File name:

perfmon.msc

Full analysis: https://app.any.run/tasks/892c7a99-744b-43ca-9a0a-81aa6a7ac5e3
Verdict: Malicious activity
Analysis date: August 30, 2024, 18:19:52
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: text/xml
File info: XML 1.0 document, ASCII text, with CRLF line terminators
MD5:

9BE46DD971FBA66D84567679D3D414EC

SHA1:

3DA0AA3222D3954485239FD3BAA2CBB0525E1468

SHA256:

02BC972C747171E9DDC1577538E4EACD417882C34086F042FFA9E8F18E7899A2

SSDEEP:

768:s4NfbQ87bPhOiGmfIktIpvRCmT9da92YYU:TNk87bQiGNfNRCmT9s

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads Internet Explorer settings

      • mmc.exe (PID: 5164)

    • Reads Microsoft Outlook installation path

      • mmc.exe (PID: 5164)

    • The process checks if it is being run in the virtual environment

      • mmc.exe (PID: 5164)
      • perfmon.exe (PID: 4100)
      • perfmon.exe (PID: 2816)

  • INFO

    • Creates files or folders in the user directory

      • mmc.exe (PID: 5164)

    • Reads Microsoft Office registry keys

      • mmc.exe (PID: 5164)

    • Checks proxy server information

      • mmc.exe (PID: 5164)

    • Reads CPU info

      • perfmon.exe (PID: 2816)
      • perfmon.exe (PID: 4100)

    • Reads the computer name

      • perfmon.exe (PID: 2816)
      • perfmon.exe (PID: 4100)

    • The process uses the downloaded file

      • mmc.exe (PID: 5164)

    • Checks supported languages

      • perfmon.exe (PID: 2816)
      • perfmon.exe (PID: 4100)

    • Reads the time zone

      • perfmon.exe (PID: 4100)
      • perfmon.exe (PID: 2816)

    • Reads security settings of Internet Explorer

      • mmc.exe (PID: 5164)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.msc | Microsoft Management Console Snap-in control file (91.8)
.xml | Generic XML (ASCII) (8.1)

EXIF

XMP

MMC_ConsoleFileConsoleVersion: 3
MMC_ConsoleFileProgramMode: User
MMC_ConsoleFileConsoleFileID: {17F345F5-4C85-4284-89D6-8868DB95E6F8}
MMC_ConsoleFileFrameStateShowStatusBar:
MMC_ConsoleFileFrameStateLogicalReadOnly:
MMC_ConsoleFileFrameStateWindowPlacementShowCommand: SW_SHOWNORMAL
MMC_ConsoleFileFrameStateWindowPlacementPointName: MinPosition
MMC_ConsoleFileFrameStateWindowPlacementPointX: -1
MMC_ConsoleFileFrameStateWindowPlacementPointY: -1
MMC_ConsoleFileFrameStateWindowPlacementRectangleName: NormalPosition
MMC_ConsoleFileFrameStateWindowPlacementRectangleTop: 17
MMC_ConsoleFileFrameStateWindowPlacementRectangleBottom: 732
MMC_ConsoleFileFrameStateWindowPlacementRectangleLeft: 13
MMC_ConsoleFileFrameStateWindowPlacementRectangleRight: 1013
MMC_ConsoleFileViewsViewId: 2
MMC_ConsoleFileViewsViewScopePaneWidth: 188
MMC_ConsoleFileViewsViewActionsPaneWidth: -1
MMC_ConsoleFileViewsViewBookMarkName: RootNode
MMC_ConsoleFileViewsViewBookMarkNodeID: 2
MMC_ConsoleFileViewsViewWindowPlacementWpfRestoretomaximized:
MMC_ConsoleFileViewsViewWindowPlacementShowCommand: SW_SHOWMAXIMIZED
MMC_ConsoleFileViewsViewWindowPlacementPointName: MinPosition
MMC_ConsoleFileViewsViewWindowPlacementPointX: -1
MMC_ConsoleFileViewsViewWindowPlacementPointY: -1
MMC_ConsoleFileViewsViewWindowPlacementRectangleName: NormalPosition
MMC_ConsoleFileViewsViewWindowPlacementRectangleTop: 22
MMC_ConsoleFileViewsViewWindowPlacementRectangleBottom: 461
MMC_ConsoleFileViewsViewWindowPlacementRectangleLeft: 22
MMC_ConsoleFileViewsViewWindowPlacementRectangleRight: 772
MMC_ConsoleFileViewsViewViewOptionsViewMode: Report
MMC_ConsoleFileViewsViewViewOptionsScopePaneVisible:
MMC_ConsoleFileViewsViewViewOptionsDescriptionBarVisible: -
MMC_ConsoleFileViewsViewViewOptionsDefaultColumn0Width: 200
MMC_ConsoleFileViewsViewViewOptionsDefaultColumn1Width: -
MMC_ConsoleFileVisualAttributesStringName: ApplicationTitle
MMC_ConsoleFileVisualAttributesStringId: 1
MMC_ConsoleFileVisualAttributesIconIndex: -
MMC_ConsoleFileVisualAttributesIconFile: %systemroot%\system32\wdc.dll
MMC_ConsoleFileVisualAttributesIconImageName: Large
MMC_ConsoleFileVisualAttributesIconImageBinaryRefIndex: -
MMC_ConsoleFileFavoritesFavoriteType: Group
MMC_ConsoleFileFavoritesFavoriteStringName: Name
MMC_ConsoleFileFavoritesFavoriteStringId: 2
MMC_ConsoleFileFavoritesFavoriteFavorites: -
MMC_ConsoleFileScopeTreeSnapinCacheSnapinClsid: {7478EF61-8C46-11D1-8D99-00A0C913CAD4}
MMC_ConsoleFileScopeTreeSnapinCacheSnapinAllExtensionsEnabled:
MMC_ConsoleFileScopeTreeNodesNodeId: 1
MMC_ConsoleFileScopeTreeNodesNodeImageIdx: -
MMC_ConsoleFileScopeTreeNodesNodeClsid: {C96401CC-0E17-11D3-885B-00C04F72C717}
MMC_ConsoleFileScopeTreeNodesNodePreload: -
MMC_ConsoleFileScopeTreeNodesNodeNodesNodeId: 2
MMC_ConsoleFileScopeTreeNodesNodeNodesNodeImageIdx: -
MMC_ConsoleFileScopeTreeNodesNodeNodesNodeClsid: {7478EF61-8C46-11D1-8D99-00A0C913CAD4}
MMC_ConsoleFileScopeTreeNodesNodeNodesNodePreload: -
MMC_ConsoleFileScopeTreeNodesNodeNodesNodeNodes: -
MMC_ConsoleFileScopeTreeNodesNodeNodesNodeStringName: Name
MMC_ConsoleFileScopeTreeNodesNodeNodesNodeStringId: 3
MMC_ConsoleFileScopeTreeNodesNodeNodesNodeBitmapsBinaryDataName: Small
MMC_ConsoleFileScopeTreeNodesNodeNodesNodeBitmapsBinaryDataBinaryRefIndex: 3
MMC_ConsoleFileScopeTreeNodesNodeNodesNodeComponentDatasComponentDataGuidName: Snapin
MMC_ConsoleFileScopeTreeNodesNodeNodesNodeComponentDatasComponentDataGuid: {7478EF61-8C46-11D1-8D99-00A0C913CAD4}
MMC_ConsoleFileScopeTreeNodesNodeNodesNodeComponentDatasComponentDataStreamBinaryRefIndex: 5
MMC_ConsoleFileScopeTreeNodesNodeNodesNodeComponents: -
MMC_ConsoleFileScopeTreeNodesNodeStringName: Name
MMC_ConsoleFileScopeTreeNodesNodeStringId: 4
MMC_ConsoleFileScopeTreeNodesNodeBitmapsBinaryDataName: Small
MMC_ConsoleFileScopeTreeNodesNodeBitmapsBinaryDataBinaryRefIndex: 6
MMC_ConsoleFileScopeTreeNodesNodeComponentDatasComponentDataGuidName: Snapin
MMC_ConsoleFileScopeTreeNodesNodeComponentDatasComponentDataGuid: {C96401CC-0E17-11D3-885B-00C04F72C717}
MMC_ConsoleFileScopeTreeNodesNodeComponentDatasComponentDataStreamBinaryRefIndex: 8
MMC_ConsoleFileScopeTreeNodesNodeComponents: -
MMC_ConsoleFileConsoleTaskpads: -
MMC_ConsoleFileViewSettingsCacheTargetViewViewID: 2
MMC_ConsoleFileViewSettingsCacheTargetViewNodeTypeGUID: {85084115-91FC-11D9-8D5C-00306EF44433}
MMC_ConsoleFileViewSettingsCacheViewSettingsFlag_TaskPadID:
MMC_ConsoleFileViewSettingsCacheViewSettingsAge: 1
MMC_ConsoleFileViewSettingsCacheViewSettingsGuid: {00000000-0000-0000-0000-000000000000}
MMC_ConsoleFileColumnSettingsCache: -
MMC_ConsoleFileStringTablesIdentifierPoolAbsoluteMin: 1
MMC_ConsoleFileStringTablesIdentifierPoolAbsoluteMax: 65535
MMC_ConsoleFileStringTablesIdentifierPoolNextAvailable: 5
MMC_ConsoleFileStringTablesStringTableGuid: {71E5B33E-1064-11D2-808F-0000F875A9CE}
MMC_ConsoleFileStringTablesStringTableStringsStringId: 1
MMC_ConsoleFileStringTablesStringTableStringsStringRefs: 1
MMC_ConsoleFileStringTablesStringTableStringsString: Performance Monitor
MMC_ConsoleFileBinaryStorageBinaryName: CONSOLE_FILE_ICON_LARGE
MMC_ConsoleFileBinaryStorageBinary: SUwBAQEABAAEACAAIAD/////IQD//////////0JNNgAAAAAAAAA2AAAAKAAAAIAAAAAgAAAAAQAg AAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAL22tf+tqqX/pZ6U/6WelP+1sq3/vbq1/87Pzv8AAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAApZ6U/5R8av+EbFn/jHBZ/4x4Yv+UgnL/nI56/6WShP+tnpT/vbKl/8a6tf+1sq3/AAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAraaU /3JcQf9iUDj/hHRq/6WinP+9vr3/zs/O/9bX1v/e29b/3tvW/87Lxv+9urX/tbKt/9bPzv/e29b/ ra6t/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIxwWf9ZRCj/ cnBq/622vf/Gz9b/xsvO/8bLzv/Gx8b/zs/O/9bX1v/e397/7+vn///79///+/f/1tfW/8bHxv/O y8b/ra6t/87Pzv8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMbDvf+EYEn/alxJ/5ymrf+t w87/nKq1/5ymrf+tsrX/tba9/73Dxv/Gy8b/zsvG/87Lxv/Gy8b/xsfG/97f3v////////f3/7W6 tf+1sq3/paal/8bHxv8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhGBJ/3p0av+1vs7/nKq1/4SS nP+cqq3/tb7G/8bHzv/Oz9b/1tfe/97f3v/v6+f/7+/v//fz7//v7+//ztvW/8bHxv/e397///f3 /8bHxv+lpqX/nJqU/9bTzv8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIxsUf+EdGr/vcPO/626xv+UnqX/pba9 /7W+xv/Gx87/vcfW/87P1v/W197/3t/n/+fn7//v7+////v3////////////5+fv/73Lxv/W19b/ 9/Pv/8bLxv+cmpT/lJKM/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACUfGr/hHBZ/7W6vf/Gx87/rba9/7W+zv+ltr3/ tb7O/7W+zv/Gx87/xs/e/87X3v/e3+f/5+fv/+/v7///9/f/////////////+/f/5+fv/8bHxv/e 397/7+fn/7W6vf+EhoT/paKc/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIRoUf+lpqX/ztfe/7W+xv/Gx87/tb7O/622xv+1 vs7/vcPO/73H1v/Gz9b/1tfe/9bj5//n5+//7/f///////////////f3///79///9+//3t/e/73L xv/n4+f/3tvW/5SalP+Egnr/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAACMeGL/jHxq/87P1v/W297/xsfO/73Dzv+9w87/cnh6/4SS nP+1y9b/vcvW/8bP3v/O1+f/1uPn/+fv9///9/f//////+fz7///+/f/hI6l/5yepf//9+//1tPO /8bLxv/n5+//vbq1/2psav+lopz/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAIxsUf+lopz/1tve/9bX3v/Oz9b/vcvW/5Sepf+UnqX/eoaM /5yqtf/Gz97/xtPe/87b5//e5+//7/v//9bf//9ZUNb/zsvG/722tf8AD9b/ACO9/9bLtf/v797/ xsfG/9bTzv/e29b/cnhy/4SCev8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAClnpT/jHBZ/7W6vf/e3+f/1tfe/9bb3v+9w8b/jI6U/7W+zv+EipT/ tcvW/73P3v/G1+f/ztvn/97r9///////QTf//wAArf/Gy8b/7+/e/yhQvf8AE///SVyM//fv3v/W 19b/vcO9/97f3v+UmpT/YmRi/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAIx8cv+Mgmr/xsvO/9bb3v/W197/1uPn/7W2tf+MkpT/hIqM/7W+zv+9 z97/vc/e/8bX5//O3+//5////73L9/8AALX/hIa9/+fv3v/n8+//zsu1/wAnrf8AJ5z/xsO1/97b 1v+9w73/ztPO/62urf9ZWFH/tba1/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAjHRi/5SKev/O09b/1tfe/9bX3v/W197/tba1/87X3v+cnqX/xtfn/73P 3v+9097/xtfn/9br9//v//f/IA///ygXzv/W49b/zuPn/9bb3v/n587/KFDO/wAX//+MkpT/3t/e /73Dvf+9w8b/vcPG/1FUSf+lopz/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAACMcFn/lJKE/87T1v/e397/1tfe/9bb3v+tsrX/zs/W/7W+xv/W4+f/xs/e /8bX5//O3+//zuv3/0FM7/8AAK3/rbK1/87j5//G097/xtPW/9bj1v9ifK3/ABf3/2J0lP/W29b/ vcPG/7W2vf+9w8b/UVRJ/5yalP8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAIxwWf+Ukoz/ztPW/9bX3v/e3+f/1tfe/6Wmpf+tsrX/xsvO/9bj5//O3+// zt/v/9br9/+92/f/KDP//ygvzv+9y8b/xtPe/73L1v+9y9b/ztPW/3KGnP8AF63/WWyM/87Tzv+1 w8b/pbK1/7W+xv9JUEn/nJqU/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAjHRi/4yKev/Oz9b/3t/e/9bj5//e397/tba9/9bb3v/Gy87/3uf3/97n9//W 5/f/5////3J89/8oH9b/tb7G/73T3v+1y9b/tcfW/73Dzv/G087/UWy1/wAX//9idJT/xtPO/7W+ zv+lrrX/rba9/0lIQf+lopz/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAACMfGr/jIJy/8bLzv/W197/3t/n/97n7/+1tr3/1tfe/7W2vf/n7/f/5+/3/+/3 ///W6///DwPn/5Satf/G297/tcvW/63D1v+lus7/tcfW/73Dvf8XO63/ABf3/4SSlP+9y87/pba9 /6Wutf+cqq3/SUhB/726tf8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAJyWjP+EcGL/vcO9/87T1v/n5+//5+fv/8bLzv+lpqX/vb7G/9bb3v//9/f///f3 /2pk9/9ZUL3/zuPn/7XL1v+tw9b/pbrO/6W6zv+tw9b/hJKc/2J0lP84THL/nKqt/63Dzv+cqrX/ nLbG/3qKjP9RVEn/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAxsO9/4RsWf+lqqX/xsvO/+fj5//n4+f/5+fv/7W2vf/n7/f/xsfO/+f////W3/// MCfW/8bT1v/e6+//ztvn/7XL1v+tw87/rcPW/4yerf9yhoz/pa61/3J4ev+ctsb/nLbG/4yerf+t w87/WWBZ/2psYv8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAlHxq/4SCev/Gy87/zs/W/+/v7//n7/f/ztPW/72+xv/Gy87/xsfG/1lY7/+c ns7/5/Pv/97n7//W4+f/1uPn/87b5/+9w87/lJ6l/6Wytf+Mlpz/rbrG/7XP3v+9y87/vcvW/626 xv9BRDj/paKc/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAClnpT/emhZ/7W6tf/Gy87/5+fv/+/v9///9/f/vcPO/72+vf+9y/f/WVDG/726 tf/G09b/ztPW/8bT1v+9w87/paqt/7XDxv/G097/nKal/8bHzv/G297/xtPe/8bP1v/O3+//anBy /1FUSf8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAClkoT/jIZ6/8bLzv/O197/7+/3/+/3////9/f/1tve/2Jgtf+cpq3/xsvO /87b5/+tsrX/tbq9/8bP1v+ttr3/rba9/6Wmpf+1y9b/xtPe/8bT3v/Gz9b/ztvn/5yqtf9BRDj/ paKc/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAL26tf+tnpT/paql/87T1v/e3+f///f3///39//Oz/f/rarW/8bDvf+tsrX/ vcPG/6Wutf+tsrX/rba9/6Wutf+ttr3/xs/e/87X3v/G097/xtPe/87X3v+9y9b/WVhR/3Jwav8A AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAL2ypf/GurX/rbK1/8bT1v/W4+f/7/f//97r9//n7/f/5+/3/9bj5//O 09b/xsvO/8bLzv/Gz9b/ztfe/87X3v/O197/xtPe/87X3v/W4+f/vcPO/2JkYv9ZWFH/AAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAMbDvf/W087/vb69/8bT1v/O09b/3uPn/+fn7//e5+//3uPn/97f 5//W4+f/1tve/87X5//O197/ztfe/9bj5//W4+f/ztfe/626xv9qbGr/YmBZ/wAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAM7Lxv/v6+f/rbK1/73Dvf+9y87/ztPW/87T1v/W197/1tfe /87X3v/O197/1tfe/97f5//e3+f/ztfe/73Dxv+Uopz/amxi/2psYv8AAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMbDvf/Oy8b/raql/5yepf+lqqX/tcPG/73Lzv/G087/ xs/W/8bT1v/Gz9b/xsfO/626xv+cpqX/hIqE/3Jwav+Egnr/AAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACtrq3/pZ6c/4yKhP96gnr/eoJ6/3qCev+E ioT/hIqE/4SKjP+EioT/eoJ6/3p4cv+Egnr/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJyalP+Egnr/enhy/3Jw av9yeHL/enhy/4yKev+tqqX/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABCTT4AAAAA AAAAPgAAACgAAACAAAAAIAAAAAEAAQAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAA////AP// //8AAAAAAAAAAAAAAAD/+A//AAAAAAAAAAAAAAAA/8AD/wAAAAAAAAAAAAAAAP8AAP8AAAAAAAAA AAAAAAD+AAA/AAAAAAAAAAAAAAAA+AAAHwAAAAAAAAAAAAAAAPgAAA8AAAAAAAAAAAAAAADwAAAP AAAAAAAAAAAAAAAA4AAABwAAAAAAAAAAAAAAAOAAAAcAAAAAAAAAAAAAAADAAAADAAAAAAAAAAAA AAAAwAAAAwAAAAAAAAAAAAAAAIAAAAMAAAAAAAAAAAAAAACAAAABAAAAAAAAAAAAAAAAgAAAAQAA AAAAAAAAAAAAAIAAAAEAAAAAAAAAAAAAAACAAAABAAAAAAAAAAAAAAAAgAAAAQAAAAAAAAAAAAAA AIAAAAEAAAAAAAAAAAAAAACAAAADAAAAAAAAAAAAAAAAgAAAAwAAAAAAAAAAAAAAAMAAAAMAAAAA AAAAAAAAAADAAAAHAAAAAAAAAAAAAAAA4AAABwAAAAAAAAAAAAAAAOAAAA8AAAAAAAAAAAAAAADw AAAfAAAAAAAAAAAAAAAA+AAAPwAAAAAAAAAAAAAAAPwAAH8AAAAAAAAAAAAAAAD+AAD/AAAAAAAA AAAAAAAA/4AD/wAAAAAAAAAAAAAAAP/wD/8AAAAAAAAAAAAAAAD/////AAAAAAAAAAAAAAAA
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
125
Monitored processes
4
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start mmc.exe perfmon.exe no specs perfmon.exe no specs mmc.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2816"C:\WINDOWS\system32\perfmon.exe" /res /load "C:\Users\admin\AppData\Local\resmon.resmoncfg"C:\Windows\System32\perfmon.exemmc.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Resource and Performance Monitor
Version:
10.00
Modules
Images
c:\windows\system32\perfmon.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\gdi32.dll
4100"C:\WINDOWS\system32\perfmon.exe" /res /load "C:\Users\admin\AppData\Local\resmon.resmoncfg"C:\Windows\System32\perfmon.exemmc.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Resource and Performance Monitor
Version:
10.00
Modules
Images
c:\windows\system32\perfmon.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\gdi32.dll
5164"C:\WINDOWS\system32\mmc.exe" C:\Users\admin\Desktop\perfmon.mscC:\Windows\System32\mmc.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Management Console
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\mmc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\acgenral.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
5704"C:\WINDOWS\system32\mmc.exe" C:\Users\admin\Desktop\perfmon.mscC:\Windows\System32\mmc.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Management Console
Exit code:
3221226540
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\mmc.exe
c:\windows\system32\ntdll.dll
Total events
14 489
Read events
14 467
Write events
22
Delete events
0

Modification events

(PID) Process:(5164) mmc.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\3c\52C64B7E
Operation:writeName:@C:\WINDOWS\system32\wdc.dll,-10021
Value:
Performance Monitor
(PID) Process:(5164) mmc.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(5164) mmc.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(5164) mmc.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(5164) mmc.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(5164) mmc.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(5164) mmc.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(5164) mmc.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(5164) mmc.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
Operation:writeName:Name
Value:
mmc.exe
(PID) Process:(5164) mmc.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
Operation:writeName:ID
Value:
Executable files
0
Suspicious files
0
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
5164mmc.exeC:\Users\admin\AppData\Local\resmon.resmoncfgtext
MD5:407AAB8C27CF7081EECE071C90A65B83
SHA256:568269850DBB3F5F52E0E38E3C0B29BE06C70C58FE425B39746F5CCEFDD668A4
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
30
DNS requests
17
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
6880
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6276
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2120
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
192.168.100.255:138
whitelisted
3888
svchost.exe
239.255.255.250:1900
whitelisted
4324
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2256
svchost.exe
224.0.0.252:5355
whitelisted
4
System
192.168.100.2:137
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
whitelisted
google.com
  • 142.250.181.238
whitelisted
1.c.c.1.2.2.2.4.b.4.b.3.4.1.4.b.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa
unknown
3.0.0.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa
unknown
b.f.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa
unknown
252.0.0.224.in-addr.arpa
unknown
2.100.168.192.in-addr.arpa
whitelisted
7.7.f.d.4.d.7.e.6.d.5.9.5.2.c.a.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa
unknown
2.e.0.5.7.6.7.8.a.5.c.a.0.2.3.d.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa
unknown
2.0.0.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
perfmon.msc