File Rufus.3.3.1400.Portable.exe

Size 1003.1KB Resubmit sample
Type PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
MD5 e32a70b9bc326099a42945389ce5a253
SHA1 03a5e4e873bdeb2a8c17abc41ded592654f89e35
SHA256 45bd13ca54f037a5ba70a60bfc4a72e65e42a45445ab092b1a712c3169a2d93e
SHA512
caa917f87bcd207cd576de842b2e9a8ccefbc465d05633ce077dc156be82367b93fed81bc6b45fd8fc55a990a2acf2ed511b71757eca13a00eb4405227230c81
CRC32 DBAD7F91
ssdeep 24576:TYNYvhlkERiIk7bNc+KE5U2vew9kyb+rREmoKWNYZNKtXaoGifw:2YvhLQnbFjmw9k24to3eZ9/
Yara
  • UPX -
  • IsPE32 -
  • IsWindowsGUI -
  • IsPacked - Entropy Check
  • HasOverlay - Overlay Check
  • PEiD_00071_Anti007____NsPacK_Private_ - [Anti007 -> NsPacK Private]
  • PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ - [dUP v2.x Patcher --> www.diablo2oo2.cjb.net]
  • PEiD_01686_Petite_v2_2____www_un4seen_com_petite_ - [Petite v2.2 -> www.un4seen.com/petite]
  • PEiD_02152_StarForce_V3_X_DLL____StarForce_Copy_Protection_System_ - [StarForce V3.X DLL -> StarForce Copy Protection System]
  • PEiD_02408_UPX____www_upx_sourceforge_net_ - [UPX -> www.upx.sourceforge.net]
  • PEiD_02411_UPX_2_00_3_0X____Markus_Oberhumer___Laszlo_Molnar___John_Reiser_ - [UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser]
  • PEiD_02417_UPX_3_02_ - [UPX 3.02]
  • PEiD_02456_UPX_v3_0__EXE_LZMA_____Markus_Oberhumer___Laszlo_Molnar___John_Reiser_ - [UPX v3.0 (EXE_LZMA) -> Markus Oberhumer & Laszlo Molnar & John Reiser]
  • Contains_PE_File - Detect a PE file inside a byte sequence
  • screenshot - Take screenshot
  • contentis_base64 - This rule finds for base64 strings
  • UPX_v30_EXE_LZMA_Markus_Oberhumer_Laszlo_Molnar_John_Reiser_additional -
  • UPX_302 -
  • UPX_wwwupxsourceforgenet_additional -
  • yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h -
  • UPX_v30_EXE_LZMA_Markus_Oberhumer_Laszlo_Molnar_John_Reiser -
  • UPX_wwwupxsourceforgenet -
  • maldoc_suspicious_strings -

Score

This file shows some signs of potential malicious behavior.

The score of this file is 1.4 out of 10.

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Information on Execution

Category Started Completed Duration Logs
FILE Jan. 9, 2019, 10:19 a.m. Jan. 9, 2019, 10:19 a.m. 15 seconds

Machine

Name Label Started On Shutdown On
winxpsp3pro32 winxpsp3pro32 2019-01-09 10:19:40 2019-01-09 10:19:53

Analyzer Log

2019-01-09 03:11:54,000 [analyzer] DEBUG: Starting analyzer from: C:\tytggebh
2019-01-09 03:11:54,015 [analyzer] DEBUG: Pipe server name: \\.\PIPE\UNXNrDxCAItTTdfUQ
2019-01-09 03:11:54,015 [analyzer] DEBUG: Log pipe server name: \\.\PIPE\ktxpsNXEisbaqXNOfHeFYxiITVVaj
2019-01-09 03:11:54,015 [analyzer] DEBUG: No analysis package specified, trying to detect it automagically.
2019-01-09 03:11:54,015 [analyzer] INFO: Automatically selected analysis package "exe"
2019-01-09 03:11:55,608 [analyzer] DEBUG: Started auxiliary module Disguise
2019-01-09 03:11:55,765 [analyzer] WARNING: Unable to find the correct offsets for functions of: 32-bit kernel32.dll (with timestamp 0x4802a12c)
2019-01-09 03:11:55,765 [analyzer] WARNING: Unable to find the correct offsets for functions of: 32-bit kernel32.dll (with timestamp 0x4802a12c)
2019-01-09 03:11:55,828 [analyzer] DEBUG: Loaded monitor into process with pid 692
2019-01-09 03:11:55,828 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2019-01-09 03:11:55,828 [analyzer] DEBUG: Started auxiliary module Human
2019-01-09 03:11:55,828 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2019-01-09 03:11:55,828 [analyzer] DEBUG: Started auxiliary module Reboot
2019-01-09 03:11:56,078 [analyzer] DEBUG: Started auxiliary module RecentFiles
2019-01-09 03:11:56,078 [analyzer] DEBUG: Started auxiliary module Screenshots
2019-01-09 03:11:56,187 [lib.api.process] INFO: Successfully executed process from path u'C:\\DOCUME~1\\zamen\\LOCALS~1\\Temp\\Rufus.3.3.1400.Portable.exe' with arguments '' and pid 196
2019-01-09 03:11:56,280 [analyzer] WARNING: Unable to find the correct offsets for functions of: 32-bit kernel32.dll (with timestamp 0x4802a12c)
2019-01-09 03:11:56,280 [analyzer] WARNING: Unable to find the correct offsets for functions of: 32-bit kernel32.dll (with timestamp 0x4802a12c)
2019-01-09 03:11:56,405 [analyzer] DEBUG: Loaded monitor into process with pid 196
2019-01-09 03:11:57,203 [analyzer] INFO: Process with pid 196 has terminated
2019-01-09 03:11:57,217 [analyzer] INFO: Process list is empty, terminating analysis.
2019-01-09 03:11:58,233 [analyzer] INFO: Terminating remaining processes before shutdown.
2019-01-09 03:11:58,233 [analyzer] INFO: Analysis completed.

Cuckoo Log

2019-01-09 10:19:40,216 [lib.cuckoo.core.scheduler] INFO: Task #618: acquired machine winxpsp3pro32 (label=winxpsp3pro32)
2019-01-09 10:19:40,757 [modules.auxiliary.sniffer] INFO: Started sniffer with PID 3981 (interface=eth2, host=192.168.128.102, pcap=/opt/cuckoo/storage/analyses/618/dump.pcap)
2019-01-09 10:19:44,065 [lib.cuckoo.core.guest] INFO: Starting analysis on guest (id=winxpsp3pro32, ip=192.168.128.102)
2019-01-09 10:19:52,627 [lib.cuckoo.core.guest] INFO: winxpsp3pro32: analysis completed successfully
2019-01-09 10:20:00,384 [lib.cuckoo.core.plugins] WARNING: The processing module "Suricata" returned the following error: Unable to locate Suricata binary
2019-01-09 10:20:01,416 [modules.processing.network] ERROR: Unable to open /opt/cuckoo/storage/analyses/618/dump_sorted.pcap
2019-01-09 10:20:02,703 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f9b528bb290>: Failed to establish a new connection: [Errno 111] Connection refused
2019-01-09 10:20:02,704 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f9b528bb090>: Failed to establish a new connection: [Errno 111] Connection refused
2019-01-09 10:20:02,705 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f9b528bb2d0>: Failed to establish a new connection: [Errno 111] Connection refused
2019-01-09 10:20:02,706 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f9b528bb490>: Failed to establish a new connection: [Errno 111] Connection refused
2019-01-09 10:20:02,707 [lib.cuckoo.core.plugins] ERROR: Failed to run the reporting module "ElasticSearch":
Traceback (most recent call last):
  File "/opt/cuckoo/lib/cuckoo/core/plugins.py", line 533, in process
    current.run(self.results)
  File "/opt/cuckoo/modules/reporting/elasticsearch.py", line 196, in run
    self.connect()
  File "/opt/cuckoo/modules/reporting/elasticsearch.py", line 79, in connect
    if not self.es.indices.exists_template("cuckoo_template"):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/client/utils.py", line 69, in _wrapped
    return func(*args, params=params, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/client/indices.py", line 491, in exists_template
    name), params=params)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/transport.py", line 327, in perform_request
    status, headers, data = connection.perform_request(method, url, params, body, ignore=ignore, timeout=timeout)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 105, in perform_request
    raise ConnectionError('N/A', str(e), e)
ConnectionError: ConnectionError(<urllib3.connection.HTTPConnection object at 0x7f9b528bb490>: Failed to establish a new connection: [Errno 111] Connection refused) caused by: NewConnectionError(<urllib3.connection.HTTPConnection object at 0x7f9b528bb490>: Failed to establish a new connection: [Errno 111] Connection refused)

Signatures

This executable is signed
File has been identified by 2 AntiVirus engines on VirusTotal as malicious (2 events)
Cylance Unsafe
Yandex Trojan.Bsymem!
The binary likely contains encrypted or compressed data. (2 events)
section {u'size_of_data': u'0x000eea00', u'virtual_address': u'0x001e8000', u'entropy': 7.999746463023778, u'name': u'UPX1', u'virtual_size': u'0x000ef000'} entropy 7.99974646302 description A section with a high entropy has been found
entropy 0.958814665997 description Overall entropy of this PE file is high
The executable is compressed using UPX (2 events)
section UPX0 description Section name indicates UPX
section UPX1 description Section name indicates UPX

Screenshots

Network

DNS

No domains contacted.

Hosts

No hosts contacted.

Summary

Process Rufus.3.3.1400.Portable.exe (196)

Process Rufus.3.3.1400.Portable.exe (196)

  • Registry keys read

    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Process Rufus.3.3.1400.Portable.exe (196)

Process Rufus.3.3.1400.Portable.exe (196)

Process Rufus.3.3.1400.Portable.exe (196)

  • DLLs Loaded

    • KERNEL32.DLL

PE Compile Time

1969-12-31 19:00:00

Signing Certificate

MD5 f9c8fb79581036f731b006b6d27c675b
SHA1 9ce9a71ccab3b38a74781b975f1c228222cf7d3b
Serial Number 24692663ef6c0c0a3b23cfa310c3649b
Common Name Akeo Consulting
Country IE
Locality Milford

Version Infos

LegalCopyright \xa9 2011-2018 Pete Batard (GPL v3)
InternalName Rufus
FileVersion 3.3.1400
CompanyName Akeo Consulting
LegalTrademarks https://www.gnu.org/copyleft/gpl.html
Comments https://akeo.ie
ProductName Rufus
ProductVersion 3.3.1400
FileDescription Rufus
OriginalFilename rufus-3.3.exe
Translation 0x0000 0x04b0

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
UPX0 0x00001000 0x001e7000 0x00000000 0.0
UPX1 0x001e8000 0x000ef000 0x000eea00 7.99974646302
.rsrc 0x002d7000 0x0000b000 0x0000a400 3.93356841598

Imports

Library ADVAPI32.dll:
0x6e1170 FreeSid
Library COMCTL32.DLL:
0x6e1178 ImageList_Create
Library COMDLG32.DLL:
0x6e1180 GetOpenFileNameW
Library CRYPT32.dll:
0x6e1188 CryptMsgClose
Library GDI32.dll:
0x6e1190 LineTo
Library KERNEL32.DLL:
0x6e1198 LoadLibraryA
0x6e119c ExitProcess
0x6e11a0 GetProcAddress
0x6e11a4 VirtualProtect
Library msvcrt.dll:
0x6e11ac _iob
Library ole32.dll:
0x6e11b4 CoCreateGuid
Library SETUPAPI.dll:
0x6e11bc CM_Get_Child
Library SHELL32.dll:
0x6e11c4 ShellExecuteA
Library SHLWAPI.dll:
0x6e11cc PathFileExistsA
Library USER32.dll:
0x6e11d4 GetDC
Library WINTRUST.dll:
0x6e11dc WinVerifyTrustEx

!This program cannot be run in DOS mode.
kx5]lw|[
mpjNBE
o>"<4W
.IUd&a
g{CDBV
[F\>%2j
}P/&V/
p=GDB*B)
\l|(s}Lxq
~dQgv'l8
C?YeJW#
cp0m<
akD`Au
Z_yBqI
ks>bDz
v-%FYW
3>[hMY=
je(dG0
[,-Ysne
hK/+D\
q5ekp}
Trhscw
9v}j\T|
8`ho_!~
E{T0Z
XSqyX5y
(jbOjq
4N*X#-^\
B"l_K5b
qF$p3eOK?G{
+ezOm]h
fSD:C,
G9!l;Fm9}
_F,{`w
}>ax0%
+lO1G,
<& g@n
uDt4gD;
}[:Ems}2
n05k_eT4
LYw0
qj&3`.
6e|y|'&
Mk-EiuWH
}~F!RFZKx
{w_R2Z
prvvbD
+*`0W%
</(`X9
M3q_p}
qehL161
ALXUvc
t )Z"L
d*;8Wo
EP)Z|J
@7lc}U
j8@<58
2-&Wh$Z
Be_7$o
b`LMy@*
,mkL4I
(\!jb?S
i7am;6
,l?1wmrdE
(*lv:Ji
$~`W2S
$=>T>T
pQ8`^Ik
?e^e9w/
h\UT_:3d
k%!vSeN
w{X?eXMD
!_+618
1TVF&-
zmiQe
UszY"f
CVTwj]
k6C0~W
py!D2p
$\`yHAC
9p8AQZ
PuY}[L
L> 9BY
0[L,Vc
=qTS}E?r
'6/gB5ry
m.Ub.l
Mf$@M7
\,~6U)
:Lp3So
u,aBx.
:7Yq}h
6F0m?*w
<[rF9-L
#8g[LA<
WFws{c
Ug2rJ$
7:U}50
2l?oyzh
=Lz/Y
n6<bt4q]$Ap
AIL}5+
cbk_*s
~/4uIv
`DL~]Eo
FTWs"t
WSmYj
G3|"\R
sq]P35
rgyIgV
%MGFm-
<r1jo
CMJa_
/B"EqB
F6Xh\g
)ePlhG
H`nN.?
`h4+(k]
+AG46O
%RGh=)
=GP~C~~
l[LP+y
Ee(7|NmYb
Q=bDIg7
\j9yX=
01-7p3L
(;Ts?4^n
+<E"TA
$"}~<:
58B`/x
XT'iXA
[BaeFq
#n(i5Q
9"CA1u
tnq0U
%vVUY
^SjX3EM
t^Z9V_
6o>~6s
p4+oUPl&
q/)+3(k
sa*PGa*
!\>bPM
>2}'2i
+}m@LMD+
;fSg}h:
)p6=Ct
>2AdQ
&%,+:Q
d%zmH'v
B=q{~4
$DGb\p
xZ^crM
HjGLgL
9cRsQm
i.O2`u}jF
;FT"qE
,&2xPW
>41I8L
pJ%LNH7zHX
]s!e%+
?*T5-j
B<jabt
WzNa%?
Pj'W@I
1;<!C^
w*vsKj/
&rvVf%
RKJ0yW
I}wuEynwM
$#.Gt7
M]HW8f
0*o+sO
~atkYY
2UC:Dr
JB%dum
>JAW E9V
'v7QbNT
9OxmAP
Na0y&(
6vQ}z^
aH8a5b
e9f2!g3
*I-BDf
XOe--.
sE1+/R
NDlKf_
prZBE_
mY_gm(
oED\D
xl= ]h,Q
x]ewq4
>e!+>s
AkWaMCKU
'0O(gA
KX3`uc
;7Q)z):
m$nmWN
mtX<;9
dM__5eB
5H]M'k
E.U>oCR
$IOx.s
S@c+c+
QwLink%
UDSXW"f
zl3LMs
NSSR1\
jfeWlT
nQmWR%
^Dk?f)
ke!;cc
bQ&E@_
rW\ln8
)j~R;I
j^7ba%
~(BObx
`sY/p60
pA5D!G
$K_TiJ
Re}FL4
ez``&q(m
DSBU\\
*6dSIi
Y'%x>6
JA2[~A
6n/Ws
11L#YCI_F
E(\?Py
uVhWbEd
df!:z[
\Mo[>i
;@31c#
ffw*u`
8h#:.A
p"qfg]2
2^nm:HY#
d&`K)K^|
/"X5%,$
jJ$!M9n
Zlzag<hL
Q0V`oC
@`3^AM
CcF6{^
C|R<cj
>knkIz[
N]J5)#
doSHsr
j5Y5N8
s@2nRU
@Gi`$@`
Ue"XPj
`h1rE@
y0#4=f
p<=hQt
o[ReAhH
gVewb
K+;#VA
4s1a*l
.:'JMt
\)W&zA
"Zm?'PYky
PgEC/rQ
(wOWLvP
b1J*e_d
G;n\WU
4aiXW|
:s)={X
PV,dCM
NfGs'&
8Pc}J]
^$z"?/
t'!s.Tz
Uq}3g
!}JC1J
d6'3LGz
MDY8^p
dQ}p=L
X8[KLcV
N\\SU'*x
7qsZPd
uIz"+#
m01b$h
0t^dI$
ZwIM._
N=$<~mF\
BGw2=
\|;"va
AO\S5(2]zD$^
Af91CG
Gbj@=?
("k7y/
%cSrgl
7S=_T,{u
CJo`D,
@N)nj^F
&?tV)l
]^".qs
^<fs2
\;bK{c
wY{Y@Rw
,@pZpy
/$?g7
lS=w5n
<K[e`#/
W?=<L|
Y~uA![
f~So][
H^}s)|8vP
vn3Y{5t)
.|b)R^
Kr9b7>
O-E]I!
l\3jh`
cWMDIq
j\CJx[
O)J6#=G
3 |4S}
LskELR
2o*+LG
w7+IpK=9#h
#!Y YXC
\JxFr%
0W%IR5
(MUIijz
tf|R0X:M
HefcH9j
Bab`KOp}
#"X)`}
Yjdd,I
5e^QaL
{'12R%Y
h`XKl40f
[uME[?
aF{wK(
`=d.;B
;AZ4>vEy@
(0Z;;X{[
kS>k=&4B*
;_mS#74
a2=X,v
S.Ig!X
2.^=Lxx
w(YC2+
L{x,nj
Bf#V[o
!o:ptSa:
0p$\X4}R
C-@AJj
<]CJ\o
Ut.#v%
I,DD0}
GnQA-g[
8Ts[cn-
'YWQ%D
w!d_#3
<<UyV\
/^]msE
W^I6w?z
u6`g #j
A">s.HK
H35[1u
]| NwM
I]\Bo5
~pPN"!6
UlPiSx
Gf4H1`
w6v4,s
]uWK &
qAQq3B
A7>U/]AG
8|Sg>Lf<)
cLfw';
G\+`;%H[
Rg!HF[
tI*zb$
v4/IC@
AB|q/e
9y*c`5<
mJ)rDZ
XSCZQ>z
JdS7cK
scpB.ft
uh3a]{H
{Yp!(X
z]l/F0
TQra~%
Psp/](X$jR
7XP\_5
oGT..1
11(&T#9
/Bk8l
D#v>4
xyGEb
lb[rQ-
/Pc^LVs
i12c#Nq
\8vm?e@2
X#O&|\
m([#qF
M0|$F4
nl0k28r
Dc>q5{
B^8.w
[aw)ND
sUhY$x
(A1C%R
jGlP|lM
m$`2sT
X3:n83
:s6v6h
3\IBBG
6Je}7}
T?a-3fq
CF#g0r
[,1 f+,7f
C)6DgKco
^>UMI@
$4zp]m{
'b3GGhiG
oSl.S(dPC
tY\{~6
TNt9Rj
,kbOk.
Gop?u,
z&:4h/
|{^B]@
rwqO@N
I0^K\Nk
iid" f
c/\0(
A%)ag;
/FT4&!
<w!}`O
5xNiG!
fvrG8v
J0]0^E
9aTQ3
j&*{iz
N&HBg3Z
U.*95&0O
t*'?"RXg
|L'?>[uK
>;Ek2;/
?S2K<|
^UW*_I
]#-rYoC
"4d>X$
AAMBA:
#!ti$)
yb-Ev)
]D#2e!{
`,2#a
Ey@=a7
A/jQh^
7FC{2
+04=dk
M=;d_D~
q$|3Ky
F-wy|@
"?YPv^i
[td,A+
'tDq|d"T]
}|sJPx
G?~%ub
.Z/"8a
G.?@[a
#Nt5DsnY|
~^$- 1P r
nK>/Zi
CX9FST
xe%^[T`E$
.W6ID
lRkTXH^
<7S$yU"1
nDAnw1Zb
RA0NYa
\:x.D+
)HJYQ#
[_t3!_
a/PNSm
akj?bXS
t60Y){
:VcU1m`n
&Gb6Q?
DFgJm{
*!Tp\z
2:L_#W
[U!|[K
lu_r.-5(
*W>|G:<
TcyCDT_
V[}5t1npR
/&F%74
o.pnn'
.'<LN(g
sY&fTr
&}hH7!
L,\:2W
i4)vd$
ITRr2$
-h{^i%8
aD_.1h
(G#(||2
]N@$Vy
@K4e?;
:?\v0XIW
?>%}~W
>XA[Yc
E73M3i
3qrxw]
>CCDw7
JUEv!d)
wx[hDT
..}bBy
^l'!Tg
]~TKb`
2h(w]*
~l\}-t]e
dLm+*o
u?hHB_
H"T#K
"6bYg^
}yc0^5b
Bl/_7?
vMs=c*g
\Qtc,v
ch@KO"|Z
wE DYX
f|owrA
]8(}9#
@v#~2h6?
/F~5Gp\~
Slc*_?C!Y
mdaha'BO.
U/U%*I
FM9m[<
<KWEYl
QscOwn
{qMd&t
y$A~wF
,aG~1:a
:[z^"Kk
xgS|[(
H,m(Gl
j.:e>iy7
a}gBb+Y
,U^#hH
:Jf;EN>
7^MomN
T/t[V
<{V.x]X
(_vN b
/P#YtJ
9<$JI3
]:Q-eC
yP1DBnS`
c"8d)"
4tWh\w(
?/x+Y|:
dn!a/'n
G*3Yg?
7u"A9cv
'$CrTm
x,&%]qn
Kd9|9#R
1QdOyn
VoE'o-Z
ZM8ID*
Vc?]:V%
"2<9KU
bj@qeM
XIiakh
V/9cJh
{,`3*>
m'fwOm7
<u2tEwL
`YnYOw
x>k#Rf
mw2JYo
B}AW<n
OC_Qbu
o1fvw[
d(onkH
?kBo3<
adi8_/C
Jgo98/m7
%hlRoEF
J/094A
_OudD;
)m(1i^JK6e
OEoPjR&
L[Pb_l%
A$6&)s
P='9d5
!)'$`[)C;
Lb="r0
%G2&1l#>
N$NK`P0H
1XAP\wI*
(fN,-L
y-!"U.
(Q+:d8
GE}7|On
RrHU!E
e[P?&P
NixD0k
%@@:Cb
jC4ekc
$BA>&6
"Z:|I4
<$<{i?
@\Wv]6
p[X74B
7)&)1d
PEq|BNJ
#"&m0r
\=:=]_+C>s
cs\>9w
x!hbH-x
0`6E0^
I?k23I+
&UuzZ.
&0.Un^6
TO:L3D
V83/;,
L1CvGE
`WDu)K|B
gJ\{acR,
@(nxv5,
)-?^J(
4Ni5Io
&}:_aK
Bv:GKuu-
k?vg;}
%F"0{T
u>.>P\
9T*H5
-nGO[4
[ou-pY
27>|[ ,
{-\Wp%
GRn1HW
p \,V.
^=+Z|6
Fz0={+
%}/?tM@
%~>ob4
4=UmRG'E
e/rv[9
Q{?Cy7
c[^9BA
g:K-.MB
";[iH?
)<=>3VD
GjV]j,4
`Y1My
]#s'0@6
i]{i/x%)
X/.eRDW
X\edj
CcR(&,
MEs,t~n
BXmh^f9
J=Er|'c
eyURd.
zgYNXz
IB%-vB
TUSwhU
)AP|yJf
7Ey*73
a"rL9<m
G~]Wt%g
G"QpqYQ
`dyb\O1
AZ49Ea
X;Vnqe%\
4{P$Q5
H.W|!s
3$UvK.
r2(Q+!
E:7lv:
]>0.fs
Tes{wc>
XEF)97
!;qfdWp
@{,sIB
VAh6=c%
G*Em1.`
_X0(aS
$jBTg:
3NWnn^
v=vlXv
'&4:U[
L+5d]#
ukTM{8?
):y"2v
fT.j?B
QQ6{q[
+^imCp
)^M.q?
+(2&f}
=s;w.g*Bqt!
bEZSh)
x<Be\G
=yIvz>5q
mJh{L/
w,Lra6S
;:4S3q
NY{<-]u
:MUs*ZP
M`+0M
V!rEr
OTSaKz
MR^Gu$X
cnZ#SO
Pw=\t0
gspgA`
\}&k|x+&
nFkj;
8gl[J1
$qBG'>
XOjAy_!\`
^9F*d{Yj
}<cGxQ
cM/Qkm
E+qaKn
$p=5,&6>
L&>rS]gQ8
.u5J}j
+[-^rql
D.=~xh
,Z3yFSMY5j
V<NeA;
4 2fb
ClN7E?1
UlK+&#W
/(#2q|
pVUE$5
UFN%9}j
3TBTFU
A]6I,ZvQQ)
!r2\z5|T7d
-#sgmZu}
F%|>5;
[{&Qe2
Q(u8jU
+zW{F#
2_:y^}rW
*Var&1
oS<KV:
?rf3{`
?T4%!%
g;r:B`R
`Q]kC\lYc
*a|.'?
!S'K!x
4uJ&5Fv
F}W!=z
Eae4+~
EIX3c=
Y;Ht(R
Z4dg\=q
%Q,d<J5lIj
lxQMPp
}2wT!a
MaPV!8
MSpR+0
Z/`_D
./'8;/
Tk hMzX
@2,T,%
1$7.=*|
yZ:RU<
pm?JW"
<[%i"6
Q";%F"g
[P6g]T
+a|c@(,I
"mlVVF
jy&ClG
jQF,9G
V\S'JZj
"43(5T
6]$g/D
Wbl.6y
)^4U`B
j`?(vPi
Y@`\tl
Fs)vs^
@(.`ay
#hAZ"&
0-~am6
^;.FgI
X(D7qC
0ixzL+
#i;@a@
|0Qo5
waD4hJ
/r^2]F
/4XFz$
ynxhv#
crw!7H
9k! Y/
Gk@fXn
h=nRhzQ
fll(jp
EU\Wm-
fur2;hBzb
\KmS8`
Mg]/f"
M3ma-Y
ck<kob
jBw(s
YaB?e
Y%[0%:
eju.>Q
Ea(x90
Y@+.H
&UXwn7
3X2,z;
^Ic,^e)
|bUKz&Iu
>tdbm_
0d5\-h
N@^!ha9
|}L3/H4
hSpP@P2&
?u_d;u
/p4h%I2
ms?g1T
.VoRyE
bre^i>
< SLSNq
y'%_HW
.?yX~#
3^N^C:
RhBM7$uk<
/G(t7-
hL\#jNyV
@bI2N9
-C`[ki
%;M2y$E{
`,wf(
>h+>6*
*Y'[-P
jSa;0@
_\u`"-
JPCt!(
pbih4
,TP32
wOh<&Y`
$y;.#/G
2QbgW/+
47*QTn.{
.{y"skp
9+2H5&
E)BJvDm
A0_$H-
\WAI0[g
rQ..5l
-LwOW-#G
BS"fdm
ol1\|E
QK}p3$F
!JE=92
7T9';-,=
;=upxxh
jN#Xl]
xfm`A?
Dxd>Vo
AN!+[+
}Y}-K_
y%8$}<
6NNQx@/u
E <'?<
-1GU52v
u%G"%&
"C@Ekr
f2#zm-(
b#f<W<
:nk2m7
5h@^m{
0nHx+T
e7UF~~b=
0]P2S55,W
m`*C;QIop!
:"OLe=
rq-ELt
wM6MV((
b?L(_<
rZk!Mt
b=]|5L
,jh)g"
U:Ye-G%b
0<c=5xT(>
T8.x0`
q]#SAM3
=71X!\
W5AJSmOBbm
A*AxLS
>qH?'[
gkf*e"
9K{v0M
&A[r4ZA
,^7wwi
*,|DFz
$0c&U;
_+B9E)
U/wjkS
rM-VAN
Mh$;x'
Z!./L7
NS4=Q;@nnd
1]/PX&
=Ej?;M
jwGXG
S9XTpk%
=!;M&+J
qdnELv
{[!%(q
3L^Ky=
T0Wti?
5"/ehh\
7CKw>
Zxxe4=
?O4EJM
=~erY|/LXo:
Oz+,l4<
aBosQ<Ot
sYt1gb
Pzm4f4&
e/0:3/:L
# aw<S
01w{m=
Ramm`k
7ghp(}
^f+T;Il*1#
}|.:IkX
`}gL!$2
c"`BM1j
nnhn}vI-
*zQRO)
,&ewO,CV
2W@yBr7
,\slJI=:
fWD~'N
_^MqYkb|O
`-HgK1
N'g$;0A
zqdwwfb
LgA82}
P_xkM~V
RyNuQ<la
m|.8l
':.L|eBJ
S=5.f%ps
?-^X``
912_3t
bA<4it
40+m.*)`
vz\|jRz
["eD#&
Bqts_6
'4(@rpNA
V>M.i$
^=Egur
').z[_
+H#ns(
aKB3&e
ng8?'q
rt.?(
Phu7y.@*
,g{2BR"?
N.t]ry
Drq:I#
%RbL_iV
K23A7dSq
-Z-7n
rn66wx,
}{CcC
v,2/$v(L@
VX8>Z
SF!j3h
C`qJM~
Fl~i&S[
$@DTEGo
u'|F/j3b
9hf$c
(@%=O6V7q
|k-4@Y
q6giHP-
173* u
%X/.`?e
#v(CPq
DUL[M/
&8$=C(
UTk{aGR
d0f4=$T
]v,r;y
8(PXj69
L-*EP)
>|#[KUy
,;vL?H?
,c}WM<
+2|Yx:
4]}%0<
jE*%1h
1[GM<e
cx:0t_
krN}7E
'6k&$3
l\)uS5
j99HC'
]gmq00<
qGek Z%
//#;kF1"
Tz]tKS0
4SJ;$1
sRDPZND8
&DPK!Ij
x(BW"gN
I8AZk[}
j==)%
bwS]4,6
\#W6m<
.UC8c3
'+Z7lv
/_"@kG
>,Sj2D
#$"fqN
`!cGX<
GC/K<5
0<'V9D=
Z.jTN2
Jg}TU=Y/
,H]Qrs
r/c9Sf
soE9o!x
5e7u;H
9<q1"o
vh^z5]
%Ntp_dO46
u*w(5!
A^'A2C
W,$i>X
r`?c2W
./"Ew1O$
@4<:6J
yg< <d@
KFuWD6
b;N-bq
5Wy(Y`u
B2dc[}
<dQ:#
CBx_P~
/'yql3
2N+trf
-9+%?y
`8l_tA
A6*>}*
}nuRB4
77Qt@fMf7
m/6pda
}lhzdU5
Hu6o_h
d5_RcO
"fDLKk
\O|.U^
ga.X>A
4XAx2|
$-D<l{[
)7A-Wf
ms$"BtW/
qVR OuF
{!l+Fn
G(Di=T
e8ik'q
L |dG?Q
c@Cy/Z
H|KaV@K
GW${,3
6jHSQ;
G!.lyq
qFl(Cg
tp:;TY
*.woi)
`(ej3-s
R<<)!m
Wa{Z)#M&
?bG<`pi
ecp"VD-p
GxVL]
}|\}`y}
dE7a\nq
i"}q8v
Xc}k"l
q5|\l<%n
*}"-1g
+60>~=C
eSghG}4
&M`w)[>
Z,R<zr
/CH|LK
2[.4eT
RSb3Sj
kiO^3T
`D6@Szk
"hG)0O
03TT `
8Y:wfn
a^Wl@c
3#;l1e
03TwH<
drdLc&Zw
Jqdx}X
:.\uH
~r&7%9X
y4F6>_
'HM(Sxd'
bN|w4k@TBk
a&Gn"v
?P m%W
8,`xt;
W:*Ws%|1
NE1}^>N
%C+@=q
DIx`kMD
Dby;8fh
$%Y.eBF
k1H\)=
?4 %@J
1[s~")G
`t8bK{f
YmT&|^.
.j_`Ql
1L%qi}
\?9F]^J
r4:n]on
sA:(.E?]
P!>cGj
3#pfL{
4Lw:<K
xJ\:mN@
Tr`G=M2
X;"Aj
HwA9<
`5Vl'G
U!%?yT
;#j~xC
D</rgl
&Ot*yP23
-jJJCrcbGn
yEp1O#
l+H`I9
(RO%~aQ
{ke8-Z~
!v0'Zu9
v#f594
[vnO@@
XpBnjs
6-!2v8p
he%_TB
;`^[Na
]oW[o=
~F?MSz
,7k^FJ
gj-D46Wu
z:<kSTf<
z2fP'-=
;nR={}
nrs&q<2n
9h(>l(
5O6X}b
c"~^y7d
COb%K)y
0`pC>#J
85Ch e
*PU{?LmkS
u}Mf@
UHr|Ix
I}3!05
'MH+bD
ET+f{~a
mG49'6
`vPWls"
bT)mUSq\|r
s_8l2z
S?'.+k
tI^JObp
#S vca
(Zlv%6
[L&$QT
$oE)E
Vl}GKW
7_>7C<E
;fhzn6
8Ws/I'
QW&xkY
V?EU@M
<*$55
1VC("XBT
[8kh3O
>r=*Vw
I-zAWygc
TJO/4@
ZmFt 
@*x;/+
^^c;v,}m
D)C+js
2dvD75O+
YRbEH
Yv%:4$
VJWj$1
lo4aT:
WXh~Ng
^XX>gz
pHr:B:
{-#0w^
ZA'cv2
HvEkH<
0JJY'q
2],+U"}
#I_q@a
:Cc<-V
]lUaaQ
Sh$8y8H
5W[SX
n3`Y3ac
U[n~&a
3*2)bT
Uc">d+
Gs(Ma
0b}PC-
{T2+VY
!LbY*p
!= A5c
X^za2B(
hi5_OyC
w9 L=Tj
49S2kO
PUS~?(
!u\5n-~
kr9+)/4!S,
*cKf\E
ji#v5D
G8PiL3v
KB{q|(
tOh0p[qO
5B@}(V
v<B9`_
t Q7k}o
"]wL'Q
VIf(qF6y
;ty% R6T
sqPcE
\z_#T
ThV@8f
c\pRZ~
QPvh|
_nHF8w
Tpzr :
"]a/Zf
:p`f^?
D1Vv7u
p^*@sA}
-3k`L/>
%#n83B7
a]@`ID
q>zuDY
d8U*N
uy#`F"
0U:[w*d
,l\o#z|
b%[Cq&
IrgzP'
[]DISA
vMF6G])u
&T`lem
d*VT#%
&+/kbZN
,QrYe~
I:!hH#
"i|% 8
e7#F{5*
!c1#M!=,$'
|AJ^r8
/#+%?A
5U8q^V
vUsGiMt
Hw>s9"
odX0b2
=/ycp]
xJ@=x/
Hv':)L
jif*Ov
qCc{_d
Wo&>M3
'g}.bC
.}*!w*
cl.9#PK^,
R{+-T1Bs,
=]@YY]
GXc5}f
RY68cmd
v9JC`IC
'*+;Ya
N$3:H|
S[;^K#r|
zk*Abx4
l9_m~zz
bPD|iQ
]b=f;.
8H;#m'I
V%uJp3z
t0*,r!
()l$<b
ixXod4
:Z+#al
S_2}C{
U_J] #
;ziH.fi
C_P\w<
Qg8IRm
hj5Q]5
g~.kTs{
gLs{vR
>sksqb
=Ym' .8
u565Ko
{9h-u)
p;&k=*'
s#I0Jl
offAkF%
JyhO4a
H[}$cI
VBNkCBY
]xwE3j
yG?,X8$|
J.1o.P
?m *D^Xw
;Tx/NE
nWRfI`
yO;L]M
=yD?w69U6yFF
buM}81
x:X3Q%
{789gW
N[rJ*w
4T"$^C0
)T8ZL,
;jn9Zk7
4\}H3#
[BAOL#
){HA
Yz'!PGe
d9<_aR
Q67|n)
I(S9%jEAZ
7eM9bm
gGJ3{6\=W
fUNf/CZ
iZiIKp
7=$vt-J
p2a >^
}`*C;v
i g.gb
TaVzM[wH
mc|s!L
SS2+e4
r_PZd2
`! O=i
jg_}BGi
Fp4LfW
4S7k)Gh
s7~T)U
@DW\`Vx
`8W_r"
xj-ZN\
1L#2cSL
,.67jbao
Ev$K#I
eE{2Ob
.&&Rn6[
D1L]}
4></l{W
`uRbu
QSvK^(p
'jib w
Dl%rgw
wG'ZM|
7xTQ{d
y$C+Hf
kT\3o"
gDi(b)
9Bw?w7
=x`=V/
@f-")v\
x.1wZj^
o#L3'rc
&Z$#=^
@1%HW7
:HB8RD5
x1fIIc
:5c4ILq
H-Lo%%
/9-S|r
JUP)"E
(?LB,gu
w9RR(0
7[S*"6
oasYd,$
D_Nkm?-<?
^4LP<8
K_m`4jCE
Pc(#gBI4
]s^`3;
A5T$U$?
lw8ZL>
u9p}n.P
{>9$0}
[4gNMK
1W.%f9
;V*(S7HM
-!5[m)=
r}JXr[
*|r-5c
)=tZ1"
>I78+7
Y|!!H#21;iT
m"TcDJs
fz.U?
<W$JOk
H]v*/I
!5E2e{/
M1?1XS
og't1y"
zzF(L9
g(*$gJ_
T]X1b|t
QZ=<WXB
GVw5{
8%"cOn
P ZBOBmY
I_}|(8
mWHjy
tkgzoz
BR i!A
zzQPe=
:@Zn<*
L*bo}'2em
l>nn(G
f* u]{dSBKf!$'(
7&p`h!g
*c_Z,V
Hay-I^qc4
i(%LEO6
>PP}}NJG
1)G\}.
d1$wR6H
neRs3h
V3.>9 U=
:("7Vs
r.c(ULs
"I'tb.
np4'f~
{BtpZtr
Mi=!grW
6ycse
R&_-tf
8[53z)
l?,b&<
.V]XUF
cNOM^l
YaU+1R
OOUDjj
\`H5[0
p|wg?C
4],`jr
hrf0Ft
@(qix(
uIbDh4
jS0UZx
J]sP:5,Q
g+`/L`
YNDT
*;_+w0
~}owuS
dWW~[I
Dp7+dy
*mH7F.%
<N%yB
_tv252/
7yV)@9
w fFCt*
93Mt+{e
Jo$T<}
v@q'ugS04xF:nb
gR0NR7
|Z-Sp;
A%Jp~U4
(y9Vd%
WK{szG`
BOF^,-
jkL/N6
Fk)Wv[
n)SILt
%w5'Y~[~
W( @7
Kg0vT\
S8dMh]*U
VQ]C:
CnhT`[V
%KH3'|
Q5&1j"u
vJ\pv`
3J\XaE
]"=PN;
.3g1M6oU
V?fV`
+JSn5`
%#&`j9
+:J8vt
3#$QO71
'E-4up
%cPp6E
dr,iO~R
cR]F6$
t&;|pTA
cpN:gD
^oX>P>*
Rr+la3
7OjC:{Cs
tN{VmT
WiA1C,
smdj;eh
/[dOM}
oO]EzLH
z{hnsD
a n5Y3
UZV/8r`
;qz-{l
<MJDz7
7ZWuEf
59D]kv
]B7d+i-
)6Zf[l
ta"x4<
[:X%ev`C
ZvOufP%
QL3yq*
ZODI;b)
by"||
1>HNJ
/wG1Z)
n#"tp8
`cmu#0Q^
sXt>9"
"cFk*{
@e[$07
5]Pmj]Q
*LN9/W
@XG5 *|h%J
7'<{rZH
f^u|"8
`&a%aYn
KI36>+
Hux3dEqa
q'j2 <
x3m$[Dno
S$QK^Q?
=gmlj#6
w^%ql7v
`^Tw<`
66ZV2!
nZLk'e
M>Z9,p
/7+IY`
[)M4?h
3mnb}0
IX.PMey
\gHB-t
qW=<2@a
`=<<v
23gTvG
?YpWHC-
k5Pkf A
lkOnD3+
Z"p;aH
f={-o!
W8M 4mj(
_R%fM[
ir8gHO
Vipn/F[
\I1M+,
UV ?{.
z]s2,[
}$zExM
~mNgsx
_WcGKS|C.
@!!1^i
Pt8"6K
<hh($SKq
p89VsR
5O9i-H
b{)TlO
VBi];<
DQv4[r
WP:yF;
B6~Jb8>>+/
E'seK/]
g#VN2agR
z_@J](
-NdU,m
R v|t#i
`i)^XF
9aHwap
76jpGu
5qP>92]L_j
6^2Y>#
NPLf>g.
;cv;^M
&}nl@qA
Y>V;a]
u+@H~(P
CT$3@0Vt
[Gd%Hp
@`5xen
zdtu8d
"2dTk:Hi
CgP>;
gYaWw
v;rcv[
ftC7'
I*E:aB
V#cpie
k_h"V9
ukzY)_O
BJJk@i
I89fP~@
JAVfMr
3 s0AJ
f03''w
_pAUH+
xYh:^!&
mNfd8U
JvaLkT
[:U<>u
wf?MnY
?W5_+~
g5me`;
,!w;n)g1x;
'q@J)C
{'lys{
Y3pg'T"
I%e3Y[
NZA;!-
[>sK)u
g.Zz79.B?
L-%To7
FFSh]=-
t$t#t$l
D$t#D$h
D$t+D$\
.)D$H)
s`)L$4
D$t+D$\
)D$H)
9l$\w_
XPTPSW
6667555@
IIIO:::
SSSeTTT
^^^}ccc
MMM%ccc
[[[8^^^
*'$e,)&
PPOp?=;G'%"
KHD'1.*
YUP&PLH
ZVP6[WQ
WSMwYTN
QMHhJFA
MJEXJGA
JGBIJFA
LID<JGA
LID0LID
LIC%LHC
LIDmMJD
MJE]MID
MJEONKE
MJEBNKE
NKF6NKE
PMH+MJE
OLG!NKF
B?;~DB>
QMHmOLF
DB>LEB>
ROJ[MJE
A?:]DA=
LIDEGD?
><8\@>:
FC?$?=8
<:6L?<8
=:6'=:6!
PPPOOO
WWW1ZZZ
\\\Dccc
gggYhhh
'%"C*($
/-)^63.
XVS0A?<
YUP,TPK
MIDqKHB
LIDaLID
MIDSLIC
MJEDLIC
MJD7LID
MJE,LHC
KHC!LID
QNI}QNI
NKFmPMH
PLG\PMH
QMHPPLG
PMGCPLG
DA=lDA=
QMH3LID
@>9|B?;%
JGB"DA<
=:6t><8'
<95R;95P<95
TTTOZZZ
cccf{{{
NML.(&"q+($
LIDzEC?
MJEjHEB
NJFZMJF
OLGLPMH
PLG?ROJ
PMH3OLG
OLG)QNH
PLGQMH
@>9DB?;
=:6z;85
<959=:6
DDD*GGG
XXX>www
yyy?rrr
)'#5,*&C
LICsNJE
LIDcNKE
MIDSJGC
LIDEIGD
MJE9MKG
OLG.QNJ
PLG#QOK
?<8S?<8
:73(862
JGB@NJE
FC>3NKF
EB=(PMI
>;7`/-*
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" >
<asmv3:application>
<asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">
<dpiAware>true</dpiAware>
</asmv3:windowsSettings>
</asmv3:application>
<dependency>
<dependentAssembly>
<assemblyIdentity
type="win32"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
processorArchitecture="*"
publicKeyToken="6595b64144ccf1df"
language="*"
/>
</dependentAssembly>
</dependency>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel
level="requireAdministrator"
uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<!-- If you don't have those in your app, Windows 10's GetVersionEx() -->
<!-- DELIBERATELY reports the WRONG version... which brings us to -->
<!-- tonight's spelling bee: "How do you spell 'spineless morons'?" -->
<!-- The answer: "M-I-C-R-O-S-O-F-T; 'spineless morons'!" -->
<application>
<!-- Windows 10 -->
<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/>
<!-- Windows 8.1 -->
<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>
<!-- Windows 8 -->
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
<!-- Windows 7 -->
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
<!-- Windows Vista -->
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
</application>
</compatibility>
</assembly>
ADVAPI32.dll
COMCTL32.DLL
COMDLG32.DLL
CRYPT32.dll
GDI32.dll
KERNEL32.DLL
msvcrt.dll
ole32.dll
SETUPAPI.dll
SHELL32.dll
SHLWAPI.dll
USER32.dll
WINTRUST.dll
FreeSid
ImageList_Create
GetOpenFileNameW
CryptMsgClose
LineTo
ExitProcess
GetProcAddress
LoadLibraryA
VirtualProtect
CoCreateGuid
CM_Get_Child
ShellExecuteA
PathFileExistsA
WinVerifyTrustEx
Greater Manchester1
Salford1
COMODO CA Limited1#0!
COMODO RSA Code Signing CA0
180316000000Z
220316235959Z0
F92 D6671
Co. Donegal1
Milford1
24 Grey Rock1
Akeo Consulting1
Akeo Consulting0
gz]5(}
https://secure.comodo.net/CPS0C
2http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
2http://crt.comodoca.com/COMODORSACodeSigningCA.crt0$
http://ocsp.comodoca.com0
support@akeo.ie0
G+ZK^X
Greater Manchester1
Salford1
COMODO CA Limited1+0)
"COMODO RSA Certification Authority0
130509000000Z
280508235959Z0}1
Greater Manchester1
Salford1
COMODO CA Limited1#0!
COMODO RSA Code Signing CA0
;http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
/http://crt.comodoca.com/COMODORSAAddTrustCA.crt0$
http://ocsp.comodoca.com0
SN20s
Greater Manchester1
Salford1
COMODO CA Limited1#0!
COMODO RSA Code Signing CA
20180917111108Z0
Symantec Corporation10
Symantec Trust Network110/
(Symantec SHA256 TimeStamping Signer - G3
VeriSign, Inc.10
VeriSign Trust Network1:08
1(c) 2008 VeriSign, Inc. - For authorized use only1806
/VeriSign Universal Root Certification Authority0
160112000000Z
310111235959Z0w1
Symantec Corporation10
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA0
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0.
http://s.symcd.com06
%http://s.symcb.com/universal-root.crl0
TimeStamp-2048-30
Symantec Corporation10
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA0
171223000000Z
290322235959Z0
Symantec Corporation10
Symantec Trust Network110/
(Symantec SHA256 TimeStamping Signer - G30
?'J3Nm
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0@
/http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
http://ts-ocsp.ws.symantec.com0;
/http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
TimeStamp-2048-60
U){9FN
Symantec Corporation10
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA
180917111108Z0/
/1(0&0$0"
VS_VERSION_INFO
StringFileInfo
000004b0
Comments
https://akeo.ie
CompanyName
Akeo Consulting
FileDescription
FileVersion
3.3.1400
InternalName
LegalCopyright
2011-2018 Pete Batard (GPL v3)
LegalTrademarks
https://www.gnu.org/copyleft/gpl.html
OriginalFilename
rufus-3.3.exe
ProductName
ProductVersion
3.3.1400
VarFileInfo
Translation
Antivirus Signature
Bkav Clean
MicroWorld-eScan Clean
CMC Clean
CAT-QuickHeal Clean
ALYac Clean
Cylance Unsafe
AegisLab Clean
TheHacker Clean
BitDefender Clean
K7GW Clean
K7AntiVirus Clean
Invincea Clean
Baidu Clean
Babable Clean
F-Prot Clean
Symantec Clean
TotalDefense Clean
TrendMicro-HouseCall Clean
Avast Clean
ClamAV Clean
Kaspersky Clean
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Tencent Clean
Ad-Aware Clean
Trustlook Clean
Sophos Clean
Comodo Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition Clean
Fortinet Clean
Trapmine Clean
Emsisoft Clean
Ikarus Clean
Cyren Clean
Jiangmin Clean
Webroot Clean
Avira Clean
MAX Clean
Antiy-AVL Clean
Kingsoft Clean
Endgame Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm Clean
Avast-Mobile Clean
Microsoft Clean
AhnLab-V3 Clean
Acronis Clean
McAfee Clean
TACHYON Clean
VBA32 Clean
Malwarebytes Clean
Panda Clean
Zoner Clean
ESET-NOD32 Clean
Rising Clean
Yandex Trojan.Bsymem!
SentinelOne Clean
eGambit Clean
GData Clean
AVG Clean
Cybereason Clean
Paloalto Clean
CrowdStrike Clean
Qihoo-360 Clean

Process Tree


Rufus.3.3.1400.Portable.exe, PID: 196, Parent PID: 1588

default registry file network process services synchronisation iexplore office pdf

Deprecation note: While processing this analysis you did not have the httpreplay Python library installed. Installing this library (i.e., pip install httpreplay) will allow Cuckoo to do more proper PCAP analysis including but not limited to showing full HTTP and HTTPS (!) requests and responses. It is recommended that you install this library and possibly reprocess any interesting analysis tasks.

Hosts

No hosts contacted.

DNS

No domains contacted.

TCP

No TCP connections recorded.

UDP

No UDP connections recorded.

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.
Task ID 618
Mongo ID 5c36112211d3080d16cdc26d
Cuckoo release 2.0-dev