Click to jump to signature section
Source: C:\Users\user\AppData\Roaming\scvhost.exe | Avira: detection malicious, Label: HEUR/AGEN.1202835 |
Source: C:\Users\user\AppData\Roaming\scvhost.exe | ReversingLabs: Detection: 82% |
Source: C:\Users\user\AppData\Roaming\scvhost.exe | Virustotal: Detection: 71% | Perma Link |
Source: OvA6x5v34G.exe | Malware Configuration Extractor: AsyncRAT {"Server": "eu-central-7075.packetriot.net", "Ports": "1604,22993", "Version": "0.5.7B", "Autorun": "true", "Install_Folder": "%AppData%"} |
Source: OvA6x5v34G.exe | Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Source: Traffic | Snort IDS: 2035595 ET TROJAN Generic AsyncRAT Style SSL Cert 167.71.56.116:22993 -> 192.168.2.4:49695 |
Source: Traffic | Snort IDS: 2030673 ET TROJAN Observed Malicious SSL Cert (AsyncRAT Server) 167.71.56.116:22993 -> 192.168.2.4:49695 |
Source: Yara match | File source: OvA6x5v34G.exe, type: SAMPLE |
Source: Yara match | File source: 0.0.OvA6x5v34G.exe.4d0000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.OvA6x5v34G.exe.293c31c.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: C:\Users\user\AppData\Roaming\scvhost.exe, type: DROPPED |
Source: Malware configuration extractor | URLs: eu-central-7075.packetriot.net |
Source: scvhost.exe, 00000008.00000003.488596244.0000000004E10000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl.globalsign.net/root-r2.crl0 |
Source: scvhost.exe, 00000008.00000002.572492895.0000000004E11000.00000004.00000020.00020000.00000000.sdmp, scvhost.exe, 00000008.00000003.488596244.0000000004E10000.00000004.00000020.00020000.00000000.sdmp, 77EC63BDA74BD0D0E0426DC8F80085060.8.dr | String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab |
Source: OvA6x5v34G.exe, 00000000.00000002.320271119.00000000028BA000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: Yara match | File source: OvA6x5v34G.exe, type: SAMPLE |
Source: Yara match | File source: 0.0.OvA6x5v34G.exe.4d0000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.OvA6x5v34G.exe.293c31c.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.OvA6x5v34G.exe.293c31c.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000000.00000002.320271119.000000000293C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000000.300462677.00000000004D2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: OvA6x5v34G.exe PID: 1240, type: MEMORYSTR |
Source: Yara match | File source: C:\Users\user\AppData\Roaming\scvhost.exe, type: DROPPED |
Source: OvA6x5v34G.exe, type: SAMPLE | Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen |
Source: dump.pcap, type: PCAP | Matched rule: Detects AsyncRAT Author: ditekSHen |
Source: 0.0.OvA6x5v34G.exe.4d0000.0.unpack, type: UNPACKEDPE | Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen |
Source: 0.2.OvA6x5v34G.exe.293c31c.0.unpack, type: UNPACKEDPE | Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen |
Source: 0.2.OvA6x5v34G.exe.293c31c.0.raw.unpack, type: UNPACKEDPE | Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen |
Source: 00000008.00000002.572203781.0000000004DD6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects AsyncRAT Author: ditekSHen |
Source: 00000000.00000002.320271119.000000000293C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen |
Source: 00000008.00000002.569516773.0000000000B18000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects AsyncRAT Author: ditekSHen |
Source: 00000008.00000002.569133580.0000000000A53000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects AsyncRAT Author: ditekSHen |
Source: 00000008.00000002.569516773.0000000000B07000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects AsyncRAT Author: ditekSHen |
Source: 00000000.00000002.320271119.00000000028A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen |
Source: 00000000.00000002.320271119.00000000028A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects AsyncRAT Author: ditekSHen |
Source: 00000008.00000002.570032129.0000000002985000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen |
Source: 00000008.00000002.570032129.0000000002985000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects AsyncRAT Author: ditekSHen |
Source: 00000000.00000002.322756813.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects AsyncRAT Author: ditekSHen |
Source: 00000007.00000002.349959689.0000000004DE8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects AsyncRAT Author: ditekSHen |
Source: 00000008.00000003.488531299.0000000000B15000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects AsyncRAT Author: ditekSHen |
Source: 00000000.00000000.300462677.00000000004D2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen |
Source: 00000008.00000003.488596244.0000000004DED000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects AsyncRAT Author: ditekSHen |
Source: 00000008.00000003.488596244.0000000004E10000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects AsyncRAT Author: ditekSHen |
Source: 00000007.00000002.346842427.00000000028A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects AsyncRAT Author: ditekSHen |
Source: 00000008.00000002.570032129.00000000029B5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects AsyncRAT Author: ditekSHen |
Source: Process Memory Space: OvA6x5v34G.exe PID: 1240, type: MEMORYSTR | Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen |
Source: Process Memory Space: OvA6x5v34G.exe PID: 1240, type: MEMORYSTR | Matched rule: Detects AsyncRAT Author: ditekSHen |
Source: Process Memory Space: scvhost.exe PID: 6108, type: MEMORYSTR | Matched rule: Detects AsyncRAT Author: ditekSHen |
Source: Process Memory Space: scvhost.exe PID: 2612, type: MEMORYSTR | Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen |
Source: Process Memory Space: scvhost.exe PID: 2612, type: MEMORYSTR | Matched rule: Detects AsyncRAT Author: ditekSHen |
Source: C:\Users\user\AppData\Roaming\scvhost.exe, type: DROPPED | Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen |
Source: OvA6x5v34G.exe, type: SAMPLE | Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys |
Source: dump.pcap, type: PCAP | Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT |
Source: 0.0.OvA6x5v34G.exe.4d0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys |
Source: 0.2.OvA6x5v34G.exe.293c31c.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys |
Source: 0.2.OvA6x5v34G.exe.293c31c.0.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys |
Source: 00000008.00000002.572203781.0000000004DD6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT |
Source: 00000000.00000002.320271119.000000000293C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys |
Source: 00000008.00000002.569516773.0000000000B18000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT |
Source: 00000008.00000002.569133580.0000000000A53000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT |
Source: 00000008.00000002.569516773.0000000000B07000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT |
Source: 00000000.00000002.320271119.00000000028A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys |
Source: 00000000.00000002.320271119.00000000028A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT |
Source: 00000008.00000002.570032129.0000000002985000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys |
Source: 00000008.00000002.570032129.0000000002985000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT |
Source: 00000000.00000002.322756813.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT |
Source: 00000007.00000002.349959689.0000000004DE8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT |
Source: 00000008.00000003.488531299.0000000000B15000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT |
Source: 00000000.00000000.300462677.00000000004D2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys |
Source: 00000008.00000003.488596244.0000000004DED000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT |
Source: 00000008.00000003.488596244.0000000004E10000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT |
Source: 00000007.00000002.346842427.00000000028A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT |
Source: 00000008.00000002.570032129.00000000029B5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT |
Source: Process Memory Space: OvA6x5v34G.exe PID: 1240, type: MEMORYSTR | Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys |
Source: Process Memory Space: OvA6x5v34G.exe PID: 1240, type: MEMORYSTR | Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT |
Source: Process Memory Space: scvhost.exe PID: 6108, type: MEMORYSTR | Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT |
Source: Process Memory Space: scvhost.exe PID: 2612, type: MEMORYSTR | Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys |
Source: Process Memory Space: scvhost.exe PID: 2612, type: MEMORYSTR | Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT |
Source: C:\Users\user\AppData\Roaming\scvhost.exe, type: DROPPED | Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys |
Source: OvA6x5v34G.exe, 00000000.00000002.320271119.000000000293C000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: OriginalFilenameWinRAR. vs OvA6x5v34G.exe |
Source: OvA6x5v34G.exe, 00000000.00000000.300475349.00000000004DE000.00000002.00000001.01000000.00000003.sdmp | Binary or memory string: OriginalFilenameWinRAR. vs OvA6x5v34G.exe |
Source: OvA6x5v34G.exe | Binary or memory string: OriginalFilenameWinRAR. vs OvA6x5v34G.exe |
Source: OvA6x5v34G.exe | Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: unknown | Process created: C:\Users\user\Desktop\OvA6x5v34G.exe C:\Users\user\Desktop\OvA6x5v34G.exe | |
Source: C:\Users\user\Desktop\OvA6x5v34G.exe | Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "scvhost" /tr '"C:\Users\user\AppData\Roaming\scvhost.exe"' & exit | |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Users\user\Desktop\OvA6x5v34G.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\tmpCC1F.tmp.bat"" | |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /sc onlogon /rl highest /tn "scvhost" /tr '"C:\Users\user\AppData\Roaming\scvhost.exe"' | |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\timeout.exe timeout 3 | |
Source: unknown | Process created: C:\Users\user\AppData\Roaming\scvhost.exe C:\Users\user\AppData\Roaming\scvhost.exe | |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Users\user\AppData\Roaming\scvhost.exe "C:\Users\user\AppData\Roaming\scvhost.exe" | |
Source: C:\Users\user\Desktop\OvA6x5v34G.exe | Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "scvhost" /tr '"C:\Users\user\AppData\Roaming\scvhost.exe"' & exit | Jump to behavior |
Source: C:\Users\user\Desktop\OvA6x5v34G.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\tmpCC1F.tmp.bat"" | Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /sc onlogon /rl highest /tn "scvhost" /tr '"C:\Users\user\AppData\Roaming\scvhost.exe"' | Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\timeout.exe timeout 3 | Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Users\user\AppData\Roaming\scvhost.exe "C:\Users\user\AppData\Roaming\scvhost.exe" | Jump to behavior |
Source: classification engine | Classification label: mal100.troj.evad.winEXE@15/7@7/1 |
Source: OvA6x5v34G.exe, Client/Helper/Methods.cs | Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent() |
Source: OvA6x5v34G.exe, Client/Helper/Methods.cs | Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole) |
Source: scvhost.exe.0.dr, Client/Helper/Methods.cs | Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent() |
Source: scvhost.exe.0.dr, Client/Helper/Methods.cs | Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole) |
Source: 0.0.OvA6x5v34G.exe.4d0000.0.unpack, Client/Helper/Methods.cs | Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent() |
Source: 0.0.OvA6x5v34G.exe.4d0000.0.unpack, Client/Helper/Methods.cs | Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole) |
Source: OvA6x5v34G.exe | Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80% | |
Source: C:\Users\user\Desktop\OvA6x5v34G.exe | Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\scvhost.exe | Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\scvhost.exe | Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll | Jump to behavior |
Source: OvA6x5v34G.exe, Client/Settings.cs | Base64 encoded string: '/Y2gU3vw/6p5z7lRLgRhZJIHHJexTBIuU0kG/JaSXL7Q4VVsEqGhGGknVPK4rs0P9w57eOw4Ri7EFQrvEwiDmiNbtEuSLuETQTQIA0pJTVg=', 'yhOV3e6FmQFuVykzXPTQT9O6b3EqBdAQrnjS4W0ml5X0yDrAHXR9Eg8D6qH6u5qxVd0E8QwYzNG064m1XQORCA==', 'jCNfYsY5r/6UivczokojRZKLfB9pUwBB8Bk1pdzs4XBEG61f99bLaxid/OM2xfzOerIMfL9qXxT7yE9BcqbtcD793xeJvTPoeUx80x9UkZOUGmcHqpYF9XU3Jj+s8H8g/f9P20EFN2AtL4ari+M21L0jk614HClpST2Mm0itOCImL/+lTpsacZxSrpUPaJCZKRKGY07984hPrzhWeerdnfYUr8+bVYknsMvXQmMIojof5s0u2J/H5/Oqjk2WgbHgScJa4QksQOrHwvvtD5tfyk8O6R8sT1iMMbDasd9vCTzs1R6buE76c8TYDutiUu18boANPcMhT8Ch1d+BhWEN4jDgGnY683Ke5Ra+08rILzHuiTbr+S8d7Dw7vRjQQlFWL+R0sJlc0gbZPXIJqIC5JcUuL6ddNqZjOLuzfOnLQH7Rwsh2QfpvyU1BqSymLg/+9He7w10dBl/w5CW+7sRtschN9uKOixowBROwmQbtNUzEGE+4V6N0yqO4u4EBlPyGipemE0ptbgOi/KBGbNvJvg7HOKad7Wm04nzAeJlxfDcIS+IOsZRuDhiZIpmxkKEcU8BYuOurR8Gt+xTI5MiIFOKZ9f7n+E8cqKpdIeIWdoPOBopKdMRIx7sI4mZHh3yjSNy000RyUeRg2Xzr3J9S0st1ioTPU+2wEaGGG2fX27Gpu13j0EmJ7mQGs9EoAZLE2qWTakAVCL86L70K2+B7YxQwgH/s3svPZamR7yZpfVxWdvhq3cIDTpPsQwOOVt+6+OGG1OvfI+S70j4TMHKWZQG0F5EqXAHn+mhMofCTuUBpefx95ZxWDM785wi+kwKw8Z1pfz1N7YebFvtrDIlZeKQ9VqGLI+44ZjHi50E6nch4DSK8Bm1CQv+nWorg4Kv16C4fEJhL5X2tQEvHpcxl5bk+3iHP+gj/0GVcVXZflULZPZBuvxCmqNC6C/0ah6VdP4WztheZyv/bKO32YA7Tn7YaPOkD2HKNRTNKzbz8mWBxFfeYSxi3pE126s0DrzvAL2ocmFq2MMmnBK+VVBAHdAqyU+2miPV/0M07FWAYSqSLn2ejtNo2bxPefOxjdECSANty63DWcr+L9Nr9t9fptGDuT2bWR7toitpcrUguJn6WMhifn7vM9wVPzZM1ewVp0F0TY+/p3oxTaFT36k8CouFR7XI9tRjZduLX+bHHP318zX3CoG+4W9kRKQdx/JV6Iwwgeo+mkjBXVS6uLTG4HMGliiK/izVfDXjhsu83Uap9NZd46IVaKFrmheqUG+eAzGvh3+3ICrDLBf6rU+B/q63yoK+g6CWV/uBtO96M+1zCD6U+pQYHgQHzTqLzp7RVKYcYOoKjvuXL52JIr8wZs4ZNVJ0+Reftv/A8MC7nMTIf61YKlWgwI7FGMNK+DDxLLC6BDN0edM+jN1s7qYYsk+m2t0BRppzXM/ez/wZifw3Bo/PBeoGxsAbftXwALBoHlyrJht0xWH8v+wBUcfCjB5tmspCqDJcKtC6vxA33Wi+Yky2TU7IERNWTKluFKzXUUz/EgiV9Qp+v0hnAijUKCSDplNCw8OQESsxu2twVhaUCOjWfqY+nyQAjzUcpA0I/3weTESZy+5qBeW8hfyz+/jLE+jUKQGzPUhOKqJVjWtfFyhEFaN3EjKlVS/GRfnDZTwL0yeXxuHdRRWejMXzy0J3vucGLsSk2nNXe7XUphaOkdxRJUK56xi186WYC5uhShAuBH/MtylbbftdRENzaNvz8oOyoIKZE6BQINVVuehHJopj6IHwaA6TgJklFupLpTLOSnwcou3qkY08PovUwhVvSF9k4b3uoLZYlPegIhhlfBHynOIxOlzl10G1EIDKOiywiq72q5mtX8SkJfg8SkIio3ja9m7viOrjZmAQrkd0QHLSt8VCQuqz7EtIvXRu0Gwqi44LhxTSVyzp1YfTTpvbdem1oJdNRDqQSyPDnh1bxBsKiRTNeSf67jIV9DCGLOvsODYS6CwrOvDzYjD1XBMo8l4auRqLrqwja/FloLwhKO8TQ2x6qeJnweDcultT6w8tKvukYrFr75lqa6a/Uj29v4q+gFDs/pTk5PvUMX4FkMPj5WbQoH7Y7Va4cmU9gYYF7prc5L07uc43QY/9M3nwbhpNtDTkr6H8j8xYmkPu6UDOzdnZHGEm46yi348SqqMd11jWi0m9Sq8UDGVbs2rSq/27Q81pIOHPtxHeJujslcSc7qAqjgZwo7ukdvSOHymBLTmC5b60xa5xKKitsWZ7Pk |