File Acunetix Web Vulnerability Scanner 10.x Consultant Edition KeyGen.exe

Size 1.4MB Resubmit sample
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 2001b8c89454e31f0c5748320a3315e6
SHA1 a5dc1aa1e57e68972734951ddfe9b59a28d4b964
SHA256 5d7b0852485c7fdb866d1325f2fd750a37b61ccc8aa9a7d945d9440e89a1f972
SHA512
705116da9ec6ed91939e2f4c82c9b046faece495b035ad4789c32bf34ad400eee956b939e8df70017c9bc7e487330597fcabf0f1e9af48dd4f8b70c601b0e988
CRC32 031B8A68
ssdeep 24576:5kUKAvk5f5N+fR07oR2RGFWbDvSK8l3djxOTTTiAEjAB2SPxJIvx4CESy/SZZSy:5DOk507oRuGFWb8l3djxgT1zVxC4C+wS
Yara
  • IsPE32 -
  • IsWindowsGUI -
  • IsPacked - Entropy Check
  • HasRichSignature - Rich Signature Check
  • PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ - [dUP v2.x Patcher --> www.diablo2oo2.cjb.net]
  • PEiD_01004_MASM_TASM___sig1_h__ - [MASM/TASM - sig1(h)]
  • PEiD_01007_MASM_TASM___sig4__h__ - [MASM/TASM - sig4 (h)]
  • PEiD_01686_Petite_v2_2____www_un4seen_com_petite_ - [Petite v2.2 -> www.un4seen.com/petite]
  • PEiD_02185_TASM___MASM_ - [TASM / MASM]
  • Contains_PE_File - Detect a PE file inside a byte sequence
  • win_files_operation - Affect private profile
  • contentis_base64 - This rule finds for base64 strings
  • Safeguard_103_Simonzh -
  • maldoc_function_prolog_signature -
  • maldoc_suspicious_strings -

Score

This file shows numerous signs of malicious behavior.

The score of this file is 2.2 out of 10.

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Information on Execution

Category Started Completed Duration Logs
FILE Oct. 16, 2018, 12:01 p.m. Oct. 16, 2018, 12:05 p.m. 255 seconds

Machine

Name Label Started On Shutdown On
win7x64 win7x64 2018-10-16 12:01:04 2018-10-16 12:05:20

Analyzer Log

2018-10-16 05:01:04,030 [analyzer] DEBUG: Starting analyzer from: C:\akcab
2018-10-16 05:01:04,108 [analyzer] DEBUG: Pipe server name: \\.\PIPE\mDzdAKMhuQLFhNjZQyqyntmMQcEI
2018-10-16 05:01:04,108 [analyzer] DEBUG: Log pipe server name: \\.\PIPE\iVTZjmxJTssFeJTxV
2018-10-16 05:01:04,108 [analyzer] DEBUG: No analysis package specified, trying to detect it automagically.
2018-10-16 05:01:04,108 [analyzer] INFO: Automatically selected analysis package "exe"
2018-10-16 05:01:06,526 [analyzer] DEBUG: Started auxiliary module Disguise
2018-10-16 05:01:06,931 [analyzer] DEBUG: Loaded monitor into process with pid 508
2018-10-16 05:01:06,931 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2018-10-16 05:01:06,931 [analyzer] DEBUG: Started auxiliary module Human
2018-10-16 05:01:06,931 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2018-10-16 05:01:06,931 [analyzer] DEBUG: Started auxiliary module Reboot
2018-10-16 05:01:07,104 [analyzer] DEBUG: Started auxiliary module RecentFiles
2018-10-16 05:01:07,104 [modules.auxiliary.screenshots] WARNING: Python Image Library is not installed, screenshots are disabled
2018-10-16 05:01:07,104 [analyzer] DEBUG: Started auxiliary module Screenshots
2018-10-16 05:01:07,463 [lib.api.process] INFO: Successfully executed process from path u'C:\\Users\\zamen\\AppData\\Local\\Temp\\Acunetix Web Vulnerability Scanner 10.x Consultant Edition KeyGen.exe' with arguments '' and pid 2324
2018-10-16 05:01:07,727 [analyzer] DEBUG: Loaded monitor into process with pid 2324
2018-10-16 05:01:07,789 [analyzer] INFO: Added new file to list with pid 2324 and path C:\Users\zamen\AppData\Local\Temp\dup2patcher.dll
2018-10-16 05:01:08,898 [analyzer] DEBUG: Received request to inject pid=2324, but we are already injected there.
2018-10-16 05:01:09,256 [analyzer] INFO: Added new file to list with pid 2324 and path C:\Users\zamen\AppData\Local\Temp\bassmod.dll
2018-10-16 05:05:09,917 [analyzer] INFO: Analysis timeout hit, terminating analysis.
2018-10-16 05:05:11,368 [lib.api.process] INFO: Memory dump of process with pid 2324 completed
2018-10-16 05:05:11,368 [analyzer] INFO: Terminating remaining processes before shutdown.
2018-10-16 05:05:11,368 [lib.api.process] INFO: Successfully terminated process with pid 2324.
2018-10-16 05:05:11,415 [analyzer] INFO: Analysis completed.

Cuckoo Log

2018-10-16 12:01:04,697 [lib.cuckoo.core.scheduler] INFO: Task #18: acquired machine win7x64 (label=win7x64)
2018-10-16 12:01:04,712 [modules.auxiliary.sniffer] INFO: Started sniffer with PID 13433 (interface=eth2, host=192.168.128.109, pcap=/opt/cuckoo/storage/analyses/18/dump.pcap)
2018-10-16 12:01:10,554 [lib.cuckoo.core.guest] INFO: Starting analysis on guest (id=win7x64, ip=192.168.128.109)
2018-10-16 12:05:18,508 [lib.cuckoo.core.guest] INFO: win7x64: analysis completed successfully
2018-10-16 12:05:23,762 [lib.cuckoo.core.plugins] WARNING: The processing module "Suricata" returned the following error: Unable to locate Suricata binary
2018-10-16 12:05:29,100 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f54becaef90>: Failed to establish a new connection: [Errno 111] Connection refused
2018-10-16 12:05:29,101 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f54becae410>: Failed to establish a new connection: [Errno 111] Connection refused
2018-10-16 12:05:29,102 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f54becae750>: Failed to establish a new connection: [Errno 111] Connection refused
2018-10-16 12:05:29,103 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f54becae4d0>: Failed to establish a new connection: [Errno 111] Connection refused
2018-10-16 12:05:29,103 [lib.cuckoo.core.plugins] ERROR: Failed to run the reporting module "ElasticSearch":
Traceback (most recent call last):
  File "/opt/cuckoo/lib/cuckoo/core/plugins.py", line 533, in process
    current.run(self.results)
  File "/opt/cuckoo/modules/reporting/elasticsearch.py", line 196, in run
    self.connect()
  File "/opt/cuckoo/modules/reporting/elasticsearch.py", line 79, in connect
    if not self.es.indices.exists_template("cuckoo_template"):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/client/utils.py", line 69, in _wrapped
    return func(*args, params=params, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/client/indices.py", line 491, in exists_template
    name), params=params)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/transport.py", line 327, in perform_request
    status, headers, data = connection.perform_request(method, url, params, body, ignore=ignore, timeout=timeout)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 105, in perform_request
    raise ConnectionError('N/A', str(e), e)
ConnectionError: ConnectionError(<urllib3.connection.HTTPConnection object at 0x7f54becae4d0>: Failed to establish a new connection: [Errno 111] Connection refused) caused by: NewConnectionError(<urllib3.connection.HTTPConnection object at 0x7f54becae4d0>: Failed to establish a new connection: [Errno 111] Connection refused)

Signatures

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)
Time & API Arguments Status Return Repeated
Oct. 16, 2018, 8:01 a.m.
GlobalMemoryStatusEx
success 1 0
Creates executable files on the filesystem (2 events)
file C:\Users\zamen\AppData\Local\Temp\bassmod.dll
file C:\Users\zamen\AppData\Local\Temp\dup2patcher.dll
The binary likely contains encrypted or compressed data. (2 events)
section {u'size_of_data': u'0x00162600', u'virtual_address': u'0x00004000', u'entropy': 7.999792927431105, u'name': u'.rsrc', u'virtual_size': u'0x00162578'} entropy 7.99979292743 description A section with a high entropy has been found
entropy 0.998591053188 description Overall entropy of this PE file is high
File has been identified by 41 AntiVirus engines on VirusTotal as malicious (41 events)
MicroWorld-eScan Gen:Trojan.Heur.yvW@!l4sJUl
CAT-QuickHeal Riskware.Dupatcher.A4
McAfee PUP-XFQ-UY
Cylance Unsafe
Zillya Tool.Patcher.Win32.12580
SUPERAntiSpyware Hack.Tool/Gen-Patcher
BitDefender Gen:Trojan.Heur.yvW@!l4sJUl
K7GW Trojan ( 0040f3a51 )
K7AntiVirus Trojan ( 0040f3a51 )
TrendMicro TROJ_GEN.R002C0OFE18
Baidu Win32.Trojan.Generic.f
Cyren W32/Agent.EWQQ-1275
Symantec Trojan.Gen.2
ESET-NOD32 a variant of Win32/HackTool.Patcher.AD potentially unsafe
TrendMicro-HouseCall TROJ_GEN.R002C0OFE18
GData Win32.Riskware.Patcher.E
ViRobot Trojan.Win32.Agent.754688.B
Ad-Aware Gen:Trojan.Heur.yvW@!l4sJUl
Emsisoft Gen:Trojan.Heur.yvW@!l4sJUl (B)
F-Secure Gen:Trojan.Heur.yvW@!l4sJUl
VIPRE Trojan.Win32.Agent.wfn (v)
Invincea heuristic
McAfee-GW-Edition BehavesLike.Win32.PUPXFQ.tc
Sophos Generic Patcher (PUA)
SentinelOne static engine - malicious
F-Prot W32/Agent.KFY
Jiangmin Trojan.Heur.dg
Webroot W32.Hacktool.Gen
Antiy-AVL RiskWare[RiskTool]/Win32.Patcher
Endgame malicious (high confidence)
Arcabit Trojan.Heur.ED15BFD
Microsoft PUA:Win32/Keygen
MAX malware (ai score=99)
Malwarebytes HackTool.FilePatch
Yandex Riskware.HackTool!LT2poWNG63M
Ikarus Packed.Win32.Krap
Fortinet Riskware/GamePatcher
Cybereason malicious.89454e
Panda PUP/Keygen
CrowdStrike malicious_confidence_60% (W)
Qihoo-360 Trojan.Generic

Screenshots

No screenshots available.

Network

DNS

No domains contacted.

Hosts

No hosts contacted.

Summary

Process Acunetix Web Vulnerability Scanner 10.x Consultant Edition KeyGen.exe (2324)

  • Opened files

    • C:\Windows\Fonts\staticcache.dat
    • C:\Users\zamen\AppData\Local\Temp\
    • C:\Windows\Globalization\Sorting\sortdefault.nls
  • Written files

    • C:\Users\zamen\AppData\Local\Temp\bassmod.dll
    • C:\Users\zamen\AppData\Local\Temp\dup2patcher.dll
  • Files Read

    • C:\Windows\Fonts\staticcache.dat

Process Acunetix Web Vulnerability Scanner 10.x Consultant Edition KeyGen.exe (2324)

  • Registry keys opened

    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Courier New
  • Registry keys read

    • HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
    • HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
    • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\MaxRpcSize
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\PageAllocatorUseSystemHeap
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
    • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
    • HKEY_CURRENT_USER\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\Winmm\wheel
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\TurnOffSPIAnimations
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\PageAllocatorSystemHeapIsPrivate
    • HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ActiveComputerName\ComputerName
    • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi6
    • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi7
    • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi4
    • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi5
    • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi2
    • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi3
    • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi8
    • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi9
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
    • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave6
    • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave7
    • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave4
    • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave5
    • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave2
    • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave3
    • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave1
    • HKEY_LOCAL_MACHINE\SYSTEM\Setup\OOBEInProgress
    • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave8
    • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave9
    • HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SQMServiceList\SQMServiceList

Process Acunetix Web Vulnerability Scanner 10.x Consultant Edition KeyGen.exe (2324)

Process Acunetix Web Vulnerability Scanner 10.x Consultant Edition KeyGen.exe (2324)

Process Acunetix Web Vulnerability Scanner 10.x Consultant Edition KeyGen.exe (2324)

  • DLLs Loaded

    • MMDevAPI.DLL
    • gdi32.dll
    • kernel32.dll
    • UxTheme.dll
    • C:\Windows\system32\ole32.dll
    • dwmapi.dll
    • C:\Windows\system32\uxtheme.dll
    • API-MS-WIN-Service-Management-L1-1-0.dll
    • C:\Users\zamen\AppData\Local\Temp\\bassmod.dll
    • KERNEL32.DLL
    • API-MS-WIN-Service-winsvc-L1-1-0.dll
    • advapi32.dll
    • comctl32
    • IMM32.dll
    • comdlg32.dll
    • C:\Users\zamen\AppData\Local\Temp\\dup2patcher.dll
    • shell32.dll
    • RPCRT4.dll
    • comctl32.dll
    • ADVAPI32.dll
    • rpcrt4.dll
    • user32.dll

PE Compile Time

2012-12-21 15:59:46

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x000001f6 0x00000200 5.06407990051
.rdata 0x00002000 0x000001d8 0x00000200 4.27063873433
.data 0x00003000 0x00000034 0x00000200 0.568988040426
.rsrc 0x00004000 0x00162578 0x00162600 7.99979292743
.reloc 0x00167000 0x00000052 0x00000200 0.736046433021

Imports

Library kernel32.dll:
0x402000 DeleteFileA
0x402004 ExitProcess
0x402008 FindResourceA
0x40200c FreeLibrary
0x402010 GetModuleHandleA
0x402014 GetProcAddress
0x402018 GetTempPathA
0x40201c LoadLibraryA
0x402020 LoadResource
0x402024 RtlMoveMemory
0x402028 SizeofResource
0x40202c VirtualAlloc
0x402030 lstrcatA
0x402034 CloseHandle
0x402038 CreateFileA
0x40203c FlushFileBuffers
0x402040 WriteFile

!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
DeleteFileA
ExitProcess
FindResourceA
FreeLibrary
GetModuleHandleA
GetProcAddress
GetTempPathA
LoadLibraryA
LoadResource
RtlMoveMemory
SizeofResource
VirtualAlloc
lstrcatA
kernel32.dll
CloseHandle
CreateFileA
FlushFileBuffers
WriteFile
\dup2patcher.dll
load_patcher
XblMhV
@O|$93a
?`f9H`
XRsF+'
Kx!|q;*I)
`Ve_z0
5`NdE"}
nE7-;c
Oh:b([
mhx\o)M^=
4OI?+C
wTYEsl
}AMz+Nc
bSM70f
imhbPu
UU\mw
~nm@*+
1uLaE96=
*kSL4
iqiF}U
Y^fqSA
!QD>3/`
dSyxuy
?jF`xz
bC'XF1r(
zg))!
*<6m6H
CU>f;~
2a%%d;
PyoV_-
<?HPY/4
A&<Le1
\,A+T~
}kVNuog
.kR5<%
%[$YY~
3A+vyu
{Y=h|_
CSp}*}{
9-s\_
n?ey+>
=Cu"p)
4v qwP
v@R+CP
4NTcRSm
lSK(96
s.yV8D
Y/6;:I
z'lAr
6W~U/
rdgGLY+
U!U}J
7Saqi!,
=7T5,q
R+9rp3
vm&,$P
2HFhRf
Ew<QFd7
d;:-b%P
!h|N)i
^|[nCrv
NM(^AX
X*;rym{
UEG/&+
3q;PyX
lm}P`o
XL[vdS
^k6,^[
QP%Vy.]
x^BXN>i
;@%r^ e
eP`7[
7m;U+[
x_>Qv
ntc7jjx
"mq O/
'3K)56
;t[znq$
J9&78(
;RMO;z
T&` nMR]
9CgxV`G]
zJlA 9
~<S~GG
"=A}%
LA {Y8ig
KVu!7h.]l
I)Z}d
!I5_79l
uks8^0y
qu9,Ch
:sji:^
a:mbZD
zr3}fW
g7Q_0:
XklR6/
7Ai'X9
~s2PJ]
Sk:|Ju
'6Y+a>
R5u/jv
,^\q
KE":Yr
7b=A;=x{
@2]&n\oc>
qz?A 4
*lsQ36
YYm0E<
3+r~>8T&
ZT)"c1g9?)%'
2yqPgne
Rc\:H'
oDZF@m
Qr>n*Z
q|n[@`~
CQZdA`|41
VByg9
OZEizf
j0e1<n
@ EF8@
@<kg[A!?|$
Kx:Jx%,8Z%
q9Yp])r
f|WE[_
d?bd,.
c*&V\2s
4+awJe
rF,y)R"
.C^1u^I
%1TJl
NnC8n_
r=)QSI
'USG<P
Q$$X804jS
,0d)ZQO+
{s7~hB
ja78i|
fxzfo%@
s+U/ED
#,E Gp
hfW% m
<Vxw9&
0x+3&2
/@,Lk0
)L.O)4
LY",+b
C#{H@g
j|]QK g2R#
6f0-a_oU
Jfa)2c
s{(RFX
(SJQWc
X'vB1X
%L)&9B
a=$OQH
mb)h~(v(F
1K]2Qr
LuA||iK
1t2'i|v
s!keG6X
_pR2fw
]ftLdU
Q|4wEVg
(QWwNJ
yR;TGz:
PPqDmU}
!]O"W0
|z-<z&
1y(gZ0
7RAXxH;
9E#,{6
#%e]hrd3
R`)xN=
zsud3R
cZZ~^&
yt7K5fp
$jStH^
pfyHmK/U
Dp}W/Cfb
"Rjf;M
Hw=sQ;Or
#}Bw-17[
HHMa9}6
aGe>w3
#T$2Yz
L!b]~*
T[B!Mn
WRBJ\}L-5w
V>+U~e
Y-v*.l
P][aG`
]jr1U&
@e<-<
a>/;(X;
RY"GE.
\IyG~vj
*YiRE9
>!!2{|
w>^ikE
@=sC,(
M(|Y,_
D^[k+;?
hYQzoH
OAb=&^
T+=Ti"
jf3."/
03$#s@
+)_F:O
$f}I"vH
Qn[h |
*Q=stqS
2B)v'7E
;BeWN~
8a'pwX9
o*kX T+k
^C``Mx
T9,+%_m
x,\[!3
k4Ej=t6P
6VvZ<@
;#T3j?
[WpP0$
gdenN\
Mib"l{C
c;,esT}I
Mnc5h/?F
bIq:P|
(t\F1_
8x0W/2%
-"<"I,[
7f_?pE?
c%d{!\
W"wicK
)4|g<tU#X
08as5P
MUy.'Byz
Z/U]@9
@w [OT
kBzV9;_T>
'+e \T7F
%@hbn
yN6WVJO
R0M5'9s
l:GE`e
.>49Q7
^!y898
:F1-(o
~`I[#S
s-1uw=
&!CF;{d3i
\FNwH
inL/z-
lmak"^
+wI/{^
*y't-h
!Y/i!
dE\X@K
_gKNQ$
gVD&hQ[hk
Meinl"
U4}!74{o
uCX'#0
]>^/GW
DABFx
[7wJ$1oQ
@]Uea\
T\X`*Z
[kC>Uh
yg30(z
8Ik3J
/a:JW^
~WHM4E\
Cr+&I@F
Flk,JI
n9drz@
eJ^#65
eu,cw,*
e2p4$
]BZ.$&
.rPBah`m
?p;]gk
L8WmA~
@wX+R/(
HSmg#7
n;yH~
3!]N>3
"t[h+17
21W`|,il
!6-qvX
~U*rD5
+qO\Ud(
ty"[
%&Fz+h
>4iUg`
O4BTsW`{9
5{Y^^gz
LnTXn]M
X{&*#Lf:
wUb[t)
%w%Y[#
JWTazjR
p.nGTD
Q*$6ho
a5t@)t
h0[.-V
BWm$aY
>K#Mc,[
\eW_6LD
gUp9L\^b0
-N_zSIY
)l-GN
54h$b
#"%&!P
bPEm EKd
Kv6)Qg
tG9[A`
*^(gyI$&
jaL=
g6kfoyuK
<A+3_"j
raxLd=CA
waVQgx
VO6urh:
.S?M07O}n
0b&&GxG
doTnm^
1=X!gk\
m!Zbtg
e#-g?&
.?WUW:
Z'27+3y
z[UcX<
IPelPx
[3$!<
L8!p$;
P|pcc
-UX'ca]
qQoiIS
oBoyvT#>
iQ#kDn]8i
q~.teD=
n)~?N`^eY
'Gy15RY
k|SHX7g{
L>lj(;
;qr/>?J
g-Ez%"L4
}!.>'!s
bb(j<9
Qy\[il
wjXKYe
3m>S+Y
Cap}>P/Y
J)Nj@+{f
pe<D3u0
y/[\3RD
'Cp$0}
\"sFd
{l'e3d
\O1NIy
UG?\UC
3en2X}
zv/~r;
kv;{ 8
|\w+D$
`~n=D0k2q-
#rAC'#
K91-qs[T
BaXh,v
xP0O!2
qwEld.
QQ23r-
LE#<gB
F7]A}}o
v82\""
<)/=^3W
7o9t"-
9]&ZAM
-qOUU'L
dt({#7A
Dk"d~Jyx
nDfBXy
X0L3&d
`kVJ<%<~
Ksft7@
kVWt?N.
T_EKdh-+
BEfI8C
u2)z9m
{!|wE_
S.t oz?
tehR5O=
+4l{z
[=cGp8
F8;2`,9:
Z|JzXTs
WBrSf#
+Y+4V[u
4Js_Ek
p9L3+
]S5a DK$
J|a|
"u[r~~
?_m`_fiW
81Iou6
5m(P!m+
KSb]qPig
.#Ds]O
ye]GfH
;k[^0N
K=.4*B
7kmsY#%
lov/ '
^t>/eEe
LW#%AR
9`2al!
Gf:S,'
&/w|}j
oy@)O+
2@[wNK
bl[g|
=5g'W0'
SQ]C?Q0zE
RI,)>u
q8s>VB>
b7PaNt
L*TdmsEU
SM\,"p
1)^n:l
L@"Ydscm
>bgeQ}}
PM,rUU
3GkkV:Mf=
w9qI,Y#[iaX
~mdtE}
D]#PCq
; %nZ:
H~{V`f46
CgPX#NF
~%q'HA|
vn5 Z9
!kF"9"
h$3/\Q
uRx8V]
:E`#}I%{
8pa6 }
6jruD1)
AE8ZwA'<Y
.8HLyoY
!W'i>;x
w"}Y/y
Ur6sE 1
&kZp6\r
q~V\p>
HU_7OJM
m'Q]'c
?ItZCH
`{xv)
&MFLyR
Z}`$'Nf
k.RTY
g7$tbx
T+EKdx
y:#%:q
K$ak)w
_.ZU>C
!jWna^
kei:d:
hVrKH+-
Md<y!W
>^>d3U
YP+gj.
Df'c'E
`[L5qe4^_
b`KA&!F:
F^K+y.=
AC<lNd
[9tDsXty
FV.uul?]
ll#PGZ
S Oc#TU
Luro=7
\VqdL3
E}a/=7
G^*B"p
*6E;7~
7'U>X7
!Sp_# *
tvmX@1
$sVhF},G
dm+([.'
nZ8nu_O0
oQpS1~-e
f~ N.k{
PK!041
c$- K;
0+$'@?D-
g_hI4gH1
'}z H|
_q>!P_
RjH(Y)
pTNqZi
[;/{ED
[-h/7K
9EMaqMKL
QDKBm0
dzD9R
3T*5Yj
<|0W}P{
9V#ZA>&
^bA)p2i
i_LT2H
4z>kw}w
AuMHU$
>&c`?|
F*!5.
L0)jV
aF\a!+e
*/Jbts
ZACMb\
$|0B#bZe
GuWq7-
6!!MwxK
Z#qR[O
sM@Y_D
Er8A#{
[?a&B-
71<SHy
d|3m,<
h`detu;~
TmrR+l
(t\9X,
7+zUz)
Ml2;Ll
G_`; ,y
ofHY:L
{PZ/Nr
~Z&%W=
O/0ZXE
4wGIzU
ZH3ws<
Z_<2]
3\%k"z
Ql9{MH
c:'3Gh
hp0-ir
~c#5rc
'sx?AwP\q
$;cV}{
=wMMo|
*+ekn;
q#qkr6
z85L|H
& |||l
44qWx9
lF QYE
rsAizS
;Nis=J
Hp2rBe1
X4PLg<?
`oy>xJ
YQc;YU SA~$
mTl?M;
QG7rJi
jB~H1(q
&>R?W'
Y]GbsN/
=M@J#eW
ewS%>BTl
FVx+{J
8tjbX?
t%g#`5
79(ujoZ
s2Yv}
:s7$!A
Oe*mv
2^w^[%
BLdUI
n.mI\
z&T%@Y
xXDbXz
Bl>2JBT
yAZL';
bJH]_]/
5?B/s9
6r&@)BNf'
&{S:j<
w"0<zEF
dmeIKsd|
.<^b9:B
8ZHS6T
H5"RQ(:
kxzM?.A
i)2Qx17
vQ:g:=ih}
[jd(Gb
o)@3)U
:\N4@Zl#
W7%3{X
xS7g)l
GRwZ_P
/3?_4}o
Vd6b@.^
,rv+a~N\
h{bD0?n
k<fl{uac
*fhhC
qrFe73(h
{K/$he&
S==~'x/A
;R~+h`)
u#_*i@
y6"\<J
FP&BFwA
mY67)NW
*TN;CT
8{02;&O
o*C\T1
4xT;sV,
.<_^aEn
^J~8T`
AzvE)K
L,~F,H
dpc2G-
ztt?3K
$`$8Hd
[-dM.X
X#C!{v3
@E7c\n
'n6j!k
ANm~l(
K0(<[l
jsF.bH6
43jOlu
= )omN
U}nb5ps)
;PCX;,
98((VL
K/2[BY
fx,o}LU
]Jz:]m
&n5(Q1'
YH2;'J]Z#R
w"QGbh
re[@Ps
Bc-$.@
e,2s 2
oskUUT
[?>'lv
1SOoyk
L>{TDv
X:.7FFk
.X~4xGzD
=HL^lX{
W+ic+s
J$ ~!5
ePfT=Y
<?7Q44
Eor'Dg ;
l!R=t3
[;BAsi
<Y\cIhL
!)daV%
T]'Wx8$
IsCIGK
a*+-}{
E8K_f/Wd
=od=(r
fR[GYr(
Ak9w",
aMJd^s
j["^`]
qtN{8@o
'ky6!V+Zh
L/mZ+^=
683|rA!
qo%F</
bfq\Tk
1^Cg-4
4n<Gp
SGT$OX<'
;4 (O9
t0`Ie
d![}|q
\Z},<[
y82Dp(
Ks'wW2q
MvAf`e
5+['w"=
vZsLEf
5P'{[Jq
<TwR4F^
h*S%z[rl
^C_!V[
TPFB0!
bpWW5]FS
J(>~C>[
p*PVxAB
P2Vo76M"q
j niRs
;pn`b2[r
,v_zN1
SY#j\EA
+b%(Q"
_Z*"!huKh4
L|@jYX
6Lfy\#
E@t|a.
<xT)mq+
`%O4sW3W
<zTZ7aA
~+b+E6
a+z@B=
d8NFG{D
T(dQ-<
OZ{MUN
?g1uK[
lt_pPy
mh,ekt
,H>YI!
]\LA]D
#tMpF*
Rq^eE6
GqW }D|U
~3i/d)
#|kM6*
$8%B&j
!'4*jYs
:a$mzN
#[>vs[R
yJQ&e%=/
"T:!2C$-S
IQ@Oji:
(~_E9+L
GUw:X)
,*b;||
)KHFco
\5FcNY
1HKhC:
= |D|M1
1y&~x\
bt.2[s
7M_'8l
)M~S0Z
'j!|K5f
;$Q365sO
:Z8PzO
AnXoLP
]l$Q/*~%
Z|Ek>M;
O|<Q{A0(
2)Rc~U`=
ukSL|q
oKb&yWyVl
|8amOKXm[~
752wBG
MhN3NJ
rntMlS
xbx_6'
Ea~fTb
jAS">X
A'y{a{
3[9"R\
;Lx|j/(
/q~0LZ
t^E%QT
Lp<tq+
Cqbr(P
VAYRvw
6zZ9I.
GOjeZ%
*/fU&~
e'A2jK
qp!wf|AJ
AHwx[8
P.3]v~
K?87FX
_+.jNE
n#a5Uc
)H:9Y+
f$%oj9I
'l=],eF
-Wab"J
Mza.SDe<2
H9#7ky
<gel46+[5
oJX|hl*
.gCz~
<s~Sn<
%zur#D1
!eNW@\
*h<)sT
\;|;YW
ZCdtOA
@#<!ZVXb
oND),Y*1
y-wd\O
D'5OZ&
vFBHW:
^q0j41
T}@%="ab/"f{\
Qze9S@
N2=;Ob
/>#p2
[sHE{
=U*}"D
/R58xb}
S$5-pj
l`P|m[5+P
@*tM^7
Ss!}o
}&/0f
|./Iuv
>&^l`{
iyY+t2?k
4v)O%}
PXpVlTP\zZW:
,"vD$]
$"S`EB
&PJ"oJ`M
q-LGS\
[qyPx0
EL*#8J
8f4*ND
h{P?X7C
SqR]v"
:%7[*yJ<
|EDlT`
Vt(vw`
XiY"qBo
3@D;=}
2Zm03:
{RRe? 6
8X{rvS
x3N1fz^'
28=S~|!
~f2aS
+|3`I8
xw8I>t<
b_1k4a
E5,STzv
;{TQ0
Y9y)x>J
{5nvCt
lnKYZ
V4'/2iq
ok~gU+
}F`;HU
'RKC)B
]@;=Uy
fg|[XlUL
3d%pWp
RO&:Q4j
a@r(sS
p*nuzp
:_TnWb
-+0->7
v\^W2p=
A{f#Y%
Ux`CUPR
pvFBKoW
Y(_$k
z1n;A]
NcXtB>
%/H,erCu
|fDUCG
7fxJ:A
s%~f_e+O
Wb4i=m!w
SVHC6;
"HZF)0
x^hH44
gF7U#3
%J'4|X|
JH3ST*
Jsrr.2Ga
\a:$Pe
W'+b4>?\P
No(}j}
ICqmd@~
FW"{{U
u#h?M^
#Y;lUsN
.;M=o{
Z&gmMV
grLjyz
GI#Cmw
)B0|gj
nHWi4y
hNgiZz
Up-}&K
Qx8x3x
JlKTu;
8YlSy.
`UJm}c
n>s%J0
w}<?x}
#|C\H
;`0$p.
Z#.-PQ
M*HNjX
>"U s
okN#n)
(!"Ewz
*a19SK
HV3xG:
<RCEq
>nF\q|
bC? i
~Iy!SA2a
"CySQ0U
=%^je4c$
B@rMy*^
p$@vI
HD&oWb
S^716pv}'
21"UvH?T2
>s(QaX
Nom-*P
^Qt(rsl
3lKts*
XEabq>
4z<E5M
55_R\?
BNYiCK
:<{s+6
g+f?W8
7#z;4?!
M6=NrvD
{Ul_>!}
AVs5Jo
u9j;bQ
cUa= Q
-e*{T@
d#`0gD
x74,}w
)&l;h
=&WeJ)
]k1Rh
_UAafg
,.Y&[_
5b; ^+s
,U)NoN
x:WU%o7
DH^N<4
h)h%gp~.
_W5W]+s_
8?<g)sj
:3s%IH
B1{/-:
1ul},"
wu_R-=q
\"*>M=
vr:N(^
tsu3eZ
=?1JtC
{}DC71)
^NmfJX
)$J#_g7D
}ojrk{
.N<YLN
.xlO+B
nUN)3St
?6m"{)'w
0].,h30
-k!1W*
m$ID!{
oOHA`lN
(d~f!vE
AsHyQ@+c
,SLl/?IMH
GV+0;a
+M|?)?
2XYGYu
!|>;ep
xWXD;O
USq6$=Lg9
VBE?j%S
1+eM+v
x;J:F`
80y7%|
R2)uWL=
Fwa2my
<y;XXk2Gp:
kmWMf`
RQ#u`C
W!/1,Id
u/X9*:
q~gnv
LwtPrA
s}jrJSA
?F6z
Wf=b#!
zd$kiH
XCacj'+v=dZ]
j8moS-_
r)rq|1
qR[T{a
G=d.Y~
Te/LpX
SH1uVv
iwt-VI
:Pv)F
zskAwj
?3HxnR
/F4{Y-s>nC
t~o/b=
K,*Imy
%Brj9d\
!Jk&=xr
j1,PezG
=fdJ>gf
`|_'#L
kFV.AZ
&O``s@
CV=Hl~
9^+$&]T
4k.ESH
/)W:4r''"
Nq7]zOL
%)0c"_
=, cPD
sg}kNy
9Sbb<q&
v4I&N
hB@DH {
RpMWv8m\
N*$Dz5
=6I_$Gq
U&?Gl\v
&Mo<Rq
qZv6Y&1
]8"+kl^
WPs4iT
%0rNRR.B
/G'K&r
oG~EV;WOPj
=>~qii
l;o\^I
0=S`(v
E{87Es
|3rjZ!0D
X0=9blD
5K?YG+
f3Z"vt
ck+Qc-2
bs)6#E_t
+rBckI[
C\"}8j
K#%)x^
N*,,7b
w\RC-{\
6je7g{Z
dB~g+/
]0{;,8
|\t5*>
@MV;6V
E~i$&P
n<QbChE
PAQ[HPC)
ExQCx3@
9y%AL<
(HLp@e
ZZ$mGj
zysK0>v
YU*(B/^
}Axx{.
c[{Fjt|Wm
&+}<~0%
xLEO1sAAA
ihi#w1
1]z:>Y
BWoEu
B-ayX}lx
@]4'Eq
'vU)MD$
Lj=$&H`?b
MyUx8x:
)dc(O!
PedIY2
%(#)BF-e!<
+a5>P zF
%azz5n
S-G,7+
=uxM(c
/Jp[hf=ap9\
l`/19G
]m@V>9
dDr*,YWw
hj 5Hsk4
wf12]I
#Ot9e<\
d98U%S:
F9p2mG
U~e"ge
mqGjs~
jZk:D`*:J
2LPOD
_6mjoI\
4Rdt"N
\3N{:y{%
+f~6vX
q"xRCr
=rbn)~
W\T {{V
|48'Re
K'\}@7't(S
|Nf?r~
+Nx+M{
3b#^_G
zNn(n+{~.
r 2?%p
#[W;q
/eiNcB
TBcu^{
f[m;(fT
6Zl)l:
?pfWS# d
r-%(q_
Tt@$zw5%
Y*<L%Ea
z-hIO~?
bW[TN[m
^@!C_~
:ueYMe
~I:IaB
3al<yj
>Q6/m
Y[!2yu
CiP&q#
:E:imk
Bnr!{w
z>m=!8
"zI,^j
e",5d:
#[V}lN
A`wNi)
u`>%NJWz^
[d1!A?
tpK}qemRJ
qKO8mNcw
6+WdIBL
aOgUx6
U]BHe)D-
~Jc4k'
Bq2_Md
x':WfwU
!~/[f1
7H+JSA
FO<TR3
kIz5xF~5
y'1~vv
`iW(gVp
Wn#Zj~
A \(z;P
;~kjrT
6?x6ku
/8ctxH
nM+omt&W
KO8HFv
dI)UZ>-
I=P/DI_
dKxlm/
%]5 uK8
3L7Y H0Q
.Dqp {
HY?$h@l
c]U>02<
coMM;4
Uty$MO0
Al]Gw|V
Q3ShE-
&Au[~@(
cr}Cri4;
QAq>$b
==kc*;
[fX];'9
j <UC
3 WkwF
KYq+j"
0%PN`p
,}HFAj
3B-UC_*w"
@.pt;N
ga4av@^
IWWu|I
6\b=pF P
31|mUZ
"HRv2A
-C.m9(d
!RjJ4b
)q0b@3
gfQElp
ntAE23
vl8@1^%8N
kPvC9F
Rrf!st
Qkvx#_
TUI &D
b:$n(|
.c7[SE
>=7SZv
Cb,W08
dU5,E7
2rW90(
gnh{Lr
Y`J"2
ORBVKl
4zlsPX
j|k{qh"
,X"(lh74
mtpP@k
UfEZn.
jghu0?
rBCugy
nt"?+ bG
<,dm4}
$XlYxYY
)GVd_a
yRZe93
D'75X%
FMO}im9N
!@u25
5n`joK4
&s"&cY?#)
^<!bTx
&#6A$"
hE@W$O
}XV?PJD
VQz H;FC]C
!CP_&9
m^qwF
^jH9Bk
n|bW\?H
8){<.;
8yuC[Gs
1?5`h]
S]JMV2
T#l:wM
Jqlnh
aI'-oYekl
"D;S3s
)_tz;%
e/)qd2
M/xKj(
Qeh"G"
PT'<\a-d
F=e~"G
(*^t0^
;mk?|}
hbS8nO
.&lZyQ@K
e"1xp
!w5vP?
<B<_\ft
h;.uko
u@)3>FE
,>i-~s
/bdSI1o
>"$7JC
a0%MC7
5<oE*O
m'(3V>[
$YSs~RC4
bTZ0|%
BI}@0\
*y3PwQ
.^|l%dt(
PW=511ol
$>^=hD
dM8\zr
eU>~+9
Z";w$:
r9ua'^A
EHR9#0M
3NmA$:
%)?v}`V
]iyt<C
&FZ3-3N
Vy9bgd
vIT['?b}
k~9$J5e
k/8|-Ra
W|E|m$p*
+K4}m\,,
;nDW+I7i
e!X?cF
EOl"@
_EG\9N[
*E7?3!5
v`9i-a
E#-q{5
HN}>4`D
-~^Bs5g
4F>M [
c;onHRU
G>B:e]
,\tyuG
+N$gx=_`
:/y6SGL
%(<(IUv
O3Ckr@3O[
MfD92x
WcO8![
s!|ayr
Vld!/[@q
|KLjfP
bt h47a
04R8Rv
k/SVNJ
/=pb][
#nMx1+
T$Z{&C)
DF^JNa
,N-v.t
AO}|~5|o
W4TWy5J
2ul6s8
49ThT4;
hPU4rR29w
uO_=Z$(K
$"*!sD
PK7e.LA
a[7H6_h
]|p&f|
,u00Io
U<pqZb
8XJovh
.NL0}?
ouu(q/d
4OJK##juD
:|7eE^
)Hq}1%
00#l$+mdT!
,s7Ir9
4=DC4B\0+f
p 4FauE~
.g/'1#
8m+3?j=l
X@}U8@RXj
4W=xzwj
->qF$8
Q>H}~1
F$un.rp(
+cTX_2
~]WB^5
TZ*%PF
s?dj y
KtY-XP
-={O27q
,9KEkch
pjx_rt
Y^R)bH
HgI9VCQ
Hy+["
WvUEkP
]~7arYj
`RzaWY
.T!:q~G
Em/jSi
<ebT#I
G]p21B
WC-DhqMK
a`!]E
*P.8%L#LM
u\2YGp
l!F\+,w
e33juj
'PwYg.;
iyeaM
,K`:Kb|5>m
gp{}9~
-++rS"
u0D&#n
0R9hT<
{ Wo*C
C1zud[!
@YV=|u
)$kfqO
fs#2l3_:DS
-^D}5"
$5|4_o
C]0S0q
_1"'@
C GCSRHx3e
;cST}U
Mc_zfZ-
gwR-G&b4.
zWxAYw&SO
QXDS$Io
;H5G :J
/8]:OV
@\~jq3
`}:f8L
O;<!!?
O\Lgr5+
{DA"~ga
n:ym>c
+^YPKC>
"?BTi6(
=UIj;LZ<
cf/Cz\O1
:rj;}Y]
vv/AAQ
3CR{XU
C>wR:L
es|zJ^
iOFqB%TL=
ED!slMe
5`Wn5v
ovVVRG>
66P6u^
|O?+,w
/^?t@MiB
}7hTbd
)#0#@!
M6{try
=DrRio
2))$S]6
gsQ#.N
GDy*p!E
5Dz|Bx
*q]ev
+x6AFy
w:1gF]
aboiQ_>-
>[c+4$
b9#Xf+
M&}{;&~
_-)<|a
><yFs}
:W/Sl_
3-<2,8
GB9<!z
4Q=y:7
Q]4\JW
z\fOigJ
r"j'SV
A'"beN
r~9Mik=C
Od%,;:N
R|L;/9xL
eTTJ9Y
rY)f)5;_
_Sp'q5p
g<!QI
]O*"_aj
8M%Bg6
=R/dv+
8&Lg8f;/
J'I3XN
hLbkJ*
$cF[rq
['>CaY
(5}JZu
'{-C*A
ZKZ 1[
N3!Q]/3
'6r/iF$b
[-j"&wU\
OrXh k
&+D3z$
K~zap)H*
GJX#p
Y~OkZO\
@p8C}g
},I=fNOW*Z1e
~7Fk<H
-1RDM\l
E_2vA
ITk+vRE
m}(QhT
pKXD!2
_1@P$3;
c;&!J(
@$]uD?)d
uz/<i.
nMW6<=
I_%xr^
3tyJ7^o
[j{$W7
ZN'Cg0;b
5U+J,
9ZE4gii'+
F[:tK%
Z| \yP/el
\@Fzo3&
5%|Px9<L7m
)}qD+]
S)O)]>H
.Wp7ct
QY`O{N
7q']QDbR
Qz-@an
NB},+j
62M4ik&
rk }$7f$&G
9YY%Lp
F{^6>q
T & =Jf
f}n7<B
$gYjjM_V
84TUN.
~j?dGz
vv5)/V^1
Ti#*[$
?l##e
1u8[.x
lKCvjx
S7l2sQ
31WNK%!
--.Y'|/
j} .&^
@#<|Oz
dslsDzw4
\a{89v
=<D^8H
|^I},H
IfmP$u
r,ej@3
dp"gl<M
k]L:;9
cphLz5m
lTy[y:Q
ENes<NL:lo
Lt#y@N
);9_iv
N^]z\PaHnqV
nI,4c]!Q
}!E(%o
*;a/MuD
vm|4h:.
,C{k9P}
/^U9i#b
>[T2)u
oJDeB~
l!G0`0
#[rTTM
DW+*WwK
sdWWM.
*f3`A,
9mMK<j
VG%_F`F
G4psFEz
)hIjH&
V5FB3,
qU<Sk^7
:)w[ubI
&VAQ\X
R:0rr4A
%!\d"
Y\TgAU
rNXZ i
WG:rj#;
.tO(e)GF.d
k$Lv2H
E!tcHOmwV
S<%pJP
,MW<]l
=o.{k&~mL
R0%x[5
Oqxqr`
g[|3{*
`YYl=&
P8!h*
NF:nV"
:M!up
|s@=**_
#mV4>3(=
p5$1EB 0k
#[87Fw
+ixo&4K
a()`?R
tX1BPsx
B^):-Z
g8&/8B
BIA:F5
j'Zu}f
mo@\QS
e]_jm{
qg#'GY
imQ#6?
;u"5)G!l
1>m= 5
PP>'$U}
xUK]'?E
o;QS<^
^4-HX]
r{:MRZ
&"#KG:
CrL$Pg
LZE~SJ
2jyZb+
GV}6[
W'CW)d
Q)bFok
O]sU[H
#?qJW4
S3(93?
0(+/;6M
YS}kMW5
cU@hoXMRW
kkt;QQ
^5q)Em
E4m8P<
3h.HUY
8bl3T!M?o
d^X1E7
mNQGr0B
({JW;Il
Z"$dkQQ
Vr?&2+
1> U98
y*@p-R!s>
N%nu.+
3T`|$@aq
D/~p^W
5"A{uq`
8ILL9,_F'
jKK+vt
_-"@LZ
QT~c7<o
^$J,sB
u,Nd@EKV
g4UJB9
y%4q)v
d<2|pE
NZd+W/R
^Y8'g7
tEMR:\Ud
%X^]l}
[.${3L
*($';z
>,&+kA
x"0u!v)$
5&jb"Rv
ezdVDA
/+|R,OIQ
\h6cHj
|m@O.]
Ke@j`s
=s49YwR
gKs+V
U4`VgtBR
%DJ8_P
0aQAV7
Kr$fxe
!do6o
y|Xm)P~IV
1pIaeX
nFIadb
!c0Kl`p
)%ylvAW
Mp%-<B
$tR\[)
@4=p-Q*
yl~}TB
A\wRa~
3 )9Om
?"frg.
OA:f:0O
/\HVKcO
J:`XZaM
zoT26Ge
;I7J2+
tHN;5#
Kt0G0oo
-J^ WV
2A^q?D
d&T;Nc
?lFJ#N]
8OD>6kH
`%B;&-
rOzc;?
0(72wv
vg&f*H
zX)?1o
sS`3pMv
2~v>Y(Wb
P@fWZ\j
^hd~Ax
_iMln9^
tJGB6W
=QhQIv
Rw%j`7
LNjQ2s-
0N%7h)
5bgl*e=
S.kHkB
Vs!C9
z.NF(;
.dO55iN
}dm)\
|'r9H
eZsA&r
hL{\X3
Vv4Yjxs
kmnhb~
C!@TUZ
\+f+H{
%3QurWz
{48="{/-}
A\AhX
iVnfVt]
&MnL3[
_Nwi_ ^z
^I=4y&
bn)!W{Vs
CNm\C_
y"O}yv
5xdD.hX{
0MOg:
;_!'WW
ys1%YH
r-VGDEelf,
_7y.*2
V67;}Z
]JG`[]
Eb7MG)
Ljanx4
z%i5y|=
KY"cY2
G'SgUck
m.I2V
j<Mybt
{]/uDs$Hd*
\:4C/P&
2*m<!I8
NV8{Il
FDn3==4in
)cD>Q[
7PI6I]-^x ~t8fn
3T.)d/"]}H
fX/I:t
j/n#*"
,~'s4
0Bsw@F>
&3}=OS,!
-q#C5>{
Vm~_6
O,!eC7
0FEqpu
zDK]~a
w52YF6+"`8He
<l.>D2
[gO{ r
nfE+W#
O{k!,|
-k)9/?
B7R"E]a
n)J|5*
P8p'&'
r(-IF-i
=4Eu/`
P<2ApD
3*olx=p
WM,t8b
kKtVeP
ImpGyX{
?8[K|+
NpL(^yN
^6Y)*s
n?vGhL
n|YcQ2_
+'40/B
)9.,h"
CImtfp\V
2k}CT%0b
'4F*l$
XWrUD5
x>[LV"
=XC {C}
q/VYY_&
$&(U/=D+5
"'jECY
"Sl :z&;t
1iR[*I
fll55U
nb?BG8,)
B,<&pr
7F_lFG
4o}dx[
8@ "%E
tS/^ab
xlya^
;0q|<=
\;Kg[R_YB
B"#D_D
Rf|`2c
07]'>g
Kd^N/gK
::$k7=JT
)\VSDY
gfenP6mu
KW3k\z
3Vg ?\
1kL"$l
@s{{ 1
i{]._6!
ti}bt,
G#`G%
IERASH%
7;rTrs
0p(P@^
X'^C<Q
'M*c!/_
boU-mu
l=].-_%
yKe4Wxg
{U$O;E^P
|k?e<Ov
]AA"av
vew<'"
FW,`Xg}a
eS1:>~
HW!va=
B@S=s-
6p=S7Tl
d5X4^wwJxC
!PNmOd<
=+Om|$
H|<}'aO
[|1r0
^5tN&c|
e(qt@w
:#y@"
+d4='"e5
+U>PW3
Y(nS!7
G%J+sG
*EhZ*A
~tjpv/
~o0,h6*y
v3. *E
K-k:rI
q*\,'W3
O4(Xcg
!UC`[>~
XAT[xX
@s`UBl
feZTA{'e
Mv/oC
(,zkVu*M
XsBQ|m
6=,a?!
Z)NtoN
N#$inz#
]U)OCd
]!n5p;
r!.H?Zp9
T!-6dHl
RVt<_L
M18aH_
4A?]\0r=(
CY+FHa80
ttZt*^
Y]Y5X1
t=hLSL
y]i~q3
ai#neDq
CxTuXj
bbLsB
3kj]C&1
rFF H
'If+9>
TQGfxQ
G\`wd
qTXTC~
hlZtn
h_tMWJO
G9d%7
G9PNQ{
}8kv@?
Z>av7A[
SbY&$?
KY=/n<
$SFQ:
QB(XFX:!
4.cA"E*
nxH4gmA
!VPQdG
Pbjuc#
W&rq1O
FDAF=9>
wF'B~E
RAt/ivK
ILTPvpiH
>@&?\D-
qV8bgfP
Q;5/G|
HLs@f'
\^+83|
u&Izr@
t]-B:tu
p/z\Wl
Dd#|X@P
7YNl8a=(
HCYb/)
WY0"6T
E(ZUpi
}O@O3uw!#
LHP|9
hR.DO8m
Q[Q>jc2
zw5TXx.
zj?^_-B
~H~uYo[
1q<J8]
Q%7;.z
+.)?4
}_(v$>g
5=h|]n
#9eQPe
UBq72U
x,=>c{
7TtHgW
c(~!96
J:s".T
az)RW@qZ
So'! "
'E<IC=
>'bEIb
,@JXZ<
,m,DsP
aP{:&S[
L>WFUW6\W
{O%g.~p
6jv7/W=
b-^):[
@qO|b>\
vjIOwj;f
cg>ja\
_b-k=z
Pg;6bI
Zf_S%;
VKkJ(z/
CS3D?,3l
GW+J{N
TY~>Wr
#SfFJj
oC3ej
A_JuY\V
C1xOVG
I]Q\V.A
-V!B\
+p-c+L
xX_|/U
"R#%d
-QE:'*
jh@#<M
4VI8/-
zY]*~f
t_2"-mn
[RIt)#
9fPs-U
2$o?bS
,H%Z-*]4
f4Y="v
.e]qwAT
Z9<v|q
8f?dD^t|
%R~0S,
S#L*],p
?uQh?)
LRTeD&3
.TEhCI%
C"K3as
=Uc{>4
o_P}b@
bK,eH7(
3I?%~z
*mApwG
5{5hKE
jFmDR1
`{c~c:{
2z[&oV
tx7@7-
s|s9-\8
/&jg8v
25aKO%e
YBGvoO
SVboDG
PUo"vs
O3QeUo
Tz}1$ZL
NjzcgBb
_fxg4n
,1@Fht,
Q:cn9E
<"]^ZI
Q/_P(,
;2+x<D
<sYae\
<xh&=q
ls'5#u
*0HJ_5@
{dT+K6
1;B``:
Y#/sCu
AOXrl6`
(9?[,v 7,#&N
YM3kq_
]t}lhu
Mk&2Cl"7
E'cr#
+tj,T`
_U/}3'
f,[LSe
!nZnC_
el&p2{
g5rL+z
7q 6jo
YJkxSu
@H/>~!D
B}hd+^
4lCMJ
b.h~SW\2
7NcUimU1
b,_B#YW
M7 8@sV]
SpF.>%
s$r.wDdh
5-E@W%(zj
y`39=u
e$@bX:6y
)&Qj[gi>
R%cgFp
TClK^
J"cxz.
Y:-{Y
%$MPml
%vd%Ry5
bK:QI[
^b|m5hUD
wr]RQW
BA&dgv0
{jG2QmO
.|k)N"
cJ?F:>
suCLGh
{J*]sB
dnad]j
[&fRx"
K)Om9\U
d_26+0J
V'ZV4Mw
sh]-:
qgdb9
D0,820
!0%*'CJC
o3EeE(
6LFXAV
X,f7;z
c-R\6T
P:6kix
w-wMV&(
P5%9.*1
jtgya
:zhC&ph
9CapbJdDM
PFr38
3TP,&@P
z{^YpX
0Imi{VO
x8\w5sf
@0_(U9{
E5N?gN
'1Yz/5
RQ[W{y
Xw,$j<
#!zW,&
#kPFnR
~s@yE`
VB/\l1"
T'H 65
BKheS4S
0H!A)O
*>j&Y
rP)[k&
`mQi~e8
@"P`Sp
!w.y=W#
G[pFwtyIy}
'M4dT8
M=Yl"dy5
6V?v\+
;t8Z(O
K8NiT:
YN1qxSh
qFmGTX
RV{_+o6x
xm>*WB
en"zfqg
x&*oq9]
C.2BRfB
`@Ohl_
V6(oo$
IbzT^i
[Z7pi+
B1'dqC,
,YyW[
BI^(!J
]z8?VU
*T6xKw
..sjwA;
LZ:r@k
TqYWG],l6
+V$T`e
+$]LxE
*bhh-=
j+n1Q.
y8yBxX8
#Orfeu
+^jk[A
{bLl1SX
g qPr?
C!hyE*
?(n6=e
9O"*ZfWy$
o1FB\/Q
d@9%h<
MD[<{1
21(DzF
q<o\mM
_m: BR
}goW1y
~TmXI_h
$?Z >G
?po2Pt
0Fv&mq
Hm#>o0
=mp`qD
gH C'$!
baDdP1
!dl"CB*
d5K45`C
3bZ61S
>2.9K0d
YIAY)F`g
:.OSitN
GYu.-0
hlgw|[_
{vucAMH`
`xO?(]qI_
AAj&)[
wNF.bq
uX::_K
p<A{~0AT\
OzN _N9
Jt-^d6
:@<)fc
18,$)%
@Uw2iC
}gdm!/
C>NK,E
][D@>G
>kAMVL
oy9C5?
DeRybv
a?OBLG
5wOOq$EW&^
`U/|<L
l]^1`2
d}gOrEE
1./uB=
WH(fU=:
M~}=q4J
7J&uJU
.Ve\cy
i\PA?t
c@=Wu=
9f5,l%8
Gp&vksi
J]q%h
VMUV[1
Quw9;I*z
viO. uyi;
?'KPBm6s
,2s:T3
.=q\Yl
\*+S7:
)9=c<I
dz\h.l
O-%6'}k
":GUO9
rP:Ro{MV}
`BfH/I
gJrGoO
73q>Mc
+)T\iE
nBS}\/
<Gny^Z
n?J{vG4
'OVla
qU'1;E
u>/AJ4
:Y@OHA
@}qrSa
g".n2)l
/tyv19
u-vm?m
3rb,B-
Z;.UY>
G8U~HM
xZlampC
IOW>i03
{+.=9L
N||zoJ`
b%Gy!V
#ah~Z
o`zhXltu
L{H1Fl
?#TOyU
|W,V9?z
uXY:`}
9c3vxp
xOj'5.
.X"%&ZO
/8#n^Gp
QaQ<B
`Y@NW|N
KqO+ccN
MfCK`9
PW:_R;2
,G\hhe
6';}s~
)($>gN
)#BT~n
'KXDN%
"@*$_X
7.<(>-
7g-z9a
O6u :RIQEQ9@0%
*DiB)o
6e'M'#.
ezc.%{
'L",$7
W*N3?J
TRn{KY
sz]qJv
zH1]0^
N#iv#x9
}5y9x
c[q),
$R_m'g,
$RnZq@
k7yG@n
O_U >"k
&oN}Gb{
}:2e%G
NVcaZW
S6[!IC
w|7OJQe
gb\(4Q
u}0B4-
zI3DjZC
SQ.a?}
orW86b6
(LW]0S_
PfP5ZKbZY
mvg6*Q
Q@$76
]HXSyz_
a&zN;R
'a,Jo
N4by}.v
02n;?ff
&fi]T#
Bg_4&m0
e`@NS!4e
%@lNsa
$)|Yxr
S14|^<
;|*a<q
T.KF6L;
<q5qCf
?6noqc$k
k`r{1Ml
o+~j5#4
-1>a#F8)X
^Y1[=!
U?lDd8'
!daqI8'
*ez&*_|
1M{NdSW;
P\"dY
)vu%N9
c^37<;nL{
zGzzo(
)uxA^ %
X`35KW
\57gXm
4i>+m2
CTv<69mr.q
4OK!N@-
GxpC/~9
ar~Y\$
K?XuTrN
mFx@r
(-do[l
u.%I_e+cgV
@f.-y]
\40A\)
V !B>*
p/Yt Q
";(l*+
yBx4-/
DYjAwt
(2AI`m
=6/N>!
;jkj?'
BcUJ7yk;
K$Ibq[8
xAGcd&
P&=\C)^
DN2~ D
YCZ.T=
'|NsQQ
WE|k!{
$L"'SR_
n[(Dt9
ms|y48h2p
AxZs18mqW
^>l7S0
w2Hz"^
pR3xS=
*{8#4h*
%?"N:i
@Kb25@);
Z`v+OXX+*
`zdcJ2
zn/4FPE
&(h|`|m8
a3J"y:
LUn,l3
5J2XLB5~
3v3alu3
P-pH39
<VvFZk
$*Kro&
]_#joR
YmrL5q
=4q0aO
BeIb6k
Sz)NqU
n&Mh?
umfL9<*
h-L?xh
qCqh)Z
-Nq=7D
ILa`2n_
8k>5h.Xz
<~_ZmG
w2^X`Q
BxJ|5?y
l9jBFJ0
2L{83[
a#%Bk{
)s9zDX?v4
Gw`q+K
OhJ_4t
tI~\*p
T'@Ct2{H
fJ/cca
!])-NZy
A{z,@5
?yyhWM;
6zS3Oi
>LX=v6b
;F0,)f
CMGiB%i.D84H
(utGK@NT
$0tEe+`
:,jWR{
;ge/?{.5
yk2^Xw
+@TLI{K
o1@B"C5
4 DHOu
7Tc}+DMK
;k3Q%Z8N!RU
z:TY#Q
CWbO-'
T0'V.{2
KV}<#
4-vJrCl7
3c Q6Q
'3{V
kytgM8
NrexO2
~F!h~P
;u45$f0%
Pcin7
dH}ETLL#
oy.4f<:<0
OKE^4g@P
PpNAIJ/A\
W4+quE
;Z5&3/GXu>9
V ESHF
G;v</.pS
;2$is]
h+&7*)
CfN\(}
,MvJ?^*4
Di+AFA
n6Ci~m@y
a92X5X%
>zu@e%>/
=UEXJ'T
9%3yx\9
b$}~(
41 ^2<
l>L`^K`T
xvP.sw
ffW\X[
}b#YA%.
S"8GsDl;
k>*Z(4
[ci^?z
x5K[]o
7/9~=g
Mm]Exx9
!};GlE
LC&]/dO
Mjxj-D
Z7M]5dbgH
8`~^5FO
ObK'2X]bI.z
>Uw~KAK
7J5hX)
BFGR`I>
~<96##
+_6|iQ_
uzBTZIc
Gz3YQv|LX
*+zI|]
-6ls:K
$v}39v
h%\WiD
9TrRq<&~
'lz+OC6<
mZ[G(j
+z;b):_(y
t@+.OHc
\6:>2=
cz\[_5Y
BKWK3bin
pPc0oX
EK#,2m
bxLcU&
r"f884<
8swWV%
@&`SpR
H8F|K0
>$#zv]
V+Bp@
>b/[4{
D=`vMm.
.kr!c.
qOIeS%!
2&8/wE
TmDFW{
.y8yq\
{@\BmT
/!df$e
lT.E+U
5$c42zjcs
/YheN"
Q=is`
8wzf9#
UUC7=
D/?p4)
zDrmYO
=lWrN7 8
j!4?#I>
/\y>2$
:wnyNLp
|&X#vp5
nDPnp0
JTxp,M
_A0vq'
zhuf5J
i8=1w
9ba\ dP
s{9Ew)
)?%=&3?,
oECs\@q
-OwZtDpR
c-ryrw
^p~@'/J
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity
version="2.0.0.0"
processorArchitecture="X86"
name="Patch"
type="win32"
<description>Patch</description>
<dependency>
<dependentAssembly>
<assemblyIdentity
type="win32"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
processorArchitecture="X86"
publicKeyToken="6595b64144ccf1df"
language="*"
/>
</dependentAssembly>
</dependency>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel
level="requireAdministrator"
uiAccess="false"
/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
181>1D1J1P1V1\1b1h1n1t1z1
Antivirus Signature
Bkav Clean
MicroWorld-eScan Gen:Trojan.Heur.yvW@!l4sJUl
CMC Clean
CAT-QuickHeal Riskware.Dupatcher.A4
McAfee PUP-XFQ-UY
Cylance Unsafe
VIPRE Trojan.Win32.Agent.wfn (v)
AegisLab Clean
TheHacker Clean
Alibaba Clean
K7GW Trojan ( 0040f3a51 )
K7AntiVirus Trojan ( 0040f3a51 )
Arcabit Trojan.Heur.ED15BFD
Invincea heuristic
Baidu Win32.Trojan.Generic.f
NANO-Antivirus Clean
Cyren W32/Agent.EWQQ-1275
Symantec Trojan.Gen.2
ESET-NOD32 a variant of Win32/HackTool.Patcher.AD potentially unsafe
TrendMicro-HouseCall TROJ_GEN.R002C0OFE18
Paloalto Clean
ClamAV Clean
Kaspersky Clean
BitDefender Gen:Trojan.Heur.yvW@!l4sJUl
Babable Clean
ViRobot Trojan.Win32.Agent.754688.B
Rising Clean
Ad-Aware Gen:Trojan.Heur.yvW@!l4sJUl
Sophos Generic Patcher (PUA)
Comodo Clean
F-Secure Gen:Trojan.Heur.yvW@!l4sJUl
DrWeb Clean
Zillya Tool.Patcher.Win32.12580
TrendMicro TROJ_GEN.R002C0OFE18
McAfee-GW-Edition BehavesLike.Win32.PUPXFQ.tc
Emsisoft Gen:Trojan.Heur.yvW@!l4sJUl (B)
Ikarus Packed.Win32.Krap
F-Prot W32/Agent.KFY
Jiangmin Trojan.Heur.dg
Webroot W32.Hacktool.Gen
Avira Clean
MAX malware (ai score=99)
Antiy-AVL RiskWare[RiskTool]/Win32.Patcher
Kingsoft Clean
Microsoft PUA:Win32/Keygen
Endgame malicious (high confidence)
SUPERAntiSpyware Hack.Tool/Gen-Patcher
ZoneAlarm Clean
Avast-Mobile Clean
GData Win32.Riskware.Patcher.E
AhnLab-V3 Clean
ALYac Clean
TACHYON Clean
VBA32 Clean
Malwarebytes HackTool.FilePatch
Panda PUP/Keygen
Zoner Clean
Tencent Clean
Yandex Riskware.HackTool!LT2poWNG63M
SentinelOne static engine - malicious
eGambit Clean
Fortinet Riskware/GamePatcher
AVG Clean
Cybereason malicious.89454e
Avast Clean
CrowdStrike malicious_confidence_60% (W)
Qihoo-360 Trojan.Generic

Process Tree


Acunetix Web Vulnerability Scanner 10.x Consultant Edition KeyGen.exe, PID: 2324, Parent PID: 2300

default registry file network process services synchronisation iexplore office pdf

Deprecation note: While processing this analysis you did not have the httpreplay Python library installed. Installing this library (i.e., pip install httpreplay) will allow Cuckoo to do more proper PCAP analysis including but not limited to showing full HTTP and HTTPS (!) requests and responses. It is recommended that you install this library and possibly reprocess any interesting analysis tasks.

Hosts

No hosts contacted.

DNS

No domains contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.128.109 138 192.168.128.255 138

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Name eae1cf9eb2b9f44b_dup2patcher.dll
Filepath C:\Users\zamen\AppData\Local\Temp\dup2patcher.dll
Size 1.4MB
Processes 2324 (Acunetix Web Vulnerability Scanner 10.x Consultant Edition KeyGen.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 b670e8e63e61f3c26d8877090a134680
SHA1 f80021f7a9d97bfd4786ed590e2ed42743720bba
SHA256 eae1cf9eb2b9f44ba5f4fa0d09764610db75f129256c0c1c9a79c307ca94fec9
CRC32 ACC8C321
ssdeep 24576:RjavJFW5ycr32KLN3SAeBNMhYIRlFq4apzvIgmt3w/zGqWmIG1:RMJck5YUACdKfSzvIrhwjr3
Yara
  • UPX -
  • IsPE32 -
  • IsDLL -
  • IsWindowsGUI -
  • IsPacked - Entropy Check
  • HasRichSignature - Rich Signature Check
  • PEiD_00071_Anti007____NsPacK_Private_ - [Anti007 -> NsPacK Private]
  • PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ - [dUP v2.x Patcher --> www.diablo2oo2.cjb.net]
  • PEiD_01086_Microsoft_Visual_C___8_0__MFC__ - [Microsoft Visual C++ 8.0 (MFC)]
  • PEiD_01686_Petite_v2_2____www_un4seen_com_petite_ - [Petite v2.2 -> www.un4seen.com/petite]
  • PEiD_02152_StarForce_V3_X_DLL____StarForce_Copy_Protection_System_ - [StarForce V3.X DLL -> StarForce Copy Protection System]
  • PEiD_02411_UPX_2_00_3_0X____Markus_Oberhumer___Laszlo_Molnar___John_Reiser_ - [UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser]
  • PEiD_02417_UPX_3_02_ - [UPX 3.02]
  • PEiD_02454_UPX_V2_00_V2_90____Markus_Oberhumer__amp__Laszlo_Molnar__amp__John_Reiser_ - [UPX V2.00-V2.90 -> Markus Oberhumer &amp; Laszlo Molnar &amp; John Reiser]
  • PEiD_02455_UPX_v3_0__DLL_LZMA_____Markus_Oberhumer___Laszlo_Molnar___John_Reiser_ - [UPX v3.0 (DLL_LZMA) -> Markus Oberhumer & Laszlo Molnar & John Reiser]
  • PEiD_02456_UPX_v3_0__EXE_LZMA_____Markus_Oberhumer___Laszlo_Molnar___John_Reiser_ - [UPX v3.0 (EXE_LZMA) -> Markus Oberhumer & Laszlo Molnar & John Reiser]
  • Contains_PE_File - Detect a PE file inside a byte sequence
  • screenshot - Take screenshot
  • win_registry - Affect system registries
  • contentis_base64 - This rule finds for base64 strings
  • ACProtect_13x_14x_DLL_Risco_Software_Inc -
  • UPX_v30_DLL_LZMA_Markus_Oberhumer_Laszlo_Molnar_John_Reiser_additional -
  • UPX_v30_DLL_LZMA_Markus_Oberhumer_Laszlo_Molnar_John_Reiser -
  • UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser -
  • maldoc_suspicious_strings -
VirusTotal Search for analysis
Name 844eb66a10b848d3_bassmod.dll
Filepath C:\Users\zamen\AppData\Local\Temp\bassmod.dll
Size 9.5KB
Processes 2324 (Acunetix Web Vulnerability Scanner 10.x Consultant Edition KeyGen.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 780d14604d49e3c634200c523def8351
SHA1 e208ef6f421d2260070a9222f1f918f1de0a8eeb
SHA256 844eb66a10b848d3a71a8c63c35f0a01550a46d2ff8503e2ca8947978b03b4d2
CRC32 7A3EB762
ssdeep 192:Yjtr1Et860Vu6tAo2j+feMnkqtDXuulsa7k0yRlm7/Pdl:AtU8Zu6K+feJCuwsL00la/Pd
Yara
  • IsPE32 -
  • IsDLL -
  • IsWindowsGUI -
  • HasRichSignature - Rich Signature Check
  • PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ - [dUP v2.x Patcher --> www.diablo2oo2.cjb.net]
  • PEiD_01686_Petite_v2_2____www_un4seen_com_petite_ - [Petite v2.2 -> www.un4seen.com/petite]
  • Contains_PE_File - Detect a PE file inside a byte sequence
  • win_files_operation - Affect private profile
  • contentis_base64 - This rule finds for base64 strings
  • Microsoft_Visual_Cpp_v50v60_MFC -
  • maldoc_suspicious_strings -
VirusTotal Search for analysis
Sorry! No dropped buffers.
Task ID 18
Mongo ID 5bc60c4911d30829883cde73
Cuckoo release 2.0-dev