File unicc-1.3.1.exe

Size 2.2MB Resubmit sample
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 6de2d797b063c9f723f6abacd2a51063
SHA1 b9a71f7887f22bcc95df6649009443fb84dd8f37
SHA256 4f07b1864796312439c21126246dada29abffe4bfd9361a9b3fa99b5250b204a
SHA512
bd863847465f7c6b9d4619a97acb8c7aa555096333ae15a5cd4817f3628ccf6e922c764261e218ee410048a7ec4bdb3753d1c21ce98a3b23a78520d8d1ebffa0
CRC32 AB34DD6D
ssdeep 49152:z75HUNkS7PkPo6nlHN62aTNdIXu6/uQSrFFrGxyzTtQLI8pH+sm8Y3:X5/S7PkQExN620MuLrFBzOGX3
Yara
  • IsPE32 -
  • IsWindowsGUI -
  • IsPacked - Entropy Check
  • HasOverlay - Overlay Check
  • borland_delphi - Borland Delphi 2.0 - 7.0 / 2005 - 2007
  • PEiD_00340_Borland_Delphi_v2_0_ - [Borland Delphi v2.0]
  • PEiD_00920_Inno_Setup_Module_ - [Inno Setup Module]
  • PEiD_01091_Microsoft_Visual_C___8_ - [Microsoft Visual C++ 8]
  • PEiD_01686_Petite_v2_2____www_un4seen_com_petite_ - [Petite v2.2 -> www.un4seen.com/petite]
  • PEiD_01693_pex_V0_99____params_ - [pex V0.99 -> params]
  • PEiD_02152_StarForce_V3_X_DLL____StarForce_Copy_Protection_System_ - [StarForce V3.X DLL -> StarForce Copy Protection System]
  • PEiD_02161_Stranik_1_3_Modula_C_Pascal_ - [Stranik 1.3 Modula/C/Pascal]
  • Contains_PE_File - Detect a PE file inside a byte sequence
  • disable_dep - Bypass DEP
  • escalate_priv - Escalade priviledges
  • win_registry - Affect system registries
  • win_token - Affect system token
  • win_files_operation - Affect private profile
  • contentis_base64 - This rule finds for base64 strings
  • Borland_Delphi_40_additional -
  • Microsoft_Visual_Cpp_v50v60_MFC -
  • Borland_Delphi_30_additional -
  • Borland_Delphi_30_ -
  • Borland_Delphi_Setup_Module -
  • Borland_Delphi_40 -
  • Borland_Delphi_v40_v50 -
  • Borland_Delphi_v30 -
  • Borland_Delphi_DLL -
  • CRC32_poly_Constant - Look for CRC32 [poly]
  • Delphi_Copy - Look for Copy function
  • maldoc_function_prolog_signature -
  • maldoc_suspicious_strings -

Score

This file shows some signs of potential malicious behavior.

The score of this file is 1.0 out of 10.

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Information on Execution

Category Started Completed Duration Logs
FILE Jan. 9, 2019, 11:08 a.m. Jan. 9, 2019, 11:12 a.m. 252 seconds

Machine

Name Label Started On Shutdown On
winxpsp3pro32 winxpsp3pro32 2019-01-09 11:08:12 2019-01-09 11:12:22

Analyzer Log

2019-01-09 03:11:58,015 [analyzer] DEBUG: Starting analyzer from: C:\dgfzuuzrv
2019-01-09 03:11:58,015 [analyzer] DEBUG: Pipe server name: \\.\PIPE\jcSUtPGoLbTlTawkHv
2019-01-09 03:11:58,015 [analyzer] DEBUG: Log pipe server name: \\.\PIPE\vQpHSHfDKzeBgnxncuaNmg
2019-01-09 03:11:58,015 [analyzer] DEBUG: No analysis package specified, trying to detect it automagically.
2019-01-09 03:11:58,015 [analyzer] INFO: Automatically selected analysis package "exe"
2019-01-09 03:11:59,592 [analyzer] DEBUG: Started auxiliary module Disguise
2019-01-09 03:11:59,765 [analyzer] WARNING: Unable to find the correct offsets for functions of: 32-bit kernel32.dll (with timestamp 0x4802a12c)
2019-01-09 03:11:59,765 [analyzer] WARNING: Unable to find the correct offsets for functions of: 32-bit kernel32.dll (with timestamp 0x4802a12c)
2019-01-09 03:11:59,828 [analyzer] DEBUG: Loaded monitor into process with pid 692
2019-01-09 03:11:59,828 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2019-01-09 03:11:59,828 [analyzer] DEBUG: Started auxiliary module Human
2019-01-09 03:11:59,828 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2019-01-09 03:11:59,828 [analyzer] DEBUG: Started auxiliary module Reboot
2019-01-09 03:12:00,092 [analyzer] DEBUG: Started auxiliary module RecentFiles
2019-01-09 03:12:00,092 [analyzer] DEBUG: Started auxiliary module Screenshots
2019-01-09 03:12:00,203 [lib.api.process] INFO: Successfully executed process from path u'C:\\DOCUME~1\\zamen\\LOCALS~1\\Temp\\unicc-1.3.1.exe' with arguments '' and pid 1440
2019-01-09 03:12:00,296 [analyzer] WARNING: Unable to find the correct offsets for functions of: 32-bit kernel32.dll (with timestamp 0x4802a12c)
2019-01-09 03:12:00,296 [analyzer] WARNING: Unable to find the correct offsets for functions of: 32-bit kernel32.dll (with timestamp 0x4802a12c)
2019-01-09 03:12:00,405 [analyzer] DEBUG: Loaded monitor into process with pid 1440
2019-01-09 03:12:00,453 [analyzer] DEBUG: Received request to inject pid=1440, but we are already injected there.
2019-01-09 03:12:00,530 [analyzer] INFO: Added new file to list with pid 1440 and path C:\Documents and Settings\zamen\Local Settings\Temp\is-5QLNU.tmp\unicc-1.3.1.tmp
2019-01-09 03:12:00,608 [analyzer] INFO: Injected into process with pid 404 and name u'unicc-1.3.1.tmp'
2019-01-09 03:12:00,703 [analyzer] WARNING: Unable to find the correct offsets for functions of: 32-bit kernel32.dll (with timestamp 0x4802a12c)
2019-01-09 03:12:00,703 [analyzer] WARNING: Unable to find the correct offsets for functions of: 32-bit kernel32.dll (with timestamp 0x4802a12c)
2019-01-09 03:12:00,796 [analyzer] DEBUG: Loaded monitor into process with pid 404
2019-01-09 03:12:00,828 [analyzer] DEBUG: Received request to inject pid=404, but we are already injected there.
2019-01-09 03:12:02,046 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:12:03,046 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:12:04,046 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:12:05,046 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:12:06,046 [modules.auxiliary.human] INFO: Found button "&Next >", clicking it
2019-01-09 03:12:08,187 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:12:09,187 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:12:10,187 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:12:11,187 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:12:12,187 [modules.auxiliary.human] INFO: Found button "&Next >", clicking it
2019-01-09 03:12:14,250 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:12:15,250 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:12:16,250 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:12:17,250 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:12:18,250 [modules.auxiliary.human] INFO: Found button "&Next >", clicking it
2019-01-09 03:12:20,312 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:12:21,312 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:12:22,312 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:12:23,312 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:12:24,312 [modules.auxiliary.human] INFO: Found button "&Next >", clicking it
2019-01-09 03:12:26,421 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:12:27,437 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:12:28,437 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:12:29,437 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:12:30,437 [modules.auxiliary.human] INFO: Found button "&Next >", clicking it
2019-01-09 03:12:32,500 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:12:33,500 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:12:34,500 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:12:35,500 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:12:36,500 [modules.auxiliary.human] INFO: Found button "&Next >", clicking it
2019-01-09 03:12:38,562 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:12:39,562 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:12:40,562 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:12:41,562 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:12:42,562 [modules.auxiliary.human] INFO: Found button "&Next >", clicking it
2019-01-09 03:12:44,640 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:12:45,671 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:12:46,671 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:12:47,671 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:12:48,671 [modules.auxiliary.human] INFO: Found button "&Next >", clicking it
2019-01-09 03:12:50,733 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:12:51,733 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:12:52,733 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:12:53,733 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:12:54,733 [modules.auxiliary.human] INFO: Found button "&Next >", clicking it
2019-01-09 03:12:56,796 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:12:57,796 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:12:58,796 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:12:59,796 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:13:00,796 [modules.auxiliary.human] INFO: Found button "&Next >", clicking it
2019-01-09 03:13:02,858 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:13:03,858 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:13:04,858 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:13:05,875 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:13:06,875 [modules.auxiliary.human] INFO: Found button "&Next >", clicking it
2019-01-09 03:13:08,937 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:13:09,937 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:13:10,937 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:13:11,937 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:13:12,937 [modules.auxiliary.human] INFO: Found button "&Next >", clicking it
2019-01-09 03:13:15,000 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:13:16,000 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:13:17,000 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:13:18,000 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:13:19,000 [modules.auxiliary.human] INFO: Found button "&Next >", clicking it
2019-01-09 03:13:21,062 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:13:22,062 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:13:23,062 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:13:24,062 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:13:25,062 [modules.auxiliary.human] INFO: Found button "&Next >", clicking it
2019-01-09 03:13:27,125 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:13:28,125 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:13:29,125 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:13:30,125 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:13:31,125 [modules.auxiliary.human] INFO: Found button "&Next >", clicking it
2019-01-09 03:13:33,187 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:13:34,187 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:13:35,187 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:13:36,187 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:13:37,187 [modules.auxiliary.human] INFO: Found button "&Next >", clicking it
2019-01-09 03:13:39,265 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:13:40,265 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:13:41,265 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:13:42,265 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:13:43,265 [modules.auxiliary.human] INFO: Found button "&Next >", clicking it
2019-01-09 03:13:45,328 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:13:46,328 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:13:47,328 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:13:48,328 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:13:49,328 [modules.auxiliary.human] INFO: Found button "&Next >", clicking it
2019-01-09 03:13:51,390 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:13:52,390 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:13:53,390 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:13:54,390 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:13:55,390 [modules.auxiliary.human] INFO: Found button "&Next >", clicking it
2019-01-09 03:13:57,453 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:13:58,453 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:13:59,453 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:14:00,453 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:14:01,453 [modules.auxiliary.human] INFO: Found button "&Next >", clicking it
2019-01-09 03:14:03,515 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:14:04,515 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:14:05,515 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:14:06,515 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:14:07,515 [modules.auxiliary.human] INFO: Found button "&Next >", clicking it
2019-01-09 03:14:09,578 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:14:10,578 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:14:11,578 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:14:12,578 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:14:13,578 [modules.auxiliary.human] INFO: Found button "&Next >", clicking it
2019-01-09 03:14:15,640 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:14:16,640 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:14:17,640 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:14:18,640 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:14:19,640 [modules.auxiliary.human] INFO: Found button "&Next >", clicking it
2019-01-09 03:14:21,717 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:14:22,717 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:14:23,717 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:14:24,717 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:14:25,717 [modules.auxiliary.human] INFO: Found button "&Next >", clicking it
2019-01-09 03:14:27,780 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:14:28,780 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:14:29,780 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:14:30,780 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:14:31,780 [modules.auxiliary.human] INFO: Found button "&Next >", clicking it
2019-01-09 03:14:33,842 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:14:34,842 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:14:35,842 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:14:36,842 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:14:37,842 [modules.auxiliary.human] INFO: Found button "&Next >", clicking it
2019-01-09 03:14:39,905 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:14:40,905 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:14:41,905 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:14:42,905 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:14:43,905 [modules.auxiliary.human] INFO: Found button "&Next >", clicking it
2019-01-09 03:14:45,983 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:14:46,983 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:14:47,983 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:14:48,983 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:14:49,983 [modules.auxiliary.human] INFO: Found button "&Next >", clicking it
2019-01-09 03:14:52,046 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:14:53,046 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:14:54,046 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:14:55,046 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:14:56,046 [modules.auxiliary.human] INFO: Found button "&Next >", clicking it
2019-01-09 03:14:58,108 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:14:59,108 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:15:00,108 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:15:01,108 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:15:02,108 [modules.auxiliary.human] INFO: Found button "&Next >", clicking it
2019-01-09 03:15:04,171 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:15:05,171 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:15:06,171 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:15:07,171 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:15:08,171 [modules.auxiliary.human] INFO: Found button "&Next >", clicking it
2019-01-09 03:15:10,265 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:15:11,265 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:15:12,280 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:15:13,312 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:15:14,312 [modules.auxiliary.human] INFO: Found button "&Next >", clicking it
2019-01-09 03:15:16,375 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:15:17,375 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:15:18,375 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:15:19,375 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:15:20,375 [modules.auxiliary.human] INFO: Found button "&Next >", clicking it
2019-01-09 03:15:22,437 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:15:23,437 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:15:24,437 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:15:25,437 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:15:26,437 [modules.auxiliary.human] INFO: Found button "&Next >", clicking it
2019-01-09 03:15:28,500 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:15:29,500 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:15:30,500 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:15:31,500 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:15:32,500 [modules.auxiliary.human] INFO: Found button "&Next >", clicking it
2019-01-09 03:15:34,562 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:15:35,562 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:15:36,562 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:15:37,562 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:15:38,562 [modules.auxiliary.human] INFO: Found button "&Next >", clicking it
2019-01-09 03:15:40,625 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:15:41,625 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:15:42,625 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:15:43,625 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:15:44,625 [modules.auxiliary.human] INFO: Found button "&Next >", clicking it
2019-01-09 03:15:46,687 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:15:47,687 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:15:48,687 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:15:49,687 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:15:50,687 [modules.auxiliary.human] INFO: Found button "&Next >", clicking it
2019-01-09 03:15:52,750 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:15:53,750 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:15:54,750 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:15:55,750 [modules.auxiliary.human] INFO: Found button "I &do not accept the agreement", clicking it
2019-01-09 03:15:56,750 [modules.auxiliary.human] INFO: Found button "&Next >", clicking it
2019-01-09 03:15:58,812 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it
2019-01-09 03:15:59,421 [analyzer] INFO: Analysis timeout hit, terminating analysis.
2019-01-09 03:15:59,421 [analyzer] INFO: Terminating remaining processes before shutdown.
2019-01-09 03:15:59,421 [lib.api.process] INFO: Successfully terminated process with pid 1440.
2019-01-09 03:15:59,421 [lib.api.process] INFO: Successfully terminated process with pid 404.
2019-01-09 03:15:59,453 [analyzer] INFO: Analysis completed.
2019-01-09 03:15:59,812 [modules.auxiliary.human] INFO: Found button "I &accept the agreement", clicking it

Cuckoo Log

2019-01-09 11:08:12,273 [lib.cuckoo.core.scheduler] INFO: Task #632: acquired machine winxpsp3pro32 (label=winxpsp3pro32)
2019-01-09 11:08:12,585 [modules.auxiliary.sniffer] INFO: Started sniffer with PID 8594 (interface=eth2, host=192.168.128.102, pcap=/opt/cuckoo/storage/analyses/632/dump.pcap)
2019-01-09 11:08:15,476 [lib.cuckoo.core.guest] INFO: Starting analysis on guest (id=winxpsp3pro32, ip=192.168.128.102)
2019-01-09 11:12:21,702 [lib.cuckoo.core.guest] INFO: winxpsp3pro32: analysis completed successfully
2019-01-09 11:16:50,144 [lib.cuckoo.core.plugins] WARNING: The processing module "Suricata" returned the following error: Unable to locate Suricata binary
2019-01-09 11:16:55,991 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f9b50de0a90>: Failed to establish a new connection: [Errno 111] Connection refused
2019-01-09 11:16:55,992 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f9b50de02d0>: Failed to establish a new connection: [Errno 111] Connection refused
2019-01-09 11:16:55,993 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f9b50de0f50>: Failed to establish a new connection: [Errno 111] Connection refused
2019-01-09 11:16:55,994 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f9b50de0c10>: Failed to establish a new connection: [Errno 111] Connection refused
2019-01-09 11:16:55,994 [lib.cuckoo.core.plugins] ERROR: Failed to run the reporting module "ElasticSearch":
Traceback (most recent call last):
  File "/opt/cuckoo/lib/cuckoo/core/plugins.py", line 533, in process
    current.run(self.results)
  File "/opt/cuckoo/modules/reporting/elasticsearch.py", line 196, in run
    self.connect()
  File "/opt/cuckoo/modules/reporting/elasticsearch.py", line 79, in connect
    if not self.es.indices.exists_template("cuckoo_template"):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/client/utils.py", line 69, in _wrapped
    return func(*args, params=params, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/client/indices.py", line 491, in exists_template
    name), params=params)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/transport.py", line 327, in perform_request
    status, headers, data = connection.perform_request(method, url, params, body, ignore=ignore, timeout=timeout)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 105, in perform_request
    raise ConnectionError('N/A', str(e), e)
ConnectionError: ConnectionError(<urllib3.connection.HTTPConnection object at 0x7f9b50de0c10>: Failed to establish a new connection: [Errno 111] Connection refused) caused by: NewConnectionError(<urllib3.connection.HTTPConnection object at 0x7f9b50de0c10>: Failed to establish a new connection: [Errno 111] Connection refused)

Signatures

The executable has PE anomalies (could be a false positive) (3 events)
section CODE
section DATA
section BSS
Allocates read-write-execute memory (usually to unpack itself) (4 events)
Time & API Arguments Status Return Repeated
Jan. 9, 2019, 12:12 a.m.
NtProtectVirtualMemory
base_address: 0x00400000
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_identifier: 1440
process_handle: 0xffffffff
success 0 0
Jan. 9, 2019, 12:12 a.m.
NtProtectVirtualMemory
base_address: 0x00401000
length: 45056
protection: 64 (PAGE_EXECUTE_READWRITE)
process_identifier: 1440
process_handle: 0xffffffff
success 0 0
Jan. 9, 2019, 12:12 a.m.
NtProtectVirtualMemory
base_address: 0x00410000
length: 20480
protection: 64 (PAGE_EXECUTE_READWRITE)
process_identifier: 1440
process_handle: 0xffffffff
success 0 0
Jan. 9, 2019, 12:12 a.m.
NtAllocateVirtualMemory
process_identifier: 404
region_size: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00b90000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
success 0 0
File has been identified by 2 AntiVirus engines on VirusTotal as malicious (2 events)
McAfee Artemis!6DE2D797B063
McAfee-GW-Edition BehavesLike.Win32.AdwareFileTour.vc

Network

DNS

No domains contacted.

Hosts

No hosts contacted.

Summary

Process unicc-1.3.1.exe (1440)

  • Opened files

    • C:\WINDOWS\system32\oleaccrc.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\unicc-1.3.1.exe
    • C:\WINDOWS\system32\netmsg.dll
  • Written files

    • C:\Documents and Settings\zamen\Local Settings\Temp\is-5QLNU.tmp\unicc-1.3.1.tmp
  • Files Read

    • C:\Documents and Settings\zamen\Local Settings\Temp\unicc-1.3.1.exe

Process unicc-1.3.1.tmp (404)

  • Opened files

    • C:\WINDOWS\system32\oleaccrc.dll
    • C:\WINDOWS\system32\shell32.dll
    • C:\WINDOWS\win.ini
    • C:\Documents and Settings\zamen\Start Menu\desktop.ini
    • C:\WINDOWS\system32\netmsg.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\unicc-1.3.1.exe
    • C:\Documents and Settings\zamen\Start Menu\Programs\desktop.ini
  • Files Read

    • C:\WINDOWS\win.ini
    • C:\Documents and Settings\zamen\Start Menu\desktop.ini
    • C:\Documents and Settings\zamen\Local Settings\Temp\unicc-1.3.1.exe
    • C:\WINDOWS\system32\shell32.dll
    • C:\Documents and Settings\zamen\Start Menu\Programs\desktop.ini

Process unicc-1.3.1.exe (1440)

  • Registry keys opened

    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\winlogon
    • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ProductOptions
    • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\SystemShared\
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\AppLogLevels
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\unicc-1.3.1.exe
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Setup
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MiniNT
    • HKEY_LOCAL_MACHINE\SYSTEM\Setup
    • HKEY_CURRENT_USER\Keyboard Layout\Toggle
    • HKEY_LOCAL_MACHINE\Software\Microsoft\COM3\Debug
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
    • HKEY_CURRENT_USER\Control Panel\Desktop
    • HKEY_LOCAL_MACHINE\System\Setup
    • HKEY_LOCAL_MACHINE\System\WPA\PnP
  • Registry keys read

    • HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\SourcePath
    • HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DevicePath
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Domain
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\DriverCachePath
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\RsopDebugLevel
    • HKEY_LOCAL_MACHINE\SYSTEM\Setup\OsLoaderPath
    • HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
    • HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemPartition
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\LogPath
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserEnvDebugLevel
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\MinimumFreeMemPercentageToCreateProcess
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ServicePackSourcePath
    • HKEY_LOCAL_MACHINE\SYSTEM\WPA\PnP\seed
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ServicePackCachePath
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\RsopLogging
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\LogLevel
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\EnableAnchorContext
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Hostname
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Personal
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ActiveComputerName\ComputerName
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ProductOptions\ProductType
    • HKEY_CURRENT_USER\Control Panel\Desktop\LameButtonText
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\MinimumFreeMemPercentageToCreateObject
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\SystemShared\CUAS
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local Settings
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ChkAccDebugLevel
    • HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager\Compositing

Process unicc-1.3.1.tmp (404)

  • Registry keys opened

    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
    • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ProductOptions
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d396530e-636a-11e6-ba0d-806d6172696f}\
    • HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\LangBarAddIn\
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\AppLogLevels
    • HKEY_CLASSES_ROOT\Directory
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d396530e-636a-11e6-ba0d-806d6172696f}\
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\ShellEx\IconHandler
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MiniNT
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{03C9B79B-502F-4BCE-BDC7-62993EB39F8E}_is1
    • HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}
    • HKEY_CURRENT_USER\Control Panel\Desktop
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\LangBarAddIn\
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
    • HKEY_LOCAL_MACHINE\Software\Microsoft\windows\CurrentVersion\Explorer\AutoComplete
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
    • HKEY_CLASSES_ROOT\Folder
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    • HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\CurVer
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\Clsid
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d396530a-636a-11e6-ba0d-806d6172696f}\
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
    • HKEY_CLASSES_ROOT\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InProcServer32
    • HKEY_LOCAL_MACHINE\System\Setup
    • HKEY_LOCAL_MACHINE\System\WPA\PnP
    • HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\winlogon
    • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System
    • HKEY_LOCAL_MACHINE\Software\Microsoft\COM3\Debug
    • HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    • HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Explorer\AutoComplete
    • HKEY_CLASSES_ROOT\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InProcServer32
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\(Default)
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d396530d-636a-11e6-ba0d-806d6172696f}\
    • HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\unicc-1.3.1.tmp
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\Clsid
    • HKEY_CURRENT_USER\Keyboard Layout\Toggle
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\unicc-1.3.1.tmp
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d396530a-636a-11e6-ba0d-806d6172696f}\
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d396530b-636a-11e6-ba0d-806d6172696f}\
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d396530d-636a-11e6-ba0d-806d6172696f}\
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
    • HKEY_LOCAL_MACHINE\SYSTEM\Setup
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\SystemShared\
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d396530b-636a-11e6-ba0d-806d6172696f}\
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{03C9B79B-502F-4BCE-BDC7-62993EB39F8E}_is1
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\(Default)
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Setup
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete
  • Registry keys written

    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d396530e-636a-11e6-ba0d-806d6172696f}\BaseClass
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d396530d-636a-11e6-ba0d-806d6172696f}\BaseClass
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d396530a-636a-11e6-ba0d-806d6172696f}\BaseClass
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d396530b-636a-11e6-ba0d-806d6172696f}\BaseClass
  • Registry keys read

    • HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d396530d-636a-11e6-ba0d-806d6172696f}\Data
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Times New Roman CYR,204
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewAlphaSelect
    • HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Times New Roman CE,238
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetCrawling
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\UseDesktopIniCache
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\NoNetCrawling
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Arial Greek,161
    • HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
    • HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\ScrollDelay
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DontShowSuperHidden
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Filter
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Times New Roman TUR,162
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\SourcePath
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ServicePackSourcePath
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewWatermark
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\RsopLogging
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowInfoTip
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\EnableAnchorContext
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Hostname
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Tahoma
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Courier New Greek,161
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ProductOptions\ProductType
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Arial Baltic,186
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Courier New CE,238
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager\Compositing
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Times New Roman Baltic,186
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d396530a-636a-11e6-ba0d-806d6172696f}\Data
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d396530b-636a-11e6-ba0d-806d6172696f}\Generation
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceActiveDesktopOn
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\AlwaysShowExt
    • HKEY_LOCAL_MACHINE\SYSTEM\Setup\OsLoaderPath
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Tms Rmn
    • HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\ScrollInset
    • HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Courier New CYR,204
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d396530e-636a-11e6-ba0d-806d6172696f}\Data
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSimpleStartMenu
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InProcServer32\(Default)
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Shell Dlg
    • HKEY_LOCAL_MACHINE\SYSTEM\WPA\PnP\seed
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\LogLevel
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktop
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SeparateProcess
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\BrowseInPlace
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\SeparateProcess
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\SystemShared\CUAS
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Arial CYR,204
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewScrollOver
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\DontPrettyPath
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DevicePath
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\WebView
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32\(Default)
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Arial TUR,162
    • HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\ScrollInterval
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOrganization
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOwner
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowCompColor
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ClassicShell
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\LogPath
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Shell Dlg 2
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\MinimumFreeMemPercentageToCreateProcess
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\MapNetDrvBtn
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\IsShortcut
    • HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragMinDist
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Times New Roman Greek,161
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Personal
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d396530d-636a-11e6-ba0d-806d6172696f}\Generation
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d396530e-636a-11e6-ba0d-806d6172696f}\Generation
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebView
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\UseDoubleClickTimer
    • HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragDelay
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local Settings
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ChkAccDebugLevel
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserEnvDebugLevel
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Courier New TUR,162
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Arial CE,238
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewScrollOver
    • HKEY_CURRENT_USER\Control Panel\Desktop\LameButtonText
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\DriverCachePath
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Times
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\RsopDebugLevel
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\NeverShowExt
    • HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemPartition
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}\DriveMask
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetHood
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InProcServer32\(Default)
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\DocObject
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ServicePackCachePath
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d396530a-636a-11e6-ba0d-806d6172696f}\Generation
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Helvetica
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Helv
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ActiveComputerName\ComputerName
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Courier New Baltic,186
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d396530b-636a-11e6-ba0d-806d6172696f}\Data
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewShadow
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Domain
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\MinimumFreeMemPercentageToCreateObject

Process unicc-1.3.1.exe (1440)

  • Mutexes accessed

    • oleacc-msaa-loaded
    • CTF.Compart.MutexDefaultS-1-5-21-1960408961-1085031214-725345543-1003
    • CTF.LBES.MutexDefaultS-1-5-21-1960408961-1085031214-725345543-1003
    • CTF.TMD.MutexDefaultS-1-5-21-1960408961-1085031214-725345543-1003
    • CTF.TimListCache.FMPDefaultS-1-5-21-1960408961-1085031214-725345543-1003MUTEX.DefaultS-1-5-21-1960408961-1085031214-725345543-1003
    • CTF.Layouts.MutexDefaultS-1-5-21-1960408961-1085031214-725345543-1003
    • CTF.Asm.MutexDefaultS-1-5-21-1960408961-1085031214-725345543-1003

Process unicc-1.3.1.tmp (404)

  • Mutexes accessed

    • oleacc-msaa-loaded
    • CTF.Compart.MutexDefaultS-1-5-21-1960408961-1085031214-725345543-1003
    • CTF.LBES.MutexDefaultS-1-5-21-1960408961-1085031214-725345543-1003
    • CTF.TMD.MutexDefaultS-1-5-21-1960408961-1085031214-725345543-1003
    • CTF.TimListCache.FMPDefaultS-1-5-21-1960408961-1085031214-725345543-1003MUTEX.DefaultS-1-5-21-1960408961-1085031214-725345543-1003
    • CTF.Layouts.MutexDefaultS-1-5-21-1960408961-1085031214-725345543-1003
    • CTF.Asm.MutexDefaultS-1-5-21-1960408961-1085031214-725345543-1003
    • MSCTF.Shared.MUTEX.EFG

Process unicc-1.3.1.exe (1440)

  • Directories created

    • C:\Documents and Settings\zamen\Local Settings\Temp\is-5QLNU.tmp

Process unicc-1.3.1.tmp (404)

  • Directories created

    • C:\Documents and Settings\zamen\Local Settings\Temp\is-TKULV.tmp\_isetup
    • C:\Documents and Settings\zamen\Local Settings\Temp\is-TKULV.tmp
  • Directories enumerated

    • C:\Documents and Settings
    • C:\Documents and Settings\zamen\Start Menu
    • C:\Documents and Settings\zamen
    • C:\Documents and Settings\zamen\Local Settings\Temp\is-5QLNU.tmp\unicc-1.3.1.tmp
    • C:\Documents and Settings\zamen\Start Menu\Programs

Process unicc-1.3.1.exe (1440)

  • Processes created

    • "C:\DOCUME~1\zamen\LOCALS~1\Temp\is-5QLNU.tmp\unicc-1.3.1.tmp" /SL5="$200C8,2004280,57856,C:\Documents and Settings\zamen\Local Settings\Temp\unicc-1.3.1.exe"
  • DLLs Loaded

    • C:\WINDOWS\system32\cryptbase.dll
    • C:\WINDOWS\system32\apphelp.dll
    • C:\WINDOWS\system32\userenv.dll
    • C:\WINDOWS\system32\dwmapi.dll
    • C:\WINDOWS\system32\clbcatq.dll
    • C:\WINDOWS\system32\propsys.dll
    • uxtheme.dll
    • C:\WINDOWS\system32\profapi.dll
    • C:\WINDOWS\system32\setupapi.dll
    • UxTheme.dll
    • C:\WINDOWS\system32\shell32.dll
    • C:\WINDOWS\system32\version.dll
    • C:\WINDOWS\system32\oleacc.dll
    • C:\WINDOWS\system32\comres.dll
    • C:\WINDOWS\system32\MSCTF.dll
    • comctl32.dll
    • C:\WINDOWS\system32\uxtheme.dll

Process unicc-1.3.1.tmp (404)

  • DLLs Loaded

    • C:\WINDOWS\system32\cryptbase.dll
    • C:\WINDOWS\system32\dwmapi.dll
    • C:\WINDOWS\system32\oleacc.dll
    • C:\WINDOWS\system32\shlwapi.dll
    • C:\WINDOWS\system32\profapi.dll
    • C:\WINDOWS\system32\comres.dll
    • UxTheme.dll
    • C:\WINDOWS\system32\version.dll
    • C:\WINDOWS\system32\shfolder.dll
    • C:\WINDOWS\system32\SHELL32.dll
    • C:\WINDOWS\system32\userenv.dll
    • C:\WINDOWS\system32\shell32.dll
    • C:\WINDOWS\system32\browseui.dll
    • ole32.dll
    • C:\WINDOWS\system32\clbcatq.dll
    • C:\WINDOWS\system32\setupapi.dll
    • SHELL32.dll
    • C:\WINDOWS\system32\uxtheme.dll
    • C:\WINDOWS\system32\apphelp.dll
    • C:\WINDOWS\system32\RICHED20.DLL
    • C:\WINDOWS\system32\propsys.dll
    • C:\WINDOWS\system32\MSCTF.dll
    • shell32.dll
    • SETUPAPI.dll

PE Compile Time

1992-06-19 18:22:17

Version Infos

LegalCopyright
FileVersion
CompanyName Phorward Software Technologies
Comments This installation was built with Inno Setup.
ProductName UniCC Parser Generator
ProductVersion 1.3.1
FileDescription UniCC Parser Generator Setup
Translation 0x0000 0x04b0

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
CODE 0x00001000 0x0000a1d0 0x0000a200 6.64374902859
DATA 0x0000c000 0x00000250 0x00000400 2.74012451302
BSS 0x0000d000 0x00000e94 0x00000000 0.0
.idata 0x0000e000 0x0000097c 0x00000a00 4.48607624623
.tls 0x0000f000 0x00000008 0x00000000 0.0
.rdata 0x00010000 0x00000018 0x00000200 0.190488766435
.reloc 0x00011000 0x0000091c 0x00000000 0.0
.rsrc 0x00012000 0x00002c00 0x00002c00 4.58993696474

Imports

Library kernel32.dll:
0x40e0c4 VirtualFree
0x40e0c8 VirtualAlloc
0x40e0cc LocalFree
0x40e0d0 LocalAlloc
0x40e0d4 WideCharToMultiByte
0x40e0d8 TlsSetValue
0x40e0dc TlsGetValue
0x40e0e0 MultiByteToWideChar
0x40e0e4 GetModuleHandleA
0x40e0e8 GetLastError
0x40e0ec GetCommandLineA
0x40e0f0 WriteFile
0x40e0f4 SetFilePointer
0x40e0f8 SetEndOfFile
0x40e0fc RtlUnwind
0x40e100 ReadFile
0x40e104 RaiseException
0x40e108 GetStdHandle
0x40e10c GetFileSize
0x40e110 GetSystemTime
0x40e114 GetFileType
0x40e118 ExitProcess
0x40e11c CreateFileA
0x40e120 CloseHandle
Library user32.dll:
0x40e128 MessageBoxA
Library oleaut32.dll:
0x40e130 VariantChangeTypeEx
0x40e134 VariantCopyInd
0x40e138 VariantClear
0x40e13c SysStringLen
0x40e140 SysAllocStringLen
Library advapi32.dll:
0x40e148 RegQueryValueExA
0x40e14c RegOpenKeyExA
0x40e150 RegCloseKey
0x40e154 OpenProcessToken
Library kernel32.dll:
0x40e160 WriteFile
0x40e164 VirtualQuery
0x40e168 VirtualProtect
0x40e16c VirtualFree
0x40e170 VirtualAlloc
0x40e174 Sleep
0x40e178 SizeofResource
0x40e17c SetLastError
0x40e180 SetFilePointer
0x40e184 SetErrorMode
0x40e188 SetEndOfFile
0x40e18c RemoveDirectoryA
0x40e190 ReadFile
0x40e194 LockResource
0x40e198 LoadResource
0x40e19c LoadLibraryA
0x40e1a0 IsDBCSLeadByte
0x40e1a8 GetVersionExA
0x40e1ac GetVersion
0x40e1b4 GetSystemInfo
0x40e1b8 GetSystemDirectoryA
0x40e1c0 GetProcAddress
0x40e1c4 GetModuleHandleA
0x40e1c8 GetModuleFileNameA
0x40e1cc GetLocaleInfoA
0x40e1d0 GetLastError
0x40e1d4 GetFullPathNameA
0x40e1d8 GetFileSize
0x40e1dc GetFileAttributesA
0x40e1e0 GetExitCodeProcess
0x40e1e8 GetCurrentProcess
0x40e1ec GetCommandLineA
0x40e1f0 GetACP
0x40e1f4 InterlockedExchange
0x40e1f8 FormatMessageA
0x40e1fc FindResourceA
0x40e200 DeleteFileA
0x40e204 CreateProcessA
0x40e208 CreateFileA
0x40e20c CreateDirectoryA
0x40e210 CloseHandle
Library user32.dll:
0x40e218 TranslateMessage
0x40e21c SetWindowLongA
0x40e220 PeekMessageA
0x40e228 MessageBoxA
0x40e22c LoadStringA
0x40e230 ExitWindowsEx
0x40e234 DispatchMessageA
0x40e238 DestroyWindow
0x40e23c CreateWindowExA
0x40e240 CallWindowProcA
0x40e244 CharPrevA
Library comctl32.dll:
0x40e24c InitCommonControls
Library advapi32.dll:

This program must be run under Win32
.idata
.rdata
P.reloc
P.rsrc
string
InitInstance
CleanupInstance
ClassType
ClassName
ClassNameIs
ClassParent
ClassInfo
InstanceSize
InheritsFrom
Dispatch
MethodAddress
MethodName
FieldAddress
DefaultHandler
NewInstance
FreeInstance
TObject
YZ]_^[
YZ]_^[
YZ]_^[
_^[YY]
YZ]_^[
ZTUWVSPRTj
tVSVWU
Ht Ht.
0123456789ABCDEF3
kernel32.dll
SetDefaultDllDirectories
SetDllDirectoryW
uxtheme.dll
userenv.dll
setupapi.dll
apphelp.dll
propsys.dll
dwmapi.dll
cryptbase.dll
oleacc.dll
version.dll
profapi.dll
comres.dll
clbcatq.dll
SetSearchPathMode
SetProcessDEPPolicy
Exception
EAbort
EOutOfMemory
EInOutError
EIntError
EDivByZero
ERangeError
EIntOverflow
EMathError
EInvalidOp
EZeroDivide
EOverflow
EUnderflow
EInvalidPointer
EInvalidCast
EConvertError
EAccessViolation
EPrivilege
EStackOverflow
EControlC
EVariantError
EExternalException
m/d/yy
mmmm d, yyyy
:mm:ss
_^[YY]
INFNANU
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)U
<'t$<"t
<#t&<0t%<.t,<,t3<'t5<"t1<Et:<et6<;tF
<#t'<0t#<.t
<Et$<et <;tS
_^[YY]
YZ]_^[
_^[YY]
_^[YY]
USERPROFILE
GetUserDefaultUILanguage
kernel32.dll
.DEFAULT\Control Panel\International
Locale
Control Panel\Desktop\ResourceLocale
[ExceptObject=nil]
TCustomFile
EFileError
File I/O error %d
ECompressError
ECompressDataError
ECompressInternalError
TCustomDecompressor
TCompressedBlockReader
_^[YY]
Compressed block is corrupted
Compressed block is corrupted
$Z]_^[
Compressed block is corrupted
TLZMA1SmallDecompressorS
lzmadecompsmall: Compressed data is corrupted (%d)
lzmadecompsmall: %s
LzmaDecode failed (%d)
YZ]_^[
TSetupLanguageEntryA
The setup files are corrupted. Please obtain a new copy of the program.
_^[YY]
Wow64DisableWow64FsRedirection
kernel32.dll
Wow64RevertWow64FsRedirection
shell32.dll
QQQQQQQQSVW
SeShutdownPrivilege
_^[YY]
_^[YY]
/SPAWNWND=
/Lang=
The setup files are corrupted. Please obtain a new copy of the program.
The Setup program accepts optional command line parameters.
/HELP, /?
Shows this information.
Disables the This will install... Do you wish to continue? prompt at the beginning of Setup.
/SILENT, /VERYSILENT
Instructs Setup to be silent or very silent.
/SUPPRESSMSGBOXES
Instructs Setup to suppress message boxes.
Causes Setup to create a log file in the user's TEMP directory.
/LOG="filename"
Same as /LOG, except it allows you to specify a fixed path/filename to use for the log file.
/NOCANCEL
Prevents the user from cancelling during the installation process.
/NORESTART
Prevents Setup from restarting the system following a successful installation, or after a Preparing to Install failure that requests a restart.
/RESTARTEXITCODE=exit code
Specifies a custom exit code that Setup is to return when the system needs to be restarted.
/CLOSEAPPLICATIONS
Instructs Setup to close applications using files that need to be updated.
/NOCLOSEAPPLICATIONS
Prevents Setup from closing applications using files that need to be updated.
/RESTARTAPPLICATIONS
Instructs Setup to restart applications.
/NORESTARTAPPLICATIONS
Prevents Setup from restarting applications.
/LOADINF="filename"
Instructs Setup to load the settings from the specified file after having checked the command line.
/SAVEINF="filename"
Instructs Setup to save installation settings to the specified file.
/LANG=language
Specifies the internal name of the language to use.
/DIR="x:\dirname"
Overrides the default directory name.
/GROUP="folder name"
Overrides the default folder name.
/NOICONS
Instructs Setup to initially check the Don't create a Start Menu folder check box.
/TYPE=type name
Overrides the default setup type.
/COMPONENTS="comma separated list of component names"
Overrides the default component settings.
/TASKS="comma separated list of task names"
Specifies a list of tasks that should be initially selected.
/MERGETASKS="comma separated list of task names"
Like the /TASKS parameter, except the specified tasks will be merged with the set of tasks that would have otherwise been selected by default.
/PASSWORD=password
Specifies the password to use.
For more detailed information, please visit http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdline
InnoSetupLdrWindow
STATIC
/SL5="$%x,%d,%d,
Runtime error at 00000000
Inno Setup Setup Data (5.5.7)
Inno Setup Messages (5.5.3)
0123456789ABCDEFGHIJKLMNOPQRSTUV
kernel32.dll
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
WideCharToMultiByte
TlsSetValue
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
GetLastError
GetCommandLineA
WriteFile
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetSystemTime
GetFileType
ExitProcess
CreateFileA
CloseHandle
user32.dll
MessageBoxA
oleaut32.dll
VariantChangeTypeEx
VariantCopyInd
VariantClear
SysStringLen
SysAllocStringLen
advapi32.dll
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
kernel32.dll
WriteFile
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
SizeofResource
SetLastError
SetFilePointer
SetErrorMode
SetEndOfFile
RemoveDirectoryA
ReadFile
LockResource
LoadResource
LoadLibraryA
IsDBCSLeadByte
GetWindowsDirectoryA
GetVersionExA
GetVersion
GetUserDefaultLangID
GetSystemInfo
GetSystemDirectoryA
GetSystemDefaultLCID
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetFullPathNameA
GetFileSize
GetFileAttributesA
GetExitCodeProcess
GetEnvironmentVariableA
GetCurrentProcess
GetCommandLineA
GetACP
InterlockedExchange
FormatMessageA
FindResourceA
DeleteFileA
CreateProcessA
CreateFileA
CreateDirectoryA
CloseHandle
user32.dll
TranslateMessage
SetWindowLongA
PeekMessageA
MsgWaitForMultipleObjects
MessageBoxA
LoadStringA
ExitWindowsEx
DispatchMessageA
DestroyWindow
CreateWindowExA
CallWindowProcA
CharPrevA
comctl32.dll
InitCommonControls
advapi32.dll
AdjustTokenPrivileges
wxr""/p
wr""/p
ozR1ML
oLLLLL
wwwwwwwxp
"""""/
"""""/
wwwwwwww
zz1111MMM
^zz1111MM
^zz1111M
^zz1111
^zz111
rDlPtS
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity
name="JR.Inno.Setup"
processorArchitecture="x86"
version="1.0.0.0"
type="win32"/>
<description>Inno Setup</description>
<dependency>
<dependentAssembly>
<assemblyIdentity
type="win32"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
processorArchitecture="x86"
publicKeyToken="6595b64144ccf1df"
language="*"
/>
</dependentAssembly>
</dependency>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
<application xmlns="urn:schemas-microsoft-com:asm.v3">
<windowsSettings>
<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
</windowsSettings>
</application>
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<application>
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>
<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/>
</application>
</compatibility>
</assembly>
(:2L7q
%wrxyt
Hk4r\mt
%ziUN*2=
y@PtZ#
3<$6}L
ixt(QA
=Q@ic,.T(
3%_D{,m
43m.Ym
.c|J;!
zhjoK9
$GG'=CuN
x% U Ldh
U6Lgj!(M
l(=i@XYj-
R0<a_iY
I9 C/~E=V
og&hp+
:`t\&j
Zqm$u1
q}~|`]
mh80QheS
O#RW/4V
~ooX.%
rJ?{`c
cOq@|d
n397j)
TmbdYx--z
\UgrB*
:=pTNc
`T*)bz
ukMgG^;L
r'~/?S:
.yT3bU
{"S8]-E
M.6*Ko
'>SZS'
mw@_XK
I5f3x{
X6J1]i
)@gqU
L4jU3o
T+TG!M~
S1?3@
ciRB7D
5TtWdx
|<`c'3
0:LXC-
Q@bo/!
Sth]!
_gmQjes
cd0#_-LL&
F|q2X%`
E^#G!I
+)H@I]/
&2!r8`[
NZ\VbTN
&jl8DJ&q
L$r{Y}
pqZ.FtG
#Z&X[W
:a>nwb
Pa!5rO
Q\E5Y
6YN D/
*Wmz/qa
4);vH,
I9{!|G6>_m
~e)tB*]
SaGP[5
~zoiZe2
3""uQP
#q'.nc
/yJ;Uq
#qC#0d?s
IhYNx.
9C=A"J
?0HNW
m#>hk-
*+LE+<
.J7|v6/6n@
\`}IA/
E~c-\&
OAyuqD
5JscQD
+)KL<Z
(5bv\3q
%6y?r{
;#5&)7
k2`#6[
E$ca@uj
F+vgPT
VuUU@27
Y}9SyR
c_f`sm
TP3bmiQ
fk|t9}$o
|rshsF[XW
EEw/uy
B+|Eor
Of:M$6
:wzMz+
Idc$>c
iQG@4@
F^4G5Q
((KMbf
7j8?ppSS
/,@#SY(
77Mv@-
n"BXHdp
o}34^]]
b=G/gMvaD
P|?hmp[sI
f3RdhB
y.RzZjZ
\2yY5Z
mG4y1x5
HjI;B_N
"('V]\A
v~b68P
RQu)JD6I
6{s-va
EE+n+ *>(;
b>,,iO
r:kASwN
HRj0K"D
ICfaJ^
`h^jGx
qX"mTH
'=0{Mv
TlIF}}
:=H;P
#/c~Y@
=Xarg5
Gv7m*b
J)w*<wN
uk7>JJ|Z
D"Ufug
_yh7<K`i4
x!+`&=
6}x6-2
#)nqde
|s?4u(
"ATL!k
[TqgG`.
x-340;
ge\GBm
ow:j&
Eg~])"
=eA%B`
41By[]
V:!r14
7JTH]
; Ki.0_
((vgm{X
>'6@N
TW503g
Fg%y(]
A74ymI
hQ2IKb}
\HJ3{<
#q9>_
Wxk ?a
:WfH^%
kz8+:e
+,4YD#,
C8nveC
L=k7?+
X>Yi`7
M7$l Q
Wvlfi!
a]@@p*
MrT G:
B`ORMNY
_&L|0f
|`x _|
&0rWK=s
HE7yI8
jYPK_o
[pdy%yO{0K
U,=N,@
$@rio|O
9P'Muu
anhT11
T2])ZZ<
~a.|2}2
g.FYlVw
QP=$7[/
;/k+DD
U,Bm*mu
6n3VYV
Q"Dqn"\\
3rXx*9m
,plxNob
KF|1[D
GUwYWO
&W)ot<
^Gb@/X
Pw(D,cG=
5&UvB~
5[{dcB
$F=u\
d!-Yz<
=P_U3n
"w$-Hel
350PhC
sx\}G*\
.],szm
v2!T>w`
A1%YUfK
u>u-`_
Nghcp(v
2vMX-z9
AQrG{tX/\
J,S?Kqk6
ja=u^e
{{aj$]RUd
,~4<E
pdsbaET
b2w\62
E*FXqY
Q4x>`ma
QWyl]T
%5 j r
J,#je8
pf7S7D
2x]nm^
CgD+t;uk
]`XB4A
PyyT#X21Q
^8)X0I
i;S3v7;
:[u=ft
olI?I0
f?Khu_
+O^"vw
k6hI)C+
Km%"5>
So}*hy
LH#gpK
3*2N+_
Kc M+E
boF3zT
CD8f)
X>lH`+Vm
5kZsii
.H_kRh
6(dtc?
=@INKEb
3W"@b^
Qvd`AX"
61Bwkm
WXpb<?
9{Jr7~Omvv
'"Q.a^
CK.mann;i
q<.L"v
rGwWF#dN
BZ"^n*0
_2?8Yk
Ee({j5
X*h"[
BH`j3i
`[a>t6{|
ex?xN7S
5Y&)3?o
9gS-$0*
{iB8uDQ
KgN>TM
oQL7eX0
g2thk8
A>a2gV
eE1j,
3WNPagrQ
%cc_Dy
6M?,lHC
d%({?BR
f"vx6}l
k.EhGCw<
4$rwj4
s02q6q
F1sal/
K430\*R
24A(Q[
S-nNhXPb
3vw<>(b
GXPDxP
us!K&~
4bab1V
h1kE]i
|i ZT=<
jfX9p&W'
2c;,X3
08\^t+2
=FYwvn
/+rgX;
Esi#t6
3txq;r
ma=cK*`
oQ&j5OI
66,S.PtT
qT7:::
QOn=Uh8
^H#~B{W
KBEzWa
MRe0C TcH
o%S-5
vwkQ4a
}HzQq@
AuO3L7&
x"mXHw
|Vi.7mN
)Q)!nP
ZZi1B1!p
X+GOn-
_(Q8':$.F
6|xfb[
-l?RRJz
>N]&`z
G?@XU{c
7'DMQ^b
V;dJN
JBR7WC*
pwsFzOU
A&+N;`
+|wWX!
u01y: W
vtGl@i'
x$!xd^~
7Vd~8>
#4j*EI
}KH}o6
$:Za%o
>F+d8mY
[ICeO1{'3
>VZ}$h08Q
dqOE!tv~
m]e]'m
m&~J*_
Op5oKkL
.L;W0Z
_0*@Hz)
E#Ocd(
dgj+17
8;XG$P
Ms7{`{
)Wjf':
m<mS %"
Vb&<3!
e/J'p
O/Z0]_
taeD*j
r7-eCkp,q
[armI
]`Vp}i
Og&%kc
OICjpy&
Jn)#[I"
gLWjj|
t)xdI]
#"">0A
d@D|:\
A{bSU#
hf$#H7am
^q$UDj
l!{MDc
<$&Ks@H
&f_L;q
6+CkQ>=
*iUN9c
^mlW!r
B^ 0N-
.818oZ
%u"lV1
,zp->Q
-UFYM[u
\7>}7cp:
KWc.|M
sa:";M
)G5-<C*m
ZLuy+/
K ;ES~
ZPVONP
nir4WC
50ZXi`
?}$1CFq
H`xdO]
\`*y|q
'Ti,j"m
XyvR!Q8
m<9 cZ[
*I_)Z+@n,
2Ki}(R
kT*F^;
A;3~XB+BK
9w7g?w^
}AWzPv0
$r$_~/b(
=LMkG^okq
Iol6c'k
\@-qvh
Q\{^bq
B#37pJ^
L9>GIx
`a$3?T
c x>22J}A
xV.>\K
Q[dW&W'
t,N~wV
i(c$;oN
6gwd&N
4Nb?^j0=
=v@pLiA
|Og%N"U
kccJF
i(U'@4
b$ix#J
tRDa+k:
Rkp>W1
d<fwB%
(F5/==
cDB>V{.
toPCnXPH
R|@>k3X
dy2GPD
nQVCM&g92
gv6XHc
bmD{qH
eJ4e(YM
c]Jc``&a
,=P'J6
aer3<V$
5REj'=
fe=F r
TB#}u1
MW]tgk
.M!~eE(
3E1mT5
6?m%,4
RE>!Md#
p9$-x ?
Gz?Q$q
O|YeBS
AF /vQ
'B'g(5
UR\*Pb
7vx":f:
!P\'S`O;
o0?0!r
Kv4[jH
b[2z>o
R4dfRF
FbQSEu
,RJvVu
\{]4WZ
vIE'zp
*}OMD_
B@^"iS
#(uNYZ
P!4.Fu
g#x]Wb
^cIUT1
kv;.L[
.sBJ4EK
^Ap x(
S4dC8CFo
YZvZGw>
>\,Dxeq
aIq7]
wQ-i8}
F2n)?n
8>u/He
2oi+s;
s^L{GG;#4
Ix.>`v
k^b2D\
GnOA+[Q
)\^cH>
N'>N.U{
&5HvIJq
ewz:V%
9C>BrC
A59l{v
>-#W(c
x%t\Fr&
u]+?GT
W[G{JCm
nQ)]E7A
(M0I36
sb|<~w
'E|l:F
l+G\]a
|=^&6*
M}q8cQ
qb7U'F
aO+R#?
\|DS^Sd
$a!.Bz
}S!6FRxy
XW4Xs
(nSJt9`o
&d B_
@O_5WZiR
Bb@a}@s
$uA1sXW3
@IKzXO
@guoNf
0pRC%=
N2YtNYUJ
,(7l1xP
RO!Lfm
Qa7o(H
<}i?19
W-zNZvq
_'B3fkB
f! %LT0]
Yq"-_G
6H|C5%
fiSc_<W
lwvx%G
jaN[`
Rp0<D1R
l?@593I
Dzb$Xm
OT!m>
R:) ^6
ZVfA=g
iZgl-g
?C0Wx/,]7
sBzqB^
`H>PC&a
RP?6 7E
]WZ$2'#
E tBt{
jZ4zznL
Cd[ --
_%QGi\
3W\mGR
wE>?#@
HW}))Q>
:@D}wy
N=#Y1i;
+n)ViB^
TJ^N7d
eBK4j ]
"-3mc
3/dhC~{$
XsDQm+
gBw*1f
w3=j2M;F
{}@>(ai
*K"t\c
mqkkmj4
]%CykX
)"+VZk
2-*;Nq
|<i60
taS-wO1vh|
s8<W-,
#(%-,R
kD^Vqj!(9
i,$9xw}
~JmDT,
@Zj,@p
E4qT[?
5hQ]!`
w Fpmj
y{K2p;
ONF_?IX
ylYH}_
ZSKNYD
7w$Uc*F
|)?^wM$}
4qQG^uB
fJ,;+6
zVE}Sa
PVd$e6
6It'^G
h|+pIo
nM,-U$
^hfKEL
?v^DZ'
r?4%F|)
TqWpo.
M<&,:PDgg
lt{/L}
U2\f2j%
3_/}^D
^<|Br>I
:bq{2~
FfY`_S
Pf~`i%^
=fD$!0
hKw#$;
Y4z^/M
t{^NR"
bhylOV
J9&[w%!g
>e].]!
<<~j>;
\c:?b
=<MJq!g
/xRy@w
n(zt\Z
CpA$6@;
J~_M%4
T<;wl1Q
a7(Q2z
IG'0,#
hD8dr+
w$m[|b
+rs&u
;hi/(md
`<FGFs
04*GR
T!`6C(
fV/T&y(@
8lobt~
m"\h %rv
L"3Dcm':w
hh)"lS
{4?KTPB)
KNF~ J
I^!OG>
iIc-oY
{ [6"~$
>*]f<4o
|]_2ZF
oIQ83hy
!JT&E=4e=[%V
aQd`tC
4W%,7O
pn]/>U*G.
%|egzY
lDV^9.
rnv!N^
G@ 2D>
yrIta
yU}U$[-
*gd;j1P
+UfaQ,~
!nY,Y:%F
7)qe7Y)E
]]`T0yZ
Hfq[#Q
KwMu$o
uZ4i{+
a$9is"6F
Q%mI`JZ
[z64zD
%6Nl.-
Yl\?Om
sz;qY}D
m7rubV
2O83NG
("Oe}XW
Pf=[Oai
L^gqtTbP
f.DI.D{
;-SIV`
C@ci^^
$o#{)x
{j8G(/
1?=v3j
&t:tDj5ow
>MGQcc
+]WQWD
Iua]yD
y(8/HJ
5YkR r
Qtgj=_:
HiB=">
v =LCW
{D*?Bw
'|W}zv
G+Cx*d
p9I;gq
)Dn}5
WYsSVp
'W"F3y
adE):o
=.?OPU
GO@h0z(,
3|u8Sg#5a
'](8-@+
RjVf}m
o|bZ,tb
muSK=M
jBkV%
lJFxsh_
JX\]Tn~
#|/Fvr
z OS/C
?Y1]no
G#A,J!
i8PeeV1K=
~.bS]T
V,rb_!m
}$E>{b\
9~*P8)
_e -j6F
:}@$)E$
ofh\h7
A>~UZj}
4KE\5.
LC|Fkd
/>7..{
aFkBV\
Hhn0r1
\^K' #
r?ppL[
oM$7 dk
_+l(|`
k,hKBL
mXjMI{7
&< ?/
%z\Y>\G
t2)gdD
pJd=*l
w;w^'C
QG&-'k
Nn<YD/xK&
|t6ccD`ua
_GJ6Cy
e{y[X C
~F*84n
1C+F?*
beYj|o-
!e]Sp=Ir
-hlQ/B
K6bdnI('
t}A!7R
yLWbI@
mP-)J8
6#DF$(j
q^!Qpk_
yi?~K
m?$/^]
,"kEus
F1/!M~
\)69eR
{fu[RE
`7l>Ep
C:@&]C
FVOq!+
DMa8,_
b"cr4k
v!\u`w
S3s]>b
yw^-:~
igO,#6
5Tlbz5
Rlp]~k
iN\w8MZ
5OCmHg6
gaT#r{
[\1nga
?3.n;&X
SUR''6V
yn<`P*f
>>'~AHv
ge!ruo3
_>.96F5
+EP4|y2
2h:WUJ
)~iW8Quh
EJb<gX{i|T
s`5jL@{
8`5'!,
!|=jH7
B+v!=+
P'8m+
kFl_#C
~Sx]$QF
K'/>>q
8EId1'
H\vk7oe%
0hz,@D
0uKy;E
s=gPB(
&]B``~
H,H|'1B\\
;TRnXa
4h!h,
Qzi&u>
QjPjg b
2]/U$~%
]G@LW}
!{e5,|
djj68`
S(1=KW(
<lyR[/
sZ,/C)R
Jh8g@q]
*q?Piq
\Ig_@a
8XLx@?1i
@7g-o}
)d#2i1W
k?kzK(
'+/C,r
t|Zv5n
$:7Hmh
tg/Uzkf
T=a,9=*
uhf +!
8C`0uW/[
1rhh%;F@
|aOi'jEb
yz~L;x(B
;-NT3%EDU
[$9K b
c4`% 1:
C{.2YD
>o -Ij
f[];HR
8)#l(jl
Th$aLq
,&Swo7
*nnRmFd
%\,U.^
;aLd>w
;jhWGO
:X5@qe
56A*gP9
W_DR5}
&*'t5'
t)T?\9
-.),9f
R.wPf0g/y
(b.89{
oML_/i
1gMg>b7
v~YII<
f:d|6#
EcRgYSP
Z=(Ny/
/qqTgGS
HX[34b
"%lTUGB
!:=!?;
Semf;p
tYM}lW
Y=h:XoM
%+#9;4
eH}2[7
5;b@).
L=',S=Ap
;hRKoy:YU
Q40N_<
N+Chfl
\z<)q6k
~is-Ee
{r<N"B
)({mHn
%'Dc^0
C:QL#W
"k+?oX2{
6w+(yfV
3,ux;GU
Sq>CX<2#
Ri9Jy(
scax~G
fHqIN(
.#[2U8%
"4O;"[?$r
Xooh]#H
.1p.T^
\]EhAX(z?
C 6~,&9
7sWUb,!u
i3 G8@R
JUUhFo
0qHjM:
H>AV\^zd)
>!"_fz
T4Kum;
?&h`9]c
$Y+0B
LrIKH|
+*3<33+(
'$,`XwU
;cQ3L=
cSM\~}
5p-Otz\
_6|@J
KNW4Y@J
![AP>>J
o')6l]O
w^]ZFE
[u?]"'
d_'A[l
p& Z'qpn0\
_d3}?|
y^UTC,
D2ZKUI5
+>rb}b
y"SOv6l
'dPZGr
CnYT4%
g*l/\&
'AvU{5
u_MNL|
P?)\?MZ\
}m*_Rb#!
MKu dO
u0`$p;
B;&hm~
>nV4E;
e-nbbg
j}=}$,
z<&(UwE|
=Gi[/g
INsc= g
3#52T0
EqjrQ-
C00[+sUjK
~0rpo*7e
dms3aP
4Fe!qLu
.-n$Vs
<}9sB3bY
>l|("C1
',oOogrs1x
mItv)E
3|,%,m
^>M]D?
l!|!2-
T,mI!%aV
13=]%"+
fK=Vn_
>9}+rD
U|/^<Rw
f0R98#
_v+C=Q
`lW{.U
BrV(@4H
bs/m#B
:chmEB|
yXWJhB
)mL(&X
3ZuI8'
Fr<M}]
!C<cOc
H+>S[d
9yFvvl
a~=r vj
qtkO|+et(
cBOG+l
efNq2_
F4,1x,
?%-wa#
4t|isv
E5`Yc%
!U?@jB
i'G'#
H8;S9M
H.|k'^A
=H.RQMB
wDgi=/
ePsJK{$
ru"M^i
F%9gHuJB'b
+0qG^y"Lf
faHEfb
Icz/T?
Xa>G";#
ID=9z
f?r]fV
P`xUbF
tny+_d"
){L_R-^
_9r9h{
P+13fr
F"d!(M
Jb)ArT1
I6~[{e
PI(]#w
O<;?S]ZW
8L@exa
8"z:d-
DIg0A5
JG`k-z
vnb>@p
|]D*~D
V\dG<,
?XOCt|Y
7E+CwU`
_G<>{N
zYhHW{R
%/gRzZw
p}@"W^
^A_[2>]J
6<X+x:F
[t+;oER
W3a2~}x+
|BoS9-9A
1Iq!=C(:5
^@M264
B8q,dn
$^dT% P
S66mD
dtA=&XY
gz;v&'
3A(7zV[
6`O%MWX
=1Gy<V
qYWq)EeUSv
+>;diw
d$eG9K\v
:Ns)U
BmD>\dw(E1(
^bV>v:F
<ZCBH%
03[8OqD
'k>FJF
y8K\&y
#;jyap
j3>x[9
vH!&^&
_X_9^(NJ
IPN|5\#27
a>*oCvd
rB1&&wZ`
GJR/D&z
EeIwP$
zo"Le
"X=KU7
jz|V)-
T<$=rW1_
.#:M{%
nTJj^Y
B\6/9X
;c;dT"
#jl(5mg~
`%v($uq?
Z'\**<
naeRaF
(`S-3`
%Z\Cs'
E_2ztt
<0k4"R
J_zM<2
6q&IFpa
$AIq(U
gN1@<z'7
s8kI/g]
fu*oRb
K06zim
x"@fm~NS
Q<;8 70
X$5r!qq
Oe9j#Y.
vdq`J@0P
W]s]}+`
I-@@^ntC^|0
"`Zv|/J
ONUVi.
4IRk8-m{
:,WOmv5o
A|3fIp"
xg8'@7
Jv"Heq
4y@opv
Fpr7vzX2;
MBwYU1V
*8%I>13u
zn(k#wRq
k+87/AW
3"auW!i
a?k%Y
\8C=i'_H"
:n,T&/
C[8V%aB
2hichd
rcPG~g
PB"+!D
}"|f!*u-
NR+bz
,le:76q}iC=@P
$5=IF)s(1
?rjr
v\T,"b
RB)hx
oGD7 0
\uG50/
<.&~4=
^E6_&0GW\
0|2jA
}+]#xA
KZU'|o
h^YkXv
T9):h^
JIaDX
QdT7 +
=z;CgY
@u?.LID
T'uOS9
=8NJAr-=
qWU/RH[79D(
B#VT0
[4q@ni
P9tW(~
<@;^D\
Jq)s%&L
d6QLT;
4_q*dt
ae`c=)Y
d h#6;3
9Y.Hb/
r\ny%J;
*{h)N,6
yUHE6JD
F[D|<^H'{
pO0!"3H
i&43h
[Em3;sP
:?Q%~A
%412V5
|eg2ST
mfEpg0
&'=Q@;
FKL4_uF
h:h@%>
SwpuP J_
fR_rj
X1SdYo
Pi$1R$
h[9~3:
zY1X6C=CN
#JmcU+
s_Ts'q`
,EnIz }
;:6>'q1
#R"s1'r
u9U/w(b
0s}H]'
SRd}"n
$[lMx$
nBI,_<h
?5xa$_
;'Z{`h}Pr
BKXtj@
-*gz~iU-U
FH^yk(
_H`}%C
q.O$g!&
7t/(E=
+f%PE,n
s]go_U
c~j#HW
jNcXhY
t{{_af
38!QP:
,{u@X1
o&^E%:&
*Gr]e;gh
]3ImCg/
Kr-{g_
15!Viz`
n8#%DS
"9;~=e
16CMHC
* nA,@
^T5tCG'
]Gr was
qh2("/4
%Y5.Ks
|bHY*+<U
pITC~+
^jK(4^
$*H*Q"
iI#76;
;%\Yd)
_-Y_*R
wh(W''O
p,4*FPh !R
bt]'V[y
?-;,fZ
}kxj_R
7;!UDw!
:OH)zG
G;qI,U
9)>=lID
WT9?:|
elg\Dx
[M-J`i
%f,1P[
3*mD%f
RKy&Gd
gUH6*boQ
T_u\nQ
2Jb*@x
OXT?gAa-)
jbl01u
Djk_bO5
ZG2wZ
Y0i"]'
7:Lf!L
WhjE|R
x$"!y0
BX9mR;
j!vF~A6b
m/QU"C
$/iH
_B$0(2g
~vmH1b]
OfssD/
#"a)~SL
: 4v!J
Krf/}j
^|e!V@
p*/Qs)
>*q;DF
TJZ1{V
q{_uWUAe
.zA6uZ
zNz6]_;
1;Zy1
3&"pSdn
&Po?~2b\
+2Dme"
?zcEt0rW
&y~D,j
e`&zht2
wOOSvp
L:g-:3
=J{udlv
[S{&EP
fDi}}(
#awh$3f,
{C5UQR
FGo\`Fc
)35t5
.J.D(r
rAJEh
.&VR k
|q\T{b
ue'_x4
!y(R7X
vUiPp]W
5KRfW8
-jx'1"
[qs4XQ
$Tn'/
`o[\F8ZC
Hc9v-M
ch&x$V
MKNBF~-
1dU#r6
Ee]/r/
'@ 6.I>
*e8`KRb\ua%
[i1|}u
@t|=1@
BGUphu
W'G,RG
FPz<Fq
9#}]*K*
H!:<9US
f*)Q)$5
zsD{r:;
>;D\/W
tcx&I{[
>'P3wp
9-R|aV
l0T#Uo
N"9C6p
oPsZWG
@nL\^
l:B6wM"1
XD^WDu
V~6Ds\
qAmOJd
mHJw/fa
i\[kw]"
sQRVxs
W8V<zb
MlLjIpkU
Kbk92
<,6mM|
}$?KPb
Z;p{5s
q"Nt"(
i_qI\|D
he}s(D
l<)V;1
B2]y"7a,9'
dzYBd"
b#*Mb+
e=(D6>|]
$ BO-0
b_T/_{
'h7^}Z
/8bj/f
nV]I@E
Z$4o@=
0|3avv
:EszH#\
$rnFC,
@RK2un
L3W4`_
8QQD2$
+G"[-3
g=m=<_
4/$$1p
IAh4WYkn
=35yu
BRgP-t
!^SlH[
Z>hl:&
wC$U])\
BVg.H()
A1SoIe
c{Fg9u
]_v@BRJ{
zY(asy.
;n\g4J
@1DWjE3
*'{Yow\t
^|RF"JA
*N)C(m
f!lg[<t
Q;KY~1
!@)=!"
<\}Ho"
F@RIKJ
kX`\t>
y'^z-,
G_gKwa
7,J*tf
oB2\x>
2F jp
qhP>l%K,%
P}-l=L
o 'Zf^
xC[akd
JEd}!jc
/z4U>}
#R6Ir[?C
4GbJ)J
u#~]2*
C')U0&
N%~'qNas
~pCGwt
4Y;uZWW
YC;fj'
@-j0FTv
Q/&%4y
ym.[k^S
05tzZu
F-km`a
"r`zs
B9 POK
meo`XO
0W@0E
1C~)ax
%xR@jT
gR.Z6CB
>$`=?
){'>3 VV
~L^sdj
[7Ir>wz
1Ya?w%
5\#hJIZhAd
%u0mt>1~
<sDwZMJ]
s HQGqov{
l8KZ`I
ZC6`*F
/7\SM)
{ZS}eg
BT-3nD
v1`>Ln
%i{7qA7
CDe,SBn;
AYxi{ER
*2;$jz
~\&n0.*m
TK,Q|x;
T1}tR
R'dgGF
B'hdC0L=
!h_Ev|
|Fm/h'XNl,
jOf5-V
wPA2]O}
&\^"p'
Gd$yq7F
::{t<WF0
Sk3wd:R
#%\H9#l
pRZ@)ALn
GxA1?_
btv~[H
(-Os;FN~
xmwAwLb
%!SgO8
7EZ]sQ
Y#1$l4qE
=\e_*F+
v[cBJ"
gSb\l)g
(I:6u9
KfAJ|9x
f/W:'}_OHvc
}i5S?"
x&I.]!Xc
|?"w>ot
rl2x<`
j$0xrc
&&8vw
onNG*1W
%*nKin
ekscLj
BX56O\
PM6nXo7
/.hQpB
,0+nS%B
k_unje[
"\"J&J+h
be+p}6
6LR|Y<
23~6T,
nHFi=NL
iUXO+ia
uHAo7s
rM*9k
\?gF5/$
iC>i%C?
H;|WES
H5mN.
bqM8fu
145H%
Rhg>SR
:%5o~TBn
Uy}(d(
\#BcLF#
B!j*6<
bM"#k!w4
HUq7uyVf
<YBC,%i
'5^BjC
FC3zrfxc
5`u)7[
''dT-0
ms+.W8
=h*]Av%
Q|^K'g
-*=6h~
!n,kG~
hnl(|{
`Tv!VO
Q!R |2
c`f8|Q
n30^D@
@ swDs
Q3#K2%Ri~y
R@FC;a
1N/MxP
KB[rmg7
*lCNF`C
T)Ix?=`nY=n<
"hNIy?
taMFcHb
r5-vW
40.[tP
W7F/9d
X(P(uWQ].
s,*'\/j
S"\Opk0R^5
*7fA$P
NZwG4a
qO/2+:
8(o~,[
zd.YGvo
Qp"K#}
/So>mB
M~tfh/
FI:-Szz
}*LpON
4f;f. i
vrKTV^Gr
f~Q"S;tc(
d|u5MH
`hl;=!
Mezk_X
\Q<$,0
~-UC~w
qR"qUd
KZhIug
dt5p`>
@*45rh
Vd6-5?
X- !|-;
dSuPmJ
M Q_u}K
#p{s3h
J!s}e|
~$H/L#>
>Y!2X&
=#.HX9
8|sP>s
0y\4?,
7Sl0+@B|
(p}Cp
aJd%f\
#rof[`b
2]wSO}O
MwFOYf
@x?,+-
G--Yb*41t
F"@Hl<
AT@HXR
X&e<`[
;&0U]
Jq]qy\#Uw%
T-'g=d
G7)+(U
yE&D/W
@<S9kU
(P4-W)
b;-`1g
58x.&K
p^tN*vtx
=!Wy}'
gwAIr;_74
sAK5y8J
EYW7m$)
a.T^9~
Cl0, g5
J)\<{n
v<:p"2
_xVgW
8?8^M
Z b9Q
@2p;/f
1qmFS
Ka)]hw
XOA8)x
r]O TE
~Tbcsp
bB;D e
.ZQ@rNmFM
.'2o^eq
RZpkp?
ZvG!Z-
W3@>=xu
j5(hZT_
-Y!q_p=
\zt:xa+
(^7jxo~
`[1FrK
nCd(c,D
.h7^2{BK
2ji7V
MvSw>#
9p\"De
L5XVYS
xo|<03J
r8#:%on2
|;[]4s?/
90lfW^Bk
RtrKu\
KgeWL2T
Tz6t6>
KJ*)J{
<w.[thV
3<3oVV
ED@!5`h
C')h^)
-jh]WgQ
kY}u7>
(!Ri'r1
!uQgEi
Sa({3r
%,S)OF
#~4ISo
&j:vG&
HH%Iq4
`t]#4d=
`x-J>XBC
^<.uNk1MO
Z:j@/N
1GFU;^
G.Kw$B
/_bUja
|W"_<L
wrV7U4(
d_VHL_p
8x,&a]
Z{Iu;;jC
P-)S1xf
?4CynXw
X-hQ{
Mp[l2^@J
(exX9o"t
6L)HYG
/ltguS%
w}%]It
GEX80m
'D{p\W
aS;INN
OUYHWi
1}ROJK]
w)F|P-5
H\^#0_
ME]P?r
!7hRch
Jp]m,
[Wm%,b
PcQh<vc
:Cq?;q
#~{3t]
^<g=o5k
OZHi\n
T@q_6
<5r)vE
L*ao${
NAuO>
O}4}X5D
z9Mk]+
EgcGH[
iWG63j
p661{|
_M\YK$
QdWL|NJL
IyOJXap
{B[-g^
HHD(}]@
j`V@^k6|y
NJ\X'}q
=nLKuM
1XA388n0
:}3-r/i
|e+@&3k
r4pm*y
WVqu+F'
EYZX)F
]UhuQ
EV_7Q`
~7NF'Y
t1)cvx
$L(_-.
/bD6.Yo
5@_u8[G
&6,-Z++
x~XAx\t
TJ9,`{^2
nZRS7?Z
o_;Na#
>@BId+
H~\?F/
%y&S/aJ2
@W'cS)
+"IB_F
tPmSK+
vO`c>
c^.'*]fS`q:
bPgES 9
YzkKkp
;'x|7r
0B8J]GJ
L'qrG9
RJ#+:S
/Rp]p%
7I=0*v
HBeRR5^ u
&N39&
V.Y.cB
){}o*X
3.1*8=9
PJS1EL
K!zqF@+
tTD<.h
OTOtfA
Tv7^b^X
J~o]>[I_
=4;BgE
L{)P +
%$t60!o
#\beJP
W5Y!Mn|
1Pq7N%sR
5S-hAG9D
RO[md_
wjqr$es
pk"-}t,,
YRV'2t
KhY0' [6\
/-8){2
)IJ_h,]X
w"M1fL
NyK5bn
,Ksu+C
(pXhT]V~h
F0Q'.Q
hGb[1x
,twG"V
G:(tTh
_mgWLc
c*" Q>
?A`{\[C
)DVSMM
l]MD<a
#RK24U
1 U1e;O
P`S]L3
81Vld'
"22Krt!;
<UgNHv
?:dOaI
_HRY;$
8lLShAD}8
<zxpYbv
%}Z~Mv<
]Zms1la
L>*N:U
Oqv*vxs
-rF{0
3I&GsR
Uf1jTU
s!|-~[B
Y0C}C[
nIP#k_{
4H&P]VN
9*{gI3
X}n0hb
IULCI0H(
*,+p72
V7*$3:
yLUj<xsrQ
L)U&D~
1'T+'nBL
)2c]k-
sjz#jF*UR
QGaKV'
m0~=E3
NA_Yc[
,vf3T?
|Iv,@&(
v=T~T\
0Nko7D
aXBI.P
<QYM2
yp1I+
eL-V@X|
YfLm0x
VsAy9d
fZ|'Uc
Z)Zwy"
,ckh=8
/m=t&v
7!wdz5
iziCy<
YQETYV<
WTKiI~
!#hPfh_4
Ns<zW=I
$p!"3A
e}~& c
q9a91=
7kn_vs
S<G"tY
3Y 1Y&
^K{iR/\
U:Qrd)*B
gp`WV\
)*,Y$
yt2F5t
jW7._
Gv#92R
Z*nKG[
.*8MkI
k,COdX
l}{eP~
9#'C."
`.bv@u
Ht*)lt
+ls'JR/Mn
_i_=_uZ
vq)Bw^
#eWI[2B6
A9l<_STO
n"rQ8`
84F9$E
NQumBfX8
553odW
};;6&>
Q(%)*j
)8"P%V!
|Z\Yv6
Dw0QTqY>B7
iAAoX?
nU!`^M
CHwQ#7
&U']AI
BTJ=!M%
jX1<I|
l>KzCE
>|0CMQ
OM Gt?
G?@QZ
g@GeX0
y{dwSA
UoaNt@Z
#${+qiM\
|uzg]d3F
~F`!A$+F
?k(\sT
T!lN=j]
Vok(?
E.Hf?`
~ba<wS
kB-Qp ,
$QBh<_U
\}smNt2
_g|Dtj3
<w UWST6
7`sl,$
"zW:(g
&),fM#C
y29]6
vq5O{C
}:5xOmh
?vHaU\
97l|,)
*[rc)p
)`:v&p
Pe}b7@JT
8KP po
_3m3'H
K\|]<P
A%A9H"
HJ^OcmB\
=s$q'Fa
8mOiG
vjWhT
z;H1:}
}5bC*}
AQZ3%RT
3zaLf\I
1Crm4c
zuOXMd
]-aJnW
FkP+9)UJ
X)iqCge
[Q uAL
A5?i{z
26*fW
q6GFQ0
9Uc;8A
Nv5$)<
{ T#6~
UL7VbQ:{
uUOFaz
Pg#,/
lW6M6^cBB
{~K\z^
IqtZ4aA
i#3-wO
_7x!|b
>P3r">
MMR[g^
bm&xQw
DX'IY@K
G.d#B=$
NyOhaD
dJ<UOm
-Abr@`
k4L@iT
kO@Iv9
`f?SaZ
Y/^\:&
'Nn|+#
!42UOL$
7s 8Xz
3){e]x
F27TeMD
VQIr#o
W9+6d~
F>Wpo
!&f`mfJ*
qX0#Xw
,m "_I
d*hZ_8
YmJ-U4e
Gr$>H_=
w^RP,G
-DT>yB
75T:!0
I%6u1;AX
32E&~`f
%3@^QzJ
M;Wx=x
{(wFT|
70c2J9l
7b=}G&
nsT`/9
\ddB3+
&\#,&
T77B2d
/"r:td
_PM[A<
Sb#s{=
%XV1DO$-g
_vtW_J
QxQBUK
/OXo3P
;ED"A"
E\#LwZ3
8nyesV
uz:r`r
8&J~3^
j>gAAK
i|jYGe
1mGZ!<
VmEl@A
fp]xngx
@H-}{5
=!K\9'
"`(n`b
1$B;<
FQ}LW=
RJng^Oh
CF-1o<
6)('CTDf
TG\'Z8
>%)Ml'
/Yr%7,e}"
'e(OP0
7ydwTt
Y=]|_l
AT~@SG
eg,a{Q I
ieDY+8+
$yYp/m
!%fPi\
,8D<OL
_dq;m@8
D<p3t~)
AcgIHN
;PTWsU
UKS3E|$J
qV[|a/
b|WGOd
j`3-b\-
(n3)1
6FxJ]m
0H%TQ%
hky*lj
<`1kR8
=Z~?F ]
/kXvIe
arQ[`W
`BB=uR
XT_vI#
2]}Wo/
_ge>X;
\yD&_O
B#QbuW@
Xaxe<5
KceMV~/
X:v/+3k,MQk
q<\EOfT
5*OzMo
5"R'J`
d\:k~"b+
'zWv>Gw{
LN~Z2<
(s"Eaiq
|+:&u#
mNfP&d
zaIuw36r
%rLD"Ufs
$m)|H?
A*ku?4
6vUnn
3')M5nT
o/l8Jq
1H9I_?
qq]jLI
#4%>q<2
<rWSpE
>Uy*Wk
jUel%7 f3
]{?H~a
%j?/|;
Wcevh+
<|r(d-
lzq[B"V
*NGaon{
v>-5iT
xFC5G"o
z:KpUM
T(XyjT
&<JB#V0
Mry]9SaL
)jHz}V"
L4_&_B
FosyqPd`
0%[hoU
1sGmka}
p1gx/K
em3mN*
{RwlLx
#I.3'n
(EH]yA
Ygxq3'\
(a_!Oh
fe}.c1"'V
Wix\yu
UZo)jJn
)I*BcQD9
Tcg$_n
v1*;xc
N{W)vs
Jd^<Ic
:'d9Xs6
hmet}eP68
Ho270wu
:]{XlQF7"
/|OItM
SlJ%-7"f
2$H/oa
U!JK<6dI
9Y[YV*
-6QEX*r9E
5zo9-F
{(qMug
8i]5FN2.:
Yi/&%6
41KDFmQm
qAuH_an
(Dx_5NK
xQBi86
QTK+r+
6/u=e}
9Wx!)Hh
I9+_fa
%& .tkH
RQPY=o
~Gth?6
?&_B}F
b$=~UiC
s:uixME
?[Lk\O
wOZbS[
RB|O"`~
y`SBB'|
B/70-*
J/8}i4
veYZ1r
p8Mf!m
;*<JX~)I`
"p.jIC
@z"]~yQ
4,:zVN
0Q}>W|a
[SjJ.#
Ww:F2hj
+>p?+c
\0^lvp
wv&i/1
d5r=l3
^Y4)Ea
^({v7b
XNOU8A
q-w.^o
rT:F#j
483)u0
.yEL3r6\
v_9%N\+_Q
D;PU9g:G
DDk%Jc
[CBIII
FVnYap
15b74ec
gzFNR'
Fc/QG+c
GeXd]G
j6ib|.
-Y{(/y
hcEy,]eZ
j^*8p{
W$H"qe
djXoN\
GPaog@@
4ucH_h
Pz9%"'
~X9!/;
+j|?<4
1QaMw2G
"mq3zk[0"
znGCBqO
fe@eJlf4
[=M;2tFkk
e&UhqyM;-t51
!-{]l-
cT}l]w
'd85*v'8
876:vO
(>Wi3J
4Rvr*%
H8I}tc2P
66L1H#
!riB`/
jH !z?
t,cv4y
EtmvSx
}GxtQHz
C_e\yO
{,Ee,C
9X6TD!
bTBxI\=_6
8<"0"-`I
i"H&&>
n4<yW/
Nf5\.D
jDN2"'
yO6X8F8
|94M1rg
[GO}{b
hhfpwNU
sW=Lr[
{YK/Jd&
izC_Wm
"M3?kK
XBBcqGl4'
)h:kxh
De-/$A:
eU'7l^
ngf\%4g
c,Qie)S
T4,~'$%i
LF3s.&
A'eY,
UDmVl^
MgWt=kg#
/A&}lU
f}lzVOl8B$
8)?vak
3<hF/-
ok_aYG,]
YZ2)"Y
^?M(`oc
b&dh<l
O9yB+%=
l$"_=~3
yzS*b&/\]v
j5Eqyw
SqKcjN
#p|(#ng!
3m,7#,
DLGJ{gM
fI0O -2
;'`TSc
F}~D71L1
goK]A5.
=wVb06
s`a|<oQ
dM4V28
A@fbc;t
nq~#$[
Quxog[
*u#:c7*[
,-e]tF
X(dV
Gg35.z$
jra/d6
>9k?Pc,
cf$;)E1
(kjt>=m
VEG5i8[
D"~m88
/jwL[l
vC66KC]
j1~"&
-j=.'H
T,{%KCGXC
)dt\qzuT
'dbOe"
oTzWeM
r:?>&nB
#x@Dd/U
'381nZ
.Zn(X7
n|Q}#;+P
^fU?IA
?S;HdK
ny2$vq#
Q auj?
s?Hl` +N
'*<ii5
jB,Of%(
4-)Ev8
tX0s?${
SL=RaH
7x5=5|k
{(4.A,s
aj`H5t
%NcHb+
gnHt||{
IR%)k[
DJG'_&
DfFn"y[{
Q;m8)r
#GE+6M
|Dp'Hnv
4`GsNI
\r!O7h
]FjbN'
O[)pyF
,e`{[a
{b0wVZB
?YcBt"
Eg~TIa
e<d>e|&
aQYdWECw
il $XR^A
~5"-6>
UZ1n#
v"FbG"
H`>Dh'
?4XGeE
l"1~sDm\
8fe)le
=DVr#R
E_Dia=
hcO$"H
K0Z/:t
b!l'Cl
QWKgPx
)#AoO&
U9bQ;?
*]&6[gam
'=]nBD
w!(C2y0h
VW|G9#v
dR.7#p*
(Zb%X
^!rkEq
T6Q;?f
kLo,$Z0
3'.\~a(
P|^$R^
xlj.nB
IEt>$+
D!f@up
@chAPQ
e1cEA,
.sI*?aEE
%3ixAgy?
}3,]'
wkZ3K/?ee
lr=,0cI
63<t8$
W0u=|T
M.`*g;
vL['lX
18xK^ma9
(I/[.2
Q_V0;z
d5b=Tc
>,~&!"n`
gK`'Rd
j!|8@D
ZG{Yf!(
Wc_pz|
<6/[ G
oL ~:w^bW
+63VyS
EM5aD*
UbX:gt
lti*:Vo
*K,_{9h`
b83LX&
v@#{e<_
F.,qF{C
,t[P2b
'=aCR3
sX%6Wd]}
I^i.l(
:#u@7Y-U
j-k1-GO
trMoF*
'Tfa`|
'J|0.xZ
DX>26N
+\,[pj
=GS)b;9
ycjp]u
G#gRAV
BNPR~?
"h0x(+
U/\f<:^
W+aUYY
Wx&%o]v
drNg<=C%an=
Uf_L_n
%;HoG`Y/
'hQ`3!J
5ymFpC"%:
;"A'~aN
mN2<;c
2.7`z`
w*#b3Z
$cD4i;
/U?1Nx
>DNe1,
bA/vp\
|U7'Wnb
vmlPxgO
*>0)YbA2
Ag)N9d/
N$9Cy/
%Hdpo5"
DCe*$_
6gf8ovdS
$7bA"8
l<7`hNJ
#^LU`l
8s5L$KZ
/u>(~
P+ee{s
X CPF1{
tDNni6
j 6+oW
0Rw8xo
pXRP/$
aL8={]V
2K+tP(
^k_#3\
tIxTDA
z5]lJQ
H%)}6b
t8}AkV
7+r1z`
1ZCzh$
/VT'A+B
R,7-~b9
(vE~J|3m
#5ZI`lu
^<0pzj
J|{'/f"D
&,hp`H
BnSbq[MlE
%7m+iXJ
"5e6}G
8Ru-?a<
:ou"\I
-dbI7Z
==Q3Wu
VW0chZ/
4p2]wIPUh
ewL_Ci
wOF' `
gC+k 6
{6jR&\
a:,43
k`Wq=`
5;=B($
g`;&,}
lN`$~~
r%dWc2%
VmOuO)n
#if`k`
sN1\qoQ
H$%`Aw
,u<^_ecU
Cd@XBN
S("K*|Q
Q/8f6
Pn;'<
cm(5)k
NAAv6J%
.=M"7f
5kBk,C
{4'|2/~/
OFN4:f%D
MKAIjY5q
VR'BYC
dft$7ZT
oo".iG
0r\Z(
wEgV:a
VqKTV!F
HUSXy41z
G*5K+;;.{
rXicQtb2
p_=mc2
vf<gW:M
k\mV?W%
V>pHFf
y%gk-]
A.h0y;
VD2X[0
`7\<4F
ihq>5e
XpKuULK
}P^qEy
OzHWU#$
9?'!bYA
1a8}8LX.
1&M[K1
W`!trX8
Q?-aKIZg
-Ds(oz
9UMhf
H-VEON
b(3Ofv
Nv>W73CWQ
pnE&(2
V)5S/=
'mBUXf
$Wj;r`
'!Pdnb
(`vg#|:+t
3u/7?+o]
:zdB6~!
{iK]R!
TI<fWBR`
w{Aa-vM
09d^}:
"w|![(\
`^stV
'*wpIw4]
UoD\;!
>DzUIc
Yp=&DIh
8q`4v'
/j5B6f&
8^tTbt-c
=X1tm}
Q%8)FS
97p-7J
X96h6H
ZDthR?
f'A ?YK
^G]QL~#
E9?5WO
G^CAY@
U;.{^b{
7j{;#j*
;0$S|c.
*L."s
X)y)ne
X@j|aB
/{>R%2
ov^IFU
!S5]]3
l2W.uC
4y^aVUnJ
YAJ;e
]B>}{CN\
-Fw2(Ss5N
*U.R>
(e_|Jo
}>?)hV`D
M=^":9
{Ua{\{s
sQ6x1^9
`F`^En9 F
kyb9N6jB
3OyKd@r
B'F*j
^9IK6#
F&jSN/+
##wN\J
d#r|6G00
ZH'nhL
RDmc5-
syyI0'
8x/3fA
hGkUb
m[QxgT/
uSA0V%
rw0P\-
m\z*V-?
8RQR/V>
2(*Tt/
J_w7_~u
!phcLp,
6a9}9N
!rR[$D
r* L^lW%
9x)_Em+
8E$o]^
Gt~_R>
('Kh_E
X`.H$u
iRR;OD
uPwsdT
w`ZTLYA4o52
^%-sR~
zVNib0
XWino0
1wy"u7-xs
t@X@X\|
,,z8%k)
o&4Ep,
=k-/KsE
FoDC.`1
cst4M~
05V0#:
f?srt=
KV5 K#
%jwUb
9r]pit^
0B?`nU
_pB!G^
,S*Yls
i-r7';S
x#+ipe
MjWBE
~l[G#4
f(($e~b
2i:1=*
<eWpp)o
mmFxz{#
H`Z.zS
S("UeINC
UlCw<Mx
=nS2sLf*
%gaZNq
)\*249
r+wX0L
EMLAa6
\_U\)b
ukR=RU
C5xM$_I
{#x/T
HbwCE:)
.@\~.
s>kFqE
;jo")K
kfn@FM
B4,G;\{
-$liFD8
^csk!l
0gcw\'
)(_7Fa
>fCcO
&x<.N6
3h4Uh~
svN_Q
::j;,l
[dF#>N
beW#.Y
g8Xa'
P,YX BU
NE+a?
'6G#NWf6Y
\^'rG:
"gbUZ&
C^i97)sQ
Rol!!/s
"36Fl&
4@hJir!
tX ::{
5^}wW>8}/qj4
$&p7WQ]-
CuE6rV
}tn}ma
6c^IYmIO
e l;FY
o#_;YfWU
4/_4"\
4hU[*
r^rDSa
2??s*FB
].*p0Ds
jt:;tb
^k9kI`
,}B\@t
\j#y/w;
A$l,F@^b
Cx(&+:;
v/tIxu
#jC\`t
pFZ!xRk
?'f5wM
H5>gYyS
nd8>`P
9=fo5k>L
0@g.jY;
VX?\Aw
{e)w2; P8
XMclq\
2<v//e
x6htb$
E>@{)=
k>v;Y2
]7M2fsZ<
&wi# LZ
Y>}ZU\
T <BSRs-=
9^}$rf=;
J'$OlF
nR,8fR(
%?KdW)
Z\`|# +
sA2}iD>L
8}>iK
cKGG
K<7O}h
7$'Q7t
8z(8F,
DA*t/U
B@z]#x
w2*6V
Yr*jUs&u
m)h*`
3{O?0<
PZJ6%(F
W)*?+?
&y>r\7
3hm;|k8
ApF<BAa
I3x2| Yq j
Q_2<pC
\#\Y.1
8\(g>xQ
s$/>4]i_
nq8>O&%E
1[$h^TW
*7UmKO
,StcJYta
S3y,z?
9D\lHe
/M*CK5
.Y{X2_
#$#,Lz
6sTrZQX
$9/m~o
Fl-*w5
7+36(o8
(K!"QX
sM#I)<{
/!O4#a
GB?6,<
I{6d8J
(EH5j\
6;>cH3M
F0GmuL
RMPb|g
Ik,ZDe
jEd1-!
!%$VMU
r.[$!:(
A4ljM9"
E\>TO?
>D_>Eh-p
vkZ}$y
7GEj.l~
(]aSD&
]6g-e"
0{DBR7s1
,=vm$}
PPe&%f|Bc
:4S*`~
pK#Dq-*8
tGH<5
$Ig:E|bd
c +q'})
Rx`Ez@
F5-0c&
^yj|YL"
s-C9X_
Ba<bk3
1m^D_< ?
tYRT3J0L
qbce)b
ks}+!z
}jZPkb
2guPCd
vMOHk0
m7_2(K
*CGi9,
rz9c+~
bhzBOwhF]
x$?B1Q
`uHiV%
DC|#xL
UwcbO[
(<AfZ6\E
i-D$=
"uYnQ!
D}0R#x
Nrwe\`%+w
.Sfp9F.
}_twn#
x>3#fh
|1d`+!
vWXS@:
iUm*Nc
dK9$scJ
,nuC\i^
4kv#E=
cgy;G}
]'Jr^i
^+opUa
S=fF^q
H+L#(8
(\"e1:
kG#% SY_
>`cEw0po
LOOJ+*
=qa{gi
]C<rF_
}k8$>6X
1BGu~m%
qc`nFO
cR45~2
#LJkBL
Rzly-$s
;Y]'o)
*9&J/N@
fl?jV#
If~!>m
r}R14F@,4H
q45.}h
(3dDYS
.=]z$p
~TG&ED5\w2
/B }\v
lqGO0X
k 6:ir
iu;rd!
2;[Nj
u;RN-!
3P[ Da
?j-eC[
#J8MzU
QB5_'B
fSvv:F
GpXHjR
M}u{HI
v3?3l~;
bzE:X<
}Zu@$0
%jzlIKt6
?VE91a
D$(|(X
,aTm0Nt
|OMY X
IEUm82
$8Ffk>A
@>0apR
Clmic~@
f=h0v{
9}+,jz
\-H8dg
i/:X+a
8"j)<Y
'EO_p.
tqQhB}
!WS,Wdp
Jq0uYJ
#0*}):
KvRl'p~
2.}7]I
!}Xc]C
,J'a~I
DtQyC&
h@Rp][~
h0<Z;qI
y:94k
)J(,tN
%/R'~
SAJ)-C'
$l]+\
VG6%N!^
ue*y'jB
[)kUKy
.qE1?z
hRE_XQe
5|MZZt
KI[MmZ
)8ge$M
Hko6jJ
WoA5w~%
fpW)I\Qo
zm>#LO~C
'm@g53$
BJ7!$k
zM}Y7DB
JYD{`i
E.H*wU
-Y}cmCG
G'4Jd.soG
@wL`sL
Y1/B|1=
,=~4E6z
&3/`sK
ru8i%z
+ii'aw
gFxb+
wJ:,+v
+?sCkv,
-b"pK*vves
I^w?RT^
2.R#9ZH5
;Ov_<'
#BKL'R
VMy.+
j.643)
d,<s?!
b6AR4r
W9dT^9
bF1DH,6
MkM'xK
(k12"7o
FCD43m
!+b;C'(
,dsq+=
g:6U6;{
>@(3>
[GS}$
[NHe;)
_Wx3VmU
Hhs)Q]p
ODv\r(
)>]B1`
&Er"A/|
}0*Y8=
!kT@^'A
K4TU"ui
nQTIMp
AALv=:
8;9u)9UK
wyPp<$F
zC 3&@]
}eEo96
R2'iA^~>
1y|I[%
|Fvw)^
9Si7D 97
+4|vt .
f4X[0\
2eh'!-
R@cdEs,M
8?Zw#l
ak;kE8
}`0/;x
<e,99$
3I}@lP
].3eGZ5
,@@27i`
5-F_c?J
W[!>lR
T?h-j|^
x6w^Ci`
S+EQL`
IKbt Lj
VbQ%V;
tJY"L|
[oO8+VQ
Q?JJ^
1')l{U
m|cr-`
YBd/o
5HAJ]A$e
UH.Ei,
<vtBGy
Xa4Sj4G
xt*[|'<
,_4Ieo
g9AO~|
3+vJs,
fj}hUi0]
sD)jSC
fcG.(6
9f1jA|
?:{=|z-b
6Alh_C;
QkDu: P
OAdB0*
(X\@i$m
MK@<45}0k
G|0,WS
A|!#u#
nzOpYV
\FYY/W
>P\tAc+
GmRD K`
>%R$YUvV
O&#(U4es
}"Sz5I
C J(ZH^%M
2tdXM(_
VI"6[]6
-0qHRO
'M&d]zW
VZt\VC
$E)8v$e
I3b*3"
|6&4W0
6-q?\vqtI
j}kc-0
YR)1{Ua&
rJ3f!)
Qe]65X-
p?'1xn
r10~(uJ
(v|diR
]+P1?
Pvrvwj
rU\ED#m
n`kkGq
MN$7sK4
[SEw:A
,h9]j/T
PM}Xk!
/GQizi;]
o}D4;Cp
hywLM>
HQ'*7y
|>!c_(
|iQ,{rh%$
P_?PAL
\M0PgJ
taniAws
#IL-9V
!#L,Du
IoHCsC
x*gf=F5
{K@cpj
\e&*~A
).%]W6
z}5xNU
{osk@TS
],tn<P
<RKCyAV
5H(yiH1y
o1;P;m
Ps[m%s
~D0#j j
5$@G/M;
Ws$W]S
pv!3~4
w[ok4\
)Mu>v
X~~gHwe
]^Lqvn-
~O-AvcU
C::Pq/
m"h[t5_
9!TJAjE+
lNNk0<
E`t.pg
}WKta.X
_@+69_
c.bRIW
1!f!zjC
>|YPUw
A%jomF
P:ZJSsg%
R>i.8M
*U,*qt
%3dt_"=
d]:;<=
Cj~>.zk2q
&9[YCnr
qt@vNtA;y
B(6\zm
%mTPF+
=P 6FB
H)`1R!
l]s,~!
h?$)kzv
]KVCyl.(
^>~ao
fqx-kI
B}$;__
N;}6Ejt
FbX4j2
16aJe~
W(P-/6
65785o7
o.U}$3
OVh$o~
^ZJD^
uCNy'/
4F:qey?
MCBsag
*E9_x%
hi]J?"
lNjFX@
d)r-p6
/(? R$
}JD-"/
7 R5iC_S+
3l3eUX
;GuM:/b
A3KZY<
mn41bWX
=2!Qk|
)$Fle9
{YM{&O
=7_&6B
sDE)]*h9
hiZoFN
@HgD[G
c'uC~m
tg&?J~
?!)1\-
p'5Idb>
X}l4NB
]3`o^1
aoJ..~
ar%t\4
H]P|iX
\x`2c<
=u:R/Ec
8t##{3
a7@]7,j
qzhAE;
7tc'Z|
e,qyy[)
B<MXlG
b~/M:'_@
w1 #pfXX+\
Pr8'?kY
ex)|Q^
t$%y_j)
Y4LYr(
WdXDj{
F~Bg4t,
U$$K!~
Qb[,-t
~&u?;S '9
hwBHJS
9WhOso
q}3G84
a:Y()K
#e8C[yg
AdYJUHp
[ LGjN
\4V2*W3
ad;<g&
Up}TYr(
Pav)T}
bG9BZD
Y2+jQ<
xe`s+3
b vFfN
yl_Vy5
e.kP-Q'
f!["{q
zQ_:8e
1RCv<7*
@M?.PG
4nn 7S_=
hH4ziap
o87fQ5
QK6A6#
JZMJl'"
&!>[Tn
XR1$.5MT%
w^Tdtt
uSL4ylJ
1!\ovN`
.k*4P9
fIvEKk
cF$zV%
d:TE3n
VJ-h8DF
4I_K+K
UeL%J?
g1GE~KnHp
}L;a_H)/[
c0HCH*
+ ZZFN
,x)\*Q
3%'&h
,tRu3c_y
nD;<+XpQ
7B11,t8
gFjv/>
?LFW@X
g@CI.k7
+eaF7vi
9>D#!]
(wXgms
NlFY(bw
Yr~B7/
4stM>lP;
X9K}<h
I/4S<2
8I-s|_
Z_};I3
(K'F;&
UM4_oG
3\zx:^
6,Y=~>
zT*Vw>
5LPG))
P|I02j
uXyt>%
4~%%f
$E>9J/
rBNAR'
G$:s}(
3MdB]]
7EJ^*l
RQ<uyr
huP{l&
L|.|/x
W|TSX?
?TJk+{
8T-gX+B
__DJWF
dn{<dm
}Jn<lWn
>kU. 8
4hFal\
u#r(.8
_GJA0h
+@fw$B
GXLLi^
c2-*'p
5F^Ynl
&eToNOH)9_
\KISfJ6;
"bG!u3
?1LKsc
93dkD
m6z'fG
R-> M!
IW+;%5
Mho+tp
K-q#JK
A_X&H{3
/glNe
J|Ts|z
#`.YgBF
jst4sv
$RS,Y$
U;<flL
S1/r?!;T
t!Or%_
1@!Yd]Ko
q`sXEgY7
U8y~7o
(q|idq
ePi5]]
:>R" b(
NzFgF
oGY=D m
&pAbjM
|.?X}}q
"xvi(Q*
7dd#|B
w|6d\'
[%2`5"K
YdCYGB
hpXp33K
EEv\#c
z4$#l>7
8Uwyv4
4+hYJ[
6$Z$Gg
T<$qwCr
`Sj6Q5Oi)
ClLD[E
a$*0Z
Y~c4I|
_2~y39
pyKXI6J
SON\k}
]8.uxj
_xJA}5
xAmK;VN
pSSO$0
_%b;4?
_Gv*(e
;Fl*lU
U,mWL-
8YOR]K_O
&6$!!dg
Z(=8+JA
?$7uLV
(^`4cC
,Y`wpB
LG\fkw
'ny4jG7
?oaDdi
m|(;QBC
U+f.zI
-5M=eB
\=TN8i
y\|!-_
Dy_o$4Q}n
yA]vBx
nV7L5Q
O+TMk<
pA1`+5t
J3^*oP
CPR _Q
(Eni i!
UKd]vI
A%q%{C
"V)zTm
h}7k>E
Zn`8g"
gus6Q1,
8:.|_|
)7yP)K=
1'D9d\3W^
'hq.]U
Go*qb/
&!t}XE
6}Uo#P
6zmNiY
;`j?lK
-O{,0GN![?
"MKK55I
5-r$&RZb
ogES7
z]J1cJ
%%l3<e^
Js)UqT
Jyo<DDO{
flyb-pf$O
DZ1W)
`QD?a
z!Neq^5
&,ewk|@
V|2%-
lE$^QV7
?j"L~a
*,>m8"C&h0
LWP!p%
#O6}x.
':Olh7
5dEyui
'hA,oq
y>]nV3
ZMG47E
!*s7ki<
H%B)wZ
I=610$
u8BZ(3
^n&~`'gh
s"iB-*g
|OH;)~
>M9')kN
=XIS@AE
1W'(V&]
R39;AAl
tM.$%$k
uEK`1eV"r
F%*e4W
tI]*d
SxWU={
WYmDu[
;K<-)I
%r^0pgK
0moFs}
"=iti91
QK,vYy
uOrH5X|X
X%uIL
+4^ER=
4y%BKa
ERmz[o[
6Q3W^?^4
uyx,!3Y
y~8n7n
M`9wwZr
ltUP5;#
5uKHA
ELusI{6z
HNXdE8
^JT~=Q
VNN(~p
Y%%4 6
fENn%
CL[~tpo
J@y`W$
!]R?%ci
;_80R8
MA";9)
9=oNxg
f$v=4,
mbWWK{e
h=G>L!
^DIU(
:\qXC_j0eOrjMG
@!uR3X/_
"N&X^dC
/R_6MU
OTw.OYQG^2
I/j{z0
lw&5/+
}W$&Gy
o*~"lY
XcU:(qjY
:BF,|!
eAu=qa
5o."3R
jhKYB/
`WgfV[-Ajb
;]S$p*m+
K>GO^aA
U~[.cf
TdsMIV
<~VZW,
f6.Gig
j.*NYDr
.mp-eT
Inno Setup Setup Data (5.5.7)
gY&)WF
O#=f^M
e`S]>I
(4zu)v
>f=`xBEa
V6CqNa
# c/Tk
-W)'_s
ELNz!18
DrQ3|
M_3JK;
e%88m"S
:WExVA,N
J&V9I^Z
[.&H~K
n9D%zA=
NSq/x
`3NyW#
j3v*h+
+tNyl2'
Q^NzC3O
n06##-t
'U~,Z%
OLpG},t
d%R$%M9
qoi9u<
!> 'HD
i6TJ.K
g41yEs
cZ~3F&
xJ'%kDR|@
}>r4=^
b^XKE_
W6]4o
<66-;u
]ijD[1
a6iKl(C
#l+"K^<
VSosAP
v\ss+cn
QY,.m
7].>3M
*@>Mcx
`5LLQe
>C"PQJ
?eqi`F
7/a(p5
@o\[W&^
UiDA3#s!Q
h"|k6m
er9%W:
qP>xh$
s$EK%<
-zvW@1
-*m$%ym<Z
}B{7rAF
L44E:s'
unPoV|
CC-JkN1!
\[70(O+?H9
8OS9tI"
VQy@wO
j!a|hT
Eisu)^
-)PBD)
d"Lt'}
j_?p X
3Ci>},
DY[/ }
~jk?*E
,eI/{/
+ef01VrU6
T/`|P4
cszJr+Y
@Zt?8+
-<5Hb 1l
{2[8_B
o!^{}K
a#uJA
3z+w,#
&d|;%(
Q0.TA%c
=t#Lsu#
e!5S!|he_
Z?y(mu+
M/Rw8
5Cb5EYd
PK'~U2
-P!>&O
OxXJWI
s4H(-(
O,H?<'*
M<C!dH
VqKf6;G
5"}),
1\8\H!a
JBRzi=
#UuxU+
|>8E0s
-RrE1z
0R!\)7
u/6LtV
xdt%)Vr
?6'8yr(qr
='J{Of
?jt1eol
L#K*i
'ZS@+4
Ym]-CCG@)3]
9>zUp\
WEO|U`o
\Ud~AOk
>A){%J
D~Q_Ge
UXK~g2
P"%9-<
a^!/jq
ExO(b0
Ov9B9i
D!Cr~c?!
}S'cL^
nc|L`,,
^a$M:%
17? (%
6rOFD
G1MW\Z
;q6SLY
ld=-2+
,fq5qO
2t]/K$j
WArNkn
7zVppt
B://hr
;xL_[ed
q3N\6Y\qK
q>L5#A
?C+Omk
vB'tTC.
8gvy)9T
J5Td`+ZG
|5l:ni
md"()$%
Fnj[}N
$%K&D}
oP$DM*
>2T>VC
tZ({T&
\5<((}
7V[7Ii
dV<96A
&y|T|N
B(Xh[>S
3m(@gW%
F_4y>^L]
GzuZl
OK0SZ}
HnwdUtXqC
{VpCW8
"]P{S@$
G~<<rd
BMp@'/,
}:`o(ur
~kv&OM
^[q/7H
*_P{]@
)1Nn'-
$S%pVX
Eyy[KL
JxRIwW
P+xD|3@#
_oZr]o
|oN5/e}y|
2ZOz&m
ht _gj
)g2J6RBV
|LB'W;
NnWAR:
]ny`F*Q
{+4z*el
-mW7o@
ECep0OV
w_zw,z2
/~G8&K
`[$V+_
=Lb$E#
?x`7q}D
H?Js.A!
zh;[fa
){a/d<S!
[$.y0W'
Zv9!1biY
`NAW3;
T=9[sHB
U]'MA@
\,vz+e
o.3zXf
wYJ%Cw
4*xdS)
T#e{DV.
f8D(.ic
?xCC, O
htl:VO
-`{??>q/
}*Z"p_1WI
M&eB@n
+.q^z
H{94.#
vb'?JM
ozY4aEt
p|iC/t
eeZu'~a
a4\yW7
$)X+W|
ROob3+
U!`oUa)m"
JklqscY
P-+CY'
tK5+#T
P-uEjI
H'B)`7:
^8i{0$R
r72|$;
&i$dpaK
ayA\
*$VZX#5M
A}:PB,e
vL6p&{)tAw.
M,cB~5}
B6|wFux
Jxp}7^
8_Tvh,
FrC9,>
-Kx+'n
,OW}.yH
3..!2`_t
TUHay^
'[*I(0
biE=R]_
yjlLo5
kq-7m3
AHakBF
Q}=?}u
4~UErVy$
a >>f"
f $e<Qv
.834n[
R<=MOIx
z)X1R(1
NMT_Yp
@pxfF 8'
w*i,oxv
9[,E+S
8|eDXk
sDP^rv
{-SNwT
HY7!,-
O@#:1
t0Mdi*
rBh"-X')
s;`5Hw
;mEy%A
"f(b}Q_L
r^ CA!
im>]3'
e+Lp%E
z]~g`f
<7,CB*
r8QJ=G$
l[GV
XYhq.mkw
(IY*f
#t?H3f |ryn
VajgDWj
tPEc~U
`5xuCF
5(9.nM
Ns;f@in
(LOPp<U
vBH_x]S
d1^J}
nhl\Bq
;M]K,]
;=kySM
#oa?Q)
<F;Ds
K5/%^&
x6M=p
dup,H(h
8Dpho)
[\!&Fv
0 ;DNu
X(]vWmMr
CK`,sK(2
R{Ve,jvio`
=_vq@~
EhQI=^
w,]R |
dHCD1[
/arWqI
Wz{2f~?
:V"q+gu g
1RLBhov
WFQd%,/
FOO+nxZ>k
fH u12W
Gc!,hl
ODdSVZ
wv=fy4
SiUhA)k!
A:8)R@
tW:\Dj
C`wV|
jKa4o=K
|5]<l:
m]k.w-J
"v_V$H<
IVl%C/
#Eb#NW-
D493-S>+
W%IVk]
'd~jso
duuVFH
}*q'Hj
E+y=Eh
;4t+Ne
7'YNjl?
$.smM2"S
~4V^NGH!
n@ja]y
tsl=h/`=
1k!'7y
6,8Ed
4<MY(+
r*b~sZ
,{>W]g
q%A,=s
Yz--7
b9N A>
_ilVi4i
ZUH[(^S
|lobh[q
cp"JpT
jm[/zHW
`oQfkU
ziC.zJ
HSbKqY
NogO6:u
;gST=p
9uY=E>
)3.SG7&ju
{7/Lq|
&@`a$-&
W5]`_v
y_H4,@
m%.Nx5V
1"9}J4
$sQtLA
@W/^v+
+Nje)HsEX
Eg"~j^
5b?!)3
t[\gD0
)!Dxu{
1/CwgG
ns}Rk@
7\Jb-Z
GY~1;8
[E@qz+TI
EM!b(,
8kKtb.
(!Mi`p
\^(aqOyb
)bOY;~G
#(MBV{
.qP/fB
=XF*][;
1|O0Y~
K~Ak7Pr,
yZ:9Q2
ei]?>{
Ddm[V
E}>J8t
Y0IEI#\
;kA})6
P@_Kn2
bpxa4I
^25xA>
nUx@4Op~w
q q!G3,
)W;ro5s
$/{Z{`
0r'i.M
H\9$*"
(yVJf><
kJswe;
K>3+c-
#*eQ3J
>9yNeS
~?v=3z
]j#L6m
N0db*r
%o~*Hd?@-
;M/zyPy
RG7E#
tM:"q#r
)RbF;!
n9NzjG9
UjJ:01y~I
sHNh=hg
nIFkHg=
&C~ q}t
6(f(C|K
IJt]h_
v0_/BkqH
?L1HfY
577]
}EWjrLZ
<iu$jC
.[nikM
Z<t\,O$
u#x|[(f
S[2o#Ef
/t^NxC
,rk?1oZi
jjjjjj
jjjjjjj
MAINICON
!'%s' is not a valid integer value('%s' is not a valid floating point value
'%s' is not a valid date
'%s' is not a valid time!'%s' is not a valid date and timeInvalid argument to time encodeInvalid argument to date encode
Out of memory
I/O error %d
File not found
Invalid filename
Too many open files
File access denied
Read beyond end of file
Disk full
Invalid numeric input
Division by zero
Range check error
Integer overflow Invalid floating point operationFloating point division by zero
Floating point overflow
Floating point underflow
Invalid pointer operation
Invalid class typecast0Access violation at address %p. %s of address %p
Stack overflow
Control-C hit
Privileged instruction
Operation aborted%Exception %s in module %s at %p.
Application Error1Format '%s' invalid or incompatible with argument
No argument for format '%s'Invalid variant type conversion
Invalid variant operation"Variant method calls not supported
Write)Format result longer than 4096 characters
Format string too long
Error creating variant array
Variant is not an array!Variant array index out of bounds
External exception %x
January
February
August
September
October
November
December
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
VS_VERSION_INFO
StringFileInfo
000004b0
Comments
This installation was built with Inno Setup.
CompanyName
Phorward Software Technologies
FileDescription
UniCC Parser Generator Setup
FileVersion
LegalCopyright
ProductName
UniCC Parser Generator
ProductVersion
1.3.1
VarFileInfo
Translation
Antivirus Signature
Bkav Clean
MicroWorld-eScan Clean
CMC Clean
CAT-QuickHeal Clean
McAfee Artemis!6DE2D797B063
Cylance Clean
VIPRE Clean
AegisLab Clean
TheHacker Clean
K7GW Clean
K7AntiVirus Clean
Invincea Clean
Baidu Clean
NANO-Antivirus Clean
Cyren Clean
Symantec Clean
TotalDefense Clean
TrendMicro-HouseCall Clean
Avast Clean
ClamAV Clean
Kaspersky Clean
BitDefender Clean
Babable Clean
ViRobot Clean
Tencent Clean
Ad-Aware Clean
Sophos Clean
Comodo Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win32.AdwareFileTour.vc
Fortinet Clean
Emsisoft Clean
Ikarus Clean
F-Prot Clean
Jiangmin Clean
Webroot Clean
Avira Clean
MAX Clean
Antiy-AVL Clean
Kingsoft Clean
Endgame Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm Clean
Avast-Mobile Clean
Microsoft Clean
AhnLab-V3 Clean
ALYac Clean
AVware Clean
TACHYON Clean
VBA32 Clean
Malwarebytes Clean
Panda Clean
Zoner Clean
ESET-NOD32 Clean
Rising Clean
Yandex Clean
SentinelOne Clean
eGambit Clean
GData Clean
AVG Clean
Cybereason Clean
Paloalto Clean
CrowdStrike Clean
Qihoo-360 Clean

Process Tree


unicc-1.3.1.exe, PID: 1440, Parent PID: 1312

default registry file network process services synchronisation iexplore office pdf

unicc-1.3.1.tmp, PID: 404, Parent PID: 1440

default registry file network process services synchronisation iexplore office pdf

Deprecation note: While processing this analysis you did not have the httpreplay Python library installed. Installing this library (i.e., pip install httpreplay) will allow Cuckoo to do more proper PCAP analysis including but not limited to showing full HTTP and HTTPS (!) requests and responses. It is recommended that you install this library and possibly reprocess any interesting analysis tasks.

Hosts

No hosts contacted.

DNS

No domains contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.128.102 137 192.168.128.255 137
192.168.128.102 138 192.168.128.255 138

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Name cc783a04ccbca4ed_unicc-1.3.1.tmp
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\is-5QLNU.tmp\unicc-1.3.1.tmp
Size 697.0KB
Processes 1440 (unicc-1.3.1.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 832dab307e54aa08f4b6cdd9b9720361
SHA1 ebd007fb7482040ecf34339e4bf917209c1018df
SHA256 cc783a04ccbca4edd06564f8ec88fe5a15f1e3bb26cec7de5e090313520d98f3
CRC32 F23B8CFD
ssdeep 12288:usMLIMoi3rPR37dzHRA6nX0D9OKWbO7SERb5rNUK1bce0syxyR:JMcMoi3rPR37dzHRA6G7WbuSEmK50syQ
Yara
  • IsPE32 -
  • IsWindowsGUI -
  • borland_delphi - Borland Delphi 2.0 - 7.0 / 2005 - 2007
  • PEiD_00055_Alias_PIX_Vivid_IMG_Graphics_format_ - [Alias PIX/Vivid IMG Graphics format]
  • PEiD_00340_Borland_Delphi_v2_0_ - [Borland Delphi v2.0]
  • PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ - [dUP v2.x Patcher --> www.diablo2oo2.cjb.net]
  • PEiD_00810_FSG_v1_10__Eng_____dulek_xt_____Microsoft_Visual_C___6_0___7_0__ - [FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / 7.0)]
  • PEiD_01086_Microsoft_Visual_C___8_0__MFC__ - [Microsoft Visual C++ 8.0 (MFC)]
  • PEiD_01091_Microsoft_Visual_C___8_ - [Microsoft Visual C++ 8]
  • PEiD_01272_Neolite_v2_0_ - [Neolite v2.0]
  • PEiD_01686_Petite_v2_2____www_un4seen_com_petite_ - [Petite v2.2 -> www.un4seen.com/petite]
  • PEiD_01693_pex_V0_99____params_ - [pex V0.99 -> params]
  • PEiD_02152_StarForce_V3_X_DLL____StarForce_Copy_Protection_System_ - [StarForce V3.X DLL -> StarForce Copy Protection System]
  • PEiD_02161_Stranik_1_3_Modula_C_Pascal_ - [Stranik 1.3 Modula/C/Pascal]
  • PEiD_03435_WARNING____TROJAN____HuiGeZi_ - [WARNING -> TROJAN -> HuiGeZi]
  • Contains_PE_File - Detect a PE file inside a byte sequence
  • DebuggerException__SetConsoleCtrl -
  • disable_antivirus - Disable AntiVirus
  • disable_dep - Bypass DEP
  • escalate_priv - Escalade priviledges
  • screenshot - Take screenshot
  • keylogger - Run a keylogger
  • spreading_file - Malware can spread east-west file
  • win_mutex - Create or check mutex
  • win_registry - Affect system registries
  • win_token - Affect system token
  • win_private_profile - Affect private profile
  • win_files_operation - Affect private profile
  • win_hook - Affect hook table
  • contentis_base64 - This rule finds for base64 strings
  • Borland_Delphi_40_additional -
  • Borland_Delphi_30 -
  • Microsoft_Visual_Cpp_v50v60_MFC -
  • Borland_Delphi -
  • Borland_Delphi_30_additional -
  • Borland_Delphi_30_ -
  • Borland_Delphi_Setup_Module -
  • Borland_Delphi_40 -
  • Borland_Delphi_v40_v50 -
  • Borland_Delphi_v30 -
  • Borland_Delphi_DLL -
  • CRC32_poly_Constant - Look for CRC32 [poly]
  • MD5_Constants - Look for MD5 constants
  • RIPEMD160_Constants - Look for RIPEMD-160 constants
  • SHA1_Constants - Look for SHA1 constants
  • Delphi_FormShow - Look for Form.Show function
  • Delphi_CompareCall - Look for Compare string function
  • Delphi_Copy - Look for Copy function
  • maldoc_function_prolog_signature -
  • maldoc_suspicious_strings -
VirusTotal Search for analysis
Sorry! No dropped buffers.
Task ID 632
Mongo ID 5c361e7b11d3080d16cde5ad
Cuckoo release 2.0-dev