Click to jump to signature section
Source: 00000000.00000002.3386311029.0000000002B31000.00000004.00000800.00020000.00000000.sdmp | Malware Configuration Extractor: AsyncRAT {"Server": "104.236.39.42", "Port": "6606,7707,8808", "Version": "0.5.8", "MutexName": "NLzwJdZ9VJQw", "Autorun": "false", "Group": "null"} |
Source: oAnb4ULQxP.exe | ReversingLabs: Detection: 44% |
Source: oAnb4ULQxP.exe | Virustotal: Detection: 34% | Perma Link |
Source: Submited Sample | Integrated Neural Analysis Model: Matched 99.9% probability |
Source: oAnb4ULQxP.exe | Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: oAnb4ULQxP.exe | Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: | Binary string: D:\a\1\s\x64\Release\ZoomIt64.pdbH source: oAnb4ULQxP.exe |
Source: | Binary string: D:\a\1\s\Win32\Release\ZoomIt.pdbK source: oAnb4ULQxP.exe |
Source: | Binary string: D:\a\1\s\Win32\Release\ZoomIt.pdb source: oAnb4ULQxP.exe |
Source: | Binary string: D:\a\1\s\x64\Release\ZoomIt64.pdb source: oAnb4ULQxP.exe |
Source: C:\Users\user\Desktop\oAnb4ULQxP.exe | Code function: 0_2_00225B77 FindFirstFileExW, | 0_2_00225B77 |
Source: C:\Users\user\Desktop\oAnb4ULQxP.exe | Code function: 0_2_00206FD9 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,___std_fs_open_handle@16,GetFileInformationByHandleEx,GetLastError,GetFileInformationByHandleEx,GetFileInformationByHandleEx, | 0_2_00206FD9 |
Source: Yara match | File source: 0.2.oAnb4ULQxP.exe.29e0000.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000000.00000002.3386222685.00000000029E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Source: global traffic | TCP traffic: 192.168.2.6:49708 -> 104.236.39.42:8808 |
Source: Joe Sandbox View | ASN Name: DIGITALOCEAN-ASNUS DIGITALOCEAN-ASNUS |
Source: unknown | TCP traffic detected without corresponding DNS query: 104.236.39.42 |
Source: unknown | TCP traffic detected without corresponding DNS query: 104.236.39.42 |
Source: unknown | TCP traffic detected without corresponding DNS query: 104.236.39.42 |
Source: unknown | TCP traffic detected without corresponding DNS query: 104.236.39.42 |
Source: unknown | TCP traffic detected without corresponding DNS query: 104.236.39.42 |
Source: unknown | TCP traffic detected without corresponding DNS query: 104.236.39.42 |
Source: unknown | TCP traffic detected without corresponding DNS query: 104.236.39.42 |
Source: unknown | TCP traffic detected without corresponding DNS query: 104.236.39.42 |
Source: unknown | TCP traffic detected without corresponding DNS query: 104.236.39.42 |
Source: unknown | TCP traffic detected without corresponding DNS query: 104.236.39.42 |
Source: unknown | TCP traffic detected without corresponding DNS query: 104.236.39.42 |
Source: unknown | TCP traffic detected without corresponding DNS query: 104.236.39.42 |
Source: unknown | TCP traffic detected without corresponding DNS query: 104.236.39.42 |
Source: unknown | TCP traffic detected without corresponding DNS query: 104.236.39.42 |
Source: unknown | TCP traffic detected without corresponding DNS query: 104.236.39.42 |
Source: unknown | TCP traffic detected without corresponding DNS query: 104.236.39.42 |
Source: unknown | TCP traffic detected without corresponding DNS query: 104.236.39.42 |
Source: unknown | TCP traffic detected without corresponding DNS query: 104.236.39.42 |
Source: unknown | TCP traffic detected without corresponding DNS query: 104.236.39.42 |
Source: unknown | TCP traffic detected without corresponding DNS query: 104.236.39.42 |
Source: unknown | TCP traffic detected without corresponding DNS query: 104.236.39.42 |
Source: unknown | TCP traffic detected without corresponding DNS query: 104.236.39.42 |
Source: unknown | TCP traffic detected without corresponding DNS query: 104.236.39.42 |
Source: oAnb4ULQxP.exe | String found in binary or memory: http://schemas.microsof |
Source: oAnb4ULQxP.exe | String found in binary or memory: https://www.sysinternals.com |
Source: oAnb4ULQxP.exe | String found in binary or memory: https://www.sysinternals.com0 |
Source: Yara match | File source: 0.2.oAnb4ULQxP.exe.29e0000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.oAnb4ULQxP.exe.29e0000.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000000.00000002.3386222685.00000000029E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: oAnb4ULQxP.exe PID: 7084, type: MEMORYSTR |
Source: C:\Users\user\Desktop\oAnb4ULQxP.exe | Code function: 0_2_001D92C0 SetWindowsHookExW 0000000D,001D63E0,00000000 | 0_2_001D92C0 |
Source: C:\Users\user\Desktop\oAnb4ULQxP.exe | Code function: 0_2_001D9210 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,GlobalFree,CloseClipboard,GlobalUnlock,SetClipboardData,CloseClipboard, | 0_2_001D9210 |
Source: C:\Users\user\Desktop\oAnb4ULQxP.exe | Code function: 0_2_001D9210 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,GlobalFree,CloseClipboard,GlobalUnlock,SetClipboardData,CloseClipboard, | 0_2_001D9210 |
Source: C:\Users\user\Desktop\oAnb4ULQxP.exe | Code function: 0_2_001D7470 OpenClipboard,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalSize,GlobalLock,GlobalUnlock,CloseClipboard,GlobalUnlock,CloseClipboard, | 0_2_001D7470 |
Source: C:\Users\user\Desktop\oAnb4ULQxP.exe | Code function: 0_2_001EC51F DeleteObject,DeleteDC,GdipAlloc,GdipCreateBitmapFromFile,GdipCreateHBITMAPFromBitmap,GetLastError,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,CreateSolidBrush,FillRect,AlphaBlend,SelectObject,DeleteDC,DeleteObject,ReleaseDC,CreateCompatibleDC,SelectObject,CreateFontIndirectW,CreateFontIndirectW,CreateFontIndirectW,CreateCompatibleDC,GetDeviceCaps,GetDeviceCaps,GetDeviceCaps,CreateBitmap,SelectObject,SelectObject,SetTextColor,SetBkMode,SelectObject,SendMessageW,SetTimer,BringWindowToTop,SetForegroundWindow,SetActiveWindow,SetWindowPos, | 0_2_001EC51F |
Source: C:\Users\user\Desktop\oAnb4ULQxP.exe | Code function: 0_2_001E9ED0 GetClientRect,SetWindowPos,CreateWindowExW,ShowWindow,InvalidateRect,SetForegroundWindow,SetTimer,GetDC,GetCursorPos,GetCursorPos,SetWindowPos,UpdateWindow,RegisterHotKey,RegisterHotKey,RegisterHotKey,GetCursorPos,SetCursorPos,SendMessageW,SetTimer,KillTimer,KillTimer,KillTimer,SetTimer,DestroyWindow,UnregisterHotKey,UnregisterHotKey,UnregisterHotKey,GetAsyncKeyState,GetAsyncKeyState,SendMessageW,KillTimer,IsWindowVisible,DestroyWindow,InvalidateRect,GetCursorPos,SetWindowPos,GetTickCount,ShowWindow,InvalidateRect,ShowWindow,DefWindowProcW,GetWindowLongW,SetWindowLongW,InvalidateRect,RedrawWindow, | 0_2_001E9ED0 |
Source: C:\Users\user\Desktop\oAnb4ULQxP.exe | Code function: 0_2_001F36C0 GetKeyState,GetKeyState,GetKeyState,GetKeyState,SetMessageExtraInfo,SendMessageW, | 0_2_001F36C0 |
Source: oAnb4ULQxP.exe, type: SAMPLE | Matched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown |
Source: 0.2.oAnb4ULQxP.exe.29e0000.2.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Asyncrat_11a11ba1 Author: unknown |
Source: 0.2.oAnb4ULQxP.exe.29e0000.2.unpack, type: UNPACKEDPE | Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen |
Source: 0.2.oAnb4ULQxP.exe.29e0000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Asyncrat_11a11ba1 Author: unknown |
Source: 0.2.oAnb4ULQxP.exe.29e0000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen |
Source: 0.0.oAnb4ULQxP.exe.1c0000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown |
Source: 0.2.oAnb4ULQxP.exe.1c0000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown |
Source: 00000000.00000002.3385036665.0000000000356000.00000080.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown |
Source: 00000000.00000000.2131796263.0000000000356000.00000080.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown |
Source: 00000000.00000002.3386222685.00000000029E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Asyncrat_11a11ba1 Author: unknown |
Source: 00000000.00000002.3386222685.00000000029E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen |
Source: Process Memory Space: oAnb4ULQxP.exe PID: 7084, type: MEMORYSTR | Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen |
Source: C:\Users\user\Desktop\oAnb4ULQxP.exe | Code function: 0_2_00216000 | 0_2_00216000 |
Source: C:\Users\user\Desktop\oAnb4ULQxP.exe | Code function: 0_2_003630D3 | 0_2_003630D3 |
Source: C:\Users\user\Desktop\oAnb4ULQxP.exe | Code function: 0_2_0022817F | 0_2_0022817F |
Source: C:\Users\user\Desktop\oAnb4ULQxP.exe | Code function: 0_2_00202140 | 0_2_00202140 |
Source: C:\Users\user\Desktop\oAnb4ULQxP.exe | Code function: 0_2_001C11D7 | 0_2_001C11D7 |
Source: C:\Users\user\Desktop\oAnb4ULQxP.exe | Code function: 0_2_0036526F | 0_2_0036526F |
Source: C:\Users\user\Desktop\oAnb4ULQxP.exe | Code function: 0_2_0021125B | 0_2_0021125B |
Source: C:\Users\user\Desktop\oAnb4ULQxP.exe | Code function: 0_2_001E8290 | 0_2_001E8290 |
Source: C:\Users\user\Desktop\oAnb4ULQxP.exe | Code function: 0_2_001C22C0 | 0_2_001C22C0 |
Source: C:\Users\user\Desktop\oAnb4ULQxP.exe | Code function: 0_2_001D0340 | 0_2_001D0340 |
Source: C:\Users\user\Desktop\oAnb4ULQxP.exe | Code function: 0_2_00364397 | 0_2_00364397 |
Source: C:\Users\user\Desktop\oAnb4ULQxP.exe | Code function: 0_2_001FE5B0 | 0_2_001FE5B0 |
Source: C:\Users\user\Desktop\oAnb4ULQxP.exe | Code function: 0_2_001C22C0 | 0_2_001C22C0 |
Source: C:\Users\user\Desktop\oAnb4ULQxP.exe | Code function: 0_2_001D8690 | 0_2_001D8690 |
Source: C:\Users\user\Desktop\oAnb4ULQxP.exe | Code function: 0_2_002006F0 | 0_2_002006F0 |
Source: C:\Users\user\Desktop\oAnb4ULQxP.exe | Code function: 0_2_003647CF | 0_2_003647CF |
Source: C:\Users\user\Desktop\oAnb4ULQxP.exe | Code function: 0_2_001CE810 | 0_2_001CE810 |
Source: C:\Users\user\Desktop\oAnb4ULQxP.exe | Code function: 0_2_001CE840 | 0_2_001CE840 |
Source: C:\Users\user\Desktop\oAnb4ULQxP.exe | Code function: 0_2_0021085C | 0_2_0021085C |
Source: C:\Users\user\Desktop\oAnb4ULQxP.exe | Code function: 0_2_0021D8D9 | 0_2_0021D8D9 |
Source: C:\Users\user\Desktop\oAnb4ULQxP.exe | Code function: 0_2_001D78E0 | 0_2_001D78E0 |
Source: C:\Users\user\Desktop\oAnb4ULQxP.exe | Code function: 0_2_001C22C0 | 0_2_001C22C0 |
Source: C:\Users\user\Desktop\oAnb4ULQxP.exe | Code function: 0_2_00229916 | 0_2_00229916 |
Source: C:\Users\user\Desktop\oAnb4ULQxP.exe | Code function: 0_2_001D6990 | 0_2_001D6990 |
Source: C:\Users\user\Desktop\oAnb4ULQxP.exe | Code function: 0_2_00367AC7 | 0_2_00367AC7 |
Source: C:\Users\user\Desktop\oAnb4ULQxP.exe | Code function: 0_2_00210B9E | 0_2_00210B9E |
Source: C:\Users\user\Desktop\oAnb4ULQxP.exe | Code function: 0_2_001E4C10 | 0_2_001E4C10 |
Source: C:\Users\user\Desktop\oAnb4ULQxP.exe | Code function: 0_2_00209C40 | 0_2_00209C40 |
Source: C:\Users\user\Desktop\oAnb4ULQxP.exe | Code function: 0_2_001F0D60 | 0_2_001F0D60 |
Source: C:\Users\user\Desktop\oAnb4ULQxP.exe | Code function: 0_2_001CFE00 | 0_2_001CFE00 |
Source: C:\Users\user\Desktop\oAnb4ULQxP.exe | Code function: 0_2_001E8E40 | 0_2_001E8E40 |
Source: C:\Users\user\Desktop\oAnb4ULQxP.exe | Code function: 0_2_001E9ED0 | 0_2_001E9ED0 |
Source: C:\Users\user\Desktop\oAnb4ULQxP.exe | Code function: 0_2_00210EFD | 0_2_00210EFD |
Source: C:\Users\user\Desktop\oAnb4ULQxP.exe | Code function: 0_2_001D1F30 | 0_2_001D1F30 |
Source: C:\Users\user\Desktop\oAnb4ULQxP.exe | Code function: 0_2_00213FCA | 0_2_00213FCA |
Source: C:\Users\user\Desktop\oAnb4ULQxP.exe | Code function: 0_2_00363FC7 | 0_2_00363FC7 |
Source: C:\Users\user\Desktop\oAnb4ULQxP.exe | Code function: String function: 002088B0 appears 53 times | |
Source: C:\Users\user\Desktop\oAnb4ULQxP.exe | Code function: String function: 001CB8D0 appears 35 times | |
Source: oAnb4ULQxP.exe | Static PE information: Resource name: BINRES type: PE32+ executable (GUI) x86-64, for MS Windows |
Source: oAnb4ULQxP.exe | Binary or memory string: OriginalFilename vs oAnb4ULQxP.exe |
Source: oAnb4ULQxP.exe, 00000000.00000002.3384937520.000000000025E000.00000002.00000001.01000000.00000003.sdmp | Binary or memory string: OriginalFilenameZoomIt.exeH vs oAnb4ULQxP.exe |
Source: oAnb4ULQxP.exe, 00000000.00000002.3386222685.00000000029E0000.00000004.08000000.00040000.00000000.sdmp | Binary or memory string: OriginalFilenameStub.exe" vs oAnb4ULQxP.exe |
Source: oAnb4ULQxP.exe | Binary or memory string: OriginalFilenameZoomIt.exeH vs oAnb4ULQxP.exe |
Source: oAnb4ULQxP.exe | Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: oAnb4ULQxP.exe, type: SAMPLE | Matched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13 |
Source: 0.2.oAnb4ULQxP.exe.29e0000.2.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Asyncrat_11a11ba1 reference_sample = fe09cd1d13b87c5e970d3cbc1ebc02b1523c0a939f961fc02c1395707af1c6d1, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Asyncrat, fingerprint = 715ede969076cd413cebdfcf0cdda44e3a6feb5343558f18e656f740883b41b8, id = 11a11ba1-c178-4415-9c09-45030b500f50, last_modified = 2021-10-04 |
Source: 0.2.oAnb4ULQxP.exe.29e0000.2.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys |
Source: 0.2.oAnb4ULQxP.exe.29e0000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Asyncrat_11a11ba1 reference_sample = fe09cd1d13b87c5e970d3cbc1ebc02b1523c0a939f961fc02c1395707af1c6d1, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Asyncrat, fingerprint = 715ede969076cd413cebdfcf0cdda44e3a6feb5343558f18e656f740883b41b8, id = 11a11ba1-c178-4415-9c09-45030b500f50, last_modified = 2021-10-04 |
Source: 0.2.oAnb4ULQxP.exe.29e0000.2.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys |
Source: 0.0.oAnb4ULQxP.exe.1c0000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13 |
Source: 0.2.oAnb4ULQxP.exe.1c0000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13 |
Source: 00000000.00000002.3385036665.0000000000356000.00000080.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13 |
Source: 00000000.00000000.2131796263.0000000000356000.00000080.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13 |
Source: 00000000.00000002.3386222685.00000000029E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Asyncrat_11a11ba1 reference_sample = fe09cd1d13b87c5e970d3cbc1ebc02b1523c0a939f961fc02c1395707af1c6d1, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Asyncrat, fingerprint = 715ede969076cd413cebdfcf0cdda44e3a6feb5343558f18e656f740883b41b8, id = 11a11ba1-c178-4415-9c09-45030b500f50, last_modified = 2021-10-04 |
Source: 00000000.00000002.3386222685.00000000029E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys |
Source: Process Memory Space: oAnb4ULQxP.exe PID: 7084, type: MEMORYSTR | Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys |
Source: 0.2.oAnb4ULQxP.exe.29e0000.2.raw.unpack, Settings.cs | Base64 encoded string: 'ywODZf305wWXdAZWhT9HiHVvJUbegV+c8pfaDsV5zHUrGVbCWHK5Oc0pZMncSOyNAaywUaaOZFqLm0346YwaDg==', 'zvwyge4m4aTtV6KENeAXTLml5RnI5h2+/F3gC1dGzwncBzrlg+WGoNGY99nLtW+ycksKaSBUX66r/rJbnnGAUg==', 'IYLsJTMrnn/zfFA3W62/c9RR+E4ApuCfYJfkbL3ls4eNpmHp4Yugh1CJOlbD1Wr9ZE/R62n3d2zqAZjQN5P5kimI3D1FUD+GTvMn/idZdzzMG+/4glTGuOAunTV8juQ7eviHML6HLuUSP7KQZgSDql6AgEf22GBiA7jTUeMe2fm/gU7gzQxIogUw71GsWmrBISTzb1J/7osyrmzKdtF84wKCYLNZ3lSK3ulWqRqv11IIZjq56BMSVENPvpokLjjrEDiWFGentstkuS0dBr1v7qYpWt0eMrabpkMnGwMlIT/ySvFNaXbQeZ1H6NY8krTYXKPJjhZdjvk08oBdrQXD9snIwIEI2loDikWV/uu7m0IxCCsyzONDphhU8DqpXkPSB1KVInXc4pMjhGL4qTR98vtqMui4KB7dF/Lq63WnjpH7zXxx8xNOHnwCOoxAo8HZ7oyxNYGDijrUHLKv4+Ee499D8pUGN7ZdIDLQ0tTMYPA0OZr+JccQ6oV6589k55iiGj1vdU+4i7tua1Shydkj8i5q/YQ6K9/bGZ4SAqRtEUlLPmqz5FHlXkENZLQAE9ff2mzCLCEc92m4AVA4jZ62W48rDYdXN7ZT+bn880sLFMwrhTRXVIZbe59b+EeRVSeKdEwlEUUbCd6U1luawA0oQ7ieh2csqvmzXMg3KADJFMkVxbUwHbsc6+yqq47od7O7DeMTEKv5kl0MPL9eDHqWU9a/RzGpy2YushiEsI/x7jREJlRWdXBWimaU+HTC85LpTIzkj1snLfn6yg6B/dFPmL2KbVo9GPtHVz4XMasOQaloAKPzu8L/QKXS8Th+An2iDMIsPyZ8Fq/QoNvOmtNql8pPu10jHtGuYrPFkxKFMmKICnJpKzjDEGvSw7qzTNSoCqHfaWb8gPCvMbRq0IZpvz7c1JjFbyW4Io7wVnI4rOJ2Kg8nOIqTio9Uk3Uj0IXEIqULjknpZTK13jAMoJ6Z3IPPPx2y8wrX7Tk3RQBcDccFGSK3JjcrvbRxYEcCnV1iNkQcDUKAiLTltqSTxaKH4mmRWGXCdOUdja5TeUtCpSeB7weKfYj9zb32ywvIj1UN19AC9spAmlu2UZKJJx9WJyzXFAQ8JuYU7bEur7m2s3ySyzdG60KrJPocbBxZRVyxghPlOP7+RpSTUoZJSa/JPLdkenyvwOH0LaY644WDJ/tAh3xUE4XVrLhcCW6CjZk/ymK2mk+GaJiKdHqSmbwq6MCJWa1tmJopLnKZD8j0VVT/Z/dnIwLNHlaJ/bN9RuPWsvtMX16RQkJ3e5xfUQMZ07PvYn9fGQLsxOsIzLcRwf3oSG+v98EIxNcrU3F5NFq5hR3y66Bz5ExH3fGNKZRNroT4R4ERd0BtB2JUWYjPMsGH6kSvo6+n5NK31b6o9iIkdFr8eG4LSo6oylMQ4OMsqZIA/HXGUSSnTQ5H+Jqi0F1VSyH5CPOs+aUHvNJooudZJgTP2BDvALpEBpjs/DcAhIvVvCaYrPCipTQZVan7bg0i8XrB21cS5b8WtsatGgEXeWrfvcmfJPetXoEnS+BY3b/8Ap+Dc+sp2t2JMivXoq3dxWKASF+KQEFAihvEH+I8RmNRQpmRbF+yNfZa0LU4eOnc664lazpDJYZm9QRNcjx4fVBUu+bFMkwsZSUFAXj4GzbEc2ueMX/TGaRvdLIN5GXS1b8cL4kpKICG2K0ndsaDjdjF4Y09XqkrIxqFPAtb6mWGrI0bb+lXGM/oDB5evqLKzW0NSGcPwXHxREqnUgeezXTRoijYIomPPQkwZl639zInnfPwGVr3pSGhZW0MVyOzLaIvAt3GH2Y5ZFaTj95po5DruQzB2Js0Z30kZbt+/+gWaNwSud94CCI9OdLq+QsSOxMXBVb+2PGZylLWCZhA7kWvKbQNrQq4o912HPdONQAPmqKYiHrTgqXFLQz97mlBS7qSWi5x5rG4qEHpyPNM4yzGC132uD2xW/RBlxLva+dOTAB41OiRQ8pcF1VME7N4Aev183QNH+f2OiJKuaKSYUT/L6Wx+HtB3/EChDLmJZ2hQrnbpKYAC7GtceJAyvqj23B1aPua+roplCnaAq8hMF36HdHK5dw7Gb0/EdkUBGDNll89jOs5OV3PP7KjEFsCX5MbDMVbxp30jUX6UBdYvGg09pxgFRJ7Dz795qeOfJFxyOuVna4B5N3pqgICGhNd8Xyns6lqsUi8obXQbMETLcy2GuBe1dx7zBIjTWE3nFDxFTlWf7iAajZp+D9xpED4ZOalGshOUisCZRKSqsFgn |