Gen:Variant.MSILPerseus.28714 (BitDefender), Trojan:Win32/Dynamer!ac (Microsoft), Trojan.Win32.Hosts2.wgq (Kaspersky), Trojan.Win32.Generic!BT (VIPRE), Gen:Variant.MSILPerseus.28714 (B) (Emsisoft), Artemis!2EB91303DE1C (McAfee), Heur.AdvML.C (Symantec), Gen:Variant.MSILPerseus.28714 (FSecure), Generic37.BNIF (AVG), Win32:Malware-gen (Avast), Gen:Variant.MSILPerseus.28714 (AdAware), GenericInjector.YR (Lavasoft MAS)Behaviour: Trojan, Malware
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 2eb91303de1c6b8fa47413fc31b50bbf
SHA1: ed1fb5bf9da703ea04f24ec648d16caccddaa776
SHA256: 63756740714e6ac5f8d3aa13c90ad8cd41445bb4f4448a31587ef05bb6f77eb8
SSDeep: 98304:GmshfKKaVgF5vvE0RvZWaq4Ul39myNDVTX:EfDXFp9m4Ud5DVTX
Size: 3441152 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: MicrosoftVisualC, NETexecutable, UPolyXv05_v6
Company:
Created at: 2016-05-20 08:48:58
Analyzed on: WindowsXP SP3 32-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Trojan creates the following process(es):
%original file name%.exe:900
The Trojan injects its code into the following process(es):
Extreme Loader.exe:412
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process %original file name%.exe:900 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\Extreme Loader.exe (410922 bytes)
The process Extreme Loader.exe:412 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%System%\drivers\etc\hosts (611 bytes)
Registry activity
The process %original file name%.exe:900 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "75 EA EB 39 4B 4E 1E 1C C3 5B 8B 9F 02 17 6B 29"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\c:]
"Extreme Loader.exe" = "Extreme Loader"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
"IntranetName" = "1"
The process Extreme Loader.exe:412 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "98 4B 4F 3A BE 8A C6 34 27 4A 28 AA 13 30 6B D1"
Dropped PE files
| MD5 | File path |
|---|---|
| bb4ca7c47f5f41531999e3d4376cbcf7 | c:\Extreme Loader.exe |
HOSTS file anomalies
The Trojan modifies "%System%\drivers\etc\hosts" file which is used to translate DNS entries to IP addresses. The modified file is 611 bytes in size. The following strings are added to the hosts file listed below:
| 1.2.3.4 | badeshan.com |
| 1.2.3.4 | www.badeshan.com |
| 162.210.102.212 | memoryhackers.com |
| 162.210.102.212 | www.memoryhackers.com |
| 162.210.102.210 | memoryhackers.org |
| 162.210.102.210 | www.memoryhackers.org |
| 1.2.3.4 | utilcheat.com |
| 1.2.3.4 | www.utilcheat.com |
| 1.2.3.4 | utilcheat.org |
| 1.2.3.4 | www.utilcheat.org |
| 1.2.3.4 | ughf.net |
| 1.2.3.4 | www.ughf.net |
| 1.2.3.4 | turkfrm.com |
| 1.2.3.4 | www.turkfrm.com |
| 1.2.3.4 | legendaryhax.org |
| 1.2.3.4 | www.legendaryhax.org |
| 1.2.3.4 | galaxyfrm.com |
| 1.2.3.4 | www.galaxyfrm.com |
| 1.2.3.4 | crewhan.org |
| 1.2.3.4 | www.crewhan.org |
| 1.2.3.4 | memoryhackers.net |
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
%original file name%.exe:900
- Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
C:\Extreme Loader.exe (410922 bytes)
%System%\drivers\etc\hosts (611 bytes) - Restore the original content of the HOSTS file (%System%\drivers\etc\hosts): 127.0.0.1 localhost
- Reboot the computer.
Static Analysis
VersionInfo
Company Name:
Product Name: updater
Product Version: 1.0.0.0
Legal Copyright: Copyright (c) 2016
Legal Trademarks:
Original Filename: updater.exe
Internal Name: updater.exe
File Version: 1.0.0.0
File Description: updater
Comments:
Language: Language Neutral
Company Name: Product Name: updaterProduct Version: 1.0.0.0Legal Copyright: Copyright (c) 2016Legal Trademarks: Original Filename: updater.exeInternal Name: updater.exeFile Version: 1.0.0.0File Description: updaterComments: Language: Language Neutral
PE Sections
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
|---|---|---|---|---|---|
| .text | 8192 | 3423572 | 3423744 | 5.5402 | dc001ad20788fb7ad64e31d05512d2f2 |
| .sdata | 3432448 | 312 | 512 | 1.46421 | 14f1b47501d727a522aba0f991abb904 |
| .rsrc | 3440640 | 15120 | 15360 | 2.92972 | a55e1d565b9f4b3e7a9a317d0f023628 |
| .reloc | 3457024 | 12 | 512 | 0.067931 | a670bf957a87a74673523197c025df23 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
Map
The Trojan connects to the servers at the folowing location(s):
Strings from Dumps
Extreme Loader.exe_412:
.text
.text
`.rdata
`.rdata
@.data
@.data
.vmp0
.vmp0
.vmp1
.vmp1
.reloc
.reloc
@.rsrc
@.rsrc
9>t.hp
9>t.hp
u%SSh
u%SSh
j%XtL9E
j%XtL9E
SSSSh
SSSSh
tFHt:Ht.Ht"Hu`
tFHt:Ht.Ht"Hu`
t'SShl
t'SShl
u$SShe
u$SShe
@ SSHPWj
@ SSHPWj
FTCP
FTCP
tAHt.HHt
tAHt.HHt
SSh@B
SSh@B
tl9_ tgSSh
tl9_ tgSSh
FtPW
FtPW
tWSShW
tWSShW
xSSSh
xSSSh
FTPjKS
FTPjKS
FtPj;S
FtPj;S
C.PjRV
C.PjRV
CNotSupportedException
CNotSupportedException
CCmdTarget
CCmdTarget
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Software\Microsoft\Windows\CurrentVersion\Policies\Network
Software\Microsoft\Windows\CurrentVersion\Policies\Network
Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
KERNEL32.DLL
KERNEL32.DLL
%s%s.dll
%s%s.dll
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appcore.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appcore.cpp
lX-X-x-XX-XXXXXX
lX-X-x-XX-XXXXXX
RegOpenKeyTransactedA
RegOpenKeyTransactedA
Advapi32.dll
Advapi32.dll
RegCreateKeyTransactedA
RegCreateKeyTransactedA
RegDeleteKeyTransactedA
RegDeleteKeyTransactedA
CMFCVisualManagerWindows
CMFCVisualManagerWindows
comctl32.dll
comctl32.dll
comdlg32.dll
comdlg32.dll
shell32.dll
shell32.dll
user32.dll
user32.dll
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl
Afx:%p:%x:%p:%p:%p
Afx:%p:%x:%p:%p:%p
Afx:%p:%x
Afx:%p:%x
commctrl_DragListMsg
commctrl_DragListMsg
mfcm100.dll
mfcm100.dll
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp
Shell32.dll
Shell32.dll
%s:%x:%x:%x:%x
%s:%x:%x:%x:%x
RegDeleteKeyExA
RegDeleteKeyExA
lXXxXXXXXXXX
lXXxXXXXXXXX
kernel32.dll
kernel32.dll
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filecore.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filecore.cpp
%sMFCToolBar-%d%x
%sMFCToolBar-%d%x
%sMFCToolBar-%d
%sMFCToolBar-%d
%sMFCToolBarParameters
%sMFCToolBarParameters
TOOLBAR_RESETKEYBAORD
TOOLBAR_RESETKEYBAORD
&%d %s
&%d %s
%sDockingManager-%d
%sDockingManager-%d
MSG_CHECKEMPTYMINIFRAME
MSG_CHECKEMPTYMINIFRAME
%sPane-%d%x
%sPane-%d%x
%sPane-%d
%sPane-%d
CMDIFrameWndEx
CMDIFrameWndEx
Hex={X,X,X}
Hex={X,X,X}
ole32.dll
ole32.dll
CMDITabProxyWnd
CMDITabProxyWnd
CMDIChildWndEx
CMDIChildWndEx
KeyboardManager
KeyboardManager
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winfrm.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winfrm.cpp
%sBasePane-%d%x
%sBasePane-%d%x
%sBasePane-%d
%sBasePane-%d
ShowCmd
ShowCmd
%c%d%c%s
%c%d%c%s
%sMFCOutlookBar-%d%x
%sMFCOutlookBar-%d%x
%sMFCOutlookBar-%d
%sMFCOutlookBar-%d
CMDIChildWnd
CMDIChildWnd
CMDIFrameWnd
CMDIFrameWnd
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winctrl2.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winctrl2.cpp
%sDockablePaneAdapter-%d%x
%sDockablePaneAdapter-%d%x
%sDockablePaneAdapter-%d
%sDockablePaneAdapter-%d
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_s.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_s.cpp
windows
windows
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledrop2.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledrop2.cpp
CMDIClientAreaWnd
CMDIClientAreaWnd
%sMDIClientArea-%d
%sMDIClientArea-%d
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\viewcore.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\viewcore.cpp
MFCLink_UrlPrefix
MFCLink_UrlPrefix
MFCLink_Url
MFCLink_Url
RGB(%d, %d, %d)
RGB(%d, %d, %d)
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleipfrm.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleipfrm.cpp
CMFCToolBarsKeyboardPropertyPage
CMFCToolBarsKeyboardPropertyPage
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olestrm.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olestrm.cpp
ENABLE_KEYS
ENABLE_KEYS
KEYS_MENU
KEYS_MENU
KEYS
KEYS
%sMFCTasksPane-%d%x
%sMFCTasksPane-%d%x
%sMFCTasksPane-%d
%sMFCTasksPane-%d
portuguese-brazilian
portuguese-brazilian
operator
operator
GetProcessWindowStation
GetProcessWindowStation
Visual C CRT: Not enough memory to complete call to strerror.
Visual C CRT: Not enough memory to complete call to strerror.
Broken pipe
Broken pipe
Inappropriate I/O control operation
Inappropriate I/O control operation
Operation not permitted
Operation not permitted
c:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\atlmfc\include\afxwin1.inl
c:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\atlmfc\include\afxwin1.inl
%s (%s:%d)
%s (%s:%d)
Wolfteam.bin
Wolfteam.bin
dnsapi.dll
dnsapi.dll
Tal Turkey 3175
Tal Turkey 3175
Turkey 9024
Turkey 9024
Hamadah SPORT
Hamadah SPORT
Linmeling SPORT
Linmeling SPORT
Reinhard SPORT
Reinhard SPORT
Marien SPORT
Marien SPORT
C:\Users\ADmin\Desktop\Extreme Loader\Extreme Loader\Release\Extreme Loader.pdb
C:\Users\ADmin\Desktop\Extreme Loader\Extreme Loader\Release\Extreme Loader.pdb
.LGC[
.LGC[
.PAVCMemoryException@@
.PAVCMemoryException@@
.PAVCSimpleException@@
.PAVCSimpleException@@
.PAVCObject@@
.PAVCObject@@
.PAVCNotSupportedException@@
.PAVCNotSupportedException@@
.PAVCInvalidArgException@@
.PAVCInvalidArgException@@
.?AVCNotSupportedException@@
.?AVCNotSupportedException@@
.PAVCOleException@@
.PAVCOleException@@
.?AVCCmdUI@@
.?AVCCmdUI@@
.?AVCMFCVisualManagerWindows@@
.?AVCMFCVisualManagerWindows@@
.PAVCResourceException@@
.PAVCResourceException@@
.PAVCUserException@@
.PAVCUserException@@
.?AVCTestCmdUI@@
.?AVCTestCmdUI@@
.PAVCArchiveException@@
.PAVCArchiveException@@
.?AV?$CFixedStringT@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@$0BAA@@ATL@@
.?AV?$CFixedStringT@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@$0BAA@@ATL@@
.?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@
.?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@
.?AV?$CMap@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBDV12@PBD@@
.?AV?$CMap@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBDV12@PBD@@
.?AV?$CMap@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBDPAVCDocument@@PAV3@@@
.?AV?$CMap@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBDPAVCDocument@@PAV3@@@
.?AV?$CMap@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBD_N_N@@
.?AV?$CMap@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBD_N_N@@
.?AV?$CMap@PAVCDocument@@PAV1@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBD@@
.?AV?$CMap@PAVCDocument@@PAV1@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBD@@
.?AVCMFCToolBarCmdUI@@
.?AVCMFCToolBarCmdUI@@
.?AVCMDIFrameWndEx@@
.?AVCMDIFrameWndEx@@
.?AVCMDIFrameWnd@@
.?AVCMDIFrameWnd@@
.?AVCMFCColorBarCmdUI@@
.?AVCMFCColorBarCmdUI@@
.?AV?$CMap@KKV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBD@@
.?AV?$CMap@KKV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBD@@
.PAVCFileException@@
.PAVCFileException@@
.?AVCMDITabProxyWnd@@
.?AVCMDITabProxyWnd@@
.?AVCMDIChildWndEx@@
.?AVCMDIChildWndEx@@
.?AVCMDIChildWnd@@
.?AVCMDIChildWnd@@
.?AVCMFCCmdUsageCount@@
.?AVCMFCCmdUsageCount@@
.?AV?$CMap@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBDPAVCObList@@PAV3@@@
.?AV?$CMap@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBDPAVCObList@@PAV3@@@
.?AVCMFCRibbonCmdUI@@
.?AVCMFCRibbonCmdUI@@
.?AVCMFCAcceleratorKey@@
.?AVCMFCAcceleratorKey@@
.?AVCMFCRibbonKeyTip@@
.?AVCMFCRibbonKeyTip@@
.?AV?$CList@PAVCMDIChildWndEx@@PAV1@@@
.?AV?$CList@PAVCMDIChildWndEx@@PAV1@@@
.?AVCMDIClientAreaWnd@@
.?AVCMDIClientAreaWnd@@
.PAVCOleDispatchException@@
.PAVCOleDispatchException@@
.?AVCMFCToolBarsKeyboardPropertyPage@@
.?AVCMFCToolBarsKeyboardPropertyPage@@
.?AV?$CMap@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBDHH@@
.?AV?$CMap@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBDHH@@
.?AVCMFCTasksPaneToolBarCmdUI@@
.?AVCMFCTasksPaneToolBarCmdUI@@
.?AVCMFCAcceleratorKeyAssignCtrl@@
.?AVCMFCAcceleratorKeyAssignCtrl@@
zcÃ
zcÃ
.?AVCCmdTarget@@
.?AVCCmdTarget@@
.PAVCException@@
.PAVCException@@
.rsrc
.rsrc
@.reloc
@.reloc
>> Error: Unable to allocate memory for DLL data (%d)
>> Error: Unable to allocate memory for DLL data (%d)
>> Error: Invalid executable image.
>> Error: Invalid executable image.
>> Error: Unable to open target process (%d)
>> Error: Unable to open target process (%d)
>> Error: Unable to allocate memory for the DLL (%d)
>> Error: Unable to allocate memory for the DLL (%d)
>> Error: Unable to copy headers to target process (%d)
>> Error: Unable to copy headers to target process (%d)
>> Error: Unable to allocate memory for the loader code (%d)
>> Error: Unable to allocate memory for the loader code (%d)
>> Executing loader code.
>> Executing loader code.
>> Error: Unable to execute loader code (%d)
>> Error: Unable to execute loader code (%d)
C:\Users\ADmin\documents\visual studio 2013\Projects\ManualInjector\Release\ManualInjector.pdb
C:\Users\ADmin\documents\visual studio 2013\Projects\ManualInjector\Release\ManualInjector.pdb
KERNEL32.dll
KERNEL32.dll
ADVAPI32.dll
ADVAPI32.dll
MSVCP100.dll
MSVCP100.dll
MSVCR100.dll
MSVCR100.dll
_malloc_crt
_malloc_crt
_amsg_exit
_amsg_exit
_crt_debugger_hook
_crt_debugger_hook
Teleportation[Y-T]
Teleportation[Y-T]
Crosshair
Crosshair
d3d9.dll
d3d9.dll
USER32.DLL
USER32.DLL
C:\Users\ADmin\Desktop\WolfExtremeX\WolfExtremeX\Menu\Menu\Release\Menu.pdb
C:\Users\ADmin\Desktop\WolfExtremeX\WolfExtremeX\Menu\Menu\Release\Menu.pdb
GetAsyncKeyState
GetAsyncKeyState
GetKeyState
GetKeyState
USER32.dll
USER32.dll
GDI32.dll
GDI32.dll
RegOpenKeyA
RegOpenKeyA
d3dx9_43.dll
d3dx9_43.dll
PSAPI.DLL
PSAPI.DLL
imagehlp.dll
imagehlp.dll
.detour
.detour
diTXtXML:com.adobe.xmp
diTXtXML:com.adobe.xmp
" id="W5M0MpCehiHzreSzNTczkc9d"?> U
" id="W5M0MpCehiHzreSzNTczkc9d"?> U
C:\Extreme Loader.exe
C:\Extreme Loader.exe
LastPass
LastPass
Please contact the application's support team for more information.
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
activation.php?code=
activation.php?code=
deactivation.php?hash=
deactivation.php?hash=
C,%c@
C,%c@
.?AVIUrlBuilderSource@@
.?AVIUrlBuilderSource@@
D$@%Xa
D$@%Xa
6#%x2
6#%x2
/n.In)
/n.In)
n-jSMx}
n-jSMx}
.uUtJ
.uUtJ
.CA1k
.CA1k
.BV`e
.BV`e
y.xOS
y.xOS
.gV7')
.gV7')
sd.lnZ
sd.lnZ
.kUZ(I
.kUZ(I
V1.tO
V1.tO
,.nRsi
,.nRsi
K".Nb
K".Nb
.OM@a
.OM@a
O.Mo~
O.Mo~
NW.UQ
NW.UQ
U.mua
U.mua
Qd
Qd
9:i.Oo"
9:i.Oo"
loUrL
loUrL
p.DaE
p.DaE
%S:4D
%S:4D
SZ.Ae
SZ.Ae
.Uh}QWoT}
.Uh}QWoT}
.LNwR
.LNwR
y?"%c
y?"%c
%F{g:
%F{g:
X.tJI06(
X.tJI06(
=.Ic?R
=.Ic?R
.Ss@l
.Ss@l
2.Mj|\e
2.Mj|\e
h.eA[
h.eA[
6?r%U
6?r%U
.CkeL
.CkeL
.iz n!3x
.iz n!3x
`y.JeD
`y.JeD
q%up9
q%up9
.fO*U
.fO*U
!%d>&
!%d>&
}YXiV.rl
}YXiV.rl
H.IV0
H.IV0
vD.Yx&
vD.Yx&
Crtr9
Crtr9
l.jZad
l.jZad
zR.BW
zR.BW
1t.es
1t.es
v%S"V
v%S"V
J?M%D@
J?M%D@
vxt%U
vxt%U
v.MCSD/H
v.MCSD/H
.rRb
.rRb
=
=
i.pFE
i.pFE
hT..ddd
hT..ddd
/ô~j
/ô~j
%u[#U
%u[#U
up.KN
up.KN
Mz.zL
Mz.zL
R.Ich
R.Ich
t-z}Z
t-z}Z
hq-1}
hq-1}
>.LB;cM
>.LB;cM
_sLH%DNu
_sLH%DNu
Y-.MT
Y-.MT
4a.lfX
4a.lfX
.Sau-;
.Sau-;
ya|%d
ya|%d
4.myD
4.myD
|B<.no>
|B<.no>
úU{c
úU{c
e.tha
e.tha
.Ez[9^{
.Ez[9^{
vT.ES
vT.ES
%X$G&
%X$G&
lA.DxJ
lA.DxJ
57%dZ
57%dZ
S.FhL
S.FhL
Dv%d:S7r"
Dv%d:S7r"
e|.PR
e|.PR
25.sc
25.sc
%dkk5
%dkk5
m.eW.
m.eW.
-|EN%f
-|EN%f
>qix.om
>qix.om
x.og_e
x.og_e
%s 3MoC
%s 3MoC
aG.Cei,k
aG.Cei,k
%ChQ.n
%ChQ.n
.pn)$
.pn)$
pe*%U
pe*%U
q-76}Tlh
q-76}Tlh
.om {E
.om {E
%N%Dw
%N%Dw
l_%sl
l_%sl
gA.Vo
gA.Vo
.kJFr
.kJFr
1%ST?V
1%ST?V
3p.Vd
3p.Vd
D.XCx/q
D.XCx/q
I[.Cn
I[.Cn
%f(#Q
%f(#Q
_?ý6
_?ý6
S.Rkk
S.Rkk
ej%F] _
ej%F] _
?]%f;
?]%f;
ab.lcM
ab.lcM
..p4.Wn
..p4.Wn
k.TjZu
k.TjZu
3.%c]
3.%c]
uWT.CaM
uWT.CaM
U:\Zq
U:\Zq
\$Dhu.MB
\$Dhu.MB
.fhf\^J
.fhf\^J
.hm2a:
.hm2a:
%SHD'
%SHD'
.oBQV
.oBQV
cmd|9j
cmd|9j
òi%
òi%
4$h%S
4$h%S
%f*co
%f*co
Vd.wN
Vd.wN
.&'%S
.&'%S
?%%X{
?%%X{
.NP/.
.NP/.
J,CRTm
J,CRTm
E %UN6
E %UN6
7}C%xsp
7}C%xsp
OLEACC.dll
OLEACC.dll
%c?)[
%c?)[
P[.sq
P[.sq
[%x^n
[%x^n
.FQO\
.FQO\
.oEHPu
.oEHPu
3@.Gi7&
3@.Gi7&
FKEY{
FKEY{
hf.Lk
hf.Lk
2.qmtR
2.qmtR
l~.Yg
l~.Yg
L"6.vf4H
L"6.vf4H
[.DIJ
[.DIJ
^%c`qB
^%c`qB
7.lhy$*
7.lhy$*
#.of0
#.of0
`%Dno
`%Dno
RB,.WQ
RB,.WQ
1%ch^
1%ch^
]ra%f
]ra%f
sMt.aw
sMt.aw
d%X/D
d%X/D
c%f!'B
c%f!'B
K.ukWf
K.ukWf
.QU*u
.QU*u
N%dxM2s
N%dxM2s
,..xI
,..xI
,|}.av
,|}.av
j0V%C
j0V%C
;{.gG
;{.gG
1`k..lePM
1`k..lePM
$).ZV
$).ZV
sj.SwB
sj.SwB
.DvdRXce{U
.DvdRXce{U
.zyag
.zyag
vT {qx.WS
vT {qx.WS
.ZnN3
.ZnN3
'Eo
'Eo
x.Nw~
x.Nw~
iq;-7}
iq;-7}
s.OY4C
s.OY4C
v.xEp
v.xEp
.NB)x
.NB)x
%YT%u
%YT%u
d3YÃ…
d3YÃ…
dT-A}
dT-A}
.pqG>
.pqG>
L.mGV
L.mGV
!Q.NpK
!Q.NpK
E#%CM
E#%CM
4%T.QM
4%T.QM
:,f.wG
:,f.wG
KÛ;
KÛ;
FD%X6
FD%X6
".uOR
".uOR
R2.CD
R2.CD
%Xz[V
%Xz[V
79.beN
79.beN
.bP'3
.bP'3
.mT2.D
.mT2.D
@A.YN
@A.YN
yU %S
yU %S
z.DA"
z.DA"
$/.Je
$/.Je
*n>%sof
*n>%sof
V.cKx
V.cKx
8kT.GdN
8kT.GdN
w".YB
w".YB
W.zx4
W.zx4
o;z%X
o;z%X
"S%4U
"S%4U
*X.BI
*X.BI
hW%D/5`X
hW%D/5`X
[{.le
[{.le
r%FM3uE
r%FM3uE
-.eykh
-.eykh
c}G.LOX
c}G.LOX
v&O%xF
v&O%xF
Z}|:m%F
Z}|:m%F
.nqG\
.nqG\
kKEye
kKEye
.Wy_e
.Wy_e
.BiMO
.BiMO
K
K
J.kzO!
J.kzO!
i:v%%d
i:v%%d
qd%f=
qd%f=
&64Ì
&64Ì
t.PS-y
t.PS-y
M:\
M:\
JA.kW
JA.kW
oq%fy;
oq%fy;
afz.FA
afz.FA
>.ex&
>.ex&
oit.Qe
oit.Qe
.VQdB
.VQdB
MNF.ErD
MNF.ErD
@9.ph
@9.ph
>6*.Gx2E
>6*.Gx2E
.Aq#&
.Aq#&
v/c.nCOf
v/c.nCOf
%.UvC
%.UvC
%s2Vq8o
%s2Vq8o
==Ah"^{KzG%u
==Ah"^{KzG%u
Q.Qz^7 miNB
Q.Qz^7 miNB
p[}%d
p[}%d
YYi.awZe
YYi.awZe
=v.pc
=v.pc
W.XTz
W.XTz
tj.Fg
tj.Fg
pS}v.hS
pS}v.hS
dC.JH
dC.JH
:.GHhOo
:.GHhOo
&2.AQ
&2.AQ
rn %XR
rn %XR
".ex}*
".ex}*
i.hS'FU
i.hS'FU
9u%Ut
9u%Ut
Dy.JK
Dy.JK
.yXbA
.yXbA
-q}9!
-q}9!
D.XYX
D.XYX
W.dc@
W.dc@
f.cip
f.cip
F.MFo
F.MFo
CTt%S
CTt%S
V-Tr}
V-Tr}
v.ytL
v.ytL
BP.jhjr
BP.jhjr
.WMbBF
.WMbBF
<.lg>
<.lg>
qQ)%Xw,
qQ)%Xw,
(%.WE
(%.WE
!(%uKc
!(%uKc
;6Q%u
;6Q%u
q]R.lA
q]R.lA
ikEY*
ikEY*
'.ic\a--
'.ic\a--
.-He}
.-He}
<.joe>
<.joe>
=so.DEu
=so.DEu
Tn%X~
Tn%X~
%Sl}
%Sl}
>.BMS7
>.BMS7
#"Ny%X
#"Ny%X
H;.EY,
H;.EY,
$Db3M.st
$Db3M.st
{I.GH
{I.GH
=a%%f
=a%%f
_.TxB
_.TxB
|pGL.hRt
|pGL.hRt
7.URA!
7.URA!
.qO0v
.qO0v
b%Saw
b%Saw
)P.TrW
)P.TrW
CÃf
CÃf
.HlkLQw
.HlkLQw
ND%u|
ND%u|
%d)v{
%d)v{
H_ux%x
H_ux%x
.SVX?v
.SVX?v
u@%c
u@%c
EP=.Rx
EP=.Rx
.Nde$
.Nde$
t.Eyr
t.Eyr
j.qCE
j.qCE
Q.RcS
Q.RcS
I.gK/
I.gK/
x.fkK
x.fkK
j{
j{
A.zc%
A.zc%
G%C'R
G%C'R
$0U%c
$0U%c
N.xs_
N.xs_
Fy%f|g
Fy%f|g
zq.ra
zq.ra
Bl.PM
Bl.PM
OT=.NeE.9
OT=.NeE.9
d.ASZ
d.ASZ
]ýcN
]ýcN
'%CYLY
'%CYLY
rU?n?
rU?n?
.SA!%
.SA!%
sp.tD
sp.tD
(y%9u
(y%9u
#v:%Fr7MuUsUo
#v:%Fr7MuUsUo
.yL4
.yL4
r.hOv
r.hOv
.Ixs3
.Ixs3
8p.Sw'
8p.Sw'
%0X6E
%0X6E
P%.jK
P%.jK
-L}oY
-L}oY
.cR5O
.cR5O
keYE
keYE
%CXywK
%CXywK
POK.OB
POK.OB
Cy(D
Cy(D
3m.cI
3m.cI
|Z.:%S
|Z.:%S
ýsG
ýsG
;-xB}1n4
;-xB}1n4
Y.edY
Y.edY
c.Ets?
c.Ets?
gd%uR
gd%uR
!Hp.YZ
!Hp.YZ
Vl.XDL
Vl.XDL
E9Npcz
E9Npcz
5-%f~5
5-%f~5
;/
;/
>&>->4>9>`>
>&>->4>9>`>
:*;0;6;
:*;0;6;
5#5(5.545{6
5#5(5.545{6
7;8#9-959_9
7;8#9-959_9
7%8s8
7%8s8
3=3X3
3=3X3
2"2)202.3
2"2)202.3
6"6&6*6.626~6
6"6&6*6.626~6
494{4!576
494{4!576
3\3%4,434~4
3\3%4,434~4
7&8.8\8{8
7&8.8\8{8
55
55
9;:
9;:
8\9{9 :6:
8\9{9 :6:
;0}0*121
;0}0*121
9&:.:6:>:~:
9&:.:6:>:~:
6e6F6
6e6F6
? ?$?(?,?0?4?8?
? ?$?(?,?0?4?8?
> ?$?(?,?
> ?$?(?,?
7 7$7(7,7074787
7 7$7(7,7074787
> >$>(>,>0>4>
> >$>(>,>0>4>
9 9(909
9 9(909