h
PQRD$0h
AHu^][
\$Q\$T
D$-T$1D$=
\$ZT$\\$cw3D$(D$)4D$*D$+D$,D$.D$/ZD$0L$2D$3D$4D$5D$6D$7mD$8D$9gD$:nD$;
D$<D$>D$?2D$@?D$AeD$BD$CD$DGD$EED$F
D$GD$HhD$ID$J(D$K
D$LD$MD$NHD$O
D$PD$R
D$SD$U
D$VD$WD$XD$YUD$[T$]D$^D$_iD$`D$aD$bWD$dD$eD$fD$g^D$hD$iGD$jK\$kD$lT$mD$nD$oD$r$
L$tL$uD$vpD$wD$xMD$yD$z
D${zD$|"D$}'D$~+D$
L$ 3+P
D$2QL$,R
PRD$PPQ
RD$ D$ D$!TD$"hD$#eD$%
D$&D$'3
|=P7PD$<T$
T$KT$hT$
D$<D$=4D$>'D$?D$@D$A
D$BOD$CD$D
D$ED$FD$G
D$HD$ID$JD$LD$MD$ND$O)D$PD$QD$RD$SD$TD$UAD$VD$WD$X
D$YD$ZD$[
L$\D$]D$^D$_D$`D$agD$b
D$cD$dD$eL$fD$gdD$
D$ aD$ D$!D$"D$#D$$D$%YL$(L$1D$4D$&D$'D$)D$*D$+D$,D$-kD$.D$/D$0UD$2;D$3xD$5D$6ID$7[D$83,
-|UT$@R
D$|=D$}OD$~D$
D$ qD$ D$!&D$"D$#D$$
D$%gD$&cD$'D$(+D$)D$*D$+FD$,D$-D$.T$/D$0\D$1D$2.D$3
D$4`D$5$D$6D$7
D$8D$9D$:zD$;D$< D$=~rV
]j@PL$
iD$ kD$ <D$!&D$"#D$#uD$$&D$%:D$&#D$'uD$(8D$)
G QPL$$Q$
qtmD$0mD$1YD$2DD$3FD$4
D$7XD$8&D$9!D$:+3
PD$4P$
D$$RD$
\$ D$!mD$"D$#\$$D$%D$&D$'D$)D$*D$+nD$,
D$-PD$.D$/:D$0D$1D$2D$3oV
D$0TD$1oD$2:D$3 D$4%D$5sD$6
G<PD$4P$
D$0D$1D$2D$3gD$4CD$5D$6D$7AD$8D$98D$:D$;D$<D$=8D$
D$ "D$!D$"D$#D$$5D$%D$&zD$'#D$(ND$)3L
GXPD$4P$
D$ D$!
D$"9D$#`D$$KD$%KD$&0D$'.D$(qD$)D$*D$+D$,D$-D$._D$/D$0?D$1D$2D$4D$5D$62D$7D$8RD$9D$:\$;D$<D$=D$>
D$?\D$@QD$A/D$B%D$C
D$DVD$EwD$F[$(
L$9^-{$
_D$0D$1FD$2
D$3D$41D$5D$6AD$7xT$8D$:D$;.D$<_D$=D$>L$?D$@MD$A\$BD$CD$DSD$ED$XD$FD$GED$H<D$ID$J2D$KD$LD$M\D$ND$OD$P
L$QD$RiD$S
D$TD$UD$V
D$WAD$YD$Z
T$\D$]D$^D$_.D$`
D$aD$b+D$c03T
\$fpD$PD$RD$ddD$eD$gD$hD$i
D$jD$kD$l%D$mD$nD$pD$q
D$r9D$sD$tD$u
D$v[D$wWD$x>D$ycD$zD${
D$|D$}
D$0'D$1D$2
D$3D$4D$5`D$6D$7D$8QD$9D$:D$;D$<D$=
D$>\D$?D$@\$AD$B5D$C4D$DQD$E
D$FD$GnD$HD$I/D$JD$K'D$LD$MfD$ND$O(D$QL$S3L
$|D$dPPL$hQ
QUGvvO
Q+VS_^[
PUFvm{
D$ 3PL$
D$$eD$%D$&D$'D$
D$ fD$
,kD$$D$
ND$ D$
T$TT$8T$`T$0$T
D$XD$,$|
L$\D$dT$l$
D$pD$($
T$xD$|D$
BD$$D$
T$DT$ $P
L$HT$LT$($
L$PT$T$
|$dl$pL$x$
L$$T$|$
D$@D$A$D$B
D$CDD$DD$ED$FD$G'D$HND$I3
DI;|D$DL$ET$F4
D$G#4F$
T$L~4I$
oD$pL$uD${D$8L$:
D$qD$rD$sD$t#D$v@D$w
D$xD$y6D$zD$9D$;D$<tD$=)D$>1D$?ND$@D$AD$BD$C3
8I;|3L
D$8D$9|D$:
D$<PD$=ZD$>D$?)D$@0D$A]D$BD$C1D$dD$eD$f_D$gfD$h
D$jD$k
D$l3D$m
D$nL$o3L
D$TD$|^D$}D$~D$
D$UrD$VeD$W+D$XD$Y
D$Z8\$[D$\D$]
D$^D$_D$`D$aD$bD$c;3
TI;|3L
cD$dD$jnL$`D$bD$DL$KD$eaD$frD$geD$h2D$i.T$kD$lmD$m
D$UD$VD$WD$X
D$YD$ZD$[
D$\fD$]D$^wD$_D$aD$ED$F
D$GD$HYD$ID$J
D$LD$MD$N4D$OD$PD$QD$Ry3
|mD$DT$JD$K$
T$8D$|L$ T$$D$(L$dT$TD$DD$EaD$FiD$GlD$H.D$IcD$L
L$,T$0D$4
+PRG"$
D$|VD$
RT$DhB
aRT$ThB
@:u+PD$DPL$
\$8\$(L$$Q
~jSD$,P
L$(QEC
9t$ ^\$4\$$D$8
D$,HD$-D$.D$/ID$03
0I;|D$0L$1T$2,4D$hD$3L$iL$4H4D$kL$lT$jD$8D$9OD$:{D$;[D$<ED$=mD$>pD$?3
8I;|D$9T$8L$:4
D$yD$<T$xT$;
4.1L$zL$=D$|D$?T${T$>
4*L$}D$
T$~D$0
D$1D$2D$3D$4FD$53
0I;|D$2L$0T$14
D$rD$5L$pL$34
T$qT$4L$sj
D$MeQL$HT$|
D$H)D$IdD$J
D$KlD$L
D$M D$NdD$O
D$PmD$RrD$S
D$TD$U
D$V<D$WoD$X
D$YD$Z
D$[tD$\
L$QRL$H
D$H\$ID$JD$KD$LD$MD$ND$OD$PD$QD$RD$SD$TD$VD$W\$XD$YD$ZD$[D$\D$]D$^D$_5
D$MD$XD$@+D$AcD$BTD$CD$DmD$E!D$FD$G*D$H<D$ID$JD$KD$LyL$YD$Z
\$[D$\D$]YD$^xD$_D$`SD$a
D$bD$c&D$d
D$ex3\
D$<PL$8D$@1D$A
D$BAD$CD$DRD$E;D$FD$8D$9D$:D$;D$<D$=D$>fL$hL$
T$xL$pT$
D$$T$@D$0L$XD$0ED$1rD$2rD$3oD$4rD$5
D$XGD$YoD$ZoD$[dD$\ D$]dD$^aD$_yD$`
T$ D$(L$,*3
51SD$vT$}$
M*VD$xD$yD${D$|CD$}=D$~(D$
pD$ D$ GD$!,D$"WD$#D$$|D$%xD$&D$'D$(6D$)D$*&D$+D$,D$-
D$.D$/D$0OD$19D$2D$3qD$4D$5)D$6
D$7^D$8D$9D$:D$;{D$<[D$=zD$>D$?D$@D$AED$BD$CD$D
JD$PD$SD$vL$HD$ID$JRD$K
D$LD$MZD$N&D$O0D$Q:D$RD$T#D$UPD$V
L$XD$Y$D$Z
D$[D$\,D$]D$^D$_D$`D$aD$bZD$cD$dD$e
D$fCD$g
D$iwD$jD$kD$l,D$mD$nD$oID$pD$qD$r|D$sD$t
D$u8D$w
yD$ yD$ D$!mL$"T$#D$$iD$%eD$&dD$'~D$(D$)cD$*dD$+yT$,D$-_D$.dD$/cD$0iD$1eD$2nL$3T$4D$5iD$6bD$7D$8xD$9D$:iD$;~L$<D$=xD$>yT$?D$@D$AdD$BnT$CD$DbD$ED$FyT$GD$HhL$IL$JD$KdT$LD$MyL$ND$OdD$P~D$Q
D$SD$TyT$UD$VT$WD$XhD$YcD$ZdD$[D$\xD$]sT$^D$_D$bL$f$
D$`~D$a~D$ciD$dbD$egD$gdD$h~D$i$D$j
v@7|T$xD$
3WD$pD$qD$rpD$sD$tD$uD$v^D$wLD$x
p@L4pN;|D$pL$qT$r4v#$
L$t=4$
7D$tD$uD$vD$wD$xD$yD$z)j
QL$lD$
D$l;D$m_D$n0D$oS
D$dD$eD$fAD$gD$h3
dAD4dN;|L$eD$dT$f4$
D$g24$
D$l}D$mD$n^D$o,D$pD$qD$rD$s3
lAD4lN;|D$lL$mT$n4
D$tD$oL$uL$p4MD$wD$rL$xL$sT$vT$q4}D$z9L${T$y$
T$<D$TL$tL$X$
T$TD$d$
|$Hl$LT$d$
D$m(D$n\D$o$D$pPO.
D$d-D$eD$fD$gD$h3
T<dD4dT4dFD<dO;|D$dT$e4$
D$h4-$
T$,D$0$
l$(T$4D$8$
D$eD$fD$ghD$h13
T<dD4dT4dFD<dO;|D$dT$e4 $
L$dL$l4
L$dT$l
D$ecD$fmD$gd\$hD$mpD$niD$of\$pD$
L$ T$$K3
@:u+PV
@:u+PV
D$ VD$
D$$sD$%eD$&cD$'uD$(rD$)
@uL$,+PR
^]SUl$
AHu^][
L$ D$ <D$!D$"D$#
D$$hD$%D$&
D$' D$(tD$)FD$*D$+D$,D$-3S\
L$8QT$
WD/3$4
u UPP_^]3[$
P_^]3[$
P_^]3[$
P_^]3[$
D$hD$i
D$jD$k4D$l'D$mD$nD$o
D$pOD$qD$r
D$sD$tD$u
D$vT$wD$xD$zD${D$|D$})D$~D$
RD$(Pj
D$ hD$!D$"
D$# D$$tD$%FD$&D$'D$(D$)3T
T$4RD$
D$ 'D$ 4D$!D$"
D$#zD$$
D$%0D$&D$'D$(D$)D$
T$4RD$$P
L$#L$(,
D$ D$
D$!D$"D$$D$%D$&}D$'D$)dD$*
D$+#\$,D$-1D$.D$/D$0D$1[D$2MD$3D$4D$5D$6D$7JD$8hD$9D$:>D$;D$<D$=O\$>T$?D$@cD$AD$BD$CSL$DD$EVD$F
D$G;D$H0D$IT$XD$YpD$Z
D$[D$\RD$]vD$^D$_
D$`D$agD$bD$cD$d=D$e
D$f_D$gLD$hD$iCD$jtD$kD$lD$m
L$nD$oD$p\$qD$rD$sD$t
D$uD$v4D$wD$xDD$y%D$zD${9D$|
D$}D$~D$
D$LD$M
D$ND$OcD$P
D$SDD$TD$U3\
R3VD$$PQ
D$ 6T$
D$!L$'T$4L$C
D$ D$"#D$#PD$$@D$%
D$&D$(D$)D$*D$+^D$,3D$-D$.,D$/
D$1D$2D$30D$5
D$7D$8T$9D$<D$=
D$>D$?D$@XD$A~D$B`D$DdD$EBD$FD$GL$HD$JD$KoL$LD$MD$ND$OD$PD$QD$RGD$S?D$T7D$UkD$VD$]zuD$^D$`L$WD$XD$YD$ZD$[;D$\]L$_D$aD$bD$c_D$dD$ePD$fSD$gD$hT$i3d$
uKL$lQD$
$PT$pRj
u8T$`D$eD$
RPD$htD$isD$jeD$krD$lv
D$l{D$m:D$nYD$oD$px\$qD$rD$s'D$t4D$uD$v
D$wzD$x
D$y0D$zD${D$|D$}D$~D$
D$ D$ tD$!FD$"D$#D$$D$%D$&3d$
D$ D$ tD$!FD$"D$#D$$D$%D$&3
D$ D$ tD$!FD$"D$#D$$D$%D$&3
RD$P{D$Q:D$RYD$SD$Tx\$UD$VD$W'D$X4D$YD$Z
D$[zD$\
D$]0D$^D$_D$`D$
D$ D$ tD$!FD$"D$#D$$3]$
QD$${D$%:D$&YD$'D$(x\$)D$*D$+'D$,4D$-D$.
D$/zD$0
D$10D$2D$3D$4D$
D$ D$ 3d$
RD$8{D$9:D$:YD$;D$<x\$=D$>D$?'D$@4D$AD$B
D$CzD$D
D$E0D$FD$GD$HD$
D$ D$ 3d$
SUD$lVMW
D$SD$UD$hL$mL$Yj
oPL$XD$pD$qD$rD$s
D$tuD$vD$wD$xD$yD$X=D$YDD$Z%D$\"D$^cD$_
\$`miT$YT$`kg
L$SL$]T$_L$eT$f3D$PD$RaD$TlD$U.D$Vc\$WD$Y
D$\nD$^rD$`\$aD$bjD$c(D$deD$g
L$PL$$T$\L$
t$ T$(;D$
D$p3PL$\$
5L$DQk
L$\Qh`
T$@RD$@PL$@QT$@R
D$ L$$T$DD$dL$|T$(D$,L$0
D$(PhA
D$45 B
D$x^D$ymD$z
T${D$|<D$}D$~D$
|$ fD$PD$
PL$$Qj
D$lD$msD$nD$o D$pD$qD$rD$sD$t}D$uD$v1D$xD$y
D$zD${OD$|D$}D$~D$
~dkDVb
D$$PD$l
SD$1D$4D$
D$ T$ D$!
D$"ND$#pD$$D$%nD$&D$'D$(D$)dL$*D$+
D$,.D$-
D$.D$/D$0D$5D$6D$7D$8TD$9
D$:iD$;D$<
D$=L$>D$?D$@
D$AD$B,D$CzT$DD$E
D$FD$GD$HD$IhD$JwD$KD$LKD$MrD$ND$OvD$PD$Q1D$RsD$SD$T
D$VD$Yj*D$
PD$<D$_lD$`D$b5D$cD$dD$e@*
RD$hPj
PL$dQ$l
{3NW|$
QxVD$DD$QWD$l{D$m:D$nY\$oT$pD$qD$rD$s'D$t4D$uD$v
D$wzD$x
D$y0D$zD${D$|D$}D$~
D$AMD$B.D$CD$DVD$ED$FD$GCD$ID$J
D$LlD$MUD$NL$OD$PD$QD$RD$S
D$TD$VD$WD$Xc3
D$kD$#D$\D$]D$^:D$_
D$`cD$a
T$bD$cD$d/D$e?D$f\$gD$hD$iFD$jD$
D$ D$ D$!!D$"3L
D$ D$
D$!tD$"ZD$#
D$$]D$%~D$&MD$'+D$(D$)D$@D$AD$BD$C\D$D'D$ED$F?D$G6D$HD$ID$JsD$KT$LD$MID$N
D$OfD$P{D$Q
D$RpD$S
D$TD$U3T
RPQT$ R$
QD$4D$
D$ D$5>D$6GD$77D$8RD$9oD$:
PD$4D$
?D$ D$!)D$"D$#D$$D$%SD$&
D$'ND$4dD$5
D$6iD$7
D$8|D$9AD$;
D$<hD$=UD$>pD$?
D$ D$,D$7D$
D$-D$.D$/D$0D$1vD$27D$3LD$4D$5<D$63$
D$ D$!.D$"ID$#AD$$D$,
D$-D$.D$/D$0SD$1D$2D$3dD$4D$5D$6D$7nD$8D$9
D$:D$;#D$<
L$IL$Sj
L$DD$0D$2D$3D$
D$5.D$8
D$HD$I~D$JD$K
D$M D$N\D$OD$PD$RpD$SD$T^D$U
D$VD$WD$XUD$Y3D$ZD$
TD$ &D$
D$!>D$"MD$#kD$$
D$%nD$&
D$'7D$(
D$)aD$*GD$+bD$,
D$-7D$.
QD$8PR$
PVjPL$hQT$|R
P4H0H PPHLH<PlHhHX
^t9nlr
~l^h^X9nPr
~P^L^<9n4r
~4^0^ 9n
S3VD$@D$<
\$8\$(\$LD$
D$$PD$P
QL$\T$
RD$0PQx
jST$,R
9t$<^\$
SUW3UhB
@u+PR$
Q=mD$HD$ID$JJD$KD$LD$MD$ND$O
\$PD$QD$RAD$SuD$TD$U
D$VgD$WD$XTD$YD$Z
D$[CD$\D$]
D$^D$_
D$`?D$aD$b D$c)D$dD$eD$fD$gSD$h
D$iND$jpD$kD$lnD$mD$nD$oD$pdD$qD$r
D$s.D$t
D$uD$vD$wD$xD$yD$z
D${zD$|^D$}BD$~}D$
@u+PD$LPNpHD$
D$"ZD$#oD$$aD$%
D$&D$'"D$(ZD$)
D$*D$+D$,D$-
D$.HD$/}D$0D$1D$2D$3"D$
@u+PT$$RNTID$4j
D$<D$=;D$>;D$?D$@D$A
D$BD$CD$D"D$E)D$FD$GD$HD$I
D$JD$K
D$LD$Mi\$ND$OD$
D$ `D$ D$!D$"fD$#D$$D$%_D$&KD$'R
t$XD$H
D$`PL$
L$`k|$\
QSUV_3NW|$
R@Nf-d
+AJf-d
M$SVjQ
T$0RD$
D$4ZD$5D$6PD$7D$8tD$
D$ D$ PWX
uD$=D$ D$8j
PD$(D$@
D$AD$BD$CAD$DuD$)HD$*7D$+D$,D$-5PW
uSD$,D$ D$(j
PD$(D$0)D$1D$2D$3D$)D$*D$+D$,
PL$(t$XhB
L$(QD$,hB
C;L$l_
aL$p]G
L$L_^d
PL$,t$\Dh<B
L$,QD$0tB
SWL$l\$
L$dD$`
L$P^]d
UVQT$$R
;0u8;u4@
Vt$ Sj
Vt$ Pj
~TL$$\$$
VB][_^
V-][_^
}VL$$\$$
PRT$ RD$
F$PD$
PD$(|N
VWF$jP
QSUVWt$
F$_^][d
QSUV3NW|$
k*$ANf-t
D$ #D$ D$!5D$
QRT$(R
W~$Wuf?b
SW^$St
L$$L$0BD$+D$5D$!D$%D$&[T$'D$(bD$)nD$*D$,D$-D$.D$/D$1D$2xD$3D$4L$
FD$ D$ 3I
PD$(PL$PQ
T$HRPD$LP
L$8D$;D$
D$<0D$=D$>YD$@D$AD$BD$CD$DD$E
D$FrD$GID$HpD$ID$JD$KD$
D$ D$ D$!D$"D$#~P
N<QPT$PR
D$HPPL$LQ
F-uFW|$
6F-t_^[
F-uFW|$
;w'r+~(
F-t_^[
SUW3D$PD$L
|$HD$8
;u3M0;t
E(U$PRj
v9\$Lr
@u+PRL$@
t9|$Lu3M0;t
U(E$RPj
9\$Pr
L$$D$`
|$,D$P
D$<D$`
D$<M,T$
E(U$PRj
U(RU$RP4p
WD$4PL$,D$
U(RU$RP]
3WD$4PL$,
L$ ht$ ;t$
0#;t$
tLJ-u@J
t;uSPT$pRL$ yL$ ,gt$ ;t$(
L8[|$P
D$<M,T$
E(U$PRV(D$(
PQD$pPL$0D$l
=yL$(Q
|$(|$,
PQT$pRL$ D$l
^L$T_]d
QT$$T$
L$,QPn
l$D\$8
L$(QUT$
SUl$ _
T$$D$$G
t*Hu;G O
T$$RSP
t$ ;|][_^
VD$HLj
3^L$D0
_"]z[f
3^L$Db
3D$DD$HD$LD$PfD$D
A2fD$Vj
PQT$dJ
xSD$4D$CVcQWD$OD$#3D$8{D$9:D$:YD$;D$=D$>D$?'D$@4D$AD$B
D$CzD$D
D$E0D$FD$GD$HD$ID$JD$LD$M2D$NT$PD$
D$ lD$!UD$"D$$D$%D$&D$'
D$(L$)D$*D$+T$,3
D$0D$1D$2ID$3dL$43
D$p|$lD$\
D$0|$,D$
L$ 3}ej
WD$`P$
jWT$|5}
WT$`R$
L$,QPh
\$,|$(D$
|$h_;^\$dD$P
~dSVt$
AOu_^[
@D$X(D$Y
D$[D$\D$]D$^>D$_D$`D$a(D$b@3W
D$ XD$!D$"M5
^_]3[$@
>D$ _D$ 2D$!W!
AD$lBD$m
D$nD$o[D$pD$qbD$rnD$sD$tD$uD$vD$wD$
|D$lPW
+D$`D$aD$b
D$crD$dID$epD$fD$gD$hD$iD$jD$
|T$`RW
D$8+D$9D$:D$;~D$<D$=
D$? D$@\D$AD$BD$CD$Dp\$ED$F^D$G
|D$8PW
D$T^D$UZD$VD$WD$XD$Y
D$Z}D$[D$\CD$]
\$_D$`D$aD$b7D$
&D$ D$
D$!d\$"D$#D$$g
D$xD$yD$zD${D$|D$}D$~D$
|T$xRW
_D$(PL$
D$-D$.
D$/)D$0D$1
D$3D$4D$5*D$6
D$ D$ D$!2D$"
\$#D$$)3
D$ D$ D$!xD$"D$#tD$$D$%t
D$ PD$ fD$!D$"[D$#D$$aD$%YD$&3
]D$lPL$,
D$pSD$qD$rD$sD$tD$ulD$vD$wHD$xND$y0D$zjD${D$,!D$-vD$. D$/qD$0
D$1vD$2
D$3gD$4I\$5D$6A\$7
D$(D$)D$*D$+D$,D$-D$.D$/D$0D$1D$2D$3D$4D$53t
|T$(RW
_D$8D$9D$:D$;D$<D$=D$>D$?D$@D$AD$BD$CD$DD$ED$FD$GD$H3t
|D$8PW
D$LD$MCD$ND$OD$PD$QXD$RjD$SD$T\$UD$V D$WD$X5D$YD$Z4D$[D$\D$xD$y+D$zxD${D$|D$}
|T$LRW
D$|BD$}
D$~eD$
D$`@D$aD$bD$c
D$dD$eD$fD$gD$hD$iD$jD$($D$)D$*wD$+WD$,D$-D$.D$/D$0xD$1D$2P3\
QD$TD$@+D$A~D$B
D$CD$D1D$E"D$FID$GD$HD$ID$JD$KTD$LD$MD$NHD$OD$PD$Q&D$T&D$U
\$VD$W:D$XD$YD$Z'D$[D$\D$]D$^D$_&D$`AD$aTD$bD$cgD$d
D$,mD$-D$.D$/
D$0D$1`D$2SD$3
D$4D$5D$6
"L$8QL$P
D$<uD$=
D$>D$?D$@LD$AD$B6D$CMD$D
D$ESD$FD$GXD$HD$ID$JD$KD$L
D$M9D$PJD$Q
D$R|D$S
D$T_D$U6D$VXD$W<D$XSD$Y$D$ZWD$[ D$\pD$] D$^tD$_1D$`ID$a
AOu_^( C
_^3[U- B
=~mVW+Z
SU-, C
FI;0 C
WD$X{D$Y:D$ZYD$[D$\xD$]D$^D$_'D$`4D$aD$b
D$czD$d
D$e0D$fD$
\$9D$:
\$;D$<?\$=D$><D$?KD$@
D$AxD$B
D$CsD$D
D$E5D$FpD$G
D$h{D$i:D$jYD$kD$lxD$mD$nD$o'D$p4D$qD$r
D$szD$t
D$u0D$vD$
D$7D$9RT$8
D$9ZD$:
D$<0D$>3D$?DD$@
D$AwD$B
D$C|D$D
D$E:D$F
D$4TD$5,D$6|D$7
D$9|D$:,D$;D$<PD$=\$>D$?)D$@D$AD$BND$CED$ D$!
D$"D$#5D$$ZD$%D$&CD$'D$(D$)D$*
D$+ED$,D$-D$.*D$/3$
D$ICD$J
D$KYD$L
D$MtD$N
D$OwD$P
D$QED$R3D$SVD$T8D$ULD$V~D$W;D$XCMD$FD$HD$D
T$ED$G`D$IL$JD$K
D$LND$MD$N?D$OD$PD$QD$RD$S3D$TD$UD$VD$WmD$ =L$!D$"aD$#D$$oD$%sD$&pD$''D$(
D$)D$*0D$+T$,D$-D$.D$/;D$0f
D$1pD$2D$33
Hfmfmfmfm
|D$xTD$y,D$z|D${
D$}|D$~,D$
|fmfmfmfm
D$HD$IZD$JLD$KD$LD$MOD$ND$OsD$PED$QD$R^D$SD$TD$UeD$VD$W
D$%D$& D$'D$(D$)0D$*D$+3D$,6D$-D$. D$/D$0D$1
ND$ D$!
D$"D$#`D$$ZD$%D$&KD$'^D$(&D$)D$*
D$+KD$,D$-D$.3T
$fmfm\
D$$D$%ZD$&LD$'D$(D$)OD$*D$+sD$,ED$-D$.^D$/D$0D$1eD$2D$3
D$ D$ D$!
D$XPUj
D$xPUj
T$hRUX
L$4QUj
Q#_#^[S
Q##_^[Vh
L$8V54B
SVf58 C
|,W3D$LTD$ML$ND$O
L$QD$RD$SD$TPT$UD$VSD$W)D$XD$YD$ZND$[ED$\D$
*D$ D$ ;f=
|D$%L$&L$)D$*PD$?OL$,
D$HD$gD$$TD$'
D$+T$-D$.SD$/)D$0D$1D$2ND$3ED$4D$5\$6D$7D$8D$:*D$;
L$<D$=iD$>vD$@ D$A0D$BpD$CD$DZD$ELD$FD$GD$ID$JsD$`'D$a8D$bD$cVD$d"D$eD$f
D$iD$jD$k
D$lT$mD$nD$oD$poD$qD$r.D$szD$tD$uD$v
D$wD$x(D$yD$z\${D$|DL$}D$~D$
|$dSD$hD
|$`F<D$`D
QT$dRj
D$0f8 C
BD$ PD$ rD$!oD$"cD$#
T$$D$%AD$&D$'hD$("D$)D$*
D$,D$-T$.D$/
D$0D$1D$2
D$3'D$4;f8 C
_^L$0P
_3^L$0P
D$lxSD$TD$cUVD$lD$r
\D$2D$5WD$\{D$]:D$^YD$_D$aD$bD$c'D$d4D$eD$f
D$gzD$h
D$i0D$jD$k\$lD$mD$nD$q2D$rD$sD$tcD$uyT$wL$xD$,(D$-uD$. D$/D$0/D$1D$2D$3bD$4hD$5D$7
D$8c\$:D$;D$<D$=D$>D$?"D$@T$AD$BD$CD$D
D$FD$G1L$H3\
D$,/D$-?D$.D$/D$0D$1FD$2D$3D$4D$5D$6D$7U\$8D$9D$:D$
D$ tD$ oD$!(D$"D$#D$$D$%D$&D$'
D$)D$*S3
0fmfmfmfm
D$XD$LD$TPT$P
D$XD$YD$ZyD$[D$]D$Q{D$R
\$SD$T
D$UdD$Lf8 C
L$$D$%cD$&tD$'iD$(v\$)D$*ZL$+D$,
UQSUT$ R
L$|_^]3[.K
VxWD$DD$J
D$ST$4T$CcL$ND$UD$YL$^T$i/D$0{D$1:D$2YD$3D$5D$6D$7'D$84D$9D$:
D$;zD$<
D$=0D$>D$?D$@D$AD$BD$E2D$FD$G\$HD$IyD$K\D$LD$MD$OD$PD$QSD$RD$TvD$VD$W
D$XAD$ZpD$[ID$\D$]}D$_D$`LD$aD$b3L$cD$dD$e:D$f
\$gD$h
L$jD$kD$t(D$uuD$v T$wD$xD$y$
D$zD${bD$|hD$}D$~
D$sD$(D$lL$.P2D$,
D$p!D$qqD$rD$seD$tD$uD$vD$-D$.D$/D$0
D$1D$3w_$
D$&QT$
D$"aD$#
D$$QD$%4D$&FD$'0D$(YD$):D$(f8 C
D$$A\$%D$&tD$'iD$(vD$)eD$*SD$+GD$,
=lG<VD$ P<Sj
VsD$,cW=4 C
\D$ dD$"D$#D$$D$%D$&
D$'D$(
L$)D$*D$,S\
tM~TWD$
F\F\L$0_^
D$yD$~
D$rD$}
D$`D$a#D$bD$cHD$f&D$g^D$h
D$iD$j&D$kDD$lD$mD$n&D$o D$pT$qD$sD$tD$u$D$v7D$wD$xgD$yD$zD${
D$|PD$~
fmfmfm
T$dD$jD$lD$,WD$hL$xL$)T$,T$1PT$(
D$mkD$nD$oD$p
D$qMD$s`D$uD$vD$w
D$xND$yD$z?D${D$}D$(D$)D$*D$+D$,D$.\$/D$1D$2L$3D$6D$7D$8L$9
D$$D$.QT$($
D$)]D$*
D$+TD$,
D$-WD$.
D$/DD$0
D$1]D$3wD$4
D$5{D$6
D$7aD$8
D$9gD$:;D$;rD$<
D$=hD$>
D$AtD$B
D$C D$DsD$E
D$FuD$G
D$HrD$I
D$JoD$K
D$JD$ND$XD$Y8D$ZD$[WD$\ T$]D$^D$_D$`\$aD$b
D$cD$dD$eD$fcD$HD$IMD$K#D$LzD$MD$OD$PD$QDD$RWD$SD$TD$UD$Vc3
xD$*D$0D$$ND$%dD$&pD$'|D$(sD$)iD$+~D$,=D$-^D$.rD$/oD$1=D$2QD$3^D$4
'|f8 C
L$PD$QcD$RtD$SiD$TvD$UeD$VND$WID$XSD$Y
PL$$Qj
kdkhklf8 C
C#5, C
stVD$$P
SUV|D$x,L$2L$5PED$1D$6L$8
L$ED$K
WD$4TD$7
D$;D$=D$>SD$?)D$@D$AD$BNT$C\$DD$ED$F
D$GD$HD$J*D$KD$L
D$MiD$NvD$P D$Q0D$RpD$SD$TZD$ULD$XD$Y#D$ZD$[HT$\\$]D$^&D$_^D$`
D$aD$b
T$cD$dD$eD$f'D$g(D$hL$iD$jlD$kD$lD$m D$nID$oD$p
D$qD$rD$sFT$tD$uGD$vL$wD$x
D$y3d$
fm"|D$
?D$ D$ D$!D$"D$$BD$%(D$&wD$'
D$(sD$)YD$*{D$+TD$,
D$-D$.
D$/D$0qD$1pD$2J3
fmfmfmfm
|zD$3D$#D$$D$%D$&AD$'\$(D$)6D$*D$+fD$,D$-8D$.~D$/D$0D$1D$2q\$
D$ D$ D$!D$"
fmfmfmfmfmfmfmfmh
tD$ iD$ vD$!eD$"OD$#PD$$
L$|_^]3[/3
,|D$1L$2L$5D$6
D$KHpWD$4TD$7
D$;D$<PD$=D$>SD$?)D$@D$AD$BND$CED$DD$ED$F
D$GD$HD$IPD$J*D$K
\$LD$MiD$NvD$P D$Q0T$RL$SD$TZD$ULD$VD$WD$XOD$YD$dD$e#D$f
D$gD$hED$iD$j&D$k^D$l
D$mD$n
D$pD$qD$r
D$sL$tD$uD$vdD$wD$xtD$y
D$zD${D$|j\$}D$~D$
&|-4 C
VL$\L$(2L$.AL$#3D$]eD$^rD$_sD$`iD$aoD$bnD$c
D$)D$*PD$+D$,WD$-D$/T$0D$1D$2D$
D$ uD$
\$!D$"D$$"D$%qD$&
T$$D$%cD$&tD$'iD$(vD$)eD$*MT$+\$,f8 C
SL$@Qh
PSL$lQR
~WT$ R
UPS, C
_^]3[i.
SUV|,L$
L$(L$5
PT$'T$4ID$
D$:L$<L$=f
D$?WD$
D$#\$$D$%D$&SD$')D$(D$)D$*ND$-D$.
D$/D$0
\$1D$2*D$3D$4D$5#D$6D$7HD$:&D$;^D$<
D$=T$?D$B
D$DD$ET$FD$GD$HD$I$D$J;D$K>3
9fmfm\
|nD$RD$V4 C
\$Q\$_
D$TVD$VrD$WsT$XL$YD$[
D$\WT$]D$_RL$`D$auD$btD$d
L$`_^]3[0+
_^3[VS
WD$8TL$9D$:D$;
D$=L$>D$?D$@PD$AD$BSD$C)D$DD$ED$FND$GED$HD$
D$ 'D$ ;3\4
|D$$TL$%D$&D$'
D$)L$*D$+D$,PD$-D$.SD$/)D$0D$1D$2ND$3ED$4
D$ 'D$ ;3
ND$ ED$ D$L
D$MDD$ND$O`D$P"D$QD$R
D$TD$UT$VD$W
D$XD$YD$Z*D$[ D$\;3\
`@u|$`OG
GuD$$f
@u|$`+OO
_^[]SUl$
SFJ;f@ C
AH-< C
|,UD$:D$=D$
VD$<TL$=D$?
L$BD$CD$DPD$ED$FSD$G)D$HD$ID$JND$KED$LD$
D$ D$!D$"
D$$\$%D$&
D$''D$(;3T
|6zD$VT$`D$fD$mT$z
\$Q\$cD$qD$t
D$PD$RD$SAD$TL$UD$WD$XfD$YD$Z8D$[~D$\D$]D$^D$_qD$a\D$bmD$d
D$eD$gD$h~D$i
D$kD$ljD$nD$o1D$pD$r\$sD$u
D$vdD$wD$xD$yHD${D$|D$}ZD$~
j5T$T$
D$7D$$D$,D$-\$.D$/>D$0D$1D$2vD$3SD$4D$5
D$8LD$
D$ D$!KD$"5D$#3
T$<RS*
VT$2T$5T$#
WD$4TD$5,\$7D$8
D$:,D$;D$<PD$=D$>SD$?)D$@D$AD$BND$CED$DD$
D$!GD$"D$#]D$$"D$%D$&
D$(D$)D$*
D$,D$-T$.D$/'D$0;3L4
T$ST$W5
D$H6D$J%D$K
D$LRD$MD$ND$OD$PD$QuD$RD$TD$U}D$VD$XD$Y{D$ZD$[
T$\D$]
D$^D$_
D$`/D$aD$bgD$c
D$dPL$eD$fTD$gD$h\$iL$jD$k,D$lWT$mD$nKD$oSD$p
D$q4D$rD$s?D$tT$uD$vD$wD$xD$yD$zN\${D$|
ePD$ 9D$!
D$#1D$$
\$&D$''D$(<D$)4D$*4D$+
D$,x3t
UD$ Pj
_^]3[$
L$4QUy%
+PUS:-
WD$8TL$9D$:D$;
D$=L$>D$?D$@PD$AD$BSD$C)D$DD$ED$FND$GED$HD$
D$ 'D$ ;3\4
|D$$TL$%D$&D$'
D$)L$*D$+D$,PD$-D$.SD$/)D$0D$1D$2ND$3ED$4
D$ 'D$ ;3
ND$ ED$ D$L
D$MDD$ND$O`D$P"D$QD$R
D$TD$UT$VD$W
D$XD$YD$Z*D$[ D$\;3\
|$`D$8P$l
L$hQ3A
|$`T$$R$l
PD$hP3A
U3VWD$,D$$
_^3]L$
;u"T$8RUV
[_^3]L$ s
l$@u*D$8=DB
V[_^3]L$ 5
L$8=DB
D$ u"T$8=DB
u0L$8=DB
QPVSUV
T$@RUV
D$DPUV
L$ QKD$ |$8D$
L$PQ=D C
L$@D C
VEPEPEPEPV
EE/EbE
EEEKEEEEzExEUEcE
EVEsECEqE)E
EVEsECEqE)E
EVEsECEqE)E
EVEsECEqE)E
EVEsECEqE)
EEE]EJEsEEjE
EtEE E
EuEyE\EElE3SD5
EPEP-%
HZPVPh
3M_^[`
SVWE3EEETE}EEEEzE!E3L
EEE-EE
EfEEEEEEEEE
u9EPPu
H;|[t$
ElWE E!E"TE#}E$E%
E&iE'E(!E)qE*E+eE,E-E.E/E0-E1E2
E3fE4E5E6
E7E8E9
E:E;{E<
E=E>CE?[E@EAEBECED/EEb]FEGEHEIEJEKELEMKENEOEEPzEQxERUEScET
EUEV1EWEXEY
EE}E<EE
EEEEEKEEDE1EEEgEEE}EE5E
@:|5@B
WSE Ph
EPWSu|
WEPShLB
EdPM\Ed=EeEfEgEhEi
EjEkE\E]E^lE_E`EaEbEchPW
EPuxEPSh@B
t[EdEeEfEg
Ej}EkE\tE]E^
E_aE`lEatEbEcw3L
WEPSh8B
uxPh0B
3Ml_^[
WYYM_^
ElEEEEEEgEEJEEEiE(E
)E SE E!>E"E#SE$E%E&E'gE(CE)E*E+AE,E-8E08E1E2%E3E4]5E6
E7E8E9E:'E;E<pE=E>=E?FE@hEAEBdj:EPM0ECEDEEEFwEGEHEIEJqEK=ELEMENEOEP-EQKERESETjEU~EV_EWEX+EY`EZ
E[wE\FE]lE^K]_E`EaEb/EcEd
EeEfEgEhEi4MQh
;u;VSSSSEPEPu|u
EPux2YY
EPMh<B
DDDDDDDDDDDDDD
$UQQSVWd5
SVWE3PPPuu
E_^[E]D$
E[UQSE
k 3@[UQ}
u@3VZ
USVWUj
t.;t$$t(4v
EEPuuu
VC20XC00U
33333]^]
]_^[]UL$
8t3^[_m
B8t6t8t't
YHUQQS]
}K;Mr.}
3u+PSv
t6tA)E
33Mu;u
YYj`hB
f8MZu H<
PfYuEP
XPuVVPK}9uu
DDDDDDDDDDDDDD
u.;58C
Yu35|#C
tAt2t$
=N@uNVEP
3;t Mu
+SVWEePEEEEd
EP[YYE
EE8csmu1Ex
EPQ3VW
>csmu>~
iPVYYj
VP]UQQVu
t u$u u
WEPEPVu u
;EsVS;7|B;w
;Er[_^U$E
;csmVW
uEPEPVu u
UM~$E8s
(u$}u Mu
ShYY_^[
u u$u uu
tP8csmu,9x
U$Ru u
Pd 3@_^]
YYt-V5$
PYF,;t
PYF4;t
PYF<;t
PYFD;t
PYFH;t
PyYFT=x
Y}F`E;t
FdE;tM
3VWhDB
YYt+V5$
mVW_^]M
_VW3h C
F$|3@_^
YYu#Wv
EtVMf9MZ
_^[UQE
tc;t_F,98uXF4;t
YYF0;t
P|v<j?
YYv,jv<bYYF@;
P9YYFP;
Y_^VNd;
3;t/A,
QuYFd^j
$YUSVu
^[U$,T
3MEEEEE
It.ht lt
HHt`HHt\
@PEPC@
YYE}[E
@@@u3@t
t$ERPWS\=
~DE]EM3f
CYCY~-
uMEFYE
W3;u4DP
^_UQQM
MOI;|9 M
3@_^[U
WI <}}
MLD3#um
#Mj _^{
;]r;]u&
]#\D\D
RY]WYE;
}8VvYE;t*GHE;r
PWu@WrEWP
9]uK;u
E;t#GHE;r
PWuWuC
9]u";u
VWS58C
EE;u`9
3FVWS58C
VCYu3hB
;ru,hB
;r3_^j
$Y3}3F95T"C
u79=8C
u!5T"C
W>+~'WPv
Y}3u;58C
tVPVnYY3BU`(C
F3u`(C
uMSW<\"C
_3[@^3^
Y^UQQSV5
3<a]]t
qtb+tG
VbtFHt+
r$$w @
Y]3u;58C
4VYY`(C
ULSVWj
MQ@Puu
e_^[j8h B
u8SS3FVh
6PnYE;
?PYE;t@E
t!SS9]
uUY9]t
E;tSSu
e}VSWU
33M;u#utY;t1uSW
EPWu uc%
u9]t#W
PYY}Pg@<Yv"PXE;j
S]WSfhB
RYUQSVW}
_^[VW39=8C
t.t$<"u
u_^S39
;Y=4"C
U*V8E>=Yt
t7VPkYY
3Y]_^[54"C
@B8\t8"u&
_[UQQSVW39=8C
EHY("C
3_^[QQx#C
SSS+S@PVSSD$4
;t2U;YD$
t#SSUPt$$VSS
_^][YY
;rUVWD$
3_^][Hj
VWumhB
_^[Vt$
F3}we=8C
(Y!}SzYEMJ
u%9=|#C
Wj@3Y %C
EVEP5$&C
t6SUW
VPVPV5
@;rD3Ar
j@3Y %C
@;vAAy
I3A!%C
M_^[,j
+Y3}=#C
YE;uo>$&C
u5EP3GWh
]6Vv Nv$Fv(>v,6v0.v4&v
vDvHvLvPvT
Y^UV3PPPPPPPPU
t+t'NW8u
_^UWVSM
[^_UV3PPPPPPPPU
$sF ^Vt$
^]}@d;
t78t2=
E}u]G#
_};=8C
t@ t20t$@t
/t(;t$;t
8EPuuu
uW>Y?j
WWWWVSWu
YYE;t2WWVPVSWu
3j hpB
HHtjHHtF
u9S\UC\
}]39Mt
[^_UQQE
WVE;Yu
EU_^j
YYH}Fj
M^[yUWVSM
YY^3^%pB
e33Mu;u
xYY9]t
EPMQsM
MQMQMhUMQB
oM(dM8P8B
xUPMMP8B
MhaMPdB
$uO@J?
MNM_M_X
MNMNxN
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/~
map/set<T> too long
invalid map/set<T> iterator
SeDebugPrivilege
Kernel32
LoadLibraryA
list<T> too long
--%s--
%c%c%c%c%c
%d:%d,
[%d] %s
Description
ServiceName
invalid string position
string too long
bad allocation
Unknown exception
Microsoft Visual C++ Runtime Library
Program:
<program name unknown>
A buffer overrun has been detected which has corrupted the program's
internal state. The program cannot safely continue execution and must
now be terminated.
Buffer overrun detected!
A security error of unknown cause has been detected which has
corrupted the program's internal state. The program cannot safely
continue execution and must now be terminated.
Unknown security failure detected!
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
kernel32.dll
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
`h````
ppxxxx
(null)
CorExitProcess
mscoree.dll
runtime error
TLOSS error
SING error
DOMAIN error
- This application cannot run using the active version of the Microsoft .NET Runtime
Please contact the application's support team for more information.
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point not loaded
Runtime Error!
Program:
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
user32.dll
InitializeCriticalSectionAndSpinCount
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
CloseHandle
CreateFileA
ExpandEnvironmentStringsA
WaitForSingleObject
SetEvent
WaitForMultipleObjects
CreateEventA
CreateThread
GetLocalTime
HeapFree
DeleteFileA
CreateProcessA
WriteFile
GetTempFileNameA
GetTempPathA
HeapAlloc
GetProcessHeap
ReleaseMutex
CreateMutexA
GetCurrentProcess
CreateRemoteThread
GetProcAddress
GetModuleHandleA
WriteProcessMemory
VirtualAllocEx
lstrlenA
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
GetFileAttributesA
lstrcatA
GetSystemDirectoryA
lstrcmpiA
UnmapViewOfFile
GetFileSize
MapViewOfFile
CreateFileMappingA
FindClose
FindNextFileA
lstrcmpA
GetLastError
FindFirstFileA
lstrcpyA
SetFilePointer
ReadFile
GetTimeZoneInformation
GetTickCount
LoadLibraryA
GetModuleFileNameA
GetCurrentDirectoryA
MoveFileExA
CopyFileA
GetOverlappedResult
LockResource
SizeofResource
LoadResource
FindResourceA
ResetEvent
GetVersionExA
HeapReAlloc
IsBadWritePtr
GetVolumeInformationA
DeviceIoControl
DefineDosDeviceA
QueryDosDeviceA
KERNEL32.dll
MessageBoxA
wsprintfA
SetWindowsHookExA
USER32.dll
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegDeleteValueA
RegOpenKeyA
CloseServiceHandle
OpenServiceA
OpenSCManagerA
QueryServiceStatusEx
IsValidSecurityDescriptor
AddAce
GetLengthSid
AllocateAndInitializeSid
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
GetTokenInformation
InitializeSecurityDescriptor
RegEnumKeyExA
ADVAPI32.dll
ExitProcess
RtlUnwind
RaiseException
GetStartupInfoA
GetCommandLineA
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
SetUnhandledExceptionFilter
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InterlockedExchange
VirtualQuery
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
TerminateProcess
HeapSize
VirtualProtect
GetSystemInfo
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
IsBadReadPtr
IsBadCodePtr
GetACP
GetOEMCP
GetCPInfo
InitializeCriticalSection
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
FlushFileBuffers
SetEndOfFile
.?AVexception@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
.?AVbad_alloc@std@@
.?AVtype_info@@
pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
pppppppppppppppppppppppppppppppppppppppppp
pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
pppppppppppppppppppppppppppppppppppppppppp
pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
pppppppppppppppppppppppppppppppppppppppppp
ppppppppppppppppppppppppppppppppppqf
pppppppppppppppppppppppppppq7
G7''ghw(9eoppppppppppppppppppppppppppppppppppppppppppppppppppppqf
pppppppppppppppppppppppppppq7
G7''ghw(9eoppppppppppppppppppppppppppppppppppppppppppppppppppppqf
pppppppppppppppppppppppppppq7
G7''ghw(9eoppppppppppppppppppp@'
@c{PbC
j�j�j�j�j�j�
j�j�j�j�j�j�
j�j�j�j�j�j�
j�j�j�j�j�j�
� � � � � � � �h�(�(�(�(� � � � � � � � � � � � � � � � � � �H�
(�n�u�l�l�)�
� � � � � � � � �(�(�(�(�(� � � � � � � � � � � � � � � � � � �H�
� � � � � � � � �h�(�(�(�(� � � � � � � � � � � � � � � � � � �H�
� � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � �H�
B�B�B�B�B�B�B�B�
B�B�B�B�B�B�
B�B�B�B�B�B�
B�B�B�B�B�B�
Process Tree
-
0d0fc69ffad90b989c5b5db27459d03ca279a19f633f1cd8ccbafb88f3ea59c1.exe (2736)
"C:\Users\Administrator\AppData\Local\Temp\0d0fc69ffad90b989c5b5db27459d03ca279a19f633f1cd8ccbafb88f3ea59c1.exe"
- notepad.exe (1448) C:\Windows\System32\notepad.exe C:\Users\Administrator\AppData\Local\Temp\D0FC.tmp
- tserv.exe (2228) C:\Windows\tserv.exe s
0d0fc69ffad90b989c5b5db27459d03ca279a19f633f1cd8ccbafb88f3ea59c1.exe, PID: 2736, Parent PID: 2112
default registry file network process services synchronisation iexplore office pdf
Hosts
No hosts contacted.
DNS
No domains contacted.
TCP
No TCP connections recorded.
UDP
No UDP connections recorded.
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
| Name | 748e892c9c05fc3e_~3520.tmp |
|---|---|
| Filepath | C:\Users\Administrator\AppData\Local\Temp\~3520.tmp |
| Size | 58.0B |
| Processes | 2228 (tserv.exe) |
| Type | ASCII text, with no line terminators |
| MD5 | 4234f7b7727405326f138d5da22661c1 |
| SHA1 | 183b6a49029757a819ff409e3c28bc388583e5b0 |
| SHA256 | 748e892c9c05fc3eda6b6069a0b09de7566abba6d7bd28c9c3b2dd1bb54e649f |
| CRC32 | 711C421E |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 386cf85b44d7042b_d0fc.tmp |
|---|---|
| Filepath | C:\Users\Administrator\AppData\Local\Temp\D0FC.tmp |
| Size | 89.6KB |
| Processes | 2736 (0d0fc69ffad90b989c5b5db27459d03ca279a19f633f1cd8ccbafb88f3ea59c1.exe) |
| Type | data |
| MD5 | 3dfa83e7fa7b0104d6205b64cbfc4e6a |
| SHA1 | 54b54244ef63f6a517adc08bbbff730f7989260d |
| SHA256 | 386cf85b44d7042b9972b2727d1dc56c007df80d6c902797037b76639494c52b |
| CRC32 | B441CC03 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 0843414bd9e94cff_tserv.wax |
|---|---|
| Filepath | C:\Windows\tserv.wax |
| Size | 5.2KB |
| Processes | 2228 (tserv.exe) |
| Type | data |
| MD5 | 15657cca9d3ebb3c59323d7e460ea054 |
| SHA1 | 747c640a4123132098a7a6cbf746a1d92f72a39c |
| SHA256 | 0843414bd9e94cff8f5a5ac9a024971a2cb60b8c1c7f299283cf63846081b0ad |
| CRC32 | 4D6ABA83 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | a21ce3d8b334eee80ff9bb6ca9547f8d1b8f2fbb |
|---|---|
| Size | 586.0KB |
| Type | ASCII text, with CRLF line terminators |
| MD5 | d0cf84b3f8ed9e0f91bea3f59910edf2 |
| SHA1 | a21ce3d8b334eee80ff9bb6ca9547f8d1b8f2fbb |
| SHA256 | 0cded176a19b820f265b3cef67ddbbb323b359382d3d6bf9e0587810af446a4f |
| CRC32 | BA148337 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | defa7156c8e2061d2ca25099022263307caed8af |
|---|---|
| Size | 586.0KB |
| Type | ASCII text, with CRLF line terminators |
| MD5 | 7f188df4a924728e0c91bde22b843470 |
| SHA1 | defa7156c8e2061d2ca25099022263307caed8af |
| SHA256 | 4d90a3d12fcc178f527234871ddb5afcef4b0bad24a8d6f4303d266930ac75cc |
| CRC32 | 30DBB67D |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |