SmartHawk

1.8

低危

60 个模型检测该样本为恶意！

重新分析

下载样本

0e5db0cb32b2c2a1974722c3252eaf9dad7fead3e2f85d173360bcb8fe0de094

0e5db0cb32b2c2a1974722c3252eaf9dad7fead3e2f85d173360bcb8fe0de094.exe

分析耗时

133s

引擎	描述	特征	威胁分数	可能家族	检测耗时
DACN	基于动态分析和胶囊网络的可视化恶意软件检测	API调用、DLL以及注册表的修改情况	0.15	Unknown	0.07s
FACILE	利用改进的层次胶囊网络对二进制恶意软件图像进行识别分类	二进制图像映射为的灰度图像	1.00	Unknown	0.04s
IMCLNet	轻量化深度卷积网络模型实现恶意软件家族检测	原始二进制映射而成的可视化图像	0.70	Unknown	0.22s
MFGraph	利用静态特征构建图网络以检测恶意软件	原始二进制PE文件的静态特征节点	0.00	Unknown	0.00s

查杀引擎	查杀结果	查杀时间	查杀版本
Alibaba	None	20190527	0.3.0.5
Avast	Win32:Warezov-FL [Wrm]	20200724	18.4.3895.0
Baidu	None	20190318	1.0.0.2
CrowdStrike	win/malicious_confidence_90% (W)	20190702	1.0
Kingsoft	None	20200724	2013.8.14.323
McAfee	GenericRXFJ-CM!98E40DC6E5A3	20200724	6.0.6.653
Tencent	Malware.Win32.Gencirc.10b3b0b6	20200724	1.0.0.1

Time & API	Arguments	Status	Return	Repeated
1727545404.03125 __exception__	exception.address: 0x416711 exception.instruction: mov ecx, dword ptr [esi + 0x10] exception.instruction_r: 8b 4e 10 6a 00 6a 00 89 48 10 ff 15 4c e1 42 00 exception.symbol: tserv+0x16711 exception.exception_code: 0xc0000005 registers.eax: 53076272 registers.ecx: 0 registers.edx: 56360740 registers.ebx: 1995314192 registers.esp: 56360712 registers.ebp: 56360760 registers.esi: 1 registers.edi: 44 stacktrace: tserv+0x167e2 @ 0x4167e2	success	0	0

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2006-09-20 21:16:16

PE Imphash

547cd05356c429dc57b17bf0fd6daf12

Sections

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
.text	0x00001000	0x0002c5a4	0x0002d000	6.353296576388688
.rdata	0x0002e000	0x00002efc	0x00003000	4.955424298416429
.data	0x00031000	0x000028c0	0x00001000	1.9793888897922702
.rsrc	0x00034000	0x00030118	0x00031000	0.6251701409759546

Resources

Name	Offset	Size	Language	Sub-language	File type
ૼꞪ袈袈肈Ɦ胿Ɦ胿Ɦÿ	0x00039f18	0x0000f000	LANG_ENGLISH	SUBLANG_ENGLISH_US	None
ૼꞪ袈袈肈Ɦ胿Ɦ胿Ɦÿ	0x00039f18	0x0000f000	LANG_ENGLISH	SUBLANG_ENGLISH_US	None
RT_ICON	0x00034608	0xffffff28	LANG_ENGLISH	SUBLANG_ENGLISH_US	None
RT_ICON	0x00034608	0xffffff28	LANG_ENGLISH	SUBLANG_ENGLISH_US	None

Imports

Library KERNEL32.dll:

• 0x42e05c WriteProcessMemory

• 0x42e060 VirtualAllocEx

• 0x42e064 lstrlenA

• 0x42e068 OpenProcess

• 0x42e06c Process32Next

• 0x42e070 Process32First

• 0x42e074 CreateToolhelp32Snapshot

• 0x42e078 GetFileAttributesA

• 0x42e07c lstrcatA

• 0x42e080 GetSystemDirectoryA

• 0x42e084 lstrcmpiA

• 0x42e088 UnmapViewOfFile

• 0x42e08c GetFileSize

• 0x42e090 MapViewOfFile

• 0x42e094 CreateFileMappingA

• 0x42e098 FindClose

• 0x42e09c FindNextFileA

• 0x42e0a0 lstrcmpA

• 0x42e0a4 GetLastError

• 0x42e0a8 FindFirstFileA

• 0x42e0ac lstrcpyA

• 0x42e0b0 SetFilePointer

• 0x42e0b4 ReadFile

• 0x42e0b8 GetTimeZoneInformation

• 0x42e0bc GetModuleHandleA

• 0x42e0c0 LoadLibraryA

• 0x42e0c4 GetModuleFileNameA

• 0x42e0c8 GetCurrentDirectoryA

• 0x42e0cc MoveFileExA

• 0x42e0d0 CopyFileA

• 0x42e0d4 GetOverlappedResult

• 0x42e0d8 LockResource

• 0x42e0dc SizeofResource

• 0x42e0e0 LoadResource

• 0x42e0e4 FindResourceA

• 0x42e0e8 ResetEvent

• 0x42e0ec GetVersionExA

• 0x42e0f0 HeapReAlloc

• 0x42e0f4 IsBadWritePtr

• 0x42e0f8 GetVolumeInformationA

• 0x42e0fc DeviceIoControl

• 0x42e100 DefineDosDeviceA

• 0x42e104 QueryDosDeviceA

• 0x42e108 SetEndOfFile

• 0x42e10c GetProcAddress

• 0x42e110 CreateRemoteThread

• 0x42e114 GetCurrentProcess

• 0x42e118 CreateMutexA

• 0x42e11c ReleaseMutex

• 0x42e120 GetProcessHeap

• 0x42e124 HeapAlloc

• 0x42e128 Sleep

• 0x42e12c CloseHandle

• 0x42e130 GetTempPathA

• 0x42e134 GetTempFileNameA

• 0x42e138 WriteFile

• 0x42e13c CreateProcessA

• 0x42e140 DeleteFileA

• 0x42e144 HeapFree

• 0x42e148 GetLocalTime

• 0x42e14c CreateThread

• 0x42e150 CreateEventA

• 0x42e154 WaitForMultipleObjects

• 0x42e158 SetEvent

• 0x42e15c WaitForSingleObject

• 0x42e160 ExpandEnvironmentStringsA

• 0x42e164 CreateFileA

• 0x42e168 GetTickCount

• 0x42e16c ExitProcess

• 0x42e170 RtlUnwind

• 0x42e174 RaiseException

• 0x42e178 GetStartupInfoA

• 0x42e17c GetCommandLineA

• 0x42e180 QueryPerformanceCounter

• 0x42e184 GetCurrentThreadId

• 0x42e188 GetCurrentProcessId

• 0x42e18c GetSystemTimeAsFileTime

• 0x42e190 TlsAlloc

• 0x42e194 SetLastError

• 0x42e198 TlsFree

• 0x42e19c TlsSetValue

• 0x42e1a0 TlsGetValue

• 0x42e1a4 SetUnhandledExceptionFilter

• 0x42e1a8 DeleteCriticalSection

• 0x42e1ac LeaveCriticalSection

• 0x42e1b0 EnterCriticalSection

• 0x42e1b4 InterlockedExchange

• 0x42e1b8 VirtualQuery

• 0x42e1bc HeapDestroy

• 0x42e1c0 HeapCreate

• 0x42e1c4 VirtualFree

• 0x42e1c8 VirtualAlloc

• 0x42e1cc TerminateProcess

• 0x42e1d0 HeapSize

• 0x42e1d4 VirtualProtect

• 0x42e1d8 GetSystemInfo

• 0x42e1dc LCMapStringA

• 0x42e1e0 WideCharToMultiByte

• 0x42e1e4 MultiByteToWideChar

• 0x42e1e8 LCMapStringW

• 0x42e1ec GetStdHandle

• 0x42e1f0 UnhandledExceptionFilter

• 0x42e1f4 FreeEnvironmentStringsA

• 0x42e1f8 GetEnvironmentStrings

• 0x42e1fc FreeEnvironmentStringsW

• 0x42e200 GetEnvironmentStringsW

• 0x42e204 SetHandleCount

• 0x42e208 GetFileType

• 0x42e20c IsBadReadPtr

• 0x42e210 IsBadCodePtr

• 0x42e214 GetACP

• 0x42e218 GetOEMCP

• 0x42e21c GetCPInfo

• 0x42e220 InitializeCriticalSection

• 0x42e224 GetStringTypeA

• 0x42e228 GetStringTypeW

• 0x42e22c GetLocaleInfoA

• 0x42e230 SetStdHandle

• 0x42e234 FlushFileBuffers

Library USER32.dll:

• 0x42e23c wsprintfA

• 0x42e240 MessageBoxA

• 0x42e244 SetWindowsHookExA

Library ADVAPI32.dll:

• 0x42e000 RegOpenKeyA

• 0x42e004 RegEnumKeyExA

• 0x42e008 InitializeSecurityDescriptor

• 0x42e00c GetTokenInformation

• 0x42e010 SetSecurityDescriptorOwner

• 0x42e014 SetSecurityDescriptorGroup

• 0x42e018 AllocateAndInitializeSid

• 0x42e01c GetLengthSid

• 0x42e020 AddAce

• 0x42e024 IsValidSecurityDescriptor

• 0x42e028 QueryServiceStatusEx

• 0x42e02c OpenSCManagerA

• 0x42e030 OpenServiceA

• 0x42e034 CloseServiceHandle

• 0x42e038 RegDeleteValueA

• 0x42e03c RegSetValueExA

• 0x42e040 RegOpenKeyExA

• 0x42e044 RegQueryValueExA

• 0x42e048 RegCloseKey

• 0x42e04c OpenProcessToken

• 0x42e050 LookupPrivilegeValueA

• 0x42e054 AdjustTokenPrivileges

L!This program cannot be run in DOS mode.
frfrfrn
frj}frn/frjn/frfswfrj-
m,frj(frRichfr
`.rdata
@.data
D$D$ tD$!FD$"D$#3I
T$,RD$
D$D$ tD$!FD$"D$#3I
T$,RD$
 SVWt$0
D$$D$$PhA
T$0T$0Rhp@
UVt$ W
D$4S\$,PSFM
(D$(L$ 
NuL$(D$8
D$(D$4L$([_^
D$D$ tD$!FD$"D$#3I
T$,RD$
D$D$ tD$!FD$"D$#3I
T$,RD$
xSD$4D$CL$DL$J
L$SVWD$8{D$9:D$:YD$;D$=D$>D$?'D$@4D$AD$B
D$CzD$D
D$E0D$FD$GD$HD$ID$JD$M2D$ND$OD$PcD$QyD$S\D$TD$UD$VD$WD$XD$YSD$ZD$\vL$]D$^D$_
D$`AL$aD$bpD$cID$dD$e}D$fD$h
D$iND$j-\$kD$lBD$mD$nD$oPD$pCD$qD$rKD$sTD$teD$uUD$vD$wD$xD$yD$zD${
D$|D$}@D$~D$
8@/|D$
D$$T$(RPQW
|$h3T$(RD$lPWWWWWW$
t2T$,R
P5tP5u
;w-r%P
^SUVt$
PU7vmO
Q+VS_^[
RU;vh{
^QVW|$
D$ P5L$
@u+PR_^
SVWej0
RPQCM_^d
PL$(t$XhB
L$(QD$,hB
C;L$l_
aL$p]G
D$`Z,[
L$L_^d
PL$,t$\h<B
L$,QD$0tB
UWL$llE
U,A,Q,E,E,
8Z,teP
V,P,^,@
V,P,^,
VX,N_,}(
D$`T$dL$P^
EC-WeuuLF
RPQPUB-t
wlr%~(
;)u.WUj
WUPL$(Q?
;0u8;u4@
;t[F-uAF
P-tQD$
SVWej8&
PL$(t$XhB
L$(QD$,hB
C;L$l_
aL$p]G
D$`Z4[
L$L_^d
W|$,L$
t\$ L$
t$,t8Q
D$(_^]
L$,gt$,
WSPL$8QL$$
D$(_^]
D$(_0^]@
HUH5VtLj
PL$,t$\Th<B
L$,QD$0tB
SWL$l\$
S4A4Q4C4D$
8Y4tcH
N4H4^4P
Z4xH4u
N4H4^4
L$dD$`
L$P^]d
W|$ Sj
WZ][_^
W|$ Rj
W][_^
PWt\L$$\$$
A5W|$ t
PMtaL$$\$$
RW't;C
H5W|$ 
WY][_^
WD][_^
8Ul$LVWUG
QUL$$D$T
dPVT$\RD$X
L$D_F(^]d
;0u8;u4@
;t[F5uAF
P5tQD$
xSj2Q$
@u+PWL$,D$$PT$ M
tIx(;t
@u+PWL$,j3l$`WT$,
D$\PL$ Q
l$x|$tD$d
|$8D$(
k#PL$DVL$DQM
L$|_^]3[d
PWSD$ 
@:u+PRL$
\$T|$(
\$@\$0
@:u+PRL$4*D$,PO
PQL$`QLU
L$H_^][d
~TSVt$
RD$ D$
L$,D$0
(SVW3}
t`ElhB
D$plD$q
D$rqD$s
D$tmD$vp\$wD$xgj
D$p3D$q]D$r2D$sVD$teD$uWD$v<D$wND$x h\$a3
D$`D$b
\$cD$dLD$eD$fUD$g
`@L4`N;|L$aD$`T$b#4eL$iL$dD$hD$cn4%L$lL$gD$kD$f
T$jT$e4auL$osD$nT$m
D$`kD$aaD$bvL$cD$dvD$ec\$fD$TD$UD$VD$W
D$XD$YD$ZD$[D$\H3
@T4TN;|D$TT$U4=$
T$Y4U$
}D$dD$eD$fD$gD$hD$iD$jD$kD$llD$
D$efD$f
D$grD$h
D$idD$j
D$k|fD$\iD$]D$^D$_&D$`D$a
D$bD$cD$d3
\AD4\N;|D$\L$]T$^4
L$`4g$
D$ T$p$
L$$T$(D$,L$h$
L$0T$4D$8$
L$<|$@T$DD$HL$|$
D$\_l$L
lD$XwD$YuD$ZpD$[dD$\mD$]gD$^r\$_L$HT$PD$T]L
_^3[$<
QVD$$(
tpT$@R
3M~XSVt$
VaWD$TD$$D$L3j
D$]dD$^b\$_D$-sD$.p\$/D$TD$UD$V>D$W$D$
D$xD$hcD$igD$ji\$kD$,dD$-bD$.x\$/
4D$_jRD$lD$
L$]T$^D$4hD$5tD$6m\$7
D$msD$np\$oD$
fD$?L$=T$>D$
4ND$gL$eT$fD$DmD$EhD$Ft\$GD$
4`UD$xD$
L$yL$tj
g\$D$|
D$}D$~D$
RL$ D$(oD$)dD$*s\$+D$,oD$-fD$.t\$/D$4tD$5bD$6b\$7D$<tD$=xD$>t\$?D$DuD$EiD$Fn\$GD$0D$1
D$!rD$"
D$<wD$=sD$>h\$?D$
L$ET$FD$GD$|$
L$pT$@D$h$
L$HT$xD$
L$,T$4D$<
D$LpD$MhD$Np\$OD$
D$TsD$UhD$Vt\$W
D$\D$]ID$^D$_8D$dD$eD$fD$g$
|_^3[$
T$$+;s
T$$++;w
t$ L$$
9t$$wsE
T$$RT$$
D$ ;woE
T$$RT$$
D$$+RT$$
SRP[_^[
Ul$ ++;w
;t$ sdC
++RWQP[_^
D$0SD$0
|$ t\q
;s!t$T
G;r|$ 
;seD$T
<_u L$T<
8rbT$<L$(F
D$(l$8
L$(T$T
WPQL$4|$<
D$(L$\j
U_]3^j
L$ Q$d
L$LQ$d
D$LP$d
PD$ .D$!wD$"aD$#bD$$
_^[]QSV5xB
z~_^3[Y
D$D$ -D$!D$"
D$#fD$$D$%\$&T$'D$(D$)
D$*D$+{D$,
L$-D$.CD$/[D$0D$1D$2D$3D$4/D$5bD$6
D$7D$8D$9D$:D$;D$<D$=KD$>D$?ED$@zD$AxD$BUD$CcD$D
D$ED$F1D$GD$HD$I
D$JD$K4D$LD$MD$ND$OL$PD$QZD$RD$SD$TwD$UnL$\$
D$VD$WD$XD$YmD$ZD$[gD$]
D$^D$_D$`D$a2D$b?D$ceD$dD$eD$fGD$gED$h
D$iD$jhD$kD$l(D$m
D$pHD$q
\$sD$t
D$u\$vD$w
D$xD$yD$z]D${JD$|sD$}D$~jD$
WRPQT$ R$
_^[]Ul$
~PSVt$
AHu^][
P-tP-u
[VWF4jP3
Hu+N4~0Q
rBW3v*I
ty wtSU3
C;r^][
W|$,D$$
^[3_L$ 
D$ D$$D$(9_
T$8Rj D$
P4H0H H8H@SV~4
^UjhpB
+;euw(9F
Q@@(PMN4Q
@u+PVP_^
DV?+;^sQj
$PL$ D$P
L$ QD$$hB
PL$,t$\
L$,QD$0tB
UWL$llE
U,A,Q,E,E,
8Z,teP
V,P,^,@
VX,zP,u
V,P,^,
VX,N_,}$
D$`T$dL$P^
T$8VD$ D$@L$@PQRL$
RQPO|$
D$ hD$!D$"
D$#D$$tD$%FD$&D$'D$(D$)3T
T$0RD$
@u+PL$0QN84$0
;0u8;u4@
;t[F-uAF
P-tQD$
SVWej0
RPQM_^d
QSVWF4jP
t)x(;t
;F ^$t
;F,^0t
PL$(t$X
L$(QD$,hB
C;L$l_
aL$p]G
D$`Z,[
L$L_^d
SVWG4jP
Hu;G0t4O,
F8O(FG$t
QL$ .D$
N8RO(1
F8VG4P
W|$,L$
t\$ L$
t$,t8Q
D$(_^]
L$,Wt$,
WSPL$8QL$$
D$(_^]
D$(_0^]@
QSVWt$
<@u(SF
tN;s;D$
|T$ D$#$
D$$5D$%D$&
D$0D$1@D$2D$3\
|D$$P$
D$(D$)D$*)D$+
L$,WQ$
D$4D$5D$6
D$ ZD$!4D$"
W|$ Sj
WZ][_^
W|$ Rj
W][_^
PWtt\L$$\$$
A-W|$ t
P}ttaL$$\$$pl$$;n
RWWtt;C
H-W|$ 
WY][_^
WD][_^
 SUl$8VWU8G
3;t#~$
p}MjSUL$
\$0\$ 
w\$,L$
QVT$HR
\$D0|$(
L$0_F(^][d
EEPj MQS
MQWURS
8EPM\x}_
EPMUN8V<EV
_^[]UjhXB
@:u+PVM-uVE
9urQUR
H4X0X X8X@u
^L^<SSSD$$
D$!D$'D$
D$ hD$"
D$#D$$tD$%FD$&L$(3d$
T$4RD$
D$!D$'D$
D$ hD$"
D$#D$$tD$%FD$&L$(3T
T$4RD$
D$XxD$
D$#ND$-D$6A
D$D$ D$!SD$"D$$vT$%D$&D$'
L$(D$,
D$.-D$/D$0BD$1D$2D$3PD$4CD$5D$7TD$8eD$9UD$:D$;D$<D$=D$>D$?
D$@D$A@D$BD$CD$D
D$FD$GrD$HD$ID$JT$KD$QD$LD$McD$ND$OD$PYD$RD$ShL$T3
_3^L$X
D$lL$hP
_3^L$Xm
r_^]3[_^]
P3VQRD$0h
PQRD$0h
AHu^][
\$Q\$T
D$-T$1D$=
\$ZT$\\$cw3D$(D$)4D$*D$+D$,D$.D$/ZD$0L$2D$3D$4D$5D$6D$7mD$8D$9gD$:nD$;
D$<D$>D$?2D$@?D$AeD$BD$CD$DGD$EED$F
D$GD$HhD$ID$J(D$K
D$LD$MD$NHD$O
D$PD$R
D$SD$U
D$VD$WD$XD$YUD$[T$]D$^D$_iD$`D$aD$bWD$dD$eD$fD$g^D$hD$iGD$jK\$kD$lT$mD$nD$oD$r$
L$tL$uD$vpD$wD$xMD$yD$z
D${zD$|"D$}'D$~+D$
L$ 3+P
D$2QL$,R
PRD$PPQ
RD$D$ D$!TD$"hD$#eD$%
D$&D$'3
|=P7PD$<T$
T$KT$hT$
D$<D$=4D$>'D$?D$@D$A
D$BOD$CD$D
D$ED$FD$G
D$HD$ID$JD$LD$MD$ND$O)D$PD$QD$RD$SD$TD$UAD$VD$WD$X
D$YD$ZD$[
L$\D$]D$^D$_D$`D$agD$b
D$cD$dD$eL$fD$gdD$
D$aD$ D$!D$"D$#D$$D$%YL$(L$1D$4D$&D$'D$)D$*D$+D$,D$-kD$.D$/D$0UD$2;D$3xD$5D$6ID$7[D$83,
-|UT$@R
D$|=D$}OD$~D$
D$qD$ D$!&D$"D$#D$$
D$%gD$&cD$'D$(+D$)D$*D$+FD$,D$-D$.T$/D$0\D$1D$2.D$3
D$4`D$5$D$6D$7
D$8D$9D$:zD$;D$< D$=~rV
]j@PL$
iD$kD$ <D$!&D$"#D$#uD$$&D$%:D$&#D$'uD$(8D$)
G QPL$$Q$
qtmD$0mD$1YD$2DD$3FD$4
D$7XD$8&D$9!D$:+3
PD$4P$
D$$RD$ 
\$ D$!mD$"D$#\$$D$%D$&D$'D$)D$*D$+nD$,
D$-PD$.D$/:D$0D$1D$2D$3oV
D$0TD$1oD$2:D$3 D$4%D$5sD$6
G<PD$4P$
D$0D$1D$2D$3gD$4CD$5D$6D$7AD$8D$98D$:D$;D$<D$=8D$
D$ "D$!D$"D$#D$$5D$%D$&zD$'#D$(ND$)3L
GXPD$4P$
D$ D$!
D$"9D$#`D$$KD$%KD$&0D$'.D$(qD$)D$*D$+D$,D$-D$._D$/D$0?D$1D$2D$4D$5D$62D$7D$8RD$9D$:\$;D$<D$=D$>
D$?\D$@QD$A/D$B%D$C
D$DVD$EwD$F[$(
L$9^-{$
_D$0D$1FD$2
D$3D$41D$5D$6AD$7xT$8D$:D$;.D$<_D$=D$>L$?D$@MD$A\$BD$CD$DSD$ED$XD$FD$GED$H<D$ID$J2D$KD$LD$M\D$ND$OD$P
L$QD$RiD$S
D$TD$UD$V
D$WAD$YD$Z
T$\D$]D$^D$_.D$`
D$aD$b+D$c03T
\$fpD$PD$RD$ddD$eD$gD$hD$i
D$jD$kD$l%D$mD$nD$pD$q
D$r9D$sD$tD$u
D$v[D$wWD$x>D$ycD$zD${
D$|D$}
D$0'D$1D$2
D$3D$4D$5`D$6D$7D$8QD$9D$:D$;D$<D$=
D$>\D$?D$@\$AD$B5D$C4D$DQD$E
D$FD$GnD$HD$I/D$JD$K'D$LD$MfD$ND$O(D$QL$S3L
$|D$dPPL$hQ
QUGvvO
Q+VS_^[
PUFvm{
D$ 3PL$
D$$eD$%D$&D$'D$
D$fD$
,kD$$D$
ND$ D$
T$TT$8T$`T$0$T
D$XD$,$|
L$\D$dT$l$
D$pD$($
T$xD$|D$
BD$$D$
T$DT$ $P
L$HT$LT$($
L$PT$T$
|$dl$pL$x$
L$$T$|$
D$@D$A$D$B
D$CDD$DD$ED$FD$G'D$HND$I3
DI;|D$DL$ET$F4
D$G#4F$
T$L~4I$
oD$pL$uD${D$8L$:
D$qD$rD$sD$t#D$v@D$w
D$xD$y6D$zD$9D$;D$<tD$=)D$>1D$?ND$@D$AD$BD$C3
8I;|3L
D$8D$9|D$:
D$<PD$=ZD$>D$?)D$@0D$A]D$BD$C1D$dD$eD$f_D$gfD$h
D$jD$k
D$l3D$m
D$nL$o3L
D$TD$|^D$}D$~D$
D$UrD$VeD$W+D$XD$Y
D$Z8\$[D$\D$]
D$^D$_D$`D$aD$bD$c;3
TI;|3L
cD$dD$jnL$`D$bD$DL$KD$eaD$frD$geD$h2D$i.T$kD$lmD$m
D$UD$VD$WD$X
D$YD$ZD$[
D$\fD$]D$^wD$_D$aD$ED$F
D$GD$HYD$ID$J
D$LD$MD$N4D$OD$PD$QD$Ry3
|mD$DT$JD$K$
T$8D$|L$ T$$D$(L$dT$TD$DD$EaD$FiD$GlD$H.D$IcD$L
L$,T$0D$4
+PRG"$
D$|VD$ 
RT$DhB
aRT$ThB
@:u+PD$DPL$
\$8\$(L$$Q
~jSD$,P
L$(QEC
9t$ ^\$4\$$D$8
D$,HD$-D$.D$/ID$03
0I;|D$0L$1T$2,4D$hD$3L$iL$4H4D$kL$lT$jD$8D$9OD$:{D$;[D$<ED$=mD$>pD$?3
8I;|D$9T$8L$:4
D$yD$<T$xT$;
4.1L$zL$=D$|D$?T${T$>
4*L$}D$
T$~D$0
D$1D$2D$3D$4FD$53
0I;|D$2L$0T$14
D$rD$5L$pL$34
T$qT$4L$sj
D$MeQL$HT$|
D$H)D$IdD$J
D$KlD$L
D$M D$NdD$O
D$PmD$RrD$S
D$TD$U
D$V<D$WoD$X
D$YD$Z
D$[tD$\
L$QRL$H
D$H\$ID$JD$KD$LD$MD$ND$OD$PD$QD$RD$SD$TD$VD$W\$XD$YD$ZD$[D$\D$]D$^D$_5
D$MD$XD$@+D$AcD$BTD$CD$DmD$E!D$FD$G*D$H<D$ID$JD$KD$LyL$YD$Z
\$[D$\D$]YD$^xD$_D$`SD$a
D$bD$c&D$d
D$ex3\
D$<PL$8D$@1D$A
D$BAD$CD$DRD$E;D$FD$8D$9D$:D$;D$<D$=D$>fL$hL$
T$xL$pT$
D$$T$@D$0L$XD$0ED$1rD$2rD$3oD$4rD$5
D$XGD$YoD$ZoD$[dD$\ D$]dD$^aD$_yD$`
T$ D$(L$,*3
51SD$vT$}$
M*VD$xD$yD${D$|CD$}=D$~(D$
pD$D$ GD$!,D$"WD$#D$$|D$%xD$&D$'D$(6D$)D$*&D$+D$,D$-
D$.D$/D$0OD$19D$2D$3qD$4D$5)D$6
D$7^D$8D$9D$:D$;{D$<[D$=zD$>D$?D$@D$AED$BD$CD$D
JD$PD$SD$vL$HD$ID$JRD$K
D$LD$MZD$N&D$O0D$Q:D$RD$T#D$UPD$V
L$XD$Y$D$Z
D$[D$\,D$]D$^D$_D$`D$aD$bZD$cD$dD$e
D$fCD$g
D$iwD$jD$kD$l,D$mD$nD$oID$pD$qD$r|D$sD$t
D$u8D$w
yD$yD$ D$!mL$"T$#D$$iD$%eD$&dD$'~D$(D$)cD$*dD$+yT$,D$-_D$.dD$/cD$0iD$1eD$2nL$3T$4D$5iD$6bD$7D$8xD$9D$:iD$;~L$<D$=xD$>yT$?D$@D$AdD$BnT$CD$DbD$ED$FyT$GD$HhL$IL$JD$KdT$LD$MyL$ND$OdD$P~D$Q
D$SD$TyT$UD$VT$WD$XhD$YcD$ZdD$[D$\xD$]sT$^D$_D$bL$f$
D$`~D$a~D$ciD$dbD$egD$gdD$h~D$i$D$j
v@7|T$xD$
3WD$pD$qD$rpD$sD$tD$uD$v^D$wLD$x
p@L4pN;|D$pL$qT$r4v#$
L$t=4$
7D$tD$uD$vD$wD$xD$yD$z)j
QL$lD$
D$l;D$m_D$n0D$oS
D$dD$eD$fAD$gD$h3
dAD4dN;|L$eD$dT$f4$
D$g24$
D$l}D$mD$n^D$o,D$pD$qD$rD$s3
lAD4lN;|D$lL$mT$n4
D$tD$oL$uL$p4MD$wD$rL$xL$sT$vT$q4}D$z9L${T$y$
T$<D$TL$tL$X$
T$TD$d$
|$Hl$LT$d$
D$m(D$n\D$o$D$pPO.
D$d-D$eD$fD$gD$h3
T<dD4dT4dFD<dO;|D$dT$e4$
D$h4-$
T$,D$0$
l$(T$4D$8$
D$eD$fD$ghD$h13
T<dD4dT4dFD<dO;|D$dT$e4$
L$dL$l4
L$dT$l
D$ecD$fmD$gd\$hD$mpD$niD$of\$pD$
L$ T$$K3
@:u+PV
@:u+PV
D$ VD$
D$$sD$%eD$&cD$'uD$(rD$)
@uL$,+PR
^]SUl$
AHu^][
L$D$ <D$!D$"D$#
D$$hD$%D$&
D$'D$(tD$)FD$*D$+D$,D$-3S\
L$8QT$
WD/3$4
u UPP_^]3[$
P_^]3[$
P_^]3[$
P_^]3[$
D$hD$i
D$jD$k4D$l'D$mD$nD$o
D$pOD$qD$r
D$sD$tD$u
D$vT$wD$xD$zD${D$|D$})D$~D$
RD$(Pj
D$ hD$!D$"
D$#D$$tD$%FD$&D$'D$(D$)3T
T$4RD$
D$'D$ 4D$!D$"
D$#zD$$
D$%0D$&D$'D$(D$)D$
T$4RD$$P
L$#L$(,
D$D$ 
D$!D$"D$$D$%D$&}D$'D$)dD$*
D$+#\$,D$-1D$.D$/D$0D$1[D$2MD$3D$4D$5D$6D$7JD$8hD$9D$:>D$;D$<D$=O\$>T$?D$@cD$AD$BD$CSL$DD$EVD$F
D$G;D$H0D$IT$XD$YpD$Z
D$[D$\RD$]vD$^D$_
D$`D$agD$bD$cD$d=D$e
D$f_D$gLD$hD$iCD$jtD$kD$lD$m
L$nD$oD$p\$qD$rD$sD$t
D$uD$v4D$wD$xDD$y%D$zD${9D$|
D$}D$~D$
D$LD$M
D$ND$OcD$P
D$SDD$TD$U3\
R3VD$$PQ
D$ 6T$
D$!L$'T$4L$C
D$D$"#D$#PD$$@D$%
D$&D$(D$)D$*D$+^D$,3D$-D$.,D$/
D$1D$2D$30D$5
D$7D$8T$9D$<D$=
D$>D$?D$@XD$A~D$B`D$DdD$EBD$FD$GL$HD$JD$KoL$LD$MD$ND$OD$PD$QD$RGD$S?D$T7D$UkD$VD$]zuD$^D$`L$WD$XD$YD$ZD$[;D$\]L$_D$aD$bD$c_D$dD$ePD$fSD$gD$hT$i3d$
uKL$lQD$
$PT$pRj
u8T$`D$eD$
RPD$htD$isD$jeD$krD$lv
D$l{D$m:D$nYD$oD$px\$qD$rD$s'D$t4D$uD$v
D$wzD$x
D$y0D$zD${D$|D$}D$~D$
D$D$ tD$!FD$"D$#D$$D$%D$&3d$
D$D$ tD$!FD$"D$#D$$D$%D$&3
D$D$ tD$!FD$"D$#D$$D$%D$&3
RD$P{D$Q:D$RYD$SD$Tx\$UD$VD$W'D$X4D$YD$Z
D$[zD$\
D$]0D$^D$_D$`D$
D$D$ tD$!FD$"D$#D$$3]$
QD$${D$%:D$&YD$'D$(x\$)D$*D$+'D$,4D$-D$.
D$/zD$0
D$10D$2D$3D$4D$
D$D$ 3d$
RD$8{D$9:D$:YD$;D$<x\$=D$>D$?'D$@4D$AD$B
D$CzD$D
D$E0D$FD$GD$HD$
D$D$ 3d$
SUD$lVMW
D$SD$UD$hL$mL$Yj
oPL$XD$pD$qD$rD$s
D$tuD$vD$wD$xD$yD$X=D$YDD$Z%D$\"D$^cD$_
\$`miT$YT$`kg
L$SL$]T$_L$eT$f3D$PD$RaD$TlD$U.D$Vc\$WD$Y
D$\nD$^rD$`\$aD$bjD$c(D$deD$g
L$PL$$T$\L$
t$ T$(;D$
D$p3PL$\$
5L$DQk
L$\Qh`
T$@RD$@PL$@QT$@R
D$ L$$T$DD$dL$|T$(D$,L$0
D$(PhA
D$45 B
D$x^D$ymD$z
T${D$|<D$}D$~D$
|$ fD$PD$
PL$$Qj
D$lD$msD$nD$o D$pD$qD$rD$sD$t}D$uD$v1D$xD$y
D$zD${OD$|D$}D$~D$
~dkDVb
D$$PD$l
SD$1D$4D$
D$T$ D$!
D$"ND$#pD$$D$%nD$&D$'D$(D$)dL$*D$+
D$,.D$-
D$.D$/D$0D$5D$6D$7D$8TD$9
D$:iD$;D$<
D$=L$>D$?D$@
D$AD$B,D$CzT$DD$E
D$FD$GD$HD$IhD$JwD$KD$LKD$MrD$ND$OvD$PD$Q1D$RsD$SD$T
D$VD$Yj*D$
PD$<D$_lD$`D$b5D$cD$dD$e@*
RD$hPj
PL$dQ$l
{3NW|$
QxVD$DD$QWD$l{D$m:D$nY\$oT$pD$qD$rD$s'D$t4D$uD$v
D$wzD$x
D$y0D$zD${D$|D$}D$~
D$AMD$B.D$CD$DVD$ED$FD$GCD$ID$J
D$LlD$MUD$NL$OD$PD$QD$RD$S
D$TD$VD$WD$Xc3
D$kD$#D$\D$]D$^:D$_
D$`cD$a
T$bD$cD$d/D$e?D$f\$gD$hD$iFD$jD$
D$D$ D$!!D$"3L
D$D$ 
D$!tD$"ZD$#
D$$]D$%~D$&MD$'+D$(D$)D$@D$AD$BD$C\D$D'D$ED$F?D$G6D$HD$ID$JsD$KT$LD$MID$N
D$OfD$P{D$Q
D$RpD$S
D$TD$U3T
RPQT$ R$
QD$4D$
D$ D$5>D$6GD$77D$8RD$9oD$:
PD$4D$
?D$D$!)D$"D$#D$$D$%SD$&
D$'ND$4dD$5
D$6iD$7
D$8|D$9AD$;
D$<hD$=UD$>pD$?
D$D$,D$7D$
D$-D$.D$/D$0D$1vD$27D$3LD$4D$5<D$63$
D$D$!.D$"ID$#AD$$D$,
D$-D$.D$/D$0SD$1D$2D$3dD$4D$5D$6D$7nD$8D$9
D$:D$;#D$<
L$IL$Sj
L$DD$0D$2D$3D$
D$5.D$8
D$HD$I~D$JD$K
D$MD$N\D$OD$PD$RpD$SD$T^D$U
D$VD$WD$XUD$Y3D$ZD$
TD$&D$ 
D$!>D$"MD$#kD$$
D$%nD$&
D$'7D$(
D$)aD$*GD$+bD$,
D$-7D$.
QD$8PR$
PVjPL$hQT$|R
P4H0H PPHLH<PlHhHX
^t9nlr
~l^h^X9nPr
~P^L^<9n4r
~4^0^ 9n
S3VD$@D$<
\$8\$(\$LD$ 
D$$PD$P
QL$\T$
RD$0PQx
jST$,R
9t$<^\$
SUW3UhB
@u+PR$
Q=mD$HD$ID$JJD$KD$LD$MD$ND$O
\$PD$QD$RAD$SuD$TD$U
D$VgD$WD$XTD$YD$Z
D$[CD$\D$]
D$^D$_
D$`?D$aD$b D$c)D$dD$eD$fD$gSD$h
D$iND$jpD$kD$lnD$mD$nD$oD$pdD$qD$r
D$s.D$t
D$uD$vD$wD$xD$yD$z
D${zD$|^D$}BD$~}D$
@u+PD$LPNpHD$ 
D$"ZD$#oD$$aD$%
D$&D$'"D$(ZD$)
D$*D$+D$,D$-
D$.HD$/}D$0D$1D$2D$3"D$
@u+PT$$RNTID$4j
D$<D$=;D$>;D$?D$@D$A
D$BD$CD$D"D$E)D$FD$GD$HD$I
D$JD$K
D$LD$Mi\$ND$OD$
D$`D$ D$!D$"fD$#D$$D$%_D$&KD$'R
t$XD$H
D$`PL$
L$`k|$\
QSUV_3NW|$
R@Nf-d
+AJf-d
M$SVjQ
T$0RD$
D$4ZD$5D$6PD$7D$8tD$
D$D$ PWX
uD$=D$ D$8j
PD$(D$@
D$AD$BD$CAD$DuD$)HD$*7D$+D$,D$-5PW
uSD$,D$ D$(j
PD$(D$0)D$1D$2D$3D$)D$*D$+D$,
PL$(t$XhB
L$(QD$,hB
C;L$l_
aL$p]G
L$L_^d
PL$,t$\Dh<B
L$,QD$0tB
SWL$l\$
L$dD$`
L$P^]d
UVQT$$R
;0u8;u4@
Vt$ Sj
Vt$ Pj
~TL$$\$$
VB][_^
V-][_^
}VL$$\$$
PRT$ RD$
F$PD$ 
PD$(|N
VWF$jP
QSUVWt$
F$_^][d
QSUV3NW|$
k*$ANf-t
D$#D$ D$!5D$
QRT$(R
W~$Wuf?b
SW^$St
L$$L$0BD$+D$5D$!D$%D$&[T$'D$(bD$)nD$*D$,D$-D$.D$/D$1D$2xD$3D$4L$
FD$D$ 3I
PD$(PL$PQ
T$HRPD$LP
L$8D$;D$
D$<0D$=D$>YD$@D$AD$BD$CD$DD$E
D$FrD$GID$HpD$ID$JD$KD$
D$D$ D$!D$"D$#~P
N<QPT$PR
D$HPPL$LQ
F-uFW|$
6F-t_^[
F-uFW|$
;w'r+~(
F-t_^[
SUW3D$PD$L
|$HD$8
;u3M0;t
E(U$PRj
v9\$Lr
@u+PRL$@
t9|$Lu3M0;t
U(E$RPj
 9\$Pr
L$$D$`
|$,D$P
D$<D$`
D$<M,T$
E(U$PRj
U(RU$RP4p
WD$4PL$,D$
U(RU$RP]
3WD$4PL$,
L$ ht$ ;t$
0#;t$ 
tLJ-u@J
t;uSPT$pRL$ yL$ ,gt$ ;t$(
L8[|$P
D$<M,T$
E(U$PRV(D$(
PQD$pPL$0D$l
=yL$(Q
|$(|$,
PQT$pRL$ D$l
^L$T_]d
QT$$T$
L$,QPn
l$D\$8
L$(QUT$
SUl$ _
T$$D$$G
t*Hu;G O
T$$RSP
t$ ;|][_^
VD$HLj
3^L$D0
_"]z[f
3^L$Db
3D$DD$HD$LD$PfD$D
A2fD$Vj
PQT$dJ
xSD$4D$CVcQWD$OD$#3D$8{D$9:D$:YD$;D$=D$>D$?'D$@4D$AD$B
D$CzD$D
D$E0D$FD$GD$HD$ID$JD$LD$M2D$NT$PD$
D$ lD$!UD$"D$$D$%D$&D$'
D$(L$)D$*D$+T$,3
D$0D$1D$2ID$3dL$43
D$p|$lD$\
D$0|$,D$
L$ 3}ej
WD$`P$
jWT$|5}
WT$`R$
L$,QPh
\$,|$(D$
|$h_;^\$dD$P
~dSVt$
AOu_^[
@D$X(D$Y
D$[D$\D$]D$^>D$_D$`D$a(D$b@3W
D$ XD$!D$"M5
^_]3[$@
>D$_D$ 2D$!W!
AD$lBD$m
D$nD$o[D$pD$qbD$rnD$sD$tD$uD$vD$wD$
|D$lPW
+D$`D$aD$b
D$crD$dID$epD$fD$gD$hD$iD$jD$
|T$`RW
D$8+D$9D$:D$;~D$<D$=
D$?D$@\D$AD$BD$CD$Dp\$ED$F^D$G
|D$8PW
D$T^D$UZD$VD$WD$XD$Y
D$Z}D$[D$\CD$]
\$_D$`D$aD$b7D$
&D$D$ 
D$!d\$"D$#D$$g
D$xD$yD$zD${D$|D$}D$~D$
|T$xRW
_D$(PL$
D$-D$.
D$/)D$0D$1
D$3D$4D$5*D$6
D$D$ D$!2D$"
\$#D$$)3
D$D$ D$!xD$"D$#tD$$D$%t
D$PD$ fD$!D$"[D$#D$$aD$%YD$&3
]D$lPL$,
D$pSD$qD$rD$sD$tD$ulD$vD$wHD$xND$y0D$zjD${D$,!D$-vD$.D$/qD$0
D$1vD$2
D$3gD$4I\$5D$6A\$7
D$(D$)D$*D$+D$,D$-D$.D$/D$0D$1D$2D$3D$4D$53t
|T$(RW
_D$8D$9D$:D$;D$<D$=D$>D$?D$@D$AD$BD$CD$DD$ED$FD$GD$H3t
|D$8PW
D$LD$MCD$ND$OD$PD$QXD$RjD$SD$T\$UD$V D$WD$X5D$YD$Z4D$[D$\D$xD$y+D$zxD${D$|D$}
|T$LRW
D$|BD$}
D$~eD$
D$`@D$aD$bD$c
D$dD$eD$fD$gD$hD$iD$jD$($D$)D$*wD$+WD$,D$-D$.D$/D$0xD$1D$2P3\
QD$TD$@+D$A~D$B
D$CD$D1D$E"D$FID$GD$HD$ID$JD$KTD$LD$MD$NHD$OD$PD$Q&D$T&D$U
\$VD$W:D$XD$YD$Z'D$[D$\D$]D$^D$_&D$`AD$aTD$bD$cgD$d
D$,mD$-D$.D$/
D$0D$1`D$2SD$3
D$4D$5D$6
"L$8QL$P
D$<uD$=
D$>D$?D$@LD$AD$B6D$CMD$D
D$ESD$FD$GXD$HD$ID$JD$KD$L
D$M9D$PJD$Q
D$R|D$S
D$T_D$U6D$VXD$W<D$XSD$Y$D$ZWD$[D$\pD$]D$^tD$_1D$`ID$a
AOu_^(C
_^3[U- B
=~mVW+Z
SU-,C
FI;0C
WD$X{D$Y:D$ZYD$[D$\xD$]D$^D$_'D$`4D$aD$b
D$czD$d
D$e0D$fD$
\$9D$:
\$;D$<?\$=D$><D$?KD$@
D$AxD$B
D$CsD$D
D$E5D$FpD$G
D$h{D$i:D$jYD$kD$lxD$mD$nD$o'D$p4D$qD$r
D$szD$t
D$u0D$vD$
D$7D$9RT$8
D$9ZD$:
D$<0D$>3D$?DD$@
D$AwD$B
D$C|D$D
D$E:D$F
D$4TD$5,D$6|D$7
D$9|D$:,D$;D$<PD$=\$>D$?)D$@D$AD$BND$CED$ D$!
D$"D$#5D$$ZD$%D$&CD$'D$(D$)D$*
D$+ED$,D$-D$.*D$/3$
D$ICD$J
D$KYD$L
D$MtD$N
D$OwD$P
D$QED$R3D$SVD$T8D$ULD$V~D$W;D$XCMD$FD$HD$D
T$ED$G`D$IL$JD$K
D$LND$MD$N?D$OD$PD$QD$RD$S3D$TD$UD$VD$WmD$ =L$!D$"aD$#D$$oD$%sD$&pD$''D$(
D$)D$*0D$+T$,D$-D$.D$/;D$0f
D$1pD$2D$33
Hfmfmfmfm
|D$xTD$y,D$z|D${
D$}|D$~,D$
|fmfmfmfm
D$HD$IZD$JLD$KD$LD$MOD$ND$OsD$PED$QD$R^D$SD$TD$UeD$VD$W
D$%D$& D$'D$(D$)0D$*D$+3D$,6D$-D$. D$/D$0D$1
ND$ D$!
D$"D$#`D$$ZD$%D$&KD$'^D$(&D$)D$*
D$+KD$,D$-D$.3T
$fmfm\
D$$D$%ZD$&LD$'D$(D$)OD$*D$+sD$,ED$-D$.^D$/D$0D$1eD$2D$3
 D$D$ D$!
D$XPUj
D$xPUj
T$hRUX
L$4QUj
Q#_#^[S
Q##_^[Vh
L$8V54B
SVf58C
|,W3D$LTD$ML$ND$O
L$QD$RD$SD$TPT$UD$VSD$W)D$XD$YD$ZND$[ED$\D$
*D$ D$ ;f=
|D$%L$&L$)D$*PD$?OL$,
D$HD$gD$$TD$'
D$+T$-D$.SD$/)D$0D$1D$2ND$3ED$4D$5\$6D$7D$8D$:*D$;
L$<D$=iD$>vD$@ D$A0D$BpD$CD$DZD$ELD$FD$GD$ID$JsD$`'D$a8D$bD$cVD$d"D$eD$f
D$iD$jD$k
D$lT$mD$nD$oD$poD$qD$r.D$szD$tD$uD$v
D$wD$x(D$yD$z\${D$|DL$}D$~D$
|$dSD$hD
|$`F<D$`D
QT$dRj
D$0f8C
BD$PD$ rD$!oD$"cD$#
T$$D$%AD$&D$'hD$("D$)D$*
D$,D$-T$.D$/
D$0D$1D$2
D$3'D$4;f8C
_^L$0P
_3^L$0P
D$lxSD$TD$cUVD$lD$r
\D$2D$5WD$\{D$]:D$^YD$_D$aD$bD$c'D$d4D$eD$f
D$gzD$h
D$i0D$jD$k\$lD$mD$nD$q2D$rD$sD$tcD$uyT$wL$xD$,(D$-uD$.D$/D$0/D$1D$2D$3bD$4hD$5D$7
D$8c\$:D$;D$<D$=D$>D$?"D$@T$AD$BD$CD$D
D$FD$G1L$H3\
D$,/D$-?D$.D$/D$0D$1FD$2D$3D$4D$5D$6D$7U\$8D$9D$:D$
D$tD$ oD$!(D$"D$#D$$D$%D$&D$'
D$)D$*S3
0fmfmfmfm
D$XD$LD$TPT$P
D$XD$YD$ZyD$[D$]D$Q{D$R
\$SD$T
D$UdD$Lf8C
L$$D$%cD$&tD$'iD$(v\$)D$*ZL$+D$,
UQSUT$ R
L$|_^]3[.K
VxWD$DD$J
D$ST$4T$CcL$ND$UD$YL$^T$i/D$0{D$1:D$2YD$3D$5D$6D$7'D$84D$9D$:
D$;zD$<
D$=0D$>D$?D$@D$AD$BD$E2D$FD$G\$HD$IyD$K\D$LD$MD$OD$PD$QSD$RD$TvD$VD$W
D$XAD$ZpD$[ID$\D$]}D$_D$`LD$aD$b3L$cD$dD$e:D$f
\$gD$h
L$jD$kD$t(D$uuD$vT$wD$xD$y$
D$zD${bD$|hD$}D$~
D$sD$(D$lL$.P2D$,
D$p!D$qqD$rD$seD$tD$uD$vD$-D$.D$/D$0
D$1D$3w_$
D$&QT$ 
D$"aD$#
D$$QD$%4D$&FD$'0D$(YD$):D$(f8C
D$$A\$%D$&tD$'iD$(vD$)eD$*SD$+GD$,
=lG<VD$ P<Sj
VsD$,cW=4C
\D$ dD$"D$#D$$D$%D$&
D$'D$(
L$)D$*D$,S\
tM~TWD$
F\F\L$0_^
D$yD$~
D$rD$}
D$`D$a#D$bD$cHD$f&D$g^D$h
D$iD$j&D$kDD$lD$mD$n&D$o D$pT$qD$sD$tD$u$D$v7D$wD$xgD$yD$zD${
D$|PD$~
fmfmfm
T$dD$jD$lD$,WD$hL$xL$)T$,T$1PT$(
D$mkD$nD$oD$p
D$qMD$s`D$uD$vD$w
D$xND$yD$z?D${D$}D$(D$)D$*D$+D$,D$.\$/D$1D$2L$3D$6D$7D$8L$9
D$$D$.QT$($
D$)]D$*
D$+TD$,
D$-WD$.
D$/DD$0
D$1]D$3wD$4
D$5{D$6
D$7aD$8
D$9gD$:;D$;rD$<
D$=hD$>
D$AtD$B
D$C D$DsD$E
D$FuD$G
D$HrD$I
D$JoD$K
D$JD$ND$XD$Y8D$ZD$[WD$\T$]D$^D$_D$`\$aD$b
D$cD$dD$eD$fcD$HD$IMD$K#D$LzD$MD$OD$PD$QDD$RWD$SD$TD$UD$Vc3
xD$*D$0D$$ND$%dD$&pD$'|D$(sD$)iD$+~D$,=D$-^D$.rD$/oD$1=D$2QD$3^D$4
'|f8C
L$PD$QcD$RtD$SiD$TvD$UeD$VND$WID$XSD$Y
PL$$Qj
kdkhklf8C
C#5,C
stVD$$P
SUV|D$x,L$2L$5PED$1D$6L$8
L$ED$K
WD$4TD$7
D$;D$=D$>SD$?)D$@D$AD$BNT$C\$DD$ED$F
D$GD$HD$J*D$KD$L
D$MiD$NvD$P D$Q0D$RpD$SD$TZD$ULD$XD$Y#D$ZD$[HT$\\$]D$^&D$_^D$`
D$aD$b
T$cD$dD$eD$f'D$g(D$hL$iD$jlD$kD$lD$mD$nID$oD$p
D$qD$rD$sFT$tD$uGD$vL$wD$x
D$y3d$
fm"|D$
?D$D$ D$!D$"D$$BD$%(D$&wD$'
D$(sD$)YD$*{D$+TD$,
D$-D$.
D$/D$0qD$1pD$2J3
fmfmfmfm
|zD$3D$#D$$D$%D$&AD$'\$(D$)6D$*D$+fD$,D$-8D$.~D$/D$0D$1D$2q\$
D$D$ D$!D$"
fmfmfmfmfmfmfmfmh
tD$iD$ vD$!eD$"OD$#PD$$
L$|_^]3[/3
,|D$1L$2L$5D$6
D$KHpWD$4TD$7
D$;D$<PD$=D$>SD$?)D$@D$AD$BND$CED$DD$ED$F
D$GD$HD$IPD$J*D$K
\$LD$MiD$NvD$P D$Q0T$RL$SD$TZD$ULD$VD$WD$XOD$YD$dD$e#D$f
D$gD$hED$iD$j&D$k^D$l
D$mD$n
D$pD$qD$r
D$sL$tD$uD$vdD$wD$xtD$y
D$zD${D$|j\$}D$~D$
&|-4C
VL$\L$(2L$.AL$#3D$]eD$^rD$_sD$`iD$aoD$bnD$c
D$)D$*PD$+D$,WD$-D$/T$0D$1D$2D$
D$uD$ 
\$!D$"D$$"D$%qD$&
T$$D$%cD$&tD$'iD$(vD$)eD$*MT$+\$,f8C
SL$@Qh
PSL$lQR
~WT$ R
UPS,C
_^]3[i.
SUV|,L$
L$(L$5
PT$'T$4ID$
D$:L$<L$=f
D$?WD$
D$#\$$D$%D$&SD$')D$(D$)D$*ND$-D$.
D$/D$0
\$1D$2*D$3D$4D$5#D$6D$7HD$:&D$;^D$<
D$=T$?D$B
D$DD$ET$FD$GD$HD$I$D$J;D$K>3
9fmfm\
|nD$RD$V4C
\$Q\$_
D$TVD$VrD$WsT$XL$YD$[
D$\WT$]D$_RL$`D$auD$btD$d
L$`_^]3[0+
_^3[VS
WD$8TL$9D$:D$;
D$=L$>D$?D$@PD$AD$BSD$C)D$DD$ED$FND$GED$HD$
D$'D$ ;3\4
|D$$TL$%D$&D$'
D$)L$*D$+D$,PD$-D$.SD$/)D$0D$1D$2ND$3ED$4
D$'D$ ;3
ND$ED$ D$L
D$MDD$ND$O`D$P"D$QD$R
D$TD$UT$VD$W
D$XD$YD$Z*D$[ D$\;3\
`@u|$`OG
GuD$$f
@u|$`+OO
_^[]SUl$
SFJ;f@C
AH-<C
|,UD$:D$=D$
VD$<TL$=D$?
L$BD$CD$DPD$ED$FSD$G)D$HD$ID$JND$KED$LD$
D$ D$!D$"
D$$\$%D$&
D$''D$(;3T
|6zD$VT$`D$fD$mT$z
\$Q\$cD$qD$t
D$PD$RD$SAD$TL$UD$WD$XfD$YD$Z8D$[~D$\D$]D$^D$_qD$a\D$bmD$d
D$eD$gD$h~D$i
D$kD$ljD$nD$o1D$pD$r\$sD$u
D$vdD$wD$xD$yHD${D$|D$}ZD$~
j5T$T$
D$7D$$D$,D$-\$.D$/>D$0D$1D$2vD$3SD$4D$5
D$8LD$
D$ D$!KD$"5D$#3
T$<RS*
VT$2T$5T$#
WD$4TD$5,\$7D$8
D$:,D$;D$<PD$=D$>SD$?)D$@D$AD$BND$CED$DD$ 
D$!GD$"D$#]D$$"D$%D$&
D$(D$)D$*
D$,D$-T$.D$/'D$0;3L4 
T$ST$W5
D$H6D$J%D$K
D$LRD$MD$ND$OD$PD$QuD$RD$TD$U}D$VD$XD$Y{D$ZD$[
T$\D$]
D$^D$_
D$`/D$aD$bgD$c
D$dPL$eD$fTD$gD$h\$iL$jD$k,D$lWT$mD$nKD$oSD$p
D$q4D$rD$s?D$tT$uD$vD$wD$xD$yD$zN\${D$|
ePD$ 9D$!
D$#1D$$
\$&D$''D$(<D$)4D$*4D$+
D$,x3t
UD$ Pj
_^]3[$
L$4QUy%
+PUS:-
WD$8TL$9D$:D$;
D$=L$>D$?D$@PD$AD$BSD$C)D$DD$ED$FND$GED$HD$
D$'D$ ;3\4
|D$$TL$%D$&D$'
D$)L$*D$+D$,PD$-D$.SD$/)D$0D$1D$2ND$3ED$4
D$'D$ ;3
ND$ED$ D$L
D$MDD$ND$O`D$P"D$QD$R
D$TD$UT$VD$W
D$XD$YD$Z*D$[ D$\;3\
|$`D$8P$l
L$hQ3A
|$`T$$R$l
PD$hP3A
U3VWD$,D$$
_^3]L$ 
;u"T$8RUV
[_^3]L$ s
l$@u*D$8=DB
V[_^3]L$ 5
L$8=DB
D$ u"T$8=DB
u0L$8=DB
QPVSUV
T$@RUV
D$DPUV
L$ QKD$ |$8D$
L$PQ=DC
L$@DC
VEPEPEPEPV
EE/EbE
EEEKEEEEzExEUEcE
EVEsECEqE)E
EVEsECEqE)E
EVEsECEqE)E
EVEsECEqE)E
EVEsECEqE)
EEE]EJEsEEjE
EtEEE
EuEyE\EElE3SD5
EPEP-%
HZPVPh
3M_^[`
SVWE3EEETE}EEEEzE!E3L
EEE-EE
EfEEEEEEEEE
u9EPPu
H;|[t$
ElWE E!E"TE#}E$E%
E&iE'E(!E)qE*E+eE,E-E.E/E0-E1E2
E3fE4E5E6
E7E8E9
E:E;{E<
E=E>CE?[E@EAEBECED/EEb]FEGEHEIEJEKELEMKENEOEEPzEQxERUEScET
EUEV1EWEXEY
EE}E<EE
EEEEEKEEDE1EEEgEEE}EE5E
 @:|5@B
WSE Ph
EPWSu|
WEPShLB
EdPM\Ed=EeEfEgEhEi
EjEkE\E]E^lE_E`EaEbEchPW
EPuxEPSh@B
t[EdEeEfEg
Ej}EkE\tE]E^
E_aE`lEatEbEcw3L
WEPSh8B
uxPh0B
3Ml_^[
WYYM_^
ElEEEEEEgEEJEEEiE(E
)ESE E!>E"E#SE$E%E&E'gE(CE)E*E+AE,E-8E08E1E2%E3E4]5E6
E7E8E9E:'E;E<pE=E>=E?FE@hEAEBdj:EPM0ECEDEEEFwEGEHEIEJqEK=ELEMENEOEP-EQKERESETjEU~EV_EWEX+EY`EZ
E[wE\FE]lE^K]_E`EaEb/EcEd
EeEfEgEhEi4MQh
;u;VSSSSEPEPu|u
EPux2YY
EPMh<B
DDDDDDDDDDDDDD
$UQQSVWd5
SVWE3PPPuu
 E_^[E]D$
E[UQSE
k 3@[UQ}
u@3VZ 
USVWUj
t.;t$$t(4v
EEPuuu
VC20XC00U
33333]^]
]_^[]UL$
8t3^[_m
B8t6t8t't
YHUQQS]
}K;Mr.}
3u+PSv
t6tA)E
33Mu;u
YYj`hB
f8MZuH<
PfYuEP
XPuVVPK}9uu
DDDDDDDDDDDDDD
u.;58C
Yu35|#C
tAt2t$
=N@uNVEP
3;tMu
+SVWEePEEEEd
EP[YYE
EE8csmu1Ex
EPQ3VW
>csmu>~
iPVYYj
VP]UQQVu
tu$u u
WEPEPVu u
;EsVS;7|B;w
;Er[_^U$E
;csmVW
uEPEPVu u
UM~$E8s
(u$}u Mu
ShYY_^[
u u$u uu
tP8csmu,9x
U$Ru u
Pd 3@_^]
YYt-V5$
PYF,;t
PYF4;t
PYF<;t
PYFD;t
PYFH;t
PyYFT=x
Y}F`E;t
FdE;tM
3VWhDB
YYt+V5$
mVW_^]M
_VW3h C
F$|3@_^
YYu#Wv
EtVMf9MZ
_^[UQE
tc;t_F,98uXF4;t
YYF0;t
P|v<j?
YYv,jv<bYYF@;
P9YYFP;
Y_^VNd;
3;t/A,
QuYFd^j
$YUSVu
^[U$,T
3MEEEEE
It.ht lt
HHt`HHt\
@PEPC@
YYE}[E
@@@u3@t
t$ERPWS\=
~DE]EM3f
CYCY~-
uMEFYE
W3;u4DP
^_UQQM
MOI;|9M
3@_^[U
WI <}}
MLD3#um
#Mj _^{
;]r;]u&
]#\D\D
RY]WYE;
}8VvYE;t*GHE;r
PWu@WrEWP
9]uK;u
E;t#GHE;r
PWuWuC
9]u";u
VWS58C
EE;u`9
3FVWS58C
VCYu3hB
;ru,hB
;r3_^j
$Y3}3F95T"C
u79=8C
u!5T"C
W>+~'WPv
Y}3u;58C
tVPVnYY3BU`(C
F3u`(C
uMSW<\"C
_3[@^3^
Y^UQQSV5
3<a]]t
qtb+tG
VbtFHt+
r$$w@
Y]3u;58C
4VYY`(C
ULSVWj
MQ@Puu
e_^[j8h B
u8SS3FVh
6PnYE;
?PYE;t@E
t!SS9]
uUY9]t
E;tSSu
e}VSWU
33M;u#utY;t1uSW
EPWu uc%
u9]t#W
PYY}Pg@<Yv"PXE;j
S]WSfhB
RYUQSVW}
_^[VW39=8C
t.t$<"u
u_^S39
;Y=4"C
U*V8E>=Yt
t7VPkYY
3Y]_^[54"C
@B8\t8"u&
_[UQQSVW39=8C
EHY("C
3_^[QQx#C
SSS+S@PVSSD$4
;t2U;YD$
t#SSUPt$$VSS
_^][YY
;rUVWD$
3_^][Hj
VWumhB
_^[Vt$
F3}we=8C
(Y!}SzYEMJ
u%9=|#C
Wj@3Y %C
EVEP5$&C
 t6SUW
VPVPV5
@;rD3Ar
j@3Y %C
@;vAAy
I3A!%C
M_^[,j
+Y3}=#C
YE;uo>$&C
u5EP3GWh
]6Vv Nv$Fv(>v,6v0.v4&v
vDvHvLvPvT
Y^UV3PPPPPPPPU
t+t'NW8u
_^UWVSM
[^_UV3PPPPPPPPU
$sF ^Vt$
^]}@d;
t78t2=
E}u]G#
_};=8C
t@ t20t$@t
/t(;t$;t
8EPuuu
uW>Y?j
WWWWVSWu
YYE;t2WWVPVSWu
3j hpB
HHtjHHtF
u9S\UC\
}]39Mt
[^_UQQE
WVE;Yu
 EU_^j
YYH}Fj
M^[yUWVSM
YY^3^%pB
e33Mu;u
xYY9]t
EPMQsM
MQMQMhUMQB
oM(dM8P8B
xUPMMP8B
MhaMPdB
$uO@J?
MNM_M_X
MNMNxN
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/~
map/set<T> too long
invalid map/set<T> iterator
SeDebugPrivilege
Kernel32
LoadLibraryA
list<T> too long
--%s--
%c%c%c%c%c
%d:%d,
[%d] %s
Description
ServiceName
invalid string position
string too long
bad allocation
Unknown exception
Microsoft Visual C++ Runtime Library
Program: 
<program name unknown>
A buffer overrun has been detected which has corrupted the program's
internal state.  The program cannot safely continue execution and must
now be terminated.
Buffer overrun detected!
A security error of unknown cause has been detected which has
corrupted the program's internal state.  The program cannot safely
continue execution and must now be terminated.
Unknown security failure detected!
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
kernel32.dll
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
`h````
ppxxxx
(null)
CorExitProcess
mscoree.dll
runtime error 
TLOSS error
SING error
DOMAIN error
- This application cannot run using the active version of the Microsoft .NET Runtime
Please contact the application's support team for more information.
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point not loaded
Runtime Error!
Program: 
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
user32.dll
InitializeCriticalSectionAndSpinCount
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
CloseHandle
CreateFileA
ExpandEnvironmentStringsA
WaitForSingleObject
SetEvent
WaitForMultipleObjects
CreateEventA
CreateThread
GetLocalTime
HeapFree
DeleteFileA
CreateProcessA
WriteFile
GetTempFileNameA
GetTempPathA
HeapAlloc
GetProcessHeap
ReleaseMutex
CreateMutexA
GetCurrentProcess
CreateRemoteThread
GetProcAddress
GetModuleHandleA
WriteProcessMemory
VirtualAllocEx
lstrlenA
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
GetFileAttributesA
lstrcatA
GetSystemDirectoryA
lstrcmpiA
UnmapViewOfFile
GetFileSize
MapViewOfFile
CreateFileMappingA
FindClose
FindNextFileA
lstrcmpA
GetLastError
FindFirstFileA
lstrcpyA
SetFilePointer
ReadFile
GetTimeZoneInformation
GetTickCount
LoadLibraryA
GetModuleFileNameA
GetCurrentDirectoryA
MoveFileExA
CopyFileA
GetOverlappedResult
LockResource
SizeofResource
LoadResource
FindResourceA
ResetEvent
GetVersionExA
HeapReAlloc
IsBadWritePtr
GetVolumeInformationA
DeviceIoControl
DefineDosDeviceA
QueryDosDeviceA
KERNEL32.dll
MessageBoxA
wsprintfA
SetWindowsHookExA
USER32.dll
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegDeleteValueA
RegOpenKeyA
CloseServiceHandle
OpenServiceA
OpenSCManagerA
QueryServiceStatusEx
IsValidSecurityDescriptor
AddAce
GetLengthSid
AllocateAndInitializeSid
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
GetTokenInformation
InitializeSecurityDescriptor
RegEnumKeyExA
ADVAPI32.dll
ExitProcess
RtlUnwind
RaiseException
GetStartupInfoA
GetCommandLineA
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
SetUnhandledExceptionFilter
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InterlockedExchange
VirtualQuery
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
TerminateProcess
HeapSize
VirtualProtect
GetSystemInfo
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
IsBadReadPtr
IsBadCodePtr
GetACP
GetOEMCP
GetCPInfo
InitializeCriticalSection
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
FlushFileBuffers
SetEndOfFile
.?AVexception@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
.?AVbad_alloc@std@@
.?AVtype_info@@
pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
pppppppppppppppppppppppppppppppppppppppppp
ppppppppppppppppppppppppppppppppppqf
pppppppppppppppppppppppppppq7
G7''ghw(9eoppppppppppppppppppp@'
?`?????
a????B+l
W1?|?@
????5@
p?<`?$
?YC`???M
?????>
?T;e?;??
??- ??
?D??????
??????
??>?U -???
<`??V?
I?4??????
`3RO?
I?4??????
G??ofs^y
m9^uw??
6}{}y\{o9{y
`??R?@
???h@
???h@
$!P/@
>??l??
5??????u?0?p
???0??
5??`???u?
??,??,
jjjjjj
jjjjjj
jjjjjj
jjjjjj
        h((((                  H
(null)
         (((((                  H
         h((((                  H
                                 H
BBBBBBBB
BBBBBB

Process Tree

0e5db0cb32b2c2a1974722c3252eaf9dad7fead3e2f85d173360bcb8fe0de094.exe (2400) "C:\Users\Administrator\AppData\Local\Temp\0e5db0cb32b2c2a1974722c3252eaf9dad7fead3e2f85d173360bcb8fe0de094.exe"
- tserv.exe (1404) C:\Windows\tserv.exe s
- notepad.exe (2004) C:\Windows\System32\notepad.exe C:\Users\Administrator\AppData\Local\Temp\CA35.tmp

0e5db0cb32b2c2a1974722c3252eaf9dad7fead3e2f85d173360bcb8fe0de094.exe, PID: 2400, Parent PID: 2948

default registry file network process services synchronisation iexplore office pdf

tserv.exe, PID: 1404, Parent PID: 2400

default registry file network process services synchronisation iexplore office pdf

notepad.exe, PID: 2004, Parent PID: 2400

default registry file network process services synchronisation iexplore office pdf

Hosts

No hosts contacted.

DNS

No domains contacted.

TCP

No TCP connections recorded.

UDP

No UDP connections recorded.

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Name	fc17c5a549f33421_tserv.wax
Filepath	C:\Windows\tserv.wax
Size	5.2KB
Processes	1404 (tserv.exe)
Type	data
MD5	`e478f5d317a2f88b4ebde58604273599`
SHA1	`33d5b55725218efce3a596db1c6af13d7fec1fe6`
SHA256	`fc17c5a549f33421ed2be880e7412e4daf0a9fba1a087dab9e098e1f46f68e2d`
CRC32	`DEF0284B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	47f323b0032c184a_~332.tmp
Filepath	C:\Users\Administrator\AppData\Local\Temp\~332.tmp
Size	58.0B
Processes	1404 (tserv.exe)
Type	ASCII text, with no line terminators
MD5	`efad221e8ed53b0141f4ee661cb633ab`
SHA1	`d0cba357ebdd0502194ef9860b2224165ffab23f`
SHA256	`47f323b0032c184ae313ce8a9b304190a0b9883621afb74bd196f6e9ea93084e`
CRC32	`F2A31F54`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	036165a4cebd4cd1_ca35.tmp
Filepath	C:\Users\Administrator\AppData\Local\Temp\CA35.tmp
Size	69.0KB
Processes	2400 (0e5db0cb32b2c2a1974722c3252eaf9dad7fead3e2f85d173360bcb8fe0de094.exe)
Type	data
MD5	`0a59560330fc7f6484ca5ad56ad15ad6`
SHA1	`01fab1f5a860725f033c25f6ba17ac083e4eb14c`
SHA256	`036165a4cebd4cd1c17623410fa766da7ec747fb85fa53c0bf1749499cbd9b4c`
CRC32	`D61D330B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b8301ecbe4463fb86ad9f189e65243bea9a6d0cb
Size	804.1KB
Type	ASCII text, with CRLF line terminators
MD5	`f3e45c9604c00913ff6c9d14f600de1a`
SHA1	`b8301ecbe4463fb86ad9f189e65243bea9a6d0cb`
SHA256	`9f65ae636ddbe61af71f62ffcd96ed584169ed1e56b7b843dcc645d58006abb9`
CRC32	`61624DE0`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	6e4f68f3a775b5253bc735fc88197015578b6ee1
Size	804.1KB
Type	ASCII text, with CRLF line terminators
MD5	`c2500c313ad759757b648f5cdf6f99bb`
SHA1	`6e4f68f3a775b5253bc735fc88197015578b6ee1`
SHA256	`20bdad2e90e7911bb715cb6f290fc8fc1de4b6c95ceb8cb3a41a4d1d84af55f7`
CRC32	`98936495`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

reg_key	HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs				reg_value	msji449c14b7.dll
reg_key	HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\tserv				reg_value	C:\Windows\tserv.exe s

ALYac	Trojan.GenericKD.30865232
APEX	Malicious
AVG	Win32:Warezov-FL [Wrm]
Acronis	suspicious
Ad-Aware	Trojan.GenericKD.30865232
AhnLab-V3	Worm/Win32.Warezov.R227713
Antiy-AVL	Worm[Email]/Win32.Warezov
Arcabit	Trojan.Generic.D1D6F750
Avast	Win32:Warezov-FL [Wrm]
Avira	WORM/Stration.C
BitDefender	Trojan.GenericKD.30865232
BitDefenderTheta	AI:FileInfector.B7B4D1F315
Bkav	W32.AIDetectVM.malware1
ClamAV	Win.Worm.Warezov-6804540-0
Comodo	Worm.Win32.Stration.DR@13yt
CrowdStrike	win/malicious_confidence_90% (W)
Cybereason	malicious.6e5a35
Cylance	Unsafe
Cynet	Malicious (score: 100)
Cyren	W32/Warezov.YBCD-4106
DrWeb	Win32.HLLM.Limar.based
ESET-NOD32	Win32/Stration.DR
Emsisoft	Trojan.GenericKD.30865232 (B)
Endgame	malicious (high confidence)
F-Prot	W32/Warezov.AI@mm
F-Secure	Worm.WORM/Stration.C
FireEye	Generic.mg.98e40dc6e5a35dd0
Fortinet	W32/Stration.46FD!tr
GData	Trojan.GenericKD.30865232
Ikarus	Win32.Warezov
Invincea	heuristic
Jiangmin	Worm.Warezov.avj
K7AntiVirus	Trojan ( 00010be51 )
K7GW	Trojan ( 00010be51 )
Kaspersky	Email-Worm.Win32.Warezov.gen
Lionic	Worm.Win32.Warezov.tpLU
MAX	malware (ai score=88)
Malwarebytes	Worm.Stration
MaxSecure	Worm.Warezov.GEN
McAfee	GenericRXFJ-CM!98E40DC6E5A3
MicroWorld-eScan	Trojan.GenericKD.30865232
Microsoft	Worm:Win32/Stration.M@mm
NANO-Antivirus	Trojan.Win32.Warezov.fadsim
Panda	W32/Spamta.BV.worm
Qihoo-360	HEUR/QVM08.0.C5AC.Malware.Gen
Rising	Worm.Stration!1.B560 (CLOUD)
Sangfor	Malware
SentinelOne	DFI - Malicious PE
Sophos	Troj/Agent-BAKM
Symantec	W32.Stration!gen

registry	HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Internet Security
registry	HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps
registry	HKEY_LOCAL_MACHINE\SOFTWARE\McAfee.com\Personal Firewall
registry	HKEY_LOCAL_MACHINE\SOFTWARE\Zone Labs\ZoneAlarm