File Activation.exe

Size 2.5MB Resubmit sample
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 af7b61261f759397631558ad000e7a5e
SHA1 080f802094c35e37904f2af973d6108e4babfc7d
SHA256 17125c2e138a7a5a6eada90265312110ae94f1dd373545b37620a0d8421ab0c2
SHA512
0c5dee4e1aad59173fd9c5717ae44b863dd2681938bc972d275d8857244185f61bdcfa5a14e32198f6e02f4a95975891efd7ad33f06b2af2442e0d764568c4f8
CRC32 0D22383B
ssdeep 49152:gCDLk1jC607cyecl2GwH/fz0mFB2YdSfpbpZF05R53DfZ4v9ZFIM/2:to1jH2cvahuwmOYIfpNQPN4lNO
Yara
  • IsPE32 -
  • IsWindowsGUI -
  • IsPacked - Entropy Check
  • HasOverlay - Overlay Check
  • HasDigitalSignature - DigitalSignature Check
  • PEiD_01086_Microsoft_Visual_C___8_0__MFC__ - [Microsoft Visual C++ 8.0 (MFC)]
  • PEiD_01686_Petite_v2_2____www_un4seen_com_petite_ - [Petite v2.2 -> www.un4seen.com/petite]
  • PEiD_02152_StarForce_V3_X_DLL____StarForce_Copy_Protection_System_ - [StarForce V3.X DLL -> StarForce Copy Protection System]
  • Contains_PE_File - Detect a PE file inside a byte sequence
  • contentis_base64 - This rule finds for base64 strings

Score

This file shows numerous signs of malicious behavior.

The score of this file is 4.2 out of 10.

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Information on Execution

Category Started Completed Duration Logs
FILE Oct. 16, 2018, 11:59 a.m. Oct. 16, 2018, 11:59 a.m. 28 seconds

Machine

Name Label Started On Shutdown On
win7x64 win7x64 2018-10-16 11:59:02 2018-10-16 11:59:30

Analyzer Log

2018-10-16 04:59:01,046 [analyzer] DEBUG: Starting analyzer from: C:\mocqsz
2018-10-16 04:59:01,078 [analyzer] DEBUG: Pipe server name: \\.\PIPE\oSKPewyROrFHTqfq
2018-10-16 04:59:01,078 [analyzer] DEBUG: Log pipe server name: \\.\PIPE\VKHpankBVfSoPuziOuSVSy
2018-10-16 04:59:01,078 [analyzer] DEBUG: No analysis package specified, trying to detect it automagically.
2018-10-16 04:59:01,078 [analyzer] INFO: Automatically selected analysis package "exe"
2018-10-16 04:59:03,635 [analyzer] DEBUG: Started auxiliary module Disguise
2018-10-16 04:59:03,901 [analyzer] DEBUG: Loaded monitor into process with pid 508
2018-10-16 04:59:03,901 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2018-10-16 04:59:03,917 [analyzer] DEBUG: Started auxiliary module Human
2018-10-16 04:59:03,917 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2018-10-16 04:59:03,917 [analyzer] DEBUG: Started auxiliary module Reboot
2018-10-16 04:59:04,104 [analyzer] DEBUG: Started auxiliary module RecentFiles
2018-10-16 04:59:04,104 [analyzer] DEBUG: Started auxiliary module Screenshots
2018-10-16 04:59:04,104 [modules.auxiliary.screenshots] WARNING: Python Image Library is not installed, screenshots are disabled
2018-10-16 04:59:04,276 [lib.api.process] INFO: Successfully executed process from path u'C:\\Users\\zamen\\AppData\\Local\\Temp\\Activation.exe' with arguments '' and pid 2320
2018-10-16 04:59:04,759 [analyzer] DEBUG: Loaded monitor into process with pid 2320
2018-10-16 04:59:05,446 [analyzer] DEBUG: Received request to inject pid=2320, but we are already injected there.
2018-10-16 04:59:07,255 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2018-10-16 04:59:14,026 [lib.api.process] INFO: Memory dump of process with pid 2320 completed
2018-10-16 04:59:14,461 [analyzer] INFO: Process with pid 2320 has terminated
2018-10-16 04:59:14,461 [analyzer] INFO: Process list is empty, terminating analysis.
2018-10-16 04:59:15,476 [analyzer] INFO: Terminating remaining processes before shutdown.
2018-10-16 04:59:15,476 [analyzer] INFO: Analysis completed.

Cuckoo Log

2018-10-16 11:59:02,221 [lib.cuckoo.core.scheduler] INFO: Task #17: acquired machine win7x64 (label=win7x64)
2018-10-16 11:59:02,242 [modules.auxiliary.sniffer] INFO: Started sniffer with PID 13421 (interface=eth2, host=192.168.128.109, pcap=/opt/cuckoo/storage/analyses/17/dump.pcap)
2018-10-16 11:59:15,215 [lib.cuckoo.core.guest] INFO: Starting analysis on guest (id=win7x64, ip=192.168.128.109)
2018-10-16 11:59:29,972 [lib.cuckoo.core.guest] INFO: win7x64: analysis completed successfully
2018-10-16 11:59:33,136 [lib.cuckoo.core.plugins] WARNING: The processing module "Suricata" returned the following error: Unable to locate Suricata binary
2018-10-16 11:59:37,432 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f54be84d390>: Failed to establish a new connection: [Errno 111] Connection refused
2018-10-16 11:59:37,433 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f54be84dc90>: Failed to establish a new connection: [Errno 111] Connection refused
2018-10-16 11:59:37,434 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f54be84d210>: Failed to establish a new connection: [Errno 111] Connection refused
2018-10-16 11:59:37,434 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f54be84dc50>: Failed to establish a new connection: [Errno 111] Connection refused
2018-10-16 11:59:37,435 [lib.cuckoo.core.plugins] ERROR: Failed to run the reporting module "ElasticSearch":
Traceback (most recent call last):
  File "/opt/cuckoo/lib/cuckoo/core/plugins.py", line 533, in process
    current.run(self.results)
  File "/opt/cuckoo/modules/reporting/elasticsearch.py", line 196, in run
    self.connect()
  File "/opt/cuckoo/modules/reporting/elasticsearch.py", line 79, in connect
    if not self.es.indices.exists_template("cuckoo_template"):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/client/utils.py", line 69, in _wrapped
    return func(*args, params=params, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/client/indices.py", line 491, in exists_template
    name), params=params)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/transport.py", line 327, in perform_request
    status, headers, data = connection.perform_request(method, url, params, body, ignore=ignore, timeout=timeout)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 105, in perform_request
    raise ConnectionError('N/A', str(e), e)
ConnectionError: ConnectionError(<urllib3.connection.HTTPConnection object at 0x7f54be84dc50>: Failed to establish a new connection: [Errno 111] Connection refused) caused by: NewConnectionError(<urllib3.connection.HTTPConnection object at 0x7f54be84dc50>: Failed to establish a new connection: [Errno 111] Connection refused)

Signatures

This executable is signed
The executable has PE anomalies (could be a false positive) (5 events)
section \x00
section .idata
section
section lieuiulo
section clunvhqx
One or more processes crashed (49 events)
Time & API Arguments Status Return Repeated
Oct. 16, 2018, 7:59 a.m.
__exception__
stacktrace:
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77cd9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77cd9ea5

exception.instruction_r: fb e9 4e 01 00 00 60 8b 74 24 24 8b 7c 24 28 fc
exception.symbol: madTraceProcess+0x4eb4a1 activation+0x53b0b9
exception.instruction: sti
exception.module: Activation.exe
exception.exception_code: 0xc0000096
exception.offset: 5484729
exception.address: 0x93b0b9
registers.esp: 1638276
registers.edi: 0
registers.eax: 1
registers.ebp: 1638292
registers.edx: 11345920
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
success 0 0
Oct. 16, 2018, 7:59 a.m.
__exception__
stacktrace:

                
            
            
            
exception.instruction_r: fb e9 f4 01 00 00 8b 0c 24 83 c4 04 c1 e7 08 47
exception.symbol: madTraceProcess+0x1df74c activation+0x22f364
exception.instruction: sti
exception.module: Activation.exe
exception.exception_code: 0xc0000096
exception.offset: 2290532
exception.address: 0x62f364
registers.esp: 1638244
registers.edi: 2002452712
registers.eax: 29938
registers.ebp: 3997028372
registers.edx: 0
registers.ebx: 230633
registers.esi: 3
registers.ecx: 6486497
success 0 0
Oct. 16, 2018, 7:59 a.m.
__exception__
stacktrace:

                
            
            
            
exception.instruction_r: fb e9 02 05 00 00 89 e6 81 c6 04 00 00 00 53 bb
exception.symbol: madTraceProcess+0x1e04f4 activation+0x23010c
exception.instruction: sti
exception.module: Activation.exe
exception.exception_code: 0xc0000096
exception.offset: 2294028
exception.address: 0x63010c
registers.esp: 1638244
registers.edi: 2002452712
registers.eax: 25421
registers.ebp: 3997028372
registers.edx: 752855560
registers.ebx: 922200128
registers.esi: 3
registers.ecx: 6513323
success 0 0
Oct. 16, 2018, 7:59 a.m.
__exception__
stacktrace:

                
            
            
            
exception.instruction_r: fb e9 3b fe ff ff 5d e9 66 fb ff ff 89 0c 24 e9
exception.symbol: madTraceProcess+0x1e0d6c activation+0x230984
exception.instruction: sti
exception.module: Activation.exe
exception.exception_code: 0xc0000096
exception.offset: 2296196
exception.address: 0x630984
registers.esp: 1638244
registers.edi: 0
registers.eax: 1259
registers.ebp: 3997028372
registers.edx: 752855560
registers.ebx: 922200128
registers.esi: 3
registers.ecx: 6490811
success 0 0
Oct. 16, 2018, 7:59 a.m.
__exception__
stacktrace:

                
            
            
            
exception.instruction_r: fb 52 89 e2 e9 7d fa ff ff 5c 89 0c 24 b9 04 00
exception.symbol: madTraceProcess+0x35c6f6 activation+0x3ac30e
exception.instruction: sti
exception.module: Activation.exe
exception.exception_code: 0xc0000096
exception.offset: 3851022
exception.address: 0x7ac30e
registers.esp: 1638244
registers.edi: 6523355
registers.eax: 30681
registers.ebp: 3997028372
registers.edx: 3221225781
registers.ebx: 8045875
registers.esi: 0
registers.ecx: 508905
success 0 0
Oct. 16, 2018, 7:59 a.m.
__exception__
stacktrace:

                
            
            
            
exception.instruction_r: fb e9 24 00 00 00 5d 81 c5 04 00 00 00 81 ed 04
exception.symbol: madTraceProcess+0x35e232 activation+0x3ade4a
exception.instruction: sti
exception.module: Activation.exe
exception.exception_code: 0xc0000096
exception.offset: 3857994
exception.address: 0x7ade4a
registers.esp: 1638244
registers.edi: 6523355
registers.eax: 26823
registers.ebp: 3997028372
registers.edx: 8076212
registers.ebx: 1572262182
registers.esi: 0
registers.ecx: 508905
success 0 0
Oct. 16, 2018, 7:59 a.m.
__exception__
stacktrace:

                
            
            
            
exception.instruction_r: fb 52 55 e9 6e 00 00 00 29 ce 59 01 c6 e9 64 01
exception.symbol: madTraceProcess+0x35d9f8 activation+0x3ad610
exception.instruction: sti
exception.module: Activation.exe
exception.exception_code: 0xc0000096
exception.offset: 3855888
exception.address: 0x7ad610
registers.esp: 1638244
registers.edi: 0
registers.eax: 26823
registers.ebp: 3997028372
registers.edx: 8052600
registers.ebx: 1572262182
registers.esi: 1549541099
registers.ecx: 508905
success 0 0
Oct. 16, 2018, 7:59 a.m.
__exception__
stacktrace:

                
            
            
            
exception.instruction_r: fb 51 b9 10 e7 fe 77 57 bf 28 b7 ef 7f 81 c7 98
exception.symbol: madTraceProcess+0x35fd9e activation+0x3af9b6
exception.instruction: sti
exception.module: Activation.exe
exception.exception_code: 0xc0000096
exception.offset: 3865014
exception.address: 0x7af9b6
registers.esp: 1638240
registers.edi: 12004451
registers.eax: 8059200
registers.ebp: 3997028372
registers.edx: 2003237412
registers.ebx: 8052626
registers.esi: 2009938116
registers.ecx: 2002702828
success 0 0
Oct. 16, 2018, 7:59 a.m.
__exception__
stacktrace:

                
            
            
            
exception.instruction_r: fb 56 51 c7 04 24 77 de ed 77 e9 4f fd ff ff 5c
exception.symbol: madTraceProcess+0x360815 activation+0x3b042d
exception.instruction: sti
exception.module: Activation.exe
exception.exception_code: 0xc0000096
exception.offset: 3867693
exception.address: 0x7b042d
registers.esp: 1638244
registers.edi: 12004451
registers.eax: 8088699
registers.ebp: 3997028372
registers.edx: 2003237412
registers.ebx: 8052626
registers.esi: 2009938116
registers.ecx: 2002702828
success 0 0
Oct. 16, 2018, 7:59 a.m.
__exception__
stacktrace:

                
            
            
            
exception.instruction_r: fb 53 c7 04 24 28 e0 d8 63 89 04 24 81 ec 04 00
exception.symbol: madTraceProcess+0x3604c2 activation+0x3b00da
exception.instruction: sti
exception.module: Activation.exe
exception.exception_code: 0xc0000096
exception.offset: 3866842
exception.address: 0x7b00da
registers.esp: 1638244
registers.edi: 0
registers.eax: 8062143
registers.ebp: 3997028372
registers.edx: 2003237412
registers.ebx: 8052626
registers.esi: 1259
registers.ecx: 2002702828
success 0 0
Oct. 16, 2018, 7:59 a.m.
__exception__
stacktrace:

                
            
            
            
exception.instruction_r: fb 81 eb 55 d5 f7 1d 53 89 14 24 ba d1 a9 bd 15
exception.symbol: madTraceProcess+0x36ff79 activation+0x3bfb91
exception.instruction: sti
exception.module: Activation.exe
exception.exception_code: 0xc0000096
exception.offset: 3931025
exception.address: 0x7bfb91
registers.esp: 1638240
registers.edi: 0
registers.eax: 27546
registers.ebp: 3997028372
registers.edx: 3221225524
registers.ebx: 8124388
registers.esi: 10
registers.ecx: 10000
success 0 0
Oct. 16, 2018, 7:59 a.m.
__exception__
stacktrace:

                
            
            
            
exception.instruction_r: fb 31 c9 55 e9 2a 00 00 00 58 5f 5f f7 d0 c1 e8
exception.symbol: madTraceProcess+0x36fd6a activation+0x3bf982
exception.instruction: sti
exception.module: Activation.exe
exception.exception_code: 0xc0000096
exception.offset: 3930498
exception.address: 0x7bf982
registers.esp: 1638244
registers.edi: 0
registers.eax: 27546
registers.ebp: 3997028372
registers.edx: 3221225524
registers.ebx: 8151934
registers.esi: 10
registers.ecx: 10000
success 0 0
Oct. 16, 2018, 7:59 a.m.
__exception__
stacktrace:

                
            
            
            
exception.instruction_r: fb e9 00 fa ff ff 81 ee 37 78 7b 6f 5a 5f 81 eb
exception.symbol: madTraceProcess+0x3704bd activation+0x3c00d5
exception.instruction: sti
exception.module: Activation.exe
exception.exception_code: 0xc0000096
exception.offset: 3932373
exception.address: 0x7c00d5
registers.esp: 1638244
registers.edi: 0
registers.eax: 27546
registers.ebp: 3997028372
registers.edx: 3221225524
registers.ebx: 8151934
registers.esi: 1375758944
registers.ecx: 4294942604
success 0 0
Oct. 16, 2018, 7:59 a.m.
__exception__
stacktrace:

                
            
            
            
exception.instruction_r: cd 01 eb 00 53 5a 0f bf f2 64 8f 05 00 00 00 00
exception.symbol: madTraceProcess+0x370915 activation+0x3c052d
exception.instruction: int 1
exception.module: Activation.exe
exception.exception_code: 0xc0000005
exception.offset: 3933485
exception.address: 0x7c052d
registers.esp: 1638204
registers.edi: 0
registers.eax: 1638204
registers.ebp: 3997028372
registers.edx: 8129946
registers.ebx: 8128079
registers.esi: 807645049
registers.ecx: 629360632
success 0 0
Oct. 16, 2018, 7:59 a.m.
__exception__
stacktrace:

                
            
            
            
exception.instruction_r: fb 52 e9 94 fd ff ff c7 04 24 48 82 db 00 89 2c
exception.symbol: madTraceProcess+0x3774c7 activation+0x3c70df
exception.instruction: sti
exception.module: Activation.exe
exception.exception_code: 0xc0000096
exception.offset: 3961055
exception.address: 0x7c70df
registers.esp: 1638244
registers.edi: 0
registers.eax: 27917
registers.ebp: 3997028372
registers.edx: 4294942356
registers.ebx: 8182206
registers.esi: 1375758944
registers.ecx: 607947094
success 0 0
Oct. 16, 2018, 7:59 a.m.
__exception__
stacktrace:

                
            
            
            
exception.instruction_r: fb 51 89 14 24 56 be 3e ef 29 7b 89 f2 e9 d1 fd
exception.symbol: madTraceProcess+0x384a0e activation+0x3d4626
exception.instruction: sti
exception.module: Activation.exe
exception.exception_code: 0xc0000096
exception.offset: 4015654
exception.address: 0x7d4626
registers.esp: 1638232
registers.edi: 6476762
registers.eax: 31540
registers.ebp: 3997028372
registers.edx: 6
registers.ebx: 57663820
registers.esi: 8208051
registers.ecx: 6
success 0 0
Oct. 16, 2018, 7:59 a.m.
__exception__
stacktrace:

                
            
            
            
exception.instruction_r: fb 83 ec 04 89 14 24 c7 04 24 25 31 44 09 89 04
exception.symbol: madTraceProcess+0x3845ec activation+0x3d4204
exception.instruction: sti
exception.module: Activation.exe
exception.exception_code: 0xc0000096
exception.offset: 4014596
exception.address: 0x7d4204
registers.esp: 1638236
registers.edi: 6476762
registers.eax: 31540
registers.ebp: 3997028372
registers.edx: 6
registers.ebx: 57663820
registers.esi: 8239591
registers.ecx: 6
success 0 0
Oct. 16, 2018, 7:59 a.m.
__exception__
stacktrace:

                
            
            
            
exception.instruction_r: fb e9 49 01 00 00 01 f0 e9 99 01 00 00 01 c7 58
exception.symbol: madTraceProcess+0x3849a3 activation+0x3d45bb
exception.instruction: sti
exception.module: Activation.exe
exception.exception_code: 0xc0000096
exception.offset: 4015547
exception.address: 0x7d45bb
registers.esp: 1638236
registers.edi: 6476762
registers.eax: 31540
registers.ebp: 3997028372
registers.edx: 4294938580
registers.ebx: 2308422997
registers.esi: 8239591
registers.ecx: 6
success 0 0
Oct. 16, 2018, 7:59 a.m.
__exception__
stacktrace:

                
            
            
            
exception.instruction_r: fb 55 57 89 1c 24 50 53 bb 83 ff 9d 7d e9 a4 fc
exception.symbol: madTraceProcess+0x38561b activation+0x3d5233
exception.instruction: sti
exception.module: Activation.exe
exception.exception_code: 0xc0000096
exception.offset: 4018739
exception.address: 0x7d5233
registers.esp: 1638232
registers.edi: 6476762
registers.eax: 31729
registers.ebp: 3997028372
registers.edx: 4294938580
registers.ebx: 1893777985
registers.esi: 8211338
registers.ecx: 6
success 0 0
Oct. 16, 2018, 7:59 a.m.
__exception__
stacktrace:

                
            
            
            
exception.instruction_r: fb b9 61 9a d2 5f 50 89 3c 24 bf 0d 51 74 3f 81
exception.symbol: madTraceProcess+0x38555b activation+0x3d5173
exception.instruction: sti
exception.module: Activation.exe
exception.exception_code: 0xc0000096
exception.offset: 4018547
exception.address: 0x7d5173
registers.esp: 1638236
registers.edi: 6476762
registers.eax: 59728
registers.ebp: 3997028372
registers.edx: 4294938580
registers.ebx: 1893777985
registers.esi: 8214207
registers.ecx: 0
success 0 0
Oct. 16, 2018, 7:59 a.m.
__exception__
stacktrace:

                
            
            
            
exception.instruction_r: fb 53 89 2c 24 53 c7 04 24 31 12 fe 70 87 04 24
exception.symbol: madTraceProcess+0x389253 activation+0x3d8e6b
exception.instruction: sti
exception.module: Activation.exe
exception.exception_code: 0xc0000096
exception.offset: 4034155
exception.address: 0x7d8e6b
registers.esp: 1638236
registers.edi: 6476762
registers.eax: 26692
registers.ebp: 3997028372
registers.edx: 8230740
registers.ebx: 1132514343
registers.esi: 2298801283
registers.ecx: 0
success 0 0
Oct. 16, 2018, 7:59 a.m.
__exception__
stacktrace:

                
            
            
            
exception.instruction_r: fb 81 e9 b7 1e fd 48 e9 59 04 00 00 81 c4 04 00
exception.symbol: madTraceProcess+0x3a8623 activation+0x3f823b
exception.instruction: sti
exception.module: Activation.exe
exception.exception_code: 0xc0000096
exception.offset: 4162107
exception.address: 0x7f823b
registers.esp: 1638200
registers.edi: 0
registers.eax: 25545
registers.ebp: 3997028372
registers.edx: 3221225524
registers.ebx: 224
registers.esi: 8351646
registers.ecx: 8355863
success 0 0
Oct. 16, 2018, 7:59 a.m.
__exception__
stacktrace:

                
            
            
            
exception.instruction_r: fb 29 f6 ff 34 0e ff 34 24 e9 ee 06 00 00 5e e9
exception.symbol: madTraceProcess+0x3a84de activation+0x3f80f6
exception.instruction: sti
exception.module: Activation.exe
exception.exception_code: 0xc0000096
exception.offset: 4161782
exception.address: 0x7f80f6
registers.esp: 1638204
registers.edi: 0
registers.eax: 25545
registers.ebp: 3997028372
registers.edx: 3221225524
registers.ebx: 224
registers.esi: 8351646
registers.ecx: 8381408
success 0 0
Oct. 16, 2018, 7:59 a.m.
__exception__
stacktrace:

                
            
            
            
exception.instruction_r: fb 50 e9 c6 fb ff ff 81 ee 31 7e ff 5e 81 ee e2
exception.symbol: madTraceProcess+0x3a89d3 activation+0x3f85eb
exception.instruction: sti
exception.module: Activation.exe
exception.exception_code: 0xc0000096
exception.offset: 4163051
exception.address: 0x7f85eb
registers.esp: 1638204
registers.edi: 0
registers.eax: 25545
registers.ebp: 3997028372
registers.edx: 116969
registers.ebx: 224
registers.esi: 4294944440
registers.ecx: 8381408
success 0 0
Oct. 16, 2018, 7:59 a.m.
__exception__
stacktrace:

                
            
            
            
exception.instruction_r: fb 56 be 7e d0 57 4e 01 f7 ff 34 24 8b 34 24 81
exception.symbol: madTraceProcess+0x3a9838 activation+0x3f9450
exception.instruction: sti
exception.module: Activation.exe
exception.exception_code: 0xc0000096
exception.offset: 4166736
exception.address: 0x7f9450
registers.esp: 1638200
registers.edi: 8361012
registers.eax: 28015
registers.ebp: 3997028372
registers.edx: 113129
registers.ebx: 47593
registers.esi: 8359909
registers.ecx: 0
success 0 0
Oct. 16, 2018, 7:59 a.m.
__exception__
stacktrace:

                
            
            
            
exception.instruction_r: fb 50 89 1c 24 bb dd df ef 7c e9 ab fd ff ff c7
exception.symbol: madTraceProcess+0x3a9f5e activation+0x3f9b76
exception.instruction: sti
exception.module: Activation.exe
exception.exception_code: 0xc0000096
exception.offset: 4168566
exception.address: 0x7f9b76
registers.esp: 1638204
registers.edi: 8389027
registers.eax: 28015
registers.ebp: 3997028372
registers.edx: 4294941884
registers.ebx: 1426090592
registers.esi: 8359909
registers.ecx: 0
success 0 0
Oct. 16, 2018, 7:59 a.m.
__exception__
stacktrace:

                
            
            
            
exception.instruction_r: fb 68 68 86 bf 5f e9 c0 fb ff ff 89 ef ff 34 24
exception.symbol: madTraceProcess+0x3aaed4 activation+0x3faaec
exception.instruction: sti
exception.module: Activation.exe
exception.exception_code: 0xc0000096
exception.offset: 4172524
exception.address: 0x7faaec
registers.esp: 1638204
registers.edi: 8389027
registers.eax: 8368701
registers.ebp: 3997028372
registers.edx: 0
registers.ebx: 1426090592
registers.esi: 8359909
registers.ecx: 2681170
success 0 0
Oct. 16, 2018, 7:59 a.m.
__exception__
stacktrace:

                
            
            
            
exception.instruction_r: fb e9 00 00 00 00 52 89 0c 24 b9 f0 e9 e6 57 f7
exception.symbol: madTraceProcess+0x3ac106 activation+0x3fbd1e
exception.instruction: sti
exception.module: Activation.exe
exception.exception_code: 0xc0000096
exception.offset: 4177182
exception.address: 0x7fbd1e
registers.esp: 1638204
registers.edi: 8389027
registers.eax: 28002
registers.ebp: 3997028372
registers.edx: 4294942068
registers.ebx: 8397169
registers.esi: 8359909
registers.ecx: 604292947
success 0 0
Oct. 16, 2018, 7:59 a.m.
__exception__
stacktrace:

                
            
            
            
exception.instruction_r: fb 50 57 e9 54 00 00 00 31 0c 24 e9 72 01 00 00
exception.symbol: madTraceProcess+0x3b0044 activation+0x3ffc5c
exception.instruction: sti
exception.module: Activation.exe
exception.exception_code: 0xc0000096
exception.offset: 4193372
exception.address: 0x7ffc5c
registers.esp: 1638204
registers.edi: 971591762
registers.eax: 31725
registers.ebp: 3997028372
registers.edx: 8385514
registers.ebx: 8418310
registers.esi: 4294938064
registers.ecx: 1993212046
success 0 0
Oct. 16, 2018, 7:59 a.m.
__exception__
stacktrace:

                
            
            
            
exception.instruction_r: fb 50 89 3c 24 81 ec 04 00 00 00 89 1c 24 e9 ae
exception.symbol: madTraceProcess+0x3b3ddc activation+0x4039f4
exception.instruction: sti
exception.module: Activation.exe
exception.exception_code: 0xc0000096
exception.offset: 4209140
exception.address: 0x8039f4
registers.esp: 1638200
registers.edi: 3621027910
registers.eax: 27931
registers.ebp: 3997028372
registers.edx: 1689708235
registers.ebx: 8402143
registers.esi: 971562530
registers.ecx: 1698101616
success 0 0
Oct. 16, 2018, 7:59 a.m.
__exception__
stacktrace:

                
            
            
            
exception.instruction_r: fb 31 f6 ff 34 33 e9 d6 02 00 00 5d 01 74 24 04
exception.symbol: madTraceProcess+0x3b3d9e activation+0x4039b6
exception.instruction: sti
exception.module: Activation.exe
exception.exception_code: 0xc0000096
exception.offset: 4209078
exception.address: 0x8039b6
registers.esp: 1638204
registers.edi: 3621027910
registers.eax: 27931
registers.ebp: 3997028372
registers.edx: 1689708235
registers.ebx: 8430074
registers.esi: 971562530
registers.ecx: 1698101616
success 0 0
Oct. 16, 2018, 7:59 a.m.
__exception__
stacktrace:

                
            
            
            
exception.instruction_r: fb e9 42 04 00 00 b8 e1 fd 77 5f 01 44 24 04 58
exception.symbol: madTraceProcess+0x3b3ac2 activation+0x4036da
exception.instruction: sti
exception.module: Activation.exe
exception.exception_code: 0xc0000096
exception.offset: 4208346
exception.address: 0x8036da
registers.esp: 1638204
registers.edi: 3621027910
registers.eax: 27931
registers.ebp: 3997028372
registers.edx: 157417
registers.ebx: 8430074
registers.esi: 4294941692
registers.ecx: 1698101616
success 0 0
Oct. 16, 2018, 7:59 a.m.
__exception__
stacktrace:

                
            
            
            
exception.instruction_r: fb 52 51 b9 d7 b5 fd 77 89 ca 59 01 d0 e9 40 03
exception.symbol: madTraceProcess+0x3b46ee activation+0x404306
exception.instruction: sti
exception.module: Activation.exe
exception.exception_code: 0xc0000096
exception.offset: 4211462
exception.address: 0x804306
registers.esp: 1638200
registers.edi: 3621027910
registers.eax: 8405508
registers.ebp: 3997028372
registers.edx: 157417
registers.ebx: 1121337987
registers.esi: 4294941692
registers.ecx: 1698678134
success 0 0
Oct. 16, 2018, 7:59 a.m.
__exception__
stacktrace:

                
            
            
            
exception.instruction_r: fb 83 ec 04 89 3c 24 50 b8 3f a2 29 7e 89 c7 58
exception.symbol: madTraceProcess+0x3b4bb1 activation+0x4047c9
exception.instruction: sti
exception.module: Activation.exe
exception.exception_code: 0xc0000096
exception.offset: 4212681
exception.address: 0x8047c9
registers.esp: 1638204
registers.edi: 3621027910
registers.eax: 8437769
registers.ebp: 3997028372
registers.edx: 157417
registers.ebx: 1121337987
registers.esi: 4294941692
registers.ecx: 1698678134
success 0 0
Oct. 16, 2018, 7:59 a.m.
__exception__
stacktrace:

                
            
            
            
exception.instruction_r: fb 53 e9 9a 00 00 00 54 58 05 04 00 00 00 83 c0
exception.symbol: madTraceProcess+0x3b4a27 activation+0x40463f
exception.instruction: sti
exception.module: Activation.exe
exception.exception_code: 0xc0000096
exception.offset: 4212287
exception.address: 0x80463f
registers.esp: 1638204
registers.edi: 3621027910
registers.eax: 8408281
registers.ebp: 3997028372
registers.edx: 157417
registers.ebx: 0
registers.esi: 4294941692
registers.ecx: 81129
success 0 0
Oct. 16, 2018, 7:59 a.m.
__exception__
stacktrace:

                
            
            
            
exception.instruction_r: fb 29 db e9 34 fc ff ff 5c 68 1c 0f 2b 2d e9 3e
exception.symbol: madTraceProcess+0x3b65c5 activation+0x4061dd
exception.instruction: sti
exception.module: Activation.exe
exception.exception_code: 0xc0000096
exception.offset: 4219357
exception.address: 0x8061dd
registers.esp: 1638204
registers.edi: 8411296
registers.eax: 28600
registers.ebp: 3997028372
registers.edx: 8440439
registers.ebx: 2093318932
registers.esi: 8411210
registers.ecx: 31336
success 0 0
Oct. 16, 2018, 7:59 a.m.
__exception__
stacktrace:

                
            
            
            
exception.instruction_r: fb 57 bf b5 5c 27 09 50 50 b8 01 69 88 54 89 44
exception.symbol: madTraceProcess+0x3b67ba activation+0x4063d2
exception.instruction: sti
exception.module: Activation.exe
exception.exception_code: 0xc0000096
exception.offset: 4219858
exception.address: 0x8063d2
registers.esp: 1638204
registers.edi: 8411296
registers.eax: 28600
registers.ebp: 3997028372
registers.edx: 8440439
registers.ebx: 4294941860
registers.esi: 322689
registers.ecx: 31336
success 0 0
Oct. 16, 2018, 7:59 a.m.
__exception__
stacktrace:

                
            
            
            
exception.instruction_r: fb 56 53 e9 8f 08 00 00 bf 00 55 7d 7f 29 fa 5f
exception.symbol: madTraceProcess+0x3bb385 activation+0x40af9d
exception.instruction: sti
exception.module: Activation.exe
exception.exception_code: 0xc0000096
exception.offset: 4239261
exception.address: 0x80af9d
registers.esp: 1638200
registers.edi: 8433242
registers.eax: 30302
registers.ebp: 3997028372
registers.edx: 0
registers.ebx: 2147483650
registers.esi: 8416526
registers.ecx: 1681260544
success 0 0
Oct. 16, 2018, 7:59 a.m.
__exception__
stacktrace:

                
            
            
            
exception.instruction_r: fb 57 c7 04 24 bd 1b ef 3f e9 4a 04 00 00 5e 31
exception.symbol: madTraceProcess+0x3bb45d activation+0x40b075
exception.instruction: sti
exception.module: Activation.exe
exception.exception_code: 0xc0000096
exception.offset: 4239477
exception.address: 0x80b075
registers.esp: 1638204
registers.edi: 8463544
registers.eax: 30302
registers.ebp: 3997028372
registers.edx: 0
registers.ebx: 2147483650
registers.esi: 8416526
registers.ecx: 1681260544
success 0 0
Oct. 16, 2018, 7:59 a.m.
__exception__
stacktrace:

                
            
            
            
exception.instruction_r: fb 52 ba f7 0b bf 5e c1 e2 01 81 c2 00 d2 9b 7a
exception.symbol: madTraceProcess+0x3bb5a9 activation+0x40b1c1
exception.instruction: sti
exception.module: Activation.exe
exception.exception_code: 0xc0000096
exception.offset: 4239809
exception.address: 0x80b1c1
registers.esp: 1638204
registers.edi: 8463544
registers.eax: 2298801283
registers.ebp: 3997028372
registers.edx: 0
registers.ebx: 2147483650
registers.esi: 8416526
registers.ecx: 4294940732
success 0 0
Oct. 16, 2018, 7:59 a.m.
__exception__
stacktrace:

                
            
            
            
exception.instruction_r: fb 52 e9 11 00 00 00 81 c6 72 4a 7f 7f 81 c6 b0
exception.symbol: madTraceProcess+0x3cad69 activation+0x41a981
exception.instruction: sti
exception.module: Activation.exe
exception.exception_code: 0xc0000096
exception.offset: 4303233
exception.address: 0x81a981
registers.esp: 1638204
registers.edi: 8524027
registers.eax: 26533
registers.ebp: 3997028372
registers.edx: 0
registers.ebx: 4005410751
registers.esi: 16922956
registers.ecx: 8495628
success 0 0
Oct. 16, 2018, 7:59 a.m.
__exception__
stacktrace:

                
            
            
            
exception.instruction_r: fb 68 06 5f e4 39 89 0c 24 e9 aa fe ff ff 81 c6
exception.symbol: madTraceProcess+0x3cb814 activation+0x41b42c
exception.instruction: sti
exception.module: Activation.exe
exception.exception_code: 0xc0000096
exception.offset: 4305964
exception.address: 0x81b42c
registers.esp: 1638204
registers.edi: 8500659
registers.eax: 26533
registers.ebp: 3997028372
registers.edx: 80172625
registers.ebx: 4005410751
registers.esi: 0
registers.ecx: 8495628
success 0 0
Oct. 16, 2018, 7:59 a.m.
__exception__
stacktrace:

                
            
            
            
exception.instruction_r: fb 52 c7 04 24 8a 62 e4 7f e9 3c ff ff ff 5a 51
exception.symbol: madTraceProcess+0x3d6796 activation+0x4263ae
exception.instruction: sti
exception.module: Activation.exe
exception.exception_code: 0xc0000096
exception.offset: 4350894
exception.address: 0x8263ae
registers.esp: 1638204
registers.edi: 8518767
registers.eax: 8547444
registers.ebp: 3997028372
registers.edx: 582600
registers.ebx: 322689
registers.esi: 12151606
registers.ecx: 0
success 0 0
Oct. 16, 2018, 7:59 a.m.
__exception__
stacktrace:

                
            
            
            
exception.instruction_r: fb 56 e9 8a 00 00 00 81 ee d9 51 d1 77 29 d6 e9
exception.symbol: madTraceProcess+0x3db892 activation+0x42b4aa
exception.instruction: sti
exception.module: Activation.exe
exception.exception_code: 0xc0000096
exception.offset: 4371626
exception.address: 0x82b4aa
registers.esp: 1638204
registers.edi: 8518767
registers.eax: 31480
registers.ebp: 3997028372
registers.edx: 604292951
registers.ebx: 0
registers.esi: 8567730
registers.ecx: 1681260544
success 0 0
Oct. 16, 2018, 7:59 a.m.
__exception__
stacktrace:

                
            
            
            
exception.instruction_r: fb 53 89 34 24 52 ba 55 be 5b 7f 81 ca 0a 0e fe
exception.symbol: madTraceProcess+0x3dc3ba activation+0x42bfd2
exception.instruction: sti
exception.module: Activation.exe
exception.exception_code: 0xc0000096
exception.offset: 4374482
exception.address: 0x82bfd2
registers.esp: 1638204
registers.edi: 8518767
registers.eax: 8570974
registers.ebp: 3997028372
registers.edx: 0
registers.ebx: 23801834
registers.esi: 8567730
registers.ecx: 82608464
success 0 0
Oct. 16, 2018, 7:59 a.m.
__exception__
stacktrace:

                
            
            
            
exception.instruction_r: fb 55 bd 00 b9 d6 7e 81 e5 31 14 be 6f 81 ed 95
exception.symbol: madTraceProcess+0x3e0b97 activation+0x4307af
exception.instruction: sti
exception.module: Activation.exe
exception.exception_code: 0xc0000096
exception.offset: 4392879
exception.address: 0x8307af
registers.esp: 1638200
registers.edi: 8518767
registers.eax: 29404
registers.ebp: 3997028372
registers.edx: 0
registers.ebx: 2133096836
registers.esi: 2009792524
registers.ecx: 8585599
success 0 0
Oct. 16, 2018, 7:59 a.m.
__exception__
stacktrace:

                
            
            
            
exception.instruction_r: fb 29 d2 ff 34 11 81 34 24 8e b5 ef 5b ff 34 24
exception.symbol: madTraceProcess+0x3e07e3 activation+0x4303fb
exception.instruction: sti
exception.module: Activation.exe
exception.exception_code: 0xc0000096
exception.offset: 4391931
exception.address: 0x8303fb
registers.esp: 1638204
registers.edi: 8518767
registers.eax: 29404
registers.ebp: 3997028372
registers.edx: 0
registers.ebx: 2133096836
registers.esi: 2009792524
registers.ecx: 8615003
success 0 0
Oct. 16, 2018, 7:59 a.m.
__exception__
stacktrace:

                
            
            
            
exception.instruction_r: fb 55 bd 5c 78 cc 50 c1 ed 08 51 e9 9d 07 00 00
exception.symbol: madTraceProcess+0x3e06f3 activation+0x43030b
exception.instruction: sti
exception.module: Activation.exe
exception.exception_code: 0xc0000096
exception.offset: 4391691
exception.address: 0x83030b
registers.esp: 1638204
registers.edi: 8518767
registers.eax: 29404
registers.ebp: 3997028372
registers.edx: 4294940748
registers.ebx: 604277079
registers.esi: 2009792524
registers.ecx: 8615003
success 0 0
Oct. 16, 2018, 7:59 a.m.
__exception__
stacktrace:

                
            
            
            
exception.instruction_r: fb 81 ec 04 00 00 00 89 14 24 e9 95 03 00 00 55
exception.symbol: madTraceProcess+0x3e12a9 activation+0x430ec1
exception.instruction: sti
exception.module: Activation.exe
exception.exception_code: 0xc0000096
exception.offset: 4394689
exception.address: 0x830ec1
registers.esp: 1638204
registers.edi: 8614132
registers.eax: 25272
registers.ebp: 3997028372
registers.edx: 1852944522
registers.ebx: 747197015
registers.esi: 2009792524
registers.ecx: 4294944540
success 0 0
Allocates read-write-execute memory (usually to unpack itself) (2 events)
Time & API Arguments Status Return Repeated
Oct. 16, 2018, 7:59 a.m.
NtProtectVirtualMemory
base_address: 0x77d3f000
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
process_identifier: 2320
process_handle: 0xffffffff
success 0 0
Oct. 16, 2018, 7:59 a.m.
NtProtectVirtualMemory
base_address: 0x77cb0000
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
process_identifier: 2320
process_handle: 0xffffffff
success 0 0
The binary likely contains encrypted or compressed data. (4 events)
section {u'size_of_data': u'0x000b9000', u'virtual_address': u'0x00001000', u'entropy': 7.983711701465119, u'name': u' \\x00 ', u'virtual_size': u'0x001ca000'} entropy 7.98371170147 description A section with a high entropy has been found
section {u'size_of_data': u'0x00032c00', u'virtual_address': u'0x001cb000', u'entropy': 7.946036365499147, u'name': u'.rsrc', u'virtual_size': u'0x000605ac'} entropy 7.9460363655 description A section with a high entropy has been found
section {u'size_of_data': u'0x00196c00', u'virtual_address': u'0x0053b000', u'entropy': 7.945756978866039, u'name': u'lieuiulo', u'virtual_size': u'0x00197000'} entropy 7.94575697887 description A section with a high entropy has been found
entropy 0.99941668287 description Overall entropy of this PE file is high
Expresses interest in specific running processes (1 event)
process System
Checks for the presence of known devices from debuggers and forensic tools (3 events)
file \??\SICE
file \??\SIWVID
file \??\NTICE
Checks for the presence of known windows from debuggers and forensic tools (3 events)
Time & API Arguments Status Return Repeated
Oct. 16, 2018, 7:59 a.m.
FindWindowA
class_name: OLLYDBG
window_name:
failed 0 0
Oct. 16, 2018, 7:59 a.m.
FindWindowA
class_name: GBDYLLO
window_name:
failed 0 0
Oct. 16, 2018, 7:59 a.m.
FindWindowA
class_name: pediy06
window_name:
failed 0 0
Checks the version of Bios, possibly for anti-virtualization (2 events)
registry HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
registry HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion
Detects the presence of Wine emulator (1 event)
registry HKEY_CURRENT_USER\Software\Wine

Screenshots

No screenshots available.

Network

DNS

No domains contacted.

Hosts

No hosts contacted.

Summary

Process Activation.exe (2320)

  • Opened files

    • C:\Windows\System32\ntdll.dll
    • C:\Windows\Globalization\Sorting\sortdefault.nls
  • Files Read

    • C:\Windows\System32\ntdll.dll

Process Activation.exe (2320)

  • Registry keys opened

    • HKEY_LOCAL_MACHINE\Hardware\description\System
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
    • HKEY_CURRENT_USER\Software\Wine
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\crypt32
    • HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
    • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT
    • HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\Tracing
  • Registry keys read

    • HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DebugHeapFlags
    • HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
    • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\PageAllocatorUseSystemHeap
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
    • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DisableImprovedZoneCheck
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDesc
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\PageAllocatorSystemHeapIsPrivate
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US

Process Activation.exe (2320)

Process Activation.exe (2320)

Process Activation.exe (2320)

  • DLLs Loaded

    • NTDLL
    • comdlg32.dll
    • version.dll
    • winmm.dll
    • wininet.dll
    • gdi32.dll
    • advapi32.dll
    • kernel32.dll
    • shell32.dll
    • user32.dll
    • ADVAPI32.dll
    • NTDLL.dll
    • ole32.dll
    • comctl32.dll
    • wsock32.dll
    • pcre.dll
    • USER32.dll
    • oleaut32.dll

PE Compile Time

1992-06-19 18:22:17

Signing Certificate

MD5 1ce268d5450627e0648c2507916d2c7f
SHA1 5a4b141cdd31c29984216ce7c0f7d1b550c03868
Serial Number 255fa7070502e22d7df85987d8a21389
Common Name Acunetix Ltd.
Country MT
Locality Ta' Xbiex

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
\x00 0x00001000 0x001ca000 0x000b9000 7.98371170147
.rsrc 0x001cb000 0x000605ac 0x00032c00 7.9460363655
.idata 0x0022c000 0x00001000 0x00000200 1.30872257653
0x0022d000 0x0030e000 0x00000200 0.255390636396
lieuiulo 0x0053b000 0x00197000 0x00196c00 7.94575697887
clunvhqx 0x006d2000 0x00001000 0x00000200 4.61857869071

Imports

Library kernel32.dll:
0x62c033 lstrcpy
Library comctl32.dll:
0x62c03b InitCommonControls

Exports

Ordinal Address Name
1 0x44fc18 madTraceProcess
This program must be run under Win32
.idata
lieuiulo
clunvhqx
VfU-0c
q9xuB0
8z7~M|
AO\)n0
W.c.+jR
njcHQK
6]f5c
_)2C[Ki
vG:?wK0
thJ=v
,rl!Tb
Pt}m)ke
lhnggi
rGo/A4
6H9B=;
Y*Z.a;
#4SK#>
JY8O_1
6M@a,u
f^Zp+K
_!3`gA
,e`R]Na
hR_AC{F
qvSH)X
^.';@#4
_y&CAA
;3"N_Wf
Hg mKF
qAyJzpb(h
{6liEgj
.%c(x!
9]VQ#dHn=1
i1OyQ[@
/OUvS1}
"HjR jj
KFv5D;
m%b?!;N
7aw[<S
`]PVwm}
`>w@5U
!QBqAT
<vW{Yl*
lr`C"-
"J%Oh^
1nWZyq
+&r\I>
_RN{@mv
Wl{@LW,
XU9Vo
O"b-aOw
z7_Ew9
y9$gZ
"*>j4M
[e eMf
xq}>y7
SX2w^Mc
-)nUeM
h{z <R[?
?rS4Tl
cz-9&J
S|O=0x
M.$iZW
_jk`JS~{
38{Mb$
_m3-i_
XT'moV_%i
|$7FiKg/
7m0^rA
V{M!mr
fH4!OW
ej-m|<
%!'m1{@
*dann7
=Drv]$-
{oe:i8
UEEMj4
N""D /S
lNmvY_
<R$D)o
yG?BK6
\alan'
m?uPz<
'n[0Bd
W!v~Vq]
Qa@BCz
bYx_A?
u}l6x"o
XB15x|
7CZ)Br
S_} 3mg
+# 2#'
NC"}cnP
JG>'CK2
fn]C,?
?k?m:>\
gK0nk]
R*eD}}
Y}g9vk
,Q~oO{y
diSR+Z
Ld:K2Z
!_z<u:
KYgW0T
]f]?3[
DZ%7{5
G]Xl 2
v p;?d
nB:#&g
lUs6cc
XiQ)J1
nYrR+.
M6UM\d
FXw_+E
Jx]n!*
b16'Q=N
?iWE@_@
\ub^_Dg
FECl9g
}prcjb
\+`9T#y
lt;TsN
9R5e>RM
]7-i'r
4Iqt-8
}s{4J,&
(z}Aty
J#nBY8
MzH)j&8
d)9QI}
7Vf`r]
oi@?%:A2dA
F 6K sDl
FBXa#i
R\SI`*
zwE!K*7
)rp<$D
mXt;rm
[3W{Rt
w_gd<J
6: IXJ
tY{sa)8ILz"T
>]~;]M
^NH9%}v
;^mdv"
:(al}b
Y9qW3V
2I9]^4
klNqA#
2?LEi9)
.ebG|(
yO&&i@-h|{
kbkfgC/
Fkc^qjXE
F>YX~1
MUi!|=
]]Q_)&
[72?Zs
:1k8z.
d\Rrz1
Sk?vcb
LitT%DK1D
MYK(u>T
[S'}[8
n(w$oI
tuSjR"{
(ym^lI
`>zMA>
0IqQJ!
`wMl]q
u~2Cj#
=Y9rV@[`
1Q^*#)
01 #Ja:
up?aXX
#-uW:z
HS@-^
1c_D0_
whc;w0
M!A[S`D
v*fJ-=
}9H?u5
"?DMnZw!T
9"2Ml!
tWCqN;_X;b
A>U5v?
Cn})/t
[g2=\sJ
m50LSW.
+f2D%mgx
6N+3X=
|+/-]&38T,
)9|4/#
Nk)<MO*
K#[".[
HxQI:~
)w3f;
BKVgh+
eb^Jm_
&{[cMr
a?AwzN
U%S).`
=^}.+j
Wgj~.P
D1},2e
B4rYY$
Hp'vTgBQ]D
.hQB>/
MQkfmV
`@^RBy'
jsC]}F
*)EF.
<+%}>A
NZ|4wl
)P=-E4
W_bOV
,lg)b
[kR"'s;
|Gh\dWmF<
JyJX^<4;
R~gyV|M
1}>Uj>
4=Ci9
_5g%;F{
mDkG)0d
X0jRhY
Ipy<6x
/{\e&\
0fe2a>
9O|WNw
S{e(f
DgB7Czc
H`i%=k
z~Zfc=
}7BONaD}
AXJ/V6
;G%abW
n}e6q"h
DFA@#C7
6VX0V{
WgnJ&Y6
@&a!'BS
oBF[}[
l}"~Ab
gwUp27
'$,@TV
V.Isl
/|b>,'1
.>;Dwk(.
7-hjpf09l
qK{TB
2i%u2It
c \ljb
-F{p:B
|;x#GG
Bu*fG
%~t3Lj
Z_!A.L
hWSfkU
{^3E3[
n_8Vl\b
;^k3U^
=lNpIy
Ip0Fw4
}3bvIr
Z7L]jp
<:bR^L
pa}(H/
JXF0/C
RE0 !i
+p4R=g
$"#]$T
/%s|go
L;qfJN
#EWtFU
ov\_:=
&R"=Q@
)UXvH}
"3bPh^v
IL]Pwv
V6'Bb@
}a?9sG
/}@'Oy
I&>L9y,<
e&&^e'1_D
}+,uMV^
#Y0aXc0
)%4tsq
o,IeC
+b."Qz
.Y3rT>
KMj2Dm
:Y!zv/:
86VI+F
:Jv&+z
U!gt*Z
7*LuZt.
1+CU0b
vUwzYY
0['J{b
zrob8>
Fsbl!_`
pm2'T7
.CxZ*(
Y(b:wD
3SLN;-90
WFZir|J
2n]$n1
w/20 7
gxWbh-
}|&Eh`
4_7/$#
>9[0VUd
R{G5RhlZ
3mf{8kc
T=-#N+
k$QWBs,3
^OhzzJ
1{)[Yh
5)b{@`
t{i9/"bVD
^*#,tS
DFI{dl&
.R=qCd
|)R!s:
IeeXn
^o*ELq
.Er["3
vg$Bs
HGD4MMR5gk
/*Na.
M_Z'si
S3Ly^@=
9Sc6sVc
O|0V5r
t_hw
.\rXMR
m"XFo"q<
VFW:AwO
iq#2dm.5
]CU)*>
P9fl(3
)In'6^
bf.aO#~rV
%Y\3gk
BH Sn.
ulr/`/_
Z,Q~jzIt
t}XH{_Z
mhNZFu
-1[JYM
d|cD1>a
h{yGqT
%842";
@Y1uyv
S},JBOK
/%ID"A
akamW
h^f]Fv&sB
]\%Fp
[911hE2
6-91Oj
o./rs1
.L^v>
4c((;Z
">K3JpbQu
UD.@]5]
iN*'JS
_oCBoh
]V0Q01w7
B=_jTc
;_b"nDUzp
jtq;4C="G
`TU,B0wLTh
zM_bk[<
"~Gt5}
mNPYu^
M d0i;|
~]8f)|
lJd}Ml
\-2da}
2x!:f-
R63ulM
q+q1c:
C91)jt$
)'Z!"?
}}#50~
Dq;'('
zT}Rrx
"L}xbJP
.)V9}K
ycgvR9
BJN"R%@
]m+r*D
~'1*n`
vjZPH]
<Q(V)c.
{J4%r3(
CZ.k_o
+|@6fs
=*[3pf%
mGK2(j
J.:*X!
{h>%k9p
z$dx"S
;q2lFO'
Zm1hs.
bVuj\b'
iN'`WS
>cP%J
<`kG,d
3elt=a
SJ.ko?
d{|5R.
rI7}1U
I}91Gz
Ygu#atz
hcfCY.
~2> `W:
)<V03?
/UR4%(r
f^%<C)
bP^Ohq
/~M&E`
Z"4<H1
vc}wxe
'(z8ib
Hm6g`
9dDcg4
doSx9:
e/Q5rK
j|OlJ<B
J vo1|
U#AW.2
WR6VHc
KE.VRF
]vN/"Mu6
<0JYs^
4_eV,Jv
M $bQ_
)g)w+ gtv;
?cAC{}Wg
XwUIQe
2`*x.8
!sj:n.F
.IYZ,>
DBNIt
O}E&+,
],70z>:
}fXr|'+
SdU_YS
,hUC+[(
u^ztMy
FelMcuJ
\)fed&
}1S&&,
ZBFv#$
-@Q]`G
Dm9E=u
=R<j*(?
iv\m,
lo<#h>
/-BTL}
FWOk$R^
{* @qb
?&_<Lm
Qmu45zOY
b)3i}GAI
GJ5_f>
L7`6J5
]h,/Uml
+GRLU#
Tm!g#H
.}3%pL
]2Eo/q'
M 9L|t?G
LP"yec$
f9z"Vr
?{>$,0
Rgg\m
nS`F}Z
:M7\"R
q)VE;0RW
i/q/R
!.uY>D
Dp(wZH
[xDJ[< {
TmI*mk
k1z{doj+
RCRgFE
x1iF]4
YdW:Cv
g[8{Es
BV-owVv
=BO3F
;K#]3K
,df!BM&
Z}r&,i
Y97C}&b
-p=y>#
."b}eP&
!b\h)}
m!Mg/Yg:
2x!*MP
2^KyKq
8YCA0F
C^$lZM
B|e:N3
GVTht*
*9o)]}
RZw=G92U
"6X)ez
uHqVe&T
j?+E`>
0_EH|<
hUlzxM
etm</lA|
+ |QS9e
D@dDqE
@3MiYY]
OKf[)T
16rZ,}
QY"oae
<HAK{bO
q#F8Vt
ieGDKj$
|_8u
Fe5B'Gj'OE
(b")ZJV
[O!$6k
zep|X\
?B?<Rj
aQo1[&
=bk\GisZ
"H.ZlW
nM;jmU
=E{-ZMZ
uXn]/C
QRV>YM
GG1M?O
r21MkO
quGYJ5
lHX5$".
HG&qdCo
g>3}xq
k)7YIw
[!`?ca
gk-Od)
9])Pj,
0Zhj)L
+tir9S
o!F.Cb
~RmFw$
k=]<NW
,;/0j/
c36F|C
=MI%1(
ac{;f,
DJqdr2=
kzRP;
yBmIfWgy"
+ /rAK
t,`mbe
<xnb-6
'J:?v'
`*^aL:
O6b|_>
g6z|w>
'6:|7>
k9q_QS
" 77Ad
b[6n|k
eSa}%^
1J&3(I
j!MY]u
k6~|{>
J*'TJP
=\Ib:,
BT#@v>
BvY{M[/o
=cMb_T
B?]8;*-
k3hN ~
NVeYmt
EA1}zN
%*-Kz1
BVY{-8/y
.-k >s
jo4Z!Ko]*
<cBO?Z
Mc1MEW
=]1M5W
6^:$si
G1)%LC
EN~9]N
YZ-DM;
eaS_);bQ
igPSFmk
#fYNA{
LaQ-QrR
2P_W(X
7gnu/I+u{
zl~WP@
2!D+J
:k.[fG
]WLw~?
=:,]+Mg
'l5m+dc
a55+}kn
n@]:47
@2!CaJ
%7`b\i
\ok}*}
n]4n,]e
!'\)WO,
_vseb5% Ojq
b;')$S
mD9Nys
MGwv-Pt
u"E<9bY
}+lsri
<S$x<r
t]MkH^@h
y'3G$Z$}
99Mb!n5
>":4!~:
*\wOby4O
1\"d~[
!=#h@b
h]Z%_Z
l,vB'b
PdbqqE
p=uz(vZ]W*
%S:ZEJq6L
ejl*Wh
9nIbSRg
;Ixgs4
5sAHQ`z
i{!C]
5i9a(
Il!p!$
^%]`yG
\2.^Zu
1o9AHL
V{;C>L
5P5Ovc
~vcA}H
"yt}X~
3&P~6Um
JekR=x6
CmAw6'
o3/W}m
dzM6~m
z^L:f!
mB)M>/m
)19^[[&\-
hn.%#;
U=\Fz;
?WK.Cx
})bW@_b
%5_j+k
<#oi5-
K[kw!Oyg
b26a|^
>>LEgc
l}//"c
-w6:nz
VylZYo
Dmk.Zl
m!9Tqy)
wiYJ;O
Sgt`5u]
cxXE<S
2k`S=UY
\xkAtY
e0]Flj
>j72?y
]RpFN
;'S\'I
RG/,3w
A:)+SD
Ewm!l\
*Ss2_'K
<QJb4c
C&J_2se
O.bh}
<h/(_yV
_.\gqi
yX_'R^
6u%|UX)
k}0}V;
W#%:]S
/RCR#6\w
kZCHJ@
Aoo- R
rp) UU
J3sZ^&
/[HUtZ
7``_UNsw
kB%tdm
i/wAOLy2
|"x-kn
);kJVe
pM]bq&
evaX1"
D(om=b
_Pw/J2
%^!q)G
H)Gu$U
fqDqo1
"M$qjg
$R:a&%5
F!-<,C
k}>HMj
9-YQ|)
yHy2gK
rx1vyXP
(Zxfb
yBbi.L)
<8"dh:
tGse'$
C]JdQl
c9^.]R
_bTNj=
h^R~0#
[dAcl
:oXFr
btR{u@
2oKs.ZE
,pu#l
4;V<w,
69J*]}
0N]EQS
b.ir6+
VhG/id.
,I^TP
}WV2uk
'P!o[RD
tpJg Q
BKZ]xg
^UE9Wgy
C~SSQQ
ObeFGG
dcj-tx
j}bm3s
qx3#FP
+V+E*)]
?3g5~cd/
nfLjJcH
ji'K,#
5Y|I<,J
`Yzy]I
fHNc*;
,IjEn:
7Z04S
)~!TZ`
4cK1C8{
N71&\N
N0Oi}HV.=WO
=[P*jc
Q"o/cL
i|$.!-ogA)
+3X}O*
.,e}N8
1:0[N5`
jAz&OT*
LE$Cg\p
!wCV|0
7bqBTa
Uqt>zn
R`)s`\
nH ca
aE/fb
E<+Whn
)a8{69R
iOZ7[9
Der!Q5
nRC^,&
](6.t
_R}UO~
N# *5g
U;^d*
SRWNCA
)37j)f>r
~zW|.p
AfLO6*
K{a.o2
U\.245
='D'YN
bCYy|c
E]&Tb_c
 tf-)t
BE-VSq"+
\!3l]}
,_.=jF.
l%kE3_
[kOEt}R
_//tXW
)l"U-
932</z
L.jPYu]H
Df28Il
-Bx?}s
2`RnM!~
pRA<G"
D}<}vW
ovq(|3
K5jo-o
(2OwrS
Qs<? R
AZf]"i
Y"$^CJr=
;U._(L16f2I\
%:~XA1
$}&5o{
{N9Dg-
I)RVLz0
c=S^g
i?:w?Y
.6Td@/
WcCF?:*
jU%ajS(k
uiJ6^
N/jZ~D{
=qRjno
1]q[&J
Kjjq~~
!s7Y(o
ICe}Sg
XtM`q[S
RV#Kzw0
&Tl6@;
Z/USS(
);+Wgm
uTO)jD
4~>QE}`k
lS[%EOpo
7(W1gY%:%3%
CCZ% 5pR
$q./<M
gQ:L&/
~QDJO)
B~lP!x
k-xG+V
iigX<J/
uoW;wv
\_6V]<.
jm0T6i
yO"7"i
_TWcXF
{J4qNv
V^.'kv
?mL[<
5!2Se
yild%
F~q$QcRU
)7iXqI3_
m-n/4]
5:#wL8
A>MjPS
".qeH+
a}bk1a
$$q7PB
O}*vgY7
FBnHYy
Qcvw?j6
>4ev]F
-N-]h_
H':J-ww9
UdC4-Q
Vj!`zj
zQX!6F
.z>vRw
4.a9lK
\GgZYG
f@%$E"
iQ4]"[
0i\g`Uz
@?UKwi
=]~z`!
l#2JHV0[[
oSS=5c
t"KFaq
T1(TX#
lM98$Z
YgyzOIj
NQgZA]
/aRwd.
?74Udq
nY:,K4
=WE*@N
pbi\|u
+G~p~>
L,_5yu
JVIQnO
vT>u=n
}_n0Zb
4m-Zu %
nY=t{b
Y,8[1A
p^T%zq
dS+An/
9S[_4N
-)~GyO
VfH/;
^)Y`'CL
\J#d\jj
ri]hLp
bh}b.k>h:$
0$,],b
wyHdu,^
0G"VIJ
[Cv -]EI
4zj7nne
8N2*R7M
~E!2"Fv
P?/HYoS
A#p&10
=\lCJgK
MZI^U!a
:Jeu>n
4H,-kR
gbJz+f
u8G[Ann3
TZ!kIJb
*G+;~C
:U+5|R(^`)
?8Rm*$
}h}|bWw4
<:#>l9
.r8sdj:
i%Dxwa
'Ig0h}7
<&.IPod
jUu.qT
{<)0P4s
diK*mUF
2*>p/VB
QvT%7kR+-
*Q!W#)V
?rO2EjCF
:WanD/
"!3EGWD
_kSURb
6ui.$
v=1_e?
{ T-{=
<'][&&
#pu&*i&
aC-Oa(
-90I3jN
DjptMj
|vQ-m4
5FQC_k*"
xnLH`F(
~z?JWo
$O\)$N}
',\A!l
8j4a9,
iI1gEol2n
(R2b-KH
[WzT7U$
_7#w!B
gHHt|Q
)@b{m"
BD`x==U0
]SW|{E@
l{-7RD
9l$Gh
U:VjW,
cTAIL$
'aHT>9
5Y9X_m
3yE|6>
8,q].Y
/:,SBP
C4f\r!
82l8YT
JWz*Uk
!SU^kJ
a]~+}fk.
O>5EMI`
[7hZ^:k
<Ew^W^
Z=i!XZ
sZj1D$
*CC;
TapC%R
S^vp8Z
vZ|*ng
0AR5Gs
J- WDM#u
h:X9<Q$
cB6]|bv
?Y$[k1
L*h_2%
4> `c7<
6N[K\X
%ev>p<
mL&Pi(
ze_^Y
U" 3Qh
%L~Km$
_wfRX Q@
mGy0C5G
lx{;1E
jK3rkz
PD':*E
paljGT
Z#:w)XF_P6
v!v>{l
IZ:KOT-
1PQK=c
@d{9_0
h{OwoM?
BIbGUUH8M
hzN+q0
Bt/02B)
h^Bd0}1
6=3PBd
Bcnkrk
).0TNkk
IO}g+#
l/jG)h
flrF+Bz
%L@9ZT
=Oj^Rt
;)|A+/
:&0{~P
#|,wUo
^6]ylm
Em5?vz
{<uuf
J:<uwS
oldZw|
:h+Xw.1
eEK3,e
D6v(>M
0MGclbk
X+I?5{
s9hhp$
;YZ@5e[
TVZuR&
7XZ(ua)
PP)V}sT
f:jN:G
W7v>2%O7v
B.L*4>
pyc{:T
RP?dsw
Ti[yc@
7Rk];,uK
U#)[PL
(}LB,`
+j2Nu;
BTYDEB
}Cv]C}
DIVLZ@0v
vKt;DY
w6p0_Y
J5HS:-
=}5"vVb
;n)N[N
wT;9D`
s1$u=J
Q6jw`*
#-<|TW
#kcU]G}W
) Mo}D
|fycb{
PXxYkKV
4(LX B
cJvSJw
"+#f*)
GgB)$G_
Te*r U
xX@a2]
X~ >RE
Kz,wU5
H5;`vB
's-U4O
T.RKO\
cwMLpil
9!"r03
.W1?#Q
u<q)+}6w4
QuXOVP
X3b*la
0b".>H_N
jVL?[-
#~[m&q
Aa{5hW
B)L".O
aXeVfL
5_;'gy
,wK\Su
{#RW#*A9Q
MJgFC!7
5GQeBUD
A*sh3[dA
Y;ZSEO
<]B?lU;T
p*${l
,i;XI-
('s\#b~
>Lh\P^*
<AI>+/
"7Ugh$0+*q
<e6sUx
+{Q^x1
Of^rW
TDb&"z
?Ca+f4
(RKQSt
~M]GFko(
e%NF`-
wVJ8q&
6L%AR'O
%Jyjb]
?6FJ!;
LcM9fwx
e&GL0C
We6"R~
yPhum|
j_W6XG
f&;gDCT
?z@/0J
^s''kZ6{u
OA-0:\
i2*1;k
k)0UWP
*1vSO>O
G@)W gB
OqJmM#x
B9,,0H1
TS_ld3
%}_h4;2
!Xz!Wh[
UCC5Z$
\K28_J
%v4-[s
7\2RK^
@ TrPh
3ET!c\
M$d*5
nT|J,4
U4v7?p
+;QgK%z>C0
vKb_4T
LPI2;S:c
4e(wuJK
boeX!C
J_^l8U^
/c%$NY
$PF<Qt
hWJ#=`
*^Z)D
hcUOks
Z0"Ui3
vD<=Rt2
B,:GOo
g8.n0a
*,Dn>N
JQf{53
-`ph7h
Ju2*5N
T)ClbU`K
%@Z7pc
`Hq`iE
e9!k!.v
4<KQ7Y
)PF>,B
2~FU)v
\?2ML-
Be6]):dvb
CNhlKT
b%*AMJ
DjmRqL
/&4d!r
J"TQF$
9]w%\U
qunCTO
4Easc4
1u;kY
J6TQ-Xc
:<v$OC
Ufu`Sf
Bg:XhP
C1V1E;"
#'K#HSQ
*Pk<#<
u^Mh_z
nWP2xU
,N(WPQ
(<;e6D
5kp#=0/
PBQAgk'*
BJ:~NVB!
-N5PR9
:xJo#Z;
GT>\?u
Tp`IP]o5
]x0xEj]
,8k#GOuplc
n] ^+QIh
!Nq$<oJ
;A7'c3
+!b;H3
CEi?u&w
Q$DKuW
x!9vb4
?9]L=k
{NzgA
cPM1]`
@zwH\v5
hJR+ad#
7,|AvKs
J.p#A5
Gc]J(Q%
;}j@.$
LqF[e Ji
4])5g=
)fP:zz
p:IOmk
JV-D"s
QGveg5Pb
c R*db@T
|y,WaCt
^(q))x
TctMq@YJ?
7;+XXe
Nf=]G$a
B0.e3r
wFlM4+
v9*44Ry
`*D4h%
A)h-{n9e9
%=S:ez
]YU-7_)
5fzHZ+r
R@EX]I '
{QjcK%L<25X
Y)JH%0
YaN~D{
@u)fK/@S
BgSxz_
cqX^*c&_Q
6TaWNw
K@45+;
^HJ7^f2_
l$Rh8B
G#)sFn
`Z<Y^n
A)_-k%]6n
,%Y_^F
Qf 0Ti
# }HuV
FBIZeG
ZmihAkM
K_[ycv
bu.\Vw
`[]ZGlx
;3qJ\
[4!C,
3=G"omI0>
lWJ`qh
Qf9dr24
BgAr/Hx<
G=v{4Y
,LT?Gp&
#km=z)
|2u#hT
UXKjY7
fLY*V
7iUFvB{
Zf43Lc
2WE]Iv
Lq#I>K
?P#-!J
z^uMr#J5
l]fOi0QW
{{"]~y
WUh)cyf
+HQ9F)Q
C[0&5,h
m0?KQk
h%he}9
^DKJ/[
:(W`T]o
&_)dA5D
!5lnhl[
Y8vt/m+
D8rc]IQaU
rJ&^,H
yq$}2m
|>p)|w
h'KH6#
+G90MQ$
Iau+anU+[
gstiee
k:TR^5
0vUyQW
b]'x}@HL
K1z$EH>
5^f2X)
+{j6DcL
~kn6F3
/RQ:t
].Q<"3
3rIFm
N"*,X|
9<@'&:
]QMhwF
"WayE>Z
t-yHX|
|H-|@6
|nUQl}2
gIJk>:
*"D3)"
[mBtQ6
QAjOm;t
Q$y+|#M
|"mu|D]y
f8uK3j
S4L$!H
,h5sb
!muA(!@
PoH33ju
7,cq<
GT!II+
&y&<HWS
`1M,y"%#z/
{$D@yM
K3&P4y
)D@5x_k
,_M_Dfz
vL>e,0!
}HC5E;
ge$5]S
rYLtp/
6mhkcX[;
_+:5K0E
7A>.As
L;q$Z|y
,0+'Qj`
nVI@{=,
IZRCD"4(
GHV>$;
*Xfv<X
&C3b`Z"
GxrPBG
8nKHGrz&
(.fbQt2
<3:+93
=x|%#L
ah Z]`
C3}<=}N
[0s:~T
$%X@}!U
!8.)@!
}@IZI
~26]1'
R2n\:c
xh#wIW."
m'XijONZc
O(r}@%~
P*7ILw
370b?[d
0tEl6.)K
Rgh(L/M
BpZ3 6$
Jtgom)M
<_]$,3
w$p_Xj
6mSY>^
lstrcpy
InitCommonControls
kernel32.dll
comctl32.dll
gK0W9
mWH)0n
ZKQ:]e
0?F!H)
@*8#?>
z_gBY
K%7[!e
>fM}TX
EqeptO
0$P9c9
ZtHWIwE
!C1#K~
jaEz!:(h
`XXJ}M
w}!Urv0
$u@pt=
n}3h!RI
K```5N{
,`%5V
X{e T
F -Q(
QuTUHR|a
T&~-<!
`D`c6=
OSG#c]
+C30@]W
!Aq{0
r:-zQ`
tXbBp"b
aK\:'D
D[ \/KO
oT |w~
`xVA%1
wL),\a
Lcp<1?.8
D K`^X
P\Pc^
p@A(Mu
dD >tK-
4}T%`b|
'PMH@A
\O6P4
qTTkp
@BAD8N
%Zl^~R
p)/rx2
uLI4}
c)Y R
s8y;9&
A;L~`!,
G~u@`+
hNl*|@
6{bjj{
'V~\RM
+[so>,
5&HvK!
h/0<laz
{_<])FA
m cI+KZ
;H_~1T
5V8fP-
P@TTXRVh
Hd3K'7d-'t
(<Oud
K%dHL
&%u[X~K]5
!^6 B
:XZ 77
jLqrpZ
B,(kY1a
\;1H:{[u
os@,V4i
7iBHBtV
yB5{'PH
{)AYV+
e[0XY9yHa~K
'[C-1K
TRQ'(K
IL YX%
\xS^P,
])%D>t
x)*!"+
-o?%P
k|6r}J
_^][ZY*X
Dz)vig
ZxaK|4p
]>&'YR
IS!2h^)`
(=)8_V+WI
%Bne4/F
Fzu8d5
i}9W0dY
5WQrID
_RqP`*|
@Ef2J-
1'0kcZ
|:(ZfQ
znZVI1
c*X;/5
"z@Kq[
EC.Ba3>
^h^>P6
9W:8\q`
-MX,+K
eW/b<EX,
yaMr<
Y:uLO_
:%Bo}G
R,<hEK
v.'TvZu
D)f/):x.K
2f-FF"
z)vh^%
/%eM'
-)!un-
>6JrsE
AaMeE3E
8G962
8$9:EP1
!Q?jt2
.~WKA(
)>;bY+
}:Fa9
.q@&:^
+!?Uq3^
-oX%1O
"D|f')
W\Y%^:h
&>O"!*
>ba?yc
^+{1J0
{`-Ej,
P3-[$-
+8u:{u
%TqZ}t
v7RtoG
K5QHe-
-<!go)UL
V@6M3/
!+)z=E
+d-u7{
:QJ3Zd
)S*!9+
2_;)Jk
`#[w%N)
K`(Z1_
s{,KT4
gb%w0G1
,)`0*_
aheBhJ
arwk]k
Z_Sv-v9p)
]$MU%n;Z
-}'j-D?
}eA%]F
Zv+3&1
/38vy9%(
%18q?'u
fe/)2:
k,B'q@
_>w{`2
qBN,!P
E:%V]/
Id6v!K
'=%_-
AjkB7)
53D~^(
~4I_y,G
U9+5{)V
iw0|7G
'!7QPh
-gW%^(
/)J6JzR
1wM+3
R@!2w~
(t"`a3
[,G1_
!x+9S%
/{U"t%
Gmth{gf
$XMJi%
9x{96%7b
F5~JX+
y7{(o&
xJ@)u|c
HqX;t_
+]J]E
-V=q^}
Zkr]gD
|/2lIH
q<IX)]
K'F8K-
j(11K
:qL@1z
)&5]|3
%Us.-^CX+
f');w2
J_%f3%
9f(MW-
RwBT]E
.gZ~(B
^1rtZY-Aq)2
Q3@`_3b
xH/?[
-e+1/
i&uY[D
cHGX38
uQ:E)]
K{Q&Vb)
h)\B+
jo%uOk
C'1p8,
1M<~\@
B4<)i\E
(SG%W0
Q H<Df
(RW~Ie
)B5f:>
|];bO8
R}Lk%1
u1t`BE
K[f%VW
6Vy#_|(
-{uK)
/ey%}l+p
l@/):R
(W9S5T
4=NU%%@N`%
n%'R;_
=Em Jn
{)-eyy(
']F WB/(
\X[*25
,W%wG1,
A@D51[
=<|sHCz
WYpIYR
$p?qP1
JRBQl?
GP*1J5
|^Rwfq
Y]Kvd!k@
P%3i0<
%%)*)^X
D=%1K!
K*hEz!
$ivvib
S'8f1
iu1c)+
`t7 "%1
Skda/1
i2uyOKU
K(Y"3/)
"f1UB&]GL
_-i;!x
@*)5~b
LHjK0Y
b<y i0
V=ZXcZ
w^4S'!
_sP/r_J
l%bI^%[
%_YQI+
_V1RD<K
e&5K,Dk
^fP%.1
-{?,s(/
#\$H'\
1-t[R\
;Q,Ityk
JE$! -
W%hqWm
0we,,Z
=?Zv>%[
uT1Rt|
7j%J'Zb
$`+sr(I
Uk}fE&)
E61x;R
lmA).
_n-]a g}N
236Wbn
XQ.z)sm
Yyk:&%
6aA3qb.)
z{~;-(e
X-;A_6
Y]Y=G1
B/+Ul[u
T-X'5Qv
w1Ji(2
)@/~tZUVqQ5
-LfZh)^&V
/q>+2:
:y9cu1
ajZwtf
]E\/|K
9"|.1
%^L%fA
_`A!gfmc
ug-e$q
Sk%Q6h
qZIp
>`B^YW
uY_kyn
fa%3t?H
R56w[((
Z]N&(
][$q?<l=
R0f$pO
=#&Yb5
F#031T
s704k:
ZIP6[5
f)8]\oTB
T>h2<^
vYrF|$1
(Gxme%<
o.1x)
RY|*b%
iiu1$)
t_VNr2F
W5i^,q
]E]-p#
9i.VSB
D@+Z053
n8 NS1
HI\*i"
l8[K-@h
)=uMT&E%
1;>)8|
)Mq#;v
B)]:.FPZ
3;:!Z2J
IuSO-]
?)\UrZ
9/%F38
4XRY<%
ty) ?3
b~FpK
sy+KVz
V>z=3Uv0%)^
[ULn-ab
QnB+9L
@*!>)r
o5^s(@)r
-3{}\?
#89:F{
`JO!E4
jF%@<1K
LqE@EL
b:JTcR[
UQkK0Y!0
P'wFf^
-%I&~-C+1
-|EX,h
.3WrFRN
#hKTvQ
y%IPW
!-@j,C
BRWs+/
b*]lB)
YOiwpi
EB/nNz!
Pf1K7b
l7bf@}
b]T3RY
O$1r-@U
-$Y1Az4
%"!>1u
Or0)~)/
8WwJ09!
!/Z,Z6
&kEU$w
f5Dh)r
A9!:*(
?JX9`83
.hh7IP
`JtkTC/E
H5R'Yc
o"4D8AJ
$h>Rll
ya}YEK8
jqs@6,?
dt%YP
FfD@1N
Yg'|NoTI
ib']:IB
#VrG_x
-vIdqZ.
3')tv'
@Y/G-^
A)7}[1$
TIoY2`
R0>!rt
1(|)Y3|
eUIp_[
32(i+S
/]:%>C
0bQFiNV
t!JO-S^-
x`U@w{
&.T_nYY
IXvkne
<G/qV>
T0%Qai
%:`jzg
%(-|/R}
b{?9$(
]Ec(g%5
N&(1Zf
uyrJ=c
bZ`$5$
8Q_)./1
6E5Y]
2*>'-eM
)Y&/:!
taf1:>
tZu[^'
.%u:fV
RWTD%SH
`"u>GN
\][NltP
l~Uj<
g"iQFiU
Mr|Si E4
|Z]2&'U
6D51qa
kfa%%@
aTZRUgn
'~PRv[
qckd'^8
,|L#LH
5*R%i&3lJ!
|I~B<-
/Cl tb
$<'_en
En%T},
^ kWGV
|URVb%
-2#c.D
bjpOi<
!~)-"<_
El6.bq
C{Iq;X
wkD2/1
u+~E'")
Z_qcM :rV=
%qfiXW_
%qYkA7
syKX6au
3_uaIL
Q~IB_2k_
/{[U.lN^1
rp%FWK
]|.[:T
2JvXRT
^Zs]1Q*Yj
uJn`I!
e''\.a
@?3J0r,
T4Zt('
{)05R~
)2az8(
)[Xx!K
xJ*cu,
=-[vbzW
+hj+W[
_Z\$i]
?Kqv#P
+&4;B
~YR`/a
^pF&#E
w4FPf_
is`;"
WqRm{;
1yULMO
]}2JWp
..Pi_x
sbiwL!
s&$gIwQ
e!%XK&
^=/eU-
-}q(Kt
y[Iw[@
/\eQJ+
ScX)Z:
(3k\@P
5k_l\J
}:O}F4W
j(LfO
'$mk\*
=?),~$+
R/~I'w
sK%\dq
5@qVB+3@9X
(RL7BI2
FE{&L,4
_VXBXx
'|QR;)Kz
WkWkZP
$+WJ6:
md&{=/
M"k)`/
FqE'`%
qa1ncr*
_|orc3
,v.cI_qL
Y|,=R+G\)'}o
-RYMkZR
r/9UV8\
O,bSI4~
0t&9f
}H1)Ra
r-@X!;)$
Q{r6-U
@*(E!S
@YAM(`X!
EFHDT'
wZQ';/
Kv=XN>'
/t&?M5
+092We
'S^Zdp
=-F5b/J
QoL2_s
,/B7_4
_B"Wan%*
r9_rg3
=*'tK{
`GeD_s
d_~)S/
h%)BYy
\0y=Iu
i|D) I^
\/i{d(
FBK910
%.*9qz
2!~='t
u0P;-[
bx!vK-:U}
^)L,$%
]v'RCkK
CLJp2u
Ub-@^L
*<)N`@
+%1F-(j5
fbHw/-
J7,U9%
0l%L|H
!WLy!K
<&qDmb)
amG-!mI
a%qGU9D
bCYJi8
/ZwTyRl<
S-JI7H
]eK5Hg
2]Wt&B)3_v
Q=k_0j
b)"1zj
,E)"!$
]QkIvb.
'38UFr
LiJ>1w
iq2&<5<
x_[D,Q
iWX#^0
:-~);87
5@\Gr]
@S7SI_
\5YG2g
8bg0S)
+(/YM
xQhR$
-DY?93~
Ay7ga<
ElGD~
Y^q?E0
_pW(.J2b
(-:1}&
=S&%(HRr
<SJZpw
63[zW
17+8?e
2:Xc_?2[
WqNKV]
.}V(X#c
]eh,Iiw
KU-I`:
cQeK3E
:}\]S^
'_1@JY
J+%|?%L
EFf6,7
&.ZWS+
X(|wI]E
\Wb5@W
3QLrz
/&%a6?H
tZQ=-qpH
}qTK~O%E
_[w-:!
|vIga.~
#291!}
XV\#p4|
-j8xKt
;Q%y2j
h/:yxS^w
~RFY_5
~un_-3:
U2^W~fr}Y_a
N'B-W8i!;
dDB+[8
'fX'12F
-Wq'Kx
)I}oL
B\}EC'
GBA)7w
3b6vSR
wVIQY*
wmtYj(
VKrw{5
a&]%b4
}E#/+iQ
)bqj0?
-WlzN@)
53{%G}az
1W:j}V]RW
%P5yDi}
UvDhd4J
),/gCiu
-Hp[Rq
T{g<O,
_fzX-C
(>(v1[
tJ5/et
bAtP'_
/CKKx)xj
y.iWsf,]b
t5.;su
Ix~U%r
'(5&%-
c8#QMpeK
+Rtbf!DO
=%WQ7I
f')8u2[
kM$0C1
p(-TOc
ipogi%
vER]lF^
eB']E^'
|3Zbp_
\1rj<U:B
.)aggH
MqZ|_!
V]r^c.
YjjW.ISO|
H@O!C%;(
/46`9%)
Q1k}b
N!_b@}
yB&BDB
Bu\7P.S
MLh$%Ye
\zuE/d19
hD%@nt"
eg4*!})
Zb.y~j
^Oo7(F
_VBRus
fiv>E%
2)}j_}
F^Px)Z
]'/}|^P
N)AnV'
&6f4#z%|
wN'z3$)
bJ7Wq}
`o)gAJ
7Y-s4'
g$iUs'
q k\vi
sS+bv)
T[RYL%}
bqf]YI
wE!-3G-
QIIBP
J()lfI
H2)UI>1
'&d1-AT!
KRu\<RX[
fd>)Y?
KUAE@(
HBK }^
2zbkwQWb
f (^Nu
Z.-Miw
V.ZbPBl
HLi|[Y
u;7ZRt3
]:$brQ
-tzUa%
rwGS;-
)@llNu
Q{LL!
O(/^,Y
^ZgCF%<
Zq/-Xk%
2Zu2wUt
i0f)M
}:wF8J
WH?>1J
]wyMD5
O!U1?
po!7)^
9I5~*)
f)3s8'
Br]vXb
u^BZbx@>f
bZ_YVI
+g%c[B^
^YZ_sw
"71{8.
}l^/%@Et/
Z;%(q h
`.P19
u^ RuN
D`St!
/-0v(&
)T_ye
&%jpul
g:G=f!
Y,K:#v
'}Eo/|
-Rc&/)u
`KQki0
nU^(bG=+
t.qb3:
DNT-+>
V5rQ;
__YkOW
C2JugLe(
*-mL6
Bz9D%*-Ck
&~urWypf)4K
k@f3Z!
Jquw-oz
Z&"F:3
kY&<!K
j5m'3-
&5nP!
B7]p1J!
l_'LU(
^DkpSV
"W(pLHL
xV2('+W
Y+q>)78
G-Sh7H3O
.$@/y}
['X-}:
qjk2Bp]
g3"^%3
k%B}_A
2p]Q7b
+o9q3|
-M&AXs
viU<@^
),kbQ6
n@aBfSc
%?MhKt
[BGUy=
_Lg/9;|I
H=v4R)Z
|`i}$i
9a!zob
4}2wQ8
hEg%we
u~zZWs
(LZbJ)
. iVPkW
U~QZ]T3
r"(5~J
G {,`)K
[TmbUV4X
V%n^$k
:-}TBP
YBUUtuz]L
t~R]LQP
4KT5h!E
EI-B/8
J%Y~B)
/s?</(
|"kP3K
eq/FCN3
KFbH)?N
IJpu{-D
|OPf)i
}:DFYJ
1_B~l=N
n){o4t
9s$s+X
:yfK%1
Qe_%p{p
~n)[b)
F,8%Vd
Jet$m%e0'}
;SF@a!
%TPE?!
)!mmHS
-[*"=%
x*>4x%
wH.KdD
@ll{j'1
#/U>Kp
4Z3f!r
q&k\Cm
wQ[MXn
9?<KXx
u!'.^A
V)8w.[
KNiO@-
u1h5R7
sLsK5#
2c9}~zH
i 0wN|
SNb9Up
;)813:
vjd%!-
^z)-f+Zz
S",c-|
loG ]^
qQ+{t}
\)[z's~-
%wN~DjF
Np,+1*
wRYt#Q
3YV uL
@9,(pZ
1Z.VN%>
Ez!S'w
^qHfV>
[{(c(
5ks:)Z,
4B@V1Q
/8*^ub
QQk^#RU
5VzZzm
7%/7(y
f/),+5
Y+Zu:y
&%|Y]K~
^mr!bf1
Z3fL%d
f?7Q/~.
:Z\7'W
ZbN|tn
uSJ:(#
MZu|$Z|
autUsf
IHpQK;
%h'UOO
Rw:@#j
K}N^b3
N^2p%U
/+>w2$
E_'D*I
JIIU1'@r
I%saf1
w2f_E2
-&L|+[
q_.gqt
(Q|MYot$
0Ql'ND
R)#t*
0-ls|;
*d!D[)
5g"fi>
:p~ i}F
t]ZWs9
viRBFsA
L]^hZU
g.N59U
w\@RW
Q\iBFj
h.)w`w
L&~EZT^i
GW'WDa
DAz)-!
4'f9'3
]:mBk2
?YO-t3%
!_z7t{
`U:.w[
^l1r%@]4*
'^DZJ_g
DF'18S
Z\a%}e
S'NSJ-
B%_YkK
m(:)|/
bY2{\RJe
'W1^8w
kzSYbJX
`_Hn!~
jwld6?
WqI&.'
g'^8b)
0y+)i
D{UGF~
-)8txZ
5:UUA?(/(
;q%5@>(<
,QRf#}N
5(*uoK
%(~ld_
s</(e
]q2IeY
S>-N+W
|)?aX(
+'fc*!
`%1}eO
) L014
!?,@%;
45_QSB1
9cejm_
!=-7A{
$B+AD8
1'HiuD
_D)Da'zt
7;rQ3U\,
oh4 JD3
/!9;4[
,c'OUS
VbeTzt
/u1o~r
Q8iT2i
5'#AQ/
u[=$*`3
@Ro3L0
ZH+kNe
]^SB;}
6M4GF$
%v.-e0-
a/\|j$%lZ
X+H`Yu
I]yAd!
_ez/sa-
5QJ")JI
0S38!_
.|K}/:I
-;Tyzu
H5(&!*L
1G(7[uuR[
Vmf2x
!'bDul
-Tur"=
^f;_12/
_y]Ee
:a<E(>
-E!Kk)
QV$h9)
i_E?/0
r1UP~I
FZwv2Rwe%
B1:_~$P
YUQ(K]
5dV;].
k|=kp=
E-'a29f5h
Ut~Q%#
sbRhl$
<UL8pP
y|k{m~
0UbDiw:
<Z}0s'
b(\wX+
TuZ\y9O
3F")21
3-aO`,
f)3}s~
R)3b;W
iT"'njN
RB$Uj6j
~#3/~}k
3t>'EH%
9!cqPz
;iU+`e
JYRvLE
qj%@(
&-r%J5
IP^[Q5\
'k`3b-R
@zA`|t
)Z-7Mc.
Q#UqcB
Je\/Tn']
wv<Q(
%RwkTRQ$
<u~MY+
{5q?.
V}ei-:
2Rwv!k
#:K\l
#'E~%U
M/^#/G
Eabc4(
wL8!*!|:
b}wX@)
qcI[C'
BM`<-v
>^(9g.
E%!^?,
RbwwSe
+:%P=0g
{tk[%v
"pRHz
mg/~,K
\'ul%K
A eD XG
c `h 7m2Cq)v
f\!`a@e
@kV@pJ@t
@aT@ejdh)l
t6 T:2
C@"x@&
.4 h8 B< VA
k Jp Dv "{2
e@".@'b@*
TZ\Q%q
m<}d0D
?o4)T*
K)boT?_s<:
,SBQTL
yK+B;1
YLX9dvW
q&X-i"E
aB<vcF(
S(%!)HwT
`hpj4N
<#%)B:
10X^Yh:
&q]OSIP_qdRs<
5pC;3W_
\u-@dC
:7/X%
Eq~TP<
qV%GOp
B@0}>J#
VP)OD4
^]nRq[
K!q+0>
E}0d!/
\`PEB1&
/VS^[~
02vo)M
`m6|{R
;wX?GO
AS*|Ry
2ZOXR[^
dd.!pg
{n)/`{.
@GO*AJx
QRZ`a^
?v=Xj<M
Y)?b$N
%`_Ol/
HH/XbP5
%w1Z*@
<P[>ei
~gZT'f
sI$?G%
'5Y 7x
wuV'%%U\
TY?}2kW
{-'~VQ
R`>lV
7]#{fI
O7OpDz
s/J>T=
;x/q@P
GLq8;)HlA
0'{X]hI
6@|>K@-&9+
3<;wBOA
Z:~pl/
Ui-'Rx
%k42&X
UY]ar0
)Pz3-}
L&;{krf*_
/ VqwzT
=X%~DX
ELk}2F
"kTjq!KE
!-%B*_
@h'ylr
Lh0'UI
a1#`h!Q
P&ZyXPh
\vXA%
=TD@Pk?W
>K4__ZY
UT}QtZ_e
d_Z.A?
z'`KRh
h"6@!-
|Q>s}*Bk
IpI31[a,
g/Y6;M
Y8`-Uv
w^dX#@0
QBnO}~
wZdv[T
[XUVh<D
/Jkw@S
z`%d^%
B?n@Q%
j`yO-L
xoA)+)j@
hN&$vC]E
br6G_;+
dD^QbW
s.DoY_
7%`p@A
7Yph3!
u1Hel&
n). Shs/
Nv8bWJS
^MH <5
&NLA#K
uU@N|
u.7aD%
Whax.U
+Tqr.7
_LY-`#
LwDW0h
a-l]|?
n(=UK0
Z~ ={R
z) !s&{
v9yl(8
_kIPJy
)$c9@I
M{V=J5
Jcna=(
'sTd(&
JyE.w?
RZ^vf4ut&_|
c>v?_B)_
@V^aYK
.$K/f_
0.9G~g;e
Bfm~'>
9I5jKtJ
7^pZ|^
" 0U@_
qolT 4
rP3x@<
Lv=0eB1
ZDp_^c
$!UXJx
y*aoO#
Bc?gW/
Hoh,OX
w *j8$
\<-v<st
lE08v|s
LcQ=X=x
Q8%}"`*k
\:VM@>
>(BxR4q
$6DAO+
8EnPt1D*
'tBorAp
XSq|4v
zx~8qt
hBc{"8
Z~ p:C_
gTPo ]
oftware\
Winx7d%
hc|vz2h7
Htvo7z
"!b y8
w Z54
TDMjxv
jX[Z-Z^
3]\0@[
uSj(VHL
=h.s:\5H
4zu~/Z
Vh9xmG
%"aU)d5
3kV(5T
J w.DT
D*KQ$'W
Ul>D:
.UK;t!
+:IqKj
nK) A
7^8'E+C
qXi[a'
t~=^Z2D^
jqmo)T~Rm
@7[2XR
sZwXcEN
==i60c/h
0Ah!`%rG]
WO%6.S/
h9lSiM
XkL:aW
oBv}mb
Bj`}fB
gQ\>q3
ption I
>sc, c<
nCTRL+
>8KrJU
>rdU&#
B\\~ih=
`|`-[4&n
G'pR.
[/4Q-\]S
[qXOSG
ONw_X)
%(>B6
S7QV2!
^:Y[)`{
G2MSR&
B%'7z`O
8IURui
p%P{~K
7x{oZ`
4iidW~
Wu10D>(
\]QY6C`.I
Y3 3H
\3K9g8
i"8%6``8
T-IIt
pa9*."
(@y(Ad
V)$iO&
|0C79w
iYd2T#
Pb6ZBp
h9.]nm
3C<kt0
WON'X$
q^>Lh4
;TpfDP
PAv*@d9
"Z'I\:Y
pXh$TD
d,k daP
i\<$l.
*sSN?u
BgdJ8z
>rXt]:
@lDf8%C
,$3_\0X
<C[X(
C&\y4J
E2 zq0
=/-9D\[
PHY?[WI8st
\n?HH,@0
hCi)>_
?T(h;
#-%)NW
fMq[&:
@ZXIlY
terEQ'
RhXH7~
x3@+`,L
`) }6^
_!a"5H
"$UzAd
@,m)K-
WbGb\&
j(Qltv
$=Pld
>Qp$4.
QB8F`u
@GCeA_a
)KU D(
+IGLD`5
j0qW}e
&:+lDt
`@|+$2wT
PL|d}(
zPJ\o4Z
F*`q(D
%^_%`%
40.H8%r
XDH@/_
hx("!e
.RnJ"BL
B,6p %
q6Ax&|H
nD`#1(D0
dLPhptx
haM%g8
,#>`&x4
vEz*.=
`J2(<YL
EmaL>MB
dL\(iI
/e>V$&"
\5W_Di}
NSQ,-"
$dP3rr
a@R5{(
NXKJ_`
0.?u 4D
b\$ (b_P
%{^#VI
4IFSMGR
@WIN3D2X9DLnA
Mxl:\2g
.V{\(c
_/c`:wh
6?|k<|
tewr<al
uporm@
0nY..m;
ev,]n$N
8*S24[
"{S(O
(is]8)W
~[?qaf
YAla[z
)rlP#Z<@
7;"'^w
bT_SP2F$
ZgsP0A,
1L=e*0
7I"=Hl
!+HmAS
;bOS =
jbUzt&
<I%HHD
G28%3-0!8
BV(d@2
`.2Q%0
,0@y*6
:D=`IX
Z(B<DD0@
`(~=VO
|Ey?0BP
"( X5aM`
\v`0Xz`e
mDl.j0
,P^%.f
Lsv4{w
iAQme`
Uk|%H8d
@(Q|@<
%4DTHn(
l^!P:h>5
Xor(H$%
P{p? h
u[&\FX
5_w2.u
>b7V1uU
'$)Hxk%
VK0 pX\
R8WPBdV\
>2'"\f1
p\BD#x
0MvDc
?iry%`
/'(p@%
K-<|y8
%6r8AX>
zS@%\C
D>9[!o
4$`jGh
tUSk#H1mqq
303PHDU3
9{v3u,@s
@ak(Dmi
nhA9Pm
|8Du7
kD,<~=>
@miJ4s?u
Fx08EJI
i@A,x#
om}A(T
)P|Or1`
@q(p*7q
wu6HE~P@
~T<|F8'
d`HP[=;
-18Dp8?
CAX`,
PqL5!4r$
dA`!%u
dUH8`>
B?{1pU
+@[6D
IHqpJ ,B
'swq/`
H@U/&1mp
R"MnU#
)S&'@
W"O4h6`
Y$1H&p
mP5z3o
(~GJa1
%x%PX{
br*Kte
ykB2@@
|&&`*1^
%UnxuZ}
HM%P"LlO+
Z]O6g!
Mz!T~J
5F*cy-
|AZP+0a4
e^wRW5
aA.1R=
9H~;RXhz)Mt
Sp9#v6
$Ai[z0
FH#'2v
bQ^)lT
zqc7,s
,^>%{tY
a^7Q_)
Xa^Niyb
=Yzk})3
e46Q# Y'
*2Xa]7
SZ3<>F
A+Ik31-S
+L{%}2
MX&{eV
3sZ$[
\0D?\Vz
ze[ljv@
ih`J&UECD
iZ3-T_
,:1>A4
D?G`#y
,-)tia
`;QW-Y
|6Zw5L
{Pasbu
%K7~9q
F}.kM#
{!PTQ~W
CsBQd+
\X/|~R
LHghXyq
1;[)Wv
f>S/Ur
!I_6pC
2UNv)]
pHX&JI
uXBJjo
`~mIDjNL!
Y"/%[^Z
IK7_{)r~
V <RA*{
"9HZ>.
B}dk_`
e)<!_5U
`QRZZY
6^&q)}>
@=|U!<:
J7w[:1
f{LPCH
0'X[1y
Y@8f~`$
FNqB4=
7i^HF0"
u(p0-p0U1
*m"`5kADoA
/nJC!@
/%d*8,2
>CIrXP
?m@X%Fx
|eR tEq
53mX1[J
5`gl(s
{(c]X=
]}W0OXi
+=Vb%b
H<L1}9bF
9&euC
s@d&.N
t0HLv=
.tZ9|{)
k*+${hP
yAM<|
'fX`x"B
KAHOF{X
a0DzLH8D
{~!|(t|
c1;<t.j
{)H1T-
@&>F,@t
vP"yHWl
\I(0(f
<c{gxf
[H@@,n`
L'#0>
@~qt,]8
~C0]N0%
D!Au&Vfz
:B%;@,%
(MR\dT
8d`TIu
2":SL-E
9<Q|7*
'@b@\7W
< 1Nrp
zbhP0bD`
K@ Yyp
}?&Ub(
L`RI5y-OX
R0, y
q4IAtK,p
P?xH>H
@x+8`
;PWIZ`
ITQ"hl
W3vy^g!8
Lt?iHAd_
nClWb9
y&X@3e@^
P(0VtI`(
M=_QKp
|w:Xy
<KDIzHb9G
LTAO1p@
wft12)
iGq)20
63 O_(
uWiAHXR
}Qw-@~
><)s`h
8hP\5x
:9C~ff
AF t)kI,
!8`2F!E-
A/IC[tP
7C#O(0
Lm4H@q
(p%x"08
fY&>9W
C@92Hwf
RddoXqw'l
gUe&7SM
VSOK! $
c?B+^E
AD{?s$4O
gqo*I0
*Pat`r
`@@0j
rah.
1>6<:H
V.q;p@
(OQ`TY
Y-Ci<B
,6,t@Y6G
*Ch.w9
OS_cJ
<o51t,
$HA(a0@
sZF 
@8\Hhx
%t,<x*Z
tXZ_\Rt
cb\VpQ
b]2\9
(>)*HxS0
l,dL$D
C%>(]:
<;Yp*9
M'\K~(
eWS>F?
(#iYnb
<I7j}3
21_E{^(
%J31;h
x}HVJ=
FL;YsN$k
+/5yeH
r_ipBH
"-. YO3@
"\%B$$
m@yXK
#XE}M9
-ES"}<
/E.:Xf
@SV H]p
Y${@3
L:?@\Z
b5(,MWd@8
|T>!o<
/2f`1~
"L(p5$
g#]P`(
o T=f[YH
Q.&@@0
X RE==
Th8%\(l@
`-@E?\QO
`+!yea
E[ZtWI
T~RjTW
NCX`VQ
q8$RI>r
EoCee
. 2a7-
=GL/)WdE[
Gke`%O"
u>KM.l
pi}[)Q}
nfW$\Sy-
&Z$"dp
l29Mh\
Y Ka=v
@}/)rx
z80MU>f
'2lFd1\R
@RNaF!<
m|=49%s
Coa.$4
hpzNJ?
u#TY+U
Vp+^uS
D~'VQ1
Hhm$yF@
j`UI*;
hNO%'6
j}7VX;
(!<.D'
|D[J((
(UcK)K
%:x!XI
yYlQ}B(
iBj}4`
C ?D]J
y^~-V*
XU>o_\
(>'ftXy-RP|
kHRQ_d
j3D J-n
0x2*@<r\=
;^)HK,\
#=x[}"
_85^XBb
I$;:XhT
_Lx(;H8,
9A&I",
}f{!o0
|0eaPb
E=tQ&v
HvcxrK
xLX9bD(
+&k" ?
H!k8Ie
1Pp]?E
(L(NKi
w|n!0"
(0@kDK+
;@,/8Kc
fDr[>
Cc$nY6D.{t
HL4lL0
PhIbp`
t`@_k=
k^<&3^
Eh @tK
t"0D{K
(0SZaV
xG`?A"
=OukfcD
0&xTeZ
D XzK 2
,<(.d4
R0t)8O
w<5 Td=J
cXP0FP@
>UF @`
m =aHm
A8v%zU9>
~h=bK~
e6`h*(
m_Uq<Ih
-R_dC%
>1*q_U
{H[T_=~
%>eK(D^
sS.\QG
$oVpA
r>`??/R
CY}R?h
_r"N^
]To;)T
g;D3Y*
E =\=b
DQ?:Sf
T$! G3
_]T+Z}
/U >/%
=1z6:c
+xZ060
UHB)c'
/QdB;h
Zf@4r:1
{Lzm4@
bv\j)Ew
a1Vp96
z4OX"r
811n @
~RU^9@
h.VD @|
`bpM4tH
6V]e@L
DlEuoF
D{L$Hx
y4,,Fw)H
9kT`@H
1|~#24P
{ p!fN
*V*oLb0o`
4J@x)n
M!XPN
q(M1LT
h9!*m&+t
3jJ^LG
{nUA a
,HPKEp
JJT8YJ
!,M<-(+y
-3q@a{*-
8$~s$e
{$6A!:
u<dt0M
s8OpGL{
+o_2,#
Wj}C9+#
1#1.+I
0$<`fE
I9`79wax
@S3Lj(
> tzt1
Sc\j TR
\$FQB7
`M&0K@
(f [q*|iP
<fo9={
JT{yb!eF
WF@{a4xI
I3d'gB$
M!t9`[
IkeE3n
ow|8w=
n@-U8#>
3g'?K%U
lC&-p|;
wGXUlD
Jh!Hd[
c5(\0o@(#
,+x>
(V| Tg
A8W'`$O
I`Pn\?dYLw,
)$!p(fw
NpAXv
dWIx;G
b!4|!5
?dZ+Nw&
?->[fM
pNB2<!
*7^jF4
G/m,Bi
GlQI(o
nXT0"I
01q>h\
Nu(2Yex
5x,`!)"
Hi" c"YL
rWFvtD
}@E(?v
>_$4YZ_
woWiE_
vs>P3`[
R6:rN Y
KyYNZU
#0s!>
HVzL}{
!=Ev2#
E9[1AK
UUTT/g
@O'Y,n{
~wmy2.L+W
lF OV1K
=`5#X
xJcV`gh.5AKI
D/6i@T
$}\QQ4`
Y!wz-*
|7'm&(`Di
}E#Pi<p
R<@.{pl
,uc\*@8
p$[DA$n,
J<B}9Xy
1@o80%
)X(9BBY
`({%/q
!sJh7$
TS7w{\
.':=2D
@O;9.']
//fRl%m
'sod[Z
c5>(J:
zfgi`)
U.CsP
y|KnMU
\D|OZ)
,(f4gX
9fUXQQ.1
^m@(6$u
A(E'`D
HvQ(y\
(um`4.
"~Xl D
t.xi2lh
\BlJ0tDb
.%GK+
^?hVUS
"hs>S!
Jf&S0`Y
i5eJ29
MRd%Bm
m&OPP|zC,
')Id,Fu
\=j8|e\
K!$Q<h
q}H$xd
`6S_b0D
vi=Wfne
49?flo
0pH$fm
D![`de
^]!|Z6
fq`Snd
,G1.)[i
W .DK
t Ge)r
"+ BU
N^M+X:?s
B#H=x{
A`xQ4D
h*&8G@c
4?@#`/
tmJS!
c,(^+b
9|X>!h
]YxA\X
,:z&D!
S9up &@
XUYOF}
CI!5|>
owJ[BBg
XW\1[|bc_
kDGI*&i
V^,R%Wg
%]IL_(g
`1l VN
.'ZL@Gk
Tmgup$!
RA7 {@
8TL02V
WU'A(\TF
|6qwIj
0?sB!\
DZy0h?yv
~kb;IE
C.|Pa]
UNGh)0
0?thb@%{
$o$@ X
7$M5tX
"$PTR,
zdL@|s%
'z]a;18
<dpX(l*opH
h>"b3E
`?1Fo7
8`&No'
!L0Kp`l
X)}P=%j
;|ap0&
^(BftV(H$
=Ofh$X-(>
'_))`:H
@(qyfJ
@j|L%@
BpokTa$
F\ZK'
0%{x<6'0
dbLta
V|R<!x
6<d#k^
x% sD
2"h03H
a\Z<L0
rVyxsM
'eD(Uj
Iavs~
AZH0iK
h?^l/
YM#V}Z
2~xpT0
WP?L}>1
?}rLv`8
L=<0R
+g"~}0
~a0Ym N.
Dt3I~;J&
;u@?2_9
^b<-D`
K(!Q`a
#Dt\SfL
#cnPySJ[
gvRjQ
jgolhK
7[Z+Xe
x+I37b
_|n1`y
xPMXlX
0 u9cN
zYl0%z
o:l85TC
1N@`gV
(pdOOB
A)lp@Zj
vzrjYa
TUH.%lB
adzY,\
:aB9<
l6R,_$
X*a@d$
H $"zt
F,_>Kc2-q
LXFI`u
8|C(Jtb
X8.d=P
Q$`dl$
H7t^%T
9.qDBD
+t&.$i
Bz?Sl9a
lw@u`
OuP@P*
aFPpT)
xA]@`B
5XE.0Sa
H(LHuP2/!
0C8aul
x{UHtF
w2I.0q
527ftq
`V 1,Z
\H40Hp
0Ud(/3
XdQ`qHgx,>
u|S1`|
?( 0Hy
aj`npJ
U,iMX\
$!TG2t0
MCY.4\
:Tog|(7l
%q^0p=
0P(m!f
dSlxX`;
t1A` X
0jP Uh
4pe0{(
&{x@|e
-M#dd@6
~@d Qy
{tB,T#{
Rx a'Xe
,&04x8
Py2bXQX
,\"4)0`
F:Jw_%
0ISQ}_
K6ikH(;t
Z $-&':
@Hj,H,
a^Dk`P0
?CTN\u'K
YLLF@x
f-@(a
KQtT`q?/I
cqooe(
``{(E6z9
2C|'Cl
`6I;\9V
!DB)@/?
VBy 2~q
#@I|G<
@@@A0>1~
X(.A:$T
i0Yy1^<cP|0W
Uw !$
{HM,j\
X' 'Ch
21$)2I
8-%QI8
{K%I,Rb
hrd{.a
xK+I$C
BDa,[0
nf7v1{
3?V*1q
2DXbt*
1;~q%N
'5i`(<Y
y^cM?v
*w}>.@
:q60Y
U"P3.B|`(
xox.YQV
@H/Xim
IbpIlH
t?b@>A
ib?M7I
@eU[qvZ
$0o8J,, @
E0`{0|
rd3K>%
6X Ht[
|wthKI
+Qb@5PtH
IiZtlt
nBu!tv|
P&HX
[:Ms:3<+%
+W`3zZ
G#AbPC
X`HhWNy
p<r> >
PtN|4x
X\t.x8N
~<%>Y>->
t%xbHm
%VzP4_
\%YtBL
|B?Ytw_
AH:(|:':
hIXU;txZ
IeYmBt
kNoX,T;
*B4{?x
:hx%WM
85Yt@[
(:K''a
!QW,x*
8 /8A`)
Pc'Ipo
X:O[$SX
x+.0'
3>/$x |
":t't
eV19x|
|\/QcX
'HZX<Y
]J0u'e
O:<I:w<A
<F>R>^:Z>
]zH:B:
r6.`0
=7rL(-
<&,r8&h
osQi
'\,G}GS
:v<_(e
<g<$>V
:[8:?<
<t<(.!l$
|j|/|F|
>h>*>y>
E~S
|`|#|h|+|p|s|x|{M@
:=<r<|
v*FzV
_eqG
j%TS
(,<<>QL
|/|||wOD
y"x~}^
|c|+|D|
|b|t|M
|d||l|'|t|/|||wKD
.Gz^
Hp |X|[
>h>+-p
r3t?v;x'z#|/~+~
~{~g~c~o~k~W~S~_~[~G~C~O~K~
7w?3'6
xtzn|L
K;<u={>P?D?
x:l;T<\=@$H
r1t=v9L
r3t?v;x'z#|/~+~
zy|m~F~B~N~J~
9+:v;S<
:u;}<\=D>
~~w~sN
>v;Y'B>/?+?
?t?c?k?C?K?
?';G'g#
>zjKVc
zx|d~`~E~ML
pCKO"
WX*~_~[KG
&v\xMY
:w;|<o=H>
-x`;q<h=D>
aTHx0'
z:f;b<k-
JnGjdV
>~U~Q~]~YOE
Xx'z#|/~+~
9g:n;T<D,H
|X98: %
:x;i.B
y[|tXv%
P&r1t=v9x%z!
x2rSt\^
,F'|QR
8}8y.e
RyK{"J
r?k?W'S
1:=;9<%-!
Pf~B~N^
u<D[/'
1A8<'
`KZx6^
c6<?=L>
yf:y;n'T
'bx.Jj
ZE1xW;?!
tzMJp%
I.:d Z+
7'W:\HAu
%S0yA(
j91:=_
V?a?m?i?U%Q
.%s8~X
zuelV[3
r?}?y%e
&&(d/f
I6P>[v
j'~1PV?
;D%OdNN3
r:tn]T>=
&tovVY
N9w:O%
?n?R-]
?}?x?l'W
TPV~\~XJD
aVllP>F'
>z?i'RA
8x8R8@$
aTzl&-[
X,H>H?
tjG;%+
i`|(:?i%GDt~
N}zUM,zw5
~^=tvHJ0
*nKR+r
?+>H?{%[g0
;>.*/_
-8H%Mpzp
vHd9d:Q-
d o3Q"
a|<lX%
-=P@Yd
?pjN+b
NH9B:
YX%|X
brXd']
bH-:r'l
\/tcX%
P@w#@5
"~U~]K
Zg>G:g&
n?[fqWj
|m~E~M_
gpuks8d
8*8v.Q
2-aFS;
8'%dN]Q
:|G^gZ
Utf(~O
U5N-yh
vcxQN[
B?W"B_
vtxUK]
T~m_U"
u(p%CX
(t6vqxPJX
Y;X-cA
|M!h&^*
>`?E'M
G"(Xt
::.;q%i|
'oaDO;?<
t?m.RD
8y8R%\A
:R;\$N
vnxVIM(?
Kt!PLZ
|a~SNE
;pftv
%{wiXSn
p?X^"K
d]7Dv"a
tyaoS<(u
&J\H$`
[\@$M$
od(vT(
Q `SNv
NCQG:f
g}8HJ
~&P" <>
V&h+)$
M1_Bt^
M6Q*^u
\h0c)+
vfo&hh
JCHYda
APj;6p4
iXD*f
=B\T`%i
!8.fld
&mitv&
2t@DxX
9(=_N_d
Xsch&x
082yZ0u
. oG
@<#R5=1
TA!@+S
LGOXI@
IXK>I0
`KR|,o
{Po~!h
&T8I{J
`0>F1V
q|De6V$x
~G-xHV
(`xYB"
w0bd16
cQb71x
4VDD"$G
{_"crZ%>
1xQHGh
(`xg 2
xF|Y1,8
;y@!XS
(Hx.nrX
S"0B>xx
o30JB1P
|.#0m
t&I4D}f
N^>(8a
{XZ@m*RE
8PC0J"
O"4axn
qon` Q
I8@!,y
3scKq\
<@AW90J\
b5 @d\
q!D|33o
JHx`e1"
"i-49]
a2hj y
S`&W(M
Ye<`=}
Xdma*o*
N8BN 9
-rSdT%
$?| D."
>.~$pk
g_&1|T
aR/[UW
]^,s)M
1ys\P#-
`#-Dp-
vS[Nmw
1PXRqZ
_`aC}@
YLS^!v
eQ&Shv
-IZ%[57i*<
U2^@<]
Q;R{0)
"%<<-*
we$ZQ@
:./fEX
KF<s|X
@4#*F;P
PdN0_*o
t`=Yh(H$
~UwQt
:P\<l(
Uq7Pe0
i]9;x|
es?EHb
1 b<Y T
",-=X$@a
"d(,p7
CHhZ}&;b@`w,
b(Am9Q
[#w0QZ
IH|@3|
rxt0d,Hqml
wxn[uS
@0t_I80
tdw.=-
[\*y#4
Cn#m"H
:khNl!
'b hf D
jf8C6'
N@3aZI
@Sqxg
MxDn<
%bap8I
+ `d(n
8$^D%D
R|.J*$
dMw^aPl
H4A`+
iRPt-)w[
Bi"=8S'
fmAI.0
x0(DL05
b6} b<
",V 2r
!<)|"l<
$U@z|
D71c/
%}:@]Q0
(:X]8b
y7ab6:
N)(`(p
XwpQp:
X00q#9
' `{y4
bjaR#$A
dq}YLaP
Qtw,XY%c"
B& dD_
u]`h1`
${^y/~g
$%,5-
`}ZTa%
Z$I+a1
1rbMYk6J
_A? 0J
](qLa'
{V )DqXQ
1X'T^!
,:`i>p
<!Jl4G
[j9#JD
@pH&}!,$
%{@/PQ
JT"duF
.E'X0^
\t*$<g
o9XA1ry
H3xu1$
9e["sn
[U)8d2
cURFp@
N07IM&
BPr$1q
n^Hoq*
DJ(!l`lP
Y|8Q,a
8&Yh%yd
[A"pO|
)J]'`_
)M0`VH
?YBt.n
-u80hx
p$k$f+
QJrHI@"%
_eTK1{
o`]Iw8^X
gl*9](
B)L]5
W[_1\402
)1WVX@
X941pK
*#A&Q1J\V
!1V6}HP
0p(VsB
=JeqE.
0jk@7=I
2 V`>t
^`o~p@
8jf$l"
Y3,$m1
D:E\S1
;C@iS-T[si;C
r`JZ <
@A&=~
^jUH-u
{_c1]v
/{YX&s
?B5H~"1KR
"nHaJaa
eW@,I"
omi}d;
{Z`$m-6ltU<
b^@EL}
R0!CJcu
-]mL'^
{_a4-^)
]y[ok5
a5SPAHI
))G?q
qrg~7Np(
G$ R`)
cB`5 76T#
CZ=Vop\
-{/b%_
N~<$ES
{|U`%
Cto'$k
"N0u~Op
w7'ZNVT
T(Sb`&1
v?0n2
'_a^L'
D\2r\%!
i~y}ET
LSqWq_
+S4FNa
Aq9?o?
cB1;V*
h1T#~2Sk
uOVm B.p
[3=>xH
D;rq%O
Y@QsAq'
8;*<(t
/-~;ITxB
&7ML@
#",*aX
O-rC)/x
)E8t(=$
4S3#WZ
5:h7Eb
L6$[P3n
N}K71Y
"VLT%Z`
Y<^Z)za
jrA!Xs
agD?${
1$XCaD
1yY[{0\
'0[V^Fap
D,FQVc
E'X`c
WX,~XQ
F<T>Zf
J`^%L1
@4ROX,
: :$:(:
Activation.exe
madTraceProcess
wpwpww
UbuDA{W
(@O2?S
|vj.etlEb
O;#8XFo
O;#,F[
O;#,@N
F9#,@N
7*#,@N
z`D**@N
R00/RP;#
+//.4)
UIgK5D3M
74<->N=
A.X #OPf
d(C^"$ZWT|
EEEddd
dddS~~~
$:::|ttt
$___6ddd
WWWCTTT
/777j<<<
bbb2fff
PPPz'{
cccBddd
bbbCbbb
@@@ ]]]
444i___
L333wMLL
\^_Jnlj
NPP`!!"
s{{{[hhh+
ggg.{{{
AAAI,,,
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity
type="win32"
name="DelphiApplication"
version="1.0.0.0"
processorArchitecture="*"/>
<dependency>
<dependentAssembly>
<assemblyIdentity
type="win32"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
language="*"
processorArchitecture="*"/>
</dependentAssembly>
</dependency>
</assembly>
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity
version="0.64.1.0"
processorArchitecture="x86"
name="Controls"
type="win32"/>
<description>WVS</description>
<asmv3:application>
<asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">
<dpiAware>true</dpiAware>
</asmv3:windowsSettings>
</asmv3:application>
<dependency>
<dependentAssembly>
<assemblyIdentity
type="win32"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
processorArchitecture="X86"
publicKeyToken="6595b64144ccf1df"
language="*"
/>
</dependentAssembly>
</dependency>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges>
<requestedExecutionLevel
level="asInvoker" />
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
Western Cape1
Durbanville1
Thawte1
Thawte Certification10
Thawte Timestamping CA0
121221000000Z
201230235959Z0^1
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
http://ocsp.thawte.com0
.http://crl.thawte.com/ThawteTimestampingCA.crl0
TimeStamp-2048-10
thawte, Inc.1(0&
Certification Services Division1806
/(c) 2006 thawte, Inc. - For authorized use only10
thawte Primary Root CA0
131210000000Z
231209235959Z0L1
thawte, Inc.1&0$
thawte SHA256 Code Signing CA0
http://t2.symcb.com0
!http://t1.symcb.com/ThawtePCA.crl0
SymantecPKI-1-5680
UwM^6)
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
121018000000Z
201229235959Z0b1
Symantec Corporation1402
+Symantec Time Stamping Services Signer - G40
http://ts-ocsp.ws.symantec.com07
+http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
+http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
TimeStamp-2048-20
thawte, Inc.1&0$
thawte SHA256 Code Signing CA0
160216000000Z
160625235959Z0
Malta1
Ta' Xbiex1
Acunetix Ltd.1(0&
Acunetix Development Department1
Acunetix Ltd.0
http://tl.symcb.com/tl.crl0
https://www.thawte.com/cps0/
!https://www.thawte.com/repository0
http://tl.symcd.com0&
http://tl.symcb.com/tl.crt0
thawte, Inc.1&0$
thawte SHA256 Code Signing CA
Symantec Corporation100.
'Symantec Time Stamping Services CA - G2
160520071257Z0#
CALIBRATE
EXCEPT
ACTIVATION_WIZARD
BBABORT
BBCANCEL
BBCLOSE
BBHELP
BBIGNORE
BBRETRY
CX_ARROWBITMAP
CX_EDITBITMAP
CX_FULLSCROLLBITMAP
CX_HORSCROLLBITMAP
CX_INSERTBITMAP
CX_MULTIARROWBITMAP
CX_MULTIDOTBITMAP
CX_VERSCROLLBITMAP
MEIBIG
MEICANTCONTINUE
MEICLOSE
MEICONTINUE
MEIPLWAIT
MEIPRINT
MEIRESTART
MEISAVE
MEISEND
MEISEND32
MEISHOW
PREVIEWGLYPH
DLGTEMPLATE
DVCLAL
PACKAGEINFO
TCONFIRMWEBSITE
TMADEXCEPT
TMAINFORM
TMECONTACTFORM
TMEDETAILSFORM
TMESCRSHOTFORM
CX_DOWNSCROLLCURSOR
CX_DRAGCOPYCURSOR
CX_DRAGCURSOR
CX_FULLSCROLLCURSOR
CX_HORSCROLLCURSOR
CX_HORZSIZECURSOR
CX_LEFTSCROLLCURSOR
CX_MULTIDRAGCURSOR
CX_NODROPCURSOR
CX_REMOVECURSOR
CX_RIGHTSCROLLCURSOR
CX_UPSCROLLCURSOR
CX_VERSCROLLCURSOR
CX_VERTSIZECURSOR
MAINICON
<<<Obsolete>>
Antivirus Signature
MicroWorld-eScan Clean
nProtect Clean
CMC Clean
AegisLab Clean
TheHacker Clean
K7GW Clean
K7AntiVirus Clean
Arcabit Clean
Cyren Clean
TotalDefense Clean
TrendMicro-HouseCall Clean
Paloalto Clean
ClamAV Clean
BitDefender Clean
ViRobot Clean
Tencent Clean
Ad-Aware Clean
Emsisoft Clean
Zillya Clean
TrendMicro Clean
Sophos Clean
Ikarus Clean
F-Prot Clean
Jiangmin Clean
Avira Clean
Antiy-AVL Clean
Endgame Clean
SUPERAntiSpyware Clean
ZoneAlarm Clean
AhnLab-V3 Clean
AVware Clean
Zoner Clean
Rising Clean
Yandex Clean
SentinelOne Clean
Fortinet Clean
AVG Clean
Panda Clean
CrowdStrike Clean
Qihoo-360 Clean

Process Tree


Activation.exe, PID: 2320, Parent PID: 2296

default registry file network process services synchronisation iexplore office pdf

Deprecation note: While processing this analysis you did not have the httpreplay Python library installed. Installing this library (i.e., pip install httpreplay) will allow Cuckoo to do more proper PCAP analysis including but not limited to showing full HTTP and HTTPS (!) requests and responses. It is recommended that you install this library and possibly reprocess any interesting analysis tasks.

Hosts

No hosts contacted.

DNS

No domains contacted.

TCP

No TCP connections recorded.

UDP

No UDP connections recorded.

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.
Task ID 17
Mongo ID 5bc60aea11d30829883cde47
Cuckoo release 2.0-dev