Source: http://pesterbdd.com/images/Pester.png |
URL Reputation: Label: malware |
Source: 4.2.RegAsm.exe.400000.0.unpack |
Malware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Port": "587", "Host": "gator3220.hostgator.com", "Username": "minors@aoqiinflatables.com", "Password": "RaFv@tsTUK55@@<<!!"} |
Source: QUOTATION_APRQTRA031244#U00b7PDF.scr.exe |
Virustotal: Detection: 39% |
Perma Link |
Source: QUOTATION_APRQTRA031244#U00b7PDF.scr.exe |
ReversingLabs: Detection: 55% |
Source: QUOTATION_APRQTRA031244#U00b7PDF.scr.exe |
Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: QUOTATION_APRQTRA031244#U00b7PDF.scr.exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Source: |
Binary string: C:\Users\GT350\source\repos\AtllasRunp\AtllasRunp\obj\Debug\Bienvenida.pdb source: QUOTATION_APRQTRA031244#U00b7PDF.scr.exe, 00000000.00000002.2092188391.00000000026F1000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_APRQTRA031244#U00b7PDF.scr.exe, 00000000.00000002.2095895448.0000000004D80000.00000004.08000000.00040000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\dll\System.Management.Automation.pdb source: powershell.exe, 00000002.00000002.2116368930.0000000007FE3000.00000004.00000020.00020000.00000000.sdmp |
Source: Yara match |
File source: 4.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.QUOTATION_APRQTRA031244#U00b7PDF.scr.exe.3861450.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.QUOTATION_APRQTRA031244#U00b7PDF.scr.exe.379a1b0.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.QUOTATION_APRQTRA031244#U00b7PDF.scr.exe.3749b80.4.raw.unpack, type: UNPACKEDPE |
Source: svchost.exe, 00000005.00000002.3700573728.000002F41188B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.ver) |
Source: qmgr.db.5.dr |
String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU |
Source: qmgr.db.5.dr |
String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acocfkfsx7alydpzevdxln7drwdq_117.0.5938.134/117.0.5 |
Source: qmgr.db.5.dr |
String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n |
Source: qmgr.db.5.dr |
String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/ |
Source: qmgr.db.5.dr |
String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567 |
Source: qmgr.db.5.dr |
String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg |
Source: qmgr.db.5.dr |
String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe |
Source: edb.log.5.dr |
String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20 |
Source: powershell.exe, 00000002.00000002.2108579806.0000000004C91000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://go.micros |
Source: RegAsm.exe, 00000004.00000002.4565068932.0000000002E1D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.4565068932.0000000002E02000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.4565068932.0000000002D41000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://ip-api.com |
Source: QUOTATION_APRQTRA031244#U00b7PDF.scr.exe, 00000000.00000002.2092403519.00000000036F9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.4552565529.0000000000402000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.4565068932.0000000002E02000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.4565068932.0000000002D41000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://ip-api.com/line/?fields=hosting |
Source: powershell.exe, 00000002.00000002.2111908849.00000000056F4000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://nuget.org/NuGet.exe |
Source: powershell.exe, 00000002.00000002.2108579806.00000000047E6000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://pesterbdd.com/images/Pester.png |
Source: powershell.exe, 00000002.00000002.2108579806.00000000047E6000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/ |
Source: powershell.exe, 00000002.00000002.2108579806.0000000004691000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.4565068932.0000000002E02000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.4565068932.0000000002D41000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: powershell.exe, 00000002.00000002.2108579806.00000000047E6000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/wsdl/ |
Source: powershell.exe, 00000002.00000002.2108579806.00000000047E6000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html |
Source: powershell.exe, 00000002.00000002.2116368930.0000000007FE3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.microsoft.co |
Source: QUOTATION_APRQTRA031244#U00b7PDF.scr.exe, 00000000.00000002.2092403519.00000000036F9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.4552565529.0000000000402000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://account.dyn.com/ |
Source: powershell.exe, 00000002.00000002.2108579806.0000000004691000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/pscore6lB |
Source: powershell.exe, 00000002.00000002.2108579806.00000000047E6000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/winsvr-2022-pshelp |
Source: powershell.exe, 00000002.00000002.2111908849.00000000056F4000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/ |
Source: powershell.exe, 00000002.00000002.2111908849.00000000056F4000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/Icon |
Source: powershell.exe, 00000002.00000002.2111908849.00000000056F4000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/License |
Source: edb.log.5.dr |
String found in binary or memory: https://g.live.com/odclientsettings/Prod1C: |
Source: svchost.exe, 00000005.00000003.2091605345.000002F411600000.00000004.00000800.00020000.00000000.sdmp, edb.log.5.dr |
String found in binary or memory: https://g.live.com/odclientsettings/ProdV21C: |
Source: powershell.exe, 00000002.00000002.2108579806.00000000047E6000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/Pester/Pester |
Source: QUOTATION_APRQTRA031244#U00b7PDF.scr.exe, 00000000.00000002.2092403519.00000000036F9000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_APRQTRA031244#U00b7PDF.scr.exe, 00000000.00000002.2096084725.0000000004ED0000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: https://github.com/sam210723/goesrecv-monitor/releases/latest |
Source: powershell.exe, 00000002.00000002.2113733209.0000000006FC0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://go.microsoft.U |
Source: powershell.exe, 00000002.00000002.2113733209.0000000006FC0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://go.microsoft.UEV.psd1id |
Source: powershell.exe, 00000002.00000002.2111908849.00000000056F4000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://nuget.org/nuget.exe |
Source: QUOTATION_APRQTRA031244#U00b7PDF.scr.exe, 00000000.00000002.2092403519.00000000036F9000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_APRQTRA031244#U00b7PDF.scr.exe, 00000000.00000002.2096084725.0000000004ED0000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: https://vksdr.com/goesrecv-monitor |
Source: QUOTATION_APRQTRA031244#U00b7PDF.scr.exe, KeyHook.cs |
.Net Code: StartListening |
Source: 0.2.QUOTATION_APRQTRA031244#U00b7PDF.scr.exe.3861450.3.raw.unpack, l8rGfzxi.cs |
.Net Code: iCBE |
Source: 4.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 0.2.QUOTATION_APRQTRA031244#U00b7PDF.scr.exe.3861450.3.unpack, type: UNPACKEDPE |
Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 0.2.QUOTATION_APRQTRA031244#U00b7PDF.scr.exe.3861450.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 0.2.QUOTATION_APRQTRA031244#U00b7PDF.scr.exe.379a1b0.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 0.2.QUOTATION_APRQTRA031244#U00b7PDF.scr.exe.3749b80.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: C:\Users\user\Desktop\QUOTATION_APRQTRA031244#U00b7PDF.scr.exe |
Code function: 0_2_024E2448 |
0_2_024E2448 |
Source: C:\Users\user\Desktop\QUOTATION_APRQTRA031244#U00b7PDF.scr.exe |
Code function: 0_2_024ECD3C |
0_2_024ECD3C |
Source: C:\Users\user\Desktop\QUOTATION_APRQTRA031244#U00b7PDF.scr.exe |
Code function: 0_2_024EF5A8 |
0_2_024EF5A8 |
Source: C:\Users\user\Desktop\QUOTATION_APRQTRA031244#U00b7PDF.scr.exe |
Code function: 0_2_024EF5B8 |
0_2_024EF5B8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4_2_0127C9D8 |
4_2_0127C9D8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4_2_01274AC0 |
4_2_01274AC0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4_2_0127CF15 |
4_2_0127CF15 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4_2_01273EA8 |
4_2_01273EA8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4_2_012741F0 |
4_2_012741F0 |
Source: QUOTATION_APRQTRA031244#U00b7PDF.scr.exe, 00000000.00000000.2069778878.000000000020D000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenameESET.exe, vs QUOTATION_APRQTRA031244#U00b7PDF.scr.exe |
Source: QUOTATION_APRQTRA031244#U00b7PDF.scr.exe, 00000000.00000002.2090933970.000000000086E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameclr.dllT vs QUOTATION_APRQTRA031244#U00b7PDF.scr.exe |
Source: QUOTATION_APRQTRA031244#U00b7PDF.scr.exe, 00000000.00000002.2092403519.00000000036F9000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenamegoesrecv.dllB vs QUOTATION_APRQTRA031244#U00b7PDF.scr.exe |
Source: QUOTATION_APRQTRA031244#U00b7PDF.scr.exe, 00000000.00000002.2092403519.00000000036F9000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenamea2008e0c-49e9-4951-9077-6b05297ad1bf.exe4 vs QUOTATION_APRQTRA031244#U00b7PDF.scr.exe |
Source: QUOTATION_APRQTRA031244#U00b7PDF.scr.exe, 00000000.00000002.2096084725.0000000004ED0000.00000004.08000000.00040000.00000000.sdmp |
Binary or memory string: OriginalFilenamegoesrecv.dllB vs QUOTATION_APRQTRA031244#U00b7PDF.scr.exe |
Source: QUOTATION_APRQTRA031244#U00b7PDF.scr.exe, 00000000.00000002.2092188391.00000000026F1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameBienvenida.exe6 vs QUOTATION_APRQTRA031244#U00b7PDF.scr.exe |
Source: QUOTATION_APRQTRA031244#U00b7PDF.scr.exe, 00000000.00000002.2092188391.00000000026F1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenamea2008e0c-49e9-4951-9077-6b05297ad1bf.exe4 vs QUOTATION_APRQTRA031244#U00b7PDF.scr.exe |
Source: QUOTATION_APRQTRA031244#U00b7PDF.scr.exe, 00000000.00000002.2095895448.0000000004D80000.00000004.08000000.00040000.00000000.sdmp |
Binary or memory string: OriginalFilenameBienvenida.exe6 vs QUOTATION_APRQTRA031244#U00b7PDF.scr.exe |
Source: QUOTATION_APRQTRA031244#U00b7PDF.scr.exe |
Binary or memory string: OriginalFilenameESET.exe, vs QUOTATION_APRQTRA031244#U00b7PDF.scr.exe |
Source: QUOTATION_APRQTRA031244#U00b7PDF.scr.exe |
Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: 4.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 0.2.QUOTATION_APRQTRA031244#U00b7PDF.scr.exe.3861450.3.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 0.2.QUOTATION_APRQTRA031244#U00b7PDF.scr.exe.3861450.3.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 0.2.QUOTATION_APRQTRA031244#U00b7PDF.scr.exe.379a1b0.2.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 0.2.QUOTATION_APRQTRA031244#U00b7PDF.scr.exe.3749b80.4.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: QUOTATION_APRQTRA031244#U00b7PDF.scr.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: 0.2.QUOTATION_APRQTRA031244#U00b7PDF.scr.exe.3749b80.4.raw.unpack, ConstellationPanel.cs |
Cryptographic APIs: 'TransformFinalBlock' |
Source: 0.2.QUOTATION_APRQTRA031244#U00b7PDF.scr.exe.379a1b0.2.raw.unpack, ConstellationPanel.cs |
Cryptographic APIs: 'TransformFinalBlock' |
Source: 0.2.QUOTATION_APRQTRA031244#U00b7PDF.scr.exe.3861450.3.raw.unpack, N1EZ.cs |
Cryptographic APIs: 'TransformFinalBlock' |
Source: 0.2.QUOTATION_APRQTRA031244#U00b7PDF.scr.exe.3861450.3.raw.unpack, N1EZ.cs |
Cryptographic APIs: 'TransformFinalBlock' |
Source: 0.2.QUOTATION_APRQTRA031244#U00b7PDF.scr.exe.3861450.3.raw.unpack, N1EZ.cs |
Cryptographic APIs: 'TransformFinalBlock' |
Source: 0.2.QUOTATION_APRQTRA031244#U00b7PDF.scr.exe.3861450.3.raw.unpack, N1EZ.cs |
Cryptographic APIs: 'TransformFinalBlock' |
Source: 0.2.QUOTATION_APRQTRA031244#U00b7PDF.scr.exe.3861450.3.raw.unpack, arzrv9AWTXK.cs |
Cryptographic APIs: 'TransformFinalBlock' |
Source: 0.2.QUOTATION_APRQTRA031244#U00b7PDF.scr.exe.3861450.3.raw.unpack, arzrv9AWTXK.cs |
Cryptographic APIs: 'TransformFinalBlock' |
Source: 0.2.QUOTATION_APRQTRA031244#U00b7PDF.scr.exe.3861450.3.raw.unpack, InmxgXcIi8d.cs |
Cryptographic APIs: 'TransformFinalBlock' |
Source: 0.2.QUOTATION_APRQTRA031244#U00b7PDF.scr.exe.3861450.3.raw.unpack, InmxgXcIi8d.cs |
Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor' |
Source: 0.2.QUOTATION_APRQTRA031244#U00b7PDF.scr.exe.3749b80.4.raw.unpack, Symbols.cs |
Base64 encoded string: 'xHpF2m2TxzO3qr4FIuPswPaRZvbKhAgsHoUgVc5c1AMOAI4xiJqOjlkD3YO/6qULkSENmFl3GsolqcGGkZrBbaRXVu7YY+n3wiyv8wS+UHUpwhx/IX6ZerqvTzuOLuRdO08npei7HwfH2wKRuaecB8P/FVecfW9FoWjF1A6O/68O0qK192cnIhUcctWjx/GW8ULXo/Un0WwvyWYxGKqhFtUjf6hQETjLzO/F68/W3GXggNfn4E0tbsHcWJ4Qs9QeauMywyAB+V1+9Uw+hcoLBpcocrYAhSqf6iaaMKaTanR4JlGBlD4IjJQmV1gvQRYmjDXbZawN8IgwRgaI+xcKtFjiFVvuA6CawFF5jzi4mENimIA39OD54y/zMb7idEh4oTy+f+VDOiQ16HbDvRyX1gv6ar2K+vNdRpiEk+FL75Dwi1y2R1DSLLrnXH75cn9Sxxkx16fkjltmZNwZYnnZc0VCbJz5PE8snBKcKUEemoAvDwcgj8rVX1tuhqqeYXrhP1hn6oaUpa8dLV9GkxPvUPm2U2PxYjlaVQk75pkxpaspctI89cBy4lXgWn0XYPaK1+WjxY5j1F5jeSb75FxuowoTWUXfk8j1s2KbANCsBuN3nd5227aIGAKGm+1kHAm/4MePOuLnj7mVqVrGuW9smZZvnluk2n2p0v6RGPmD818=', 'kcUEXaQPPIwtVFtC1PL/HXXkxfIZB03eNHvJetoP4hJTCBXd428OqcdPbPWqvhIczQvj71Ac6LZ7OG/e+yr4Bxet9vqIWevSzbdwqqWPf8nK2cPiNSfXdemqzBs1kBKEGQlnxKecRQs0Fim2Dq/kkqqyy4FT/M/7aleIZqMCZ4mq5jKj7zWHx8js/y7INNJykRnbqqkNJse2whyml6+Dho8xXhyKKjEjHHCQ++yYATPvU+ZwZGQ1aiyg3xM2+Mufv6OdiWo+NL8qVblSY+ML74QQ3+qn2cEZW8xaJcMAsMta6fJiSREwzJ1z86EfJ/jsm5waxGaL/ovb6ftrSW+RglFtTXsgBL0RqWZpQItqPDkF2hues0c5OGEtzNWaUVXn+H8FUCAJ+aqWE9AG5vtPYKXmrSZj5IG/6FHSIYC0nWBx5wHsGRTyzUgkPZMLeX0qotsCm9lMlGpxKlh+Z1oic1vbrF8QbV1eNo4t2Pb5oYAk/LIRoTnuPlLXjaubmL1hSqvzPQ/sVXzd5mXTvaOq58aApZHbOXkjfhfbDwVLc3Bjs25RTwPrIWsIAKwX/3kGBu/AxMY0Wb07NTJmloyghXyX9HTSpFE3N+D/N7l3tVWX/n6tnybXZUsRqFSB6rG1tbIR1a+4GVp+//5BqD3kM0VXcBGmG3xpyDSDCLIVVEXY5GyYN1vEkdGhjGvmeOX02f1RKB3vh5V5M5RcsEYhGsS36zuGpaNhrGf4h+7HDzTIU9/1Xl1nPdFaQmDFTIiidpmn26+9CW+g2SPIPlPDTjgkYnTmXT+O8PHwjD7K5IOwDZUbbAFA1Lrdc9IlU412XoEdl5mDZkue1zwbLWf+qvNJbFX8sXHehpGS3HbJZGQqyBs/WGnME/zTep7mu3SAbJ/9lw9DubLAWm3eZ/MVjBNuE3yDINYwtRQMJcyCjqvOUaWeWaIkvESwPYK4f4DzXPSa187wG+9AlgF8f2wQOygxX1dsc+xQUYb6mjfKphwvQfA49LiS6QNKSqz15qqR0H8SkeLLJ7txSyPf5o/Vb8ElYF2R/Dsozjt09H5PLZg8Mx42byNjie81RXixtgWQpr4xblQ9zxj5IaMqOBw3U6yvkKqUNQd1pRUx/33LazNTVFgHRwpx+LutF/m3Ilc9LDSXQ2sLYadTLNM4H6sg88B3Ku0bJgNkN8dFdIsCjQkk9Mdt0ps7+1BSph400PLXGB8Ouast6dmU+lpkXpEGr/mWHaX4VEifmt6MFtiG9jSUTjA2VqhJ2qS66jKrnf1CuWF5qWbXjRlBXUK1jLibI8Is03eHlVAWQOFZcrfOpPq3o0OxUDbCLddsIsPCScNdGrBY2q9RllmuBZNg/W6T5m+X2KNwjQyVBQxBU34LaUg9GMhx5G6e5/2Gji8UiH7/fu4jgyKbpw9r0egwJJndmdSHGUdUQ49W56s9vPelsDJb08XuAjWQXFOdA1Kmsw9Dh45XsM/m10+4XbpvyJ7XmTYJAvhQMXLFqtS4GpKG69JRuO4n+L6rSLGlFzxmsEhm3QM9iDYz2US4Un+EjCOwvFtl/eeSBED1CLnNZf4IbflrasiyFM6IFES8MG62FqpfoichpMq3Dt3tPmAgGD89QmkCsMCq8pGj+3BeDc98BauK1JlOc3iObuBFb0NChpfWa1lZmLvdMib+Wp2pqytptC5Ad7o8p4gSVACx6up/YNr6I8YhsqGIHpFV7Jvk6nzQ19vdCSYcUt+o2i12lPTyUqO5WujSq7P41 |