Detections

Yara:

Loki

Analysis

Category Package Started Completed Duration Options Log
FILE exe 2020-10-18 06:33:05 2020-10-18 06:39:58 413 seconds Show Options Show Log
route = tor
2020-05-13 09:30:50,141 [root] INFO: Date set to: 20201018T06:33:03, timeout set to: 200
2020-10-18 06:33:03,093 [root] DEBUG: Starting analyzer from: C:\tmplodztmkc
2020-10-18 06:33:03,093 [root] DEBUG: Storing results at: C:\GJYmmGiTDr
2020-10-18 06:33:03,093 [root] DEBUG: Pipe server name: \\.\PIPE\efKTbML
2020-10-18 06:33:03,093 [root] DEBUG: Python path: C:\Users\Louise\AppData\Local\Programs\Python\Python38-32
2020-10-18 06:33:03,093 [root] DEBUG: No analysis package specified, trying to detect it automagically.
2020-10-18 06:33:03,093 [root] INFO: Automatically selected analysis package "exe"
2020-10-18 06:33:03,093 [root] DEBUG: Importing analysis package "exe"...
2020-10-18 06:33:03,156 [root] DEBUG: Initializing analysis package "exe"...
2020-10-18 06:33:03,328 [root] DEBUG: Importing auxiliary module "modules.auxiliary.browser"...
2020-10-18 06:33:03,328 [root] DEBUG: Importing auxiliary module "modules.auxiliary.curtain"...
2020-10-18 06:33:03,437 [root] DEBUG: Importing auxiliary module "modules.auxiliary.digisig"...
2020-10-18 06:33:03,453 [root] DEBUG: Importing auxiliary module "modules.auxiliary.disguise"...
2020-10-18 06:33:03,515 [root] DEBUG: Importing auxiliary module "modules.auxiliary.human"...
2020-10-18 06:33:03,546 [root] DEBUG: Importing auxiliary module "modules.auxiliary.procmon"...
2020-10-18 06:33:03,546 [root] DEBUG: Importing auxiliary module "modules.auxiliary.screenshots"...
2020-10-18 06:33:03,562 [modules.auxiliary.screenshots] DEBUG: Importing 'time'
2020-10-18 06:33:03,562 [modules.auxiliary.screenshots] DEBUG: Importing 'StringIO'
2020-10-18 06:33:03,562 [modules.auxiliary.screenshots] DEBUG: Importing 'Thread'
2020-10-18 06:33:03,562 [modules.auxiliary.screenshots] DEBUG: Importing 'Auxiliary'
2020-10-18 06:33:03,562 [modules.auxiliary.screenshots] DEBUG: Importing 'NetlogFile'
2020-10-18 06:33:03,562 [modules.auxiliary.screenshots] DEBUG: Importing 'Screenshot'
2020-10-18 06:33:03,578 [lib.api.screenshot] DEBUG: Importing 'math'
2020-10-18 06:33:03,578 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops'
2020-10-18 06:33:04,921 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageGrab'
2020-10-18 06:33:04,937 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageDraw'
2020-10-18 06:33:05,015 [modules.auxiliary.screenshots] DEBUG: Imports OK
2020-10-18 06:33:05,015 [root] DEBUG: Importing auxiliary module "modules.auxiliary.sysmon"...
2020-10-18 06:33:05,015 [root] DEBUG: Importing auxiliary module "modules.auxiliary.usage"...
2020-10-18 06:33:05,046 [root] DEBUG: Initializing auxiliary module "Browser"...
2020-10-18 06:33:05,046 [root] DEBUG: Started auxiliary module Browser
2020-10-18 06:33:05,046 [root] DEBUG: Initializing auxiliary module "Curtain"...
2020-10-18 06:33:05,046 [root] DEBUG: Started auxiliary module Curtain
2020-10-18 06:33:05,062 [root] DEBUG: Initializing auxiliary module "DigiSig"...
2020-10-18 06:33:05,062 [modules.auxiliary.digisig] DEBUG: Checking for a digital signature.
2020-10-18 06:33:06,249 [modules.auxiliary.digisig] DEBUG: File is not signed.
2020-10-18 06:33:06,249 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json
2020-10-18 06:33:06,265 [root] DEBUG: Started auxiliary module DigiSig
2020-10-18 06:33:06,265 [root] DEBUG: Initializing auxiliary module "Disguise"...
2020-10-18 06:33:06,281 [modules.auxiliary.disguise] INFO: Disguising GUID to f77036f1-af9d-421d-aebb-f27cebff2783
2020-10-18 06:33:06,281 [root] DEBUG: Started auxiliary module Disguise
2020-10-18 06:33:06,281 [root] DEBUG: Initializing auxiliary module "Human"...
2020-10-18 06:33:06,343 [root] DEBUG: Started auxiliary module Human
2020-10-18 06:33:06,343 [root] DEBUG: Initializing auxiliary module "Procmon"...
2020-10-18 06:33:06,359 [root] DEBUG: Started auxiliary module Procmon
2020-10-18 06:33:06,359 [root] DEBUG: Initializing auxiliary module "Screenshots"...
2020-10-18 06:33:06,359 [root] DEBUG: Started auxiliary module Screenshots
2020-10-18 06:33:06,359 [root] DEBUG: Initializing auxiliary module "Sysmon"...
2020-10-18 06:33:06,390 [root] DEBUG: Started auxiliary module Sysmon
2020-10-18 06:33:06,390 [root] DEBUG: Initializing auxiliary module "Usage"...
2020-10-18 06:33:06,390 [root] DEBUG: Started auxiliary module Usage
2020-10-18 06:33:06,390 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL option
2020-10-18 06:33:06,390 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL_64 option
2020-10-18 06:33:06,390 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader option
2020-10-18 06:33:06,390 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader_64 option
2020-10-18 06:33:06,500 [lib.api.process] INFO: Successfully executed process from path "C:\Users\Louise\AppData\Local\Temp\DHL FILE 267382.exe" with arguments "" with pid 4460
2020-10-18 06:33:06,500 [lib.api.process] INFO: Monitor config for process 4460: C:\tmplodztmkc\dll\4460.ini
2020-10-18 06:33:06,531 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmplodztmkc\dll\YNJLUVmE.dll, loader C:\tmplodztmkc\bin\awScRbr.exe
2020-10-18 06:33:06,671 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\efKTbML.
2020-10-18 06:33:06,671 [root] DEBUG: Loader: Injecting process 4460 (thread 4060) with C:\tmplodztmkc\dll\YNJLUVmE.dll.
2020-10-18 06:33:06,687 [root] DEBUG: InjectDllViaIAT: Executable is .NET, injecting via queued APC.
2020-10-18 06:33:06,687 [root] DEBUG: InjectDllViaQueuedAPC: APC injection queued.
2020-10-18 06:33:06,687 [root] DEBUG: Successfully injected DLL C:\tmplodztmkc\dll\YNJLUVmE.dll.
2020-10-18 06:33:08,703 [lib.api.process] INFO: Successfully resumed process with pid 4460
2020-10-18 06:33:09,671 [root] DEBUG: Python path set to 'C:\Users\Louise\AppData\Local\Programs\Python\Python38-32'.
2020-10-18 06:33:09,671 [root] DEBUG: Dropped file limit defaulting to 100.
2020-10-18 06:33:09,687 [root] DEBUG: CAPE initialised: 32-bit monitor loaded in process 4460 at 0x6f3b0000, image base 0xd70000, stack from 0x226000-0x230000
2020-10-18 06:33:09,687 [root] DEBUG: Commandline: C:\Users\Louise\AppData\Local\Temp\"C:\Users\Louise\AppData\Local\Temp\DHL FILE 267382.exe"
2020-10-18 06:33:09,734 [root] INFO: Loaded monitor into process with pid 4460
2020-10-18 06:33:09,734 [root] DEBUG: set_caller_info: Adding region at 0x00130000 to caller regions list (advapi32::RegQueryInfoKeyW).
2020-10-18 06:33:09,734 [root] DEBUG: DumpPEsInRange: Scanning range 0x130000 - 0x230000.
2020-10-18 06:33:09,734 [root] DEBUG: ScanForDisguisedPE: Exception occurred scanning buffer at 0x130000
2020-10-18 06:33:10,468 [root] DEBUG: DumpMemory: Exception occurred reading memory address 0x130000
2020-10-18 06:33:10,468 [root] DEBUG: DumpRegion: Failed to dump entire allocation from 0x00130000 size 0x100000.
2020-10-18 06:33:10,546 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\GJYmmGiTDr\CAPE\4460_1441678224101321180102020 (size 0xf48)
2020-10-18 06:33:10,546 [root] DEBUG: DumpRegion: Dumped region at 0x0022F000, size 0x1000.
2020-10-18 06:33:10,562 [root] DEBUG: set_caller_info: Adding region at 0x02330000 to caller regions list (advapi32::RegOpenKeyExW).
2020-10-18 06:33:10,562 [root] DEBUG: DumpPEsInRange: Scanning range 0x2330000 - 0x2730000.
2020-10-18 06:33:10,578 [root] DEBUG: ScanForDisguisedPE: Exception occurred scanning buffer at 0x2375fc1
2020-10-18 06:33:10,609 [root] DEBUG: DumpMemory: Exception occurred reading memory address 0x2330000
2020-10-18 06:33:10,609 [root] DEBUG: DumpRegion: Failed to dump entire allocation from 0x02330000 size 0x400000.
2020-10-18 06:33:10,656 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\GJYmmGiTDr\CAPE\4460_1938908327101321180102020 (size 0x1a41)
2020-10-18 06:33:10,656 [root] DEBUG: DumpRegion: Dumped region at 0x026ED000, size 0x10000.
2020-10-18 06:33:10,656 [root] DEBUG: set_caller_info: Adding region at 0x00490000 to caller regions list (kernel32::FindFirstFileExW).
2020-10-18 06:33:10,656 [root] DEBUG: DumpPEsInRange: Scanning range 0x490000 - 0x590000.
2020-10-18 06:33:10,718 [root] DEBUG: ScanForDisguisedPE: Exception occurred scanning buffer at 0x4b9fc1
2020-10-18 06:33:10,750 [root] DEBUG: ScanForNonZero: Exception occurred reading memory address 0x590000
2020-10-18 06:33:10,750 [root] DEBUG: DumpMemory: Nothing to dump at 0x00490000!
2020-10-18 06:33:10,750 [root] DEBUG: DumpRegion: Failed to dump entire allocation from 0x00490000 size 0x100000.
2020-10-18 06:33:10,796 [root] DEBUG: ScanForNonZero: Exception occurred reading memory address 0x590000
2020-10-18 06:33:10,796 [root] DEBUG: DumpMemory: Nothing to dump at 0x00570000!
2020-10-18 06:33:10,812 [root] DEBUG: DumpRegion: Failed to dump region at 0x00570000 size 0x20000.
2020-10-18 06:33:10,812 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0xd4 and local view 0x729C0000 to global list.
2020-10-18 06:33:10,812 [root] DEBUG: DLL loaded at 0x729C0000: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei (0x7d000 bytes).
2020-10-18 06:33:10,812 [root] DEBUG: DLL unloaded from 0x74A80000.
2020-10-18 06:33:10,843 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0xe4 and local view 0x002A0000 to global list.
2020-10-18 06:33:10,859 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0xe0 and local view 0x002A0000 to global list.
2020-10-18 06:33:10,859 [root] DEBUG: DLL loaded at 0x73390000: C:\Windows\system32\VERSION (0x9000 bytes).
2020-10-18 06:33:10,875 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x722D0000 for section view with handle 0xe4.
2020-10-18 06:33:10,875 [root] DEBUG: DLL loaded at 0x722D0000: C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr (0x6ef000 bytes).
2020-10-18 06:33:10,875 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x72FE0000 for section view with handle 0xe4.
2020-10-18 06:33:10,890 [root] DEBUG: DLL loaded at 0x72FE0000: C:\Windows\system32\MSVCR120_CLR0400 (0xf5000 bytes).
2020-10-18 06:33:11,000 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x108 and local view 0x000E0000 to global list.
2020-10-18 06:33:11,000 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x10c and local view 0x000F0000 to global list.
2020-10-18 06:33:11,000 [root] INFO: Disabling sleep skipping.
2020-10-18 06:33:11,046 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x1c4 and local view 0x06000000 to global list.
2020-10-18 06:33:11,218 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x208 and local view 0x6E010000 to global list.
2020-10-18 06:33:11,234 [root] DEBUG: DLL loaded at 0x6E010000: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6715dc4d04e35f16d482900c355325e9\mscorlib.ni (0x1393000 bytes).
2020-10-18 06:33:11,500 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x214 and local view 0x6DF90000 to global list.
2020-10-18 06:33:11,515 [root] DEBUG: DLL loaded at 0x6DF90000: C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit (0x80000 bytes).
2020-10-18 06:33:11,750 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x228 and local view 0x6D580000 to global list.
2020-10-18 06:33:11,765 [root] DEBUG: DLL loaded at 0x6D580000: C:\Windows\assembly\NativeImages_v4.0.30319_32\System\43822396682b0ffc3cfb66137ddab95f\System.ni (0xa10000 bytes).
2020-10-18 06:33:11,859 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x6D3E0000 for section view with handle 0x228.
2020-10-18 06:33:11,953 [root] DEBUG: DLL loaded at 0x6D3E0000: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2c462a934e0586ac5e46c8b93e461384\System.Drawing.ni (0x194000 bytes).
2020-10-18 06:33:12,249 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x224 and local view 0x6C6C0000 to global list.
2020-10-18 06:33:12,265 [root] DEBUG: DLL loaded at 0x6C6C0000: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\aece3d371c0714e60f9509d2a3137395\System.Windows.Forms.ni (0xd1d000 bytes).
2020-10-18 06:33:12,671 [root] DEBUG: set_caller_info: Adding region at 0x002E0000 to caller regions list (ntdll::NtAllocateVirtualMemory).
2020-10-18 06:33:12,671 [root] DEBUG: DumpPEsInRange: Scanning range 0x2e0000 - 0x2f0000.
2020-10-18 06:33:12,687 [root] DEBUG: ScanForDisguisedPE: Exception occurred scanning buffer at 0x2e0fc1
2020-10-18 06:33:12,687 [root] DEBUG: ScanForNonZero: Exception occurred reading memory address 0x2f0000
2020-10-18 06:33:12,687 [root] DEBUG: DumpMemory: Nothing to dump at 0x002E0000!
2020-10-18 06:33:12,703 [root] DEBUG: DumpRegion: Failed to dump entire allocation from 0x002E0000 size 0x10000.
2020-10-18 06:33:12,734 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\GJYmmGiTDr\CAPE\4460_1983379724321321180102020 (size 0x491)
2020-10-18 06:33:12,750 [root] DEBUG: DumpRegion: Dumped region at 0x002E0000, size 0x1000.
2020-10-18 06:33:12,875 [root] DEBUG: DLL loaded at 0x73FA0000: C:\Windows\system32\uxtheme (0x80000 bytes).
2020-10-18 06:33:12,890 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x230 and local view 0x6C1C0000 to global list.
2020-10-18 06:33:13,265 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x238 and local view 0x6BEE0000 to global list.
2020-10-18 06:33:13,296 [root] DEBUG: DLL loaded at 0x6BEE0000: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\c8a2021e940773064c655a6ea6ee8cb2\System.Core.ni (0x7e0000 bytes).
2020-10-18 06:33:13,343 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x234 and local view 0x6BDE0000 to global list.
2020-10-18 06:33:13,343 [root] DEBUG: DLL loaded at 0x6BDE0000: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2f61c87db96dbe27deea0e525a665761\System.Configuration.ni (0xfc000 bytes).
2020-10-18 06:33:13,484 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x22c and local view 0x6BDC0000 to global list.
2020-10-18 06:33:13,500 [root] DEBUG: DLL loaded at 0x6BDC0000: C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting (0x13000 bytes).
2020-10-18 06:33:13,531 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x06680000 for section view with handle 0x22c.
2020-10-18 06:33:13,796 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x6B680000 for section view with handle 0x234.
2020-10-18 06:33:13,812 [root] DEBUG: DLL loaded at 0x6B680000: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\a3abb36b9f9e867b09bb3a670b074c45\System.Xml.ni (0x73e000 bytes).
2020-10-18 06:33:18,218 [root] DEBUG: DLL loaded at 0x75180000: C:\Windows\syswow64\shell32 (0xc4c000 bytes).
2020-10-18 06:33:18,234 [root] DEBUG: DLL loaded at 0x740A0000: C:\Windows\system32\profapi (0xb000 bytes).
2020-10-18 06:33:19,140 [root] DEBUG: set_caller_info: Adding region at 0x00110000 to caller regions list (ntdll::NtAllocateVirtualMemory).
2020-10-18 06:33:19,140 [root] DEBUG: DumpPEsInRange: Scanning range 0x110000 - 0x120000.
2020-10-18 06:33:19,140 [root] DEBUG: ScanForDisguisedPE: Exception occurred scanning buffer at 0x110fc1
2020-10-18 06:33:19,140 [root] DEBUG: ScanForNonZero: Exception occurred reading memory address 0x120000
2020-10-18 06:33:19,140 [root] DEBUG: DumpMemory: Nothing to dump at 0x00110000!
2020-10-18 06:33:19,140 [root] DEBUG: DumpRegion: Failed to dump entire allocation from 0x00110000 size 0x10000.
2020-10-18 06:33:19,375 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\GJYmmGiTDr\CAPE\4460_395048612391321180102020 (size 0x5a3)
2020-10-18 06:33:19,375 [root] DEBUG: DumpRegion: Dumped region at 0x0011D000, size 0x1000.
2020-10-18 06:33:19,578 [root] DEBUG: DLL loaded at 0x74430000: C:\Windows\system32\bcrypt (0x17000 bytes).
2020-10-18 06:33:19,781 [root] DEBUG: DLL loaded at 0x74130000: C:\Windows\system32\CRYPTSP (0x17000 bytes).
2020-10-18 06:33:19,812 [root] DEBUG: DLL loaded at 0x74040000: C:\Windows\system32\rsaenh (0x3b000 bytes).
2020-10-18 06:33:20,828 [root] DEBUG: DLL loaded at 0x6B5F0000: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32 (0x84000 bytes).
2020-10-18 06:33:21,125 [root] DEBUG: set_caller_info: Adding region at 0x00120000 to caller regions list (ntdll::LdrGetProcedureAddress).
2020-10-18 06:33:21,125 [root] DEBUG: DumpPEsInRange: Scanning range 0x120000 - 0x130000.
2020-10-18 06:33:21,125 [root] DEBUG: ScanForDisguisedPE: Exception occurred scanning buffer at 0x129fc1
2020-10-18 06:33:21,328 [root] DEBUG: ScanForNonZero: Exception occurred reading memory address 0x130000
2020-10-18 06:33:21,343 [root] DEBUG: DumpMemory: Nothing to dump at 0x00120000!
2020-10-18 06:33:21,343 [root] DEBUG: DumpRegion: Failed to dump entire allocation from 0x00120000 size 0x10000.
2020-10-18 06:33:21,359 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\GJYmmGiTDr\CAPE\4460_1699821597411321180102020 (size 0xf6)
2020-10-18 06:33:21,359 [root] DEBUG: DumpRegion: Dumped region at 0x0012D000, size 0x1000.
2020-10-18 06:33:21,921 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x26c and local view 0x70D90000 to global list.
2020-10-18 06:33:21,984 [root] DEBUG: DLL loaded at 0x70D90000: C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\6090b158fd3d10686b422a455e188125\Microsoft.VisualBasic.ni (0x1d1000 bytes).
2020-10-18 06:33:24,328 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x00590000 for section view with handle 0x26c.
2020-10-18 06:33:24,843 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x00400000 for section view with handle 0x26c.
2020-10-18 06:33:35,593 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x278 and local view 0x70BF0000 to global list.
2020-10-18 06:33:35,609 [root] DEBUG: DLL loaded at 0x70BF0000: C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24308_none_5c028e37a0121035\gdiplus (0x192000 bytes).
2020-10-18 06:33:35,656 [root] DEBUG: DLL loaded at 0x70AB0000: C:\Windows\system32\WindowsCodecs (0x131000 bytes).
2020-10-18 06:33:35,734 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x280 and local view 0x006B0000 to global list.
2020-10-18 06:33:35,734 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x006C0000 for section view with handle 0x280.
2020-10-18 06:33:35,734 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x006D0000 for section view with handle 0x280.
2020-10-18 06:33:36,093 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x288 and local view 0x00B60000 to global list.
2020-10-18 06:33:36,718 [root] INFO: Added new file to list with pid None and path C:\Users\Louise\AppData\Roaming\wmiRSwSoPk.exe
2020-10-18 06:33:36,765 [root] INFO: Added new file to list with pid None and path C:\Users\Louise\AppData\Local\Temp\tmpC0C6.tmp
2020-10-18 06:33:36,828 [root] DEBUG: DLL loaded at 0x72A50000: C:\Windows\system32\PROPSYS (0xf5000 bytes).
2020-10-18 06:33:36,843 [root] DEBUG: DLL loaded at 0x73690000: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32 (0x19e000 bytes).
2020-10-18 06:33:36,875 [root] DEBUG: DLL loaded at 0x74930000: C:\Windows\system32\apphelp (0x4c000 bytes).
2020-10-18 06:33:36,968 [root] DEBUG: DLL loaded at 0x75DD0000: C:\Windows\syswow64\CLBCatQ (0x83000 bytes).
2020-10-18 06:33:36,984 [root] DEBUG: DLL loaded at 0x6AB30000: C:\Windows\SysWOW64\ieframe (0xaba000 bytes).
2020-10-18 06:33:36,984 [root] DEBUG: DLL loaded at 0x75EF0000: C:\Windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0 (0x5000 bytes).
2020-10-18 06:33:37,000 [root] DEBUG: DLL loaded at 0x75F00000: C:\Windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0 (0x4000 bytes).
2020-10-18 06:33:37,000 [root] DEBUG: DLL loaded at 0x76320000: C:\Windows\syswow64\api-ms-win-downlevel-user32-l1-1-0 (0x4000 bytes).
2020-10-18 06:33:37,000 [root] DEBUG: DLL loaded at 0x732B0000: C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0 (0x4000 bytes).
2020-10-18 06:33:37,000 [root] DEBUG: DLL loaded at 0x74B50000: C:\Windows\syswow64\api-ms-win-downlevel-version-l1-1-0 (0x4000 bytes).
2020-10-18 06:33:37,000 [root] DEBUG: DLL loaded at 0x74A00000: C:\Windows\syswow64\api-ms-win-downlevel-normaliz-l1-1-0 (0x3000 bytes).
2020-10-18 06:33:37,000 [root] DEBUG: DLL loaded at 0x75170000: C:\Windows\syswow64\normaliz (0x3000 bytes).
2020-10-18 06:33:37,015 [root] DEBUG: DLL loaded at 0x74F50000: C:\Windows\syswow64\iertutil (0x215000 bytes).
2020-10-18 06:33:37,187 [root] DEBUG: DLL loaded at 0x76790000: C:\Windows\syswow64\SETUPAPI (0x19d000 bytes).
2020-10-18 06:33:37,187 [root] DEBUG: DLL loaded at 0x75E60000: C:\Windows\syswow64\CFGMGR32 (0x27000 bytes).
2020-10-18 06:33:37,187 [root] DEBUG: DLL loaded at 0x74B30000: C:\Windows\syswow64\DEVOBJ (0x12000 bytes).
2020-10-18 06:33:37,203 [root] DEBUG: DLL loaded at 0x73F70000: C:\Windows\system32\ntmarta (0x21000 bytes).
2020-10-18 06:33:37,203 [root] DEBUG: DLL loaded at 0x74B60000: C:\Windows\syswow64\WLDAP32 (0x45000 bytes).
2020-10-18 06:33:37,218 [root] DEBUG: DLL unloaded from 0x75180000.
2020-10-18 06:33:37,218 [root] DEBUG: DLL loaded at 0x76650000: C:\Windows\SysWOW64\urlmon (0x124000 bytes).
2020-10-18 06:33:37,234 [root] DEBUG: DLL loaded at 0x76330000: C:\Windows\syswow64\api-ms-win-downlevel-ole32-l1-1-0 (0x4000 bytes).
2020-10-18 06:33:37,265 [root] DEBUG: DLL loaded at 0x74C10000: C:\Windows\syswow64\WININET (0x1c4000 bytes).
2020-10-18 06:33:37,265 [root] DEBUG: DLL loaded at 0x73210000: C:\Windows\system32\Secur32 (0x8000 bytes).
2020-10-18 06:33:37,406 [root] INFO: Announced 32-bit process name: schtasks.exe pid: 4140
2020-10-18 06:33:37,406 [lib.api.process] INFO: Monitor config for process 4140: C:\tmplodztmkc\dll\4140.ini
2020-10-18 06:33:37,437 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmplodztmkc\dll\YNJLUVmE.dll, loader C:\tmplodztmkc\bin\awScRbr.exe
2020-10-18 06:33:37,468 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\efKTbML.
2020-10-18 06:33:37,468 [root] DEBUG: Loader: Injecting process 4140 (thread 4124) with C:\tmplodztmkc\dll\YNJLUVmE.dll.
2020-10-18 06:33:37,468 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\tmplodztmkc\dll\YNJLUVmE.dll.
2020-10-18 06:33:37,484 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-10-18 06:33:37,484 [root] DEBUG: Successfully injected DLL C:\tmplodztmkc\dll\YNJLUVmE.dll.
2020-10-18 06:33:37,562 [root] DEBUG: CreateProcessHandler: Injection info set for new process 4140, ImageBase: 0x002F0000
2020-10-18 06:33:37,562 [root] INFO: Announced 32-bit process name: schtasks.exe pid: 4140
2020-10-18 06:33:37,562 [lib.api.process] INFO: Monitor config for process 4140: C:\tmplodztmkc\dll\4140.ini
2020-10-18 06:33:37,562 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmplodztmkc\dll\YNJLUVmE.dll, loader C:\tmplodztmkc\bin\awScRbr.exe
2020-10-18 06:33:37,578 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\efKTbML.
2020-10-18 06:33:37,578 [root] DEBUG: Loader: Injecting process 4140 (thread 4124) with C:\tmplodztmkc\dll\YNJLUVmE.dll.
2020-10-18 06:33:37,578 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\tmplodztmkc\dll\YNJLUVmE.dll.
2020-10-18 06:33:37,593 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-10-18 06:33:37,593 [root] DEBUG: Successfully injected DLL C:\tmplodztmkc\dll\YNJLUVmE.dll.
2020-10-18 06:33:37,625 [root] DEBUG: DLL loaded at 0x732F0000: C:\Windows\system32\RpcRtRemote (0xe000 bytes).
2020-10-18 06:33:37,734 [root] DEBUG: Python path set to 'C:\Users\Louise\AppData\Local\Programs\Python\Python38-32'.
2020-10-18 06:33:37,734 [root] DEBUG: Dropped file limit defaulting to 100.
2020-10-18 06:33:37,750 [root] INFO: Disabling sleep skipping.
2020-10-18 06:33:37,750 [root] DEBUG: RestoreHeaders: Restored original import table.
2020-10-18 06:33:37,750 [root] DEBUG: CAPE initialised: 32-bit monitor loaded in process 4140 at 0x6f3b0000, image base 0x2f0000, stack from 0x266000-0x270000
2020-10-18 06:33:37,750 [root] DEBUG: Commandline: C:\Users\Louise\AppData\Local\Temp\"C:\Windows\System32\schtasks.exe" \Create \TN "Updates\wmiRSwSoPk" \XML "C:\Users\Louise\AppData\Local\Temp\tmpC0C6.tmp"
2020-10-18 06:33:37,796 [root] INFO: Loaded monitor into process with pid 4140
2020-10-18 06:33:37,828 [root] DEBUG: DLL loaded at 0x73390000: C:\Windows\SysWOW64\VERSION (0x9000 bytes).
2020-10-18 06:33:37,828 [root] DEBUG: DLL unloaded from 0x002F0000.
2020-10-18 06:33:37,843 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0xd0 and local view 0x03660000 to global list.
2020-10-18 06:33:37,859 [root] INFO: Stopping Task Scheduler Service
2020-10-18 06:33:38,265 [root] INFO: Stopped Task Scheduler Service
2020-10-18 06:33:38,406 [root] INFO: Starting Task Scheduler Service
2020-10-18 06:33:38,500 [root] INFO: Started Task Scheduler Service
2020-10-18 06:33:38,500 [lib.api.process] INFO: Monitor config for process 848: C:\tmplodztmkc\dll\848.ini
2020-10-18 06:33:38,515 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmplodztmkc\dll\vvpujnZr.dll, loader C:\tmplodztmkc\bin\QUlVlxFw.exe
2020-10-18 06:33:38,531 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\efKTbML.
2020-10-18 06:33:38,531 [root] DEBUG: Loader: Injecting process 848 (thread 0) with C:\tmplodztmkc\dll\vvpujnZr.dll.
2020-10-18 06:33:38,531 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-10-18 06:33:38,546 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed, falling back to thread injection.
2020-10-18 06:33:38,546 [root] DEBUG: InjectDll: IAT patching failed, falling back to thread injection.
2020-10-18 06:33:38,546 [root] DEBUG: Python path set to 'C:\Users\Louise\AppData\Local\Programs\Python\Python38-32'.
2020-10-18 06:33:38,562 [root] DEBUG: Dropped file limit defaulting to 100.
2020-10-18 06:33:38,562 [root] INFO: Disabling sleep skipping.
2020-10-18 06:33:38,562 [root] DEBUG: CAPE initialised: 64-bit monitor loaded in process 848 at 0x000007FEF00E0000, image base 0x00000000FFAF0000, stack from 0x0000000002A06000-0x0000000002A10000
2020-10-18 06:33:38,562 [root] DEBUG: Commandline: C:\Windows\sysnative\svchost.exe -k netsvcs
2020-10-18 06:33:38,640 [root] WARNING: b'Unable to place hook on LockResource'
2020-10-18 06:33:38,640 [root] WARNING: b'Unable to hook LockResource'
2020-10-18 06:33:38,703 [root] INFO: Loaded monitor into process with pid 848
2020-10-18 06:33:38,703 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.
2020-10-18 06:33:38,718 [root] DEBUG: InjectDll: Successfully injected DLL via thread.
2020-10-18 06:33:38,718 [root] DEBUG: Successfully injected DLL C:\tmplodztmkc\dll\vvpujnZr.dll.
2020-10-18 06:33:38,718 [lib.api.process] INFO: Injected into suspended 64-bit process with pid 848
2020-10-18 06:33:40,718 [root] DEBUG: DLL loaded at 0x75DD0000: C:\Windows\syswow64\CLBCatQ (0x83000 bytes).
2020-10-18 06:33:40,718 [root] DEBUG: DLL loaded at 0x73310000: C:\Windows\SysWOW64\taskschd (0x7d000 bytes).
2020-10-18 06:33:42,781 [root] DEBUG: NtTerminateProcess hook: Attempting to dump process 4140
2020-10-18 06:33:42,781 [root] DEBUG: GetHookCallerBase: thread 4124 (handle 0x0), return address 0x00307569, allocation base 0x002F0000.
2020-10-18 06:33:42,796 [root] DEBUG: DoProcessDump: Dumping Imagebase at 0x002F0000.
2020-10-18 06:33:42,796 [root] DEBUG: DumpImageInCurrentProcess: Attempting to dump virtual PE image.
2020-10-18 06:33:42,796 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x002F0000.
2020-10-18 06:33:42,796 [root] DEBUG: DumpProcess: Module entry point VA is 0x00017683.
2020-10-18 06:33:42,843 [root] DEBUG: DumpProcess: Module image dump success - dump size 0x2b400.
2020-10-18 06:33:42,843 [root] DEBUG: DLL unloaded from 0x76AB0000.
2020-10-18 06:33:42,859 [root] INFO: Process with pid 4140 has terminated
2020-10-18 06:33:43,015 [root] DEBUG: set_caller_info: Adding region at 0x022E0000 to caller regions list (ntdll::NtQueryPerformanceCounter).
2020-10-18 06:33:43,015 [root] DEBUG: DumpPEsInRange: Scanning range 0x22e0000 - 0x22f0000.
2020-10-18 06:33:43,015 [root] DEBUG: TestPERequirements: Exception occurred reading region at 0x22e1043
2020-10-18 06:33:43,031 [root] DEBUG: ScanForDisguisedPE: Exception occurred scanning buffer at 0x22e0fc1
2020-10-18 06:33:43,031 [root] DEBUG: ScanForNonZero: Exception occurred reading memory address 0x22f0000
2020-10-18 06:33:43,031 [root] DEBUG: DumpMemory: Nothing to dump at 0x022E0000!
2020-10-18 06:33:43,031 [root] DEBUG: DumpRegion: Failed to dump entire allocation from 0x022E0000 size 0x10000.
2020-10-18 06:33:43,140 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\GJYmmGiTDr\CAPE\4460_1428128763441521180102020 (size 0xf8c)
2020-10-18 06:33:43,140 [root] DEBUG: DumpRegion: Dumped region at 0x022E0000, size 0x1000.
2020-10-18 06:33:43,187 [root] INFO: Announced 32-bit process name: DHL FILE 267382.exe pid: 3320
2020-10-18 06:33:43,187 [lib.api.process] INFO: Monitor config for process 3320: C:\tmplodztmkc\dll\3320.ini
2020-10-18 06:33:43,187 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmplodztmkc\dll\YNJLUVmE.dll, loader C:\tmplodztmkc\bin\awScRbr.exe
2020-10-18 06:33:43,249 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\efKTbML.
2020-10-18 06:33:43,249 [root] DEBUG: Loader: Injecting process 3320 (thread 3324) with C:\tmplodztmkc\dll\YNJLUVmE.dll.
2020-10-18 06:33:43,265 [root] DEBUG: InjectDllViaIAT: Executable is .NET, injecting via queued APC.
2020-10-18 06:33:43,281 [root] DEBUG: InjectDllViaQueuedAPC: APC injection queued.
2020-10-18 06:33:43,296 [root] DEBUG: Successfully injected DLL C:\tmplodztmkc\dll\YNJLUVmE.dll.
2020-10-18 06:33:43,359 [root] DEBUG: CreateProcessHandler: Injection info set for new process 3320, ImageBase: 0x00D70000
2020-10-18 06:33:43,359 [root] INFO: Announced 32-bit process name: DHL FILE 267382.exe pid: 3320
2020-10-18 06:33:43,359 [lib.api.process] INFO: Monitor config for process 3320: C:\tmplodztmkc\dll\3320.ini
2020-10-18 06:33:43,359 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmplodztmkc\dll\YNJLUVmE.dll, loader C:\tmplodztmkc\bin\awScRbr.exe
2020-10-18 06:33:43,375 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\efKTbML.
2020-10-18 06:33:43,375 [root] DEBUG: Loader: Injecting process 3320 (thread 3324) with C:\tmplodztmkc\dll\YNJLUVmE.dll.
2020-10-18 06:33:43,421 [root] DEBUG: InjectDllViaIAT: Executable is .NET, injecting via queued APC.
2020-10-18 06:33:43,421 [root] DEBUG: InjectDllViaQueuedAPC: APC injection queued.
2020-10-18 06:33:43,421 [root] DEBUG: Successfully injected DLL C:\tmplodztmkc\dll\YNJLUVmE.dll.
2020-10-18 06:33:43,484 [root] DEBUG: WriteMemoryHandler: Executable binary injected into process 3320 (ImageBase 0x400000)
2020-10-18 06:33:43,484 [root] DEBUG: DumpImageInCurrentProcess: Attempting to dump 'raw' PE image.
2020-10-18 06:33:43,484 [root] DEBUG: DumpPE: Instantiating PeParser with address: 0x051A8F30.
2020-10-18 06:33:43,484 [root] DEBUG: DumpPE: Empty or inaccessible last section, file image seems incomplete (from 0x051C0F30 to 0x051C2F30).
2020-10-18 06:33:43,515 [root] DEBUG: DumpPE: PE file in memory dumped successfully - dump size 0x1a000.
2020-10-18 06:33:43,515 [root] DEBUG: WriteMemoryHandler: Dumped PE image from buffer at 0x51a8f30, SizeOfImage 0xa2000.
2020-10-18 06:33:43,562 [root] INFO: Announced 32-bit process name: DHL FILE 267382.exe pid: 3320
2020-10-18 06:33:43,562 [lib.api.process] INFO: Monitor config for process 3320: C:\tmplodztmkc\dll\3320.ini
2020-10-18 06:33:43,562 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmplodztmkc\dll\YNJLUVmE.dll, loader C:\tmplodztmkc\bin\awScRbr.exe
2020-10-18 06:33:43,671 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\efKTbML.
2020-10-18 06:33:43,671 [root] DEBUG: Loader: Injecting process 3320 (thread 0) with C:\tmplodztmkc\dll\YNJLUVmE.dll.
2020-10-18 06:33:43,671 [root] DEBUG: InjectDll: No thread ID supplied, initial thread ID 3324, handle 0xbc
2020-10-18 06:33:43,671 [root] DEBUG: InjectDllViaIAT: Executable is .NET, injecting via queued APC.
2020-10-18 06:33:43,671 [root] DEBUG: InjectDllViaQueuedAPC: APC injection queued.
2020-10-18 06:33:43,671 [root] DEBUG: Successfully injected DLL C:\tmplodztmkc\dll\YNJLUVmE.dll.
2020-10-18 06:33:43,703 [root] DEBUG: WriteMemoryHandler: shellcode at 0x03EFD1A8 (size 0x13800) injected into process 3320.
2020-10-18 06:33:43,765 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\GJYmmGiTDr\CAPE\4460_684478969451521180102020 (size 0x1375b)
2020-10-18 06:33:43,796 [root] DEBUG: WriteMemoryHandler: Dumped injected code/data from buffer.
2020-10-18 06:33:43,796 [root] INFO: Announced 32-bit process name: DHL FILE 267382.exe pid: 3320
2020-10-18 06:33:43,796 [lib.api.process] INFO: Monitor config for process 3320: C:\tmplodztmkc\dll\3320.ini
2020-10-18 06:33:43,796 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmplodztmkc\dll\YNJLUVmE.dll, loader C:\tmplodztmkc\bin\awScRbr.exe
2020-10-18 06:33:43,937 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\efKTbML.
2020-10-18 06:33:43,937 [root] DEBUG: Loader: Injecting process 3320 (thread 0) with C:\tmplodztmkc\dll\YNJLUVmE.dll.
2020-10-18 06:33:43,937 [root] DEBUG: InjectDll: No thread ID supplied, initial thread ID 3324, handle 0xbc
2020-10-18 06:33:43,937 [root] DEBUG: InjectDllViaIAT: Executable is .NET, injecting via queued APC.
2020-10-18 06:33:43,937 [root] DEBUG: InjectDllViaQueuedAPC: APC injection queued.
2020-10-18 06:33:43,937 [root] DEBUG: Successfully injected DLL C:\tmplodztmkc\dll\YNJLUVmE.dll.
2020-10-18 06:33:43,953 [root] DEBUG: WriteMemoryHandler: shellcode at 0x03F109B4 (size 0x4200) injected into process 3320.
2020-10-18 06:33:43,968 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\GJYmmGiTDr\CAPE\4460_1841807310451521180102020 (size 0x405e)
2020-10-18 06:33:43,968 [root] DEBUG: WriteMemoryHandler: Dumped injected code/data from buffer.
2020-10-18 06:33:43,968 [root] INFO: Announced 32-bit process name: DHL FILE 267382.exe pid: 3320
2020-10-18 06:33:43,968 [lib.api.process] INFO: Monitor config for process 3320: C:\tmplodztmkc\dll\3320.ini
2020-10-18 06:33:43,968 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmplodztmkc\dll\YNJLUVmE.dll, loader C:\tmplodztmkc\bin\awScRbr.exe
2020-10-18 06:33:43,984 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\efKTbML.
2020-10-18 06:33:43,984 [root] DEBUG: Loader: Injecting process 3320 (thread 0) with C:\tmplodztmkc\dll\YNJLUVmE.dll.
2020-10-18 06:33:43,984 [root] DEBUG: InjectDll: No thread ID supplied, initial thread ID 3324, handle 0xbc
2020-10-18 06:33:44,000 [root] DEBUG: InjectDllViaIAT: Executable is .NET, injecting via queued APC.
2020-10-18 06:33:44,000 [root] DEBUG: InjectDllViaQueuedAPC: APC injection queued.
2020-10-18 06:33:44,000 [root] DEBUG: Successfully injected DLL C:\tmplodztmkc\dll\YNJLUVmE.dll.
2020-10-18 06:33:44,000 [root] DEBUG: WriteMemoryHandler: shellcode at 0x03F14BC0 (size 0x200) injected into process 3320.
2020-10-18 06:33:44,031 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\GJYmmGiTDr\CAPE\4460_1582384652451521180102020 (size 0x10)
2020-10-18 06:33:44,031 [root] DEBUG: WriteMemoryHandler: Dumped injected code/data from buffer.
2020-10-18 06:33:44,046 [root] INFO: Announced 32-bit process name: DHL FILE 267382.exe pid: 3320
2020-10-18 06:33:44,046 [lib.api.process] INFO: Monitor config for process 3320: C:\tmplodztmkc\dll\3320.ini
2020-10-18 06:33:44,046 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmplodztmkc\dll\YNJLUVmE.dll, loader C:\tmplodztmkc\bin\awScRbr.exe
2020-10-18 06:33:44,062 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\efKTbML.
2020-10-18 06:33:44,062 [root] DEBUG: Loader: Injecting process 3320 (thread 0) with C:\tmplodztmkc\dll\YNJLUVmE.dll.
2020-10-18 06:33:44,062 [root] DEBUG: InjectDll: No thread ID supplied, initial thread ID 3324, handle 0xbc
2020-10-18 06:33:44,062 [root] DEBUG: InjectDllViaIAT: Executable is .NET, injecting via queued APC.
2020-10-18 06:33:44,062 [root] DEBUG: InjectDllViaQueuedAPC: APC injection queued.
2020-10-18 06:33:44,062 [root] DEBUG: Successfully injected DLL C:\tmplodztmkc\dll\YNJLUVmE.dll.
2020-10-18 06:33:44,078 [root] DEBUG: WriteMemoryHandler: shellcode at 0x03F14DCC (size 0x2000) injected into process 3320.
2020-10-18 06:33:44,093 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\GJYmmGiTDr\CAPE\4460_1194487268451521180102020 (size 0xa2)
2020-10-18 06:33:44,093 [root] DEBUG: WriteMemoryHandler: Dumped injected code/data from buffer.
2020-10-18 06:33:44,109 [root] INFO: Announced 32-bit process name: DHL FILE 267382.exe pid: 3320
2020-10-18 06:33:44,140 [lib.api.process] INFO: Monitor config for process 3320: C:\tmplodztmkc\dll\3320.ini
2020-10-18 06:33:44,140 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmplodztmkc\dll\YNJLUVmE.dll, loader C:\tmplodztmkc\bin\awScRbr.exe
2020-10-18 06:33:44,328 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\efKTbML.
2020-10-18 06:33:44,359 [root] DEBUG: Loader: Injecting process 3320 (thread 0) with C:\tmplodztmkc\dll\YNJLUVmE.dll.
2020-10-18 06:33:44,375 [root] DEBUG: InjectDll: No thread ID supplied, initial thread ID 3324, handle 0xbc
2020-10-18 06:33:44,375 [root] DEBUG: InjectDllViaIAT: Executable is .NET, injecting via queued APC.
2020-10-18 06:33:44,375 [root] DEBUG: InjectDllViaQueuedAPC: APC injection queued.
2020-10-18 06:33:44,375 [root] DEBUG: Successfully injected DLL C:\tmplodztmkc\dll\YNJLUVmE.dll.
2020-10-18 06:33:44,406 [root] INFO: Announced 32-bit process name: DHL FILE 267382.exe pid: 3320
2020-10-18 06:33:44,406 [lib.api.process] INFO: Monitor config for process 3320: C:\tmplodztmkc\dll\3320.ini
2020-10-18 06:33:44,406 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmplodztmkc\dll\YNJLUVmE.dll, loader C:\tmplodztmkc\bin\awScRbr.exe
2020-10-18 06:33:44,421 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\efKTbML.
2020-10-18 06:33:44,421 [root] DEBUG: Loader: Injecting process 3320 (thread 0) with C:\tmplodztmkc\dll\YNJLUVmE.dll.
2020-10-18 06:33:44,421 [root] DEBUG: InjectDll: No thread ID supplied, initial thread ID 3324, handle 0xbc
2020-10-18 06:33:44,421 [root] DEBUG: InjectDllViaIAT: Modified EP detected, rebasing IAT patch to new image base 0x00400000 (context EP 0x00DCAC9E)
2020-10-18 06:33:44,468 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\tmplodztmkc\dll\YNJLUVmE.dll.
2020-10-18 06:33:44,468 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-10-18 06:33:44,562 [root] DEBUG: Successfully injected DLL C:\tmplodztmkc\dll\YNJLUVmE.dll.
2020-10-18 06:33:44,609 [root] DEBUG: SetThreadContextHandler: Hollow process entry point reset via NtSetContextThread to 0x000139DE (process 3320).
2020-10-18 06:33:44,609 [root] INFO: Announced 32-bit process name: DHL FILE 267382.exe pid: 3320
2020-10-18 06:33:44,609 [lib.api.process] INFO: Monitor config for process 3320: C:\tmplodztmkc\dll\3320.ini
2020-10-18 06:33:44,625 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmplodztmkc\dll\YNJLUVmE.dll, loader C:\tmplodztmkc\bin\awScRbr.exe
2020-10-18 06:33:44,640 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\efKTbML.
2020-10-18 06:33:44,640 [root] DEBUG: Loader: Injecting process 3320 (thread 3324) with C:\tmplodztmkc\dll\YNJLUVmE.dll.
2020-10-18 06:33:44,640 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\tmplodztmkc\dll\YNJLUVmE.dll.
2020-10-18 06:33:44,640 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-10-18 06:33:44,640 [root] DEBUG: Successfully injected DLL C:\tmplodztmkc\dll\YNJLUVmE.dll.
2020-10-18 06:33:44,656 [root] DEBUG: ResumeThreadHandler: Dumping section view for process 3320.
2020-10-18 06:33:44,687 [root] DEBUG: Python path set to 'C:\Users\Louise\AppData\Local\Programs\Python\Python38-32'.
2020-10-18 06:33:44,687 [root] DEBUG: Dropped file limit defaulting to 100.
2020-10-18 06:33:44,703 [root] INFO: Disabling sleep skipping.
2020-10-18 06:33:44,703 [root] DEBUG: NtTerminateProcess hook: Attempting to dump process 4460
2020-10-18 06:33:44,718 [root] DEBUG: RestoreHeaders: Restored original import table.
2020-10-18 06:33:44,718 [root] DEBUG: GetHookCallerBase: thread 4060 (handle 0x0), return address 0x022E1879, allocation base 0x022E0000.
2020-10-18 06:33:44,718 [root] DEBUG: CAPE initialised: 32-bit monitor loaded in process 3320 at 0x6f3b0000, image base 0x400000, stack from 0x376000-0x380000
2020-10-18 06:33:44,718 [root] DEBUG: DoProcessDump: Dumping Imagebase at 0x00D70000.
2020-10-18 06:33:44,718 [root] DEBUG: Commandline: C:\Users\Louise\AppData\Local\Temp\"{path}"
2020-10-18 06:33:44,734 [root] DEBUG: LooksLikeSectionBoundary: Exception occured reading around suspected boundary at 0x00D72000
2020-10-18 06:33:44,765 [root] DEBUG: DumpImageInCurrentProcess: Attempting to dump 'raw' PE image.
2020-10-18 06:33:44,781 [root] DEBUG: DLL unloaded from 0x731E0000.
2020-10-18 06:33:44,781 [root] DEBUG: DLL unloaded from 0x763D0000.
2020-10-18 06:33:44,796 [root] DEBUG: DLL unloaded from 0x731E0000.
2020-10-18 06:33:44,796 [root] DEBUG: DLL unloaded from 0x763D0000.
2020-10-18 06:33:44,796 [root] DEBUG: DLL unloaded from 0x763D0000.
2020-10-18 06:33:44,796 [root] DEBUG: DLL unloaded from 0x03A80000.
2020-10-18 06:33:44,796 [root] DEBUG: DLL unloaded from 0x72A50000.
2020-10-18 06:33:44,812 [root] DEBUG: set_caller_info: Adding region at 0x00090000 to caller regions list (ntdll::LdrLoadDll).
2020-10-18 06:33:44,812 [root] DEBUG: DLL unloaded from 0x76AB0000.
2020-10-18 06:33:44,812 [root] DEBUG: DumpPEsInRange: Scanning range 0x90000 - 0x91000.
2020-10-18 06:33:44,828 [root] DEBUG: DLL unloaded from 0x73F70000.
2020-10-18 06:33:45,015 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0xf8 and local view 0x70D40000 to global list.
2020-10-18 06:33:45,031 [root] DEBUG: DLL loaded at 0x70D40000: C:\Program Files (x86)\Mozilla Firefox\nss3 (0x22f000 bytes).
2020-10-18 06:33:45,046 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x72AD0000 for section view with handle 0xf8.
2020-10-18 06:33:45,046 [root] DEBUG: DLL loaded at 0x72AD0000: C:\Program Files (x86)\Mozilla Firefox\mozglue (0x71000 bytes).
2020-10-18 06:33:45,062 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0xfc and local view 0x761F0000 to global list.
2020-10-18 06:33:45,062 [root] DEBUG: DLL loaded at 0x761F0000: C:\Windows\syswow64\CRYPT32 (0x122000 bytes).
2020-10-18 06:33:45,062 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x76AA0000 for section view with handle 0xfc.
2020-10-18 06:33:45,078 [root] DEBUG: DLL loaded at 0x76AA0000: C:\Windows\syswow64\MSASN1 (0xc000 bytes).
2020-10-18 06:33:45,078 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x73390000 for section view with handle 0xf8.
2020-10-18 06:33:45,078 [root] DEBUG: DLL loaded at 0x73390000: C:\Windows\system32\VERSION (0x9000 bytes).
2020-10-18 06:33:45,078 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x75F10000 for section view with handle 0xfc.
2020-10-18 06:33:45,093 [root] DEBUG: DLL loaded at 0x75F10000: C:\Windows\syswow64\WINTRUST (0x2f000 bytes).
2020-10-18 06:33:45,093 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x730E0000 for section view with handle 0xf8.
2020-10-18 06:33:45,093 [root] DEBUG: DLL loaded at 0x730E0000: C:\Windows\system32\dbghelp (0xeb000 bytes).
2020-10-18 06:33:45,140 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x72A50000 for section view with handle 0xf8.
2020-10-18 06:33:45,328 [root] DEBUG: DLL loaded at 0x72A50000: C:\Windows\system32\MSVCP140 (0x71000 bytes).
2020-10-18 06:33:45,453 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x73200000 for section view with handle 0xf8.
2020-10-18 06:33:45,500 [root] DEBUG: DLL loaded at 0x73200000: C:\Windows\system32\VCRUNTIME140 (0x15000 bytes).
2020-10-18 06:33:45,531 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x74420000 for section view with handle 0xf8.
2020-10-18 06:33:45,609 [root] DEBUG: DLL loaded at 0x74420000: C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0 (0x4000 bytes).
2020-10-18 06:33:45,609 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x74340000 for section view with handle 0xf8.
2020-10-18 06:33:45,609 [root] DEBUG: DLL loaded at 0x74340000: C:\Windows\system32\ucrtbase (0xe0000 bytes).
2020-10-18 06:33:45,656 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x74250000 for section view with handle 0xf8.
2020-10-18 06:33:45,671 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x732B0000 for section view with handle 0xf8.
2020-10-18 06:33:45,671 [root] DEBUG: DLL loaded at 0x732B0000: C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0 (0x5000 bytes).
2020-10-18 06:33:45,687 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x74240000 for section view with handle 0xf8.
2020-10-18 06:33:45,687 [root] DEBUG: DLL loaded at 0x74240000: C:\Windows\system32\api-ms-win-crt-time-l1-1-0 (0x3000 bytes).
2020-10-18 06:33:45,718 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x74200000 for section view with handle 0xf8.
2020-10-18 06:33:45,859 [root] DEBUG: DLL loaded at 0x74200000: C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0 (0x3000 bytes).
2020-10-18 06:33:45,953 [root] DEBUG: DLL loaded at 0x74220000: C:\Windows\system32\api-ms-win-crt-environment-l1-1-0 (0x3000 bytes).
2020-10-18 06:33:45,953 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x74320000 for section view with handle 0xf8.
2020-10-18 06:33:45,984 [root] DEBUG: DLL loaded at 0x74320000: C:\Windows\system32\api-ms-win-crt-utility-l1-1-0 (0x3000 bytes).
2020-10-18 06:33:45,984 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x70D00000 for section view with handle 0xf8.
2020-10-18 06:33:46,046 [root] DEBUG: DLL loaded at 0x70D00000: C:\Windows\system32\WINMM (0x32000 bytes).
2020-10-18 06:33:46,046 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x731F0000 for section view with handle 0xf8.
2020-10-18 06:33:46,062 [root] DEBUG: DLL loaded at 0x731F0000: C:\Windows\system32\WSOCK32 (0x7000 bytes).
2020-10-18 06:33:46,093 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x12c and local view 0x70CC0000 to global list.
2020-10-18 06:33:46,093 [root] DEBUG: DLL loaded at 0x70CC0000: C:\Program Files (x86)\Mozilla Firefox\softokn3 (0x37000 bytes).
2020-10-18 06:33:46,328 [root] DEBUG: DLL unloaded from 0x70C50000.
2020-10-18 06:33:46,343 [root] DEBUG: DLL unloaded from 0x70CC0000.
2020-10-18 06:33:46,343 [root] DEBUG: DLL unloaded from 0x70D40000.
2020-10-18 06:33:46,359 [root] DEBUG: DLL unloaded from 0x731E0000.
2020-10-18 06:33:46,359 [root] DEBUG: DLL unloaded from 0x763D0000.
2020-10-18 06:33:46,515 [root] DEBUG: DLL unloaded from 0x731E0000.
2020-10-18 06:33:46,515 [root] DEBUG: DLL unloaded from 0x763D0000.
2020-10-18 06:33:46,531 [root] DEBUG: DLL unloaded from 0x75EA0000.
2020-10-18 06:33:46,531 [root] DEBUG: DLL unloaded from 0x731E0000.
2020-10-18 06:33:46,546 [root] DEBUG: DLL unloaded from 0x763D0000.
2020-10-18 06:33:47,328 [root] DEBUG: DLL loaded at 0x732B0000: C:\Windows\system32\vaultcli (0xc000 bytes).
2020-10-18 06:33:47,406 [root] DEBUG: DLL unloaded from 0x76560000.
2020-10-18 06:33:47,453 [root] DEBUG: set_caller_info: Adding region at 0x000007FEEF9B0000 to caller regions list (msvcrt::memcpy).
2020-10-18 06:33:47,468 [root] DEBUG: set_caller_info: Calling region at 0x000007FEEF9B0000 skipped.
2020-10-18 06:33:47,515 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x11b0 and local view 0x0000000006DF0000 to global list.
2020-10-18 06:33:47,656 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x1120 and local view 0x0000000000C60000 to global list.
2020-10-18 06:33:47,671 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x0000000000CF0000 for section view with handle 0x1120.
2020-10-18 06:33:47,671 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x0000000000C60000 for section view with handle 0x1120.
2020-10-18 06:33:47,687 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x0000000000CF0000 for section view with handle 0x1120.
2020-10-18 06:33:47,687 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x0000000000C60000 for section view with handle 0x1120.
2020-10-18 06:33:47,828 [root] INFO: Announced starting service "b'VaultSvc'"
2020-10-18 06:33:47,828 [lib.api.process] INFO: Monitor config for process 472: C:\tmplodztmkc\dll\472.ini
2020-10-18 06:33:47,843 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmplodztmkc\dll\vvpujnZr.dll, loader C:\tmplodztmkc\bin\QUlVlxFw.exe
2020-10-18 06:33:47,859 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\efKTbML.
2020-10-18 06:33:47,859 [root] DEBUG: Loader: Injecting process 472 (thread 0) with C:\tmplodztmkc\dll\vvpujnZr.dll.
2020-10-18 06:33:47,859 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-10-18 06:33:47,859 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed, falling back to thread injection.
2020-10-18 06:33:47,859 [root] DEBUG: InjectDll: IAT patching failed, falling back to thread injection.
2020-10-18 06:33:47,875 [root] DEBUG: Python path set to 'C:\Users\Louise\AppData\Local\Programs\Python\Python38-32'.
2020-10-18 06:33:47,890 [root] DEBUG: Dropped file limit defaulting to 100.
2020-10-18 06:33:47,890 [root] INFO: Disabling sleep skipping.
2020-10-18 06:33:47,906 [root] DEBUG: CAPE initialised: 64-bit monitor loaded in process 472 at 0x000007FEF00E0000, image base 0x00000000FF540000, stack from 0x00000000019E6000-0x00000000019F0000
2020-10-18 06:33:47,921 [root] DEBUG: Commandline: C:\Windows\sysnative\services.exe
2020-10-18 06:33:47,968 [root] WARNING: b'Unable to place hook on LockResource'
2020-10-18 06:33:47,968 [root] WARNING: b'Unable to hook LockResource'
2020-10-18 06:33:47,984 [root] INFO: Loaded monitor into process with pid 472
2020-10-18 06:33:47,984 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.
2020-10-18 06:33:48,000 [root] DEBUG: InjectDll: Successfully injected DLL via thread.
2020-10-18 06:33:48,000 [root] DEBUG: Successfully injected DLL C:\tmplodztmkc\dll\vvpujnZr.dll.
2020-10-18 06:33:48,000 [lib.api.process] INFO: Injected into suspended 64-bit process with pid 472
2020-10-18 06:33:49,046 [root] INFO: Announced 64-bit process name: lsass.exe pid: 4104
2020-10-18 06:33:49,046 [lib.api.process] INFO: Monitor config for process 4104: C:\tmplodztmkc\dll\4104.ini
2020-10-18 06:33:49,046 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmplodztmkc\dll\vvpujnZr.dll, loader C:\tmplodztmkc\bin\QUlVlxFw.exe
2020-10-18 06:33:49,062 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\efKTbML.
2020-10-18 06:33:49,078 [root] DEBUG: Loader: Injecting process 4104 (thread 1216) with C:\tmplodztmkc\dll\vvpujnZr.dll.
2020-10-18 06:33:49,078 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\tmplodztmkc\dll\vvpujnZr.dll.
2020-10-18 06:33:49,078 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-10-18 06:33:49,078 [root] DEBUG: Successfully injected DLL C:\tmplodztmkc\dll\vvpujnZr.dll.
2020-10-18 06:33:49,093 [root] DEBUG: CreateProcessHandler: using lpCommandLine: C:\Windows\system32\lsass.exe.
2020-10-18 06:33:49,093 [root] DEBUG: CreateProcessHandler: Injection info set for new process 4104, ImageBase: 0x00000000FFA50000
2020-10-18 06:33:49,093 [root] INFO: Announced 64-bit process name: lsass.exe pid: 4104
2020-10-18 06:33:49,093 [lib.api.process] INFO: Monitor config for process 4104: C:\tmplodztmkc\dll\4104.ini
2020-10-18 06:33:49,093 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmplodztmkc\dll\vvpujnZr.dll, loader C:\tmplodztmkc\bin\QUlVlxFw.exe
2020-10-18 06:33:49,109 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\efKTbML.
2020-10-18 06:33:49,109 [root] DEBUG: Loader: Injecting process 4104 (thread 1216) with C:\tmplodztmkc\dll\vvpujnZr.dll.
2020-10-18 06:33:49,125 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\tmplodztmkc\dll\vvpujnZr.dll.
2020-10-18 06:33:49,125 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-10-18 06:33:49,125 [root] DEBUG: Successfully injected DLL C:\tmplodztmkc\dll\vvpujnZr.dll.
2020-10-18 06:33:49,140 [root] DEBUG: ResumeThreadHandler: Dumping section view for process 4104.
2020-10-18 06:33:49,187 [root] DEBUG: Python path set to 'C:\Users\Louise\AppData\Local\Programs\Python\Python38-32'.
2020-10-18 06:33:49,187 [root] DEBUG: Dropped file limit defaulting to 100.
2020-10-18 06:33:49,203 [root] INFO: Disabling sleep skipping.
2020-10-18 06:33:49,203 [root] DEBUG: RestoreHeaders: Restored original import table.
2020-10-18 06:33:49,203 [root] DEBUG: CAPE initialised: 64-bit monitor loaded in process 4104 at 0x000007FEF00E0000, image base 0x00000000FFA50000, stack from 0x0000000000134000-0x0000000000140000
2020-10-18 06:33:49,203 [root] DEBUG: Commandline: C:\Windows\sysnative\lsass.exe
2020-10-18 06:33:49,249 [root] WARNING: b'Unable to place hook on LockResource'
2020-10-18 06:33:49,281 [root] WARNING: b'Unable to hook LockResource'
2020-10-18 06:34:00,656 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF4D80000 to caller regions list (ntdll::NtWaitForSingleObject).
2020-10-18 06:34:00,656 [root] DEBUG: set_caller_info: Calling region at 0x000007FEF4D80000 skipped.
2020-10-18 06:34:05,359 [root] DEBUG: api-rate-cap: NtSetTimer hook disabled.
2020-10-18 06:34:19,140 [root] INFO: Process with pid 4104 has terminated
2020-10-18 06:34:19,171 [root] INFO: Announced 32-bit process name: DHL FILE 267382.exe pid: 3320
2020-10-18 06:34:19,171 [lib.api.process] INFO: Monitor config for process 3320: C:\tmplodztmkc\dll\3320.ini
2020-10-18 06:34:19,171 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmplodztmkc\dll\YNJLUVmE.dll, loader C:\tmplodztmkc\bin\awScRbr.exe
2020-10-18 06:34:19,249 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\efKTbML.
2020-10-18 06:34:19,265 [root] DEBUG: Loader: Injecting process 3320 (thread 4268) with C:\tmplodztmkc\dll\YNJLUVmE.dll.
2020-10-18 06:34:19,265 [root] DEBUG: InjectDllViaIAT: Not a new process, aborting IAT patch
2020-10-18 06:34:19,265 [root] DEBUG: InjectDll: IAT patching failed, falling back to queued APC injection.
2020-10-18 06:34:19,265 [root] DEBUG: InjectDllViaQueuedAPC: APC injection queued.
2020-10-18 06:34:19,265 [root] DEBUG: InjectDll: Successfully injected DLL via thread.
2020-10-18 06:34:19,281 [root] DEBUG: Successfully injected DLL C:\tmplodztmkc\dll\YNJLUVmE.dll.
2020-10-18 06:34:19,281 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3320
2020-10-18 06:34:19,281 [root] DEBUG: set_caller_info: Adding region at 0x00170000 to caller regions list (ntdll::LdrLoadDll).
2020-10-18 06:34:19,281 [root] DEBUG: DumpPEsInRange: Scanning range 0x170000 - 0x171000.
2020-10-18 06:34:19,296 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x170000-0x171000.
2020-10-18 06:34:19,312 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\GJYmmGiTDr\CAPE\3320_343501368191421180102020 (size 0x12c)
2020-10-18 06:34:20,031 [root] DEBUG: DLL unloaded from 0x000007FEFEFA0000.
2020-10-18 06:34:20,078 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0xf30 and local view 0x0000000006DF0000 to global list.
2020-10-18 06:34:20,140 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0xb8c and local view 0x0000000000C60000 to global list.
2020-10-18 06:34:20,140 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x0000000000CF0000 for section view with handle 0xb8c.
2020-10-18 06:34:20,156 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x0000000000C60000 for section view with handle 0xb8c.
2020-10-18 06:34:20,171 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x0000000000CF0000 for section view with handle 0xb8c.
2020-10-18 06:34:20,171 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x0000000000C60000 for section view with handle 0xb8c.
2020-10-18 06:34:20,328 [root] INFO: Announced starting service "b'WerSvc'"
2020-10-18 06:34:20,375 [root] INFO: Announced 64-bit process name: svchost.exe pid: 764
2020-10-18 06:34:20,375 [lib.api.process] INFO: Monitor config for process 764: C:\tmplodztmkc\dll\764.ini
2020-10-18 06:34:20,421 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmplodztmkc\dll\vvpujnZr.dll, loader C:\tmplodztmkc\bin\QUlVlxFw.exe
2020-10-18 06:34:20,468 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\efKTbML.
2020-10-18 06:34:20,468 [root] DEBUG: Loader: Injecting process 764 (thread 4736) with C:\tmplodztmkc\dll\vvpujnZr.dll.
2020-10-18 06:34:20,468 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\tmplodztmkc\dll\vvpujnZr.dll.
2020-10-18 06:34:20,468 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-10-18 06:34:20,468 [root] DEBUG: Successfully injected DLL C:\tmplodztmkc\dll\vvpujnZr.dll.
2020-10-18 06:34:20,484 [root] DEBUG: CreateProcessHandler: using lpCommandLine: C:\Windows\System32\svchost.exe -k WerSvcGroup.
2020-10-18 06:34:20,484 [root] DEBUG: CreateProcessHandler: Injection info set for new process 764, ImageBase: 0x00000000FFAF0000
2020-10-18 06:34:20,484 [root] INFO: Announced 64-bit process name: svchost.exe pid: 764
2020-10-18 06:34:20,484 [lib.api.process] INFO: Monitor config for process 764: C:\tmplodztmkc\dll\764.ini
2020-10-18 06:34:20,500 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmplodztmkc\dll\vvpujnZr.dll, loader C:\tmplodztmkc\bin\QUlVlxFw.exe
2020-10-18 06:34:20,515 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\efKTbML.
2020-10-18 06:34:20,515 [root] DEBUG: Loader: Injecting process 764 (thread 4736) with C:\tmplodztmkc\dll\vvpujnZr.dll.
2020-10-18 06:34:20,515 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\tmplodztmkc\dll\vvpujnZr.dll.
2020-10-18 06:34:20,515 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-10-18 06:34:20,515 [root] DEBUG: Successfully injected DLL C:\tmplodztmkc\dll\vvpujnZr.dll.
2020-10-18 06:34:20,531 [root] DEBUG: ResumeThreadHandler: Dumping section view for process 764.
2020-10-18 06:34:20,562 [root] DEBUG: Python path set to 'C:\Users\Louise\AppData\Local\Programs\Python\Python38-32'.
2020-10-18 06:34:20,562 [root] DEBUG: Dropped file limit defaulting to 100.
2020-10-18 06:34:20,687 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0xe0 and local view 0x00000000024A0000 to global list.
2020-10-18 06:34:20,687 [root] DEBUG: DLL loaded at 0x000007FEFB820000: c:\windows\system32\wersvc (0x18000 bytes).
2020-10-18 06:34:20,687 [root] DEBUG: DLL unloaded from 0x000007FEFB820000.
2020-10-18 06:34:20,703 [root] INFO: Announced 64-bit process name: svchost.exe pid: 764
2020-10-18 06:34:20,703 [lib.api.process] INFO: Monitor config for process 764: C:\tmplodztmkc\dll\764.ini
2020-10-18 06:34:20,703 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmplodztmkc\dll\vvpujnZr.dll, loader C:\tmplodztmkc\bin\QUlVlxFw.exe
2020-10-18 06:34:20,718 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\efKTbML.
2020-10-18 06:34:20,718 [root] DEBUG: Loader: Injecting process 764 (thread 1816) with C:\tmplodztmkc\dll\vvpujnZr.dll.
2020-10-18 06:34:20,718 [root] DEBUG: InjectDllViaIAT: Not a new process, aborting IAT patch
2020-10-18 06:34:20,718 [root] DEBUG: InjectDll: IAT patching failed, falling back to queued APC injection.
2020-10-18 06:34:20,734 [root] DEBUG: InjectDllViaQueuedAPC: APC injection queued.
2020-10-18 06:34:20,734 [root] DEBUG: InjectDll: Successfully injected DLL via thread.
2020-10-18 06:34:20,734 [root] DEBUG: Successfully injected DLL C:\tmplodztmkc\dll\vvpujnZr.dll.
2020-10-18 06:34:20,734 [lib.api.process] INFO: Injected into suspended 64-bit process with pid 764
2020-10-18 06:34:20,734 [root] DEBUG: set_caller_info: Adding region at 0x0000000000120000 to caller regions list (ntdll::LdrLoadDll).
2020-10-18 06:34:20,734 [root] DEBUG: DumpPEsInRange: Scanning range 0x120000 - 0x121000.
2020-10-18 06:34:20,750 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x120000-0x121000.
2020-10-18 06:34:20,750 [root] DEBUG: DLL loaded at 0x000007FEFCA70000: C:\Windows\System32\cryptbase (0xf000 bytes).
2020-10-18 06:34:20,828 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\GJYmmGiTDr\CAPE\764_250643970203412180102020 (size 0x138)
2020-10-18 06:34:20,828 [root] DEBUG: DumpRegion: Dumped entire allocation from 0x0000000000120000, size 0x1000.
2020-10-18 06:34:20,828 [root] DEBUG: set_caller_info: Adding region at 0x00000000027A0000 to caller regions list (ntdll::LdrLoadDll).
2020-10-18 06:34:20,843 [root] DEBUG: DumpPEsInRange: Scanning range 0x27a0000 - 0x2820000.
2020-10-18 06:34:20,843 [root] DEBUG: ScanForDisguisedPE: Exception occurred scanning buffer at 0x27a0000
2020-10-18 06:34:20,859 [root] DEBUG: DumpMemory: Exception occurred reading memory address 0x27a0000
2020-10-18 06:34:20,859 [root] DEBUG: DumpRegion: Failed to dump entire allocation from 0x00000000027A0000 size 0x80000.
2020-10-18 06:34:20,890 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\GJYmmGiTDr\CAPE\764_1712731574203412180102020 (size 0x7ec)
2020-10-18 06:34:20,890 [root] DEBUG: DumpRegion: Dumped region at 0x000000000281F000, size 0x1000.
2020-10-18 06:34:20,890 [root] DEBUG: DLL loaded at 0x0000000002820000: C:\tmplodztmkc\dll\vvpujnZr (0xfd000 bytes).
2020-10-18 06:34:20,906 [root] DEBUG: RtlDispatchException: Unhandled exception! Address 0x0000000076E1759E, code 0xc0000005, flags 0x0, parameters 0x1 and 0x0.
2020-10-18 06:34:21,625 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF6BA0000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2020-10-18 06:34:21,625 [root] DEBUG: set_caller_info: Calling region at 0x000007FEF6BA0000 skipped.
2020-10-18 06:34:22,000 [root] DEBUG: DLL unloaded from 0x000007FEFBFC0000.
2020-10-18 06:34:35,390 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF5780000 to caller regions list (msvcrt::memcpy).
2020-10-18 06:34:35,390 [root] DEBUG: set_caller_info: Calling region at 0x000007FEF5780000 skipped.
2020-10-18 06:34:35,968 [root] DEBUG: DLL unloaded from 0x000007FEFEFA0000.
2020-10-18 06:34:36,125 [root] INFO: Announced 64-bit process name: svchost.exe pid: 4820
2020-10-18 06:34:36,125 [lib.api.process] INFO: Monitor config for process 4820: C:\tmplodztmkc\dll\4820.ini
2020-10-18 06:34:36,234 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmplodztmkc\dll\vvpujnZr.dll, loader C:\tmplodztmkc\bin\QUlVlxFw.exe
2020-10-18 06:34:36,328 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\efKTbML.
2020-10-18 06:34:36,328 [root] DEBUG: Loader: Injecting process 4820 (thread 4560) with C:\tmplodztmkc\dll\vvpujnZr.dll.
2020-10-18 06:34:36,328 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\tmplodztmkc\dll\vvpujnZr.dll.
2020-10-18 06:34:36,328 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-10-18 06:34:36,328 [root] DEBUG: Successfully injected DLL C:\tmplodztmkc\dll\vvpujnZr.dll.
2020-10-18 06:34:36,390 [root] DEBUG: CreateProcessHandler: using lpCommandLine: C:\Windows\System32\svchost.exe -k WerSvcGroup.
2020-10-18 06:34:36,609 [root] DEBUG: CreateProcessHandler: Injection info set for new process 4820, ImageBase: 0x00000000FFAF0000
2020-10-18 06:34:36,859 [root] WARNING: b'Unable to place hook on LockResource'
2020-10-18 06:34:37,000 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0xe0 and local view 0x0000000002580000 to global list.
2020-10-18 06:34:37,093 [root] DEBUG: DLL loaded at 0x000007FEF4E90000: c:\windows\system32\wersvc (0x18000 bytes).
2020-10-18 06:34:37,203 [root] INFO: Announced 64-bit process name: svchost.exe pid: 4820
2020-10-18 06:34:37,203 [lib.api.process] INFO: Monitor config for process 4820: C:\tmplodztmkc\dll\4820.ini
2020-10-18 06:34:37,312 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmplodztmkc\dll\vvpujnZr.dll, loader C:\tmplodztmkc\bin\QUlVlxFw.exe
2020-10-18 06:34:37,328 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\efKTbML.
2020-10-18 06:34:37,359 [root] DEBUG: Loader: Injecting process 4820 (thread 1412) with C:\tmplodztmkc\dll\vvpujnZr.dll.
2020-10-18 06:34:37,359 [root] DEBUG: InjectDllViaIAT: Not a new process, aborting IAT patch
2020-10-18 06:34:37,515 [root] DEBUG: InjectDll: IAT patching failed, falling back to queued APC injection.
2020-10-18 06:34:37,656 [root] DEBUG: InjectDllViaQueuedAPC: APC injection queued.
2020-10-18 06:34:37,656 [root] DEBUG: InjectDll: Successfully injected DLL via thread.
2020-10-18 06:34:37,656 [root] DEBUG: Successfully injected DLL C:\tmplodztmkc\dll\vvpujnZr.dll.
2020-10-18 06:34:37,656 [lib.api.process] INFO: Injected into suspended 64-bit process with pid 4820
2020-10-18 06:34:37,656 [root] DEBUG: set_caller_info: Adding region at 0x00000000000A0000 to caller regions list (ntdll::LdrLoadDll).
2020-10-18 06:34:37,656 [root] DEBUG: DumpPEsInRange: Scanning range 0xa0000 - 0xa1000.
2020-10-18 06:34:37,671 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0xa0000-0xa1000.
2020-10-18 06:34:37,671 [root] DEBUG: DLL loaded at 0x000007FEFCA70000: C:\Windows\System32\cryptbase (0xf000 bytes).
2020-10-18 06:34:37,796 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\GJYmmGiTDr\CAPE\4820_816347156373412180102020 (size 0x138)
2020-10-18 06:34:37,796 [root] DEBUG: DumpRegion: Dumped entire allocation from 0x00000000000A0000, size 0x1000.
2020-10-18 06:34:37,843 [root] DEBUG: DumpMemory: Exception occurred reading memory address 0x2900000
2020-10-18 06:34:37,843 [root] DEBUG: DumpRegion: Failed to dump entire allocation from 0x0000000002900000 size 0x80000.
2020-10-18 06:34:38,015 [root] DEBUG: DLL unloaded from 0x000007FEFBFC0000.
2020-10-18 06:34:52,921 [root] DEBUG: DLL unloaded from 0x000007FEFEFA0000.
2020-10-18 06:34:52,937 [root] INFO: Announced 64-bit process name: svchost.exe pid: 4608
2020-10-18 06:34:52,968 [lib.api.process] INFO: Monitor config for process 4608: C:\tmplodztmkc\dll\4608.ini
2020-10-18 06:34:53,171 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmplodztmkc\dll\vvpujnZr.dll, loader C:\tmplodztmkc\bin\QUlVlxFw.exe
2020-10-18 06:34:53,234 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\efKTbML.
2020-10-18 06:34:53,234 [root] DEBUG: Loader: Injecting process 4608 (thread 4656) with C:\tmplodztmkc\dll\vvpujnZr.dll.
2020-10-18 06:34:53,249 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\tmplodztmkc\dll\vvpujnZr.dll.
2020-10-18 06:34:53,249 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-10-18 06:34:53,249 [root] DEBUG: Successfully injected DLL C:\tmplodztmkc\dll\vvpujnZr.dll.
2020-10-18 06:34:53,281 [root] DEBUG: CreateProcessHandler: using lpCommandLine: C:\Windows\System32\svchost.exe -k WerSvcGroup.
2020-10-18 06:34:53,281 [root] DEBUG: CreateProcessHandler: Injection info set for new process 4608, ImageBase: 0x00000000FFAF0000
2020-10-18 06:34:53,281 [root] INFO: Announced 64-bit process name: svchost.exe pid: 4608
2020-10-18 06:34:53,296 [lib.api.process] INFO: Monitor config for process 4608: C:\tmplodztmkc\dll\4608.ini
2020-10-18 06:34:53,296 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmplodztmkc\dll\vvpujnZr.dll, loader C:\tmplodztmkc\bin\QUlVlxFw.exe
2020-10-18 06:34:53,312 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\efKTbML.
2020-10-18 06:34:53,312 [root] DEBUG: Loader: Injecting process 4608 (thread 4656) with C:\tmplodztmkc\dll\vvpujnZr.dll.
2020-10-18 06:34:53,312 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\tmplodztmkc\dll\vvpujnZr.dll.
2020-10-18 06:34:53,343 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-10-18 06:34:53,343 [root] DEBUG: Successfully injected DLL C:\tmplodztmkc\dll\vvpujnZr.dll.
2020-10-18 06:34:53,343 [root] DEBUG: ResumeThreadHandler: Dumping section view for process 4608.
2020-10-18 06:34:53,359 [root] DEBUG: Python path set to 'C:\Users\Louise\AppData\Local\Programs\Python\Python38-32'.
2020-10-18 06:34:53,406 [root] DEBUG: Dropped file limit defaulting to 100.
2020-10-18 06:34:53,406 [root] INFO: Disabling sleep skipping.
2020-10-18 06:34:53,421 [root] DEBUG: RestoreHeaders: Restored original import table.
2020-10-18 06:34:53,421 [root] DEBUG: CAPE initialised: 64-bit monitor loaded in process 4608 at 0x000007FEF00E0000, image base 0x00000000FFAF0000, stack from 0x0000000000256000-0x0000000000260000
2020-10-18 06:34:53,421 [root] DEBUG: Commandline: C:\Windows\sysnative\svchost.exe -k WerSvcGroup
2020-10-18 06:34:53,453 [root] WARNING: b'Unable to place hook on LockResource'
2020-10-18 06:34:53,453 [root] WARNING: b'Unable to hook LockResource'
2020-10-18 06:34:53,468 [root] INFO: Loaded monitor into process with pid 4608
2020-10-18 06:34:53,484 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0xe0 and local view 0x0000000002480000 to global list.
2020-10-18 06:34:53,500 [root] DEBUG: DLL loaded at 0x000007FEF07E0000: c:\windows\system32\wersvc (0x18000 bytes).
2020-10-18 06:34:53,500 [root] DEBUG: DLL unloaded from 0x000007FEF07E0000.
2020-10-18 06:35:20,718 [root] DEBUG: DLL unloaded from 0x000007FEFD7A0000.
2020-10-18 06:36:16,921 [root] INFO: Announced 64-bit process name: taskeng.exe pid: 2104
2020-10-18 06:36:16,921 [lib.api.process] INFO: Monitor config for process 2104: C:\tmplodztmkc\dll\2104.ini
2020-10-18 06:36:16,937 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmplodztmkc\dll\vvpujnZr.dll, loader C:\tmplodztmkc\bin\QUlVlxFw.exe
2020-10-18 06:36:16,953 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\efKTbML.
2020-10-18 06:36:16,953 [root] DEBUG: Loader: Injecting process 2104 (thread 2300) with C:\tmplodztmkc\dll\vvpujnZr.dll.
2020-10-18 06:36:16,953 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\tmplodztmkc\dll\vvpujnZr.dll.
2020-10-18 06:36:16,953 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-10-18 06:36:16,953 [root] DEBUG: Successfully injected DLL C:\tmplodztmkc\dll\vvpujnZr.dll.
2020-10-18 06:36:16,968 [root] DEBUG: CreateProcessHandler: Injection info set for new process 2104, ImageBase: 0x00000000FFDE0000
2020-10-18 06:36:16,968 [root] INFO: Announced 64-bit process name: taskeng.exe pid: 2104
2020-10-18 06:36:16,984 [lib.api.process] INFO: Monitor config for process 2104: C:\tmplodztmkc\dll\2104.ini
2020-10-18 06:36:16,984 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmplodztmkc\dll\vvpujnZr.dll, loader C:\tmplodztmkc\bin\QUlVlxFw.exe
2020-10-18 06:36:17,000 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\efKTbML.
2020-10-18 06:36:17,000 [root] DEBUG: Loader: Injecting process 2104 (thread 2300) with C:\tmplodztmkc\dll\vvpujnZr.dll.
2020-10-18 06:36:17,000 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\tmplodztmkc\dll\vvpujnZr.dll.
2020-10-18 06:36:17,000 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-10-18 06:36:17,000 [root] DEBUG: Successfully injected DLL C:\tmplodztmkc\dll\vvpujnZr.dll.
2020-10-18 06:36:17,046 [root] DEBUG: Python path set to 'C:\Users\Louise\AppData\Local\Programs\Python\Python38-32'.
2020-10-18 06:36:17,062 [root] DEBUG: Dropped file limit defaulting to 100.
2020-10-18 06:36:17,109 [root] WARNING: b'Unable to place hook on LockResource'
2020-10-18 06:36:17,109 [root] WARNING: b'Unable to hook LockResource'
2020-10-18 06:36:17,125 [root] INFO: Loaded monitor into process with pid 2104
2020-10-18 06:36:17,171 [root] DEBUG: DLL loaded at 0x000007FEFCA70000: C:\Windows\system32\CRYPTBASE (0xf000 bytes).
2020-10-18 06:36:17,234 [root] DEBUG: DLL loaded at 0x000007FEFC0B0000: C:\Windows\system32\rsaenh (0x47000 bytes).
2020-10-18 06:36:17,343 [root] DEBUG: DLL loaded at 0x000007FEFCB60000: C:\Windows\system32\RpcRtRemote (0x14000 bytes).
2020-10-18 06:36:17,375 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x148 and local view 0x0000000000220000 to global list.
2020-10-18 06:36:17,375 [root] DEBUG: DLL loaded at 0x000007FEFEE80000: C:\Windows\system32\CLBCatQ (0x99000 bytes).
2020-10-18 06:36:17,406 [root] DEBUG: DLL loaded at 0x000007FEF9FE0000: C:\Windows\system32\tschannel (0x9000 bytes).
2020-10-18 06:36:17,500 [root] INFO: Announced 64-bit process name: taskeng.exe pid: 3636
2020-10-18 06:36:17,500 [lib.api.process] INFO: Monitor config for process 3636: C:\tmplodztmkc\dll\3636.ini
2020-10-18 06:36:17,500 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmplodztmkc\dll\vvpujnZr.dll, loader C:\tmplodztmkc\bin\QUlVlxFw.exe
2020-10-18 06:36:17,562 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\efKTbML.
2020-10-18 06:36:17,562 [root] DEBUG: Loader: Injecting process 3636 (thread 3588) with C:\tmplodztmkc\dll\vvpujnZr.dll.
2020-10-18 06:36:17,562 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\tmplodztmkc\dll\vvpujnZr.dll.
2020-10-18 06:36:17,578 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-10-18 06:36:17,578 [root] DEBUG: Successfully injected DLL C:\tmplodztmkc\dll\vvpujnZr.dll.
2020-10-18 06:36:17,593 [root] DEBUG: CreateProcessHandler: Injection info set for new process 3636, ImageBase: 0x00000000FFDE0000
2020-10-18 06:36:17,609 [root] INFO: Disabling sleep skipping.
2020-10-18 06:36:17,609 [root] DEBUG: RestoreHeaders: Restored original import table.
2020-10-18 06:36:17,625 [root] DEBUG: CAPE initialised: 64-bit monitor loaded in process 3636 at 0x000007FEF00E0000, image base 0x00000000FFDE0000, stack from 0x0000000000245000-0x0000000000250000
2020-10-18 06:36:17,625 [root] DEBUG: Commandline: C:\Windows\sysnative\taskeng.exe {7762BC04-2AA3-4ED8-B18D-44D77D69EFB2} S-1-5-21-1339698970-4093829097-1161395185-1000:Louise-PC\Louise:Interactive:[1]
2020-10-18 06:36:17,671 [root] WARNING: b'Unable to place hook on LockResource'
2020-10-18 06:36:17,671 [root] WARNING: b'Unable to hook LockResource'
2020-10-18 06:36:17,671 [root] INFO: Loaded monitor into process with pid 3636
2020-10-18 06:36:17,687 [root] DEBUG: DLL loaded at 0x000007FEFCA70000: C:\Windows\system32\CRYPTBASE (0xf000 bytes).
2020-10-18 06:36:17,718 [root] DEBUG: DLL loaded at 0x000007FEFC3B0000: C:\Windows\system32\CRYPTSP (0x18000 bytes).
2020-10-18 06:36:17,718 [root] DEBUG: DLL loaded at 0x000007FEFC0B0000: C:\Windows\system32\rsaenh (0x47000 bytes).
2020-10-18 06:36:17,843 [root] DEBUG: DLL loaded at 0x000007FEFCB60000: C:\Windows\system32\RpcRtRemote (0x14000 bytes).
2020-10-18 06:36:17,859 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x148 and local view 0x0000000001DB0000 to global list.
2020-10-18 06:36:17,859 [root] DEBUG: DLL loaded at 0x000007FEFEE80000: C:\Windows\system32\CLBCatQ (0x99000 bytes).
2020-10-18 06:36:17,875 [root] DEBUG: DLL loaded at 0x000007FEF9FE0000: C:\Windows\system32\tschannel (0x9000 bytes).
2020-10-18 06:36:27,546 [root] DEBUG: DLL unloaded from 0x000007FEFD7A0000.
2020-10-18 06:36:27,546 [root] DEBUG: DLL unloaded from 0x000007FEF9FE0000.
2020-10-18 06:36:27,625 [root] DEBUG: NtTerminateProcess hook: Attempting to dump process 2104
2020-10-18 06:36:28,046 [root] DEBUG: DumpProcess: Module image dump success - dump size 0x71200.
2020-10-18 06:36:28,171 [root] DEBUG: DLL unloaded from 0x000007FEFED70000.
2020-10-18 06:36:28,328 [root] INFO: Process with pid 2104 has terminated
2020-10-18 06:36:28,734 [root] DEBUG: DLL unloaded from 0x000007FEFD7A0000.
2020-10-18 06:36:28,734 [root] DEBUG: DLL unloaded from 0x000007FEF9FE0000.
2020-10-18 06:36:28,781 [root] DEBUG: NtTerminateProcess hook: Attempting to dump process 3636
2020-10-18 06:36:29,078 [root] INFO: Analysis timeout hit, terminating analysis.
2020-10-18 06:36:29,078 [lib.api.process] ERROR: Failed to open terminate event for pid 4460
2020-10-18 06:36:29,078 [root] INFO: Terminate event set for process 4460.
2020-10-18 06:36:29,078 [lib.api.process] INFO: Terminate event set for process 848
2020-10-18 06:36:29,078 [root] DEBUG: Terminate Event: Attempting to dump process 848
2020-10-18 06:36:29,093 [root] DEBUG: DoProcessDump: Dumping Imagebase at 0x00000000FFAF0000.
2020-10-18 06:36:29,093 [root] DEBUG: DumpImageInCurrentProcess: Attempting to dump virtual PE image.
2020-10-18 06:36:29,109 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x00000000FFAF0000.
2020-10-18 06:36:29,109 [root] DEBUG: DumpProcess: Module entry point VA is 0x000000000000246C.
2020-10-18 06:36:29,156 [root] DEBUG: DumpProcess: Module image dump success - dump size 0x6800.
2020-10-18 06:36:29,156 [lib.api.process] INFO: Termination confirmed for process 848
2020-10-18 06:36:29,156 [root] INFO: Terminate event set for process 848.
2020-10-18 06:36:29,171 [lib.api.process] INFO: Terminate event set for process 472
2020-10-18 06:36:29,171 [root] DEBUG: Terminate Event: CAPE shutdown complete for process 848
2020-10-18 06:36:29,171 [root] DEBUG: Terminate Event: Attempting to dump process 472
2020-10-18 06:36:29,171 [root] DEBUG: DoProcessDump: Dumping Imagebase at 0x00000000FF540000.
2020-10-18 06:36:29,171 [root] DEBUG: DumpImageInCurrentProcess: Attempting to dump virtual PE image.
2020-10-18 06:36:29,218 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x00000000FF540000.
2020-10-18 06:36:29,249 [root] DEBUG: DumpProcess: Module image dump success - dump size 0x50000.
2020-10-18 06:36:29,249 [lib.api.process] INFO: Termination confirmed for process 472
2020-10-18 06:36:29,249 [root] DEBUG: Terminate Event: CAPE shutdown complete for process 472
2020-10-18 06:36:29,249 [root] INFO: Terminate event set for process 472.
2020-10-18 06:36:29,265 [lib.api.process] INFO: Terminate event set for process 4608
2020-10-18 06:36:29,265 [root] DEBUG: Terminate Event: Attempting to dump process 4608
2020-10-18 06:36:29,265 [root] DEBUG: DoProcessDump: Dumping Imagebase at 0x00000000FFAF0000.
2020-10-18 06:36:29,265 [root] DEBUG: DumpImageInCurrentProcess: Attempting to dump virtual PE image.
2020-10-18 06:36:29,265 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x00000000FFAF0000.
2020-10-18 06:36:29,281 [root] DEBUG: DumpProcess: Module entry point VA is 0x000000000000246C.
2020-10-18 06:36:29,281 [root] DEBUG: DLL loaded at 0x000007FEFCA70000: C:\Windows\System32\cryptbase (0xf000 bytes).
2020-10-18 06:36:29,515 [root] DEBUG: DumpProcess: Module image dump success - dump size 0x6800.
2020-10-18 06:36:29,515 [lib.api.process] INFO: Termination confirmed for process 4608
2020-10-18 06:36:29,515 [root] INFO: Terminate event set for process 4608.
2020-10-18 06:36:29,515 [root] DEBUG: Terminate Event: CAPE shutdown complete for process 4608
2020-10-18 06:36:29,531 [lib.api.process] ERROR: Failed to open terminate event for pid 3636
2020-10-18 06:36:29,531 [root] INFO: Terminate event set for process 3636.
2020-10-18 06:36:29,531 [root] INFO: Created shutdown mutex.
2020-10-18 06:36:30,562 [root] INFO: Shutting down package.
2020-10-18 06:36:30,562 [root] INFO: Stopping auxiliary modules.
2020-10-18 06:36:30,656 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0xa00 and local view 0x0000000006DF0000 to global list.
2020-10-18 06:36:31,109 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x000000004A2F0000 for section view with handle 0xd14.
2020-10-18 06:36:31,156 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x0000000000C60000 for section view with handle 0xd14.
2020-10-18 06:36:31,671 [lib.common.results] WARNING: File C:\GJYmmGiTDr\bin\procmon.xml doesn't exist anymore
2020-10-18 06:36:31,671 [root] INFO: Finishing auxiliary modules.
2020-10-18 06:36:31,687 [root] INFO: Shutting down pipe server and dumping dropped files.
2020-10-18 06:36:31,781 [root] WARNING: Folder at path "C:\GJYmmGiTDr\debugger" does not exist, skip.
2020-10-18 06:36:31,781 [root] WARNING: Monitor injection attempted but failed for process 3320.
2020-10-18 06:36:31,781 [root] WARNING: Monitor injection attempted but failed for process 4104.
2020-10-18 06:36:31,781 [root] WARNING: Monitor injection attempted but failed for process 764.
2020-10-18 06:36:31,781 [root] WARNING: Monitor injection attempted but failed for process 4820.
2020-10-18 06:36:31,796 [root] INFO: Analysis completed.

Machine

Name Label Manager Started On Shutdown On
win7x64_4 win7x64_8 KVM 2020-10-18 06:33:05 2020-10-18 06:39:58

File Details

File Name DHL FILE 267382.exe
File Size 366592 bytes
File Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
PE timestamp 2020-10-18 04:56:51
MD5 72fb9a400177dfd9b010ed127537fe3e
SHA1 27ed71ca36a0a51c746a033d86e664a0fc7615f5
SHA256 0969f9b67bae5ccaa7d4b2fd6fa97a6f6accbc890711f6f3f9361302d9e832c4
SHA512 0950ad15a4cb66c307b6256932f794892d1e5b04790fdd250ab0fac3af4bd8d0880ec33af0ea23b500413822347b207f3a00242261765f94bf72ac7955a15659
CRC32 33223535
Ssdeep 6144:XBu2qCtxGaFj0ftGA+1sZA5pTRjxtbMVG1CfN/wmufulikv9Jm1GKx3HB/YPzf2U:RuotEaDA+OZ8prtHCl7dH9A1GKZHNYPZ
Download Download ZIP Resubmit sample

Signatures

SetUnhandledExceptionFilter detected (possible anti-debug)
Behavioural detection: Executable code extraction - unpacking
Yara rule detections observed from a process memory dump/dropped files/CAPE
Hit: PID 4460 trigged the Yara rule 'shellcode_patterns'
Hit: PID 4460 trigged the Yara rule 'HeavensGate'
Hit: PID 4460 trigged the Yara rule 'embedded_win_api'
Hit: PID 4460 trigged the Yara rule 'Loki'
Creates RWX memory
Guard pages use detected - possible anti-debugging.
Dynamic (imported) function loading detected
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryInfoKeyW
DynamicLoader: ADVAPI32.dll/RegEnumKeyExW
DynamicLoader: ADVAPI32.dll/RegEnumValueW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: KERNEL32.dll/FlsAlloc
DynamicLoader: KERNEL32.dll/FlsFree
DynamicLoader: KERNEL32.dll/FlsGetValue
DynamicLoader: KERNEL32.dll/FlsSetValue
DynamicLoader: KERNEL32.dll/InitializeCriticalSectionEx
DynamicLoader: KERNEL32.dll/CreateEventExW
DynamicLoader: KERNEL32.dll/CreateSemaphoreExW
DynamicLoader: KERNEL32.dll/SetThreadStackGuarantee
DynamicLoader: KERNEL32.dll/CreateThreadpoolTimer
DynamicLoader: KERNEL32.dll/SetThreadpoolTimer
DynamicLoader: KERNEL32.dll/WaitForThreadpoolTimerCallbacks
DynamicLoader: KERNEL32.dll/CloseThreadpoolTimer
DynamicLoader: KERNEL32.dll/CreateThreadpoolWait
DynamicLoader: KERNEL32.dll/SetThreadpoolWait
DynamicLoader: KERNEL32.dll/CloseThreadpoolWait
DynamicLoader: KERNEL32.dll/FlushProcessWriteBuffers
DynamicLoader: KERNEL32.dll/FreeLibraryWhenCallbackReturns
DynamicLoader: KERNEL32.dll/GetCurrentProcessorNumber
DynamicLoader: KERNEL32.dll/GetLogicalProcessorInformation
DynamicLoader: KERNEL32.dll/CreateSymbolicLinkW
DynamicLoader: KERNEL32.dll/SetDefaultDllDirectories
DynamicLoader: KERNEL32.dll/EnumSystemLocalesEx
DynamicLoader: KERNEL32.dll/CompareStringEx
DynamicLoader: KERNEL32.dll/GetDateFormatEx
DynamicLoader: KERNEL32.dll/GetLocaleInfoEx
DynamicLoader: KERNEL32.dll/GetTimeFormatEx
DynamicLoader: KERNEL32.dll/GetUserDefaultLocaleName
DynamicLoader: KERNEL32.dll/IsValidLocaleName
DynamicLoader: KERNEL32.dll/LCMapStringEx
DynamicLoader: KERNEL32.dll/GetCurrentPackageId
DynamicLoader: KERNEL32.dll/GetTickCount64
DynamicLoader: KERNEL32.dll/GetFileInformationByHandleExW
DynamicLoader: KERNEL32.dll/SetFileInformationByHandleW
DynamicLoader: KERNEL32.dll/AcquireSRWLockExclusive
DynamicLoader: KERNEL32.dll/ReleaseSRWLockExclusive
DynamicLoader: ADVAPI32.dll/EventRegister
DynamicLoader: ADVAPI32.dll/EventSetInformation
DynamicLoader: MSCOREE.DLL/
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: mscoreei.dll/RegisterShimImplCallback
DynamicLoader: mscoreei.dll/RegisterShimImplCleanupCallback
DynamicLoader: mscoreei.dll/SetShellShimInstance
DynamicLoader: mscoreei.dll/OnShimDllMainCalled
DynamicLoader: mscoreei.dll/_CorExeMain_RetAddr
DynamicLoader: mscoreei.dll/_CorExeMain
DynamicLoader: SHLWAPI.dll/UrlIsW
DynamicLoader: VERSION.dll/GetFileVersionInfoSizeW
DynamicLoader: VERSION.dll/GetFileVersionInfoW
DynamicLoader: VERSION.dll/VerQueryValueW
DynamicLoader: KERNEL32.dll/FlsAlloc
DynamicLoader: KERNEL32.dll/FlsFree
DynamicLoader: KERNEL32.dll/FlsGetValue
DynamicLoader: KERNEL32.dll/FlsSetValue
DynamicLoader: KERNEL32.dll/InitializeCriticalSectionEx
DynamicLoader: KERNEL32.dll/CreateEventExW
DynamicLoader: KERNEL32.dll/CreateSemaphoreExW
DynamicLoader: KERNEL32.dll/SetThreadStackGuarantee
DynamicLoader: KERNEL32.dll/CreateThreadpoolTimer
DynamicLoader: KERNEL32.dll/SetThreadpoolTimer
DynamicLoader: KERNEL32.dll/WaitForThreadpoolTimerCallbacks
DynamicLoader: KERNEL32.dll/CloseThreadpoolTimer
DynamicLoader: KERNEL32.dll/CreateThreadpoolWait
DynamicLoader: KERNEL32.dll/SetThreadpoolWait
DynamicLoader: KERNEL32.dll/CloseThreadpoolWait
DynamicLoader: KERNEL32.dll/FlushProcessWriteBuffers
DynamicLoader: KERNEL32.dll/FreeLibraryWhenCallbackReturns
DynamicLoader: KERNEL32.dll/GetCurrentProcessorNumber
DynamicLoader: KERNEL32.dll/GetLogicalProcessorInformation
DynamicLoader: KERNEL32.dll/CreateSymbolicLinkW
DynamicLoader: KERNEL32.dll/SetDefaultDllDirectories
DynamicLoader: KERNEL32.dll/EnumSystemLocalesEx
DynamicLoader: KERNEL32.dll/CompareStringEx
DynamicLoader: KERNEL32.dll/GetDateFormatEx
DynamicLoader: KERNEL32.dll/GetLocaleInfoEx
DynamicLoader: KERNEL32.dll/GetTimeFormatEx
DynamicLoader: KERNEL32.dll/GetUserDefaultLocaleName
DynamicLoader: KERNEL32.dll/IsValidLocaleName
DynamicLoader: KERNEL32.dll/LCMapStringEx
DynamicLoader: KERNEL32.dll/GetCurrentPackageId
DynamicLoader: KERNEL32.dll/GetTickCount64
DynamicLoader: KERNEL32.dll/GetFileInformationByHandleExW
DynamicLoader: KERNEL32.dll/SetFileInformationByHandleW
DynamicLoader: ADVAPI32.dll/EventSetInformation
DynamicLoader: clr.dll/SetRuntimeInfo
DynamicLoader: USER32.dll/GetProcessWindowStation
DynamicLoader: USER32.dll/GetUserObjectInformationW
DynamicLoader: clr.dll/_CorExeMain
DynamicLoader: KERNEL32.dll/AcquireSRWLockExclusive
DynamicLoader: KERNEL32.dll/ReleaseSRWLockExclusive
DynamicLoader: MSCOREE.DLL/CreateConfigStream
DynamicLoader: mscoreei.dll/CreateConfigStream_RetAddr
DynamicLoader: mscoreei.dll/CreateConfigStream
DynamicLoader: KERNEL32.dll/GetNumaHighestNodeNumber
DynamicLoader: KERNEL32.dll/FlsSetValue
DynamicLoader: KERNEL32.dll/FlsGetValue
DynamicLoader: KERNEL32.dll/FlsAlloc
DynamicLoader: KERNEL32.dll/FlsFree
DynamicLoader: KERNEL32.dll/GetSystemWindowsDirectoryW
DynamicLoader: ADVAPI32.dll/AllocateAndInitializeSid
DynamicLoader: ADVAPI32.dll/OpenProcessToken
DynamicLoader: ADVAPI32.dll/GetTokenInformation
DynamicLoader: ADVAPI32.dll/InitializeAcl
DynamicLoader: ADVAPI32.dll/AddAccessAllowedAce
DynamicLoader: ADVAPI32.dll/FreeSid
DynamicLoader: ADVAPI32.dll/AllocateAndInitializeSid
DynamicLoader: ADVAPI32.dll/OpenProcessToken
DynamicLoader: ADVAPI32.dll/GetTokenInformation
DynamicLoader: ADVAPI32.dll/InitializeAcl
DynamicLoader: ADVAPI32.dll/AddAccessAllowedAce
DynamicLoader: ADVAPI32.dll/FreeSid
DynamicLoader: KERNEL32.dll/AddSIDToBoundaryDescriptor
DynamicLoader: KERNEL32.dll/CreateBoundaryDescriptorW
DynamicLoader: KERNEL32.dll/CreatePrivateNamespaceW
DynamicLoader: KERNEL32.dll/OpenPrivateNamespaceW
DynamicLoader: ADVAPI32.dll/AllocateAndInitializeSid
DynamicLoader: ADVAPI32.dll/OpenProcessToken
DynamicLoader: ADVAPI32.dll/GetTokenInformation
DynamicLoader: ADVAPI32.dll/InitializeAcl
DynamicLoader: ADVAPI32.dll/AddAccessAllowedAce
DynamicLoader: ADVAPI32.dll/FreeSid
DynamicLoader: KERNEL32.dll/DeleteBoundaryDescriptor
DynamicLoader: KERNEL32.dll/WerRegisterRuntimeExceptionModule
DynamicLoader: KERNEL32.dll/RaiseException
DynamicLoader: MSCOREE.DLL/
DynamicLoader: mscoreei.dll/
DynamicLoader: KERNELBASE.dll/SetSystemFileCacheSize
DynamicLoader: ntdll.dll/NtSetSystemInformation
DynamicLoader: KERNELBASE.dll/PrivIsDllSynchronizationHeld
DynamicLoader: KERNEL32.dll/AddDllDirectory
DynamicLoader: KERNEL32.dll/SortGetHandle
DynamicLoader: KERNEL32.dll/SortCloseHandle
DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: CRYPTBASE.dll/SystemFunction036
DynamicLoader: ole32.dll/CoGetContextToken
DynamicLoader: KERNEL32.dll/LCMapStringEx
DynamicLoader: clrjit.dll/sxsJitStartup
DynamicLoader: clrjit.dll/jitStartup
DynamicLoader: clrjit.dll/getJit
DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
DynamicLoader: KERNEL32.dll/GetLocaleInfoEx
DynamicLoader: KERNEL32.dll/LocaleNameToLCID
DynamicLoader: KERNEL32.dll/GetUserDefaultLocaleName
DynamicLoader: KERNEL32.dll/LCIDToLocaleName
DynamicLoader: KERNEL32.dll/GetUserPreferredUILanguages
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: ADVAPI32.dll/RegOpenKeyEx
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: KERNEL32.dll/GetFullPathName
DynamicLoader: KERNEL32.dll/GetFullPathNameW
DynamicLoader: uxtheme.dll/IsAppThemed
DynamicLoader: uxtheme.dll/IsAppThemedW
DynamicLoader: KERNEL32.dll/CreateActCtx
DynamicLoader: KERNEL32.dll/CreateActCtxA
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: USER32.dll/RegisterWindowMessage
DynamicLoader: USER32.dll/RegisterWindowMessageW
DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
DynamicLoader: nlssorting.dll/SortGetHandle
DynamicLoader: nlssorting.dll/SortCloseHandle
DynamicLoader: KERNEL32.dll/CompareStringOrdinal
DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
DynamicLoader: KERNEL32.dll/CloseHandle
DynamicLoader: KERNEL32.dll/GetCurrentProcess
DynamicLoader: KERNEL32.dll/GetCurrentProcessW
DynamicLoader: ADVAPI32.dll/OpenProcessToken
DynamicLoader: ADVAPI32.dll/OpenProcessTokenW
DynamicLoader: ntdll.dll/NtQuerySystemInformation
DynamicLoader: KERNEL32.dll/GetFileAttributesEx
DynamicLoader: KERNEL32.dll/GetFileAttributesExW
DynamicLoader: KERNEL32.dll/SetThreadErrorMode
DynamicLoader: KERNEL32.dll/CreateFile
DynamicLoader: KERNEL32.dll/CreateFileW
DynamicLoader: KERNEL32.dll/GetFileType
DynamicLoader: ADVAPI32.dll/ConvertSidToStringSidW
DynamicLoader: shell32.dll/SHGetFolderPathW
DynamicLoader: KERNEL32.dll/GetFileAttributesEx
DynamicLoader: KERNEL32.dll/GetFileAttributesExW
DynamicLoader: MSCOREE.DLL/GetProcessExecutableHeap
DynamicLoader: mscoreei.dll/GetProcessExecutableHeap_RetAddr
DynamicLoader: mscoreei.dll/GetProcessExecutableHeap
DynamicLoader: bcrypt.dll/BCryptGetFipsAlgorithmMode
DynamicLoader: CRYPTSP.dll/CryptGetDefaultProviderW
DynamicLoader: CRYPTSP.dll/CryptAcquireContextW
DynamicLoader: CRYPTSP.dll/CryptGenRandom
DynamicLoader: KERNEL32.dll/GetFileSize
DynamicLoader: KERNEL32.dll/ReadFile
DynamicLoader: USER32.dll/GetSystemMetrics
DynamicLoader: KERNEL32.dll/GetModuleHandle
DynamicLoader: KERNEL32.dll/GetModuleHandleW
DynamicLoader: KERNEL32.dll/GetProcAddress
DynamicLoader: KERNEL32.dll/WideCharToMultiByte
DynamicLoader: KERNEL32.dll/AddDllDirectory
DynamicLoader: KERNEL32.dll/LoadLibraryEx
DynamicLoader: KERNEL32.dll/LoadLibraryExW
DynamicLoader: USER32.dll/AdjustWindowRectEx
DynamicLoader: KERNEL32.dll/GetCurrentProcess
DynamicLoader: KERNEL32.dll/GetCurrentThread
DynamicLoader: KERNEL32.dll/DuplicateHandle
DynamicLoader: KERNEL32.dll/GetCurrentThreadId
DynamicLoader: KERNEL32.dll/GetCurrentActCtx
DynamicLoader: KERNEL32.dll/ActivateActCtx
DynamicLoader: USER32.dll/DefWindowProcW
DynamicLoader: GDI32.dll/GetStockObject
DynamicLoader: USER32.dll/RegisterClass
DynamicLoader: USER32.dll/RegisterClassW
DynamicLoader: USER32.dll/CreateWindowEx
DynamicLoader: USER32.dll/CreateWindowExW
DynamicLoader: USER32.dll/SetWindowLong
DynamicLoader: USER32.dll/SetWindowLongW
DynamicLoader: USER32.dll/GetWindowLong
DynamicLoader: USER32.dll/GetWindowLongW
DynamicLoader: ADVAPI32.dll/RegQueryValueEx
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: USER32.dll/SetWindowLong
DynamicLoader: USER32.dll/SetWindowLongW
DynamicLoader: USER32.dll/CallWindowProc
DynamicLoader: USER32.dll/CallWindowProcW
DynamicLoader: USER32.dll/GetClientRect
DynamicLoader: USER32.dll/GetWindowRect
DynamicLoader: USER32.dll/GetParent
DynamicLoader: KERNEL32.dll/DeactivateActCtx
DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
DynamicLoader: ADVAPI32.dll/EventRegister
DynamicLoader: KERNEL32.dll/ResolveLocaleName
DynamicLoader: gdiplus.dll/GdiplusStartup
DynamicLoader: KERNEL32.dll/IsProcessorFeaturePresent
DynamicLoader: USER32.dll/GetWindowInfo
DynamicLoader: USER32.dll/GetAncestor
DynamicLoader: USER32.dll/GetMonitorInfoA
DynamicLoader: USER32.dll/EnumDisplayMonitors
DynamicLoader: USER32.dll/EnumDisplayDevicesA
DynamicLoader: GDI32.dll/ExtTextOutW
DynamicLoader: GDI32.dll/GdiIsMetaPrintDC
DynamicLoader: gdiplus.dll/GdipLoadImageFromStream
DynamicLoader: WindowsCodecs.dll/DllGetClassObject
DynamicLoader: gdiplus.dll/GdipImageForceValidation
DynamicLoader: gdiplus.dll/GdipGetImageType
DynamicLoader: gdiplus.dll/GdipGetImageRawFormat
DynamicLoader: gdiplus.dll/GdipGetImageWidth
DynamicLoader: gdiplus.dll/GdipGetImageHeight
DynamicLoader: gdiplus.dll/GdipBitmapGetPixel
DynamicLoader: CRYPTSP.dll/CryptGetProvParam
DynamicLoader: CRYPTSP.dll/CryptImportKey
DynamicLoader: CRYPTSP.dll/CryptSetKeyParam
DynamicLoader: CRYPTSP.dll/CryptDecrypt
DynamicLoader: CRYPTSP.dll/CryptEncrypt
DynamicLoader: ole32.dll/CoCreateGuid
DynamicLoader: KERNEL32.dll/FindStringOrdinal
DynamicLoader: shell32.dll/SHGetFolderPath
DynamicLoader: shell32.dll/SHGetFolderPathW
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: CRYPTSP.dll/CryptDestroyKey
DynamicLoader: CRYPTSP.dll/CryptReleaseContext
DynamicLoader: KERNEL32.dll/WriteFile
DynamicLoader: KERNEL32.dll/LocalFree
DynamicLoader: ADVAPI32.dll/GetTokenInformation
DynamicLoader: ADVAPI32.dll/GetTokenInformationW
DynamicLoader: KERNEL32.dll/LocalAlloc
DynamicLoader: KERNEL32.dll/LocalAllocW
DynamicLoader: ADVAPI32.dll/LsaClose
DynamicLoader: ADVAPI32.dll/LsaFreeMemory
DynamicLoader: ADVAPI32.dll/LsaOpenPolicy
DynamicLoader: ADVAPI32.dll/LsaLookupSids
DynamicLoader: KERNEL32.dll/GetTempPath
DynamicLoader: KERNEL32.dll/GetTempPathW
DynamicLoader: KERNEL32.dll/GetTempFileName
DynamicLoader: KERNEL32.dll/GetTempFileNameW
DynamicLoader: KERNEL32.dll/LocalAlloc
DynamicLoader: shell32.dll/ShellExecuteEx
DynamicLoader: shell32.dll/ShellExecuteExW
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_Size_ExW
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_ExW
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: KERNEL32.dll/CloseHandle
DynamicLoader: KERNEL32.dll/GetCurrentProcess
DynamicLoader: KERNEL32.dll/DuplicateHandle
DynamicLoader: ole32.dll/CoWaitForMultipleHandles
DynamicLoader: sechost.dll/LookupAccountNameLocalW
DynamicLoader: ADVAPI32.dll/LookupAccountSidW
DynamicLoader: sechost.dll/LookupAccountSidLocalW
DynamicLoader: CRYPTSP.dll/CryptAcquireContextW
DynamicLoader: CRYPTSP.dll/CryptGenRandom
DynamicLoader: ole32.dll/NdrOleInitializeExtension
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: RpcRtRemote.dll/I_RpcExtInitializeExtensionPoint
DynamicLoader: KERNEL32.dll/DeleteFile
DynamicLoader: KERNEL32.dll/DeleteFileW
DynamicLoader: KERNEL32.dll/CreateProcess
DynamicLoader: KERNEL32.dll/CreateProcessW
DynamicLoader: KERNEL32.dll/GetThreadContext
DynamicLoader: KERNEL32.dll/ReadProcessMemory
DynamicLoader: KERNEL32.dll/VirtualAllocEx
DynamicLoader: KERNEL32.dll/WriteProcessMemory
DynamicLoader: KERNEL32.dll/SetThreadContext
DynamicLoader: KERNEL32.dll/ResumeThread
DynamicLoader: USER32.dll/SetClassLong
DynamicLoader: USER32.dll/SetClassLongW
DynamicLoader: USER32.dll/PostMessage
DynamicLoader: USER32.dll/PostMessageW
DynamicLoader: USER32.dll/UnregisterClass
DynamicLoader: USER32.dll/UnregisterClassW
DynamicLoader: ADVAPI32.dll/EventUnregister
DynamicLoader: KERNEL32.dll/CloseHandle
DynamicLoader: gdiplus.dll/GdipDisposeImage
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/UnregisterTraceGuids
DynamicLoader: ADVAPI32.dll/UnregisterTraceGuids
DynamicLoader: comctl32.dll/
DynamicLoader: KERNEL32.dll/CreateActCtxW
DynamicLoader: KERNEL32.dll/AddRefActCtx
DynamicLoader: KERNEL32.dll/ReleaseActCtx
DynamicLoader: KERNEL32.dll/ActivateActCtx
DynamicLoader: KERNEL32.dll/DeactivateActCtx
DynamicLoader: KERNEL32.dll/GetCurrentActCtx
DynamicLoader: KERNEL32.dll/QueryActCtxW
DynamicLoader: CRYPTSP.dll/CryptReleaseContext
DynamicLoader: ADVAPI32.dll/EventUnregister
DynamicLoader: VERSION.dll/GetFileVersionInfoSizeW
DynamicLoader: VERSION.dll/GetFileVersionInfoW
DynamicLoader: VERSION.dll/VerQueryValueW
DynamicLoader: kernel32.dll/SortGetHandle
DynamicLoader: kernel32.dll/SortCloseHandle
DynamicLoader: CRYPTBASE.dll/SystemFunction036
DynamicLoader: sechost.dll/LookupAccountNameLocalW
DynamicLoader: ADVAPI32.dll/LookupAccountSidW
DynamicLoader: sechost.dll/LookupAccountSidLocalW
DynamicLoader: SspiCli.dll/GetUserNameExW
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: CRYPTSP.dll/CryptAcquireContextW
DynamicLoader: CRYPTSP.dll/CryptCreateHash
DynamicLoader: CRYPTSP.dll/CryptHashData
DynamicLoader: CRYPTSP.dll/CryptGetHashParam
DynamicLoader: CRYPTSP.dll/CryptDestroyHash
DynamicLoader: CRYPTSP.dll/CryptReleaseContext
DynamicLoader: nss3.dll/NSS_Init
DynamicLoader: nss3.dll/NSS_Shutdown
DynamicLoader: nss3.dll/PK11_GetInternalKeySlot
DynamicLoader: nss3.dll/PK11_FreeSlot
DynamicLoader: nss3.dll/PK11_Authenticate
DynamicLoader: nss3.dll/PK11SDR_Decrypt
DynamicLoader: nss3.dll/PK11_CheckUserPassword
DynamicLoader: nss3.dll/SECITEM_FreeItem
DynamicLoader: kernel32.dll/SetThreadDescription
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: softokn3.dll/NSC_GetFunctionList
DynamicLoader: softokn3.dll/NSC_ModuleDBFunc
DynamicLoader: softokn3.dll/NSC_GetFunctionList
DynamicLoader: freebl3.dll/FREEBL_GetVector
DynamicLoader: kernel32.dll/FlsFree
DynamicLoader: kernel32.dll/FlsFree
DynamicLoader: vaultcli.dll/VaultEnumerateItems
DynamicLoader: vaultcli.dll/VaultEnumerateVaults
DynamicLoader: vaultcli.dll/VaultFree
DynamicLoader: vaultcli.dll/VaultGetItem
DynamicLoader: vaultcli.dll/VaultOpenVault
DynamicLoader: vaultcli.dll/VaultCloseVault
DynamicLoader: kernel32.dll/SortGetHandle
DynamicLoader: kernel32.dll/SortCloseHandle
DynamicLoader: wersvc.dll/ServiceMain
DynamicLoader: wersvc.dll/SvchostPushServiceGlobals
DynamicLoader: kernel32.dll/SortGetHandle
DynamicLoader: kernel32.dll/SortCloseHandle
DynamicLoader: wersvc.dll/ServiceMain
DynamicLoader: wersvc.dll/SvchostPushServiceGlobals
DynamicLoader: kernel32.dll/SortGetHandle
DynamicLoader: kernel32.dll/SortCloseHandle
DynamicLoader: wersvc.dll/ServiceMain
DynamicLoader: wersvc.dll/SvchostPushServiceGlobals
DynamicLoader: ADVAPI32.dll/RegGetValueW
DynamicLoader: sechost.dll/ConvertStringSecurityDescriptorToSecurityDescriptorW
DynamicLoader: CRYPTBASE.dll/SystemFunction036
DynamicLoader: sechost.dll/LookupAccountNameLocalW
DynamicLoader: ADVAPI32.dll/LookupAccountSidW
DynamicLoader: sechost.dll/LookupAccountSidLocalW
DynamicLoader: ADVAPI32.dll/CryptAcquireContextW
DynamicLoader: ADVAPI32.dll/RegCreateKeyExW
DynamicLoader: SHLWAPI.dll/PathIsDirectoryW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegNotifyChangeKeyValue
DynamicLoader: SspiCli.dll/GetUserNameExW
DynamicLoader: CRYPTSP.dll/CryptAcquireContextW
DynamicLoader: CRYPTSP.dll/CryptGenRandom
DynamicLoader: ole32.dll/NdrOleInitializeExtension
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: RpcRtRemote.dll/I_RpcExtInitializeExtensionPoint
DynamicLoader: ole32.dll/CLSIDFromOle1Class
DynamicLoader: CLBCatQ.DLL/GetCatalogObject
DynamicLoader: CLBCatQ.DLL/GetCatalogObject2
DynamicLoader: tschannel.dll/DllGetClassObject
DynamicLoader: tschannel.dll/DllCanUnloadNow
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegSetValueExW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: ADVAPI32.dll/CryptReleaseContext
DynamicLoader: CRYPTSP.dll/CryptReleaseContext
DynamicLoader: OLEAUT32.dll/
DynamicLoader: CRYPTSP.dll/CryptReleaseContext
DynamicLoader: CRYPTBASE.dll/SystemFunction036
DynamicLoader: sechost.dll/LookupAccountNameLocalW
DynamicLoader: ADVAPI32.dll/LookupAccountSidW
DynamicLoader: sechost.dll/LookupAccountSidLocalW
DynamicLoader: ADVAPI32.dll/CryptAcquireContextW
DynamicLoader: ADVAPI32.dll/RegCreateKeyExW
DynamicLoader: SHLWAPI.dll/PathIsDirectoryW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegNotifyChangeKeyValue
DynamicLoader: SspiCli.dll/GetUserNameExW
DynamicLoader: CRYPTSP.dll/CryptAcquireContextW
DynamicLoader: CRYPTSP.dll/CryptGenRandom
DynamicLoader: ole32.dll/NdrOleInitializeExtension
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: RpcRtRemote.dll/I_RpcExtInitializeExtensionPoint
DynamicLoader: ole32.dll/CLSIDFromOle1Class
DynamicLoader: CLBCatQ.DLL/GetCatalogObject
DynamicLoader: CLBCatQ.DLL/GetCatalogObject2
DynamicLoader: tschannel.dll/DllGetClassObject
DynamicLoader: tschannel.dll/DllCanUnloadNow
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegSetValueExW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: ADVAPI32.dll/CryptReleaseContext
DynamicLoader: CRYPTSP.dll/CryptReleaseContext
DynamicLoader: OLEAUT32.dll/
DynamicLoader: CRYPTSP.dll/CryptReleaseContext
Reads data out of its own binary image
self_read: process: DHL FILE 267382.exe, pid: 4460, offset: 0x00000000, length: 0x00059800
A process created a hidden window
Process: DHL FILE 267382.exe -> schtasks.exe
CAPE extracted potentially suspicious content
DHL FILE 267382.exe: Unpacked Shellcode
DHL FILE 267382.exe: Injected Shellcode/Data
DHL FILE 267382.exe: Injected Shellcode/Data
DHL FILE 267382.exe: Unpacked Shellcode
svchost.exe: Unpacked Shellcode
DHL FILE 267382.exe: Unpacked Shellcode
DHL FILE 267382.exe: Unpacked Shellcode
DHL FILE 267382.exe: Injected Shellcode/Data
svchost.exe: Unpacked Shellcode
DHL FILE 267382.exe: Unpacked Shellcode
DHL FILE 267382.exe: Injected Shellcode/Data
DHL FILE 267382.exe: Unpacked Shellcode
DHL FILE 267382.exe: Unpacked Shellcode
DHL FILE 267382.exe: Loki Payload: 32-bit executable
DHL FILE 267382.exe: Loki
Queries or connects to DNS-Over-HTTPS/DNS-Over-TLS domain or IP address
ip: 1.1.1.1
The binary likely contains encrypted or compressed data.
section: name: .text, entropy: 7.59, characteristics: IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ, raw_size: 0x00058e00, virtual_size: 0x00058ca4
Authenticode signature is invalid
authenticode error: No signature found. SignTool Error File not valid C\Users\Louise\AppData\Local\Temp\DHL FILE 267382.exe
Anomalous .NET characteristics
anomalous_version: Assembly version is set to 0
Uses Windows utilities for basic functionality
command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\wmiRSwSoPk" /XML "C:\Users\Louise\AppData\Local\Temp\tmpC0C6.tmp"
command: schtasks.exe /Create /TN "Updates\wmiRSwSoPk" /XML "C:\Users\Louise\AppData\Local\Temp\tmpC0C6.tmp"
Behavioural detection: Injection (Process Hollowing)
Injection: DHL FILE 267382.exe(4460) -> DHL FILE 267382.exe(3320)
Executed a process and injected code into it, probably while unpacking
Injection: DHL FILE 267382.exe(4460) -> DHL FILE 267382.exe(3320)
Behavioural detection: Injection (inter-process)
Behavioural detection: Injection with CreateRemoteThread in a remote process
Attempts to repeatedly call a single API many times in order to delay analysis time
Spam: services.exe (472) called API GetSystemTimeAsFileTime 56432 times
Created a process from a suspicious location
File executed: C:\Users\Louise\AppData\Local\Temp\DHL FILE 267382.exe
Commandline executed: "{path}"
Steals private information from local Internet browsers
file: C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\0f9yudun.default\pkcs11.txt
file: C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\Login Data
file: C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\profiles.ini
file: C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\0f9yudun.default\key4.db
file: C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\0f9yudun.default\logins.json
file: C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\0f9yudun.default\cert9.db
Collects and encrypts information about the computer likely to send to C2 server
data_being_encrypted: <\x00?\x00x\x00m\x00l\x00 \x00v\x00e\x00r\x00s\x00i\x00o\x00n\x00=\x00"\x001\x00.\x000\x00"\x00 \x00e\x00n\x00c\x00o\x00d\x00i\x00n\x00g\x00=\x00"\x00U\x00T\x00F\x00-\x001\x006\x00"\x00?\x00>\x00 \x00 \x00<\x00T\x00a\x00s\x00k\x00 \x00v\x00e\x00r\x00s\x00i\x00o\x00n\x00=\x00"\x001\x00.\x002\x00"\x00 \x00x\x00m\x00l\x00n\x00s\x00=\x00"\x00h\x00t\x00t\x00p\x00:\x00/\x00/\x00s\x00c\x00h\x00e\x00m\x00a\x00s\x00.\x00m\x00i\x00c\x00r\x00o\x00s\x00o\x00f\x00t\x00.\x00c\x00o\x00m\x00/\x00w\x00i\x00n\x00d\x00o\x00w\x00s\x00/\x002\x000\x000\x004\x00/\x000\x002\x00/\x00m\x00i\x00t\x00/\x00t\x00a\x00s\x00k\x00"\x00>\x00 \x00 \x00 \x00 \x00<\x00R\x00e\x00g\x00i\x00s\x00t\x00r\x00a\x00t\x00i\x00o\x00n\x00I\x00n\x00f\x00o\x00>\x00 \x00 \x00 \x00 \x00 \x00 \x00<\x00D\x00a\x00t\x00e\x00>\x002\x000\x001\x004\x00-\x001\x000\x00-\x002\x005\x00T\x001\x004\x00:\x002\x007\x00:\x004\x004\x00.\x008\x009\x002\x009\x000\x002\x007\x00<\x00/\x00D\x00a\x00t\x00e\x00>\x00 \x00 \x00 \x00 \x00 \x00 \x00<\x00A\x00u\x00t\x00h\x00o\x00r\x00>\x00L\x00o\x00u\x00i\x00s\x00e\x00-\x00P\x00C\x00\\x00L\x00o\x00u\x00i\x00s\x00e\x00<\x00/\x00A\x00u\x00t\x00h\x00o\x00r\x00>\x00 \x00 \x00 \x00 \x00<\x00/\x00R\x00e\x00g\x00i\x00s\x00t\x00r\x00a\x00t\x00i\x00o\x00n\x00I\x00n\x00f\x00o\x00>\x00 \x00 \x00 \x00 \x00<\x00T\x00r\x00i\x00g\x00g\x00e\x00r\x00s\x00>\x00 \x00 \x00 \x00 \x00 \x00 \x00<\x00L\x00o\x00g\x00o\x00n\x00T\x00r\x00i\x00g\x00g\x00e\x00r\x00>\x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00<\x00E\x00n\x00a\x00b\x00l\x00e\x00d\x00>\x00t\x00r\x00u\x00e\x00<\x00/\x00E\x00n\x00a\x00b\x00l\x00e\x00d\x00>\x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00<\x00U\x00s\x00e\x00r\x00I\x00d\x00>\x00L\x00o\x00u\x00i\x00s\x00e\x00-\x00P\x00C\x00\\x00L\x00o\x00u\x00i\x00s\x00e\x00<\x00/\x00U\x00s\x00e\x00r\x00I\x00d\x00>\x00 \x00 \x00 \x00 \x00 \x00 \x00<\x00/\x00L\x00o\x00g\x00o\x00n\x00T\x00r\x00i\x00g\x00g\x00e\x00r\x00>\x00 \x00 \x00 \x00 \x00 \x00 \x00<\x00R\x00e\x00g\x00i\x00s\x00t\x00r\x00a\x00t\x00i\x00o\x00n\x00T\x00r\x00i\x00g\x00g\x00e\x00r\x00>\x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00<\x00E\x00n\x00a\x00b\x00l\x00e\x00d\x00>\x00f\x00a\x00l\x00s\x00e\x00<\x00/\x00E\x00n\x00a\x00b\x00l\x00e\x00d\x00>\x00 \x00 \x00 \x00 \x00 \x00 \x00<\x00/\x00R\x00e\x00g\x00i\x00s\x00t\x00r\x00a\x00t\x00i\x00o\x00n\x00T\x00r\x00i\x00g\x00g\x00e\x00r\x00>\x00 \x00 \x00 \x00 \x00<\x00/\x00T\x00r\x00i\x00g\x00g\x00e\x00r\x00s\x00>\x00 \x00 \x00 \x00 \x00<\x00P\x00r\x00i\x00n\x00c\x00i\x00p\x00a\x00l\x00s\x00>\x00 \x00 \x00 \x00 \x00 \x00 \x00<\x00P\x00r\x00i\x00n\x00c\x00i\x00p\x00a\x00l\x00 \x00i\x00d\x00=\x00"\x00A\x00u\x00t\x00h\x00o\x00r\x00"\x00>\x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00<\x00U\x00s\x00e\x00r\x00I\x00d\x00>\x00L\x00o\x00u\x00i\x00s\x00e\x00-\x00P\x00C\x00\\x00L\x00o\x00u\x00i\x00s\x00e\x00<\x00/\x00U\x00s\x00e\x00r\x00I\x00d\x00>\x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00<\x00L\x00o\x00g\x00o\x00n\x00T\x00y\x00p\x00e\x00>\x00I\x00n\x00t\x00e\x00r\x00a\x00c\x00t\x00i\x00v\x00e\x00T\x00o\x00k\x00e\x00n\x00<\x00/\x00L\x00o\x00g\x00o\x00n\x00T\x00y\x00p\x00e\x00>\x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00<\x00R\x00u\x00n\x00L\x00e\x00v\x00e\x00l\x00>\x00L\x00e\x00a\x00s\x00t\x00P\x00r\x00i\x00v\x00i\x00l\x00e\x00g\x00e\x00<\x00/\x00R\x00u\x00n\x00L\x00e\x00v\x00e\x00l\x00>\x00 \x00 \x00 \x00 \x00 \x00 \x00<\x00/\x00P\x00r\x00i\x00n\x00c\x00i\x00p\x00a\x00l\x00>\x00 \x00 \x00 \x00 \x00<\x00/\x00P\x00r\x00i\x00n\x00c\x00i\x00p\x00a\x00l\x00s\x00>\x00 \x00 \x00 \x00 \x00<\x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00>\x00 \x00 \x00 \x00 \x00 \x00 \x00<\x00M\x00u\x00l\x00t\x00i\x00p\x00l\x00e\x00I\x00n\x00s\x00t\x00a\x00n\x00c\x00e\x00s\x00P\x00o\x00l\x00i\x00c\x00y\x00>\x00S\x00t\x00o\x00p\x00E\x00x\x00i\x00s\x00t\x00i\x00n\x00g\x00<\x00/\x00M\x00u\x00l\x00t\x00i\x00p\x00l\x00e\x00I\x00n\x00s\x00t\x00a\x00n\x00c\x00e\x00s\x00P\x00o\x00l\x00i\x00c\x00y\x00>\x00 \x00 \x00 \x00 \x00 \x00 \x00<\x00D\x00i\x00s\x00a\x00l\x00l\x00o\x00w\x00S\x00t\x00a\x00r\x00t\x00I\x00f\x00O\x00n\x00B\x00a\x00t\x00t\x00e\x00r\x00i\x00e\x00s\x00>\x00f\x00a\x00l\x00s\x00e\x00<\x00/\x00D\x00i\x00s\x00a\x00l\x00l\x00o\x00w\x00S\x00t\x00a\x00r\x00t\x00I\x00f\x00O\x00n\x00B\x00a\x00t\x00t\x00e\x00r\x00i\x00e\x00s\x00>\x00 \x00 \x00 \x00 \x00 \x00 \x00<\x00S\x00t\x00o\x00p\x00I\x00f\x00G\x00o\x00i\x00n\x00g\x00O\x00n\x00B\x00a\x00t\x00t\x00e\x00r\x00i\x00e\x00s\x00>\x00t\x00r\x00u\x00e\x00<\x00/\x00S\x00t\x00o\x00p\x00I\x00f\x00G\x00o\x00i\x00n\x00g\x00O\x00n\x00B\x00a\x00t\x00t\x00e\x00r\x00i\x00e\x00s\x00>\x00 \x00 \x00 \x00 \x00 \x00 \x00<\x00A\x00l\x00l\x00o\x00w\x00H\x00a\x00r\x00d\x00T\x00e\x00r\x00m\x00i\x00n\x00a\x00t\x00e\x00>\x00f\x00a\x00l\x00s\x00e\x00<\x00/\x00A\x00l\x00l\x00o\x00w\x00H\x00a\x00r\x00d\x00T\x00e\x00r\x00m\x00i\x00n\x00a\x00t\x00e\x00>\x00 \x00 \x00 \x00 \x00 \x00 \x00<\x00S\x00t\x00a\x00r\x00t\x00W\x00h\x00e\x00n\x00A\x00v\x00a\x00i\x00l\x00a\x00b\x00l\x00e\x00>\x00t\x00r\x00u\x00e\x00<\x00/\x00S\x00t\x00a\x00r\x00t\x00W\x00h\x00e\x00n\x00A\x00v\x00a\x00i\x00l\x00a\x00b\x00l\x00e\x00>\x00 \x00 \x00 \x00 \x00 \x00 \x00<\x00R\x00u\x00n\x00O\x00n\x00l\x00y\x00I\x00f\x00N\x00e\x00
data_being_encrypted: f77036f1-af9d-421d-aebb-f27cebff2783
Spoofs its process name and/or associated pathname to appear as a legitimate process
original_name: DHL FILE 267382.exe
original_path: C:\Users\Louise\AppData\Local\Temp\DHL FILE 267382.exe
modified_name: dhl file 267382.exe
modified_path: C:\Users\Louise\AppData\Local\Temp\dhl file 267382.exe
CAPE detected the Loki malware family
CAPE has extracted a malware configuration
extracted_config: Loki
Creates a copy of itself
copy: C:\Users\Louise\AppData\Roaming\wmiRSwSoPk.exe
Collects information to fingerprint the system
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
Created network traffic indicative of malicious activity
signature: ET JA3 Hash - Possible Malware - Various Eitest

Screenshots


Hosts

Direct IP Country Name
Y 8.8.8.8 [VT] United States
Y 1.1.1.1 [VT] Australia

DNS

Name Response Post-Analysis Lookup
cacerts.digicert.com [VT] A 104.18.10.39 [VT] 104.18.11.39 [VT]

Summary

C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Louise\AppData\Local\Temp\DHL FILE 267382.exe.config
C:\Users\Louise\AppData\Local\Temp\DHL FILE 267382.exe
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-2.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSVCR120_CLR0400.dll
C:\Windows\System32\MSVCR120_CLR0400.dll
C:\Windows\System32\api-ms-win-core-quirks-l1-1-0.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoree.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config
C:\Windows\Microsoft.NET\Framework\v4.0.30319\fusion.localgac
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6715dc4d04e35f16d482900c355325e9\mscorlib.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6715dc4d04e35f16d482900c355325e9\mscorlib.ni.dll.aux
C:\Users
C:\Users\Louise
C:\Users\Louise\AppData
C:\Users\Louise\AppData\Local
C:\Users\Louise\AppData\Local\Temp
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ole32.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\pw\x516c\x7684S\x516cQR IvfEd\*
C:\Users\Louise\AppData\Local\Temp\DHL FILE 267382.INI
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
C:\Windows\assembly\pubpol214.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\Microsoft.Net\assembly\GAC_32\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\aece3d371c0714e60f9509d2a3137395\System.Windows.Forms.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\aece3d371c0714e60f9509d2a3137395\System.Windows.Forms.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.dll
C:\Windows\Microsoft.Net\assembly\GAC_32\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\43822396682b0ffc3cfb66137ddab95f\System.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\43822396682b0ffc3cfb66137ddab95f\System.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
C:\Windows\Microsoft.Net\assembly\GAC_32\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2c462a934e0586ac5e46c8b93e461384\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2c462a934e0586ac5e46c8b93e461384\System.Drawing.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\uxtheme.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2f61c87db96dbe27deea0e525a665761\System.Configuration.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2f61c87db96dbe27deea0e525a665761\System.Configuration.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\c8a2021e940773064c655a6ea6ee8cb2\System.Core.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\c8a2021e940773064c655a6ea6ee8cb2\System.Core.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SortDefault.nlp
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\a3abb36b9f9e867b09bb3a670b074c45\System.Xml.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\a3abb36b9f9e867b09bb3a670b074c45\System.Xml.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\bcrypt.dll
C:\Windows\Microsoft.Net\assembly\GAC_32\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\6090b158fd3d10686b422a455e188125\Microsoft.VisualBasic.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\6090b158fd3d10686b422a455e188125\Microsoft.VisualBasic.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
C:\Users\Louise\AppData\Local\Temp\en-US\pw\x516c\x7684S\x516cQR IvfEd.resources.dll
C:\Users\Louise\AppData\Local\Temp\en-US\pw\x516c\x7684S\x516cQR IvfEd.resources\pw\x516c\x7684S\x516cQR IvfEd.resources.dll
C:\Users\Louise\AppData\Local\Temp\en-US\pw\x516c\x7684S\x516cQR IvfEd.resources.exe
C:\Users\Louise\AppData\Local\Temp\en-US\pw\x516c\x7684S\x516cQR IvfEd.resources\pw\x516c\x7684S\x516cQR IvfEd.resources.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\en-US\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\en-US\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v4.0.30319\en\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\en\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
C:\Users\Louise\AppData\Local\Temp\en\pw\x516c\x7684S\x516cQR IvfEd.resources.dll
C:\Users\Louise\AppData\Local\Temp\en\pw\x516c\x7684S\x516cQR IvfEd.resources\pw\x516c\x7684S\x516cQR IvfEd.resources.dll
C:\Users\Louise\AppData\Local\Temp\en\pw\x516c\x7684S\x516cQR IvfEd.resources.exe
C:\Users\Louise\AppData\Local\Temp\en\pw\x516c\x7684S\x516cQR IvfEd.resources\pw\x516c\x7684S\x516cQR IvfEd.resources.exe
C:\Users\Louise\AppData\Local\Temp\DHL FILE 267382.exe.Local\
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24308_none_5c028e37a0121035
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24308_none_5c028e37a0121035\GdiPlus.dll
C:\Users\Louise\AppData\Local\Temp\en-US\muwHKjPnGZSzrxfznGnyFTzgYIUQibEdDjD.resources.dll
C:\Users\Louise\AppData\Local\Temp\en-US\muwHKjPnGZSzrxfznGnyFTzgYIUQibEdDjD.resources\muwHKjPnGZSzrxfznGnyFTzgYIUQibEdDjD.resources.dll
C:\Users\Louise\AppData\Local\Temp\en-US\muwHKjPnGZSzrxfznGnyFTzgYIUQibEdDjD.resources.exe
C:\Users\Louise\AppData\Local\Temp\en-US\muwHKjPnGZSzrxfznGnyFTzgYIUQibEdDjD.resources\muwHKjPnGZSzrxfznGnyFTzgYIUQibEdDjD.resources.exe
C:\Users\Louise\AppData\Local\Temp\en\muwHKjPnGZSzrxfznGnyFTzgYIUQibEdDjD.resources.dll
C:\Users\Louise\AppData\Local\Temp\en\muwHKjPnGZSzrxfznGnyFTzgYIUQibEdDjD.resources\muwHKjPnGZSzrxfznGnyFTzgYIUQibEdDjD.resources.dll
C:\Users\Louise\AppData\Local\Temp\en\muwHKjPnGZSzrxfznGnyFTzgYIUQibEdDjD.resources.exe
C:\Users\Louise\AppData\Local\Temp\en\muwHKjPnGZSzrxfznGnyFTzgYIUQibEdDjD.resources\muwHKjPnGZSzrxfznGnyFTzgYIUQibEdDjD.resources.exe
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\shell32.dll
C:\Users\Louise\AppData\Roaming\wmiRSwSoPk.exe
C:\Users\Louise\AppData\Local\Temp\tmpC0C6.tmp
\??\MountPointManager
\Device\KsecDD
C:\Windows\sysnative\Tasks
C:\Windows\sysnative\Tasks\*
C:\Windows\sysnative\Tasks\AutoKMS
C:\Windows\sysnative\Tasks\Updates\wmiRSwSoPk
C:\Windows\sysnative\Tasks\Updates
C:\Windows\sysnative\Tasks\Updates\
C:\Windows\SysWOW64\sc.exe
C:\Windows
C:\Windows\SysWOW64
C:\Windows\AppPatch\sysmain.sdb
C:\Windows\SysWOW64\
C:\Windows\SysWOW64\*.*
C:\Windows\SysWOW64\en-US\sc.exe.mui
C:\Windows\SysWOW64\ui\SwDRM.dll
C:\Windows\Temp
\Device\LanmanDatagramReceiver
C:\Windows\SysWOW64\wevtutil.exe
C:\Windows\SysWOW64\en-US\wevtutil.exe.mui
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\en-US\cmd.exe.mui
C:\Program Files (x86)\Mozilla Firefox\nss3.dll
C:\Users\Louise\AppData\Local\Temp\mozglue.dll
C:\Windows\System32\mozglue.dll
C:\Windows\system\mozglue.dll
C:\Windows\mozglue.dll
C:\Python27\mozglue.dll
C:\Python27\Scripts\mozglue.dll
C:\Windows\System32\wbem\mozglue.dll
C:\Windows\System32\WindowsPowerShell\v1.0\mozglue.dll
C:\ProgramData\chocolatey\bin\mozglue.dll
C:\Users\Louise\AppData\Local\Programs\Python\Python38-32\Scripts\mozglue.dll
C:\Users\Louise\AppData\Local\Programs\Python\Python38-32\mozglue.dll
C:\Users\Louise\AppData\Roaming\Python\Scripts\mozglue.dll
C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
C:\Users\Louise\AppData\Local\Temp\VERSION.dll
C:\Windows\System32\version.dll
C:\Users\Louise\AppData\Local\Temp\dbghelp.dll
C:\Windows\System32\dbghelp.dll
C:\Users\Louise\AppData\Local\Temp\MSVCP140.dll
C:\Windows\System32\msvcp140.dll
C:\Users\Louise\AppData\Local\Temp\VCRUNTIME140.dll
C:\Windows\System32\VCRUNTIME140.dll
C:\Users\Louise\AppData\Local\Temp\api-ms-win-crt-runtime-l1-1-0.dll
C:\Windows\System32\api-ms-win-crt-runtime-l1-1-0.dll
C:\Users\Louise\AppData\Local\Temp\ucrtbase.DLL
C:\Windows\System32\ucrtbase.dll
C:\Users\Louise\AppData\Local\Temp\api-ms-win-core-timezone-l1-1-0.dll
C:\Windows\System32\api-ms-win-core-timezone-l1-1-0.dll
C:\Users\Louise\AppData\Local\Temp\api-ms-win-core-file-l2-1-0.dll
C:\Windows\System32\api-ms-win-core-file-l2-1-0.dll
C:\Users\Louise\AppData\Local\Temp\api-ms-win-core-localization-l1-2-0.dll
C:\Windows\System32\api-ms-win-core-localization-l1-2-0.dll
C:\Users\Louise\AppData\Local\Temp\api-ms-win-core-processthreads-l1-1-1.dll
C:\Windows\System32\api-ms-win-core-processthreads-l1-1-1.dll
C:\Users\Louise\AppData\Local\Temp\api-ms-win-core-file-l1-2-0.dll
C:\Windows\System32\api-ms-win-core-file-l1-2-0.dll
C:\Users\Louise\AppData\Local\Temp\api-ms-win-crt-string-l1-1-0.dll
C:\Windows\System32\api-ms-win-crt-string-l1-1-0.dll
C:\Users\Louise\AppData\Local\Temp\api-ms-win-crt-heap-l1-1-0.dll
C:\Windows\System32\api-ms-win-crt-heap-l1-1-0.dll
C:\Users\Louise\AppData\Local\Temp\api-ms-win-crt-stdio-l1-1-0.dll
C:\Windows\System32\api-ms-win-crt-stdio-l1-1-0.dll
C:\Users\Louise\AppData\Local\Temp\api-ms-win-crt-convert-l1-1-0.dll
C:\Windows\System32\api-ms-win-crt-convert-l1-1-0.dll
C:\Users\Louise\AppData\Local\Temp\api-ms-win-crt-locale-l1-1-0.dll
C:\Windows\System32\api-ms-win-crt-locale-l1-1-0.dll
C:\Users\Louise\AppData\Local\Temp\api-ms-win-crt-math-l1-1-0.dll
C:\Windows\System32\api-ms-win-crt-math-l1-1-0.dll
C:\Users\Louise\AppData\Local\Temp\api-ms-win-crt-multibyte-l1-1-0.dll
C:\Windows\System32\api-ms-win-crt-multibyte-l1-1-0.dll
C:\Users\Louise\AppData\Local\Temp\api-ms-win-crt-time-l1-1-0.dll
C:\Windows\System32\api-ms-win-crt-time-l1-1-0.dll
C:\Users\Louise\AppData\Local\Temp\api-ms-win-crt-filesystem-l1-1-0.dll
C:\Windows\System32\api-ms-win-crt-filesystem-l1-1-0.dll
C:\Users\Louise\AppData\Local\Temp\api-ms-win-crt-environment-l1-1-0.dll
C:\Windows\System32\api-ms-win-crt-environment-l1-1-0.dll
C:\Users\Louise\AppData\Local\Temp\api-ms-win-crt-utility-l1-1-0.dll
C:\Windows\System32\api-ms-win-crt-utility-l1-1-0.dll
C:\Users\Louise\AppData\Local\Temp\WINMM.dll
C:\Windows\System32\winmm.dll
C:\Users\Louise\AppData\Local\Temp\WSOCK32.dll
C:\Windows\System32\wsock32.dll
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\profiles.ini
C:\Program Files (x86)\Mozilla Firefox\softokn3.dll
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\0f9yudun.default\pkcs11.txt
C:\Program Files (x86)\Mozilla Firefox\freebl3.dll
C:\Windows\System32\api-ms-win-core-sysinfo-l1-2-1.DLL
C:\
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\0f9yudun.default\cert9.db
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\0f9yudun.default\cert9.db-journal
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\0f9yudun.default\cert9.db-wal
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\0f9yudun.default\key4.db
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\0f9yudun.default\key4.db-journal
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\0f9yudun.default\key4.db-wal
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\0f9yudun.default\nssckbi.dll
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\0f9yudun.default\signons.sqlite
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\0f9yudun.default\logins.json
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\0f9yudun.default\signons.txt
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\0f9yudun.default\signons2.txt
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\0f9yudun.default\signons3.txt
C:\Program Files\NETGATE\Black Hawk
C:\Program Files (x86)\Lunascape\Lunascape6\plugins\{9BDD5314-20A6-4d98-AB30-8325A95771EE}
C:\Users\Louise\AppData\Local\Comodo\Dragon\User Data\Default\Login Data
C:\Users\Louise\AppData\Local\Comodo\Dragon\User Data\Default\Web Data
C:\Users\Louise\AppData\LocalComodo\Dragon\Login Data
C:\Users\Louise\AppData\LocalComodo\Dragon\Default\Login Data
C:\Users\Louise\AppData\Local\MapleStudio\ChromePlus\User Data\Default\Login Data
C:\Users\Louise\AppData\Local\MapleStudio\ChromePlus\User Data\Default\Web Data
C:\Users\Louise\AppData\LocalMapleStudio\ChromePlus\Login Data
C:\Users\Louise\AppData\LocalMapleStudio\ChromePlus\Default\Login Data
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\Login Data
C:\Users\Louise\AppData\Local\Nichrome\User Data\Default\Login Data
C:\Users\Louise\AppData\Local\Nichrome\User Data\Default\Web Data
C:\Users\Louise\AppData\LocalNichrome\Login Data
C:\Users\Louise\AppData\LocalNichrome\Default\Login Data
C:\Users\Louise\AppData\Local\RockMelt\User Data\Default\Login Data
C:\Users\Louise\AppData\Local\RockMelt\User Data\Default\Web Data
C:\Users\Louise\AppData\LocalRockMelt\Login Data
C:\Users\Louise\AppData\LocalRockMelt\Default\Login Data
C:\Users\Louise\AppData\Local\Spark\User Data\Default\Login Data
C:\Users\Louise\AppData\Local\Spark\User Data\Default\Web Data
C:\Users\Louise\AppData\LocalSpark\Login Data
C:\Users\Louise\AppData\LocalSpark\Default\Login Data
C:\Users\Louise\AppData\Local\Chromium\User Data\Default\Login Data
C:\Users\Louise\AppData\Local\Chromium\User Data\Default\Web Data
C:\Users\Louise\AppData\LocalChromium\Login Data
C:\Users\Louise\AppData\LocalChromium\Default\Login Data
C:\Users\Louise\AppData\Local\Titan Browser\User Data\Default\Login Data
C:\Users\Louise\AppData\Local\Titan Browser\User Data\Default\Web Data
C:\Users\Louise\AppData\LocalTitan Browser\Login Data
C:\Users\Louise\AppData\LocalTitan Browser\Default\Login Data
C:\Users\Louise\AppData\Local\Torch\User Data\Default\Login Data
C:\Users\Louise\AppData\Local\Torch\User Data\Default\Web Data
C:\Users\Louise\AppData\LocalTorch\Login Data
C:\Users\Louise\AppData\LocalTorch\Default\Login Data
C:\Users\Louise\AppData\Local\Yandex\YandexBrowser\User Data\Default\Login Data
C:\Users\Louise\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Data
C:\Users\Louise\AppData\LocalYandex\YandexBrowser\Login Data
C:\Users\Louise\AppData\LocalYandex\YandexBrowser\Default\Login Data
C:\Users\Louise\AppData\Local\Epic Privacy Browser\User Data\Default\Login Data
C:\Users\Louise\AppData\Local\Epic Privacy Browser\User Data\Default\Web Data
C:\Users\Louise\AppData\LocalEpic Privacy Browser\Login Data
C:\Users\Louise\AppData\LocalEpic Privacy Browser\Default\Login Data
C:\Users\Louise\AppData\Local\CocCoc\Browser\User Data\Default\Login Data
C:\Users\Louise\AppData\Local\CocCoc\Browser\User Data\Default\Web Data
C:\Users\Louise\AppData\LocalCocCoc\Browser\Login Data
C:\Users\Louise\AppData\LocalCocCoc\Browser\Default\Login Data
C:\Users\Louise\AppData\Local\Vivaldi\User Data\Default\Login Data
C:\Users\Louise\AppData\Local\Vivaldi\User Data\Default\Web Data
C:\Users\Louise\AppData\LocalVivaldi\Login Data
C:\Users\Louise\AppData\LocalVivaldi\Default\Login Data
C:\Users\Louise\AppData\Local\Comodo\Chromodo\User Data\Default\Login Data
C:\Users\Louise\AppData\Local\Comodo\Chromodo\User Data\Default\Web Data
C:\Users\Louise\AppData\LocalComodo\Chromodo\Login Data
C:\Users\Louise\AppData\LocalComodo\Chromodo\Default\Login Data
C:\Users\Louise\AppData\Local\Superbird\User Data\Default\Login Data
C:\Users\Louise\AppData\Local\Superbird\User Data\Default\Web Data
C:\Users\Louise\AppData\LocalSuperbird\Login Data
C:\Users\Louise\AppData\LocalSuperbird\Default\Login Data
C:\Users\Louise\AppData\Local\Coowon\Coowon\User Data\Default\Login Data
C:\Users\Louise\AppData\Local\Coowon\Coowon\User Data\Default\Web Data
C:\Users\Louise\AppData\LocalCoowon\Coowon\Login Data
C:\Users\Louise\AppData\LocalCoowon\Coowon\Default\Login Data
C:\Users\Louise\AppData\Local\Mustang Browser\User Data\Default\Login Data
C:\Users\Louise\AppData\Local\Mustang Browser\User Data\Default\Web Data
C:\Users\Louise\AppData\LocalMustang Browser\Login Data
C:\Users\Louise\AppData\LocalMustang Browser\Default\Login Data
C:\Users\Louise\AppData\Local\360Browser\Browser\User Data\Default\Login Data
C:\Users\Louise\AppData\Local\360Browser\Browser\User Data\Default\Web Data
C:\Users\Louise\AppData\Local360Browser\Browser\Login Data
C:\Users\Louise\AppData\Local360Browser\Browser\Default\Login Data
C:\Users\Louise\AppData\Local\CatalinaGroup\Citrio\User Data\Default\Login Data
C:\Users\Louise\AppData\Local\CatalinaGroup\Citrio\User Data\Default\Web Data
C:\Users\Louise\AppData\LocalCatalinaGroup\Citrio\Login Data
C:\Users\Louise\AppData\LocalCatalinaGroup\Citrio\Default\Login Data
C:\Users\Louise\AppData\Local\Google\Chrome SxS\User Data\Default\Login Data
C:\Users\Louise\AppData\Local\Google\Chrome SxS\User Data\Default\Web Data
C:\Users\Louise\AppData\LocalGoogle\Chrome SxS\Login Data
C:\Users\Louise\AppData\LocalGoogle\Chrome SxS\Default\Login Data
C:\Users\Louise\AppData\Local\Orbitum\User Data\Default\Login Data
C:\Users\Louise\AppData\Local\Orbitum\User Data\Default\Web Data
C:\Users\Louise\AppData\LocalOrbitum\Login Data
C:\Users\Louise\AppData\LocalOrbitum\Default\Login Data
C:\Users\Louise\AppData\Local\Iridium\User Data\Default\Login Data
C:\Users\Louise\AppData\Local\Iridium\User Data\Default\Web Data
C:\Users\Louise\AppData\LocalIridium\Login Data
C:\Users\Louise\AppData\LocalIridium\Default\Login Data
C:\Users\Louise\AppData\Roaming\Opera\Opera Next\data\User Data\Default\Login Data
C:\Users\Louise\AppData\Roaming\Opera\Opera Next\data\User Data\Default\Web Data
C:\Users\Louise\AppData\Roaming\Opera\Opera Next\data\Login Data
C:\Users\Louise\AppData\Roaming\Opera\Opera Next\data\Default\Login Data
C:\Users\Louise\AppData\Roaming\Opera Software\Opera Stable\User Data\Default\Login Data
C:\Users\Louise\AppData\Roaming\Opera Software\Opera Stable\User Data\Default\Web Data
C:\Users\Louise\AppData\Roaming\Opera Software\Opera Stable\Login Data
C:\Users\Louise\AppData\Roaming\Opera Software\Opera Stable\Default\Login Data
C:\Users\Louise\AppData\Roaming\Fenrir Inc\Sleipnir\setting\modules\ChromiumViewer\User Data\Default\Login Data
C:\Users\Louise\AppData\Roaming\Fenrir Inc\Sleipnir\setting\modules\ChromiumViewer\User Data\Default\Web Data
C:\Users\Louise\AppData\Roaming\Fenrir Inc\Sleipnir\setting\modules\ChromiumViewer\Login Data
C:\Users\Louise\AppData\Roaming\Fenrir Inc\Sleipnir\setting\modules\ChromiumViewer\Default\Login Data
C:\Users\Louise\AppData\Roaming\Fenrir Inc\Sleipnir5\setting\modules\ChromiumViewer\User Data\Default\Login Data
C:\Users\Louise\AppData\Roaming\Fenrir Inc\Sleipnir5\setting\modules\ChromiumViewer\User Data\Default\Web Data
C:\Users\Louise\AppData\Roaming\Fenrir Inc\Sleipnir5\setting\modules\ChromiumViewer\Login Data
C:\Users\Louise\AppData\Roaming\Fenrir Inc\Sleipnir5\setting\modules\ChromiumViewer\Default\Login Data
C:\Users\Louise\AppData\Local\QupZilla\profiles\default\browsedata.db
C:\Windows\sysnative\LogFiles\Scm\eaca24ff-236c-401d-a1e7-b3d5267b8a50
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Users\Louise\AppData\Local\Temp\DHL FILE 267382.exe.config
C:\Users\Louise\AppData\Local\Temp\DHL FILE 267382.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Windows\System32\MSVCR120_CLR0400.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6715dc4d04e35f16d482900c355325e9\mscorlib.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6715dc4d04e35f16d482900c355325e9\mscorlib.ni.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
C:\Windows\assembly\pubpol214.dat
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\aece3d371c0714e60f9509d2a3137395\System.Windows.Forms.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\43822396682b0ffc3cfb66137ddab95f\System.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\43822396682b0ffc3cfb66137ddab95f\System.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2c462a934e0586ac5e46c8b93e461384\System.Drawing.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2c462a934e0586ac5e46c8b93e461384\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\aece3d371c0714e60f9509d2a3137395\System.Windows.Forms.ni.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2f61c87db96dbe27deea0e525a665761\System.Configuration.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\c8a2021e940773064c655a6ea6ee8cb2\System.Core.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\c8a2021e940773064c655a6ea6ee8cb2\System.Core.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2f61c87db96dbe27deea0e525a665761\System.Configuration.ni.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SortDefault.nlp
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\a3abb36b9f9e867b09bb3a670b074c45\System.Xml.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\a3abb36b9f9e867b09bb3a670b074c45\System.Xml.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\6090b158fd3d10686b422a455e188125\Microsoft.VisualBasic.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\6090b158fd3d10686b422a455e188125\Microsoft.VisualBasic.ni.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24308_none_5c028e37a0121035\GdiPlus.dll
C:\Users\Louise\AppData\Local\Temp\tmpC0C6.tmp
\Device\KsecDD
C:\Windows\SysWOW64\sc.exe
C:\Windows\AppPatch\sysmain.sdb
C:\Windows\SysWOW64\
C:\Windows\SysWOW64\en-US\sc.exe.mui
\Device\LanmanDatagramReceiver
C:\Windows\SysWOW64\wevtutil.exe
C:\Windows\SysWOW64\en-US\wevtutil.exe.mui
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\en-US\cmd.exe.mui
C:\Program Files (x86)\Mozilla Firefox\nss3.dll
C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
C:\Windows\System32\version.dll
C:\Windows\System32\dbghelp.dll
C:\Windows\System32\msvcp140.dll
C:\Windows\System32\VCRUNTIME140.dll
C:\Windows\System32\api-ms-win-crt-runtime-l1-1-0.dll
C:\Windows\System32\ucrtbase.dll
C:\Windows\System32\api-ms-win-core-timezone-l1-1-0.dll
C:\Windows\System32\api-ms-win-core-file-l2-1-0.dll
C:\Windows\System32\api-ms-win-core-localization-l1-2-0.dll
C:\Windows\System32\api-ms-win-core-processthreads-l1-1-1.dll
C:\Windows\System32\api-ms-win-core-file-l1-2-0.dll
C:\Windows\System32\api-ms-win-crt-string-l1-1-0.dll
C:\Windows\System32\api-ms-win-crt-heap-l1-1-0.dll
C:\Windows\System32\api-ms-win-crt-stdio-l1-1-0.dll
C:\Windows\System32\api-ms-win-crt-convert-l1-1-0.dll
C:\Windows\System32\api-ms-win-crt-locale-l1-1-0.dll
C:\Windows\System32\api-ms-win-crt-math-l1-1-0.dll
C:\Windows\System32\api-ms-win-crt-multibyte-l1-1-0.dll
C:\Windows\System32\api-ms-win-crt-time-l1-1-0.dll
C:\Windows\System32\api-ms-win-crt-filesystem-l1-1-0.dll
C:\Windows\System32\api-ms-win-crt-environment-l1-1-0.dll
C:\Windows\System32\api-ms-win-crt-utility-l1-1-0.dll
C:\Windows\System32\winmm.dll
C:\Windows\System32\wsock32.dll
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\profiles.ini
C:\Program Files (x86)\Mozilla Firefox\softokn3.dll
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\0f9yudun.default\pkcs11.txt
C:\Program Files (x86)\Mozilla Firefox\freebl3.dll
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\0f9yudun.default\cert9.db
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\0f9yudun.default\key4.db
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\0f9yudun.default\logins.json
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\Login Data
C:\Windows\sysnative\LogFiles\Scm\eaca24ff-236c-401d-a1e7-b3d5267b8a50
C:\Users\Louise\AppData\Roaming\wmiRSwSoPk.exe
C:\Users\Louise\AppData\Local\Temp\tmpC0C6.tmp
\Device\LanmanDatagramReceiver
C:\Users\Louise\AppData\Local\Temp\tmpC0C6.tmp
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v4.0.30319
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v4.0.30319\SKUs\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319\SKUs\default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DHL FILE 267382.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\NGen\Policy\v4.0
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Servicing
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\00060101.00060101
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\FeatureSIMD
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AltJit
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index214
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\AppContext
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Numerics__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Numerics__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Data.SqlXml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Data.SqlXml__b77a5c561934e089
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1339698970-4093829097-1161395185-1000
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 024
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider Types\Type 024\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgManagedDebugger
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.10.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.10.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Management__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Management__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml.Linq__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml.Linq__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Runtime.Remoting__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Runtime.Remoting__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1339698970-4093829097-1161395185-1000\Installer\Assemblies\C:|Users|Louise|AppData|Local|Temp|DHL FILE 267382.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Louise|AppData|Local|Temp|DHL FILE 267382.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Louise|AppData|Local|Temp|DHL FILE 267382.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1339698970-4093829097-1161395185-1000\Installer\Assemblies\Global
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance\Disabled
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{9a0b8d7d-300f-11ea-b342-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{9a0b8d7d-300f-11ea-b342-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{9a0b8d7d-300f-11ea-b342-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{80b5a657-2730-11e9-8620-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{80b5a657-2730-11e9-8620-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{80b5a657-2730-11e9-8620-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{80b5a658-2730-11e9-8620-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{80b5a658-2730-11e9-8620-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{80b5a658-2730-11e9-8620-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\AppID\DHL FILE 267382.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPSampledIn
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
DisableUserModeCallbackFilter
HKEY_CURRENT_USER\Software\Classes\AppID\schtasks.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS\Id
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\SchedulingEngineKnob
HKEY_USERS\S-1-5-21-1339698970-4093829097-1161395185-1000
HKEY_USERS\S-1-5-21-1339698970-4093829097-1161395185-1000\Control Panel\International
HKEY_USERS\S-1-5-21-1339698970-4093829097-1161395185-1000\Control Panel\International\LocaleName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updates\wmiRSwSoPk
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\svchost.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9B36EE2-84E5-4648-B588-FB47A7D92EAC}\Path
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9B36EE2-84E5-4648-B588-FB47A7D92EAC}\Hash
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updates\wmiRSwSoPk\Id
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updates\wmiRSwSoPk\Index
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9B36EE2-84E5-4648-B588-FB47A7D92EAC}\Triggers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9B36EE2-84E5-4648-B588-FB47A7D92EAC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9B36EE2-84E5-4648-B588-FB47A7D92EAC}\DynamicInfo
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\sc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\RepositoryRestoreInProgress
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75F53380-9847-4C40-95C9-324CD9F2595B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75F53380-9847-4C40-95C9-324CD9F2595B}\Hash
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75F53380-9847-4C40-95C9-324CD9F2595B}\DynamicInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Handshake
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Handshake\{AAB6EC13-2AB4-4553-910B-1DD316E61F99}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Public
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Default
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramW6432Dir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonW6432Dir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1339698970-4093829097-1161395185-1000\ProfileImagePath
HKEY_USERS\S-1-5-21-1339698970-4093829097-1161395185-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_USERS\S-1-5-21-1339698970-4093829097-1161395185-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_USERS\S-1-5-21-1339698970-4093829097-1161395185-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_USERS\S-1-5-21-1339698970-4093829097-1161395185-1000\Environment
HKEY_USERS\S-1-5-21-1339698970-4093829097-1161395185-1000\Volatile Environment
HKEY_USERS\S-1-5-21-1339698970-4093829097-1161395185-1000\Volatile Environment\0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Handshake\{AAB6EC13-2AB4-4553-910B-1DD316E61F99}\data
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F82CE6E-AD98-4E4E-A69C-61F38848FDD9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F82CE6E-AD98-4E4E-A69C-61F38848FDD9}\Hash
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F82CE6E-AD98-4E4E-A69C-61F38848FDD9}\DynamicInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Handshake\{7762BC04-2AA3-4ED8-B18D-44D77D69EFB2}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Handshake\{7762BC04-2AA3-4ED8-B18D-44D77D69EFB2}\data
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F417FC0C-A2EF-4C2E-9032-217D1482E5C1}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F417FC0C-A2EF-4C2E-9032-217D1482E5C1}\Hash
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F417FC0C-A2EF-4C2E-9032-217D1482E5C1}\DynamicInfo
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\wevtutil.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\cmd.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Mozilla Firefox\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\75.0 (x86 en-GB)\Main
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Mozilla Firefox\75.0 (x86 en-GB)\Main\Install Directory
HKEY_LOCAL_MACHINE\SOFTWARE\ComodoGroup\IceDragon\Setup
HKEY_LOCAL_MACHINE\SOFTWARE\Apple Computer, Inc.\Safari
HKEY_LOCAL_MACHINE\SOFTWARE\K-Meleon
HKEY_LOCAL_MACHINE\SOFTWARE\mozilla.org\SeaMonkey
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\SeaMonkey
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Flock
HKEY_CURRENT_USER\Software\QtWeb.NET\QtWeb Internet Browser\AutoComplete
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcSs
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcSs\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\WOW64
HKEY_USERS\S-1-5-18
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18\ProfileImagePath
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_USERS\.DEFAULT\Environment
HKEY_USERS\.DEFAULT\Volatile Environment
HKEY_USERS\.DEFAULT\Volatile Environment\0
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\Environment
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\RequiredPrivileges
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lsass.exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Environment
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\FailureActions
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioSrv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioSrv\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioSrv\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioSrv\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioSrv\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioSrv\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioSrv\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioSrv\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioSrv\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioSrv\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent\ObjectName
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\WerSvcGroup
HKEY_CURRENT_USER
HKEY_USERS\.DEFAULT\Control Panel\International
HKEY_USERS\.DEFAULT\Control Panel\International\LocaleName
HKEY_USERS\.DEFAULT\Control Panel\International\sCountry
HKEY_USERS\.DEFAULT\Control Panel\International\sList
HKEY_USERS\.DEFAULT\Control Panel\International\sDecimal
HKEY_USERS\.DEFAULT\Control Panel\International\sThousand
HKEY_USERS\.DEFAULT\Control Panel\International\sGrouping
HKEY_USERS\.DEFAULT\Control Panel\International\sNativeDigits
HKEY_USERS\.DEFAULT\Control Panel\International\sCurrency
HKEY_USERS\.DEFAULT\Control Panel\International\sMonDecimalSep
HKEY_USERS\.DEFAULT\Control Panel\International\sMonThousandSep
HKEY_USERS\.DEFAULT\Control Panel\International\sMonGrouping
HKEY_USERS\.DEFAULT\Control Panel\International\sPositiveSign
HKEY_USERS\.DEFAULT\Control Panel\International\sNegativeSign
HKEY_USERS\.DEFAULT\Control Panel\International\sTimeFormat
HKEY_USERS\.DEFAULT\Control Panel\International\sShortTime
HKEY_USERS\.DEFAULT\Control Panel\International\s1159
HKEY_USERS\.DEFAULT\Control Panel\International\s2359
HKEY_USERS\.DEFAULT\Control Panel\International\sShortDate
HKEY_USERS\.DEFAULT\Control Panel\International\sYearMonth
HKEY_USERS\.DEFAULT\Control Panel\International\sLongDate
HKEY_USERS\.DEFAULT\Control Panel\International\iCountry
HKEY_USERS\.DEFAULT\Control Panel\International\iMeasure
HKEY_USERS\.DEFAULT\Control Panel\International\iPaperSize
HKEY_USERS\.DEFAULT\Control Panel\International\iDigits
HKEY_USERS\.DEFAULT\Control Panel\International\iLZero
HKEY_USERS\.DEFAULT\Control Panel\International\iNegNumber
HKEY_USERS\.DEFAULT\Control Panel\International\NumShape
HKEY_USERS\.DEFAULT\Control Panel\International\iCurrDigits
HKEY_USERS\.DEFAULT\Control Panel\International\iCurrency
HKEY_USERS\.DEFAULT\Control Panel\International\iNegCurr
HKEY_USERS\.DEFAULT\Control Panel\International\iCalendarType
HKEY_USERS\.DEFAULT\Control Panel\International\iFirstDayOfWeek
HKEY_USERS\.DEFAULT\Control Panel\International\iFirstWeekOfYear
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wersvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Parameters\ServiceDll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Parameters\ServiceManifest
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Parameters\ServiceMain
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\ServiceTimeout
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Parameters\ServiceDllUnloadOnStop
HKEY_CURRENT_USER\Software\Classes\AppID\taskeng.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration\DataVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration\EnableBackCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration\MissedTasksStartupDelay
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration\TasksInMemoryQueue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration\TasksPerHighestPrivEngine
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration\TasksPerLeastPrivEngine
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration\TracingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration\WindowSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\6BA0E3C1
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_CURRENT_USER\Software\Classes\Interface\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\Com+Enabled
HKEY_CURRENT_USER\Software\Classes\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}
HKEY_CURRENT_USER\Software\Classes\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\TreatAs
HKEY_CURRENT_USER\Software\Classes\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\Progid
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\InprocServer32\ThreadingModel
HKEY_CURRENT_USER\Software\Classes\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\InprocHandler32
HKEY_CURRENT_USER\Software\Classes\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\InprocHandler
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\MaxSxSHashCount
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\00060101.00060101
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\FeatureSIMD
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AltJit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index214
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider Types\Type 024\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgManagedDebugger
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{9a0b8d7d-300f-11ea-b342-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{9a0b8d7d-300f-11ea-b342-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{80b5a657-2730-11e9-8620-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{80b5a657-2730-11e9-8620-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{80b5a658-2730-11e9-8620-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{80b5a658-2730-11e9-8620-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPSampledIn
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
DisableUserModeCallbackFilter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS\Id
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\SchedulingEngineKnob
HKEY_USERS\S-1-5-21-1339698970-4093829097-1161395185-1000\Control Panel\International\LocaleName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9B36EE2-84E5-4648-B588-FB47A7D92EAC}\Hash
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9B36EE2-84E5-4648-B588-FB47A7D92EAC}\DynamicInfo
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75F53380-9847-4C40-95C9-324CD9F2595B}\Hash
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75F53380-9847-4C40-95C9-324CD9F2595B}\DynamicInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Public
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramW6432Dir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonW6432Dir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1339698970-4093829097-1161395185-1000\ProfileImagePath
HKEY_USERS\S-1-5-21-1339698970-4093829097-1161395185-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_USERS\S-1-5-21-1339698970-4093829097-1161395185-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Handshake\{AAB6EC13-2AB4-4553-910B-1DD316E61F99}\data
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F82CE6E-AD98-4E4E-A69C-61F38848FDD9}\Hash
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F82CE6E-AD98-4E4E-A69C-61F38848FDD9}\DynamicInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Handshake\{7762BC04-2AA3-4ED8-B18D-44D77D69EFB2}\data
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F417FC0C-A2EF-4C2E-9032-217D1482E5C1}\Hash
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F417FC0C-A2EF-4C2E-9032-217D1482E5C1}\DynamicInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Mozilla Firefox\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Mozilla Firefox\75.0 (x86 en-GB)\Main\Install Directory
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcSs\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\WOW64
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18\ProfileImagePath
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\Environment
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Environment
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\FailureActions
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioSrv\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioSrv\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioSrv\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioSrv\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioSrv\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioSrv\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioSrv\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioSrv\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioSrv\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent\ObjectName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\WerSvcGroup
HKEY_USERS\.DEFAULT\Control Panel\International\LocaleName
HKEY_USERS\.DEFAULT\Control Panel\International\sCountry
HKEY_USERS\.DEFAULT\Control Panel\International\sList
HKEY_USERS\.DEFAULT\Control Panel\International\sDecimal
HKEY_USERS\.DEFAULT\Control Panel\International\sThousand
HKEY_USERS\.DEFAULT\Control Panel\International\sGrouping
HKEY_USERS\.DEFAULT\Control Panel\International\sNativeDigits
HKEY_USERS\.DEFAULT\Control Panel\International\sCurrency
HKEY_USERS\.DEFAULT\Control Panel\International\sMonDecimalSep
HKEY_USERS\.DEFAULT\Control Panel\International\sMonThousandSep
HKEY_USERS\.DEFAULT\Control Panel\International\sMonGrouping
HKEY_USERS\.DEFAULT\Control Panel\International\sPositiveSign
HKEY_USERS\.DEFAULT\Control Panel\International\sNegativeSign
HKEY_USERS\.DEFAULT\Control Panel\International\sTimeFormat
HKEY_USERS\.DEFAULT\Control Panel\International\sShortTime
HKEY_USERS\.DEFAULT\Control Panel\International\s1159
HKEY_USERS\.DEFAULT\Control Panel\International\s2359
HKEY_USERS\.DEFAULT\Control Panel\International\sShortDate
HKEY_USERS\.DEFAULT\Control Panel\International\sYearMonth
HKEY_USERS\.DEFAULT\Control Panel\International\sLongDate
HKEY_USERS\.DEFAULT\Control Panel\International\iCountry
HKEY_USERS\.DEFAULT\Control Panel\International\iMeasure
HKEY_USERS\.DEFAULT\Control Panel\International\iPaperSize
HKEY_USERS\.DEFAULT\Control Panel\International\iDigits
HKEY_USERS\.DEFAULT\Control Panel\International\iLZero
HKEY_USERS\.DEFAULT\Control Panel\International\iNegNumber
HKEY_USERS\.DEFAULT\Control Panel\International\NumShape
HKEY_USERS\.DEFAULT\Control Panel\International\iCurrDigits
HKEY_USERS\.DEFAULT\Control Panel\International\iCurrency
HKEY_USERS\.DEFAULT\Control Panel\International\iNegCurr
HKEY_USERS\.DEFAULT\Control Panel\International\iCalendarType
HKEY_USERS\.DEFAULT\Control Panel\International\iFirstDayOfWeek
HKEY_USERS\.DEFAULT\Control Panel\International\iFirstWeekOfYear
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Parameters\ServiceDll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Parameters\ServiceManifest
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Parameters\ServiceMain
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\ServiceTimeout
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Parameters\ServiceDllUnloadOnStop
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration\DataVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration\EnableBackCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration\MissedTasksStartupDelay
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration\TasksInMemoryQueue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration\TasksPerHighestPrivEngine
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration\TasksPerLeastPrivEngine
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration\TracingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration\WindowSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\6BA0E3C1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\Com+Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\MaxSxSHashCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9B36EE2-84E5-4648-B588-FB47A7D92EAC}\Path
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9B36EE2-84E5-4648-B588-FB47A7D92EAC}\Hash
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updates\wmiRSwSoPk\Id
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updates\wmiRSwSoPk\Index
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9B36EE2-84E5-4648-B588-FB47A7D92EAC}\Triggers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9B36EE2-84E5-4648-B588-FB47A7D92EAC}\DynamicInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75F53380-9847-4C40-95C9-324CD9F2595B}\DynamicInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Handshake\{AAB6EC13-2AB4-4553-910B-1DD316E61F99}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F82CE6E-AD98-4E4E-A69C-61F38848FDD9}\DynamicInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Handshake\{7762BC04-2AA3-4ED8-B18D-44D77D69EFB2}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F417FC0C-A2EF-4C2E-9032-217D1482E5C1}\DynamicInfo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Type
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Handshake\{AAB6EC13-2AB4-4553-910B-1DD316E61F99}\data
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Handshake\{7762BC04-2AA3-4ED8-B18D-44D77D69EFB2}\data
advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.SetDefaultDllDirectories
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
kernel32.dll.AcquireSRWLockExclusive
kernel32.dll.ReleaseSRWLockExclusive
advapi32.dll.EventRegister
advapi32.dll.EventSetInformation
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
clr.dll.SetRuntimeInfo
user32.dll.GetProcessWindowStation
user32.dll.GetUserObjectInformationW
clr.dll._CorExeMain
mscoree.dll.CreateConfigStream
mscoreei.dll.CreateConfigStream
kernel32.dll.GetNumaHighestNodeNumber
kernel32.dll.GetSystemWindowsDirectoryW
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddSIDToBoundaryDescriptor
kernel32.dll.CreateBoundaryDescriptorW
kernel32.dll.CreatePrivateNamespaceW
kernel32.dll.OpenPrivateNamespaceW
kernel32.dll.DeleteBoundaryDescriptor
kernel32.dll.WerRegisterRuntimeExceptionModule
kernel32.dll.RaiseException
mscoree.dll.#24
mscoreei.dll.#24
ntdll.dll.NtSetSystemInformation
kernel32.dll.AddDllDirectory
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
kernel32.dll.GetNativeSystemInfo
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
ole32.dll.CoGetContextToken
clrjit.dll.sxsJitStartup
clrjit.dll.getJit
kernel32.dll.LocaleNameToLCID
kernel32.dll.LCIDToLocaleName
kernel32.dll.GetUserPreferredUILanguages
kernel32.dll.GetFullPathNameW
uxtheme.dll.IsAppThemed
kernel32.dll.CreateActCtxA
ole32.dll.CoTaskMemAlloc
ole32.dll.CoTaskMemFree
user32.dll.RegisterWindowMessageW
nlssorting.dll.SortGetHandle
nlssorting.dll.SortCloseHandle
kernel32.dll.CompareStringOrdinal
kernel32.dll.CloseHandle
kernel32.dll.GetCurrentProcess
ntdll.dll.NtQuerySystemInformation
kernel32.dll.GetFileAttributesExW
kernel32.dll.SetThreadErrorMode
kernel32.dll.CreateFileW
kernel32.dll.GetFileType
advapi32.dll.ConvertSidToStringSidW
shell32.dll.SHGetFolderPathW
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
bcrypt.dll.BCryptGetFipsAlgorithmMode
cryptsp.dll.CryptGetDefaultProviderW
cryptsp.dll.CryptAcquireContextW
cryptsp.dll.CryptGenRandom
kernel32.dll.GetFileSize
kernel32.dll.ReadFile
user32.dll.GetSystemMetrics
kernel32.dll.GetModuleHandleW
kernel32.dll.GetProcAddress
kernel32.dll.WideCharToMultiByte
kernel32.dll.LoadLibraryExW
user32.dll.AdjustWindowRectEx
kernel32.dll.GetCurrentThread
kernel32.dll.DuplicateHandle
kernel32.dll.GetCurrentThreadId
kernel32.dll.GetCurrentActCtx
kernel32.dll.ActivateActCtx
user32.dll.DefWindowProcW
gdi32.dll.GetStockObject
user32.dll.RegisterClassW
user32.dll.CreateWindowExW
user32.dll.SetWindowLongW
user32.dll.GetWindowLongW
user32.dll.CallWindowProcW
user32.dll.GetClientRect
user32.dll.GetWindowRect
user32.dll.GetParent
kernel32.dll.DeactivateActCtx
kernel32.dll.ResolveLocaleName
gdiplus.dll.GdiplusStartup
kernel32.dll.IsProcessorFeaturePresent
user32.dll.GetWindowInfo
user32.dll.GetAncestor
user32.dll.GetMonitorInfoA
user32.dll.EnumDisplayMonitors
user32.dll.EnumDisplayDevicesA
gdi32.dll.ExtTextOutW
gdi32.dll.GdiIsMetaPrintDC
gdiplus.dll.GdipLoadImageFromStream
windowscodecs.dll.DllGetClassObject
gdiplus.dll.GdipImageForceValidation
gdiplus.dll.GdipGetImageType
gdiplus.dll.GdipGetImageRawFormat
gdiplus.dll.GdipGetImageWidth
gdiplus.dll.GdipGetImageHeight
gdiplus.dll.GdipBitmapGetPixel
cryptsp.dll.CryptGetProvParam
cryptsp.dll.CryptImportKey
cryptsp.dll.CryptSetKeyParam
cryptsp.dll.CryptDecrypt
cryptsp.dll.CryptEncrypt
ole32.dll.CoCreateGuid
kernel32.dll.FindStringOrdinal
cryptsp.dll.CryptDestroyKey
cryptsp.dll.CryptReleaseContext
kernel32.dll.WriteFile
kernel32.dll.LocalFree
kernel32.dll.LocalAlloc
advapi32.dll.LsaClose
advapi32.dll.LsaFreeMemory
advapi32.dll.LsaOpenPolicy
advapi32.dll.LsaLookupSids
kernel32.dll.GetTempPathW
kernel32.dll.GetTempFileNameW
shell32.dll.ShellExecuteEx
shell32.dll.ShellExecuteExW
setupapi.dll.CM_Get_Device_Interface_List_Size_ExW
setupapi.dll.CM_Get_Device_Interface_List_ExW
comctl32.dll.#332
comctl32.dll.#386
ole32.dll.CoWaitForMultipleHandles
sechost.dll.LookupAccountNameLocalW
advapi32.dll.LookupAccountSidW
sechost.dll.LookupAccountSidLocalW
ole32.dll.NdrOleInitializeExtension
ole32.dll.CoGetClassObject
ole32.dll.CoGetMarshalSizeMax
ole32.dll.CoMarshalInterface
ole32.dll.CoUnmarshalInterface
ole32.dll.StringFromIID
ole32.dll.CoGetPSClsid
ole32.dll.CoCreateInstance
ole32.dll.CoReleaseMarshalData
ole32.dll.DcomChannelSetHResult
rpcrtremote.dll.I_RpcExtInitializeExtensionPoint
kernel32.dll.DeleteFileW
kernel32.dll.CreateProcessW
kernel32.dll.GetThreadContext
kernel32.dll.ReadProcessMemory
kernel32.dll.VirtualAllocEx
kernel32.dll.WriteProcessMemory
kernel32.dll.SetThreadContext
kernel32.dll.ResumeThread
user32.dll.SetClassLongW
user32.dll.PostMessageW
user32.dll.UnregisterClassW
advapi32.dll.EventUnregister
gdiplus.dll.GdipDisposeImage
api-ms-win-downlevel-advapi32-l1-1-0.dll.UnregisterTraceGuids
advapi32.dll.UnregisterTraceGuids
comctl32.dll.#321
kernel32.dll.CreateActCtxW
kernel32.dll.AddRefActCtx
kernel32.dll.ReleaseActCtx
kernel32.dll.QueryActCtxW
sspicli.dll.GetUserNameExW
cryptsp.dll.CryptCreateHash
cryptsp.dll.CryptHashData
cryptsp.dll.CryptGetHashParam
cryptsp.dll.CryptDestroyHash
nss3.dll.NSS_Init
nss3.dll.NSS_Shutdown
nss3.dll.PK11_GetInternalKeySlot
nss3.dll.PK11_FreeSlot
nss3.dll.PK11_Authenticate
nss3.dll.PK11SDR_Decrypt
nss3.dll.PK11_CheckUserPassword
nss3.dll.SECITEM_FreeItem
softokn3.dll.NSC_GetFunctionList
softokn3.dll.NSC_ModuleDBFunc
freebl3.dll.FREEBL_GetVector
vaultcli.dll.VaultEnumerateItems
vaultcli.dll.VaultEnumerateVaults
vaultcli.dll.VaultFree
vaultcli.dll.VaultGetItem
vaultcli.dll.VaultOpenVault
vaultcli.dll.VaultCloseVault
wersvc.dll.ServiceMain
wersvc.dll.SvchostPushServiceGlobals
advapi32.dll.RegGetValueW
sechost.dll.ConvertStringSecurityDescriptorToSecurityDescriptorW
advapi32.dll.CryptAcquireContextW
advapi32.dll.RegCreateKeyExW
shlwapi.dll.PathIsDirectoryW
advapi32.dll.RegNotifyChangeKeyValue
ole32.dll.CLSIDFromOle1Class
clbcatq.dll.GetCatalogObject
clbcatq.dll.GetCatalogObject2
tschannel.dll.DllGetClassObject
tschannel.dll.DllCanUnloadNow
advapi32.dll.RegSetValueExW
advapi32.dll.CryptReleaseContext
oleaut32.dll.#500
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\wmiRSwSoPk" /XML "C:\Users\Louise\AppData\Local\Temp\tmpC0C6.tmp"
schtasks.exe /Create /TN "Updates\wmiRSwSoPk" /XML "C:\Users\Louise\AppData\Local\Temp\tmpC0C6.tmp"
"{path}"
C:\Users\Louise\AppData\Local\Temp\DHL FILE 267382.exe "{path}"
taskeng.exe {AAB6EC13-2AB4-4553-910B-1DD316E61F99} S-1-5-21-1339698970-4093829097-1161395185-1000:Louise-PC\Louise:Interactive:[1]
taskeng.exe {7762BC04-2AA3-4ED8-B18D-44D77D69EFB2} S-1-5-21-1339698970-4093829097-1161395185-1000:Louise-PC\Louise:Interactive:[1]
C:\Windows\system32\lsass.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
1B3A20FE4D451BD83A284AF3
VaultSvc
WerSvc

BinGraph Download graph

2020-10-18T06:49:33.639178 image/svg+xml Matplotlib v3.3.0, https://matplotlib.org/

PE Information

Image Base Entry Point Reported Checksum Actual Checksum Minimum OS Version Compile Time Import Hash
0x00400000 0x0045ac9e 0x00000000 0x00060988 4.0 2020-10-18 04:56:51 f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name RAW Address Virtual Address Virtual Size Size of Raw Data Characteristics Entropy
.text 0x00000200 0x00002000 0x00058ca4 0x00058e00 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 7.59
.rsrc 0x00059000 0x0005c000 0x00000600 0x00000600 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.17
.reloc 0x00059600 0x0005e000 0x0000000c 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 0.10

Resources

Name Offset Size Language Sub-language Entropy File type
RT_VERSION 0x0005c090 0x0000032c LANG_NEUTRAL SUBLANG_NEUTRAL 3.38 None
RT_MANIFEST 0x0005c3cc 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL 5.00 None

Imports


Assembly Information

Name pw\x516c\x7684S\x516cQR IvfEd
Version 0.0.0.0

Assembly References

Name Version
mscorlib 4.0.0.0
System.Windows.Forms 4.0.0.0
System 4.0.0.0
System.Drawing 4.0.0.0
Microsoft.VisualBasic 10.0.0.0

Custom Attributes

Type Name Value
Assembly [mscorlib]System.Reflection.AssemblyTitleAttribute Jumping Squa
Assembly [mscorlib]System.Runtime.InteropServices.GuidAttribute bc76aeeb-b479-4a28-8e52-3b6403bb66
Assembly [mscorlib]System.Reflection.AssemblyFileVersionAttribute 7.1.5
Assembly [mscorlib]System.Reflection.AssemblyProductAttribute Jumping Squa
Assembly [mscorlib]System.Reflection.AssemblyCopyrightAttribute Copyright \xa9 2016 - 20

Type References

Assembly Type Name
System.Windows.Forms System.Windows.Forms.Form
mscorlib System.Collections.Generic.Dictionary`2
mscorlib System.Collections.Generic.List`1
System.Windows.Forms System.Windows.Forms.Timer
mscorlib System.TimeSpan
System System.Media.SoundPlayer
System System.ComponentModel.IContainer
System.Windows.Forms System.Windows.Forms.TableLayoutPanel
System.Windows.Forms System.Windows.Forms.Button
System.Windows.Forms System.Windows.Forms.MenuStrip
System.Windows.Forms System.Windows.Forms.ToolStripMenuItem
System.Windows.Forms System.Windows.Forms.Label
System.Windows.Forms System.Windows.Forms.Control
mscorlib System.Convert
mscorlib System.EventHandler
mscorlib System.IO.Directory
System.Windows.Forms System.Windows.Forms.Application
mscorlib System.IO.Path
System.Windows.Forms System.Windows.Forms.DialogResult
mscorlib System.Collections.Generic.List`1/Enumerator
mscorlib System.Int32
mscorlib System.String
System.Windows.Forms System.Windows.Forms.MessageBox
System.Windows.Forms System.Windows.Forms.MessageBoxButtons
System.Windows.Forms System.Windows.Forms.MessageBoxIcon
mscorlib System.IDisposable
mscorlib System.EventArgs
System.Drawing System.Drawing.Bitmap
System.Drawing System.Drawing.Image
System.Windows.Forms System.Windows.Forms.ImageLayout
mscorlib System.Object
mscorlib System.Random
System.Windows.Forms System.Windows.Forms.TableLayoutControlCollection
System.Windows.Forms System.Windows.Forms.Control/ControlCollection
System.Windows.Forms System.Windows.Forms.KeyEventArgs
System.Windows.Forms System.Windows.Forms.Keys
mscorlib System.GC
System.Windows.Forms System.Windows.Forms.FormClosedEventArgs
System.Windows.Forms System.Windows.Forms.TableLayoutPanelCellBorderStyle
System.Windows.Forms System.Windows.Forms.TableLayoutColumnStyleCollection
System.Windows.Forms System.Windows.Forms.ColumnStyle
System.Windows.Forms System.Windows.Forms.SizeType
System.Windows.Forms System.Windows.Forms.DockStyle
System.Drawing System.Drawing.Point
System.Windows.Forms System.Windows.Forms.Padding
System.Windows.Forms System.Windows.Forms.TableLayoutRowStyleCollection
System.Windows.Forms System.Windows.Forms.RowStyle
System.Drawing System.Drawing.Size
System.Drawing System.Drawing.Font
System.Drawing System.Drawing.FontStyle
System.Drawing System.Drawing.GraphicsUnit
System.Windows.Forms System.Windows.Forms.ButtonBase
System.Windows.Forms System.Windows.Forms.ToolStrip
System.Windows.Forms System.Windows.Forms.ToolStripItemCollection
System.Windows.Forms System.Windows.Forms.ToolStripItem
System.Windows.Forms System.Windows.Forms.BorderStyle
System.Windows.Forms System.Windows.Forms.FlatStyle
System.Drawing System.Drawing.ContentAlignment
System.Drawing System.Drawing.SystemColors
System.Drawing System.Drawing.Color
System.Drawing System.Drawing.SizeF
System.Windows.Forms System.Windows.Forms.ContainerControl
System.Windows.Forms System.Windows.Forms.AutoScaleMode
System.Windows.Forms System.Windows.Forms.FormStartPosition
System.Windows.Forms System.Windows.Forms.FormClosedEventHandler
System.Windows.Forms System.Windows.Forms.KeyEventHandler
System System.ComponentModel.Component
System.Windows.Forms System.Windows.Forms.Cursors
System.Windows.Forms System.Windows.Forms.Cursor
mscorlib System.IO.FileStream
System.Windows.Forms System.Windows.Forms.RadioButton
System.Windows.Forms System.Windows.Forms.GroupBox
System.Windows.Forms System.Windows.Forms.PictureBox
System.Windows.Forms System.Windows.Forms.OpenFileDialog
System.Windows.Forms System.Windows.Forms.TrackBar
System.Windows.Forms System.Windows.Forms.PictureBoxSizeMode
mscorlib System.IO.FileMode
mscorlib System.IO.Stream
System.Windows.Forms System.Windows.Forms.CommonDialog
System.Windows.Forms System.Windows.Forms.FileDialog
mscorlib System.IO.DirectoryInfo
System.Drawing System.Drawing.Graphics
System.Drawing System.Drawing.Rectangle
mscorlib System.IO.FileSystemInfo
System.Drawing System.Drawing.Imaging.ImageFormat
System System.ComponentModel.ISupportInitialize
System.Windows.Forms System.Windows.Forms.AnchorStyles
System.Drawing System.Drawing.FontFamily
mscorlib System.Comparison`1
mscorlib System.Runtime.CompilerServices.CompilerGeneratedAttribute
mscorlib System.Diagnostics.DebuggerBrowsableAttribute
mscorlib System.Diagnostics.DebuggerBrowsableState
System.Windows.Forms System.Windows.Forms.TextBox
mscorlib System.Math
mscorlib System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
mscorlib System.Runtime.Serialization.SerializationException
mscorlib System.IO.File
System.Drawing System.Drawing.Brushes
System.Drawing System.Drawing.Brush
System.Windows.Forms System.Windows.Forms.PaintEventArgs
System System.ComponentModel.Container
System.Windows.Forms System.Windows.Forms.PaintEventHandler
System.Windows.Forms System.Windows.Forms.FormBorderStyle
System.Windows.Forms System.Windows.Forms.TextBoxBase
mscorlib System.Reflection.Assembly
mscorlib System.Type
mscorlib System.Array
mscorlib System.AppDomain
Microsoft.VisualBasic Microsoft.VisualBasic.CompilerServices.LateBinding
mscorlib System.Reflection.MethodInfo
System System.IO.Compression.GZipStream
mscorlib System.IO.MemoryStream
System System.IO.Compression.CompressionMode
mscorlib System.Byte
mscorlib System.STAThreadAttribute
mscorlib System.NotImplementedException
mscorlib System.Resources.ResourceManager
mscorlib System.Globalization.CultureInfo
mscorlib System.RuntimeTypeHandle
System System.ComponentModel.EditorBrowsableAttribute
System System.ComponentModel.EditorBrowsableState
System System.CodeDom.Compiler.GeneratedCodeAttribute
mscorlib System.Diagnostics.DebuggerNonUserCodeAttribute
System System.Configuration.ApplicationSettingsBase
System System.Configuration.SettingsBase
mscorlib System.Runtime.CompilerServices.CompilationRelaxationsAttribute
mscorlib System.Runtime.CompilerServices.RuntimeCompatibilityAttribute
mscorlib System.Diagnostics.DebuggableAttribute
mscorlib System.Diagnostics.DebuggableAttribute/DebuggingModes
mscorlib System.Reflection.AssemblyTitleAttribute
mscorlib System.Reflection.AssemblyDescriptionAttribute
mscorlib System.Reflection.AssemblyConfigurationAttribute
mscorlib System.Reflection.AssemblyCompanyAttribute
mscorlib System.Reflection.AssemblyProductAttribute
mscorlib System.Reflection.AssemblyCopyrightAttribute
mscorlib System.Reflection.AssemblyTrademarkAttribute
mscorlib System.Runtime.InteropServices.ComVisibleAttribute
mscorlib System.Runtime.InteropServices.GuidAttribute
mscorlib System.Reflection.AssemblyFileVersionAttribute
mscorlib System.Runtime.Versioning.TargetFrameworkAttribute

!This program cannot be run in DOS mode.
.text
`.rsrc
@.reloc
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
hSystem.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPADb
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
IDATx^
O.CGI0xL
vIag|
9G9%nCx
+T<9N
Gxv69
\Q5a\Z
g$1:M|]W
+z/KeS
BM9{3
$<S#p
rUk/U
jjAkW
[ILZ8
M(bQ|
"+M}X
)- ,e;}vh
/atul
u*}Z)W
Gpgd(
YGn%h"
S9rr3a~s
hd[>#
_eYvt
dDp&F[
`"*.ix
?C7v7
Y'i":w
uS=93
9xb,'
Q01!k
+diiQ
'Uqq{)
fnVl`
b\^-
snC4S
TT3lb
8^hB$&
L0\+(
Zv,(ff
y$&.^|
lpyBJA3v
pSy#p
u6uk&R
&0lu8
2!n7N
L'h_,
wk6YF6
n;%l4
E&l0W
xo$:%9
!_c>Q
3mi9<
7#Sp}
c9KB|m
H):2iTU
xv<Fgq3
<<Nx_{
;z':X
Oc>Oq&
+q&\r
~"pW7
fW1|j.~'W
s",oP
lu>7]
u_>z/
YAO"|JSE
6Fp}R
\Gdm%
|jE,a9#
FUm'"
V]j$q|
WC!p9
4Jxj0
2w9/ff
+CQ}n
#?>KR5e
7f0H}*_
yj2_7
]~|m^
1CUPc
p ac4g
BH6L {
f Q!6t
mlo}aQ
35g='
dNz5-
CQ+ja
Wi9d}>M
/{['P0
gQS)(
3iN'+G
O^Eno
E$uU!
I5ZFJb
5v` _
jSdy?
7{x+
Q~{X0m
O:%1.
=8rs>
yrf%?.
Nrgyb
|b6E6
nBpI/
jtElI
tDR.s
G;tvw
e{&^.
u'%~C
4TJKi(
0n,FC
Hs^NpY3
V$Z=9y
>Bj]'
j5P>_
?\4HA
,ow%pG9
ck#Y\4
lKzm)
p>f83
|y,Pu
@Sj7m"
X|Y.I
p`*3;o!g
g>P?f3}
tsO`^Q
vz_hh
?+P/-d
[s7"r
};cZW
aTUtX
<N}?(
@:7|d
9S^Rb
xuLFK
d>~.eg
%"zO1oI
o8p`U'
}3Nqo
^W^~8
I1.$G
]dn2b
q/e+V
Rz,;k
K&r^0
E4i3;N7
)`Gp,;.
^F$q-^
lG;7c
NmvcCM
ZG|b^2
^<W~A
,7BO0
}V'*J
ngef&/
$.sW1
6f|_AR
k<~WE
7G`U=\
QkBo7
wg =~G
h~Z%P
"&9F >
HwMFMk>g&
p%aO+U
uhhRBi
~cFc,
|O0c2;
GV>ey
!V7|!
^>FFc8]
Zy6m3
yoNWS
(GG^eK
Kw3MK
QT^Uc
>N%hQ+
7*bHV
KkXXp
w5#0P>
jm4="2
~JxV=M
k.#>f<lR
"eP8=#
]yrp9
^*DlG
jd6>b
Tq~v>
%in__
$*3ZK
2Jq"#
x5Lcwm(Q
X(0E8
#}C.0
z1.x&
4Sw\f
VH>0Ad
$Je{-
f3ph.
Bqt<B
`{ao_B
sa5eC=P>YL
Hhx!9
JuR+!Y
.i[w 9|4
mX|SM
L,fb,|
9v(Ge
n|"{}
9w9S%{
V\ZiF
Fnk;Jr
n18g6
gCVS4E
e+7rr(
<Z].x
:j8Jf
YokE]B?
"h`"asO
'c=u$
[e*o^I
x)z^`Y
fbgFb
'JxsV
~Gh]<
l,)Fv
r2>~&
jE-e#V
4k2A7
z9S4f0w
Xv6[c{
w7(Uu!*k3N3
Y,GS`2#
&e'YS
T&pQ)'
Spqpe
\BDz#
vH Qu%,
2iCy:-
Y|W|B
.e{r5~)
N"0j&
X9Jp\
Y_:|C
3Mj)B
]@vC;?#
E)[2'
&pqV!
'x_>-
S]R=v
OtD_c
@-%l9
I.PGi_4S
p=h/k
V96(upz
>3bNr>
HJN#_
hGiq^
FNdjd
KExj1
*Mw|:/
w1,[F
$;Rnl
/+k&>J
]'H+P
*Pk}O
(cxL7
<|QHd['a
4&i.&aR
hHyu3
xeeQ|
?v$M9
.{uz$5
)<B_I
b;u8o
`d4.p
[4204
gu }N
u57%nq
]|P_;
X~Y(cT
W0ij6
V8G6b
'>UN$,/
%^p?q'
#jRGp
oo6Uzaz
ro`Ce8!
k BfbHZI
8Swv
wNS}Q
|,RV_
>aFU?
Dxode
{-"6}
'Yu?c
Kf)."
Si"!c
lvh,g~
>2we5r
iOUgKj9i
bEz!yBQ
OhP'g
'6cWPo
/C>]@
/6|A?9
n:a&?
26'Oe
W'6hZpfw
J*Wbo9
{4LH)tGY
zO7rk
{F8Qn
gU$:=o9
R_59m^
Z%yq=
fe{zZ4
[>\<D
e*HJ}
1:m&e
X-n$H
B.y$7
P/.Ju
]wPiz
L30=q
`J{^
ROZr3>
ft5zp8
Lm*=E
g\fhn
JS.UE"
/C{yR
"L651
bv_rzO`
qBHm.
K(RFI
:a6y/
y5/^&p
j.G.C
&d}EZ
jCpO;
(!Df,V
#&{*qEk
GH|(Q
T6]"aQ
w7!su<e
TE^k$7vG2
]Jxb6
tsmQ<3;
Hoc(v
g6U&s0
.Pfvl
?g){>
W~.o`^
0Fx>/
Wua?2
gn!In
.,@V+M
CHV4[R;x
;:9j4
Ct0=w
aW) ?
].X$=Y
x0Xs>
TJD\q/
/;Su"
W^moc
F}ypX
2Ws,=
F>&&Q
\c*q3
X+FKK
SaKb>
S?a;A
BPHe7P
%PfAP
X6{=&
>_jonc
]:RD~\
.[&/pg
#|{,J
f=*"^
2Pa1s
wlD,k
bV*Aj
OiK=I
$r/g,
-Ffa&~c
OCtvI
!DjK2
fypsA
N/!DL
`02~1f
`A"o>
5CZv"
o)a5o4s
XS1Bb
,-v14J<ctZ
5k*;6
(:Bg0
Z#I:G6P5l
h6(DE
)/J9'
j|W=`
@l?gt-
'=m#A
jQSr:
7,,*P
O1'mo0GR
C)T-Ns;
<%EIi
5bgn`
h,+cLS
*/-fP
!23'"
*_W<e
L4U&F
~#N/=
MyuG0
qQj)G|~b
(v?3Ebq
jWy)h
Fo0S)
gMdZu
Dbi;_
%4}pF
=T7OC
e(Yjb
_svO_
xWF`P
nB,.7
1f8aA
h_lFD
.fwu2
9_H[j
skn3t
~{'nkm
HDU>"
d/?"s
50*o-S
,!mwY
ti62Xz(
Ok+/Sw
f4TbH*?
l)A;oC
a__}b
Y <s"3
Y{yw\
T?k#sg727;9Z
!)>'X1
eOp_2
NJ4<U
;,n;=
>R>M#(
&om1_
;*xqy9]
4PP>i,
dnO%OV
I*ERHJS
Y @cK%
*1ym\
Y;*3?
"N|7a
z\T.`x
EqfZ.6
Cug90`
]iC][
&z)?x{[
_tF~g
dykqIS
j+Nl<
o6e#:
s2WCv
G/$NW
:W*p
MP4YC
!tj!^A
.:OHc
l5%&Z
QM&}sD
C#iv~neR
Zt<;^
-atsM)::
ihilg
Q<@eN(
A;z0K
[n<|N
'g/bS
l7uq^a>
T{Pno
gPB9N
+Y`c{
S?6<[
6sbEf*&
j1QIc
Tc|6I}
w8~Hf]
>r3MO
ukhIzO
PnaVa
3nEYp
@Y|&#
gwR&c
,sr'b
xb"F]
o>.7D5
UtTOsT!
K$lka
?qsR'^
,ad^V
HrAc$)-Kq
w-t]Og
`1<n2-k2
#YZ?F
ZKJ'/
'fY1h
p0f&s
`IdB>3
DVm`b
6_a{D)
NoY\f
OP{q(
yhz=%
e,)1I
4qMo(a
TNnr#_
[(h~A
7M7`.
ei4nj#
dIn'~
Bqx.*
;y8v3v
"ct4o
AFg&];
g#Env
C-_0]
'&M^Kg
L&>j3
$+X0V
+?N]U
O4)kc
%j$5f
E?w-S
a7s>&qUS
dtcpb
fu$gw
Ug928
0Dn<Y
toV"!:
:TMN2rc
`.{Uj
G]"L!
b+ebf
0'qJ"
m='ll
vJP"s
SC^Mm#
_ Nw.
U{"1Y'
.XNDk
iQRr/Rj
^wTZ7
]Ktv_
:g$aS
C[-y)}
[m/c_K
RRh.MhR*
u4,Q&
"E2-2)
A4?;G
G,E|}.z
$hc<v[g
Q\X^J(5
uRRl>
NlrfR"
WN#~r
#ywv,
W2)l#
'#Yn$Lp`3
gK3,~
ULa\J
;xp}5
0O)"u
C"g):j
Y2a2J
Tl\x{
E.>,Rr
7AgE1
mg8s<
k*;]*i
({lEWK&
K[B(KL
Qlt2G:V
T^6'pdY
vD^Hgv
d{J*W
rN*.dm
ueHF$
dKU8Z;
D>#!:
!n#g,
S:olb
^R,%bc
k6aXX
9gO3E
w`^+8
Hu2bIW
~L$Dc>
xqe$7t
?m;Ky
k"fo&"
MMY~:
{(WZE
~lg]K=
;crm)
Oj<11
q%No#
6/D0_
l*OAf
^$OZn2/s
sZT~zK
a_'vF7
oSHXUE
)m+?rVz
R>YFR
dgO!bs)
'K4C[
*\FMe
74'Fq
Mu7#F,d
q>X^d
kbto7
^#9c(
_GTK"A
'gBoEqj
'rrB8p
`xq?f
^Q.+?'S
mz<m|
fr0o>n{-X
snj#)
60>c5b
n:_Laca a
R>i*f
Sp8[Ow
w<3g4b
#YZkH
o([eT
kb~^?
tci2HB
CtU(9y
CP7'v
!oMRv
q*Z?#
EdgH1
+4zor
u^c$g
?t9Wq
//UtM
#L&0h
`Hmk>W2d
iKdIt
y+)0:
MI'`a
.3MP}C
!HnmfFn
{fmNf
WvR%>
b71 c
uRTHx
p:<oPc
3g.ZKf
zs/fIY#
GOh8j
3^h~"8
s{y+k
s(}^U
UWPp[
QX,x^
.vh4Pt`!fE
v63\c
'&sEm
E0h\1I
('kF||
aDT5u
grxl,
v1sf~8
{<y+Bx
nH;7s
MF+gq
Kal"r
*fa^'
S5C8"2
c4IG
/_vRk8
0Y.{y
t`ZE#~
ufO\#u!
Mc,7^&0
?Obz5
~Lt("a
~fLva
=ndZ(p
0#z06
GP7{!5
1Fh6C
}Xj%0
rbd)N
U_x0Q
OMEBs:
k4'wJ
!bi8F
q&T'0
_+io8
g:1'+
sL=]O
aeFUf
gCy;3
)g.?/e
196Q`
MWqXp
eLXs9>
<pm+CV\
1s>Ys
q~)Jb.\
%1,8>
l ySo
gh|-`
^Ux1F
'iBCQT<.p
7nl0aI
aH`:G
LH_i$
]2o5#
94a%V
a?w.E
Goc0c
SL|g3n
:cFKh
8}1Odk
grd>Q
j1f~8=
$F0}F
I7Gb#^
.\<^I
,yw^P
AFTH]
|tDUx
oI*l%
T(c:x
m B (
)1$b
E6T-x
BC`17
l'wS&
HC\+u
0UASv
1^+iHlG'
KuC;_-Rx~
OFf+[
j$Vh6
7c9q8riK
BEv4D
8c(s,-
$;>U:
nI>|N
3+Y[$C
csW.|
)6yB}
jDW51XN
7]Yt[Tp
{)Foq
,tZk"
H?";_
8'>h1~
{vp/.
]#;1N{
m Vx/
L3,#+
qm~,q
'qRs3
-zt=7 z
i~"At
Z4KTiV8'8/
BOo6%
Y0&by\
.(IDAT
oW2:e
c3~#_
jhPxC
sR<Q0
/7&"y
y43>y
]Ey2*
1jg?F
3k{.M
vr}70
]-2.Od
:kQ/hzU
nS9We
%='?c
a$bAES
Jc8b2
esoV8z
#h8#B
4oe_U
/{j:P8j
fdP:k
[g1tQ<
x\~Ws
(}a\r
!G;l_
L^_.bi
awS)<
Lt#!c
V1}Y6
M<z}a
%\0sO
!PPF\+*
@6_=H
Kqa)J
h%<%s
wsy0`
`4yw\
c~j!e{
+E)7,ar
x~%Yl
.51&Kg
if5x"
>EpL0
c\!LR
5Zi3P
P=b3n
0kN-^-
BDt qy
2v'I6
F3Zf5[
d^$Hcy
8]BNn
z4EES
y/G*o>
cd>>!w
cP.PU
[it.'
==AAAEgUA0Ar26yD/7zH/75jlH7udfC+HD41z/Fg+n3r/vbz/OST0pGsYF8reNWv4/orMyWpT7rGpRZ/0MW/+YkEZiqWzkyqJ3HtPzr43cJeNzFUvqwlrz4Raw/a3n6a8lD492fGZmJHc0UMv1of18//DrbYp8f6ri/10PL5G97FLpCYeQjVoC83CaO1n3L6tg/173nGEXD/hWZaMqnI+WT+5kvp4ct46DL9n2wYbbpr8op/aWiP49v97YwaLPbvDHUdnc/eM7XN7r9wDN7rJf+XD25f9k/1of+Xz78vn58v735fdxP8KE74p8fGKv3+p965Mg58M3uxtpxa/jbrfn3H8sI13qNn/iOLaT44TPwvnDN7L0qPfvfHbG3TS/hfk+4Yj8ZT+NEnlm/1p/rnBVaYab5zS71lp8StJ1C+dn/4Uq8c5noR/d1Ijq0M5zA5f244/rMXoieSF4/h/+5m/h8bOTwv8/35f5v/49e0f+3o+4vgx/a5x/a2bT/VN+3T/d698biUP9O97rN/XcOp2ixFj/Vz+to/3/f/2k/4fKidzO4n72Upd87vRvZ8va+v+Yje/ADlno/LdX+/B6/q6/V5+tM/+u1fS/3A//n//z9fT2/aw/G2/NV/e36+/ep+qt9E5/Q4/Pvxr+i37/s5/ts41/bz/tD80/e0/26/tfz9fv/fHbv+/yzFgnfQ/af/Xy/PN/rZ//U0/d1yy/m/8/Tj/P7+X3+3l7/U6/r/fn8/o8p0+fk+3b/PrWF/74fdvn8fD2/X8/ly/V9HPg/PR+/p+nTf/Yy9+nENf/6BG7/Wx3HGx+f8H/XX47zP7kPP/sqf3tzi963Z9HzPr7/V8/Z+x/T0/bY/XC/ff+3A8/Z6/2+fPmq/r2P2fKu1/d0E1znuvS9f74/+0/d9/tH/vr9w5/6+69/oVtL9vF/fz5/m8/j//Nh//A/P5H/HZ/fu8z1Pw/fu//z+u93e9ve+fB9fH8/N1/f9D8/7a/6o+tk+/s9v7GO/PE/bo/3ez/Vr/Xf+vu+Pa7fn7ff//Rp/9k/Ds/7n/95/3k//DTO/Pe/vv+/b3/n8/vt+fo/vL2/FgrvfPR+8f4+6/Mrf1h/13/Vj+Vr/3I/vR8/bI6/tB/re9vx866U/0nT/t93vZONDnZ444t93N/X79fd//u8p+l83XA/XHDPS0+m3i/98+df7+31H2x/Xm+lP1t3Xz/P8/vW+/M+fL+3dO9/Dw/T+3/3qn/1++9Eo/bbH5/V4/rt/PLO/bu/vvme/ddz7/9jh+Pd/3w//S+/9By/93/X4/XU+/F//S6vzP6///33G5/uy/1R/3t/rt/ve8/u5+vj+v//Xa3Y+/m/3Sy/6373Ds/90Y7/79/o6//n8/s//v7uR+D9bn/7hzm4Qu8/tt/fE+/K/faN/fX+fe//+6zzv/z7r1T/vhwvXN8/N4/r0/XT+6c76/P6F9/R9V9Xp8/7w7/w//9S//P+/ln/Li/nR9/s8fm/en/d0+/T/Ph+vD3+fp9/jl/3Jbt//M//yzr7PPNW/Xn/Pkvr8fxc//G/fu/f2//Z//q9/L5vH1p/j5/d3+dN//dOf/s5/L6/Pfrf3PT/vTw/D4/z3/d1X9/+6fDo/9i/Px/n6+vM+fY+/Tf+/nzfHbE/f/I7jI7/i6/P8/99//ife/cc9/+cM83VVva//f4/P6/12/Xt/f2/fu/7pTV/b9/f5//F+fj8/Hh/PrH/vr/7x//c8/V+/r+/Vq/Xr/vI+/i/Pt+3TW9vX30f3b+/vvi/7y/nm/vw9vTN/PB9/e6/t5/+6/Xw/3Re2b/nB+vb8fVfyC/3n9fG9fR9/vl0/bS/fHt/7m//A//X//7t/vZ/PTX+fbgPq/wq/3y//s7/nm/bV83+nt8/Pjg/nrz3Vm/XT8/G+/5v/Xg/ft/t0u+e9/R+/d6/Tm//02/V3nX6nAizz/h019/97+/O5yO7xPHjqwtW+iJ7LL3yPVl0//aX2ZZ+9hf6vU8reOeKz0DHkN+3LG4/G//PQffY6N2YGn+zJG6vH/gw+XD+8f9Nk6xvH/QRv/90jBf37f1/xgfx7f1/jGf37f17xhvz9v69xivz9v6+xgvz9v6c8x3++XHOjfge7/fz6/D83T73Mg2A+//1XT/Xhk5JLnXcR+yD3wlJun+G29fD9fk8/rV8tv/19/Vj/mEy60DwY1DwY5z/2zFQL7fN44BGdL4X943bk+d94f9vgP+lkLn/Hr/1jRvJ+8l6vfE5Nv/1hWOmf17fM4bU/r3fuvuNTH+ay5/a5U4xvvFs/B8bghU/+fsP4/H4v9wOrJY1O1//1//FsZm682+9thtxjJr7sv4FxmxiFTul+8s3gPKRhD2loanWP6FP+n1c+QAkEV8W9nG38Q4QyU0W/+cHIa9980jB6f9s2ex72rJD8HKl+8Z93TXOSOv+fvGJhGs19ih32FdhFfCfyo99zlzssK+yro3U/eTV/j93TbG5gty/e2FR13iP/1Ecj/aQ1iusFBSKMj922ybJz2+zRBfCFZz2i/pCpFv+6FP/E+B0uPm528znysby3Db+N+Z1/BrtVFt4TauHwN+7HMj8vyE9vW6iL/mZctRR1VNqfPpb2jJ2UVy33j6+1n+Sn1dNTbNPRhoQ9r+6PPQutvVeqdhfa7SXPkBlLeMRN6nzrTDd94fz8fN4f1ov1kdN92HXesFcB9jPvvFtTO4p7kez5qvw+OV4qppb6z/nJgpersuZqO770Fd5+xT33LG16wn8m2P4r0Hwj/j/RAdD4ffIqlvi2XdN92Lnf7t93ER+uxHixujv4Yem/EfxX96XSwQEG/fx6xw/1qHJI/pJ/bY/hEt+7Xs2vKe6qoNu6cTmXqOL6RrRx23vHvzsi3MIan/nf5i+Aay/G3HWBLbwva8vlit+ryIv/8q5ry72vvX88/55o7oj+/5HLeW0svsf8v9l6LnDfK38O/hSkD9nNy28G5j/Fu+11ljftf3MofPbSVKW1n2g/8Kb57zRQi+vftsh++9PVYz/a8fUk+ghMsz0XD+q3LO7/ic97wD6DrfGEX//3//nz5m1l6zv2T+1qisxl+1tddIix7vThcHn5/6UiNkf9/mf4nhO2dfD47dbmgkd+3C+Wf+mfr9O/G+rW9v2//5o748/pf9r4v9e447n/v9+o/33HfeQt8ft/43jN1y/1j/1nbqJ/3f6ozHd+ozP9+1047j/1wDdC/fE+fO+Xw6/Q7/w59+R4Xj+P7ifD/7rB/6Z/f8R/WcO6tpvPK+78l30L63kfwC8bA//6Ffz5bLOw9sUeLu4z38a+azcV79a1ounQP8fd57/mfF7//jR0PyYbV/qz/q//vFwfMqdz88LAfvLoLQUZ/i/Cva9cNG/P2G4Gx/qx/6fm1kf6/iv+Ae98f3of1y/1r/10SdQ8Jdf0HGwEbCvfvfaMCuwLm+tNGC4hZ97G8vm/OlxrGxQD76MuE3fNPmaLRwIdprj63guT+B4//lkR/WW36/YhpfC+Xb+sp/8/OhnazcO0fZepfvHh33fD7MtV1XxHRrFMqFn/MkFXdoMf/K/dj/Vj+dM9/1ofO/+S4dN9xT/5L+/O+dNgfVzNl/m1w2wfs8iSj91sN+HyXL+4ft+fnyza9H3rZfB0e3o+Xsf+MmO9Uvm/8tW9G97NN6HrrZvR/aZN+z7a8P2Xb2kTj9l21s/d0Ho4z8f/58v+jxsYT9/0/9v/L+3/0X5//D6j/3fB/neJDuL+sDx+J9+v9i/flo/v2/Nn/35+PR+3W6/Jx/dn/9aJ/vT8/Z//t1f73Rfe+cy4/q6/bnfOPf/PpnvPnR/npP+/j4/ju/Xv+1vAPn/Biv+3l2d6GpPvyntyV0IwWK7DFXpkqt8zrSLLK0xVO9rLY6dbWzUXtd7Hel0ik/lxto1fsU9JIa1nyePZv7uzu/Onf889nvXntewXHGepcUbazO+FWqyu6Md/1+8/Qv+/+D53vvxZvv3xPsufH4Pcfg/pjv8zry6Cfttz8+xNiUsteZ7dv/xwB7c+7v3wun+/9+zugAfe243X2UfT6z/r/xUWJt+lS7oV1d7Xykt/1dNb6mc6G9/g8+Hb8XbR34FZ+TJZFfZVpppLUqn8N7ZVt3fjm7puVfTl+FDfa7mv++l/Z+zzSvG8/M+/zw/LxzoRfn/fXspf3l/943+vz7368/68/mO/fM/vL/rt9fe9fU94/dW1/NZ/f0/Pa6/q9/R7/8sf70/Xv/t6+/Sy8/hi/vY//Yd+c/T9fc+f78/W9n3Ll/7z/9R/+8yzy/9w/a9/vv83/1x/vw8/7l/XT/3T5fr+9jbedfT//H8frw/nL6PfbS/vn/n+8fh+79O+/dB3+fG+5+d68fW8fx9/vYq/XE+PN+/a6v9d0/b/F/nu8/E/z9e66/e3/PC/by/bH//g+fi8/E9v51/ex/j7/lV/nZ/vH/3M3/Dx9/s9f0+/l2+Hn6/3nbq/Nl/zq/7eL4/G0/fzs/7VbN/fj/7xFy/H2/tn/f1+4U/XH/vP/vW/vFs6y/1vt7/Xb5/XM7/P5/R7/As/rr/nu//g633bp/nzdl/dl/jh//w/fX+fznc/HH/3Bj+///Xr/fr+/20/72vvzx/Lo/z8w/rr+/iT8ve+/N+/a1/R0z37N/bZ6fn47fN/6/T9/f6+Pq+PS+/B0/28/dtivMK//A/f16/i4fX/f7+/X0/1j/Ho/Po/f2+vM//4+n9N/z3p+/X0/a9/PGPZ4/nn+fG8ft41/1h/fdZ+/u+/vveR6/P5w/rx99/tp/Nv+f/tdj/X3/37RX/n2//pur+/i+/E7/x4/g8/Dh/74v+v7S/fV6/zw7/v4/p++f2/z6/Dx/9w/+a/e8a7/eZN//K+f3+/1l/376/t673XNz/vB0/fy/30/vN/y/rR971q8s6C8/m8+B/fZ1vn/+56/2X/H1/XW/vF/fC9ff8/n0/55/R+F/3O9jxty7XP8/04/MofO55/OT+3O+/u7/B+/Mpfs+1D5/5qnW9/XZ/x+vj//j+/x+/L/1qj/3w+/S+vP6/33z8fbbD/P9/v14/r2/B3/F6/s9sy/3P/XO/3b+X/5/7W9/ze+/X9v3+9ftcZ97576//a6/7dZ/nj9/r9fm8p/fo899+7/1q+///Pw7/D9/6307/iz/V+5j2/a+/o4f98/R8/92fr/IL/7t/X5HD/bD/nh/bp4//4/ou/rW/n2/3x8fz8p5vb/dhx8fF9fy//+5vHK77Xjb8va0/aw/W4/GC/HIPevRf89tTOoXj+w8/4/Wu/XPvf98pm//X/f9+/H8/fl/nx/f5/f/F/Hj//G/f7+fp5/c8/Lv/vL5/3t/X59/dg8f5+fXsfL+/9k/r3//rov1/Pruo/vZ/no8L+X7/vr/3S8/v+fPs/z1/1w/ji/35r1r+67fH6/X5/ng/9//t0+7+u//y+/NZ497x91/94db9/P1D+/cC4/vz5/ss/Lo/Lp/92M/3x/z1fq/Nz+P2+f2/3TP/f7o/zi/3y4/H4/fF//u//PS/dfL5/L3/jsXt/99Fw/Nw/Y+q//u+fP8/Ps/fr3/R2I+/g//9F9/U637/7r/3Y4/t6ff9/3m/33Bu/LN/rJ/vV875U5/D5/2Oq/f33/Ok/eNj+ff/ffI+/z0/B//bxz7/J+/t4fPr/ow7L0/bv/f16/v+n+f7/fB7/9x/r4b9/7tOff84r/dvt71/j4/9z+/A+/2K//o+v67/c//H//Lu/nu/vzf5+/fXx/doW8/B+z9e9h/Ts//8b0z+/x//y77zj6/9s/3t/PS+fP/Xb+fL95/H8fL9/XJ/HY/fjEX3/3o/bU/v9//m/fnvfrvP+UWY+vt+fF+/Y+/9C/fc+/9Wl//x+f3/3D//D+/C7/o+/LB/P//bl7/J9/Y4/L5/rkz/Ozz7j7//wy//jV9vX3Y/fbSM/nV/HxT6/r1fvu/E5/fY/fXJ/ntvvrg/z9/Xz/P5/vgP55z9X3dxjb/XT3a/3Du8/x6/OxT2Pw6/94/v4/cq/7x/Xq/354n7ve3sJ3vV//+V/f6e9/d9/ufN//c+b/m8/3fOa/euw8/q90FtfUrQL+Pa+fbxM8fn//gv/Oet9/c2v+/D6/eJp/3n/fwu08/A8vlO8Qmz/D0/t9/rsLl/Dw/js8fP+fO//h5/H3/5+/ZaLvWfcfS/fTj/evZP//8a/79X9pozf7vvfn6/P2v/XU//JM/XU9v38fU/fxy/W2/1kz9/Hq/n7//6n8zjWvj//iy/m6n3bkX/v0/f8//7/vFs6/vZ1/dB//qfcX9X29vN8/V+8i/302/no9ff9/9K9/22/vrv/3k/H2z/34/3V9fm8fU8fPfg+PL/kC/Xd8j1HuXv86/P//16+r0Xlm5XL4/H7+Vv+PvPbl/tx+/yD8/+9/tv/Hr/PLY/XrH4/Pej//c1/19e5b6XD/3zXt/XZ6/u60/5+/ZD/f80q/10u7/T7/fWy1v0/39vv/+Vz/3T/fq/S/dS7/N9+/R9/z2/b9m/PJvq2/dy/XIPb/l7/et+/fc8ffx/nvZxm4/j4f3+fP809+t/+3B/3D6/72bt/vhu6/VY/f74/Hx/nz//FU/XE8/X8p53m+/9+j930/PG/fM/3N//bktl9fR5//q/r2/r7+P2+fxf2y/sH+8g/ff+fz1v3nZPVS988vP9/rw/T5/Z2/1q+3t//Y+f37/59fDv/7qfu/+vfH7/nTGG/f+B9/f8/Hz6f3/7h/vq/fdufP1K+/0f/7n//Ez/L5/XzHz/63/+6/m0/c9z4fv68w//O+77nv3f/fH+3t//P+//Pm/7ijyvo+3R/Pz+v32/p0/T5u/f7/vj//5e9/exLo6jp/ir/jt/Pi/dl+fd+vU//V6/i1/Lz8/Y8fN8/lmvPe119y/nLLJ/X9me8fH8fpy/+1/ex+/7t/tc/44zW1/B6/P29v+/vN2/j5/ZyT7/R/f35/06//A8ft3/+7/hw/P5+fd/fTx/z1/X1r7/5473XxqPv/z/k+3A+fE/3x+/tf/7xf+/Nz/d7I+/z7fN8/mr/t9P3fs+Pa6/dH/Pt/5/PFTf22/z3+1P/PN/X4+ff7/I7z3EzRK+PdL9/5x/z6/v5/+Y/vg/Px//dI6fT58j7fP/fLz/vw/N9/3j+fn/fTOP/PP9fnc6Y//u3/Z2/vfC+/9F7/7p/npffcdW9f48f7N+Pw+/j75ffXvPefpO/49d//tA/eu1+18jb//Z/fh//33/py/jy/VG//J/XF//z8/e+/0/v57/Z//uz//Z8/uuftw/r6/ds9fv6Dy+/P3/Wxz3Z0z33pX/Pxm/9s/7I+vX+/UK/Hb/bJb/fR+fP93ze6z3W0/b0+98d7/Zy/e8P8f9//cv/KdP7/1Zx/bb/vZ/XzOq/Ty/bj/Fs/ff/vL/Pm//y//k+/2v8fN+f2e++P0/PS7PHPv9vF6/rh/7X9/2m/fs+/I/v97/Pw/3Q6n7n2L/fZ/vJ2x6n6/vzp/P9+/wVXZ1u67zX1/e++9Y+PKOw/fU/28f4+/9/fM+E7n7H773W9/ay9n8//Q+/S7/zdx/f9/zq8+/w8X7P68/V6/93/5L/Pk/r3/X3//E3/Xh/3m/Prx/X777ryPT/fXp/7S/bU7/+0/Zz7/Nj+fr+5U0/X+/j2L3/N7/V9/G5573s7nT3fdB/vq/d+9b+/ys/M9Z9vv/f98/Pw/3Cz773f/bU/3x3xy/byj3vv+3z5/z589304/fK9/j9fm9f+y/G8b33V7/qy/hz/TV7vXY6N9l0/3n/Xh+PTmv9/Pu/v0/7W//W/7+a+fH7/SyFy/rx+f09/eT6/Hr/M/Rr3//O779t8/vq/v98/FvfNqfP3x/vW//z7P7vQ/3b97xmx3LKnpO+++w/vP+fx2/r//9//1f/b1/vP5/ft//u/v7+3H+P77X/+77P2/zhw7/F7/Rn/1f+v++3X/3D7v7/Odq+/c55fNoft8/dsn+7/Mbc/fX/f6M+fO+PY6/T9//Hfr//t/Xe/fE/fN//3P8/v0/L+/F7/fzi7b3fP7Xr6z7dl//m+3R/f/ffw1/b6/vP/fZ/vZ/6/vd/PVvZ/fh7/9tf7v/Dv/Tv+PC+fK/f3X/sw/7h9H97/2p/3R9fX88fuE7H0//5na9//ZJ/b3/bz/r39zxnS6/y8/Z9/uU/HV/PS/XL9/I9flI+44a9fl/6/Ja/vR/nH/7B+6/m3/T7/qV/Xe/Xy6/n4zLWfCP5/LvLU9u+/bE/H1vufhu/PES/fCvf3Rzbx/Xyu/vv+f6/r91oD//VHt//n8E//F/7C/3h93+Vm73Ek1j9/NX//O/XW/X///xL8/r5/XR/dcW/f39vxx/Xx/W6/1m/HQ/7v/rv+D1n3/n9875x//dU//Q/fi8fHXy7vy/ty73Y5/798D330z/Wf//f0mbN5zv/7//b4f+fLfXD//VT6/Zv+vB+vF/fjWl/vEfb/4o/jp/9l/zl/3Q/Pr+fL7/tX/7B3333jm/fTvyd8j/3x/t8+f3/fb+fLs/3U//bfuL8fvufrh/P63r3+P7+Pq/PF6/M9/5+/dq/X9/Hk/7m/x8D1/Wz/aV/PF8vbHG/ddJ7773++/j8pj/XFv+fe+/u7fN51/Np/fr+PL/gL/rp+f0+fI/fX6v7jt/3fz/nlX+fl+/do9//fTq/79/D0/78c/3S8vx+/J9/7/qfX6/OvF+vn+/t177XDCffvVt1/3L/Hf/n4//R972Zw/V7+tC+3qO2/PG/Pxvfb1/HJ//uHPbc//x+7++9/dmH//y/v3+vx3/hxXHZ/mA/vD/PZ/3k7/9XvT3fb3vU/fh//lC/PF/fJ/378/U8/n//h1/bc6/85/I//358+3yP3dedfB//nv/3j/70//2+O7fb+/09/8pfvc+9/ah/n3/bE/3L9vJ9fJv/zu/P0vN+/VF/Xz/PJ7+/3L+/Zw/nF//l2/X1y/s+1+Tx8z/flfY/2/389/xiw/3r/fr7fjo/O+4+fm8/nYX74/m96T3bF/3B6r63a7/0//T5/K9V+/74/E4/3tp/XO/P4/3K9z+W3/q9Z/bn/f9+/lufPf+X+f3+ftag/va9/MV9/sn5/Y8/36/z7/D3/PP+fJ//D63b5f7+g9743/W+//Nz//j/vL/vR9/+3z7zrv2e/O52/dl7/+e/b4Pe/V/vtP8f9u/N8/3x/vz/ffV+fi+/p9/t1H3n1/HJfD/7L//tb79/P9/cvn/5//l//k/f709fO98u+/7ju/Pv+v7/vw9/b1/p2/t1/dB//Ofe/8Fr8sR/v/8fT/vn3f/7ufffnI/Hj/3l9/xxzlv3S9dw+15+Pc+d6h9H6/N3+3k/bft5fj9/f+/LR//1L1/Tq/j2zy/vw9/y/ak/b7/P7efevV94//eK083J9ff9EFl7q0zT0H/8/g5/n9/T0nf7/hr/P/RX+/586b7/2v1+vK+vj6/B4/q9/P8/v+Z+vk997+W5t/7i13/D4/3l+b/C6/T0/1O/XU/n9//xl/5uXN8vTV/PW16Wy89k7/rl//o+657V7/u0//x/v1fw+/yhN//lw/3o/31/34+8fs9fXHv/r2/vpvB/Xg/vf/72+/R+/sc/vb/3x/LVe9u7/e/f93/P7/1+/1e/vV+vLr9/L5/7J2/32/3p+PA+P0+3y7fKfaf+vF/f33U/vd/Ps/fD9fZ8f3u5/1+/fU8/j7vW68zTO7ff93tn30/jqr/vk/38/fK8+vX3PB+Po7/58/86f3u/P5/nujPe3cOZ/P5/vtP//vp+vEtfN6/vy/zgW//Y835P9l/Xo/76V1/V2n3Pt/b8+/n6/18+P4/vD+3V9z7nPuT/vA/n7/bf831J+73p/77PbP//vto/3P8fl0f3b2/XZ/3e8/bJ4f3/91+r7/a1+9i1+/G/3+d6/1F/3HvU/1D/XY/Xt+3l4/K7yX3vtPJ/etr9Z59/71/7Zfypbn/jn/7r/98Zn63P7fn4/v9fPEn/X5/PN0/nvw//p6/rTfv/v5/Xmv/bl//Zz6/Hi/76Lsve30/vz2w/X+p+/1m/X+/bh73p87nLv3t/a93u8/7t+b3ddo/16z6/z3vP7m/T//zq+9g/+uJ8f1/+fM8fZ4fn78h+/fV/3M/P6/fA8/Q/v3/fX4/z8/59/1C//W/nev8/L9/by/32/b1JunPp0eC/7o/vx/bk//u+/k/vN9/z9n7Pjb/e/vN/na/34zfV/kc/Xz/Xv/b16zzny6/A6/q4+94M9/L5/j9/Hn/vvfL+vZ//t0/d5/X6/X1/98hZ+fv/fG87fvc4/RpMM+/4F//nPd+Xw6/w6/A6/Aq/Ph/fs/31+3e/fvbJ+fk8/R/f3s59fW+vRx/j97bH4//4/Odq57z9z/ff8fM8/G//59/R//Kx9v2/v59vh9/lsj/Hi/b1v8vvf4/v6fr/PQ8/hw/7+/f+/f2/nH/3f/bW+v/+vb8fHy/L1n35/dC/vvp+fWt9//T2/FX/rn/PN/7+h/by/PC/fud3/Om9vXfW8D5/1Xs9i9fk+vb+vV8fnYzvw/d5i7/q4/76/vvfvcu/J/fj+zu31rf2Pz+0Lt/Hz63py/P1+/yp8nfv/Gv+v68/J//R2/Dz/dC2/vH+/Yv2/p3/vfP8fd+/Zz/HPj/Pv/99+/6P8/Ty/v3/fH//0+/R8/28/tt/H3/d4/7Rvv/1g/Xk+74rn8M/7y/ec9X49/q+/7/fv2/bj7/zTGvfnz/N0Xvv/4N/vY/P16/J//49ftsfLb/PzU/P+9fHv2+PS3/X3/V1ll/77/jp//wW+fO9/dd+f/YGT8X7/ff8fX8/nSt/7l/37/dv+f/+vR+/PJvfusD////PM//d74+/zz/zm/Nl/f//viv/+88Bc//06/u4/oq/dxx9z/e3/N5/Ha//hb+vV7+d1/p4/tb3E/3U//a0F/rP8/1Fty/by/mw/Z251z2fzuXq6/dB8fj9ox/bp/9mVv/HG//k8/f3m//HV/rl3f5/a/j+/a1/XR/vl3/+83355/Nz/d5y64/e+/e7/t1/7S/XxX/3y//V+v93B6/Zw/V7/dyC97z7x/7kew/x5/ny//1qH9h7/OH/X5/bB/rf//174/q7a/Xm+vu+/O//ne6ZL+n9PuI+2/R6R/X7+fR/vS+/B8/l//Tvjv8/F//Xf9Xy/Xs/Xo/Xk6/Dnur/Lh/fz/vxbq/rm/7xg7/F6T7fH/f4/v18fL8fG1T/PS+v4//B8fn//t9fLW/3R/368zza9/l6/vE/eWyTh/rx+fQ/fLvhNd7rv/7U9fs9f792/ni/XbPf3XPf/4+fj6l//C/H5fxm97197/3Y9f58fd8/m60D9/e5nWd/Z/i9+/Dz/XB/o6/7//dx/fbL8/M51/e+Jx/p9/Xy+ZfH8fn87+/r4/x9/h4/Hrv//Nfp8fF9/eyi8fn6/NJ+/O+fy6/731/nw/b4P/bZ4/04/N5Z+D5fPZ+PO6vy/84y+/b+w9X5q/7Je//r7c/vrX88/u5/vUQ/3m/fC2/28/1y//L2+/El/f4+3z/v7r+3S+/79W//70/P+/dr6/Vu+f64/fv/N6vu/y+/L//y//r//fo/nk/d4j+PV7/r79/38//gc/fY//5/fw/fx5v7r2PPHLve/Pq7/gr/nz/rT/3E+zxT4//Fbxvk/dC8fq9/f0/Xlk/H//3e7/e2/16tw/b6y//olP9vnU8/3vfM89m+/Iv/fds+/Je7/Pv+fI/t+dh/3Y/3P73q1/Ty/u7/fuv84P7Xt/X/+/B/859fJ3/Fz/9x/1e/3b/3YzfX/c2mr/vO/fp7/5p/n5fr/j5/Hs/N7/z8+Ne+Pa/fTj/fxw/v0/b7/lf/d4zR7/G6/nf/f2n/PG/fx/fU+/78O1v39+14//i8fPu9/v6+3eefv+/Hp7/343/T8z3fbF/b5vY6/nzf0zvV/5+/f/x9/968v2+fXU5W+/r1O7+v3+39XWx/Xnfcfq+fXNZ/+so+/p/vs6/P//14f/4fvIv/ry9l0/95/b7z8v3bc/35Z//Xa91il7vjaG3fL+/f97POl7x/D2/n7Na/XeeffF9/BzPmfQ+vnzu/NkPv/Jp/1r/1k/7e716+/2p/va+PG//l9zzz9fre3s+Pu//x5/9m+fa9/TemFEn//F/PtfF+/X1+fr+3LetfO9cL8/R6/W+/Xv/3j/39/5yP+/Z61v3vx/b8/f4+FYytqn/98/3++vN+/z//q//T3XY/b/e7/O7x+1l/3r/PG6/N6ff//tq/Lt/X6X6/r0/zone5/71/bC/PZn9/X5vUfb9fb3+fz6G/7V/P58/R1/Ty9/5/fZf+/x+3f63d5/8+/mq/P1J+PSO+f1a/29h3/Nu/eOn+/W3/f/E2//k/F/7y9/t9vZv2/Pp8/C+fm1//3z+P26/C7/N1/vb//t5/HovvO17/3a/fTm//c/vDT8vO769XyH/Pv/7s9/k+fJ//X5/P9/r0/np/ba/XlXJWfP+fN0/Tp/Xl4/Sy/fc2zG99/Qc/nk/3H/744/51/Vl/b2/Xi2v3PTu/P//rJvY8vn8fTj//q/bb9/VJ8fG+/M+vTx/L5/Xwqn+/nZf/P1/n1/X68fO//Y8fa2P7f44/Hr/vu4sKfOumPOJ7DT//HV/36/nT9fL9k9rl3+/vbw/j7z33J3/H873Td/3z9/65sNfn+L1f1/f/8/xn7/qfnq///t//bxufn+/9m/ti+vD/4+a5/O7f1p/n0v/3a+/q7/Fz/F1/3ivffs9fHaQ/bD/n8/Xq8b9v0/fp//39fP//Oti+fmu/8eF7/uY+/fv/d997/9e8fT8/Z+/nb/v3/F/S/uO/nR/nuz9fx1/98/b9+9oR/31fz/G7/X+N673Di/dz/1t/fXY+P5+Py6/j+j7vOuE8+9V2/eWx/fyq7O+3d3p/n5/36/3st/zqS//bHar/Ni1bJ/3V8/X//Gs/LO/PP5/l6/3j9H9fuuI/fg/fD5/z//61/6Z/PQ/PV/fj+7+y6/X6H+/E8/p88/V0/fJ/fre7HZ1zUuh+/53H9/fn9/1V7Z+fc6/9M/3N+3xBxj3nqX/vW7fM+h1v0vf3v/m/fq/vdnv/Ln/r0/36zHn/3i/7P/727S+vY//06/q4/b6/Dn/fs//4Tesp+PP+3E+fI6Pzf4/PR//z+n0f7ks//61X+fr8/eBFZ99+/t/w/t9/d/Y6/Iv/Nz1L5r39n33Fx/5//dsFtl/js/Pr+/++3Qu9/7M6/qq/Z9o5/3999+W+/50F579d5j29/24/3W/3r++f7//I9/A+/y+/7y/rv/Lw+fq//8+t3/exxn3jo7/vj/Dh/fg/+eZ9/Xd/19X34/v6/5u/zw/jh/ng/PL+u+Xg+7m33yf1/fV/H3ff/kM5c/XF/fG+/X/fx5/twf3XZ/Xq+fm+vX/w+9c2/vt9f6+/Xz2j8/3x6/n1//2+/K/v39s/3t/v9/v2vOu8/l+/H+/9g/jv/z4D0/e//fn/fF/PW/7xm3v37//90rO/Pc/fJ/fL8/r6J/3k6/t8/2i/csL+5tyfjO9vtxvW9te8fL8f5w/bw/F+/7l/vvu6+XD+vO+v27/O7fv4/Np+Pb+Pd/PLeY/W8fX42a0PN//H8/5Tu8w/vHdi+fM/Pb/v9n8/T4/n+w63m7/Cz/e5/ti9fN5fzx/j8/3u//K/a6/D6/35vfi67/uz/fl8LtPP8dI9fZ8fhz/l+/DZY9S8/biTz2vN89Q9fJ+/fsPZ+/y/vb9f0eZ+fvpfNl/3x+/P+/e9/d35X/r+//xJE/3hyeX//vV+v2/fzx/byf0/n7B/72/HJ73o6/f4/t9a//l5//6/PtqfX+/f4P8fN4/D5/z0/baP4vTvfn6fo/98+Pb/vge621/D3/+7/eu/ufV9f//fq+zV4n/t6/zw+56p/h7/fv/Xq//PPvq/L7/Pd//Jz/Z0Lq4/bE/X9697053Tk/r8/fg/3R//p//d+f/4/nJ+/5/3p6/o+j79/l+v90/7q7/hx/x6/vA/fx/3x3vb/K+/rq/bj/bg/vO+fc+3f6387f///9qfs8l/vn9y+fy+vM/vTmS/u3c/P7/fzeW/f/W5/JP/fd22+f37fv+S9fD6uv/3m73Sw337g/9i/Pr/vQd/vpu/o8M7/s6p2D/fv9vdfC9/B8/jZ/nF//a+A934zr7r0/bs4f96f3P9ff9v3Iq/zk/bs/tu+PR/vN/vx7/jmnt//s/Xm/78+/6o19fmt2C+/er/PPvv3K/Pzvq/Xm/Xm/XH9j577/9ix/Xh+P2+vL+vH2/l9/b9/X6+cvr9fm8Bz/187//5nxu/v8h7/Yv/3N8vO0/Ow/z6/G//7m/bF//M8/W++/Tw/Fq/r9/b5P/XI+/Y7/i8+tZ/78X5x/Fp+Py/845i8j7Nm/701/f/Jn/Tk3/fh/71+fsVG6u/3//frTW8f1u/PWo/ecU+6N6fu88x/30/+ch/8871//X+/PP//H+PD7/Sx/19/VH/ee1/3f/3N6fTvzO+v/+3C7/s577p7/p1/d4/vV8/bs/ds/bs/3d//s2/fy+k3+/kfm9f96/zv/X3T2d/vPqfjy/bo3Pff1+8/982pTM/R9Jw/fR4/9F+vS+vrf9/PB/6f/6fI9M4/Oe7Ti8f78/u1n3OfZ+vW8aI8/u/O9b79/Ws+/Zt+3G+fLv0Otq/Pu+v76/R+7tv3O+XH6/rdHPZfnt/Ptm/8+v+yH3rc//G8/xw2H96/9xt8/tuPB/fzq+/d9/7f8G/flf/rLvZ177l4/b4fP/K9fN90v/fv1O9fN/z971Ky/b5z/vg+Xf/PKO9/St/Lg/n3/tt+Xv+Xzf8fRP/vd/P57m/nU/PXV1/nd/7xP/nlH/f9/X1/nzj1/7kV73+7/O8/P+en/3n/1q/3q+3C6/m//a1/Xu/Hn/vZf//vep/9ce/x9Dv+Pf/fE+fv7vrc/r+/v5/fdH//pu+9+O//OufvMd/17+/Of7+/A//HnP3b9u4/n4/P3n/fmK+xe1f53/m4/H3/VP/vJ/fRv/fvV+vKy/H363+7/z9flu+e/m6/NG/9+n8/aU/35/fuf98/K//+z/24/V6/nx/HGffb9/fFvff/v9k8/j9Mz/h1/zpzyvXM7+rFx/d//R8FLM/PO/vFD7/N+vPPH+/ny/v1Tf/e9z/foe+3z/vr39/P+RG8/VlPn/bxD//Vs/ju/7q+vI/fN/fn6PK+cR8/t/fVn/zz/T3VT1Bw/e0/Pn/eWL/4+3Do/37+5429/R8/1q//cf8w/f0/f2q6/+8/z6/n1fO3zv+fZ8/Pdj/PhP//eVz/3h/d65iz/zC971a6z7zq/3RV//V9/1x/bw/vEvfX4/H7/f18/A8/a8/74/7j/3r/v3/PH/vN//W//24/pO/vP/3B//B37n3L8/Tm//i+f2//+/fvws/Ppu/Xp/r1P+//u742/j8+fs//4O+/s8vL6/26r2vKIBgv/Nx+7yy8/Z3/fT/7Y//x/3d63zO6/f5/x2X4/r+97+C+/B//eZ/X0Pc4/16/XZ/ufh/P2+fy2/90/1wL6i/nw/XR//k8/a8+tq/5+t6/L4/uvN/8+t64/r1//8/fu+/T2Pm/49z/VZ/7a/3//nH+35XhHP99Z7fa8+7/Q9/9+PPdtzHg7/P3a+/N7/X3z3va6/Kz/zWr3397/e//de2j//0//o/vG8vXw/tkXA/bZ/3O/b7+/p9fv9fW2/t+/t7/tT/Pltz/P185+t6/1e+X3/vqfM/V/rF8/W9++e85b2317/jsdV/v7d/3n+vO+/27LSw5/x9f1r9/YT/7k/nF7388/S4p/7+63/fRv/fnu9iw/lz/vH+2+B1/f1ib6/by/T8j2r3F/Xr9/2ii/3k6/br9/l5/pp/Li/72/Xry/Lz/vV5/Jp/Tr/vOdnw/dI/ufHz/P9/76PV9vr8/p8/X5/lz/n6/7R/vvZ//8Q9fX8/fmul+fJ8fVcO9/6//Y//fKfjO83a9fg/8d//39z2/dp/vPT/fS/9fW8/W8fmfJ+/U/le//x75fv8/2t/+d/+fV9fnJ9/N3/X0/N0/fCu/P8/Xb+/e+/0/f/9z9b/Fvoljp/P/8vP/zf+v5+v96/dbJ/2+1G+8878fU8vlx/Nk/f3+vK9fNcxt6/57/75/kt/q1z9x/p8/5r/fd34/csfHj//27/e+/D4+f7+vZ9f17vnv8/HjS/PR7fv/fL5/Vu/LN/t/2I+++l9f1p0/vH/vGPd6dL4/m7/jg/O/p/v63/x6/j7/NM/fy9e7/e+Y/3Z3x/XT/7lP/Zu8fu/vl9fz//bZ//bXNqz/v2/H7/f0//nlcr9fh//7w/5+/uz/nz/XO/vO/H5vP/n6//O9/U8/qz/3u/vY//Zw/p9J//BLG+vF//R9/D//a9Z5/Ty9/x8fWsfjj/r1/X5/vq//K+f3dC/PF/fNtH9fp+/u6/B//l1/5Q/T+p8/1y/7o/bK/3er69+fr5/1w/H4P/PzE/P7N6729B3/PV/H0fe/dJ9p7vb//rz//y3+96S7/z+/qM/XH/76//O2/b3+1L/vqv9/73/eu+/ffU3o/bR8fb+/3uD93p3fo/Hp/72+f8/fH8/P6fXf+6/bh/fp/vT+f54ff5f3Pg/eMS/Py+3j7Xr+fD4fn5/tk/tqnv3XB//u7/LC6/dW/Xl/fZ8vX9f7o/Tx/T3y/3a8fd9fW9+/e+/v2/T2/12+x8Tvz3Oy/m7z/34K6/+6/P5H/3D4/N8/haGI91o/58m5D63g+/zbX/H8/PVn3/vQ/3pg7f773t73uS/fRp/P3I/vK+PX/3b6/U6Bcf+cfL5L+3KPLvz+3u+f1/3Sz/98/m/y//9/bbT9/9ts3ufPP7fNm/v19V8/fJ/Xd/75X/PnUr/XX/X5rxMkv/7o/zt+NT++61Vi/L5u/657/j5j/3s/7j9fr/r0v9vH7/50/f9/dFw/Vt/XN/fSy/j3/T2ly/H//tu/fa/vM/3K+/vx/T9H9b+dfu8fNfp6/r7fnv/2f0/d/h/fnZ+9T5+a//B0/z4/7q/fIvf/re/3O/Phb/Px7/T+/n6TWm/bF/ra/vH//1n7/z5/lW/bmfQ/fu8/vs+697x/ff+q4/9r/nmfs8fh1/Py/3Pfb/vV1/GJ1b+fS+vf3/Jx/B+//ltnI+vF3/D+/z46/Ox/b6nfMKpf94y+9B+/F+/b7f97v9Tv/D1+fJ+PN/fV+/N9/7ty/V5pnt75/89/N6p+ff3/7O/PXvf3c/Pr7/07/05/str3P/Pm/bC9vl/fVt8fM8f52/+2/Z+/fm/ft/3D/rG9n1v1v+/c/fr5/pi/j0Np/bq+7kt3f9+d/w939ZxX//q2/2w/vr29vz92+J1/vn7+Pz/3wufd8/Nq/j1+b/g7fb9/N6fL//jv/rs/fh/X//faug9fJft//k8+t0rinPR/fF/f+8fO8f7rj/fd/XNPf/fVz//v+Xd8/ZnU/XR9/ej+97+3iu3o/32HS7/1q/dg/r2/vN/6937X7/C4/H1+vu8/G/vXUs8flp/Lt/r1rZ/rN/r2//O4o7/4//K1/n6/bh/31/f+v/Ps//k2/Hl+vh++eo/799Tir/3v/HChdC9/l/fO84ux/Z1/ml/v38L337Lv/3t//+8fc/v15/m/9y8fl7/Pd3S//Y+vTc/HA/blr/Xq//JH2/nvYC/fR/7W/rB+z5t8H+/n157o/Ns/X3+Px/vj9/6zvOkHX/XL+3V/fj66/71//Vy/nd/74//pLZ/n3/3FL+vS/6dz/3x+/ex6/J9n/3u+z/Zyj3r7/n3+3yGw/N+/NO9fl8vTw/h377q7/dy/Ns/f6fe/Ob13I/f1//5S+/x6fd//gp/9l/r//t4+Pd/3O+/9Orfnt/1t/Di+f8+PS/vE/vdjr/Lv/78X9Ws+r0np2/9z/d9+/G+vWt//vo+/6+V6/5v/5w761/B//R2/fm/Pb/nNfdu//p9/9D6+n/7i/3s7/l+27/+//K9/6D/b+R18/v0/ffv8/l8E/fo+/e+/39/Tz/v7/b6/6A/bT/c/s//P9592+p5/e+2+Vz+30+fB7/Tti/1u/Hu+/s98vh9/MW/au7bA/3hZ1fU99+W7X7b4//x9fi9vl8V/vZ9z+++/WR/ft6+vI/vc7/7+/N7s//5+fG/w9vi/vC/fa+vO2/3w/X6+tq859N3/d1u0/b//vk/fmn/7s/bBz/fa7/5+/i85/T5/WY+98k9/au/Lu/Ng/Hw//D/9+B4/Xu/N9E/fY8/O5/62f3vX1q/v6u/fg+/ay/21/K3/trd9/xy2TXr+/m8/tW/PB/bU/vn+/Oi+/I2/3o/vc/X9yu/vsofvspfD6/zw/7OK7/Fp/ji+fn+fW8fp//uz/Z+3/zyzi/tl/7sbl//9b/fM/vL9vX/89e5+/3+sH+/E6/SzH0fNz/nz/B5+71V5/t2f4/78H9s+7+v2+/j1L3Pj+/G+/07fF5/PmPO+eM/89s//Es6+1W+cfS9ve+fz2/H0/W8/HT/XVvu/0+vRw/nN5/d+/tkDt/7s7nzOvMLTvrfPuf/vG+vGy/G033H633Dsb8fV3/u6/Tyn3pj+38Tw/rd/71W/Ol/+9s+Y/35+f9+/I/fN+PHf67/7i/Pv0/n7/J1/fj//2vdJ7/e+/Z//cp/Pk8OJrPvnM/XV//vH7/Fy/f0w/ti+PY+98L8fv8vnF8f3z/Ns/94x34fXl/Lq/30+3W+/8T15/bnzn3jg/ju+/6R9rxXg/3w+ds/38Wy963tW/bc8vD9+1+byP1/Tx/G2r3dgH/XI/Xc+vu89t9to/9qT5//U7/nj1vPXd/fZHd99t79fU//7Mu/nOvuXX+fy7fv5/dS/ft/vH9+fFufPX3/nV/Pt8Pkvz+/p3vX/Un/ecz+Pevefh+/x2/v933P6+/K6/a9/u9/fp/L2/fe+31ay/h9/as/PW/HJ//e9/S9vD+fnNoq9/l+/X9/T2vv7qfvPRfevju2/Zy55fv5/mc+c/Op+j0X4/tt/3X/Xn+/D79/Pw/zb/7us6vTrb//ZDP6fPfw/75Dv/ti/nEPfxM/b+/ft/rm8fJ5/Wy+vV/Pd+/rPw/W68y5fZp/O3C+n63PZ//ud0vlfU8f2x/zyX2PJ//T9/9//dI/vIu9/K8/etT/3P/Pr3vf91/H+/7sf9/7//1gN/rV+/u8fNr7/d9fLMfWo//W8/J+69e6ffZQd8/f3z2fr6/T4/F6+fD//E5/Tk/njGi//U/efb//6y/3ONZ+b3DH32/PY+ft+vbuPk//D73C7fL6/07/X2/jo/X30/R1/VV/XZ/3JXsj/fX/v/+fbq9/rx/n3/q19fL6/d/fH+fPvd+36/f9+n9PZ9h+z/Xxz73J333b1b/Pb73LHlv9vT/fnQp/X2/10ru/zlvK9z3vzOd9/M+G879Z4/z5F+/95/V8/tT74/1is/f34/bzv/t2/vS+IQbl6fN9/1+fPOd09fp5Q6x/N/Ww/vk+3Rv2L4/Xjbq/7i/nH//w5/04/kq/9x/183fOPr/3Y+fT//C58/+zDn/fn/Tu+vE+vv//Oz/77/a3snel6/l+rv63bnB/vL/HeH8//em/a+G5/98f3D9fx9/Dw/V1/fB+y6/b9/7t+19+f3+3z2K5/b/S93j7Hn/bC//RP11/Hdvsfu/vz8/bk+/q//x6/98ebi+/a/vnL7/LZ/3tfc08/1h+Py/vu3/F3/lg+/M9/VvfPo/3m4/V0/Dp+fq+PJ+vi7/x5/L6/P93/98m+9i+PYv//7Ox/fY/Z9d6t//lo/Dg+v6+3w/vz6nLf/6+9w3/XCv/L6vuvE/3q//LPk+/TuDm+PS/dvh9fU8/X3ofzs/Dn/3iHs9ff2/v3O/vG/vu9v9/vp8fvz/X2x/X2/dx/mm/eZ7t6j9nu+/Lt2vXvwOy/Hm/va/PWzPW32+3baf/vz/8/t3J//4+/w+fmx/N0z37y+/o6zzp7nrfb97ZRf/nv/bF+fJ/fVc2/eFp/3v+/ut//l9fPs9Y8fG+vH/vR0/vw/Z1/2O/e4xR9/SzBz/ze//Bd7/7nq/1i/Ds/z0G8/e8/e2R873PI/fM8/U6/OE/Xiu2/VN/bo/3NX/3zXw/y8d4/Gu/ufZ+fQO/fjo/PZF/X+/3o//W9fU9fa9fFy/uy/+4/6o/7k/bP/bd+/W9f09vV9/bp6/p//d6/O+/Tpvu/n9fXmR/XZ/7Z/rb9/m+Zlew8/9l/n9fkX/Xw7fD4/s4f368+9d28/U+963d++/e+/d0+x0Xjx/7bPp+vU//W1J/vs/Xy3vGfu8Y5/V5/vG/nT/XA//LS7/9lw/G4/+3/dQa87+LKmUX7/R6fL5w8/v4z/ax/f0/XB/H//bu+vu/s93X+/F6wn3nT/7xN5/u6D3/R/pf3+D/PW+f57/JkT9/H7l8r83z7/N7pv1o972F8zv+Q+PVyf3//0/LH/3+h3/T9/3ky/3Wz/x8/r5/vPM/vM+XC6fL63z5//hz5/G5/Yt/PY9vXc/76f9+/2pfHb/3jvM9m/H6+3S+v2+3/63q+/G4/+s/a+y8/XL/c9Rn+Px/PY+PzO8j/94qeb+/r7R/ecV//U/vTz/HI6/D6/Xz9/Y989Lv+/U+3c+Xru+vn6XD8XLvff9fV1/v/2vtfJf/HI/X5/ve8/w8/Gv/8tl+/J+fHF7/HC/b+n/LN/7RLovP/av+/t7s+d8+f8pf99vylcf8g//k+/U7/MN0/lU/ns/nR//y//C//WP74//l9/Xyv2/DrfFJfM+3P63rvX/3tLu8+91U8/P197173z/W+8b8fn8fX2B/HnPffUeI8vu8B9rN932bv76/vUd/S+HP/M4fno+3x7/9773V+n3vz+Z+z872/Pw/HO/HF/fT8fs9vnvf/g/L2/tj+3m+ff+vt+/15fD+9/t++/RT8/I9/l+/fz/j3X3fr2vw9v3+fi8fV4/H8/b8/Nw/ve/Xja2tx/bJ7/m4w/J2+/17//r//7q/1w/7v/9k//O/9+e5/Oc2+5yS6/U5f/6fLz/b+/fJ9r9LR/3S6/l09/15z/7ZZz/c/27/flsfDpP33b/vTu8/v8/l2vdqvV+vm7/i5/j5/vp/v6/Toz/v/y/dw//r/fz+vc+f3+/v57z9V/fD8vX+/Usft7//l/d+/3U5z83t8/E9/L/f9//6133D4/Xu+/o+/q/z/5M/bG/fk/3B++/54/P4v/9u/NB+vzvfz9/bn/Tn+dH+3I+fDqPd/T9/vx/vP1/Pt//m//8d8+/LLr/PZ7/Tfm/38//hnw/py/py/1Q/7EvQ/7+/7q/3T/rz8/Vd57zlq/7R/fO88dH+5/Z+/df57/r1/mW/nSfe3A/3H/fX5/48fN4/fz+/h2/h1/b8+Nz//w4a937XlHk/fp5/b6/b9/be8/S8+x3Hz/Xz+fr+/q+/Lz/7rq/Li3/fFz/B5/u//VM/f+47r6f3+/9E9D5Xej+3o7/V7/i7/H//3k+f5//E8/P7w/Ti+/o6/zenPc+Pm//jnv/1p/nm9pP38s78/2Y/+cS839K++/xh6/X4/tczlk/nk/Ni+PW/Pg/vc6/i4/19/+pfn1/vD+/i3/+1/vt/vf/3j//j+/T/fB9/Dp/Pq/v2LJ/b5n/PU//N9vt9/Vvfdh/vfY9/f9fPXM/XdL/bxD/vJ/7NHAfe89S+s9/4963w+/p4fr//d0/Dx/Xv9/Z+w/7w+7muXL+vB6/z+/R0w/ff7/+7/qu/3tzt+tV+3j/1iJ9b7/7d9/bJby/3RX/7e/f39j5Pg/Lq+/20033bD/b8+/+iiv/1n/3itWvffg/PW//U9/A9/3zVyf2e/Hv/fY//16fTvZr/Dg/PX8vVvl98n9re8fu9/Ut7f3J18vj8+9O9vlN//a7/fWN//u/f/dfe/m/3H/fn//N+/Op/7h//g/309/X4/3m/Q/vz/vr/3FPfx6/W+/X+/a+/L7/u/+rfXg/X6/nit473vZ1W5/n//OW8fo+/B7/Xzy/Xiv/3l/3g+94qh/7ymcH8v7+fxy/Vyn/RDo/P7I/fV/3Z/fJ6/aE/fdW9/Ht8fl8f70/u1/uw/Zq/ng/nZ/3lec7+fEt/O900/f0/flck/fV/+cj+fJe9/exKfvg/P58vXy/n7Xk/vx/Prn6/Nq/fh/3yvr33X/3x+b//znOx8fM/vV8G+fY9/MG//9Xzy//1/VL+fL+vr29vGd3/3G/PT+Xf4/2/fL5E//908D3X1/35h//g+/O6+f9+/0b3L63to9E4/WQ+3O+PM6/C7fn6/M+sgDu6Wz/ts/bu/fX8vB/fF0/dl/3qt/bv+3Y+/Je//sl/ee67fN+U8fh84/Ry/eU5h/t9/v9/vF+fbub/P7/fL+/h4/Q6/2f9DM5P8/96/Za9//h4+/Y8ff4f1k/96/Xy+/SL/c09fm//nf5e1/jl9fR+/E+5fnt/Xw/nTWm/Ppe+3ofw/n6Tl/zqF//3HszewP/P173Y5nz12//kzO/v7lJ/3s/vD/rZNp/rE//e9fH9fk8f72/b+//+/vG+PP+Pf63q7/l5+tO+vM/fnUD/XP/Xz7/X6/a1BDu//Uq/Xi/P1/fC8vu9/8W/7G/XpHK/e+8R5/zq9v13vq/XTn+P9+/rezv3Hs/r8/j0//J8/9R//cs/drPNn13H0/Xc9vB9vlc++f4+f78vXqV/ffvefn+frn9fT1/Dk/75z//zDl/N//ziVeu//luh+Pn+PrOs/vB/+sW8/O/f2y/V8/rh8/M+v1+fV9/H3/m4/F5/vzr/rg/PW5Rf7395w/T8/uPk+vN+78dH8vL+/W+99+9x15/3t//Ow/11/ds/77/PL/Xp+fR955d/3k/3L/rB8/l/5946/us0/v0//s/rxPpNLM0PY//dL6/xl/z9+dK4w73w7/J4y/e6XN5/b4/H4jvOr+bv+fG7/W+/fvXk9/e/vB8f9+/W+7F9/se5V/bP8vz9/586/Vq/Nq//3/98/383j/13+98/Y/TM8/M//GN+//69/e96W7/f5/rs+fS+/Y7/vcc/v8/rl/XR9/e1/f1/+8Y98+14v6PK/Ce9fh9/XN8vL5/3ns+f59V1/WA+fLu+vl/iD//v+9/bA+/o+/dA+f0+OF9/HuX38/s1+n9Xs/Tl/X3/fgs/by/ru/v+/v9//8p//4q/Xi/Pn/rn+/k+3k+3n6Xn7/87/w5/L9x5/MphZYyfJ4/5y/R//Nx/Xw/f7v/3X/7F8f7+f08O1+vjfcftfmvG//q9899x/1U/e9D+f9ffPZ8vnp8/1y/Hte8fd8PPfF9fu//72NR+Pg/fr6Hzf5y3Sz/D8/V1Xmty/f4l+1o/vH/vp+/Lq/Xj977To/3U+/d0/tx/37Pb7/K4/P9fOfn+f48/zw/zFT6/HmfPnw/fWr/Xu/nk9fk+/ldNPV8f29r+v68/76PH3w//573i9/h7eH//V1fPPN/f1+a+/I+/Xmv9s9X9yU4vW+/W6/Tz6/+699e829e9+90FbOB+PW+fK7/DD/7k+7+3//k6+9F/vM+/S3b+fp+fdv6fbl/P3m/rlH9fu0/jb/rJ9fw+4p79/c+/W9vm/cCdft+fd2/F8/9x/dX/f3/vS//ej/Xj+7cb5fr//IL/Q/3t+/s//M7Y8/c9/evd+fT/vv+vF//t6/R7/WB+vy+/P5/j8/J5/VR+vy/3+/ff6/u+//T+zK/vp2/N8nu+f48vXDt/11/b0/zqT/bS//Q+/MF/HA/32j/Dg/X7w/R9/tt6p/n5ueL//+D8/9+fr0vc/+9vN8/h7/q6/t74dGc++ev9/x5Hz333vz3z0/f0+fP8fK8fF3/az/a56/D2/vbX8fl+/Fe6tn2J/f96fFt/Dhfvc9D6/+K/HVPb/VK//M/vR7/Z23J4/NS/fXfc/Gd0+t0+5+w6/0t0/Pl/75//X/7y9fS8v+Ptn+N52/nx/bc/XK/f7R/f+7/7m73W6/2929W+/tB/7j/bd/XB4/j8/N94/Fu/ru/rer8/bz/D5D2Pd7/97rr/z2/zqv/vmf6+fv+vzfu387e7bcr7fv+iP/pz8vr9/Wt//2vfbv/b9/no/f4/08F8/7d/Xw/PBH9fH7vnP6/P2P6/PyPq/Xr/vu8I7/hj+/0w5/I50b/vT27fv3PPHn/3d/Xj+/ug+/D999d+fb7//sf34cP9//n1+vN/fv//Vx/Ox/2vi6/Tk//B2vnPfA/Hr/nP9fd8/lf+l7A/bBfe/93r+/rO/fe849y7fpr/Hf+PQ6vLlfwfv1/7wP33x/7I//I+f7u8/C8/fw//r/Pr/vg8fY//G9/h5/Ox/pV/fH/rBnN99z8fO9/O7/by/aS/vH/bj/X8/P5HFX/347/dy/Z9/NN/vy/3+j/d2/Xr+1O/9eh8fXulv2Pt39zm+1m//xP/i/bq+vV/vn+/m2u+v2+fTGo/rhve3g/Pn6n9tz/Dn/3n/9S/cvr8/K9fTzvX3m/LuP9fh3/Wz/9w/NG8/ntfbn/Lg//lvo4/P9S8/U1/X9/P9X/vrp/Lm7/XP/rX//d9/Uto//2Z9/Zw5/r+/n4/Pp/LX/XX9fX9fm9g0/v3/HA/PD9/3z/h6/1o+3p+0GLKni//83+/K//r//H8/s6Bp5/D0/Xw/dZ8w/d9w/jx+vS9/D+/Zy/v1////e7/rZ/b4//Bw/Fx//Mi+/6F8D3HeHcy+Nx+XD+frnS/nW/ffl+/86/86/t38/Y//j8fHmu/faff/m//Du/n873Q4fD/fL7c+/9r2/78J+/V6/9M+/I/fid/fUT+vw/P97d4/s+m8/C9/ZF/vq/3f/bp87+rS7/8//C90/p8/bk/fJvfXBv6/wp/uu1/vevffQ8/3+/n//75k//jfG/76/3p3f/XD/vl/fh//y9/J9v7udf//ttx/lx/Hp/PJnsfN9o8fl8fl+/7l+/d6/38/66/v07/tkP348F7/O4/e97xx/a4/7y/e8+Z5/36/H8/b0/v0//q92/7fz/Dy7/vj//w+/w88fF5/6v/vv9/1+/N773kfls6D6+fh0/N+r3Nh/T7/dX8F6/d8fN8fvv/vn/3e1/dw/pw/Z2o9/c+/u9/vw/nvP3XrOJ4x73h5/e5eL+vt7nbXrP//9yxd8/D8/Z2Tz/nA/v99/U+vV+vXsl95r3vg/Dm/70l6/+/33N4v/9g9vI81/j9/uv8/P6+3d3X9q/3u/vf8/1//V+E5/T187/tr5/L9/3wa/vp/f68fY8f56/x3/X+kPp3+Tf+/E/f//X/6/rn7U/Xlf6fPlvOwq3HL/7k//T8/nuf9g/LP/nf/31X4/76/dX/Xhu89/k8/qZ/Ht/bx/3+8/D7ff+fD1/dqn/ffkq/HT/3D/729/S9vi9/h6/Fu/91/V3+vDf6/55/3G/4T+/r+/l///g+88dx0jW+/8yLXz+95+O6/te6TnM/PY/nu/nj//V/v7f9/tN+/R8//s/PU9R2/96p8/P//Ju/T9/b4/r1/z4v//17/JpUR8/q7/dD+v9+f88f90/X1/HXf7++e77LB73C3/Z1/vV8/z7/P7R/vzvfd/979tj9/Sv/f00G+v0fb7/3+2c/vEd2/eE/du1vr//X/vL999P4/1V/esp+fUvfuei+f5vgS/L8fB9fP1v39w/f6/7X/fF6/Tr/P9+7fb8/t1/j8/X0+/d+Xn+/r/3j5r9D5/X6/vZ/vF/fTO6fP8/N5/Xk+vB+fiv/bk/1o/9we//K8/Zq+/d+vp+ft73I4/b5/3/fLy/3k/7+/PE+fR/Pf6387/g4/79nXv29fN/v316/Xn/H3D2vr7/J4/Nx9f68f5uw/P59vO9/mvW+1+T3//T6/a5/ttR//4+/Gx/Rx7XvPl8k7z/9t/vm+fN/fdefPR/Xn6fX//05fJa/Xy/Pf73X8/u6/It/rE/Xp/vR9/N//Z+fXY6C97zdbi/jqn9qW9k/9eB+69h4/Ha/dsO//Ve25/Xzdz/H4//7/9A/Xd+v9/PLf0x/Pa//t6339r917/3ko1TXc5Z76zzPqb+/L+/zi3e9/MtJ9z/nH73juf5/fTO+g/z5/1yDq/Tv/dXt9/+9/26g5P+/POfpF8G1/dy46/X4/98f96/98/L7/PH+8815L+3znP9/j//j0/363+oz/6y/PQffv0/P7at/P9/f6+/Ry/9w/a8U4/C+8fO8ftK58fo9/Q9/b7/PT9/b+3//70p/Po/v9p/7m/3x6/J6/n5/H6/Dr/b5//yt/PR+78Nv+fX5n+3jb+PLT+dy/e5q//txXo/3r/37t3v2/cy9/2P+fT//a8/O+/T//fv//gfRk8B6/b4/3lc+/Q+/kfR8/A8/+7/7zo/98/bl//o+1+93/uI/edL9/a/vOz/J5/T3Rr0/5PZN8vO9/P8vr3/V2/Lw/NO/fQc/3G/PK/fz+fI9+979/69/HWU/Pjf/+cK9fn993932u/nh9v3+fQ+fmuk/49W6/mq/Y67n5fyD47znXA5/3N+fO6/O5/TyW0/L7D2fT9/Xf/rJ/vJ+f7/vm80/vit/Pd/rU/XZ8fU/fkNi+v8/vm+fn/ff6/V+/Pt6/vbw/Z+796/1z++2/dQB8nzf9/38G96iXXY+v/Od/OZ/bi//V73I9/E9/o7/3n8/+4/9y/X82/D8+/c+/Qv49fw+v7v+vT+vza+/bjPv7c/b1/vF932Z1/pz/NA/eYtSC9fn5/L48fB4/K4/v+/L7/vNQrkX+X3/vE8+/0Z+3I/PTm//1rvqLuYBY8/B73O/d+Bz/T+vUfS8/Es6+/o5+9yD8/79vu+/a2vm/0cyv+q+/09f7C+/3f4g16/DPk+/vV/vG/3O8/u//98vT5fd/4T/X2/7U//u9/pz/dwiin/P87Pf3J+fJ+fz8/Y6//q/Jdt6d7/b27v78z3n+6/C833Ow/1t+9g+3M/PzO6fT6/n4/9s9y/X2/HNe6+dyf3svR8fnsm/34+3rbR/X9/v5//pnp9/XJo/f0/743/7h/rp+vF+/Ce/3avaTv9fr5/Dq/97/vI8+10+v//vh+/Q6v6XK6/T4/54k3o/9t/bq/jt+fm+XT+/T7/rW//dhHt4/lq+fm8/uq9vF3G/fB/7xHfc1t1/e7/Jw/Z9+9cv+d7q7/W++/3n79efvPb1//+/c+V8/R8/Tw/Tw/J5/b6+8ff4f3rfv0/2P0/vL26/XW/7H/3K9vp+9dm8vl8v78/Hv/Up//B4/v82fwPO48e7/3fr/566//y4/64/OtD+vLe7/f7oz2/e0/W//F//ec//fh/9/69/Hnf9v//vXU/+/e38o7fT+/U4/i8/3S8/R2PnPl/H2z/LE/30/fZ8fQ9/X0fV+1zP9/Lz//89/F8fn/q/7p/3x73tP/7g8fa+h9vl+z5Tg/7n9/a8/cj/nq//FHvfb4/vg//2+vR/vl+v2+/F537B6/H6/vN/fMeo8vp/f69/v1/ty/33/Wa+/0//I7/D4/z+fZ8/3d5i+/VB+/67/VJ/f9p9/lr/Hs/T0v/7w/Lm+fA/fpufv9/v4/36+du+vE+fF6/rLWM//To/T8/d1/zy/t49vB8fG1G/3w//z//z+f/9/B//Dq/Hj/9k+/gL+vH9/K9/r1/x0b3nJbeD9/i8i3Z2/3h+/R/s9X7/PkfOPC+ftC/fvN9/l4/p6/Zx/tD/H3ftvB//HH5/Dr/jt/rn/fb5lnuw/vg/rD//D//Zh+/a07X7v0/fBv/P2z7/Pv6+XP+f06/C8nDvHy/d/+Dy/Z2rjx/nlbp/uP7//ck+49/i+NF+Pb/3C//e7/O+/dsz8vJ//kN/89b057/V6z6s/vY9/mufLE/XX6nTP0/H6/bn9fR9/3//X1vHbC/fN5/1l/f9+/s7N+s//09/7+U/bG/bX/Xq+/k+/F++/fjh/PM+3v/Pj7d//h//r6+v0//J5/z+fPP2/XA/X8/nB/XB8fZ8/M9fPe19/i9/seq/fL9/G/vHx814H/qHzwuT/Ws4x/Ti9fW/fmu+/td+/n8fdifs6535KMym/dc4/fofzl/zy/36/vW/va+vDT+fL7PXf+h9ej+fZy/byL3/m2/W4/p5/vu/uvY//Ze9m9Xj+dZ/3L+PN+3g6/e4/V4/7z/viP+Xy+vLPl/Hs/n/+fx/f78/s4/vn9/Pk7/Z1/e9/u8/v4/Xz//z/fh6/3pfjt/PcK33t2p/7jvvP9/N/Uq/91/X2/D9+fu+3zO/fU9fXa2rxX33b7/V9/L8j/ds+z2Tg7/XN7/Px/zd/fx7/Jt/nU/PF7/n77vjXu/PJ/3y/TJf3/u7o/7w6/3uf8/T0/X4/no/HdvtfWt8/U+fjmv3Xyv18/e+f/sfLh/H+/Xii+5fx/fH9/c9/uew9/y+vZ9/O2/1//m9/vw/31/vG/f3//28/C//1+/O0/e2/ND/rR/fx/PJSdwfny+0+34/98E9/nSv//39f1u/j1/7s/3JnX3rG/71D/3m7/k++54zX0/T5P8/T1/PX4/XO3yT2X+fXcW8fYt3/+2/fk/df6/fe0/D6/m34/nq9/r+vZ/vax/91/++/+a//a//B/3r+31exjHvXyP/i7Prfn+/n+/L8/Xy+/9d+/b9/9ji+v7+PJ+vl1fWvZt3/dut+XD/vb/PM//p+ft8f/pfP9W9+i836/Ly+78K//tr//V9+eS+/t+ft/V58/7i4/Z5/uV/3O/PH//O8PMw/3m+3C/fN+/b+/C8/1W/Ht/fefe8/D8/+w/D7/R6T//Rn/7Q9fK9fT+/P3/F1/q9/OB/Hi/f8/3Ok//y/N+/3be+01/y/dZ6/t8/H5/XDqffe8L//P/vXXM/4+z11+9r70/77/7q9v/7O/Xp/TIFR//Tx/78/tM/Px/3y//M/fB//o8/94/a//X//Pb/XI/bC//i97xd9/N45/V5/V9/Xh/3h/3i+/V+/R8/Lw/Lz/D5/b2/es/+vP+/P6/P5/g4/MvfnI+fnI/fnIf+85b1vWt+w5Xt/2996+p//e+l+/40//N/vl8/HT//If6f87/LXmZ/71/ra/Xa//Q//+8vXGN+vntZe3/+3rf+59nvPEs+/eq++1X+6++vv7396r73T73k6/t636/7Fr/ty3/vHJ/e/Np/7k/1k/r8/3S+Pm/PLG+fveQ39/RK97xN/fj8r73l5fv++98Xiv+vm7x9vi/9n/nt+fW+iU+/w+/xz//7/vf//4/3avA+vK+vB7/e5/+8/9q/9v/3l4/t2/9z+dnz/lX/f+/uPoe+v6/fn/fz+fH+/N4f3Wd+/r9/7d9R68/m0/f2/6o/Pk/XKz/W+/Z8/92+/oe0l8/J/vB8/N9vn5l/ftA/ef6/f3rfb1/z3/Xv+v0//18/Hd5/f5/d6DO/by/e/8w97/t+/e5Lvz8/ttvPfF/dvW9/a9/Ud9HtX/Z6bGc437377/79/qr/d/a63/7s8j1u49p4/J4/PO/H7//7/fF+/Kq/7s/3bHX/Hf/Hp/3ZnY//r3r/nv/ny/n39f9+/2A/32/f16/O7/p4s//zrvx+dr1rz/7qtq/nX/3kz/e9V7Pfd9y5+998f3+vr+/Xz/j2/vG/3J/XJ/3B9/n+ftt34f73q/fq/fy9/y9/L4/11/u97/K/2z3a+tm+vf8vH/ob3d/vbwvPrX/Xv/7ee3/N7/e8FTu+d7zY4/M5/gs/PGF/Hj/ef/67/o4/dq/3Z9fW/yez+3ybs6f/+7zDi//98/4/fW+q//W9fpY/feL/7x/f3n/XZ//p9/+d83n3v8/PX//ppj/PN/XN+/u/fZr/7s/frfGefEO84/b+/3C/fg/H0/X0+/1X9zx7/g/32//y9//oOP+/JnvPP8W/f76vz/28/WK+Py/P/7Xf7/K///6/L8/PHw/HvnAK//t/fk/vg/nL8fC+/Htf72/fy/7l8/5/fL8fT6/28/t1/vH/fdPuvE9/x2/lfu9/Vz/9k/7Uy/2XX//X6/g9/kt/n7vv/l8/HLP//S/7d7u+v5//71vH3v/34/bD8fz//Us48/e1/tE/7f/Xxn/3L/Xt+fr9f3+fty/d0/N58fJ/ff+fbv9ejGN//G9/Pu/7g//qPmX/nbPpFdr9fvvfvn/DyjvvX6/Xn/Xg+/y74/p4+38vn/9svrvvt8j64v7fVvvf/A+/O//n+f95f1u/qen97z7/JT/vz/nR9/2+1/jH8v39fWeh/fh+vq+fp//a6fv8+Hze68tFPYo/fK/fZ/3b4/qx/fn/Z9z5znt4/vz73/9o+t0Xz/70+Nq//M+Pdi7/s+498+N4fXs/tv/Pf+S955tnnx/vy/dr97vf/1O/7Y/PHXx/7o/71//+1z/r533F5//5//4sy/7s//i+vn//DH+fu4/T337Tu/vmPem4/pF/d/Bx/Pz/fmfffN5549B+/Fu/vE/Xe6/D8/g/fv/fvM//dnv3/pvfnD/eff/3Lq/vO6/W4/R+6z3Pi73J333j6rnv/s/97/33yy8zr/Pw//wM2/B5/V4/vd/fV/3n6/c8/9+fd//LO/3FC7/xs/z4+/Y/j8Nw+31+PG+/T7/i//T4/XI/n3/Xa6/r86/37/n4/a5r1/X+/dK/5/F3/7Z/7f/7p//587+zzi+vH+3h/fd4/f4/3X+yX84HvG+fF+/44/94fN6/v9/9qPt/9HFY/Iv/th/3n/Xj+t9/j8Xj/Pd/fQO8r/Vn/1y+fAr/3v/t7TG8+98/fW/fJ6/C9/nx/rn/f/I+fqv/ssT//06//kfe/Gv/dw/Pn/Xk+b7M6/Cx/VV/XW/PbPI/v9+vS+/7w/Hyu10bpv/nu/rx8f0+/Vuz+3//fG+vN6/W9/r7bn/r9/3i719/vHq/90/37K+y/ud+/3q+/r9fncd+P0+3b78vbz+fz73Tf73jL6M3/FP/P6/XVb+P07/Z8/S5r/L7+/4k+/qF8fq//5s+3n+Pq/vjceF+09li8fW8/E9//c5fPve6/Xu/86HPnk/X5X/P7//drLo/vrs/HvfStK9/c+1+9/r9/vp/P7/e/VK/vE+f9v/Hxy/z//3yd7/B+33n97/tm/T8//5/3w/3ETkt//i/59r0+vN+vV+/H0vW89M2/Fu/XU/3R/rT8vj+ftYvl/3E+zpPX++X9+X/+/a7/du/1h/3n/90+9r+/r/vf7/B7/60/d4h+fR8fW/fv9/vo/3w+N7+fKP5/Ww+PK/vF7/Llb/mg8D4/Tt/vqfN/MG//b9vHof8/Q7/12/Ht/no//h8/d8vXdpL+f/+fXv7+vb/38vf7Tffwp1CFvfY/Qo/ro//r/f7+/G/99r7/fl9/vt/P58/7+/exz36+/V1/2D/v3/PW/P3XE+PpjPs/0s//g/97/zi1/bi+vw/va//D63S7/Rx6z3h+tz++8g//Bp/uc/+fEM4//w/fd+/HOZ9/z//b0/jFDo/LG/HV//Yy/12F73667zY9/U6/uM+/ew4/F5/H1/X2/b9+ft+vq+vz6/p6/p4/H7/Pdty74/9733R1/B//Fh/Pu/ren/PR+/z//q4B/7U8/l9fku+j+9fP0/H8bq/v0/f/z3m5/B++fI//U9fH1/T5/2vH+Xj9/zQ+vzLo/bi/vM/f+/fnlq/vF/X77/zA7f/9/28/hv/P1/L67/PafS/vb//G+/b8/7f1/Xr//A/5+t6g/v6+/04/39/vv/30z/P4/3+/FZ/e+S/P4//7/f9+/U+/stz/Nf/fvy+vF8fLF/Pk/fh//68/Vtfr+/bN/bp8/86fvYr/3L+7+vw+fB/vs/v9+/r7/i9/tg/XM/7d/3z9fJ8w/V0e/rO+fR8b930//7/fWs8vr+fT7/n8//8/n6/Pt/H1//+Z5/D5/G9/F7/fM/ufGd5/Om+/N//2wfnCLyXg/tp//wH8/24/o+/7g/nxP9uVx/Xx/jx+/6O7/o9/nt/n5Puvx+/7wvnu9727qp/a9z5/dwyb6/7N73Kx/Z65/V85/zk//55V7/LRH+/373tT3/PPN//nx/9r/X3/vj/ajzbFHffvjo/nM+fl//s5/O/B/Xw+H5fc/3F//4+/hd/3b/XLS/vTf4fHz+ip+/76/3R6/f7/bg/bZvffH/rD/vO+/T/vX/v99PXXC/vBL//Xcs/fcvu/5//s+/I6/A7/Ob/vNdO9/i9vD8f2//X+/3w/6A/7G/bP/72Z4/tz/O3/vn/f59viP/X9fU//T8/f6/F//+y/+a/Xs//G/fX9/r4/pc/nB/fJntr9fj9/f/vzQ/fvn8vnp9/T+/noH/fw/nV8fo9fs+fG+/Ww/b0533u3/R1+Z/0+r93nar/bz/1l/z2/3F+vs+vF6/r77zzH1/J1f33L/bl6z7/h/r///G/vm/ve6/Z9XzPHX+vR3/B0/B0/1r/e4xG//79g/HNR/23UXc/fr/fB//D8/p//ON4/+4fD1/D0/94jjs/Hq/H0/78+b/c63zTsT/Pj7vdzqvOXv+XT7334/P8/0Z95+D0/Fk/nO/fG/rn8/09/fY/P1//L/bC8vr+/N//l2/fx/+0/6R/d+W8/Lt/Xe/vH//G6/C5/Y4/O1+h0/fzP2PUftt/3dW80/Lh//4ZR/n19fe9f59/73/p0z3xz/X2/fUT+v9+vF/y+7ST8/K+7fP9/L9/jlfPPQ/P9//n8/3k//j397rW/ysq/dq91/Z2br9fnf+B+/ZH8fY9fe8f78PfvH9vW1PbT9pw/d3s/Pr/7+j4d//K7/66fJO/Y+C4/uz/fc0yt8/72//2u/7xXrfSkcz4fPb2/1P+/06/7D/fXt/t+/vo9fL8/ti/+857+9XHfc/9vG+vR4/j2X0f/w/D//9g76X97f97fd9frt/Ns/Pw//QB5/1999j5/rxtw/rv/32D6T3fHF/bM/nb9752+/do/75b/T2/3+3W7/R9fT//bp/N7/bnJ//U6fD9vn3P67/Tref+vp//97/rfx/rX//a/zxP0/f3t/f//vK/NTyrZT+vnN541/62/Pg/uvB+fZ+fbu/D7//0tfab9/A6/Mt99/XF+/9+fN+f52/73f55/1m//s/33/Xj8fp5/tS9f79/FrPv/y//e7/y+/1g/fS/48u1/fX/e9K//Nh/b+/XQ/XF9/W4/7o/P37/v8eL+zzrh/v/+71dB8/hy/t5/6dxu8/m+f9+/48/Xf9/fF/7VX98/aJnvWNx/fp+9/Jz/nd/7BvfaSZY8vj9d9n5//i//G/fD//bw/tw/vB/XF/Pc/fd9/M+/5M1/fY/vNt68+Py0+T//d2a9fr4/u8r/fb9/M/7f3Z65/T+/ov/LvvPL+PP/8/Phzu/vxP+fWeq+/3+/Z8vD8/r0/R59/zh//68fF+/r+/dx/3bl36/HD/e3q+vby/3w73r07/rr8k9da/fb1/97/57/d+en/Fk//t/fm+/N6/G8/88/w8/T7vvbZPf/cN+fH8fb0/r777jkH9s+94e6nW6/u89/d1i6/9x9/RR97zj4//Nw/bK+/5Y73zHR/bK/v79967U+/J6/ff7fj7/bv/3f0r/nK/X4//D6v7ve//H//m8Z/39+ff/fNv80/v1/vn/5+l/fv4ft7/z7/D9+PK//zuffl/nC//zS//l9/b9/e5fj8/na9g/90/Nx/vp/Ps+fie2f6/fx/f3/td5/Mof3ZPL73/7l/+v+2/F8bmfLVvefJ9/X0+fP6XP+fX8/bs/70/Pqf8fbvB/nhPcvr8/P6f7nF/vF//en6397/n+/e1L1/Xx+Nt+3g+/n+3h8/7w4/9939H3+v6//6/fx+Pr7MfufQ+/7/fN5fr6/N6yrGz/vxr/zn/3p/9p+dq7/q7/rt/j8P/P5vvZ/so//a7/jq/7w/zr/x8z4/L0/nA/nb/Xv7/zPaP919r6+vH8f9+f1+q+/r//nG+4/us6q/3jd+/68//9/m4/bi/vz/f3RX+vLne/f+t5/Jf/3P/Xx/bp/7+d5zz9r/9x+th+vJO+vC+vpy/t2jn/Z/17/vx+PAu+/G/vlx/Dh/jqPlvK/WP/add9/7o/zyvvP8Oe/16fPn/D8/z0D1/1//Ty/Nu/bt/HN/7Fje6BNz/28/fx/WP/na/Xt//Oz/389/Lj/vc/fe/fd+3fL6H/35/3j/3e3/72D//i+/trfs/f4/t1/Pe+v7+3trq/d9/10/T4//W/vF+/K//F//bz//83x/v48/R9/f8vu4/Jz/p0/dU0+/zZZz/efr/fU7fT97j9r3vu//3zS/vDvz/u+sP+fSf7/nV/PvPf/OR/PQ//L+/u+/X5/Po/b8vPfJJ/X6//z//B+/Sw8/2//6v/Mfh+6//++PQ/3C+P773x7/9us+/b7Iq/PWt/Nz/d9/f7/NU/PL+/Pa/Pf+3u9/m++/D1//0+4/e//8ofLa/vH/3p0/f98f/949R7/25ff9/tq/7n8fU+w9z8O6/7+D3Xe/n3+fh8/MLw/fxz+7z57/1fHGh/sfl8fW9m+d84/Jr/Hw/e/5r/Pg8/W+/+w73r4fD97/3E1/J//Ph9fTv/3I/d/0+fTB/fR3f//ex4/F+/XO/fS//9l3f2/m+347f97/ztyv3bt/rs9/E19X5P78/n/Z9vL7/62/zm+vR9fU+9vZf+PIufPiv/L1PPnu/H5/7C9zmX3L/z/6B/fW9/nn/va/fl7/F94/V8ffsfvM+/Paei+vi+vq+/zw/c/c9XeM3+/e/v5+/P5fb6/f4/71/Pv5/byXt//dJ/PH8/U9xd9/38/H8/ubFg/1+fvU1N+X3f0z/Gxv3dnz3Z6/Fx+/7//6/f55/37/D+/XC+vI+f76v/7z/r9/38//q+6cb/fX7/Pvr/PZ8/3Z+X5/Vy/VW/fN/fh7/6/fn+/1h+P0/3N6fd4/a1/66//kPe8+1B+/D5/Et/veu/d/+4/44/33/r4j/u4+c8/uOi+jqtfVs989rw9fz8+i9L238f9kfr/P98573s8/S8+/f6/dP+Pi+vP4/p6r3ns/Pv/3Y+Pze9TmT/fb/3Fr//Rv8f7v/LG/7G+fL+fUs+/z7/uuM/fl/fu+/N4/j5/O8x+t2+P2+/17f7+/az6/v3+vj+Pu/vL/fP9fn68//PH//m+z+D5/56/9d/v5/dv9br+36z7/vi+vK9f9+vr8/r7r7L5L8fL9/jZ/rn9fN/19a9Q+/w9/L//M4fLE/bO3+Pf63V+/u7/p6/uci6wX3X9/nT+/E5+fS9+uG/fq+/fR//b6/b+/o4/eg6A/f2+7FP/Z+PB6fb7fX7/3b949j+Ng2b4/aw+/+9fb4/35v/P6+9f/9v7us/LX/XT+fN6/h9fDu/vl7/fR/P1/3e9P5Hf/nlf/yR+/F//9Sx+9m+fDO/3e/Hp//o8/M+29h3+7z3w/x7/e36F7PUKcwfuuo+Pu/3J//jf8Bz/3m/98D9/Ct/fzfv/e/fJyfmfL/fu7frw83x/d5p9/R9flN6/3/2/pf/faPW/fV1/7wjb7/xp/3k+dG/Xzu//Sr/nV/PDP+fNs/N/08/ew/X2/3r4/Z52/3xl/nb8vh+/D//e9/V0v9/1x/L2/9iZf/Pn/Xv8/6/fxo/HP+vyy/aw/l9/Po/XH/X/V+l4/r9/XG/vP/Pd/7+8/E3/dZb9fb+49n6/uB/P78fv+/L8/F6/rx/3S/fA/fO9/j/49j3/eG6/dc/fw//Y3/ty/1x/Nt+/f8fx//Fz/Nv/7Yt+/75fVt/vq4Q4/O5/Ep/Tk/Hq/708//TH//3j7vX96/r7/7G871N8/i6/v4T+vj8/t+/Vwvvjt/3z2/HPv/92HUazu/ni/vk97xFx3XqaNj/f5Pu78s48z3zJPe/Z8g4e/7l7+6fzj/Xi//sJ0/nve0oOb+3b+Xt8/s9fHr/v++fR4/n9/X6R//7x/788/c+x9X//fYNXY//by639/bxD//D/ff+y5N8/P6++/L9/G/vXsF/36/3D/vP//W+fp7/zr/7y/72+Xj++879ve9fR7/t9/W6hnc9/Je/rp/nhb9vr+/F4/drh6fz/wPevHtfvw/r1/b/2/W8+Ni/38pz/NC/XY//9Hr/v9/H/DW7/uY9c7/38/a3/pD/vT/Pn/fu/f88/4g/Xy/3C/3y+fy/fS8/fu1e//1y1/28/f//nA/XO7fT6fT8fv79/fc/bn/vq/3+36/z76fX+fz/fho/bnvPnqufnoufnm/vp+/D1/Xs7/zr+/Xned79/evx//g/f7iW66b3vd/fLeh//K//JreT7Q/7z/bu9/R+ft+/vo/vj/ri+/4d+fJ8fj8/H5i/bm/HJH/fL5/36/d5p/r++fI/fA9/Hx/Hx//dh8/z9v3N//lr+fr+/Pt+fn+/n2/33/39/W+/a+J9/Fs/pazfep6Pq2/7bt/Tsn9/jp/r8/f8+fG+48q+/vi/c9F//Fd5VP9vHcQC+nlf/OZ8/e+/3+/Fiv/f5Hffffvfef86/Sv/rz/9o/3t+Xj+/+hx/tA/XZ+3Lq/fXw/m+/e+E3/37/R+5/tknr/dw/98T/7+t1/Lz77Tr6/xi/d5+vq/P6+vT+3i273fP4/txznvP+1S7/y2/O0/Xi+fd/8fXtT+vB3nVne9fSs/fg/XQ//zvT/Xb/3LXU/Pzw/7PS7/zm/Pa6zHZfvv/0x/fw/Po/vL/7+34/S8/8s/v6//9//j+/B+fI+PV//i5/W+/O7e6bf+/99/vw9fJw/T2n3O/45n8856k7/TNPJ8fEtfs+5+c6/F6r7vn/rn/32/fsvd/e9/7q/92/rl/3mtrf5ldw/dx/Nw/fY/R9d0/dlkHq/7w/9o/fQ+/+o869e6/6C/7W/bO/3Fx7/ev1+vD/33//n//v9/vpZ/XW/v0+/o+/J8/7r/v//Pr/3q//K/fLO7V//Tf+q/5J//l75vFX928fb9g972/fX+vP/v76/95/lu/vI/3h/3zW//PG/7P/7pN3v3Ptet/fO8v7t69/m8/s+p5/J5/mu/nz/b3z3PH6nSY/t+2bwh/0qfDo/vg/9h/vy+3F/fF6fLXj/XC+fv8/q8/to/Pvo/fj+PLOrv+7yW4/7Pn/H++/9/vp//r38/t5Pvk9/qxP6/2OY+vy/3dzc/fB/7B/35h+/t5nm/19Zw/X+//O/fS+/x+/9z7TH8/1c/f7/Px/3D7x/9fV+f3I//O9i++fX58/3RJ6/J8/J48/T3/XJ/Pz/fjq9/3D/3E//35nnd/vd73zHm/JeFodg+Xn+Pf6Xn5vJljxvl/6u9/mp/nF/nG/XG+fm9diy25/t4OXsT+fy+vq+fjP/n0//T+/vFq8d6/a5/vdQvqa/O/7z3b/3D/vH+1R3P1/3Y8fZ//Wvf3g/1g7/a5/zJPi/Xj6/fD+/2+H7/p2/7iP4fX7/n76/4+/g4/hyvm/3g6/F7/1r963zJ0/369/r78/N54zf6/K4/n9P2fg+Pbb+vN5/L4/b//pN/e9kx/bB/xW6L1/bn+94+/A//97/u4/F66/b9/dp/73fffb/PH+/X6/92X9/7A+vT7z/N2/z6zK6/HgfvHHfa/O/o+vw+98g8ff/vL6/77/O+/F2/Xoe8vn/j8v1vg/r8+fS//ce6/VK/XevhT+Ly+/j+9+d/3+7qz/59/dWz/fD/f3+fN9/7u00//s+XT3I+++S/y/B5+/Uzs//s//C/fb//Ky/n8/f3n/L/+/Sl8XTr48/J//T5t//uw/355/Xn//zm6/h1e//y8f7//i8/61/P1T2/T+Xd57jrr3/96/7J8/U57P+fDK9/9m/3n3/N7/tzk//fn+/rFx/fn/t8s8u5S7/zTr/3Vzo/PVF/3VveP/3N5f7//Eu/n+/js3Z6//H7+1x/XL+34+/X/fzrJ/Xx9/F/fXe+/9s+fW+vt6vnn+/LQ/vpXu+3t7/y7/G4+ff/f8+v9y/h+r3v3Zr/Nfl9f3t6/a7/nKu+fc/fsvp8597j/f0+/+5+L9r59fL/f94fOdT+vd/3J//TC6/uz/35/ue/vd/HE7/r97nvbv/bt/7dP+/S4v3zh/38lmrR/2s57/+7/6L/v358/+yLusMLzj+rrqO+xKm79Dz3D/XD9fV9fV9fN2fWf7+/Xf91+w/+z/O8B10Z/2//rud3p877/1463/q7/W2CIxHPdcW9f6+fm3/Rx/Ty/1m/i+L6/PE/3RO//q+f13fnfZ/fD3u//clR8/o9+tzPkf+ff63T//n6/WI+vrufPM//63/a8/dwo/r5e9m84/f8/3C+v7/ft/vj3h/uv7+/d+/N2/3X+7/Lpf/3pru/391s/rm99/64/d8lbp/tfmcxZj+PtLb/nY/3Z73l8/DPvb//N63t/7zW7/Z8/u7/b1/nq/fnJ/XQ+/d8v5+vL2/19/W9vb3Xzu2/Xm/fTz+/3Z//9//jz//t8/U+/J7/b8/rs7+3z7/i3/m2/Tyn07HW/Xi+3r+Pq+vHu3C+vYufL9S+/9o/PpvOvu/vzIfR5/P9+fp9v1M//2n/PH/Xza/fi6/W43zZ5/Ty12/P1/+8/PJ/fq/bw/vL9fM+/F/vD8/az/j7//D//9Y//b/vWt4+3suc8/Vyw6/Y5/E68/bv+/K9d/btXHvc/2sb8/1t9/X/La+/9e/r9/7u/fI+vHM2/nT/fvi+PL+fTuO+/H/3u+fH6fv9/y5/fnfvbv/3xHfV/X5/fe0+PY/Py+/46/989/9+69V5/2s/zyfPvW/PHc52O7/O1/d4/96vvznHX5+vf73d5/i9/i8/p+A64/N3+vB/XP+vt7vzLq/t9/dj//mT//++fm+vHf++P/Oc0/765y/R2/p/s/3p6/e5/O4i+/gz//W6+fu+P/PefUuF+fv8fnsf8/u/59Z6//G+/Xe+3Cv//+8fXe955z/P0/RzW1/z2/n8/f4wxr/dx/fr/9oi8/T+fK+fXa6X4P7PD6/y7/o+/tG+PE+vxn/d4nM+v7O/fH//d9/j2/98/tM/kt/t7T2+/oO+vi+Pa//M6/i17/o+/uL6/e6X8/K+/k+x/lE/PUPfvLff/e+fx+/zt7//P/30+/Z//d9/npfe/9Vni6/NzXbdft9fXlybo/708/d93//e1/d5/te/3r/vXu895/N7/eo/t8y8+ef47/Xk//K9f7N//sYT/fp7/3q/vf7n+9So/fZ+94xI8/X4/c9fPcS+P8/Xjm/3M+frfB5Xf/rN93+Gy/z+/vk/7K/XN63C8/X0zO+fD73bL2/Fk/zkl2/3D5/ln/Vrjje9/4+vt7/Z8//w/nK/nkvep9viPNt/vOJ+9d/999e+vns9/U/vn+e+Pl/vU6/T9n9Pk/fg//0z9/D/T6/J0/r5r1/nS/fd+/C8/9+fnVL/XF+3R+fLP28/H9T/9+c+/38fzz/zW//n0n/ec//I/Xjc/l2/f8/vt8T8fr+y0/Vj+56Nz3bV/1R/f4fffcm/+8ct8z127/n78/J3+/glNg/7yr+/3/3bm6/1ynXU/VA//ex4/K4/33/33z3b5T/77//7//A8fj/fm5P7by//y//267/HH0/bk/X75/7x/dsRN2POvG9fzM/f+//Zm/bF8fn+/mg/a/n3/PT/vu8/jB/3L/nm//t979l4/fZ+//+fl7/ny/3//e1d2/37er8fNz/ry/Z6/9+/vD/Pp//LRjv/PlPI/M/f3nf334/vDmtfr9/j6/7Vt/br8/s8vj8/Z7/lyP/Xe/fJ/9/HG/3X/vR8fO//J8/j3/d6+tE+fB+9vXc6/7H/f9V+/c7h+/2ZfR/nn/7S93+78n3PfM6+Ppu+fHvf3v1/Xrvs//5Os/7507/xxTXffa/3C//30z3Hv88+fP+fnvv/PLffuxp3vle6Z2/G8/Xs49bn/f364/g6fjr/M/L/P6/zN9/7T7/G8/g5/16je//BX4/d5z3Pj/bv9jx3s/rZtg/Hp/bh//419/a5/nB/d9d+/3e/HS/vZ/r98/U+/E96/Pp/np+fOuq++9v5+tU/9et8flsfrn/LqH4/dh/91/78z/fC//E8x91sP63tK/Xp//U/fP9/ti/js73E//n5fPvq//8o6/q44/K7+NS/fs/3Ky/X75/z8r8/3kPffM/3reecvWv68/B9/Or/zw/1ij/zz/14+1m+/7/Pb63v+fj5ffu/js/Lg/3B1/7g9//rOcq4/fu/HsvPbZ/HF/3V//o4X/3xpL/fh/Xb+fE8fr8/t2fW/U/fP73TOf96/hs/dxvs/w/fX4+v58/D6z3j6/32/ae/Hv/nlz9fjw/3/M+/F5fmf16ft0/7j/bs8/j8W7/7bb/+fF9vrw/v//rzf/Xn8/1i9fd9vq//Heo/XJ/fhn+fT63g//X7/Oa51/D0+/l/fm//jON/3I/3Zv+/t0Pn3J/vYz/P9/nx/uQ/PX//8/3OFm/v8r/n+r/rk//7/tn+9ub+/V+y97+H6/V6/f5iO7/Ny/F0/d4h+/06/9U/bT/fp/3pn08vTu/fWP+vJ6vHX8+fLuN/bS/f7K/nx/3u/vzn9/f29fV//Nvf214b+z37d3vf/F7/Lw/fZ/fV8fX/u9r5+/631/TP9/113/77/tB//Yvfnr/bRz//R6/55/TW8f8/fFsfTv/Xi/jp/z0J6T3vq/HVn8/72z/r8v/7B//z+/G869u/Gc0fJL/v76vW/v+/z6vHHk/bkP4/9+/t0P5J//c8vrvGF9PrXK/Pji9/X9vuv19/O1/X5/F2/f362/7L87+v6/a2L7ff73zXL28fWsk+f1+3i+PnXU/f7/3FVb9fV4/73/j6/1f/X5vdw9vw/35/nT/XG//W9/iw/pN//I/fj/3I9fA+/h8fe0/v8/l7r/r++3X+vuOc/OF+fHf//s8/uf3+vJu/fXvz9fN56fL7/2r/7EPf3K/Xe+/1/z978/zw/e3ub/fH+/1V9Dz/e/br/75E7zzj9/X09/9m+1E+3yufjt/PHj/rhP/Ps//Dns/3u//16/p7+/gP/fX+x93fe7/O4/y//u8/dx/r/25/v//73/3+/vk/XL/vTqH/H2/XK7fm3P/377fy48fy+74u6/SyHwfHHi//z/rN3n/Hv/7X//h9/e8vByfn3+/vm//F8/34/27/1t/z//37/98O9/58fTv/rO/Xp/3S777x5/C+/b9/Pv/r7/fH+v/9vO+/H59fu8/pxn3Ni/r2+fE8/n/v64/v1/z5Vy/Z//G9/Ne/X4PZ/3//2/wW4z7m9/2vc7/56ft+/+u/f9Cw/PI/fg+vH7y/Hh/fJ/XC+fp//r8zb7f38/n9z37fo/vk+f3rHdon/fz+/V9vX2D/9sO8/i9/R5/V2/j3/bo/vZvd/VQ/vFvdfj+fOx/75/17/FH/Pns9fH9v7V+/vv/PPVa/vPq//yq/r7/Xs/nu/f5/fD+fL/I+fO5p8vf//c0/vmve/3u/bj/rF7o/LX/R/lo/X9/PS/vTn0fufN+se7f95/I9/9offo/Pg/ub/Lu/R970/fa/nd/vBT8fPy/m8/V9/9j+v++3v6/19Lzvm0c+vM/fLy/P033Hv/361j1/vc/Pq/ft/f+979l8/e6ue8/m//D0/Ph92536wjHvX3vd49K4/ur/2dB/Pl+fS6/t8/r8/94W9/K9D+/a/7zLxv3jmr4/H1/P3r/nx/tr/39+f/uf7x/vu/fp7zzF9/3+/dZ5/di//Iv+/G/3z7fv6/7U4/77O/349/xr0/d7b5/V0zXt/1+f31fq/dt/Xu/dqzfw+94Q/31f6/B8/d5/PevvfS/f+0v3vr/tg/Xl+vi+vV/PDG+x/dz/r9Pv+cX+8dS86p/Pt/nb+/l949Ww/WL/b0/fW//fG+/bbO/7q/Xz8vv+fT/fX36/3p/efx/fXR+flyPXvC/vLeW/fz+vLffC//518/86/lY/Xs/bv/78+/5pvk/T6/bp8fb89dC/u9v1+3r/vC8fP4/m+/3PVfH/Yv33Z/7+//e9fk+fft/H0r+/3Q/bH/Llf/q7/V5fx/P6/fY/8/N/99Y9fls/Px/t4z/jo3/Px/3a/fm9+9q8fF8fh6/f273z6/j88vb9v1O6H//L+/I+453vr/vz9/9qX/+fa/f/4/I8/jv/PHq/v+B8/2+/L2/XT6vrHqft/V8/D3/tj//k4/3w26fj//86/Nvy//yd97+Jy/7q5H/fS2/J5f1/T9vG++X4/l//vZ9/jh/Xt//qV3/Xr73F/z9XXs74/a6/1g//yjt/Xp/fHk/bu/Xtf5//4//BHW5/qd/68tz+9+869x5nK/8+3Te2/73/P19/T4Pc/7//88r8w/fz/vP/nx/3Vf/fHQ+3zi+/W9S/PI+/r6/TjTPffw/fBzPmf9+e+68O5/bx5//59/r//uQ/fr/Ht/7l+8/p//70/dQ4/3q/3XM+/+Z4/TJ3ftv/Tovqkn9vlq/38/zl/901/Ny+vk/6/P6/X3/2vP+3zz+3j73z7/DafSe0/WZ/80znLz/XJ4f399y//s50/fT/XO/3Sy/T9/J9/r5E3N/3FP9fH4/nH1c/rF/XC7/+4v3rxf6fbx/N6/rRHh/fq/304/7Fn//fT/3c+/78/68vLwvXXL/vJq/v8//u5PY/3nr333Pf/PC/X9/PC/fz+/++f4/4/s5fvx/1x/dv/9s+/Ce9/ft/bi/nK2/p0/b4t/L0+/C/3v+a4F/kQ//w9/e/fD8fW4/b2b33Dbp/Np/bj/Tq/3t/vk9m/tr/kp0fPc/vv1/1j/bx//R//8wn//c9fk9r8j1XB/vD+vu909r9/Oz9vGc4ZPufdv/P94/7g/Pn//8iw/t3/Vw/fl/Xk//J8vf+fEt466/a5/c6fvt/rw/jw/b2/fl9/m/JXN/X5X/u+14/Pzew/vT+vx/vz73Z53zd9/3fJz/N8/+6/dr6+r1/3//Jtr/76z9/P0/52/V/+de/z+rv+3w+vK//vT//Tn7/H6/b7/zkW//2//A77/b//fS+vr//H6/N//D6//4fp+X6fLe/fPx+/sU/v4/v4+/rvv/tj/3o+38+3Z/8z+zU/fV/fV/fu//X/i/3n+3S6nzb9/XH/fm/f0//V0/Fmr4C9f/5/tY3x/b8t/fu+/5H8/fT+v1Llbr/PcvvvsS8fB/fHOa/bo//7//I9vD8/18/7FS//e/rW/n28fw//c9/Zw/lw/js+3K/fU+fD+X/+/C/g/72+vi/+84FvA/vO/nZo965/cqfviPvPK+vj3b7/lz/rb/Pt8/T1b+C//M7w/Xx+vV/v2+PX6/j+/9t9fQ/39L2//ek/vw+fr/fbl/LY/X5/vf//Wsfusi9fy//Xsm+PR+Pyzvmyi/vxX+/H9/78/31+/wh90/t1/d97/X3/fh8/u3/3P/3Z//3k/XB//C/f5+/V6/Vy/l0+Pi+P6+++dd6/t85hLV0Puff/Xu+3R/v5//P83zPz+/Li/b79fg/79bj7sff+8/9+fq//sk8fL+/Vdc/8dH9/88fTq/b3/74+vj+5+S9Tv/f90/L7/b0+fy+/x/f9h/Pp/fs+/ov/vA9/Z9/bH4/XO/n+n/v8L//D+/bB/3++vX/fN8/Vw/zlXut8vX+v785k1+/XkfW//+8y/9y/t1+48b17/19/Xt+f3F/cse8/a/0/Hp/bn/rRT+fj+/ju/PT/l/Xt//g//z//eB/Pw/v+//K5/fxc//hr7fP7/K+frq/p9O6pD/vv1/Xw/e2t+/D9mPv7c/ne/fv/jxLJ/3N87bT8/s6v/d//PU/vyP9/fg+vI//j2/Tx/XX9/xO6/e2/1k/58I74/i4/dp0ES7/b7/X9/7o50/V9/37+9yM4/9+/U//X//bs/T3/fN+va+2v88/fv9/r0/36x/+//X2/T5XF6/H3/1+/uI/7G/P1n+fX//B+v2/zf6fLmf3nF/PP5/f9/60/u3b875X7r/fy/Xvf/nd+/V+/u//HO//Pr/r8X//16/9045dv/br+/C/fTv/f3/P1+/bB8/l8/Hy/Zyi+v3n+/3lRP/fX/d/fG7/fsI/PR8/W9o/4+84fv7/nk/doP/nr/vr9/d889n9/Pqsr8f3nq/fV73q+/1w+/nL/fl8fD9/P4/Lv/Xp6/ph/vs/vY+fry/7W7/W8/k67/E8inff/uMh/f/k6/n7rg/rs7/rx/nLno/bR/3y9/69/qf/HD//Jn/fNpvu/C8fJ6/l1/32/XJ+3I+fQ7ff7/68/1fs6/b4/NpV/b5fVbvd/53/75fe/S+/nF/Xh7/Q7ri4/Ko/by/nB/fj4/A76/e9+tq+/K+f/s/P89b68/X+ji+/nT8fb1/337f76/Z7/Ku/3B/bg/vT+fc869j1/NR9/D9/Nx/l3/3y+/6LvO///q+vLm/fOfO+fR9/e+W839r3/+4/d85e+/1F9/n+1nv9/Y8vF1vXzy/1r/l5+/yJ8vP+f89vn//bw/W4/WhXv2/Q/92/PN9vL+/xw/xy/WN/vG/fX/fT8f+8/Eo/XJ/fqz/H5/1yVw/t+/tg+/W/ff6Wh/Xm/3Z/78V+/dx++/q+8/D4+fS+/Yv/vg//z8PP/Vt/71/nr33/N63V9f7+fZt/PNX/fR//h/Xs8f57fJs/XQe/fa/fl+/g7/u6f+3p6zzv+f8vb2/l//zm+vC//m+fj73A8/t5x/h9/nP/Xx+Pu//R7/H8/3Pw//U2/3i/3/Pf/ms9fSs//N/v//nV975n1/zxDG/vlX/3d//N/B/nG//h9/M8/d7P4/zk4/X7/HW/vfv/uhzPk/vF//c8/n/x+tb+u+nw/3y+fr/j+f64/vYm6/v+/X8/Osn//+z4/fa//w/XlH/PVH+/rD/PWv/fs/7x/vf8/+9fF9/nqT4/PUR//o+PLLP/f6/bP/XR6fz//NK2/9I/ftY/vX/fq6/LX7/bx/O4/f4y/vC8/6+vh6/30/D3/pb/PA/fvq9/z+/Hko/vx/TvP/3a8/15L6fn/c7p+982m/XV6/z+//e6u//t8/P4/M/f3mN//Y8/34/99/my/dy/eOk+vU/fJ3/nX1/HFX9/3Gvf/Kt/92/j9/Lt+/82+zon/UfeT/3S5/u6j/98p/dn3/X5+vN859hx/a6l+ef//4q/v6zDveI/7lff3B/Pi7/8/fv5/Pf3+/f8ej/rI/XC97V3/YG/fg7/tx/T1/3oi/bY+/r//l+fl9/L8P//33/W9H3Xo7fP5/5k//y7/vA//3+/7lL/XSP8fP744/XZ8fx8Ohv+vw+fU7/j+37mvE//O4/B8733Puo//w/Dh/94/vU8/9x+vf//F8/Nw/7z+fO+fs//97fv8/m5/Lt/7U/31fv/v7/9w/33/NG+5+b7/P+Zfs2/7T//BT+z+dK6/73G5/h5/dy5+/l+/q+fP2t/HJ/7v/bs+/U+/msq//79/9+vD8/7y/T4/Vt/PKf7/L7/e8v8/WG/e93/fkN8/I7/3n/s/39fPds/L9/f/33lq/d34/R5/t+/vc/rWr+fez/H/4//7/79//O+/H/fdj/vJ//de+/B//zW9/l+/WT/efm9/p6DXczJ+/lz+/75/l+/58l7/lL/7r/XE+/F8/bzvRp/7//Lz/7q9fX+fd+fd1/H0/bk/3z/+Imy7s/35w/5z/J4/9R/f9+8/PI/nuvQ/tj/Pl+p+v6Xh/nx/vs+fY+/6x/+//B8/3k/PN9/j5/7LN/3J7R/nzfePb+3E7/M+/D/9/O4fvt/Hz++vC+vtw/zu/7BLn+P2+/d6/b//Sp/LxPb/Ls/Pe5/vkY/Xjf+/m/fiy/66b3np//d8/U+9/lu/PN//0/vS+/n6/a9/G4/Y8v//64/PP7/L/79/e7/b2/Tw//4+/n8//g/v3+Pe7/z8/jGvy9/Xx5mxzW9/iu/ueq+/++9+3J/PD/PL7/rP2/N+/l3+/8/vN/PS3vn7w/fq/fk/v5/e/M6w/91/PD/U9r/7/1l+98ja7/q8/75+f76fT+/Tj/9k//2//at9/y9/fxe2//9+/5++cy/fldy+fm+1/zU1/jEL00n5bv8/f56/Mo/L0/r0/7B//08fT8/17/H1XXZ/199fWsw/d9/fJ/Pu/X4/fW9fk+fjt/37d+3Z+/jp/N8/vS+P3/fj73Dk/3g9/t+8dB+fvq/n8/b5/92/j8/4/re//A+89nw/d1M7b7P7z/O5/X3/VY+vn+3p6/2+/7b7D2v5x/nbw/69/3HE/fh/3hn3V//J7X38j7/fnu/90fPni/Xt//5//xF//s9x9n9f/31z4fX/7+v7r/vX5/94/D4/1x/XJ/vVp/o/kO+vp/vX4/D+/d7/eF/nQ/3g/Xg+/W94938/+w/X5/PX+q//iPo/2O/bl/XjT+PTuU/fR+vz7v7ir+vVmPvrL/n27//fy/7w/fw/n7/X5fd/VO+/o+//1z/fKu3/OB8vD//11/r4z3fl/rl+vV8/H9vG7/G8/+8/2l/Xk/vj/PLHm//z/7q8/3/vWf+/9I+/eO+XL+vVg/rE/35Lz/dk/fv/x4x6/3zsX8fdwv26lzPg/739/T9/294fL9/vq/r2/f/7v7Pr/X65f3//u/fvw/rZr+vjy/3zf77L/3I9/0x/uj/cu7//m+fJ2fn/u/vt//+53/l+v396/34kz/v5737fr/nH/f5c+F87dn+/O3/fj/f9/fH/fl5/bt/7h//rbXx//h/f8+fb//v6v9di/7M2/n7m/bp8/B9/5p/L2/Xr/33+9gF+fs+fW//71/f8/h8/ln/7v/7x/3Swb3bG/v+9fb9fntj8fB+/8/v15/V8/W8/OT/n//nj/bd/31F2/e48W6bt//6F/Xh93ze5/qx/fU55/Oz/dK9/fM/5/Fp//0szbT/3q/Pz/fT+/R//H/fN+/f3/e739/jp7/PJ//ul4/f0/W3//W/vY/3x7392uw/fd9vnT+f7k//X7/9O1/f973fqP9/3fr/+8V9897w7/Y9/0u/u2N///+3dGP///S5f37wK3/f7/7S5/fy5n2vY//+7/zXRD+/B7/R8/L4//M+fc//X3j+vEc2x/tz+/a+z0/l4/7k//A989h7/wr/z7/Tw/Hx+vI+frOl/vp+vb+3DO//nv/Hh/Du/3K+3F/Pf63y/7773/7z/1i+Xv+vrD+/XcJx//wD875Rx736z/G58fb96d/6991+V3/Gy/rw/t9/Xy+PL7XD/7zTjzPe/mel6/v+/9M0+PC+/oufTg/nz/T+f6/fauM+/Tf/Xu//K6/x4/R2E/3u//X899zLh7/N5fP5/t+Lu7/K+/V+/H4/3lsfr8/Xw/v++/i/vm9/d6/D6/Vt/30+vp/PjG/ff4/Tl/32+/D/vO8fD6/yKX2/LB/cf5f//8N8/7z/XIfp/Xj/P6+vj//k+/46/ub34/bJ4/x+/Js/ns/32rvfv4/fC/fHSG4/T73D5+/zx/hz/lb/XsPfvP/fZ//++ve8fA/fTa/nJ/3qy/2y/etx+Xf+3E+3J//Y/rz9v/riL6/bm3/fl7Y/PG9v6y/7bd/Xt/rp/ve8fg+fHdck8fl5/eofPu45+vz+s9XL8/Vr+/S5/3r/b9/vvX//rf7fr0/nlXQ/v76l+/149n/XH+3dJ/X36/7D4/t8fv6x+vG+vp/vVp/7w/jk+fX++9D/fh8/36/fxz33//95/z69x/T6+NY+vS++/cu/rkvffhu85/Xm8/1+f4f8/fpf1k/f8//2j1fOv4+/l+/06/5+/0r/t//PPcW/PG/faz/zhH//V0/ji/th+f6+fvsj+Xv+/e+XDO9RBz/kvf8vTS/HRrvfPO+PLC9fa7/68/Ow/Va/Z9D+/84fbsPO/r+ft+/O1/L+/3G/PBfff7/P9+/56vrPvj/Ll/fj/fM8933NmPY85/v1+Pd+48xx/OV+v1/vH0I/Xh//u/n1+/z+/t+vDw/f9XLY/vF8x/Pi/vI//3//D6fP4/x9/Ku//w/3L//t9/n/ftcn+fg/fu+/32/f8rW8/If/PUPffdt88/m+/0M/1/e6jHsfdg/f0//l/ds8/as/D3/7Um+/Xif9/X9vf4v33Ph+fK+3be+vr1/6yX3fN//N+/9/f5M+PLfr/f7+/cQ8x9Z+w/3V+vW8f09vz8/He+PXfzPe/k98fatw/NJ/3k/PubO1/fd+vYv/v4O4/S+/Pm/fwr/v87/17nzd42zPx/31/7v/uPD/Pm//B6f75/+7fto/zg/75/rz+3l+3h+fA6/r7Gd/b/b/8fx9/Zs/dz/7s/72/92Tj/Xh+PX+fDO/vN9/Z2/j4/V7/+x/bI/Pc/X/+/B+/n/fL8/P9/f5/v7/P5//Mz/94/R6/t9//s/ff/Xg8/A+/v+/Ho4/v3+/n6ft5p3Xv+3TW+3dz/e//VB/fp/Pt/X09/a9/0u8/o7/nif+sB9/B//B8/h+/fD/Xpe3uvee/0ofvsO+/M8vz5/F8/92/Tamvw+vQ6f96D7bR/3j7fb+/5v/PPO5/fey/We+3qu+fz/vK6fP+/K+/X8/LV/v+X/5//k9fWMj+Po/XL/Pr6/Jt/Tr8/X+m/Tz+v2+fj+vxz/B//u5/1j//V/fez9f25/N8/X6Tj+f97/HWz+f3Bu/3u/vy/vTR9u8zZ/Uv9o/dn/XiPr//vv/Py/Ps73Zsn//A7/h7/N+U//po7fL73zPa/3+7vTT9fj8fXf1XQ/fP73x9jz3VPp+fj5/Xhfr/O8/Xw/Xu/3yoELZ/MN9/I+/H6/1i/3SxL2vf9fWZ/o//PqlQ9Bx/fy/f3u9/a7/Ng/9nznHfo/D7/V7/Vr+9eR6/t+fd7/v/Qe9/Z9vx9/F777LL6PnfX9/d0PW/z//P0/F6/lz5/P3+3n/Pj/vD73v9fL/qOW/3X+346/t9zj9/s8/75/3N4/r133fX/fw+n1Pi/Di+PM+P7+f5+v9zw/r0/j6+7VP4/L5/Q7/SVSP/dw5fNpfzgPvfpN/e7gzX8uefe/v33/39DG59/g46fv+/92/68rT8fH98dv/fm8fNx/bt/Pw+vL+/euf/1sfr0fu+dZ+/e7ff7/P7e/Pe//e//e8iRP/v3vt/3Y/3fedfktfLg/v16/rX/7xb/7pB/nd9/9x6H/va7/Rz/d1+9a/vv+XL/f75b6Pn63O//955/5//dex/3s/fd1rz6/rxHndiN+/PKs/r4vPfr/npu/35//53/Jw/lA/Hm//b/Xp//09fmt+/n/kjtf3W1CC/fws37POt+zu+tI+fk8vHf0+8219w/P5/F//HS/nf/7Oz7/x8/R9/Ko/fhvu/Us/Pvd6/a17jn/7+H8+/0++PiO+vt+/v8/Hb5/10/F4/fO3/dW/f6fefP6/fqPZ/Xo/u+d7/v5//m/d9/rw//+/vJ/f77/ZyPa/16/1//94f95f1l/Pg/7v+d/X+/M8fV+/zw/O9/a+/dC+2n93/vu8fk9/zJbf/t6+/U/39e+vrx/+//p/t/7D9fq8y9j9+7712/Zw/f8j8/Zd//7//F8f93/L4/jq9/D9xd0v5y/7E7/V7/i//p4D96/9yv/3h/bp33fffC+/S7/v9/m3/7A/Xg+3L7/M+/F//Wg/3A/v28xs6j9tu/Xp+/crj+/i5/97/WM/nQ/f+3/Pz/nmrj//h//x+3V/vD+fD73k5/C3/b8/f2k/ff6/f8mh/P4+3T+//Kf2pkdx/tE/ZJ3bW/fx9/R9f79//Md+88b5/7o/7w/7n/X7vE/rBj/nT73xw/3uo/nr+bFW//g/fu/Xi/3N8/C//n9fbm/34X/efk+vn0/t//tz/P599967n99oZ2vHOsSpD87A8j1PYz/r0/ny/f3/7w/3pv/vu7f/6/a+/r8/pe34fT6//k/K992gO7/29/C+/Up/vqv2/V+PG+vTfa/fs+/k8vzPsP+t+/63+tU9/dq8vn/s8/5j4//8/76/utb//k9/v8vm/7v6fTv/vv/j//3D1/V6+tY/88T1t+XT+/i5/Ws/Ll/vm//u+3T/90J5nyv/Lm/vuHPf7N/75D9fV1/3I9+7r9Vi+/I+fA/vB7/dWHNz/t7/rH/3L//S//Y+vT+fmw/n7w/7z/bk8fw9vj8/l1v3fL/fJ/Xlt75rl/njvu7fL/P3++t+RS5x//78+pr6f2/z/n33Lzufro/b0/d//9D/Pq+/TfL2/fB5/ts0/fF7979lv/jt//wFB+PG/O/fu7/X4/L7/ro/X+vPD4vM/09/7Wv/rm/fg/3o//B9/f+/a+/V0/dz/3Q/58e+/ful+l/PS+J9/f8/ttX/vn8f332+/iO7l//5pn/187//v7vHPMT9fG+fD0/u5/T5TGr/nL/XZ73k7/zN6/V4/qJ/Xi/Piz/O9/Rz//9/v74q9/C8//Z/gK5Pr+/29/R/mkojT9W/fa/fV3/T1//x373q7/7jH/bs+fi//s8/70/fB7/PfX9fh6/xw/X6/fr/f8r//0O6/uX8/t6rv0/d+/nmv4fv6F+8/VV/Hj/3J/XL4/a8/eSF+fd//Gt/nt/b7/X4/fp/f9/fD+/H6/73//Xv+3s37Nve/d+PT7Xd5jzv1/99/Xj/Pw/vb1/p4L3XTO+/ffo/Xz/fhv9/W9w2/fYq//2B3+fnXqf+/eo/Lr/9qj/3J//j8fu+vlvfPUu//m/vnr+/X4f2w/l4/X+7n5/ffu/PE7/xg/X0/vs/j91p+/cT+/l7/a9/O+V+3N+vL+9fh9/x03378H/nVr8fbz/XXcfc/Fs6/We+fP//DP9LDzvvvg/vi7/zTO+ig/T9+vK+fk9/96/ex/rz/FI/7FffnH/rpoCNnp2vx//a9/10+NL/P6//L6378//8ff6fu21+f39Z7/+6/X9+Pje1G+/bx/11/z0zBT+vq//D5/z0/d0/vBu/MvZ/vJ9fjT/3P/nX8/b+/v//u4/96/B1831vH/vP8/n+/WdE9T572/vD+vx9/d8vB4/f3/R86/Zx+/x9/7Q/PIfe/u+vB7v3Hu/fl//r/f3Ltq/DkHtfD6/H//V77/m1/Pl//l9/Xsu5Edeh9fL/ft+wx/379/+yy/L8/d9/38/rX/nZnp/rhf+PD7/9z4/G0/34/eE/fMp/f+/Xk/fP7vyfdP/fHn9lz0/nz/7ir+/P+Lqt//S+P/+f3//jh3/j2/r2/vl/XW/PN//tdvvc5/fx/lr/bV/MB9n7/pf/no/nS//uU+/K+/b0//7ih/3d0/3l+D5efB+/f9u72//2/PG/3Nvvfh/Xo/bl+/g+3u+f67/zDz5/p47b7/3bg//k5//D+fF+/WA/XA/XeL/PjXv/rU/71/fF9fK/vl9/neR7ffsfDq/dr/7w/Nu/68H7/f8O8/y//F9fj2/X5/Zz/X5/ftK/PZOn/fU+/cG//88/vu//v4/O5/lx/fT//W/ff6399/F4/MtoMid/nk//3//tDG/Q/G1/Z2yvd+/Z6/d9/Prt/PY+/d/3q3/nz4/Xy//1/tu/v0/fF1/j9/6//dkx/daD8/hXbyPtfU+f31v+vA/v56vX/3+4fvcyuwvXPg/P9/Xq//69+ds/8ds8vH9fFk/zkr+fum9C/6T/fC/Xj7/l+fN+/J6/fV/ff/3L9/154znffI9fG3/P4/b+oj/vq6/87/d58/X/6+Nx/3W/vF/f/O8/a4vX/6/Lh/fn+ZSJx43I5TGKzl/PH3/r8//pN/3G8vf8fh//+2/F1/z/+Ni+vd/fe9t+f49fH3/75/z3/t0/nz/XS//fStx/P2fz/9Wm9/T8fL+/O4/rxD2vzK//q6fykvB/X9/vq627v/38/fq+f1+v26/2/fD6/ou/tn/Xp/34q/vVno/7n/7b+/p/vZf4+94//8wp8fL9fUdQ9/p/t998/9k//1+/T6/p4//5/Nc+v8/3N6X74ff6/98fO/J8/L9/37/f9/r9+vj+fH/Pj7+f5/fd8/axw/V9J+vX/w/vD/vV/75LLE/3r/3u8/pf+ft/oJ//G8/1x/zy/fyLPaPd/Evfr+/90T8/b//7R/nr/HFcflN8fF/fP4/V6/W6/Om+z97pn/7B875Tf+3zDp/Py/71Ju/N7/t89/E1+/79+2c/3hu865TtfD6/b1/tg3v7vv/3b1/rzr3nz//j8vzj5/v4+/h/vp+vN5/L0/V5+dC//K//Lz/Xqn+fHXi/8eD9/07/bx/rlP+f9+HTvlfW/vvO+/o//5+x/G5/rN/vPw/v24/Xrp/b8vPNn/7p3p8/70//k//5q/Xa9/Wy/v9b7/30+fa+fHJ/33/rg//p9312P2+/h6/d6HLffFN0/Zd/fWf+PQP/19z5/d+w/GL/fa/Xd7+fxw/e1v3Pg/7j+/S+fV+vd3/V7/W8xHXevf+ve+/n76/zi/bx+/e/Pa/3m7/0+/Cx/1C/n//r+/bP+/+x+fi4ff8fvMufrk/X7//S8n5/j/fE8z5G+r3rV73q2/7//az/uv2+++W/3B+vH73A+/i3/tm/bO/P//nf+fT8v5/fe4/B4/T4/XZxb87p/vL9fRP/Xp/3S/f383+nT5/Ow/b2k/7w/988+/r9/Ts/Ly/rl/b6+78tz/e3/VR/36/fN/Xr9/L8/sc5TS/XVvV/ne/vqTfm/3J7/lr/nb/nO3/H//n0+fG//1x38/xw/PI/a+Z/B78fjw/7LL/bJ/b39/d/z+N+/vv+/0//N2fPfa/fH+/H+/76//z88+z4/u6/Oc618/vP92/T43P3fFj/Hr/nhTpj/K6/rM/PRzfXPZ/vN+/D4/w//s+/vy/To/b7/tO+YRppHH/Pq+/po//r//l8//Z+d/38/ghI/uL+/Y8vH1/W/0o/3A+3X7/zB3/H5/lg/Ps/fm+fiz/R6/Rz/5e/3a/vU//O+/5rRw/vx/T56fb+fXt/jh/74/vkv1/tz/P+//kB8vD9fu+/28v77k/ni/n1n0/fr/fJ67zp0/fh//kX+vX+fNpfOc0/PSv/fKI/fr/fvt/Xde4/ru/b1D7/3SO//q/7Z73u/Xjvvj9/u1/a9/793/0kt/7lQMG/P4/7H/nH/71Lzj3fqDP7/kp/zj/vfmk/f0/afNr/9q/t/+bxh/9m+fu+58g6/G9/ts/t7/97+509x7nnv0/D6fr/zo/rj/vv+/4i4vzzyvvbo8p+1y3/vZ9fnZ+/77/e3/d+/F9/be99/oq/Du/3i/ty8f59/45/N5/T7jm+28X66P8y/OR/vF98n4+7f37fblPMfVfw8/d/99X1/FR/HSxYz/R2/b8x9/y8ff6/Le/n0/35Tv9fTzPa/KJ/PJ/Xr/Xb//xe+/L6/2+fHi/dk/tfLt/t2/Tt/fq+3w/fL6/1wT/XY//g8/Ux6bufdl/f9/to+vg+v5/v5y/3fz/ds/no8raIff+ft6/8+zzx+/ze9/lF+fO/faf6/eYw//6W9/K7/PA/nLfa/qz/YeN9/25/vdvvPj/9s/Nz+37/vo+fH/3T5/C+/FP/r7/Xz//2TU//l/XB8fh/vl+v7A+/bE/Pp/fR+/a22/W1/X7n7I9N/d1/3h+vB+/E+/67/h+/N/q+499599C+69K//Od9/Tu/Pk/p+fJ/942u7/p3/DndvFufD7/N5//0e2/Vun/XS//Fl/Hv+va/vI+/bj+vr+/J9zz3Z/fO/fX/vK/fbVQ//6+/v63zB5/nb//n0z/Ht//R3L9/G4/lk/Tr//6+3gO+PYPh//Ey+X3+f4rkj1Z3y/7Wf4/lx/3l+b7D73bx//r//v7/fB/XFz/3H6/qx/W4/nf/P/Pu3W+3E+/z7/Rm6f35f3u/Lq/t7/HnvL8/D6/16/92W/7E/fg8fW8fL6/r2z8fu4/tx/Pz/Z8/P7vevP+3z73q9/Q4/N70/3N+3m+fj63+8/zdu3Qa94/Hsf/vtpf/Jfo+v0/3363c8/7N8/VxT+Xb6/14/Bo/rg/j5/b8/Pu+Xz/9/P7+fcr//g/Pt//W9/W1133e6/D+8fD9fW+f3f8i/fX8g6/c+/p6+50ntK/Xzb/3W/fP4/7TW//jvgYGN53vet+/foufnpvP49d3a//uw/ru+fT/96ez/3zL83H3b2/Xd7/15rTPvY/PV//dz6/rx3351L23TeuZ/85fti/v4b+Pafj+n+Tn/dG+vW/vX2/lvfXvffF//M/f3ea7/Jb/vt/HV/XE8/s8/Zb/Xi//m/fR+/b8F93o+vX+ve/vR0/m1/Z++Nk+/h/+ftq7D/3JNLyE/1v+vS/vP63DU/X65Ow/Hcsfjj/ny/d/+tX+9u3+vv8vt2/L4/Jx/Xi/7B/fW/f/8vH/w9x7/Zs/fWR/HM/Hn/b0+7Rr7/r7/f4/bxfPXb//z/XR8vO+/Q8/d8Sx+1B/7+B4r/rr+/k/fR+/Jq/L6r+vi+/P/Dz3u7/69/m8sv/Xn/Tz+9+/PSP+3t+X773R437N0/9o/x07C6/7937b3Q/XV//g8/Ux1/fx+tw+f5//P4/Vg/9m/38+PX/v9X/vVy/9n73Xy3/r6rne3o++vW+vO//jOuC+z9p5/W1/HV/Hk/fM/nx2fI+PW+/M9/A/Ap3/H6//0/Xl+/T8/UB/Xa/Xk7/B1/a8/b1e//s45/V2f63z6/f7/Ndw/9m++cfx+j3/t/3mpfR9+t++Pd/vx+fD/f35/It/3//1l/b/d6376fH/f34fPNJ6/d25+NW/vL+3LvofTi/3gn/vi6/u8/h4+18fy3nHXx/3ZvvuqO9pN55PTT/X9v5fPe+/Pr/c8df8/tu/9z/3q/rF+/2/ve9fVcD9/m9vD//Zw/V0RHf9/3ofT9/3H6ffPJ/7W/v39/S+/dv6/q4//m/jh/Hx+3UXf0r/eON+fS+v2LJa/3//88q+0//HlI1J+d85/KP/vN/7hj9/Gw/Z9/d0/Z1/dej47/3u+/u7/2++5l9/nx/fXM+/HP/rpv//x+/HP//77/3X+/S24/l5/vp/vF/PW2vnz4/Di/vi+ryro/77+3n+c/+6v9Fr//cs5/q8/a9/9ov3fk/3zmk/HMxlij/5flo/buPPX5/fy32/ff99/9Y9x13nc//F+317tzo/P/oq+vX/Py+vp1/e1/F2/tL7o/b68/F/v//d1w/v0n/3j//6x3HPPR/HY/XO9n5DkLfe3L/+9ayf3w/T8/RyP//TrE//u3/90v5l47zL5z3e4/lw/Xw/nW/PFLvS/1g/nS/fnA//F/XJ9/b8fdofN3/PXw/X8/n89/k829Zw//ln/fW/Pp+3J7/jnt9/v1/vN//5/39VhjLE/FD//e/rNPR9v6/vHGN/PAvfNv/dg/bB8fx8/k//Ufb+vv9vZ3/Wy/t0/7//v15fLb/ve7/PHL/HW/fu9fU/vO//XtY/fF9fuy/h6/96/a6Tp+/T2/X2/f4h/dI+vk/vi6vtHk/Prx/Lr/z8kP/r6/3kx/rx/nF/vK//2n/vk3/fkrfPbe/vv29fVw/hz/Jz/lC/7b/fPS/fVL+3y//w+nznX/bZ+/m7/Gs/vYW/sK5e6/e92/bJ6/v9/Co/Hh/97/z4+Vn/3w+vb6/3x/F3+f8+e/a7/199/5u/+cN5N6fP6/K5/7//n3/Pfh+vr/3Y+/az/exiFn+vq7/H4/Z+/Gv/D6/rh/rD+vZ9c9/43/9x/HM/HD/XK//hbeM+v/7d/fl9/WM9iX+/T2+vP7fd//K7LL8/7Kv/f6/nJ6/c+/I5/Nrfj1fP3r+Pb2898t//v2+/O0/G1T1/O4/x5/lt+P0+Xzuf99/j7/Ni+3n+/0q+58s5/Q+/3bd/sI4/11/r6/Pt/38/fTzT1f+3zWvg/fbyp/Hr//63nP/vf9v3XM/b+X8vH2/Jzn7nj/fFb9C+8vv+vL8/Xy/1/t+/Fvv3fe+04/l+/3r+fd/fI6/S+fr7/Cs/p+G+/mp/r1/bO/vZ83+rzr3Xk35m+x8nV1/TJ73jL4/907/vfe2/3d/X+/7r/7+E67jffH8/LW/7m/3J8fZ4fn+/r8f258zk1z328/N2/Z216z7lz/d1x/L6/7N/fe8WRy/Dzn319//k60/L8/Z0+d2+fR++ff5/O3L/PK/Pw//6+fz9/O/fv3/Ll/virrvv/G/vmvd88tG879D6fDv//m/b3/d3LK/f357/93/31+/ry/J29fy+/O7bpXfk/XP/78A6fP55fDu/vp/3nW7h8/m1+/j4/Ap/Lk/3Fq/98/vPPf2w/Z5t2/Rxy2/Fyv/3Gy/O8/24/N1/bv/PZ7Xr6//6fP7/O+o+/5e+89U0/NF+fO+f1t/D4/9iH/bx9fI8fA/f5x/b//e9/VZ/fOS/rr/XO/vv8/G++9Y9/ku/j5/rV/rlP4o/n4Pd/eh17/L/f78/nvvKx/Dy/Vb/Xq+3y7/Dx/Lw/lF/csP8f4/f29/1x/b7/fV/9vl+f2e7/v18fy8/nXz+PY/03m+ZhS6D8j/fk/7uQ+Pzbc/btD/vh1/G/z7T43/vp+dO8fe8f28/69R1/WU++c4/Pq+vo+/g8fH+fLr/vk/b5L8Ez//0Aq5f/t5/PS+vaPA+Pv+3373m6z7v/L73a//Vo+fL5/n9/I6/D+/D2j/XSy/B3/W5/9c/eOE/vw+8/96ftwfuffW/fa8f3Mufr9i8/Mfl4/g//ou/bz/b3/7g/NG+3xuf9i/r2/3U8/k/fmt8//1fz//yN6/N8/d7/Su/z8fOv4e+v7//Td/P+H+PLXyt1/W6nse/68n8/go/7h/dk/X/6n3LfN4f3h/vz/36FPT8/Ss/U/7z/GY/Xb/v//7E/7+R7fz+/i//X2/3ns/Hv/n19/x37T3649Tg+/si+Pn+fO+3W6ft7fd6/2N8Su0Xn/7+g7/TX0u/fF+/dwfvn8/s/28/WQi8Y5/K+/w6ffr/n8/D0/7JX+3o9/Q8/8tfjp/z4/nw/fG9+9h98d+8fg9fG1/ls/P4/v6+vq/3i+/pz/l0+fP+frOs/3V+/k3bO/3s/7urvhP//+yysv/j5/b0+/L+9+bt+fn/9cN6/S9/rq/7r/3d0/98/V0/feQ//c8/vS+Pz63P8/N8fL8/1g/N2Paw/12+fx/f398pnHnfPw/X2/71f+3jb+hu+Pd/vI+fKh7//D3n53Z3/Z1/feU9f2+fN7vnHv/Hl/r4+PD+58t437bT7/xgTu+f3+3L9/zk5Dpj/96/3t4/3D+fd73R7/tR9f9/1+vzVH9v11/11/F6/ls/XO+/pnvPfk/bg//tw/p1S/v19f5fl7XX+zzv7/Vw4/p9/e4f9y/z5/7g5/f6/tD+/7/Py6/bnhSuG8/E6f23TX9/94/3r/v1+zyDh/7i+t0+f74/XJ+PC3/a//Vw+5ojO8yi/tJ+3B/3X/3A4/rzre/XN//E0/l17/o95/J3/fUvF/XJ8vNJ0ON/Hn/PU/3ky/3W//nz/eRX8/+9/t//fp/Tj/1g+1t//s+vF6/d7/38+/U9+9L6/O6f/6/99/3j/b7g9zqfPEv6h/dm/34Pz/ay7W6/7Fvff65t//+z/pl/ffXP+vp9fa+v77/3t+fzPf+PT+2OP+ft5/A+vLH++cO8/We5VX81bfM6/GW/fGr/v/w9xqVCvUo/nw/XN/34+/K/89V3/z3J3/b74/+6+d1b+3+4fJZr+/a6f7t/Tw/H4/T5/fp+fvffvc/Hx//unJ5/uuO//8vcfs/fm5/X7/X2/f94//zi5/fd+3zp2/jD//m9pFhfzu/dm//yr/Hk+3A/vYf/8897/tW/vDfe+9B85dz++9Xz/9Sj/78r+/fM//ZP+/d9//o//MfL7/N//u1V+f17/14fLoffctu+vHv8fb9+8cf9/ET/P9/7K//ul3/Tc//Jn/7X/fp4s/rn+7+3937m273a0/29/lt/bM/n5/70//E8/m+/XN4f3PN+wunvb9/utL5W7/J0/1c/3R/XafJ++8/5fTv/f//fh/dh+vU+PV+P86/p4PfevIevr7/N83z25/bw/eS/m/3D8fc9y9z9/90xL+/W9/q4v73jA6/dPN+/P6+PS+s/+/+M8/i9//E/+//N+z1ro/9u/3C+vGc9/W9+fg+vX682x/+9/ue/XR+vB5/9w/10873avsvc/kr/Xi/zi/n3+/UM8fc/fYt9/5K/79/HpX+/db5/D6/3nMu5/9mB8z1H7rHOfE9f24d37/B9/H//3r/z6rQRfm/59db+p9fv+fG+8/37/M4fr5/j0/b9//c9vK+/b0/m//e5/1F/r3/vNr/joP/P536kB/368fN6f/4/rvvM/Ho/H3fvest+X7+Pj37i+NR+3KuqO9f8erf9q5/Ht/3x/tp+fA+fr7HrfO/PX9vXjm/Pr//8b1/vs/f/6/k8/r9/9q/Pp/9k/V/+Pg/3D63h5fv7/g4/sei9vh/fz3fXft/39b9f3utf9k/32//w/tJ/3TP/h9rh+/R+68zt+3KXfi6/z9PN/1M9/Pq/vWo/LK/T/ZF/fG/PnOa/58J8/F//N2vv7i/Pn/fz9fd9/e+/f6/fTnr/jm/nv/tp+PX+PKufNs/9kXuffi/3i/9ym/Xj+XP/PQO6/R5/PnG/fWV/vL+/dw/js73qx/T4T/LJnl/r2/7llcH9fN6z/ZL/fT/P2j/fr4/Vg//G//W+FX//T/3FoFyLyTP4p/j0/7ITH+/7q/vv/z+b0/Wx+1R/3k/P77/j78f382O7c9zm833Hlz/r9/X6/tp+Pe/34//x5TyP9+3T6/yz/tv/c9O6/PJx/vK+f++PT6/Z6//ki//S3/Vw/u1/v35r+X//v5/Pb/3P+/P8/Mo/fl/fl/P2//g1//48/a6w9fn6U//OOwPHvx/b5X8fh8/J//n3/VW+fOu7/tdJ4/N4i/98r/3x+ts+3jv+vz+fzO7sjb+/rW6XPkP37I/T/lH/vr5t53q/PE//L1/F1/fy/3z+31+3S3/jxT2ftKvef4/Pl+/be3/F4/7d+vf8/a+vJ//J3/Zyy/f/8vz+/k/f2z6mwH3vEzvVfat/fLe4/VH/7H/fV7+fx+/+6/I/v/3bRnwM//G//p/Xd+3L5fH5b63Q4/W6fv87/k5/zr/353/a5/l3/Om9/YI/Z/d1939fnev+/jP/7T//5bU/nf/ne/3es/34+z+Pl+fv7/n9f3v4/tfm7/n6/5yby/Pn+/y+3Rf8/54/btve4cr+k/3ez739RT/Yi47rri+/TWf0/V+/vs+/h7/l//R4s/ny+b/y8fL5fTr/PaC/f0/f90fPvt/vU/3b8vP/fv8fL5/b0/T77/t4/7ar9fP//b6/PFC/d9zc7/B5/WH/f//HJ/7U8/9Kwb3Xg//J7q/Lt//r/3x/vw/f5x/7x3HvW+52/9y/3vPd/dT6+/UF9fI999xRhP/vJ0/v2/f9/e1T5z7n4vXpB+t1/U/efnvf3t3/r1/vO85/Pl+vDm8vHf+f1j/1q/74/9mV+7+jY//k//r8/2Oo+Pp+PV/PDm6/ts/OP5/fG7/J6/m9/Kt/Pon/fWPe/fsfL0veF1W/nY/fUK3nD/Xy+z57w/vb9vJOf88fHsE/fi/efi+Pf/njbH/fJn/fm4/h7/Zy+dA//g+vC6/P1D3P2T9fm9I+/4+vz8/nT8/t8/R7/m8/fWT/f2A/Xu+/v7/775PW9cU/ft+f35M/HE/PF1vWfevb/u5/HLex/fK+fb4/P+J/Hc/vP/7JWT/fa0v7XAu/rrve3p3Dz/Ly+bfL+7rPXU/HRLf9/F8v91/+8PmGN9F0+fJ/vk9fvuL+/o+//UYmVM8fXPo/Sh2J//m8/s9fnw/76/rq+vL8fR8/PD9/Hq/Pt/Pr+P7+P/efv1/XBr8/nt1+vq+vL9/O1/xz/to/nj/nO/3i+f+//e9+vB+fLfcxq/X5//i8fHb+Xr/fTG+fDn/PAolGr9R8f79/7t/74X+fI/fP+3rt973rc9X9/3eP//e9pnz/3w/Vg7/9/77G8/d8/Q4/H8/9h/rz/ve//6u9/G/ft89b1D1fv1vHba/va//a9/L8/7s6/9a/+eh5+dm8O3+vK+/v7/N8z/dz/W6/vP6/9xx69778477Fx/94+Ny+/S+fjm8vaz/P4T3HFjP/3q/v16/b5D79fK8/m0/Z4/J5/pPJ92fH/s+3N63B7fP//p8O8/l8/Mu/fn/nz6/z//D/fvej3I/PK//ut4/lyD37M//Rnnr/ns/nX/rp//k9fv+/Xs0Of9+fyug+/+8889SyC+/j2/Ta+357Rvtfnw/jz/9qd6/vh+/D0/b1/XLH7q/bk/nj/fY9/S+/l+/L1/X2/fOJW05t8/Xr/vO+PD/ftr/vJT/+30+/Zi/92/92/1q/vWs43/+6/dR987RT9zbmf3/vmy/L1L3bt/+XT6/w7/M+/39/++dW9vH+fN7m/tz+38+PB+f/9/9Z3/qx/vh/va/7N/re+/Z+fpu//B/3D/XD8HKoPF+PE+/49zrHvfs44fz5/R5/d2/N6/3i/Vz+PQe9/A9fXmI+vl+vd76/vc2C+/F3/G//zi9fTz/6+z3Hdm/37jv/ngO3/daW9z5T2v3bej//bf/HE/vX/vr8fu+/Xe5tV+fb/jzfj/rj+vj+8+zz+/z8/t1/vw+/q2vHf9q//q//I/fE//m8rN2fP63K6/i8/7b/v3/btn+39+PrdcL9v9lv/30XXN/3E/3B1/3z/dN/3xe6xu/Dw/H6+/Yy97zd5/9p+NU+PQ+PTeSTXy+vvw/3z/Xz/vvu+/4+v7/PY6/O5/G7+Vb/+MZ/fp//y3/H9/h1/62/f1t/fX5/7J/eX3/P66/b8/k6/0f2673Zy/T+xP//1+/g9/k8/Oe/Xp+Pa6/9Z8/nY8S7fvo6/B+/1q/1h/Xh+fB+3x/fN/p+/16fPpPPfV/vb/Pr3j/f5f7f290+vY//y7/68/67/t9/3tv/P9/PA/3+/vH+fA8/b+/7x/j4/7//nN/vrvPO+/3H2/Ts/b/e9/Y6/t7/nM+fDG/3m/3c+f54fLo/vH/Y/W+/PPvfbi/3y7/Xi2/1+/G//Zs/Pw/bv/Xk9/m+/+8vXkO48/e6j//0P1/XLR/7Y//a3/Lz9/C+79s+/ev/1iPv2936//d/vE+fbv92h5/l2/R+c//Y8vX//29fbhu+3Zf9wi3dm/Xr9+v9/o/XgP/bv/7T//xr0/Xm/Pt+3q+fy7/M+/g7/Jq/ds/dw/t8/va9v3+fF6/X1/l6+/++/K9/XCu/N9n//YP+9sX/v788/q7/Hl/9r737v73T9/F6/eRw/vF6//8fLV/ffQO9/Q9/X2/FnHHdfBo/Xk/Pm/zsFTve/u6frmf3Z+1945/P58l7/77/T9/23h//E//T7/X//np/nl/nt/9s+/8ez1vn6+30/9E+fO+fM9Y99+d3/VB/Hj/7C/XD+ve9fNv/H2vP3m/f0/3Fo/fO8/I+/9ztm/d7//Sr+36+f6+3rmd2+fh4fju/d/f332/Xu3+3b//y//e7/Oe/Xu/f7+/Kw/2w/ae/st1859s49uYL9/p9fpr/rK/3I/fj/fc/0J+vj6/rvBu8vHsy/f5//A/Xraq/c+F7f3O3+/4Z+n3bs/bvOz/zi7P2PcPb/G5/O1t/vxey/7A/vL/e+OV+m+z9+fA/v5/PJ+/T6X7vlfA6/vo/vx8ft+/28n3b8/vs9fN9/9J9+/k/fz//B0vXs6+9I/XD/3+Vm/vi+PI/9uD/+p3H8/90Wda9/e3/3p+3M6/K3+Obw//W7/R/U+/x+37R7jns//tr//A+9sF8/9J7/W6/3P/Pz//v/f//fva+5/z8v63i+/TS+/ujetX/fa//q7fr9ff9fPu/L2/1o7O9/MOi//U/vq+Pu7/76/q5/exHbv38/NZ+/sQ/+uu/viv8/6c2/PC/duL/fH9vn8/j6/L1/RR2fm9/b9/1x/z5/ePNL+/Vo/T3y/3p5/f6/dw+3f+d/l96+9/k8/96rfM+fjv/fv8v79/ntz/jx/z0/uj6fbq/P2/338/d2/p1+/7X1bn9/sl+/R6/rp/3nbr/j//dnz2frjt/fON/c2zj/v7bg/rx/vQ9v7+fB7/N7/3+//+/PRv/bp7r0P/3Zzu/Mfr//x+fz+/J8n2va6/z2+/t4/A4yHEy/1W/f3p/28P0/VO/H7/n8/vW9vu9fl//1+/Ty737v/bx/7+w//C//h9/tt/Nl/nq+/+y+/278d4/fB8f7x/zh7/fL8/ny/t9/fRb5/G//18/+w7Pz//Z8/u9/R//PeT//E+/a4/h1/x6/3V/3O/Pm/7G+v+//+8H979R2/W7/dVr7/J+/qs/7Vfu/G+5fP57/o7/tmP3PfOd8V/3E/Xn/fh5/98/Ht/D6P80/e6057/br//4//rP8+78/fK/Pv/3bO+vn+/lfO+vh//28b3PWj/Tg/t0Ph/Ovx+v16/++/1x/6J/fN18vHf0/ZF/fGb/tte+fnsH//V+/f8vV2/P0/r0/v1/feJ6+/8T1/3jl/38/fW/fm+PG+/m5/a7/iv/r6/1r/bj/fOpHFp/PiPOP/+336/U9/k72/R05/tl+3Q+XT/f07/a9/U+/Y8/LU/Pd3fnftb+fXq+Pc/Po6fX7/H9/6i/Hx/fZXmmk5/7e3/3dG/Xm/3O/+Xf//k+2r/bt/Xr+ft+f5//bw/t1737q/z9+dN+v08/X7vX/F/b5/v28ft+/m+fl4/b7/K8/Vp/7//31Xv1Pn/n9/H1/f7Jm7/ntrT/s/959f9/yN/Pm/b9+/Y+9dF+w/V54/dx+9L/fM/PX6/v/fv4/L7/e9Q++91O1/9snp85/Xyfp+/b537X1/n5/7d/vu/vuz/nw/r5/30+vW+vE+/S6r99o/vl/3g+vw+/f1+f7//l//l7/v9/TrPup/9fd7/Fl//sHS+7N+/0//Rq73zbs6/dNn/PX73re//d0/1o8X6/9i/H2/7w//D/9+9f4/R4/X5/fL/vlw/Pw/rs9/H+fI+fP3/fx/+4//1//h//3//g+f16//6/P0/36/bg+f3//V/fD0v3nt/Pa/Xa9fq8fZ8fnK754/J5oL8f5zvXT8/7iD/np/3FE+/W4z7J5/Vx5f/vb1/ry/b//fN/fLu+/vJ//M/ft//lX3/Xw/Z+/tc+/M+vh//Nx/3LF/3jDO/3p//+//+8+9B+PN/vLK8fZy/X7qvOvW/+8/r9f5t/fPl/vS/bF73dT7/ro7s+vn/PSuU/58p5/ssfOur+fF++/w7//w/Xv/n6/fm9fJo/Lrfvf3+/HyvHnIe/P5+3j+3R8/57w9T8/ta//D8/T7/9w/T7/3a/cx1V737H7/b0+fJ8v7u7g/jqMdl/fw8fU8xy5/16/d68+Ok+a/I5/iq/r6/Lp/bi6f7/8do8fw+f97/P1/e8/l9/nH/Xu/7pN7/nWdP+/F+/f+PXft+/d6vrv59/r//39/vf979bHf6sU6PqXP+XjTM/3f/nVHLnL+zoG/rG8fw8/Z8vaw/7Yd94ftq/DqvPd+fj+Vz+P4OGk+Sw4f94fto69/rTR+q40w4j/3A/Pl/vN6XN+jzvO+ytE+Bx/7j/7uPaG0/68jmj5r/KpvfffuR/9ngD8z5b5HPf/ek/DJyvv+c8Nhv5G8zrQrG5fsmS5dt54rCl19LQ7eij3QM/hR4bPL0iwS/3+jdyvb8va0vDQUz/HT5CFkh9ufUe+Qo8AoE4sbh0kfl7sX5b9F0PiK4Xx/G59v/9+TJ/5t3L25k/s7u75HM//73d5uNE1xvfaEVt1ZpM4GVXdmm/af+/IDGE1o/12LfbmAtZJ15+HzfxbwuaJ9rtt1V2/pPZ+DPYHw/fm/Xh+XD+Xj+vVv/d2//g+96T07/N2/mz/NV/v3C+3v+/o+/W+/Z+fP5/v//t3/zk/ty+vk/PL6J/vX/ru/7p+/ej//Ql8vW+vG+fP2PhrspZXfvNP779+//3HOYnzb/9H290/r3f2FE4yz2/UDj0OaVd3+lMZ7fdXvWpJkuR8J2en5vmqTJZFfZVpppLUymOJ1XT9c/v2Nw+qsPP+/aOJ6vsyv8p03/PXkc8/cLilIqq2bXfvXd/55znzfRx1T+/50m6/dn/uX81dqff0BO9y/eexNb97c1E533P2+5TTlPfszh7s/+09/XQ+7VN8fd7/Cq/D8//L9+/6/2f/D93/L9X/P9n/P9bz7XwY2++GclPMYX/ReaL4P2+tLiTB4fuem4S3wufNv/ts7X77fr7fH7+XTvkNw/17ruEEFs/vXqIwCorXe9/ft8f3F4O7zbRp/JwjR/7T/7GQr3/vhvYt8b4K6Y6M+jY4Y+Qi7AaSQRI1YSC0yiz/fw83NzvIf2fb+V//VP+30eOE9d9pXn/pE613jum+3fTfBs8lSodRgzQv6/vGz/lG25fg/fz+/F+/M/fn7/D8/9k+dHpgjGS3o/fjiArkaI/b6/PX/MO/lCPvGDPIVL/xPQbg4fC/e2RSLhJ3NO9O3/a//K/gan/KHi3CMHQvFd0qgWT+H3Uf1vf15/dhD5u/F8/b2/XjLCY/LRQbcv/A+9vwz+I+Ci3y83PG/G+/softh0f3Qf9/fQ8vte8r+fQY8ffX4fM57XBym4vjd/vXfOfbAvEM43xlruZAxOBTL0bJ/b2/rvZPpO167/68/p7PtA9Wg4x4bim+PjftSqx8vx/+Hwv2v4rG/rR9/ozM7CN9oNExw/Ns73xqbemfv+f1j/dr/FixMo/Pw/3dKN9WmorP94HQ/3HSvO995Q4ImBAbc/rW/bJrX/rB/7HRvz9va9v21/61/q1/qX/rZ/PO3/69/a+hKjT8z1HF/rT/z5HF/r2+L5U/WKIt//fC+HwEzIFkCmrDsz3f+HiQ89p+FxgI80H6/cM0jzIXjOmDy/Zw/nF8vLM+l53Dj+rg7fL9n6oX//Xz73J4/zi+Vf+XP/Xtr5Mg7v/itO/vLfCsnwrBH/lYWD/3m/3mipB/reIDjkBXpfP+1A+JaeMb+10JDzG+j0M/+FNlu+/CWUAd/xXj6XT4njpXP+X963lI2k+poY/V43WBuVEA/p6TBHTQvW+vZ+vHed6KL2G7nWP/Vn+e/Y/rQ/KEPG98dH61h/1s73tif9/89R+/WbM1x/13j3PL+Xr8fz/ft+f3OI+3uveUQjDErr/rJvd/aA/rB/Xn7Xz8f96f1sfNv/H3/3g8n/o00if1i/Nv3fL0P2/vm8vm8/nNo3V/N4/3k/3g7fHD8R3/15+GDwb3Hf7+/g4fP4f15/d6/N4+3y/X//Xz+Xd+f39fd+f1g/1v/14/9jl3Mf/x0PtY6/2Y9DhLcZ/gl7f3q+68/Rx/+xkxP5Xg//Pu8751vY+/u0Xbm/h7DDRffqfOn2s67bbGMgfw1xPPjeMhCUf+1A+3k+3n+XNTsO9vP9vG0/7P9b287k/rNffs4xJ/VL+XD+3n//fn/79MYC/bOf/HQvG8vO9v/v+t4XN4f9+fdqfdy/13r/J+1p+3hejx8vVW6vIxfb/+eo7g5/PN9a6G0PuBh/69rNX/Bq/tg/NgT9y+//z/cN/G9/T0/R+/a3pX//vfmaTXv/vPu8FxnvZ+/zLfds8G1/G2zHf+/TLfm+8N5Xt9fzXjm86/vJ+f8/ve0/Nw/m+/F0/Rc4rPD0bm/rO+/5rB/by9fQ8vZ9v63/6w/m1/q1/rP/rB/rJ/rxhf1/f1//jo/zi+VD+Xf/XT63Fied96fyfdq/10P4fjq/D8/N8+PI+3O/XN6XD97Dk4bS/rp/7F/rW9vD/v79v6zvkvFPhOx/my/m1/qh/rD/bm/r+/vm8f9P9X/f6v+vov8v+L8P6oc77f1+fgmhe/A+7d0t3Qh53zDVDtGg3B7t7e/ve+l92+4+H2qUp+Yfw/DH/997u/4+nnc40+3+3N+XN539aynWH92ZvT70rk/n0scpYoZY5XT+3bjODi8W6/B5/Xq/7p/Ho/fJ+fk+f4+/l//e6/Zv/X6/Lp/3i+VD/Xb/3n/Xz471lf1s4r9/rmTvm8vm+29rm8XddHxUoyK51If30LT1X1LfXz/m1/ejipayvFg/Nz/Vz/l016/zo/ff78/53+9w5/9CybE/rm/rB8v/of1q4//Sp/3p/88T8fHP//X7l1/W7/Tz6zDd/D3bi6v5ybOR93sD2fO6X7/zUz1bi6Xz9569G9258ez5C0C+iaD3mbw+z1ih+TvZ8v+N/72ofPulw+zJ/f7tM26ngfn+LDqjtxSatowI+zase0+RjF8v+L9XoMp1dJ88w/j6/Y/+nf0ef/Tt3w54/qtUjR05IB1HOLhHdFNGhXv7UfSZa3uMhwI7mNSB/rJPeXze9EAhUD+V7x/q7+DPgmrfXx/axx/a1G/7+ex/ax/ay+Vz+b7fX+P038vz3T32/zi917/W+/Sdx7z9a+/XGvGuEXVixL14fu6dP/DqHjtZ+MvW935ODito+r8pp3a8azi+K7R55p/qdhcbj/9No4c952pffXm6Da4P7rp/f/XqOCKz/gyzayHHAfXavge43l47ifPMqv4Hh3T/lLekPM+a6v5HnrG1n7MfXeLJqQwpW/4fH/T/+7j+9a0/na0fskvO0e/LJ8DTrRcf6u6LhkTtF18PKU3hsN83r53/Bx/6+8f6TgKcK/UMeX3/rk0fBa4f0veuDB9a1VzrB/eZj/x4novOFl92RiV1AaWYePZdDpL48UY7SgZIJ7l8RWaPvAOwivRWvsp/gQgEl74tZPb12+Rb+6LnfqXSL3nfaO+yzveZHb7t3v85z7ods/Y2DO70Wd7FzeBPvakVu7Gf5Ta/bx9nXe3r+iqf8/95BtzPa/adV/cysLP+stv/v2/wD7Ku+/i91m3qos5WW/F3tF0tSrvBbZLPNB7d23z7/39G271921fZaWk19vyW/Tcrt+1u3YzD83BsC+sWB36X34ft6633X7PJ8+BMYPdV1j/1uk//Hfe9UyXXZZrx/7//7QTRJG/7FTHPfe8U2TO9Ey/TK2hklH+9kK+80x/a206Ye/FSEfT9qZzsuyIJWXb+iz+SOqA4ofVdqp0ofo17bhw6yMtW+/Jz8v39735m/z1nvdqb6+DHffuej+90dv8sa+evX8v53e6p361n2vQP/eBKoq5sSy5m87JLbTv66KOkird95vscj/9y3d+zVX/7VpL+y9v8akk/ZipZN6/7tBz//05/z/eWR97zz1alf1n86ELGDRhXqc6rTPs75f/+fO5a2/sntaTWxq7cN+7rd/173Xu6+89tL2/atdVZeydFIY9589W+u0r/nLep/2nY/fz97uj61y73Lf+njBWeNqP/vrsTZ7mN7iX/Yft+67LK/ct/+6xrgT2Ft7Xn6O/XJx4dx5zG5kL/6N6nDvu7FSxa5Z9ztZyzD/qB/PVc9+x7Xne57O5x7TtfVDn/pH7N/rBfe8aVd8hvv92ZN69bb+cXwmX/Pez/azHXzm/CtsXle7x925ta0/96unrB/e+95ne+snqvfvebx1f7nf95Xqx7a3vr3PVu+/77fd69njv4Vlr++8+U5G/7E1b3yncq/tP58VN7rPFs49LsUT7Vf6j7nqffZv/yBTv9pgnvdN5YTvXu4dOfvBVso9z579u4VnVBnr5fcxV16y+yrWuS2kivffu9pq7vgT920Bb/kFxPr87/nLewgDOusSOl8gH/b3lrc6Zrb5/tFvdpX//2upIxklbDJnN/Ncxq/o/od6JK/f6zLf8hnsWd//YxJj/1mve9dpf+fvvZP/yqnPV86nBZ2P8rNSkleiKfe/c+pJuPP5zdPc9bAIaeOmz78WlCOXLv4/d/uTVfep9qfnQf+0N/d/exz31ofPcgsoAK9e79/0x/t+JtY+dK9tbLITrkYK/kXJI+9i/3rP+86W8e1e37+d/+L4073uWz/6473TP/vvoKL9k1O1O9R6i6voi2hJ2eTvbP+fOt+bf/v3+5fO13+9k53U113TG/rVX8pnMf97oP7nzXnmO/gTv4qk/nEVk9T4XGN/75Tfa2D32fy+nDv1vHeXLufL2/PHMb187nfe92l+8fl/ZVfvXf1cy2nL++7vzVHcypo+1r/7y332Z39vFTb3o5K8cleDOc7F1vPvoeKff9zJr/LF/6fvxIdbmQq1/0U50vf59Xd2FHe+q2LlH/PXv42przQvns9dXPfb9tlx9K9/7+nmfX7qXc1G/7JOd/0/jrvf5EzgKJ///zTdeNRXNt++5Ryn6nHLW/kL9XNp19/xi31y/fOfb5ac7eW4cN6/S9X025Xv8MVrVvYkHf1m/+VOVD++4loh0r7veV0kmYa0DoZXy3a9PlpTxZ1kyvaSwHxNInQ/Tn//y9vvtqsiPzzfx8kpYK8vQ8AKzPU6gDEfObR+jTPd61dYTjb+dCWfh5a9XXI2QFoXgdlmTd2VqVWCP9cUYSoC4MTtYvQJiUe9U22+bP/Ctq2lcWmkKNUr1vv96/3l/+TlXf1a4vAOLndLCvf1wPBcut6/ZXr/wkqGXnbSp1vsCkvN330ybxGmZ8yipbBU7dN7/Mn7cuo+LvEf4NC6MI3MMmlL0QfZZpokpOxb8SFKBRMso8OcT5iFd/v30oflfaNpv6kN+3DCWVKVDGf5c3AUO+9nuY7WrkX9tXMvuNnj+jPP8yZrqR/dOfxvwysXeq4ra8vEi2rt8lG8zFSXL7KrTZnsXXKmk7ptsZVMkIBUR2iSIFNTzxaxzn5ESlXcpXYGOVkiROhbzuLDhdOyO+XwmJD8TP/JP+XDa/+JAZv6/S2N6XwnXjP8n9Yfls+f290Wci+f+nT1sfBce4izr5ZlmC/fJLnBXd13bW8v2vDIYqmnI5fp8t5P1N/8SzerfV6TvHsQsHZf04fOrquZmjX/n5b2i0YQWtfyl9rNvlOLu6SY8ClXLNFX3LnmL2y0zdk6q2LT8lU81ne8uG+Ljyp+Ds1uYmvBZ1oIzVN/fDyu6ld/DnJTYfe363n9m/P103rS2+F0L+6n4D/vrcN//dn5h/58xp3F1ofq8C98/U9unvP5G3YfNr78zjHf96JHIvSkNZ8ztHPy5Xe7g314rMD5bShF4YTvH9fO/U6JXu+LrR/TFG/1TO/dex/7Z0v7Qu9xz3ve+0zPfQek8fk7p3LVf/fctW81pXs8x1XWqv8i0v7u/ppv0dnctm/8tVvfeK49H1Pn34f3le8+1lnu8kzvenx/e+1/e2+Xf2kLKa/fpB/fd208HXey5ne/h61wry+dY3WMbtd4ft4yrXuiKfe987Tl34fsuf+857fu/kjvOvG+7Ny8elskRf52b0v7uD6/OR+1xnndx13gIFGB3l6vLX+/8zXv0of2xsnvM7qnc52ocN47/dq5fafSFne+N6XTeilO7iTOtGPx+a5lffv6p7f9QJ2Q91nP5+/+4kd39NiVG/rpbvYFP5yVHfWzvEV/ejDAfWiSxP1SHvRJt8Kk0v/YMCVlv+mO6s5Y9Z8Vqx/bVG5E1oEtejnxV2sUNhO/d/1Xd/v7Z57pivP9w7kR/Xre2H+X/feu5fVnu72i/njvuj9LO/Niy/TZrB/ez3++s7vcylvvci5U/16Lbxd3Z8v4mfK2v/390z7Orfve2tvu4rvf6YN/beOBC3Z7dY/Lfua8Lq/sj+v1q1L5vd9z+Z7NvbUJMMjYv28v3O79Lnf3dn/mn/PSVUF9v82rNyXLHLx3M7askNmlQLWz4VSAi2KVun/891OXPY7XOV/99be857JsvN8w4chMKScDqsGNTMnM9Lm47SZlzGMvrkXFdWj+luE6TOtr9Pv9sn979zP74zX390mJ3ofPQmh/e2Ts41i2n1VZrx/f++D38Y2F9exr/8Ja/AVd5bf6H7rtrO/9859Xk9iJ+/Pe/Ztf+i5v85VfLzOpPuTlUnFfNNEu3pX2Fvc2XXegFvfZ73Xo+zPZ5lkZnOT16BIsE8xMSf9rez7PXk+fmc/88Fa/ypH9lvNjRwVeWj+8e+di5ex9n1/wh3nbfi45Lu8uj/1r/9m1Pf5DX/4Le1xnQ7X3NLx+75eJ+sM7a2L4vshAOoXqRgX979LndOHfmFEdKa2XdxroeN7+/8vXfykzvnO/98hzb/8Bn+gJ6/9j/Fz8s47GknO+x37a/002rm+y2+tdP/6dO4/zPiRaGs+tbmLbvH3e6pXSTn/3//d++HFBZ2V+9p3+/p3/3OncPtnV/z02r3dz6r8sd+bbn/rPv4VPst41n/5k1s99/dG24/3pQjZt8NeZykX96/vZ537R+HI57n0iVM96TW8v2cDAjfwd7zb7fYq8zDnYm7Pnv9d2/y+mz0a5337J3fx673Dq8LVfN4+5qX9gXvR/uzBnsqVvyRHZqzLOXc8V3vvvE5reTu65/z5HoQPruYxtf69e9fnmyYOl0E767UolIeSAAyVFP/u49Z31zm8P9gtZXnfee6+fPej/xJQrlffY2Dnefi6+9wOW++V1617T2fxuH/r5f7qv0yngF7mBNZk899JhrC8dNhVV9/f4hs2FpEyoRGgSSy6rVokFxxGyPd91Z1Th9y+zb8gfZ7/HhvvST+dL+iCSR1EXMkXGFDD7TukZfl2fowfiS4+/nz+/DgTiIm+jLM/M4GTrrgYPyJnzjfzzGLreGrBpkmozb8vWh8uFdSj+1jDp8fM/cQ4WGUe8Nf8wfzgIYxHgdN7sTu+8XX1H8Jshj00VYKvk14/Ho/f3/Xn//V8vy+fh4/nx/Ky/Fs/f+/3o/3V9rH2P27LKifapGxH2hm6V3/KV8U+x/axzm89J/qqim/FG/bK8fo+/d+ftz/X5/V2/d+/oT+1n0ofvojeX/rG+/ZMx93u8+xTdv8ii3+xnzmvuWj+xhqXZCYWkqr4+Z/z3uYwn3333foyOYnrPJcVrpgayufd6l/Amkk/7ayglXt/3lLve61DP9KW6+ix/Wtk2NfW3s89c/qlvcto+35exXXahTf+/YyzW0lXCWiN1VXerLNshq+98l/XRuX/Z9qfPsftu/1zYHrl8fQ/p3/7Z/vabn+sHs6ZXd30OX9zOE0cy+n3fuY1zXc9+f/v77t/Q5XT0GbSl6qXvne/+I69/eVq+7z3W3L/+e63bisTco+SZp8i7ewpLa5rzvqNe4QKw2/73/rG//1e0/1sk7/T1TtXfdjv9un/+JrfL/DdBmoBukl6pyDCsfVi+/52OHfz7P58n19kryu/qpdN53z3Xu60x/zJLeS9ET5Hnaf+ppuRJ3PIymK6E2vXv+FTvrVfefHTf01XXkuzZP+XbKVW8R2p4ruHkVuo9/1P3b1i6Lnffu8uvT3Xrvc/KQD/ZKf7Wtq5d2ThQMbf5w39/eR1Dme2v7Xf8/5iJve687/9qsoVJJPxpliipGg53rnoTvoX8b1fZ/tZLaPefqaskd5LzeWl4RTs+b+gV3vz5njO9Oz7BT+/zqHuXXviJ1lfeoiwyn8KYglvN5lLe8OFd5z9O5q39u/Pd7ZN+fv69vd7nuM/8/5u5zf43L3/9U04fNc+sHO/bncz7Nv78Dq/x9z5D6M+Xfufv3pOvk8uo/+Bzm/59xlvnKvx/eXi6n73W1L//+26Dq59PfrqPdi7x/a1w3nNn9907eanbn+qlXf3xDXez0YFxQo9qxf+3v/39f/vHc5p9f9v7fwUy73u1T9cAyNf36YtO5aj/dy7317PPto45frfZ1jm3be9lVfdN+39vuDVfNh85tLfPV863+Wvv6nDuUz++8dv9/9+ry/+FRx7Le3J4Lvfug614b+/4+r9nwv8tLPdtrv48L/e9dx4fNZ1m103nIe1U3/FsT9/T+u3hTf8/Yqw+TMCR132PPpNekm2fu+qsnuo8X9Zf34fv2RX/oWviJvaFv5Tnd9z3qeN9/7e2vnfftjPU/V/pX/uv/HY3nHvrFPf++8ZHMcylv+BL/8v3+2qnfy0a8/e+b2szex0lv+BlR5XpiPP6Wsx/a6rWuXRg/ObTPP+m7vdsh+v7M+Xd3t/41Hvvv4zuc/F78+Z/5Zu3z/4ftq1vfxdprPve9w+dS/XTON/9/bnYdt59W2na7d/fdi3//577pPf7H/eq0563f+9/e298IgUy9kG8/hn3dC+iPP8z/ex7/7rnd66uvPNj/18l7P9+31P92PPe8y5n/+Tln/+/enx/iDwNI6Za8vX3/8iW85e730dze2U9/7rO/62j/1qdgljk2/3oubPT57Td21e7/bzf90TnR1a2HHx8/+k1b5LPc6yy/nq6afe+g11p//VZOxO5m1pLW9VTfxJrWM7/nrvR/a+qz/nru69ix/n9Ob5nWd//cZvtX/ZmrB/xpeCCbjXPls3lrff86tzvMbVc91z7Mu/aFJmPlDuvUU+3j+vbL/mP/7pVLu8x12779XMvKsrfERH0DfD5odLfvAMOAvih8yssHeua7caherd27E+86Xffi9nLOZvlTf7a8vmbdCLy7svJj+vV9pPvetP8zlc19e+7s3n+1L+Xf+PmRGACv27+90J9q/9r/9r+9yJvU+X7va5G/7NLe4krvYxD+5f3fz8gfPffK/y8sm/Ol/P6+S1qX/Pnv6/8Zf/+pTvRh31iDfd5NTe747psTf/Npfwlv79sF/reH+5fvOx+/1N1+e1Hs8lFrvyI7LCQ+Uz2zfesN42JXe2q/nrLKPbj/FgSoyTeiYyGmpSn9SlmpcWXAvzd1TeOimmk3S1YtnB053yEGeSLeWYs00d5cdj+16W11vEw+wY2LQAmoAW9K3gorFo/IeajOSIxV2xICcOIslI8DWRaO22edYzNhv08GM6Q0XsHH4c8AIeJ3VV4dt5RWwsN+3GE2QiP/qM4PsGVlEwwa82wpvE/jw1tjTOVqpe1321PazfyUuh/qGLm+qPfPA+j8FmpQChXYlVFBVEt63DK7UyOzJvyxbpIdS6kMYH8PrlO30mp3IhCu6LQk4rux7/D812pv6Tv0+vN+XBrbxK/+lc7qTnaVtZG8rKyoGy+mjB6kxsm5llo5Cz2Wk/pterTl3VF2ph/uL/STNhprVQnO5kVZFa0G/ryXlWcnKLT+/t7NyXYb5a5fyVawfOZ5K7ednx/C9UPL8CN6HFs6N/f8CXVLlpy7L2auUdTX+3P9GgtIWt9llR/SzrOZ101N54BJMjPVtP4QvbldWLd6bLdl19Pmz5LPvB/2M0np1L5b5z9rftG9bussr8vHHeXbvsOjVjf892JP6XK7KsAFo0b5ms4dt65zYzi/3r7Xsr+304fxqZf4nzP7cN677rBypXej81qnNh9/jtv34fPNV9c5kemKSNJM7zOJ8+939qj/1uVfy8uubaL+iG9fgEc+hHe61XXJ9Wysfdr66z90MQeXj++WIgvP/01P+XKvKoRKhWiq4FY1WeWmBEthkz1gv/JQG197p31gPPev5+neO1dztvbs3lj/We8Zzd3/mhp//ub/Dy/chXEvQRW+srOr74Tvnx/u//vb8vl0fO/wxHO98p9Po3//Xf8O3u82nu/9xHv/m7Oc3TtPYy4TO87/Lv/cB6mr8K2M/TjwitfJS+Vilt9Zgkiv+LH34fv869W+2JXfhzR7Xv53z3vayy0u2+/irufK6/fe2zF1/N/xjVZlf8+F3rFv+lOVD+9+7De/fW+pJu54z33v/su9LHPZ8vl7Vu/2pczeC9R5Tx6/3nehKv++bHf+5lzmP/4fN/vzW1B38Vn8ufvu3OsTP/BHM/4fN9kn/V/Wk+x6F9y3O5P/7Ne8E1+7ZN9Hjef+nrvmY/4gDO6+rzN/01/CTi2Nw+qsfPa2nPvs+8T0fZlf5Tprvfvw/RN43J2Lff8q6rndm39/11Tm+/xw3XeVz+/MVtx9zlTvfa0X/PX6cwO7uz9zza+L32U7/7939ivuD96PO1XunylHRk+Vm5fmGrEL2Ss+lG97pne868T3u+Te3qpXeq7rjv3d64fN7d+L/gNfz0rXey3/7+3Nbz8X/7G/7pZbf8/lXeqV/1y7iTua/DXVtx/Wi/9sT2dnN2749nn0f/tP+kpjvfdzD7fc/tPdaws3vt/9t3c6xnu/0izLey/Wq/D5/Xr/bp+Po/fB+fl6/4+/1//W6/br/X4/bp+Xj+0Wc1T6bN5zK+GrmusW+i3JfGFq+q8s2+lNb12zW7e3fXY3LXzm1JK+iG8Ptf3/70w733HMY5zu6rWVX32H/rE3MN8zpv1o/t79zP3vftfV1X319+5Vf64T74fNP/y7Hp+z3ud/1d5P58mPd/zj21oz/ysSw0eUD/yOrxlR5zZ/js0x/Pa2n7O75394jTfY7DP9Zv+i3f90jsnRX+5bmzfeO3sYdWK7ca8qere1LejSQ35NJ9zbkfDveM1NP4nXmar3MhANJMUKWKim8/BXx9bVPZfxS2U79rRauLuor6GbvNTbdzdVm45r7hlCINXDd2XjFu8Kf1ncJz3m7XKUs1Zy709bLOLGyrPjxpMzL/rKu82o4bXTJm+20Nf0pRqto59gWzjm2ipp6yXQmW+p79Zmksu8CrfSz81pt9LiCpHTNAAUYD/1inlVlU4d97vtXZz2of3NdMVNZ8vWvVajnx/aCL6uKTRP2Xb2cMlV/5f9KPSfMyx22lt+FjfZzmv+qG/vZdT6xqLFXzvFv3Mz7qlraLsqsKxq2kN+3rXlc14Le+6mjf14/Hx/dl+Xj+3Wuxz9XfTsJ/ox53nTk5/r1J3sf058r5J2M/0C0b/zMo3wvDQtR9UD1G6zFUbEvxM+39gez/GH16zvDAfN57q/o/9Xi/81qh9LYId/OJf9a6dq/rzHd5kP8Xtffafs1/Pf81+/dz+98ue9tfPP8Pi/C78PD/bP+XSmXu8J510/9nAmvp/eq8IPk/aw/GKBi/1h/1vfn+r4fN93t/D+Xj+d3fg+84f1970fJljdg/x9q9vT/ZN6nj/X0vhbyvBz/a1PfK1o/Dj/V7+Zf993z18/f3/db/Xv+vd73c9fN9/q7/P5+vnpD/fP/rk/vO+fQ/vK//azvXXru/Xf+Xt+316ft7/28fP2sfP2sfdw/1s/dj/9O+XD//untFUr5/ihcc5ZyvcuaD2eUKYph/R+q5/e/qD8lg+7nkf3b2Doi0Up8No00f/P953/axG/by+/vCfPZ+to/L37PI//nivB8f/G/D7z/E+t4+XD/fd63b+fN+/+d6Lp/187XN5/x9fx9/10/P37vU/Xv/7+q6/pp/Huf/Js//e4P3Ha/5f8d61ofpUe8klVyv/KNHrh/7vTfM+zuyjVscWuf/I8vG8L9fe0v/Hy3ayvX/F0of92v/CO+Xrb8vH/n5fT/jy8v++fZ/q7m/1vfKfL6/1q/Lu/7E9vz8+dd9f/PAzq8AD/79/vm9e97ecOw19/9h/t2+Bpx/O8PnXv/f96Xb4fH61/Kx8r9L0bG/7Ivd/6T/rH/r9/7m//pTft/fb7/1n/d3/9+/3q+PkHxr+/W2+Vb+5dytw/93of+/3e/Xzj+J7fr4/+L8/0/rr/rW/f/9vV8/a7/u7/62/ZW/rV/rhf/XK6P0M9p9/eg7fL6/16/j3/F1+3O/PaO1x3/24/hx/Ws/rn/Hd/7Va0PnXNzb7/Ky/ZX/edN+/04fvu/tv/dz/1e/Xb+u+dn5/O2+v2s7ffof1Hxn3/Wy/qV/eue89d78/3+fOlWb6/34fNb3+907Qv/+/6w9f1/+0T269/b7/Gz/rZ/e/XRLb+1wO/76+vN899q7O/78+v98va/v70pfLm/t9/Tr+dy5fxp/8ZyDn/1gz/2//qd/P+O/XzPIW87z8vu9z922/q1/PM/rVv5f1o/1q/rO8vb9vF88ftvf19/ty/9g+Xr/ve+X9+XL9/+6f5u/1u/fy/Nu+Xr/vt/X3+fL4/w96f2/tw/v1s/Ht73b8fL5r/l4/Xb//I/39b9vF/f4Y+7kpfj+Xv/Pt73R4f7//8N67h/ts/Tz/1O/Hl8Jr/F6/XL/vJ+3T7XN77z16/78+t8+/rz/a0/G73/B/p5/HU/rb/v59fW+vC/faz/F+/W8+V7++c98/M/fdr/14/T7/N6+3s//t+3Daz/Hz63z6ft+7/1v+V/E/k/rV/rZ+fe+v2/v2O4vKZ3bx7Xt5f/+fNc2/S2a0/270v39+vy96PmZ+/1vRv79vW9vaxfXvO8vm1vn1i/qfdr/Nr/1j/1st63b9fj+/qF/PZ9vn5/m7/n1/emW+/4+97i1/2P/MpcHG/b4+v58/WD/Xv+XC+fT/f39+fg/PB+XkjvJ+fT+va+v/O9XaeyDk/dy4ft+/+cQ/R6Tk/9p/9toPMvwr18fPbs/v5f/1E/v15/axb1vTz/b1b8vV3/a6j33dfPqx87R/x4bh/rm9f19orx/fsvxvQ/RG5/hx/a8/rl/e04/8cd+/34ftw/N7/Xj/dr+Xv+XD73d3h4bl/rm//U9cE1r5/a9//b0PwPKa+vkTg/1i3sffkvJ5/q9/rZ/fJfUHS0p9/45/r5/vsf/C8vAJ+6+fY+/tJxW2/zu0OwHX7nXG+j9+vW//Y+vjy/Gx/nx/es/rt/3B/7u9/mTfE8vLyv2N+79pvb/fn5vN/3a/7zm/0sfL/ftr8rm/fO8vh+fa8/Xx/ayD63DWTfG8vR+59a8/pZ/nA/bOj/17/335/4/+8C9x8/61/nx/ut/rJ/H9n6o4fN4w/m//a4Kfl/rM//61/3+0fd96/58ftYN8/7rN/37Q/163/hx/WF/XD+P9/3b+p4ffPKOXL/3973p83/YN/3r6/vH/D8e9nz/f169o/87S7+a6/362/jm+vW+vGfj+dy8f1578XF+DNz/TcUN/9b0PF/rZ/L0nH/rEzfSUEJ/rx/Xm/rV9ve/m9r9+v2/v69v308ftj/1r/fv/9Yz+d84fdr/1r/t3r/U+Xv/XP+Xz2ofOtu//b+va6//N/lzZMb//n5P3n/o4fN//8d6D2//aev/i4//B/G/m9/wv/e8/DNmXLufyn0T/KN7POglp0C+XLuf1s/Hj2pl/aTh0HsZv72T/3PKb8f6f+1mdp7dz//nBsD///Mgd2/vj/Vn/h01p/9i+zHBvH//vL8dz/39mbz399vdaMU71/P4f/d+13//P+135XX//f4Xfnft/X70HsifTn/PU+zyCdL48vW9v++8r43J+rtW+rVavhP/fe8PHDdz8/R/+b2/fb4by/3JDfj6/Mv7m6/L+zUR3Y/ffL+m9f3+e+7e8PIE1o/nXK0Xx/W8vS9/rV/Pz/7B3T7p4f95f3rfzr/tm/zrvTh/337de/bC9/eeftXwX37fDjvZe6V/rv/Q0U/OXLuho9i5Mct0cPa//d6XG/7Ja3/T0/+4/9V6nmvb44/vT373J9/0/e3r13H+XT+6fNpfdufN+7710fQ/7k/7Xrvd+r1E/a0vT+E5Kc0rP/rT9vd9+H5/fB9z0/uz/+V6PE/rJfOhP1/3q8Z1/pB/d+edP5+PUKxN4/e+//V6/U//A8/Xp/e8vGvyIs2+/q0fgzHg53Wn/px/d0fQfet+Jx/a833rU/vj8f49+154f9sf1lvPNLw/X+9r4r6/b133B974/6b//dK9zE/3z+K5Tp/Nvjuj+/5XqHtpXn/PH/3xr3fN+/Oivn9vfl+d5b4T+/70PHu7d4/vS/w4f9sf1m/Nh/dy+/r13vu+j4Q/3Wv/+aeCdi/d+/zrlP5/65w/Ow/HvS/P6/vi6/PS/zMA3Re9+j5/fN/Hfl+V337J/7Q/bVv/c+3XQ/5bl73vUP6XP7X99ft/fPr//Sdvv70/9/7Y9/3o12fA/bP/XWP/S+nV8vW+vb+vz8/29P2XU7/vn/ix/6Z/fmwfH/718f7r0Pu+/z4rlPh/983y++70/uu/LM+XQ7/vj/86+PxrkPx/98Hy69/Q//a+39V6XX//787Xqvf9/Pyvfp+ex/65/qb/v+/b5/rLFO++3N+XP6Xt//i7f3r//O9Lj/1od73L29/V3z3SlN+P1g/Pu/9meLfM9/599Bwf2xfH/V6YfNc7+d6+3i/16vvG+7x67/e3/6m/aZ0PSXj++sm+/1+vX0/ft8R2/7NJn7/20/V36XF/Bi0j9f74/QpCfFH/rBveXz/vb7Xf6/PQ/0ofPod/Pt/blXP/le/bG/7Bd+3h5f7//9K9nN+XDa+vbw/26/r5E8ylN+3964/9z/G9//FyeZXN+rt/Q+3r0/N+X3/3vm+26/PS/14fdqv/W+7r0PM+Xr/3d+365f75/04ftE8fv1oftq/18/7m+NM+6xk9fOOPgyz25H3rw/3XD3zhx/a1/6ZHP9SByO0q+Nm+/b2bO/7OW9vX/q9mz/ay2/W2/rJ/PVP/H/19/5t5XP+XCnQyvG8/W9/jXr/+fJ9f1/W6/+V6bX//f0xUd6XN+fz8f14/tw/vr3/J+Xj/3c+XL+XL5/569nj//K6/y/tg+/70vuu+y8fL4nbaTJ9fa8/G9/K1/bJ/7f/by/3XwfQ8vG/vK54pTXuob1/bXL/Jm1f8B+20//16Xuu+p4fL7/9693j/3T+7r3fI+/r5Pue/y4PUC89qfl+R3/3L/+16b6dn/uof3et+n/K4bN/bXrvRQ18XvS+TG1/7A9X+/eY//R6/Xz/w9/np/eN/l0/fl+tyIs8/3w+PvS/867vh/Nvfu8b0f+K+v916a6/g/N/fO+b08uG9vZ+vf+/m9Xr/BeN9J//mz/61yfsd8vG9vZ/vB3/m7/3wS7Z//E/rR/bxi8Fx33+fN63x7/18z6366/vT/14f17/1iv/Ns/zuk3z+PcvlB9f2/aM/rx/nXD/zx6fN5f96fl//Nt/Hrn/Y+fN9l7/m9/jG8fW9/ny6+3V9+/pHT53DfpcH9PwPT7XN6/PT//a+3p//M93yydf9+n5f7F/517/ncby/HVv/Z+a+O/707T43T+K9+D4XT6nd/KZP9LxPj73q17fm/bJ4/ue/x8PMY8ds+/706HxfN6/zr3PM/7Njvl/16b2vj+tx+7xvV3zfY89++97039uf74/vU2T/t8716/nR9uR8/ct+j1/fF9e0/2a//Z6XXT/pG1/F17Pm/Z55Pue/z8gQ3o+16favofm+38+a9fjf3T4bL/7XIzx613vLR/rR9/np/Z8va/fvF91r0fM+Xv/XMDxX17fl/px/rV/rJj/bE//XpfU8va/va2/L4/26/916a6Pk/aY/XUv/5uu+C4/G//x16b07heL8fPY98HI6fvMcd9Hp/fN9m4/Gzr3/K9Xj+Vr+XD+3D/nj/K9rvjnh/vT9+z5ffR8Nj/1r036fP/316fzrp/T+h83r07w7n/669fyfsKy/kzp//WpP1s/vY+7Xp/Z99njfPVj/Q+/Xz3xfm+11w/0tr3PK+/b5fve/K9b5vve/LdN9H0/jB/3Xr3+fD9L2+fc9+P5vfFv3/eJ3bE/rW/rm8/m9/U+fu+1rof5+fs616vG/rV/rm/7M9/4x/qh/nWP/9Z7/lT6B963D4fN+/864fMU//50He/7a8vm9/cN/P1/fA/z1yXI+3su/24/vXeH6f/K+rpv/N99u+9r4Pte+xpfN/nzrk/o89/XT/59vksR9/vyvjxvOgwzax/jd8f0+tAy10vc/p+c/+f5vn/3l97/k/e+f7//fa+73pvl/31/Pfn+G+fH+/8d6r5/di/O9V+/Oz/u5/aZ/rr/Xz/7pa6/Wy3XEzP+O2/u3/qH/rLfefv/f/x47J/rG/vm/9Xy/4M23mz9y+3vGfno/Qs83G/rl/rdi/+d6vZN/nbPgW7/J7z7a+Nc//D4//W8d6P36/983lfv5R3K+f+N6Ptl955zjfv+fP8Xo3r/3L7XN8f75fN76+1Q+3ey//K9TV/7L+/fT6dL+//d6vsqf30v/cW/bs//vR35W0/z783h//bke36+vN+Xz5fN51/m7/px/b2/rc/vl8vO+kL177/a8//r0vt/ri//vz/4+//yf/O/N73vK/r7/Xsf/i8vu9f8+9zy/62/F3rfS/X3+8sW+ve9+dc9/u+rR9/nB/UP/S871wv3ffFcW9/3p76tD/eA/FC2a9/tx/u18AU3/cvW8veN/70ofnc+Xje+XT7HXk9+8kw5rpvy9/dyffFdl97w/eOxGx/66/9l6PVf/28rG+fT8vGufQZ83KnxS6/PW/+K+Li/1w/LKN8K3/918nH/rh7XN//9dRH1rZ/7fkYeN8fj76/1f1uPP3mRj/1A/51wrb/7qSve98b7vm3/a1/f54e664vn0vc/vxY8vl89Rfb9vt3/fJ9618fl1/GV/r1/YfN7f+TUN4/Zr+dv1/u94fN7f1o/D+TiB/KPw9kP4fGyrWH8f3mPwCw/zx/q3/iOzV3v/L+7+A9ix/tFw3h+vfj/V9/vk/9N+H8/fV+7wBst+f2O8t3PvPPwtkXPvb53K7/vO//e8PRPqt8bv+//wf9O/zs//pMp4bH/7G/re+vt/vly3n/H5+v0//N+L97PB+Xz+Xb+3T28v7MP4b7/bjz8a+9V//To+r53tti/Lvz/d+/vzf9O/W+/zv/O8tm/3nT8tl/735PY//T4/+Vyvmw/nC8d2+/Ugv19fa0/6x/W6F/7R44wbd/7vDdz+/1of1/vfCuP/ey/ax/W2/6e/bC/XWCTz9f74ftoftF0Xfn+D9fz4/dP+b//fe+bj+Vf/3M/PT7344fN5fH7+vk+vB6vWp8rVIW8Ny/93gvJ9v9O/x4//Y8989H6G9/vx/WyG133G6v3/x8vbBAyPqDzTYf97fF7+vgd/qUy1v33je/rG8v5+9nxf/B+bk7vE//m5P1OAN4/937fbfjf3/7TA/6o/vDw3r7HEIqP/XN+XQ//fh+99+70//d+znHQ98/Q4ArP/Yd97f9N6uUD+32v+bsP/7M+XTW//3+/Xr6XN4f76fJ6/1z/13jne9/1+96x/61/e7/fIrjne9/BCL86y//r8fv//28/vyf9+/bwfawflvG9f6+/Fj/1k1t/366/XFJ/X+VX+34/e//X4P0eA1iPPrd/rW/bR9v2+fa8vks2+vb9vXCzEfpM/fO8vvz/c8v29va+v17/a9/578Xa//T578vz9+313ivW8vtP/V0/vB+/3ofP+Xz/fN6X99X7B/ph/7E/rp/nG+fi//Fxf/B+t+P1vSvf8v6O+X/+XN6nt1g/Nj/Vv/9r//n/Av9/v8zfL/dPKL/pqv9v+d4XAkMD9H/u7hBOMn8rXf/P9t9//he//9fxf/ju91gP0f2PD8vm98Fo+m2/jWb9vt7/7Viet5TeN5/Df++bd8vW8vGv4fv9Q9QbqfD9v5r/KWJ1e/CV+/34fve190rd//0f/m8rG8PoEV93njH/rS7Aw09bDXYpL2u++0Xw/vY8va8/2/3XK/d84f1oftr/D3rPO+Xz/XTO+H07gO7P+OHfvfCUj5jecwpJ/eeX9kff3bBeZ8tm9GFwbmjBw/28/HcffR4dFueznv43jnJ/Y4ds7Pb0xpP8s/9sI3MzcPy/18LPF4BWXD0a/fj/vtTub4dzPNi/L2HP5ff98qrG+/mv/eAGDu+vfuandX4YI8/iHLu49/s9fLw81JrFvxKOjP6e/fpPvMc+dfy1H6/71lO4fCNz10DC36fr5/Qr/4f8gH/l1o/kD/+xifZ9+0XLwo80/ft5f1v/18/dv/1S+Fm467zeR3OlA7P2Hd/Xz53Lsbs/r5/ru+v19v+e8W48vWyv+Z3I++YYrSOlcrUr+kR8be/b3ErBM7OpGQ/dv+t019jhjMUe/AjWdvN9/nOmI2y/axPaItIYcy/rn3+oTsMV8O2/r2/7/jOVChP5v82QP7jdvPdPg/q2N1D74qL379/PXjpNFvHexZC+39//O4DnMmIk/2W7+XDO+LCG0F/9+/31++opfPP4bZrvP+/lp+fB7536v2B99kH/3G7fCwj/UPlPwv8O1i//hOnwb8vtB/+wMTteff2vxBUaLv1pCT3eefKe/vtb6u8e1v4+/X/98nc2uvLj/vz/J3r3HF7++B/7vf0z5/d9+f8ewNWxgf1ufHv+/b2kf93A/nOnaU4fbv+V1a0/a2/zX//9Dv/8Xjq++oP0+f70vPfhX8T7va6ffo8YWwEz3bfV5/6Tgfv6Xdzf0zMwf7k/TzfQse/vr//10+v6+eXi810vbfNwX7SvTf0u/32XOdrf1+/uwjlxWyv313vny/299lZ/3x2/N3vHw/29/y1s/vB/3d/uS/fn2AwYzrH/fuD/7Q/q67/ea7ft84/bfJ04fve5Lq34f1s/HKzHj+97//QV9vq+/m+/nNlH9rPdXuBMjPVw+fg/fQKxTefwXTXdqn/7+8/39Auh4/wLDO2A+/uLwNUffjPr23L+P8izfrB/XevTbx/f8/iXA++2+Aftfu34+/9OA3c8f4phUOx/rvDwNI/Hea4xbr7/TeDwjY0A++A43DieD6fD453y/v69f25/2//q3/Z7/bIBOH/W0MPym+5yoiouMauQ3I/tfXcOfPfPfN+7UrP8rdDvtGd098/i75Xtvt+/+WJffPF8v/v0Wx/qzI32f+XovQG/l1XX8LpPoffP6L9vnict5f3qfNo/Nyryyvdc6Lq/vf1rf/J6L83fszTfz5f3/f9Z6LgPNE8Tr3mtNS/v7/3jyL9r++vx9vSOLLSWjrMgiW6017DD4V+rW49F4a8/3D8V3x/ux/aH/rZvhM+dz+Vz+Q94fTus8rU/+wHC6R34/fv//JmWGz/W0gu/+vm/v68/m0/29/q7/bC/bu/rl8b58RO1r5/rB9v+/vaN92xPHUuHsr7/bO/rl8b1PGz/vA9V163/Gz/W4/eyUnPfb/a7/bfPasdGexvHtp829M5Q8j877Jf198tm8ft/888/9G/rH8vW8vuMzhSe+5RJRF5b9+L/iB+wN//3kNZD+/DMgGkX/Ydkhf3qfNljoqS9xrG0zqv4pl1v/OZ7WtSfh2+nVtglrO3yLA2W++bxfV9NT353jbAs+l9/95Dz+WrGEyHE8TkFipWLO+X9rnr9Ju6/p1/55SbB/2jsG8v+84++7BWz+tIZ19VyVrL/X2/rt/vu8fFeoHX/rN/r++vx+AEf/bX/bJvMI/o7u0/b7/qH/X6Pfb/dp+TlJ+X5347f76Dbg/v+9ke766pvKX2/3CVcs/vr8gn7vnMdkv69vugya//W4/qB/bKv4FSZS/8wvSTfE972297nv7/76+/R/99wQXu4azj7bbzyI/uw6f+U/9DfvJsef/a0nVTxJ3/az/qH/UaYClITBvGufIlkIneYIvrvq/z224/Fn+3m+3aO989E1932jJ7/bxTfMQph/rPfuvVNTK+dv/90uRnO99ljBvZ+vbZuQRtm9839/r2o5Vt/L23vh8HT//Sxv7b+NjvFfK/7U27vw/vt5v1/F27P1/wLDfvP3vRzrn/HRhdy8bRff9/rC/0ajCepd8zi/fT4HbH/U77XN3S+JWmx8KwvXPj9RoAGyn18y6T28bA/D77nZfls/Pj5vz/92wP1++dxfv1eLfCbOAl8/D+3bZ+T9vuN8TqP2YmS977nI/tlwE/J/vVzv4/3sjfc92y/UCcy8Gxii/uRzPx/XtjfC9/bF/er5n0fH+y2fE//bA/c76Py/vcWzP0/3g9n3/fLzPw/tt3vs/fbz3vfv/G73n189+vDvP/X++/92d97Mfn/3za/38/xlKRg/r5Hns3fpsnvr/v3GNfn/32e/f+3bt30vx8N+Zv/A+/8mvN/Pn18t5THtf/+Pza+G9/7+8N8f+6/3bfJ75r7/V2/nz+j95r5/x1/vz816fNr5ry/d27H2/Or9xw/bx8F+7zXx/doffz4nbH/Y77nO/920v0/rBz4bE/T79j4/v1OzvJzXgbP/44/3IaH/Y5/3i+18ff74HZf/i8vxfb4nbH/z7/nZ/s98F8/K/F2ftPfe+3w++ZyfvN9z5/a27bn/Pn5z5b3fbQ/c+vt98zz/ts0P7//9F/86r53a+/m16brAqVT/OgwXpH098ft8ffr5Z3/vS8/g1nwQfa99/7ocNmvLo1ETH46/b2/7D/rvRDEA54jm/MOmGwfpg3K+yJ5F+fu80rA/9my7JHdz8dkftBzHov/bJT7rmc5NnjfR+3F2QE6fJ//9yh3GPA4MbMYM+7bEyzwu/S6UOfAmLzstsfwHZbKObUR8rCPAndOMPq0xef0Z4ni/4BMdMvs590fkUGRg+WzfbinU9rNZ1BSp/IsuY31R+1AzfFd6670Xpixng2us34+0J4/Dbwqh83pSD9Xz9TZkPb43qTt9fF/f1D/LpzjG+7+fBy3sxYqu9/HH7DWpfvZ/9VyvAkwPyXwtPD/d9DCuyYwpRvvLFBw0fTuQTbDYovA4e7gXiF2a+aGbY2gaAFg/9qE6PA/Q5b1Y+S2nHPYD+f72bXPvK/7jC80/LuiyEXK9j7/X1+K8Sp93bm2Xy/X02/dp1f/+Jda+k78hkMcqa9fr+5gNkPVD/nSD/V+vH+K6viXZ5O11y73Dna+3Vn+rHYr/a5Qw4Lvy7U/LsWz+3EPebvOjZ5PEP9G2/vJ/vLMG9zf3Cfh4QPM+0i93Q3ir334d8Cn/PGIN5xf0b2JiUYT/Pm/v22fiR8q+vIf+/+r3Qwg6XC8PXe87qPAX+7yoQJU64b1GQ9O+5dL/tvS/ZAg//94HEHwj93xa+/7+Brx/l5vHwb0benhrglbCyAOtaEJfp5vfFplD6gRPj/RvUUPq3g/Ln/r19vm9qtQwyTY89rJJ9r5aZRK5X5p5ZMKW9UMkXyPg3ASbf6N9iXzUiv198Ky/wbwP2ST2A/nhfmu0w8Nafj/PbjxUwPZz8NwfMPRta8/RsmCK/TlZJ7/rE9qsw9CEJO+f/vMO/ZJxk5vjt5/d8/91Cs5XDupUb9fhb+bax8P0/vx33b+OmfwglX/u+Dshf0F879kIb+22A2D+6ANiwX3Yf18fvE1Zq+988ZRn+/KRMmMARb9cmna/dDwP9bvT8rJafn+g7EtGVB5PH/Q5AZu/fFzXo3uo//x0b/X7/fwTSlir+vF+hQy/HoV/PR175Di/VjXX4LKibGfR4sZ8FxTT4LKnNhPchc+MqQY0+YJdQgw/WzxD/CFGHl/MIQkVpPop68fS3I/3rX/o4zzpDjvJzxvJ+DCAfnLFvv/LoP9MS3K/3Cv+LdbiC9W+/6AU35/DwPHKQdFAB3v0awZghqTg+Xx34CU6fX/fpH4ttfyfV/3D24/3s+t+iORB6f36MOxfqE2Q87zvIdC/008/S74kH87+1h3o9LJOayWe3vS1P+D7Zq3BAM0r/l/ii71LY79LF+fxx/KQXgW7ZqPfu9/dC+J6B+cpnXvbZgGux/+f7/XGzMh/sQhJHmrZ00g/P7Ye1cx/m0PHbHvQ/JC03z/3wDQr+PRTe//k/hPemE5V5H4m0faiRWnXYBGYb8I2D4xsB+Szvy/gTwbB39v7hklL893o7FvxhVWfD+7KMz6rf42pH+97/1w/3Y/3DnvRTS075/75Sfq909lfHf6cmX7/fmwvkuzW/BLo//+fuO4vwvCntF/g/v1/djCq8mH/sn8Gr5B1w/3/lH538aWD+ls+LKiwdTzdoHvae4vFGdCfGrB/d+uG/1b4fe4rofl/Ax8PSLApDM9Owvr99HpfpaoG97x0Se50a5z213mE/LTOaJ2no73A/Pawo2O+0s8Xr3WN+T7y/O82+u0vwLWf7QOv4kx/PD4fPr9m+zHx/P/4R2UPP+/vwzrI83rt82rG/+CR3xOAbpf0m9m1DOB49jLFcD6D5/zo//FkvsP92+/vA8zkm5/vO891gv5tl/N5+/o/37/3z/Xz9fz9oHQ/g4wfbGDMAxaAsmw/S2/328a4kDuoT+f2/rBb/kup+vV9MTxvnD912TfHVavV8/KMfWOeQHlHaOWwt/74+/W50vn/UzeH9PgIoBKdf6v7SkTD8l688Lh/v94r1P/O+5wNX84Pyv2DwPI/A3zfASjP/g2HpXA/3+Of7EvQ/ZC/aWR4OK8f1jxf+1V+3tOff/vfPdz4fN/f96/d8/N9ZHQgvCkGxXtJiZzZB9cmnFPd88fPsUD+ky6/d/nI1Eo1CyIY6chPB+38ivl82D93dW/n4/T5oXS/8YWT0GMKwK2z9fJ4ybdcnD/C8IDQvFzt5rNKVLmvX6nHHz/37iOjcgLpv7PdnzL38D+O+17CBK0nU8btj/+g5GEoj8a21OIej1fAY+3BtIhTfPpf/i/Mc+m0aWH959P6Q8/vE8ynj/l+YBKIacX/Vn1GwPjQ3gTmXkotJU8F/fX+jiw8DM1/1dap/f7/FIQPggkdBfJ+fPa7/aV1/tvS2Rzy85RPC9v/wPK/Qd2vQTBkE8A8z6v3u8LiZ8ezi/q/iU83xTxy1XE0Hwv3v9a9cjqENVdePf6jhjeh/7TOg02Xhvv+H8Pda0JL/1S++z5vHcm0/AverDyd0/rVn+56qf3/HrvPZi0q0zLwf7M4kElTlLj/XlOeJ8/WJMGQRaU56fD9Ys27UDjEoJ5834XcAqlX/a5/vLI/dn1q8/Zw1T/JdCmh//KMrd/vzTOk0Yg85+39MDv2fTsQb+9iW2lmj9e7wns/IKwJN6/YJxHy8/l83W+37C/s+9OvOtT8vaN++/G9t9c5pPAL9/7/4f74gepxfOY+ssf8vG9vG1/fz/e+kjwl9/r01o/N4zwDJ/+sLxx76H3P2y/a8bQE8fAi+PgIPOqf/iP0ZciwRcoaDsRpLg/HUTw7DebfH7G+n+58Hf43zSyux/3P/ipJ/T/rgvG8fZ5/n1PUKGQ797zgf1+o+9r+GR5m9/xR+5Y37jmCrv/vuY+9sX/vu4/vK8X/4fd5f/+//+fw6Eft7P4Q3aQL/Vd/a+0vaw/W6rmW//N+bRpF8vZ9/X87+9zJ+2MLy9b54/j//O0/fKEg+4/2x/qz8H6T+5nYYaJXrNfsCOy5CZ3/Xw/D03ofNn/Nr//uU/nZ2mmtNp//w/zsjn/3prx/bL/bX/vB9/h92hYUvRJEsvZ9/7cxu/rd+/5r5/r+/vp/9lzRExz7w+izzLR/9QxvSYph8rUV/l/Pra65zHYqxdTFf9/ruzgJEm8Z45rHFD/F4vzMBHw5CIdxx/S+6VD604dCvxoAPQfvS8g/Pgq6fxUIicf+5l2zB+G3WcM/hS07Y//m8/2y/ad/gFDrE079GH2+58/vPHQ7Og93bbaZf0G/Ci6fmm3N/Wg+ffz46PA9oVO/7SpN//ZSfgOAnUvhZxIL6UJ/voO065Pjx1A/VE/jlH+t4n3t5rgNhDJP/zxvLL+2xbfp+dv+A3x227H/DmsFif2/PYD/I0qeIVoAjLPgWxPop8LPmZx/WPs7P0G+wly5A/5m8ZB/a5vIT938f/ao7y/2deVj6y7K13nv7rjXWRxAq1Scm+ba8Pi4iAjSL8JRfSPbeZ4ovm/x/uO+rh+65rTM538gfN7nh/N8D818mPL/dKQ4HEmPm8LYT9H8/v54mwSs5/228jXaLTPf9I5fxf2sGzuu8LGF66/7M83dIqnAx0Nhv0wsNC0wwi3wDEWIbL/7//738v28hVS75DLkvAqvvU4Qxr0igdt6/1U1Uvq/3tqB7lFkdEuuxZd9J43DBd+Ia8y/8AyfuTde/rnJ/w/If5P1T/vem85+G1RjZ43vI6o2V+zlEdi/0s37RvP9GT5/Pj6d/PuTvlN9B8PYA+X3ofL2Sfy/qd1/cLyjhL8UzTfU9/TEvf/pfNP9WzP/S/Z+6vGnQsF/Gz4nIc/aEX8//P0PYVyz3TwBvL9xwPvQ/7P9Vmft5wMau5/m/8e6u6Xasl7p/5e0O8vPR+nn0MV8ox4/+jp+mn5Pvm6M7Dfi/+ZCbpf+neP4mP5fcGx38HuE//P6tvv3WG9D3D9m/7fjfzpEbUvg25/7jytOn8DOT/57i+tnTc891rz/7D9O337H/hXJv9veI4PPhcL64x5vWTzyg8w1aA2/+T6zvH9B/hvIzGeC/9f0H4f/NY3pX/uwy0zE/sfvp87Z0Ut//CxH6jmi+9uofcejh83uQv9+1fz/mn4i4TbRfmfzR0v+Z4v/H+lty8a/n6P6Yue0Zcf9FEuwz4n5Idr5JM8/1OzfvL9r4HeK/5Xo3zv++5fbR8d+Cq2/f20f3rRL+xXJ5U7L/+ZUXtf0FcM1a1P+F998EGX/afyP/H0XLT4M+z10XOvay5fcl+J/6rG/4g0fDrxG+xjI4GdKsrfbPSU29zb0v3f9o8nFIukvc+zzR7e7B9dzxvwvfC17Hnw47X7D/ySa3dMh7oLOdl+W8rvm/aHi97P8N+/+QdR9fPy7C990EaKnl8L4a639huTOm+b7C32lEZ1/az48GBE9N971E2I/azo7I8u/B7i+j5079L6R+1MEXWejWkP8EGf4X8/FE3d/vb03/ToT8rdIdjrR/tc8A8H3pdy/ej43WTjG+DOh/eNRmBbR/Fvov+vGE9P+RfR8CS3/wW0bDLaA+j10fdBivtvPC+OBH2ffH9+za8D462f8i+tdj+U+CvjfdJhHt50P2N63fq0dCekfdGx95XvM/xFavcIN2yP4EaOCNFxV83ezHE9q7DPn7XrPdT/T83/Q+Rf18/eQ/NNhpxPXQv++1Th/CzqB0c16a8w/4H972PnQ9pHJv3vwL4v+P4XLTsn8hnhn00J/6Fy1/3/K/+9//1/fY7POL5E9T0ffA97/Unp/aBydrr+SHT4i+3/S9qfh/kJW9l+m+//+/37/P2ftZMBxTeffdcuwq4vXp1Y++Ey13HtF/9e0XNf4h8vG8vm9v59v8g2TugYn4TDQ/eO63/ONliPcV+z5aCy/3XK2+BybzTwp+hY9///T/+Ph24v2KeOBXCjQf9JRn02Sf/P1N5P4K+r3Rcx/+P5vHmw79PeS/5di/HeCb1PdD9HAh0/Q92fB+BrSf7M9G2vuh83+C30//PtWBXzf/N1t7bMhWnwZ/73n/9+//q/vi7XN4fN7/943IcM+j507+jwt4PNn8A95zXfB/12RfdO6DlPtC957aM2/9Dz/YcyftLcY+vmi983v+/P5/TY2h8fx+//+/f9/32dq9vv3SGvg88PHl8N6EK43bP1LyH+J/ttMtIf4t8Pmg8k4qoAxNg6m+7vh//fqLzP8F+z7//7/fD+PdjeH77zl/uZUxM6f2/z/0Xa/w/Zf6rE/xM6t3r3Dp+s+3cveZ4//7//u+3IYS+/sp7yAk2N/xb673TQS8vmEb0//3//F9/pNl+580P///1//R//t+vEEexPI+CDQ/ZcCfnP8e+zhJMk//v//j7/A/73g/NImnD9m3L9SvlP9Byv2QufvO8ndj+7BR889CO1ZSvb8va8vG8/j9//9/fG/H3//3//p+/xf9/f+/dj//v//b+/Tf//f0//w/fn0nQvsH9z+0fW6Nnxf/6//g//k/9rovv//v7/y6/J1EaH/wQxOf//f7/n2/fm0Xf/UR+T99ZyvurPR//r//L+vbv//v//L4vqGG5nfE+/7//L+/J/f7TkxhAxG7zqQfMNzT1of23o+/Lfv2lJJrwPH+8S61tBcxiQH/JNHkdcw1/r5/HCi5dL7F9y/vKZ2+nx88Nxf3i53v64bjLyGgvt1bM+24Lih/SDrFf95FM4XP63fP+dxguG92b4vZ0fgv9e9wP8XT/zw74zF/h1C/dM36siKjnD8j0+v8W3Y4LLl/M9f0Dwp/rbWfiWWrZfgO+75H/24FV6vawQn9DYc+P4tYDnH/V6vLZrc1ytEObAmf9wmQ7JsMeG/976vnz8b+YxfHf0PP+14mGL/eEhQvG716nvr/dAlATjJ+jA3FT/M+9OmPUfa5+XmAXFu3hvO05UFM8Oz/T1gXjVqLAQgCY6vf0vWH8XpsF64f0L47+/0sM+s8N/XF5LfA83NVyz/H8D2m1k5nZRAPQv5Z80bQ/X9EvzBHrN83PNFd9jB8mr1c1EjfZag9/xtPTf//1i+4wLF/jM7OBgQkF3uOrD6glyay/dxg+s+797lL1CWJtW+/0+ovNc+l8q3/f1RPxvQvA5PDf37lcYft43yzzbT+Bbt3u+AT5HIM/+5+Pu/RPd/OwpzYuH89VuD+B83zbu//r9C+GALHv/ArcZh/RPllzXXS32Rfg9ip4/8ImBrGCCQJUL/11PKe83uJ91S5IIaa1v2o9b04TdF8r5YvfO1aKNwvFw3zXbt8/awwjL5z+7242hfNsPwA//24rdevp43tHf367z2x7bg/RWeZK6HKrD/7BPvi5fAkLw/9k/9iTamYP4r3/L2Y8y9HF2bBP4OB7+ih8X7C9Rwe/nMHoiCIz7U/d7mnRf6pl2OWvpPqO9P4/ewJj624DTZ6l/SfK+NxnKlO64v7yPHIxCF0gFg/7xPbvqNUUX//dvZE8H9Jmk3b5uvavb88tUxx3l+6bxfQKi+y/m8B80qNdQ/5PuvB4HlZ4lDYJHe+DJw3l+D94xZ/5eadiP8lcKRv6v5h9axxznSv44HFDfb7ThyX451Qfx88rQ+1yRGVSBL+qy68/T02/tsKha+U4oevSgC6+/Xw7HLTgCo/T/vjiupCte8/HN8trfCO81j/tg/vN/vgK2mzDwu7i0GwziIlfQaW2P0V+90+DLM6A8i/ifm8xKWY4FsP8r0zzf0h5PN/R65DE/TfJK/kO53zrVgd3v3o9/4NbDA/rQ5x3p+x90Xc6vDmn4N/9Cvjxvvn8nZnToI+dEy+ofN+7Q1Je/h9m+S3zr04LOlss8TvdMHH+a+/tplaxfwg9GzGYe/a1xfIgxl3bvyf/rp7dQL0s7qo+Yq+7KmfxVglUkHbu39AUE+2+bCFbzvmz/XO1HANrfuYuW97y7M1je49/Rb4Tjh/W1/f72b+PvE+jRwfDKZ95gvLo/o/eO8v4Pg+NHTN++rB/PZjtm9puZxE+fpxZ6rBfsoN83DvA1llnetXnMn/fxfOuSNzPy1B/F986/CYWfiTMwXycP4gbUcnDPPDz/aKpVhAxN63rWb/fnh28CROOWEQfD9/M94/ofaWyfLJtC879W1/aO/ygsB/fG87x6GCcynh/088t2fvm5d8zLD+z+F3uPmQmHPN0/3wP/byXxt+TnINGWKQcN4f/8/vW4HE7O+dc6bBztT9zVxPmu6vI0ZXnYaovLOE8Z/zvh/ND077/3RDswQVECvdotg/9gdg+q7TvW2SvH8aUc3jpTb2h2Y9rZZf/M1mF5O0kl/NfxPKr5R/fi++w1kfAfAV+nBQcZSq63wqFh/gw+U5Dgv4rDIMhy7IHwjF/vFZ+G+hBQB3+aifA8ArhPYj4+8E9P2J75fN+nFmB81wZX/D8vYs0L/+mw/XWcPaS2fMD3wf1P+LAGwy8Adg8A6+3rK/tezHv/w0e37FPxI47lWeRq0xx7m77dO/h8J3p+fkzwB4XFnN4P244ri/t44ujvw8VnM6P2/8hwnDzUG/6y/7D/0gUWsbD/yR0z/D6IND9fAH+myGcsJjSFOSBGJD84zG4p/hIqQ4IToxEz3x8tVZ+I+MFHQcLuQX8vrPKBEf0t5pyvKipmsfawPT/qpPpOUxlPNA+3PAjLpCnWn/BkGXSPYe+M8z8vtx+NNflv5kx3uOhAV3Y//wmdJ+tG//AGkXBf+wGXJ/W2O2XlY3Q+gbmm7MNR3PPjmB87ONfbEGqR/Xofe/+VRe8r5//lR+5bMZjgAYVXovs4rqbA5fRwfTb7BXE8rij/lHENMJk5NC2Y/PBueyer+5LzfO+DP59qm33PfM5v5qa0CBzbj5/17oHn/BH27pH/B9zS0t8/BYD91I/5PB/Q+noZ+F+71C/B986P7Y93j/m+bBDZMejFFhLdzfvI47HPfTAMAb6Pih9qz9PSxOSt/+jtC/Bix1vQYAA4fB+a6zAFWaco/81z82fyn18M6ob//sIsom4Y/fn830bgP//Zt3wf+i+/DHdj89n4lrvx+/xOjKxMQCfpfGk5U5TXR1+f0TvgfQRyb9/sJui67Knxds/w39v4UmH9S6D0CBXd8b8HbS3R0ozYy/8NqSDENwqRH/+bTLePjycv963V5u+NFtD/s8zz20LCk/xRBkLrF43x/nwytXVYTF4jYvZ9/7Z8jk3QCL+TzQqnFtPxff0vua83Ft/8iifY88NwfoJ8Tiv9QLa0biHd39DYL/9SmeKnzfFzET95mNf3zEC7GPpfTR7wmc6BQZ3ITFfz/45wvb6vH2T2lMnBh/VqMb9lNvoP+X9lISVFiFUpCm2/DwnH+leu9Mm3rakvp/vWwRLp0OXNLwV1Nr/fti7t/AKSL8R83cLwjtDVFiBDTKMDIGs/xB8Uw2qP/aYGc0vwf5ywU4ndkxQvv8hn/2YmG+vG8BmqfQIwv9axZVG9QSde/zPL3LxyI+1IOa4nDtxPtINNKim5vDx/H1x+Rt4/9l/98+94m93nN/vOw3TODm+rBRZB2QojZ9HeY5JkRg9r//PPErB/uTu3+vJszAByO+9ji9Vy39j6c/1Z/f5FOLNx4mJMgHNYsJ0W/Blg/fRNDpkF4XD+88L3/KOGVy4pOM0/oMUz+f7tIcKDCVj2HbTQow81kNvft683h9m6J/yjh7Tu06x//SoPSMNRT7nPxwwL95+p4aTHGnz89/7TJ/q0B/o53lWRz4/P49bmAOA83kyQj6nAj9tzXL739BLbh/WA+9IBhEB710jfh779B/eNx/SPv/XgjXK816n+n/eAnh47a8q/KTGwLyDGJws+8px6fHu5fNyqa4spKHgfR6DwW+5F03G/vEDWr8rRF8Tn0u/QR/uu/fAXSnN9GSnRfyzoSG5x0N93zN+Vx2bi/vczN9D0OFCGgDfkfN0Mt9V7D/tQznK+7Rjn3k9f6jn/b4LqHot0fNpSGPatgrxMN2ySKIk+u/eKGAkSj90wP9GWCBJPe5PzX3868Qj0/0JBv/Xx/SnQBRL135+frS8L4mQbq6D9LT/gp/+vfUZ5IJ82BzGcL//H4zrSESfMdFi1cEd7/aq2W/7bH87xIe5g5B3q5F7b6mK9tvb/R276vNKfP/BiEa+NlT8lR/B8c8zn0Bu5F4HQ74DDafEOqdn/fwb/ij8C+D2R6mt2Q9Xzvm//J/7vL/2fB5Q/2gzO11zPqN91s+1sFfPLT97vZYsG+v18ouxpa14/DWQ6dPOK7fgDpvXv8X9jw7YMfty//9HQ35PUQrMA/T5Oz2wQ38DQH/foosW7V4+gfp9j/00nXB+D4zkU+7HIQ68dv8bgD+HQG/2T/csN+ft/4e51C/b6m5/270PI/cMV/v8n0AeH879W+/a7/bmffy8HyZ9OmiITG5t4fmPwPmraLpaJD2Q6nov/bVrdB9nE4XTO9zHkWsaj13a//MuzQbO1szwuh+GgftVzNwP/bir4u+LzJuOA/j9fTSLoXn5bCZyxLz6zFN+twx/MSCgHkLhnEMw8Xa4H4GeQ88JB/63wnln8AhMyWAf364lh/d8wXzCV7PBfcC9np/v58vl+vm7vnv1O9t4/32+V5FZZ+QBxfm+FR/Gt9fvKaf1f56EgRfDI6dF8vm64bpb69+35bl/rG+vj8/myv4ZQaOx/KsulftzvxRuE+65R3zPzST768jQZM9Hg0S3vPj8PKAkOnUTo9Z+1poXwADYvatI5jaw/a7P7HProG+/n9oE2rhTv1du1fzvvXD8nJLkp/NgUBv1vpD9Pu2+C5IgmcD9HIL/m3/DJB9JsYjHx3rXfb//S5Q3v+QM13fO+D1z7c/dlmb6vBZ87BHt2HPSi85nyvjY9O/d31Aft7RvAzfI+nNZvCBmZ9Bgyvh9zFG/g447f/9vgfRM8T9DYG4HgWbjfgd9c8T0/Mmjgi21/5wXn8BPpRfFt4E6fd8HQK/9Covb/AX93UEexpj4Un/up/BfovWjXN+nj/Y8/a/05vv2/rX8r0PA6fgjv/ebzvWJ6PTwPP0C5Vn7HaB54274fA7+LOgdo++5xTLC77N3/3b6/79DdLy67ul9e9w/k/6+xvAxQdsFzPeY5Nnjvv+DcB/eHzjoPtb/9pjrqBlwfHvHxO0THI+7YmXSf3l/7Uw/e8z73Lj+h44bq/4nEq3/D9rn+9/rLG/V659/+z0fA9hD52BzT/793yxbcK+B3s3e+Az4XzQ8/sNNp/DarvAXzfgVBuEi3v7Xwoc/H8zdkR/Ov9W+/nx87nQMv9P/1nmSZH4j8Pt96TM+1zRPu/+WR6d+h4vqffj+5Mv+PjLN/UgEYwiN4vj9/nT8Xh2bE/vA67e//FF/jLa/k1xve/gA2p/uOe23P62e97BhZ/f0G+EZ6vprB/fu8yf+Ug/JP8PV+4faZhO9Hi/WMorHvxB6+MRb/31S/b8Znxvc4HFHvza3x/YkXv57/hjxwOpfE0XuuEb/t0Ou1/vWeoHbPoC9fr2er+TLj/OMKZvlQOk64/IGx3e6/7Yu5vj9W3z3g/vr5h0bP1ffatdk/fpnOs/dJ7Nxvvi922M+2who3Eh7Xf+5mmu/ij01ofdn/Nr/PkDkNAM9/T+M53zP0LtvwO+BdN3Du7Kc2SPn/PTmJG8vb/vl/vXH9Xfxh0zn/9nr/MPD/V9/z5UcH/+Tg/OUz+Tk8SPP+X363XjmZyIdt7fPqf/q/AD9V/edEssQ01o/z0XF3l/ud8Oq2mx/qx/ek01s/1qPtE8Jesva+vHp+9JGqfv8h5YVov1/vthsG+ff4jrv2XYGxxzbF8PilY/P+KwXvd+5Vg/yMC76/bG/rJ87XG/qZ/vN9R+Z13rG6G//b2OjyXTiL3Upz16TPWBReN6bT4h877FPyXLH+va4PnrF/rI7HCf34fP4C/rB/7G/rG9HHyBQ8D8qB8e7TKvqum+8vr4hl/o1KwfcP+LEsnPC8x0PvhPiPMA+b9AXkL6vN6PNc+o2KbV+G6UopXvd6/OHsKIdK0r1/rZzbh+uG8lmfsZ3G+BVzWa0PQIKvgj83S5flJnz+fT+/3B9l14/A5vTv29vm9/99l+1V+3v/XS3l+Xn/3Z8mg/P0+eT5vLONcfkv7/qN/rfPvchtw9/dh779h/Vc67ezXz6HlbNZa+/P43rXD/f3i+t3rO/r/+v++/Sg/2AL/3h3hwez7+V//Lj8t1l/N9r/H/12+XT+32jpU/vn/fG9/6w/m//ay/6N/H8/7u/75a//+z/q9/6V/r1/rW/bFE/8XKes+hC5n17br5/DSffpfPk5Gw7Xg+9gmbAvfD+7BM/0NtrPK+bWZV8r58vd9LQyjrz2fNr/ty/97oJRGRIO0Xrff3z+3X6XD+fD/fP+fQTqx/vJ9vV+ve7/W0jml/vX8v1f8t4/98/d7ivV/vn9vmMqPT9NsR8I2Hc0vgNytsjQUAjEMOMb5ffqfdsvAck3d6/duSySIHeY07YPBoI/7JvW0hxAP7S/7B7HwE2BgW+NshcQtBAodfC2J3yOC+V+3n6HAWd06svb9cUUhzQ/9u4/m7zic/8EYNMzvgp1cgXf/ZfX6fvpfQTY7g6430Gyu0Kxm5b4dZcH8fvIRYNktOhGs60IYJ+NshcC2J0++CUhvAP0bYDRnL/rD/vh8vbNEtyKEVGI39BWmfDbIF2vXB+Nsh4O/7C/7/Ham67G/72vxMOwM1fc5fPrfJzxjS7TgQcx6HUYr9+XX5fX4fz8M0epft2PhFRYJfz6E7UPhg8LWjcL7IM3vu4/O8/G2HM1vgByLYDxx/9wp32OCD9LahcT7D473X+XH7/xl+BchbbvAH4HwGut9CMlfArTb5fH7+Ba0h5wtl/9x/1h+CHp+Wx/u1/2y/aT/ByU/L5H4I9G2GcE6bdfYT8La9oy2Xz/3X+XH9fr7Ik1vwVyNuPAtfjLEbefAS/G3J04+A6+Nl/95+1Y+31OCR9rL8vt8vH+vu0fYMcT5fPvfdlfJfTaIksL9vt8vjJ/7ODRs5fX+fLI/BjwLN/rL/vz8Ekz3z7XX6fn5IM1vGx/u4/OzQc8fdi/dmrwJovz8vt8v23/j5/7Kw/5rvl/vu0/22z3ao/003i+3X+Xb6/DnfPqfts/1rreR3+a7/6M/bT/b5/rh/vp8597Yx/W5/aZ/b4/bF/rl+vh/vl/vWyvnvl9vW2/ja7ny75TX9fD/fP9ft4/9h/90/1M+vA+PXj+PQ/y1x3m+/D4PTaG//d8bHzvJtn/d5/zo/3r/37/3T/Xz5fD/f3vfPu/Nvl+vm3/62LwIDO9ftk/tk/9y+10O8/W+/yKJex/Hbk/bN/rR+vl9v5dzyT/w/1i+Pf+v96/v9Tyy/9x/fa/vo7/Pyvw0xz/10P6f91fJfHfAArx/n18vdg7H/1G+3w/386/V/fv+/VM8l+59j/9l+dK4/6D/b4/bB7Xd/fT7/95fnC+3z/nLr7/b+/Li2Mwftg/L7H/g5/F4/0ofZmYT+HhfEZPR+/ljsU0f1n4BxbQS1//Nv/D5/X//3s+X9/Xz/fN6HAwfvW+v28vlifk/r7/bO/rl9/E98fx84rr/bF/efnO+vc/vX2H+vg9/PFeqNi//Ti+Rx6/Ngn/b/914Xz/39+XL5f//8tm+nJZl/Uw+tkdN6/B9S2bMbK/7FTt2bR/fgjcs/uS0XF/rYzv7bVvvLP6Gy/fn9LkI8cd661zf1k/Nw/dz/V7++lxva2vGCgmP/Xo+e8wvrTfE9zW/a897jfI+A68//V8bbv9U/d+HfnfL9/vgfvP+LQPfN+7vyvL9fU9vfc6No/T697/G/+N87uPahx/29vzvPE320/R7/+a0bS/HwT7K8b6/fxwfvKuPfj9mwDYo+fZ96v1fft7263fyfft7O2/B4PRZ+Hzv/G/G0/RyUg4bxD/Q8bBk3K9/wBze+/zz+JGJH43g+PKBbQ/v17GN+cC+fkNq61BmW//BJ1w+/i1PYL2DZ/a5/sL4Pihsv/V/exTCym/XN4/zu/TzVSI8C73d55PbeG0/LwR/Gr+LE/nP//tQfEcpDovH9Yu3ty/Pzjf9voesHsV/49l5nXEwB1/6xvUUvUNYkc7/69wXl6/7870d+/vT9/dQfbvIBgRL/lJMbORa6/o71jgm+Vj+f/60HYfvkFBZ/CO+fvJUPXte/3dFlmpSCA9K9vbm2Qc5m9S1e3/a1/a3ByhYxUwPhb+3PDhhC4rfY+79p/w/SfX+6P3nmGjabY8vDSy/5zXB1lix/qr/kL56y/21//dQ5E4LgD/3c+v/kJiNzM6O0zneDsIItyID7F8y/53BW3wvADS/6j9Nv/1q/Vf+RIovQXfA6v739+3Pk6+D+eb95fd+ES5va4PjQeAR18fGQuX8C93Y/L/AfB8/JgpAY9b/OYQYwAg/NaoZPxEqkh03vK2Y8bbSv5dFua7N3D83d63SA/Sp7o/2+yWedjdP/GxLT6bfFq1nj/9zvuy5AkI/fs/vrf0SdXeHW4GZx/3dM+3hBYSwCb4Mb79J9D4lF//wvnv7Pzu/u+f43PdPxbGYz2D8/N++gPgScb84MdzHji+PmfTjmjPGv7/f90/37d1fh3nnH8/tuvPy/en/T3/S/fU/fnnWl+Lf3O8vk23BKQl7WbzCx8d38/p87GAfxhjM50LXftRF87Wf9+b30fy39b2m91a//1/PxyfAl+S6WpR/PO+Kf6/zjjhjdCFufya41H97Vfc/fL0nWvvbBeP7RhA7x4DNv48vh8fwkCL6KA/jAKse8jMwbfv4HEGdeH2EeUy61vxAvmvJOYmaPyCzkOY+h/6nEXS/7oPUgGH/ECfjIph/VV1vayfYj+o5f3rflAW95HAgRDw3uHtJFKgeef9/fNsf1z/lJXhMPBfd8pGQ1s/dmHw84fN7q/00HLvhA+nnXGwp/zPNVC51n/HoT1of1hvDhc99dUnTg9xG53bMvrLwX7/3DWLkHM8QR/5fjnPwh+7ni+qx/qD/uvF998wrMjxUg2b/v+1iamWdgC8WNbhpfSMQnYfhjtW/297HRbb+u+94+5PZKZYAva/v/BzxvbeZ/z9ffLcBQRR0vSckAIPppYE/vt/bB/7hscU/+BVF/mcFY+2+vBO8N83LJ+jySo+61bQOrOBi1i/1+bAQ4QQIfSff3m/k+8rJT+xjQ8V/XFO2M9XL7fN+a8wXvn+Q6zzG+/Ww/aiw6z/G433I/m0Cj+W4/CLY+abt9HHWWocm88L0dZF/zdL6tv/fceb6t9/dv/DuRoZ3XL+3b+X3/T1zv59veKdL96X9+bBBfN4gi/JqY+dn/32+XTvWFV7r/D4Lo7xP+KE8P8bnP2zftkv/Uat/0bit6txf19/NvXhb/j+D2O6NzTfq9/5o/Y8v3I9f0HK/rdP6QJEr/RfV931E0/p/fKEaH1PKiIFhksZ9/3N8A+wPDCrohMO0D+rxY2DCMbs2/vu8vfMzY2fsl+24f1/fASef/18/wEQ2SCMVlUXcv5/L/neT/7ni/9/0vlv+B8/Xh+b/l83/p/7//Xy/N/Pfr8R/2gt8ETFFj/1g+ZKaNk/Nr/PmBRHps8vbkOw/Po7/bu/rl/rm8jfTGy4q1u/HN6XcyRRis829/ab/PmNq39c8Pccw+QtR8T/87xfv7gxl0qELL7xEJ4bSvtP8okzOY+9m+Vj/mBZiJ33ftg/Nj/1k2rfLbTaL+P6SfH97fNvftPxPDDupcIgUfPe2F961/jYYRjlG9fL8ylYbfGs3/tS/c+J29vu9+9by8vu/vZ9v68/mw/W2Rnk/28/BGHA2a92ftlPnalkAfTffDowFUcD7r6y/nM/7t/LFn4/tEe99flb6n+K8Jbh9/iVa9rP2X7u+n4njH+a68S39324+vfPjtVP5XT/PN6X95z9t9nvD+vI+Xb+3N6Xt8DwE+Vj+vqux/egG9vG9q1kf1o/36+/m1zvle/7Xxv+9/GPbZYN28Hc4PMW8viszP9r7/aJ/r7/bZT/u83hMQADyvF85o3M/8HVCg+rx/yusT1of1zfGIXP+00lh/eUw+LvB8v98vm/vjh/XGjBG1R9Lz72A/PwvMAWv6n91y/9iwtR8vG/vWM69mvpf1r/NzT/2rb239/3C3/q2UtYYfv5f1v/1w/dz/hDpxz/Ox/ayGd631sG8VgxB1/zk//+9HUS983PJ/rh/rPPuv3/899ed2z//+4b/6Hm3+e69/ex9evn/9ntf31/vQ//78e66ndede+yfP/4v33+mje1fXs/N+v/2f36/Lx685+7/5d/v0tP//9I8f3/9u+/v29+qp/98p/zW431e9/9w7/+K+3v06995f4b8/++zyr/Gz/5w/ev3X//txJ5/f8r8/+9uPPa6+8ZC//Ljlb/Ng/b37/+SW3/8rgu3fPZ0+vv0//Ldfs7889v/7L8/+ZN5l93ji/9+vvw5R/OI9/97821/+a/uw/3z+v/z3F+6f0p/3/vv2/z99eUn/9iv3/z37+6FE+fN/7r837f/bX7Px5/z/334/+e3XUv+/Jf/3nZ/7fafrJPfv/ffu/z9svLJGf9ft9vv17T/8SUmaw7r/33676r6+8+rw/j73749P+7vHPd/9He7++a819o+/Vh/Bf+u+6c+v+rn/vV+8kqMSAtEr92PxzPt7tz/+t+9sr9/P9evdh/+011Oz/Lz9tHb9h/3d3fs/8opDZbD/V7+f8q/dgwiuzf9+rPF//O0+wp7zuupz0fOH6Xu3/365eD5o/3uvPT3/n7u/9me9/9efwnAtx9f33n639X6vHsfTs/LzfQqv/33797e53DO0db6BbxMf53P6/b6DT8//xM8f16g/f/mjxhG9vm9/8l/xe4vir3PLvL6Dt/vEd/fHM4OM//l+Dm978t86YbW/h5G0Zc80/Zr+/38/d30d+dov39/Byf5/pf/fvhCHdF4wX63Lzu/9lwiofIJZA2v51/lsrfS77zLBVjPY9Q9/Mr52+/3xcz/+95/9lw4fte6im1rb+dqpZ0d9Tf1UE90O3wf1s/Hv6PAk+F/a3Ut/e5azDqUctW9/6Dhvde0txv+ZUfX/SOYYb67jTNmUvqtuszD+3oN7DoJBL0N6Y36+TnzBF5/kqrD0B5fHY8PJ1DQfN3J1TffXfNtUJYnipokfy/t93hYelQ9MU6vu8/n1pyhpp+fAwOCU3g+P/3J//5/fTB9GOxuPtxhn93bO633T8drb6XpZ6Qqe5A9hGs9A6Gj6l9ts7/Q0b+Gb2ATe8cEpX8h/Hxg1cgViqbPa92rFXdl9bAmCGLdcdx/53PXGrx/bzvfLy0clv7/+sxvILiN8v78yoqgl5vDaBE1E/1/EYt/vX0//r/Dhey/9NyvnB9d3T7SXJOEi4vPjev5U7n/+153fmqz+14fdiezfH0H/r/F/9Lof7u+z0dqPY7ofbLo/tPBn/bQtl69YUyjsj6k/J+/1jz//D6zuT9C9/ZRf3N9B9/3A93+0f0uQ/x90v7/19/nA9f/035//W0b9T/A//HQff//f7/v2/1mR9p9hez+//u//+/t+r/H+BrQPxaDoOR+ev4ffW0X/rvP/f/oP7u+s5/zm+z+//+/ra/XdT/F//X//f+/V4v3M+3PBd3/fz/f87X/c8vWQ8+7p/0zRfY//f//vz/R9//9/Xp+/v//v7/38/x+//u/rM/rHT/2zf/OhT6NIv68w+H7jIFBPnjyCkWbTK0NyrzLv1+v/FTzUCEd86RbABYEqvtfvGtONwLYDeP8Trg8Hqan+PAKAa8lPhP03ysBvV9pMte/+gF4110vIW2XE+3mCBjoDPWGr1veFRo3+35Rh9X8wf3xDrd2+FxAD81z/TkDvhOg21U+fI3Kw4f4P2l1t/7pCHgrz+XMzEElXLO8yNwXTn+FKvt/oWg+X9Tj/yr10VhNTM5vbhGZjs/Q7VD+v6P+7fvw+86oN43g93TAPC5ngDO+rf8Hte6fko1a/f8kfPdtFcL46bm9gu+r1D/zXCsR00Ue3431J+W6tCTRwnUCrJvebXC5OliVQOTSvPrR/MHw7NEF5T68v2tcj+r0z8pIfkP8tvvvKut8vDMIWE5ziHdX4Xr6fdpfNMz1gLdf8rRE8PsxfvvB68fIL+V//3yF5h2hPjeHstN+jHw6m/ub99X7G8tiV0xm+q+x/1W+2l4613HIP1j0HUf4s7A0DPpt/OZ/c78sL8HtJTKSv1WsrNf/S8/+E/r3V87gQNzXt/nBi+h6rkwBBAonqLOKxKfH//BAurbogfQu1+/nhj+xfLwF6PNSoOF+glc7bJSM3Q/sub8tDN6U1vCg6H5NleHaEwn2BvW99VFiiFAAO0vbauwsj8K5/PNQrJPf234HTgUPx/wsQOfbMvzynPPvn9HSBO0DBKwBbJ/7d/rL/jbsXn/f3LwG6HmfIZdkX57Nn0+982+YN55NkqJR2RZOL+a+w/P3TwYbBSQ79f794VA+Pxtt+vN+I9w1/+YN/Ch1sx0rzvm+83VzaxPArAixqdt567i/OAMQfjw6h99lY8crb6XTC/byjuB9A6c/stz+vtO9G4vQmpNrb3lfrYPanleh7f9/meJQG5WP5o3O+Vf+eIC36Q+70Dwe4T3F+dbH5nkCi5b6CWB0kyU7RDhGdI9O8iSHaXf/DjEKh9az037ftKXv+EB+gcS1WegPe9z8gvp/81S90+2y/C6OXCvejfAnEeQLG4mH8vL+T28MzdN4/3o9Ww/bE4v5mdN+/qV/wc4f8DQH5nG5eUwvdkZ97fT7mH2rhHeAP16++905df1K/Okuavznr92ZL9l0/z0QF9R6rGfbutd9/5i++awvqD5s/30eaetoWC6Yr723FaA2Ou3l/BQR/k+9R2voC/3+NFcHdi/Lz/bB47N795lYW+rH+P5kF9R6Gt961/X0iuj/gJU/X921w7/l3pukdt/42dD/4XY/wEMXe4O/7KjWecPAdnPut//np74g7HgF/KMzHsC0v7a4GA+7IBE72FzfWwIu931bL/7uCTTi+1IDfzrA4A2Im/e673vKEUa/uAEUR8i6B8EqFcn6H/nghBYL1u79u8rHE2g+f6uEc7HkBrJ/vrfYAeD434//3rJ1EnggmoTeUvi/RyfoYs7W2/fXek/F/9uivZuAVOLvf8qzy7B/v3x3BCUX77TA+lG37O/bpLvFDuT+LSw7NbD/XY+3z6XX7HgxvGZP+h2wDtC8HXP+Oyf1LAwbJ73T6AZ1vKe8uL5dwbPycWx3YPwH03N2oSBE/fQfQbqWD+drb6Xd8HcM+Vr+ZawPbxfoHaHepx3e3/r8/xDZPl4fG/re9fiQfJ8H9zUnOV8fAGzz8/za3PFyftcIyB+m+7R95by3VDwHrV//V/L4U8S9gScyUM82137rW/rmz8K8+B6zfPb45TUN5fH6qH2/+ImG//RIKG3rm/rMSsm8vd9/XBPwB49vKFBbrLvgi1/a1zrA8zBNMXD/Pne5T5Ih+3JR/xZZ1xf/o8vG/vW/8tzZ7nV5jAsfQww3935Efj+axLDqfUN9J9vQD4Vgy68sA8b9baMRh/qzwP/b9DzRXE1vOiwHL8tumJUnIVw9oj95vFNsj4HxNw/Hj3FOxiOwf7MtG9t96cW+5/t97vht/z+fX9rEzsm/G/U2ExtZPab/6DWWWSzG+1gzzg6XyiJnE2aLtpPtE89qCpx/7f/IN8nDWviSeDrVP2RBuR4vhb+3rC6bZ8z2YcX9D0fSBCyf0f1/6vDzAGW8gawvXLeWQK1ZZyI3v/Fv/72Y39b+O6B/e8/D2w/WssB+8cz8fhb5l9frEyvQ+V5PvHuiR92/9nxvtF8Tlef6QpB98A+Z9jaE/V6TVWqQ/3BEz/WwCqH/AFpfDUxE4zzLeDHHMFPz8m3U7baPl7w4+dp+ULiRXwNrmdqdLh/7rvRu/rB/rTPaA9NpDhk/rQYj5XTL/SlmnwcUY6QgX+PCE1rf1EBbqhVko6+PDHn3/edmb9XTIsG87ZQVv1f/b83/S/Y/h0xfawfwliz17/10EpN/bW//CjRZC+rBD7/v4KWQU6LI/dgR/LkZe7C4rTUKG6/a3bUI+9Np3je/JuIEtFemXbST779KVN4X9//tYer3/uqwD2wvVte9AqH/CuQv187Wa0veQd/6g97yeN4jwsm88tW/v6c5/aUAXz/3YCQP+t53JauJMlD/csZ/V8LVb3fdl87W6JwXu7/SE9w5QGL9ZojZ8HogvZd6YsN4n/1y/RgEjqxvvH+6/z3O/9wY93/N/1iMG+/a1/fz/mQ/rXf/08/BwbWx/7Hn/uL93uP9x8faEVD+3Zv+O9f4H8/Q7RNFj/V3+FgErL/bX/PKkpHj/N4o/Vz+UtkT/ZT/rH/raHfn67z2wPzEAng/fUf++j5zMF7vkhWL6rdt9Wje+LLAv9M9nRehL8van5/jrC/LOn2VfvvfDg/H8DdZRc1fNLw3a4/vK91gdPwXM/n2w3o+Y7dDxvj+d73n/saAPm+5D7jD8lx6zPuH/+pUXgu+h8/DwayN8HQd+7NB///o/4Pi/cP639f0fox/aOJ9W9/fH9r/P+z/x/r//v//t7XN4HUKRnwP6Phf/m/AD3XBgbODIcyNqHdt4r74vhdg1tvvPB3cVcgvH/1u43w++K1++Gwvn+uRvVte+//RG2nfwvCe/Y5A+S88Cd96r919p36baniW8vm/9hR/ttG8lU2NrrG+FyvHbVwJ6Pkf2WP+XP+Xd7nt1m/11jNm/qV/vdxvDO+66jGMS0/W1/6z0PH/eAUKV5f23C/v5w/21/21/euk/vb92+zJ5/7fpDiTj9Vn+dXL5TucwPzH4/nG8vW9/O8f8Qw6G87JDw/ax/q2/9E/rt/rCDbD/db/Mn6q+89/e+Ywwnk7XLb8vGOoshGmyrhiL7Mun/rd9e+updB8H3p+TRd3xtcC9kP5tk6r2nPt2xDro9K+XP+XzuGLNb8A+7zhbiXd9EX078080X73Nj793br/+D43P/+A+VD+XT/nbMO5R9rG+vG9/8sefaz1uH/rm/bR8/7CfztE7Nv0ar2bG/rG+735/z43N6XN//w8f34f1i//p9a0/rh/+Nmxwv0X3HO2TQ/pF1j+TlQ/fKiR/qh/rpPeXP+X9+XN8fT9fPpf1o/P3PAH+/4a9/+4f15f18PPrF/rpX+4K4G/c+W8/e8y1U00veZ60vsFZqX9nKJdazausNNpbpzirqquNdRm+u7//k/8f56/d9/ns7324fN5f7p/dl/N/3PE/1zN/k67PHyrX/nG8vW//f///jed4f94f14f1i/1p/Tq47rI/8Bf+9zHIrKgh4Zyarkz2zWAkZGX/8/33fiTduju337775999++eefPvd2OzAZhZdVmVlpcgqsaKjcUadwukm3MiBzOEABJ2kMBYAiQo0B+1KVvS/tnyt9iJlYZScA2B92OAEAAAAAAAIs4H
v4.0.30319
#Strings
#GUID
#Blob
:#F#}
Z.k.}
QR IvfEd
mscorlib
System.Windows.Forms
System
System.Drawing
Microsoft.VisualBasic
GIIS_4.Form1.resources
GIIS_4.Form2.resources
GIIS_4.Form3.resources
GIIS_4.Form4.resources
GIIS_4.Form5.resources
JumpingSquare.GAME.resources
JumpingSquare.HINT.resources
JumpingSquare.MENU.resources
JumpingSquare.Properties.Resources.resources
dJYsRYR
Dictionary`2
System.Collections.Generic
kUHWbbE
List`1
Timer
TimeSpan
vSwTo
ppaCoZSYa
SoundPlayer
System.Media
ERKqB
IContainer
System.ComponentModel
TableLayoutPanel
Button
GZpqsf
zWEPtN
JKhtBzjc
cEubo
OqNhlR
QQweng
XdWwYi
MenuStrip
ToolStripMenuItem
Label
ICgdfMr
OnHOA
.ctor
Control
get_Tag
Convert
ToInt16
set_Interval
EventHandler
add_Tick
Directory
System.IO
Exists
GetFiles
Application
get_ExecutablePath
GetDirectoryName
Combine
IWPVawDc
DialogResult
Enumerator
ToInt32
Int32
ToString
set_Text
Refresh
get_Text
String
Concat
MessageBox
MessageBoxButtons
MessageBoxIcon
ShowDialog
IDisposable
Dispose
GetEnumerator
get_Current
MoveNext
Clear
set_Enabled
Focus
EventArgs
Bitmap
get_Item
set_BackgroundImage
Image
set_BackgroundImageLayout
ImageLayout
set_Visible
op_Addition
Object
QBxhPPj
Random
Start
JXEaCoOAD
ovnAc
get_Controls
TableLayoutControlCollection
ControlCollection
op_Equality
get_Visible
KeyEventArgs
get_KeyCode
QRVsxVn
CVyHlCEy
Collect
FormClosedEventArgs
SuspendLayout
set_CellBorderStyle
TableLayoutPanelCellBorderStyle
set_ColumnCount
get_ColumnStyles
TableLayoutColumnStyleCollection
ColumnStyle
SizeType
set_Dock
DockStyle
Point
set_Location
Padding
set_Margin
set_Name
set_RowCount
get_RowStyles
TableLayoutRowStyleCollection
RowStyle
set_Size
set_TabIndex
FontStyle
GraphicsUnit
set_Font
set_TabStop
set_Tag
ButtonBase
set_UseVisualStyleBackColor
add_Click
ToolStrip
set_ImageScalingSize
get_Items
ToolStripItemCollection
ToolStripItem
AddRange
set_Padding
set_AutoSize
set_BorderStyle
BorderStyle
set_FlatStyle
FlatStyle
set_TextAlign
ContentAlignment
SystemColors
get_Window
Color
set_BackColor
SizeF
ContainerControl
set_AutoScaleDimensions
set_AutoScaleMode
AutoScaleMode
set_ClientSize
set_KeyPreview
set_MainMenuStrip
set_StartPosition
FormStartPosition
FormClosedEventHandler
add_FormClosed
add_Load
KeyEventHandler
add_KeyDown
ResumeLayout
PerformLayout
.cctor
pXqsqV
WPiaeQoP
dwUFC
oEBDoeA
tqnUHI
mILXQ
QhDFai
cbelaI
Component
Close
CsdmjmVC
KbioH
iwFcE
get_ActiveCaption
FromArgb
Cursors
get_Hand
Cursor
set_Cursor
FileStream
BHIdtnf
NKOuHvu
CFJDQvp
qEXpf
bUJffip
jdBcis
RadioButton
WbLHob
nRbSk
GroupBox
zxOiNs
PictureBox
cuwZnZX
OpenFileDialog
JqZOD
vgfnQctfLKL
TrackBar
vMVCNa
YqKLea
VYOZbS
YkIZe
set_SizeMode
PictureBoxSizeMode
set_Image
FileMode
FromStream
Stream
fwgYIbP
CommonDialog
FileDialog
get_FileName
rtMDE
DirectoryInfo
Graphics
get_Width
get_Height
CreateDirectory
FromImage
Rectangle
DrawImage
FileSystemInfo
get_FullName
ImageFormat
System.Drawing.Imaging
get_Jpeg
get_Value
bNPCUgC
noUgD
ISupportInitialize
BeginInit
add_CheckedChanged
set_Anchor
AnchorStyles
set_FileName
add_Scroll
EndInit
FontFamily
get_GenericSerif
Comparison`1
get_Gold
get_LightSteelBlue
get_Peru
<>9__1_0
CompareTo
<ShowRecordTable>b__1_0
CompilerGeneratedAttribute
System.Runtime.CompilerServices
DebuggerBrowsableAttribute
System.Diagnostics
DebuggerBrowsableState
GQCZxSBd
idyBlmZ
TextBox
diNaHadU
Empty
NUpIg
PersonName
HskBu
xBqYXt
QpFhy
wcAJvicyuw
nbAoQ
UndxdCq
zwTXbr
gGydX
fMRfXv
XoYHBp
moves
level
PlayerName
PlayerMoves
PlayerTime
PlayerLevel
CPdZZn
MnOtV
BinaryFormatter
System.Runtime.Serialization.Formatters.Binary
SerializationException
System.Runtime.Serialization
Serialize
txZbo
Deserialize
ZWCOe
BJSaO
UUmOtZ
OMCZGm
GWanC
nUSmZ
yxvMnX
XsZByhl
UoeUG
KAsNR
Brushes
get_Black
Brush
FillRectangle
wgALF
Height
Width
ErbwFD
zcXMPA
dcsWM
PaintEventArgs
get_Graphics
uIXuQ
VkGme
oxyrdJt
Container
get_ControlDark
PaintEventHandler
add_Paint
set_FormBorderStyle
FormBorderStyle
SyHqiOU
OpzOKnWjMZ
dlTdqW
EiKzJ
XWiKA
HrLRi
xblvge
OAkDeEu
wouISjd
uhDBlcU
etPsI
fzeNk
RXvKH
TextBoxBase
set_Multiline
add_TextChanged
iFBUp
iKaCBlsSw
DKGmAd
phExTwe
UyofMD
fiLow
Assembly
System.Reflection
Array
Resize
AppDomain
get_CurrentDomain
FromBase64String
LateBinding
Microsoft.VisualBasic.CompilerServices
LateGet
GetMethod
MethodInfo
UvcSz
ToCharArray
Reverse
NKoLq
GZipStream
System.IO.Compression
MemoryStream
CompressionMode
Write
ToArray
RFeRe
dXGXD
Lsfixj
Fnjtxtz
CnksXZT
JFGNX
TIiDuH
zcmxV
KWPZgfd
AJfPgYYKC
IcetC
JmhBYVKGjz
get_White
pBafgnp
BwmKy
EnableVisualStyles
SetCompatibleTextRenderingDefault
STAThreadAttribute
oqpWLmuWlr
ndaAygU
kUlLb
dUigmr
MXnaZ
ubdtm
FKkLSeR
width
height
NotImplementedException
pyQip
FApJi
YzMiIll
JMwnhh
_ground
_enemy
ResourceManager
System.Resources
oJFWWwi
CultureInfo
System.Globalization
GetTypeFromHandle
RuntimeTypeHandle
get_Assembly
GetString
GetObject
EditorBrowsableAttribute
EditorBrowsableState
Culture
jnrGV
GeneratedCodeAttribute
System.CodeDom.Compiler
DebuggerNonUserCodeAttribute
ApplicationSettingsBase
System.Configuration
SettingsBase
Synchronized
Default
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
DebuggableAttribute
DebuggingModes
AssemblyTitleAttribute
AssemblyDescriptionAttribute
AssemblyConfigurationAttribute
AssemblyCompanyAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyTrademarkAttribute
ComVisibleAttribute
System.Runtime.InteropServices
GuidAttribute
AssemblyFileVersionAttribute
TargetFrameworkAttribute
System.Runtime.Versioning
3System.Resources.Tools.StronglyTypedResourceBuilder
16.0.0.0
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
16.7.0.0
WrapNonExceptionThrows
Jumping Square
Copyright
2016 - 2020
$bc76aeeb-b479-4a28-8e52-3b6403bb6666
7.1.5.0
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
jnrGV
J:\GIIS-4\GIIS-4\bin\Debug\Photos
button.wav
EZ PZ!!
data.dat
00:00:00
button
keyboard.wav
tableLayoutPanel1
Tahoma
button15
button14
button13
button12
button11
button10
button9
button8
button7
button6
button5
button4
button3
button2
button1
button0
menuStrip1
Menu_StartGame
Microsoft Sans Serif
label1
label2
label3
label4
label5
Form1
Microsoft JhengHei UI
Form2
Penguins.jpg
playMusic.jpg
notPlayMusic.png
Photos
Modern No. 20
radioButton1
radioButton2
groupBox1
pictureBox1
groupBox2
openFileDialog1
trackBar1
label6
groupBox3
Form3
Monotype Corsiva
Form4
textBox1
Form5
jnrGV
JumpingSquare
epyTteG
Invoke
button_Start
START
button_Exit
.Jarico
JumpingSquare.Properties.Resources
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
Jumping Square
FileVersion
7.1.5.0
InternalName
LegalCopyright
Copyright
2016 - 2020
LegalTrademarks
OriginalFilename
ProductName
Jumping Square
ProductVersion
7.1.5.0
Assembly Version
7.1.5.0
No antivirus signatures available.
Sorry! No behavior.

Hosts

Direct IP Country Name
Y 8.8.8.8 [VT] United States
Y 1.1.1.1 [VT] Australia

TCP

Source Source Port Destination Destination Port
192.168.1.9 49174 13.107.42.23 443
192.168.1.9 49176 13.107.42.23 443
192.168.1.9 41499 52.114.132.47 2002
192.168.1.9 62207 52.114.132.47 12340
192.168.1.9 49208 93.184.220.29 80
192.168.1.9 49209 93.184.221.240 80

UDP

Source Source Port Destination Destination Port
192.168.1.9 53599 1.1.1.1 53
192.168.1.9 54609 1.1.1.1 53
192.168.1.9 59058 1.1.1.1 53
192.168.1.9 59225 1.1.1.1 53
192.168.1.9 137 192.168.1.255 137
192.168.1.9 51751 8.8.8.8 53
192.168.1.9 53599 8.8.8.8 53
192.168.1.9 54609 8.8.8.8 53
192.168.1.9 55233 8.8.8.8 53
192.168.1.9 55319 8.8.8.8 53
192.168.1.9 59058 8.8.8.8 53
192.168.1.9 59225 8.8.8.8 53
192.168.1.9 64674 8.8.8.8 53

DNS

Name Response Post-Analysis Lookup
cacerts.digicert.com [VT] A 104.18.10.39 [VT] 104.18.11.39 [VT]

HTTP Requests

No HTTP requests performed.

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

Source Destination ICMP Type Data
192.168.1.9 1.1.1.1 3
192.168.1.9 1.1.1.1 3
192.168.1.9 1.1.1.1 3
192.168.1.9 8.8.8.8 3
192.168.1.9 8.8.8.8 3
192.168.1.9 8.8.8.8 3
192.168.1.9 8.8.8.8 3

CIF Results

No CIF Results

Suricata Alerts

Timestamp Source IP Source Port Destination IP Destination Port Protocol GID SID REV Signature Category Severity
2020-10-18 06:36:33.316 192.168.1.9 [VT] 49173 13.107.42.23 [VT] 443 TCP 1 2028395 2 ET JA3 Hash - Possible Malware - Various Eitest Unknown Traffic 3
2020-10-18 06:36:33.327 192.168.1.9 [VT] 49174 13.107.42.23 [VT] 443 TCP 1 2028395 2 ET JA3 Hash - Possible Malware - Various Eitest Unknown Traffic 3
2020-10-18 06:36:33.338 192.168.1.9 [VT] 49175 13.107.42.23 [VT] 443 TCP 1 2028395 2 ET JA3 Hash - Possible Malware - Various Eitest Unknown Traffic 3
2020-10-18 06:36:33.343 192.168.1.9 [VT] 49176 13.107.42.23 [VT] 443 TCP 1 2028395 2 ET JA3 Hash - Possible Malware - Various Eitest Unknown Traffic 3
2020-10-18 06:36:33.346 192.168.1.9 [VT] 49177 13.107.42.23 [VT] 443 TCP 1 2028395 2 ET JA3 Hash - Possible Malware - Various Eitest Unknown Traffic 3

Suricata TLS

Timestamp Source IP Source Port Destination IP Destination Port Subject Issuer Fingerprint Version
2020-10-18 06:36:33.319 192.168.1.9 [VT] 49173 13.107.42.23 [VT] 443 CN=edge.skype.com 5c:3b:53:ee:b8:65:a3:2a:66:d4:04:36:67:98:af:88:8d:96:5d:74 TLS 1.2
2020-10-18 06:36:33.330 192.168.1.9 [VT] 49174 13.107.42.23 [VT] 443 CN=edge.skype.com 5c:3b:53:ee:b8:65:a3:2a:66:d4:04:36:67:98:af:88:8d:96:5d:74 TLS 1.2
2020-10-18 06:36:33.343 192.168.1.9 [VT] 49175 13.107.42.23 [VT] 443 CN=edge.skype.com 5c:3b:53:ee:b8:65:a3:2a:66:d4:04:36:67:98:af:88:8d:96:5d:74 TLS 1.2
2020-10-18 06:36:33.346 192.168.1.9 [VT] 49176 13.107.42.23 [VT] 443 CN=edge.skype.com 5c:3b:53:ee:b8:65:a3:2a:66:d4:04:36:67:98:af:88:8d:96:5d:74 TLS 1.2
2020-10-18 06:36:33.349 192.168.1.9 [VT] 49177 13.107.42.23 [VT] 443 CN=edge.skype.com 5c:3b:53:ee:b8:65:a3:2a:66:d4:04:36:67:98:af:88:8d:96:5d:74 TLS 1.2
2020-10-18 06:38:03.770 192.168.1.9 [VT] 49203 52.114.132.47 [VT] 443 C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=*.events.data.microsoft.com 1e:c4:c7:d6:8d:8d:a2:4a:82:99:22:21:5c:35:03:96:bd:05:43:b6 TLS 1.2

Suricata HTTP

Timestamp Source IP Source Port Destination IP Destination Port Method Status Hostname URI Content Type User Agent Referrer Length
2020-10-18 06:38:21.171 192.168.1.9 [VT] 49206 93.184.221.240 [VT] 80 200 ctldl.windowsupdate.com [VT] /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?46c58957ce829b9f application/vnd.ms-cab-compressed Microsoft-CryptoAPI/6.1 None 4776
2020-10-18 06:38:36.863 192.168.1.9 [VT] 49206 93.184.221.240 [VT] 80 200 ctldl.windowsupdate.com [VT] /msdownload/update/v3/static/trustedr/en/authrootstl.cab?698a3751bdf0f585 application/vnd.ms-cab-compressed Microsoft-CryptoAPI/6.1 None 58918
2020-10-18 06:38:38.660 192.168.1.9 [VT] 49206 93.184.221.240 [VT] 80 200 ctldl.windowsupdate.com [VT] /msdownload/update/v3/static/trustedr/en/DF3C24F9BFD666761B268073FE06D1CC8D4F82A4.crt?eb8f14d44c23a554 application/x-x509-ca-cert Microsoft-CryptoAPI/6.1 None 914
2020-10-18 06:38:39.393 192.168.1.9 [VT] 49208 93.184.220.29 [VT] 80 200 ocsp.digicert.com [VT] /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAqvpsXKY8RRQeo74ffHUxc%3D application/ocsp-response Microsoft-CryptoAPI/6.1 None 471
2020-10-18 06:39:14.497 192.168.1.9 [VT] 49209 93.184.221.240 [VT] 80 304 ctldl.windowsupdate.com [VT] /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?e332b97dc9e26d14 None Microsoft-CryptoAPI/6.1 None 0
Sorry! No dropped Suricata Extracted files.

JA3

Source Source Port Destination Destination Port JA3 Hash JA3 Description
192.168.1.9 49173 13.107.42.23 443 1074895078955b2db60423ed2bf8ac23 unknown
192.168.1.9 49174 13.107.42.23 443 1074895078955b2db60423ed2bf8ac23 unknown
192.168.1.9 49175 13.107.42.23 443 1074895078955b2db60423ed2bf8ac23 unknown
192.168.1.9 49176 13.107.42.23 443 1074895078955b2db60423ed2bf8ac23 unknown
192.168.1.9 49177 13.107.42.23 443 1074895078955b2db60423ed2bf8ac23 unknown
192.168.1.9 49203 52.114.132.47 443 d124ae14809abde3528a479fe01a12bd unknown
Sorry! No dropped files.
Sorry! No CAPE files.
Process Name taskeng.exe
PID 2104
Dump Size 463360 bytes
Module Path C:\Windows\sysnative\taskeng.exe
Type PE image: 64-bit executable
PE timestamp 2010-11-20 10:04:28
MD5 632325798776b6bb28218b22a4b3e2e7
SHA1 28e0ec8f382d4bbb635ea0d1983c1fafb670c11e
SHA256 8c4628c7b5379be16580239b38cc521c986dd5944f0ff99336b9be534d9d544d
CRC32 267D6DD7
Ssdeep 6144:QECPugfkZYP5t4iI+aNtvWNSEtIvV+owuDRQua3327tvZN77VVVV5u6d:QJlfkZYPb4i2NtebIvVkIa27tvDP
Dump Filename 8c4628c7b5379be16580239b38cc521c986dd5944f0ff99336b9be534d9d544d
Download Download Zip Submit file

BinGraph Download graph

2020-10-18T06:49:35.979798 image/svg+xml Matplotlib v3.3.0, https://matplotlib.org/
Process Name services.exe
PID 472
Dump Size 327680 bytes
Module Path C:\Windows\sysnative\services.exe
Type PE image: 64-bit executable
PE timestamp 2015-04-13 02:02:59
MD5 94fdbe979f5cb5ad421798448429ff13
SHA1 5059d641354ad02361739c8ee9c60dad2278d78b
SHA256 17f73cfe313294ad6fe902b9ade03116fbdd0027048a2be160f49610a3f169a9
CRC32 A9E29AFD
Ssdeep 6144:BX+dGqMuImU4Zkt8kjM7vFLFb/2JBH4EtLcN8ZE21udxLIzm:BX+dGluImU4s8m/zMzI
Dump Filename 17f73cfe313294ad6fe902b9ade03116fbdd0027048a2be160f49610a3f169a9
Download Download Zip Submit file

BinGraph Download graph

2020-10-18T06:49:37.317047 image/svg+xml Matplotlib v3.3.0, https://matplotlib.org/
Process Name schtasks.exe
PID 4140
Dump Size 177152 bytes
Module Path C:\Windows\SysWOW64\schtasks.exe
Type PE image: 32-bit executable
PE timestamp 2010-11-20 09:20:03
MD5 9e6b1a99ff74f45f3963cee01b933043
SHA1 8ec3aafe60345835a54cf8f3c19bed7d09a05477
SHA256 70aa55484e9de0879cc8bf8152e572f13fc5d4526771f7ef74fdc067ed8bcd94
CRC32 33AA4640
Ssdeep 3072:R08cJiJw0PGRaFd5/RhprMNQHtn2LlN7pDgsqJ5XEyGBGA8Cx:RbcJiJ+uL6NQB6lNSsq+GAf
Dump Filename 70aa55484e9de0879cc8bf8152e572f13fc5d4526771f7ef74fdc067ed8bcd94
Download Download Zip Submit file

BinGraph Download graph

2020-10-18T06:49:39.315420 image/svg+xml Matplotlib v3.3.0, https://matplotlib.org/
Process Name svchost.exe
PID 4608
Dump Size 26624 bytes
Module Path C:\Windows\sysnative\svchost.exe
Type PE image: 64-bit executable
PE timestamp 2009-07-13 23:31:13
MD5 011f3dc825072cae6ea626d190d538c5
SHA1 95f5f32545f14c1dfba4e1146556fb0d9b9e5d52
SHA256 b6b562e444ca35ccea3017bff83385e1b294590f49ad8e3d146106ff170e532e
CRC32 FAC1609C
Ssdeep 768:6WkX7q+f5TYvVeZMmn+0C4xcEbvKH5PK:6X5fhuZE5fvKH5PK
Dump Filename b6b562e444ca35ccea3017bff83385e1b294590f49ad8e3d146106ff170e532e
Download Download Zip Submit file

BinGraph Download graph

2020-10-18T06:49:40.452308 image/svg+xml Matplotlib v3.3.0, https://matplotlib.org/
Process Name svchost.exe
PID 848
Dump Size 26624 bytes
Module Path C:\Windows\sysnative\svchost.exe
Type PE image: 64-bit executable
PE timestamp 2009-07-13 23:31:13
MD5 5ec374f884c82a9c807133c90a0deb38
SHA1 d5d95d7db1a5462bc07f796d0e30e1524b67c0c2
SHA256 975c3f9f599fb86a8946989712434a21c712f787fb42d4ba8efc1409306320b4
CRC32 B57E5BAA
Ssdeep 384:ivvWkXZVq+1t5TYGaVeAYMq1n+Rfk4ue//wCE4r1lWcSsEsj45RCOvojCPKW9C56:6WkX7q+f5TYvVeZMmn+0C4xcEbvKCPK
Dump Filename 975c3f9f599fb86a8946989712434a21c712f787fb42d4ba8efc1409306320b4
Download Download Zip Submit file

BinGraph Download graph

2020-10-18T06:49:41.597972 image/svg+xml Matplotlib v3.3.0, https://matplotlib.org/