File name:

cryptosetup.dll

Full analysis: https://app.any.run/tasks/2f8aaff6-b7c0-4117-be88-265ae423ca39
Verdict: Malicious activity
Analysis date: April 20, 2024, 14:17:39
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5:

6AEAEBF650EFC93CD3B6670A05724FE8

SHA1:

A4FE07E6C678AC8D4DC095997DB5043668D103B4

SHA256:

C86891B9DF9FEEA2E98F50C9950CB446DB97A513AF0C23810F7CA818A6187329

SSDEEP:

384:r6grxDg4sMb73/wmziMZW3FWjqqUccW37cZtZmXlu/vbaqJWD66xhT2:lgjMb73tO1wCLW3MZmE/xWD64T2

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • rundll32.exe (PID: 3768)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • rundll32.exe (PID: 3768)

    • Reads the Internet Settings

      • wmplayer.exe (PID: 2032)
      • setup_wm.exe (PID: 3828)
      • wmplayer.exe (PID: 1264)

    • Reads security settings of Internet Explorer

      • wmplayer.exe (PID: 2032)
      • setup_wm.exe (PID: 3828)
      • wmplayer.exe (PID: 1264)

  • INFO

    • Manual execution by a user

      • wmplayer.exe (PID: 2032)
      • chrome.exe (PID: 2268)
      • msedge.exe (PID: 3896)
      • msedge.exe (PID: 2772)
      • cmd.exe (PID: 3672)
      • iexplore.exe (PID: 1784)

    • Checks supported languages

      • wmplayer.exe (PID: 2032)
      • setup_wm.exe (PID: 3828)
      • wmplayer.exe (PID: 1264)
      • wmpshare.exe (PID: 2632)

    • Reads the computer name

      • wmplayer.exe (PID: 2032)
      • setup_wm.exe (PID: 3828)
      • wmplayer.exe (PID: 1264)
      • wmpshare.exe (PID: 2632)

    • Create files in a temporary directory

      • setup_wm.exe (PID: 3828)
      • wmplayer.exe (PID: 1264)

    • Reads Environment values

      • setup_wm.exe (PID: 3828)
      • wmplayer.exe (PID: 1264)

    • Reads the machine GUID from the registry

      • setup_wm.exe (PID: 3828)
      • wmplayer.exe (PID: 1264)

    • Process checks computer location settings

      • setup_wm.exe (PID: 3828)
      • wmplayer.exe (PID: 1264)

    • Checks proxy server information

      • setup_wm.exe (PID: 3828)
      • wmplayer.exe (PID: 1264)

    • Application launched itself

      • chrome.exe (PID: 2268)
      • msedge.exe (PID: 3896)
      • msedge.exe (PID: 2772)
      • iexplore.exe (PID: 1784)

    • Creates files or folders in the user directory

      • wmplayer.exe (PID: 1264)

    • Drops the executable file immediately after the start

      • msedge.exe (PID: 3896)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (87.3)
.exe | Generic Win/DOS Executable (6.3)
.exe | DOS Executable Generic (6.3)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 1987:07:19 23:06:53+00:00
ImageFileCharacteristics: Executable, Large address aware, Removable run from swap, Net run from swap, DLL
PEType: PE32+
LinkerVersion: 14.2
CodeSize: 6656
InitializedDataSize: 9216
UninitializedDataSize: -
EntryPoint: 0x1df0
OSVersion: 10
ImageVersion: 10
SubsystemVersion: 6
Subsystem: Windows command line
FileVersionNumber: 10.0.19041.1
ProductVersionNumber: 10.0.19041.1
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Microsoft Corporation
FileDescription: Windows System Crypto Setup Module
FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
InternalName: CryptoSetup.dll
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFileName: CryptoSetup.dll
ProductName: Microsoft® Windows® Operating System
ProductVersion: 10.0.19041.1
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
75
Monitored processes
35
Malicious processes
2
Suspicious processes
1

Behavior graph

Click at the process to see the details
start rundll32.exe no specs wmplayer.exe no specs setup_wm.exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs chrome.exe no specs msedge.exe no specs msedge.exe no specs chrome.exe no specs msedge.exe no specs msedge.exe no specs unregmp2.exe no specs unregmp2.exe no specs wmplayer.exe wmpshare.exe no specs iexplore.exe iexplore.exe no specs iexplore.exe no specs msedge.exe no specs msedge.exe no specs cmd.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
796"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --disable-quic --mojo-platform-channel-handle=1620 --field-trial-handle=1160,i,8892299292547805695,5122955721245261307,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
876"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2268 --field-trial-handle=1348,i,11080770135785426725,7314502259403869611,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
880"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1236 --field-trial-handle=1348,i,11080770135785426725,7314502259403869611,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1168"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1588 --field-trial-handle=1348,i,11080770135785426725,7314502259403869611,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1264"C:\Program Files\Windows Media Player\wmplayer.exe" /Relaunch /prefetch:1C:\Program Files\Windows Media Player\wmplayer.exe
setup_wm.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player
Exit code:
3221225477
Version:
12.0.7601.23517 (win7sp1_ldr.160812-0732)
Modules
Images
c:\program files\windows media player\wmplayer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1556"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2300 --field-trial-handle=1160,i,8892299292547805695,5122955721245261307,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1584"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1580 --field-trial-handle=1348,i,11080770135785426725,7314502259403869611,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1784"C:\Program Files\Internet Explorer\iexplore.exe" -nohomeC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
2028"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1096 --field-trial-handle=1160,i,8892299292547805695,5122955721245261307,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
2032"C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:1C:\Program Files\Windows Media Player\wmplayer.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player
Exit code:
0
Version:
12.0.7601.23517 (win7sp1_ldr.160812-0732)
Modules
Images
c:\program files\windows media player\wmplayer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
Total events
30 366
Read events
29 729
Write events
508
Delete events
129

Modification events

(PID) Process:(2032) wmplayer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2032) wmplayer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(2032) wmplayer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(2032) wmplayer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(3828) setup_wm.exeKey:HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Preferences
Operation:delete valueName:UsageTracking
Value:
(PID) Process:(3828) setup_wm.exeKey:HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Preferences
Operation:delete valueName:ForceUsageTracking
Value:
(PID) Process:(3828) setup_wm.exeKey:HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Preferences
Operation:delete valueName:SQMLaunchIndex
Value:
(PID) Process:(3828) setup_wm.exeKey:HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Setup\UserOptions
Operation:writeName:DesktopShortcut
Value:
no
(PID) Process:(3828) setup_wm.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Multimedia\ActiveMovie\Filter Cache
Operation:writeName:0
Value:
8C5300006568636600000000000000000201000000000000010020003A00000040006400650076006900630065003A0064006D006F003A007B00320045004500420034004100440046002D0034003500370038002D0034004400310030002D0042004300410037002D004200420039003500350046003500360033003200300041007D007B00350037004600320044004200380042002D0045003600420042002D0034003500310033002D0039004400340033002D004400430044003200410036003500390033003100320035007D000000000040006400650076006900630065003A0064006D006F003A007B00350032003100300046003800450034002D0042003000420042002D0034003700430033002D0041003800440039002D003700420032003200380032004300430037003900450044007D007B00350037004600320044004200380042002D0045003600420042002D0034003500310033002D0039004400340033002D004400430044003200410036003500390033003100320035007D000000000040006400650076006900630065003A0064006D006F003A007B00380037003400310033003100430042002D0034004500430043002D0034003400330042002D0038003900340038002D003700340036004200380039003500390035004400320030007D007B00350037004600320044004200380042002D0045003600420042002D0034003500310033002D0039004400340033002D004400430044003200410036003500390033003100320035007D000000000040006400650076006900630065003A0064006D006F003A007B00420042004500450041003800340031002D0030004100360033002D0034004600350032002D0041003700410042002D004100390042003300410038003400450044003300380041007D007B00350037004600320044004200380042002D0045003600420042002D0034003500310033002D0039004400340033002D004400430044003200410036003500390033003100320035007D000000100040006400650076006900630065003A0064006D006F003A007B00320041003100310042004100450032002D0046004500360045002D0034003200340039002D0038003600340042002D003900450039004500440036004500380044004200430032007D007B00340041003600390042003400340032002D0032003800420045002D0034003900390031002D0039003600390043002D004200350030003000410044004600350044003800410038007D000000000040006400650076006900630065003A0064006D006F003A007B00370042004100460042003300420031002D0044003800460034002D0034003200370039002D0039003200350033002D003200370044004100340032003300310030003800440045007D007B00340041003600390042003400340032002D0032003800420045002D0034003900390031002D0039003600390043002D004200350030003000410044004600350044003800410038007D000000000040006400650076006900630065003A0064006D006F003A007B00380032004400330035003300440046002D0039003000420044002D0034003300380032002D0038004200430032002D003300460036003100390032004200370036004500330034007D007B00340041003600390042003400340032002D0032003800420045002D0034003900390031002D0039003600390043002D004200350030003000410044004600350044003800410038007D000000000040006400650076006900630065003A0064006D006F003A007B00430042004100390045003700380042002D0034003900410033002D0034003900450041002D0039003300440034002D003600420043004200410038004300340044004500300037007D007B00340041003600390042003400340032002D0032003800420045002D0034003900390031002D0039003600390043002D004200350030003000410044004600350044003800410038007D000000000040006400650076006900630065003A0064006D006F003A007B00460033003700310037003200380041002D0036003000350032002D0034004400340037002D0038003200370043002D004400300033003900330033003500440046004500300041007D007B00340041003600390042003400340032002D0032003800420045002D0034003900390031002D0039003600390043002D004200350030003000410044004600350044003800410038007D000000000040006400650076006900630065003A00730077003A007B00300038003300380036003300460031002D0037003000440045002D0031003100440030002D0042004400340030002D003000300041003000430039003100310043004500380036007D005C007B00310032003900440037004500340030002D0043003100300044002D0031003100440030002D0041004600420039002D003000300041004100300030004200360037004100340032007D000000000040006400650076006900630065003A00730077003A007B00300038003300380036003300460031002D0037003000440045002D0031003100440030002D0042004400340030002D003000300041003000430039003100310043004500380036007D005C007B00310036003400330045003100380030002D0039003000460035002D0031003100430045002D0039003700440035002D003000300041004100300030003500350035003900350041007D000000000040006400650076006900630065003A00730077003A007B00300038003300380036003300460031002D0037003000440045002D0031003100440030002D0042004400340030002D003000300041003000430039003100310043004500380036007D005C007B00310038003700340036003300410030002D0035004200420037002D0031003100440033002D0041004300420045002D003000300038003000430037003500450032003400360045007D000000000040006400650076006900630065003A00730077003A007B00300038003300380036003300460031002D0037003000440045002D0031003100440030002D0042004400340030002D003000300041003000430039003100310043004500380036007D005C007B00310042003500340034004300320030002D0046004400300042002D0031003100430045002D0038004300360033002D003000300041004100300030003400340042003500310045007D000000000040006400650076006900630065003A00730077003A007B00300038003300380036003300460031002D0037003000440045002D0031003100440030002D0042004400340030002D003000300041003000430039003100310043004500380036007D005C007B00310044004100300038003500300030002D0039004500440043002D0031003100430046002D0042004300310030002D003000300041004100300030004100430037003400460036007D000000000040006400650076006900630065003A00730077003A007B00300038003300380036003300460031002D0037003000440045002D0031003100440030002D0042004400340030002D003000300041003000430039003100310043004500380036007D005C007B00320031003200360039003000460042002D0038003300450035002D0034003500320036002D0038004600440037002D003700340034003700380042003700390033003900430044007D000000000040006400650076006900630065003A00730077003A007B00300038003300380036003300460031002D0037003000440045002D0031003100440030002D0042004400340030002D003000300041003000430039003100310043004500380036007D005C007B00320038003000410033003000320030002D0038003600430046002D0031003100440031002D0041004200450036002D003000300041003000430039003000350046003300370035007D000000000040006400650076006900630065003A00730077003A007B00300038003300380036003300460031002D0037003000440045002D0031003100440030002D0042004400340030002D003000300041003000430039003100310043004500380036007D005C007B00320046003700450045003400420036002D0036004600460035002D0034004500420034002D0042003200340041002D003200420046004300340031003100310037003100370031007D000000000040006400650076006900630065003A00730077003A007B00300038003300380036003300460031002D0037003000440045002D0031003100440030002D0042004400340030002D003000300041003000430039003100310043004500380036007D005C007B00330030003100300035003600440030002D0036004400460046002D0031003100440032002D0039004500450042002D003000300036003000300038003000330039004500330037007D000000000040006400650076006900630065003A00730077003A007B00300038003300380036003300460031002D0037003000440045002D0031003100440030002D0042004400340030002D003000300041003000430039003100310043004500380036007D005C007B00330033003600340037003500440030002D0039003400320041002D0031003100430045002D0041003800370030002D003000300041004100300030003200460045004100420035007D000000000040006400650076006900630065003A00730077003A007B00300038003300380036003300460031002D0037003000440045002D0031003100440030002D0042004400340030002D003000300041003000430039003100310043004500380036007D005C007B00330033004600410043004600450030002D0041003900420045002D0031003100440030002D0041003500320030002D003000300041003000440031003000310032003900430030007D000000000040006400650076006900630065003A00730077003A007B00300038003300380036003300460031002D0037003000440045002D0031003100440030002D0042004400340030002D003000300041003000430039003100310043004500380036007D005C007B00330037003000410031004400350044002D0044004400450042002D0034003100380043002D0038003100430044002D003100380039004500300044003400460041003400340033007D000000000040006400650076006900630065003A00730077003A007B00300038003300380036003300460031002D0037003000440045002D0031003100440030002D0042004400340030002D003000300041003000430039003100310043004500380036007D005C007B00330041004500380036004200320030002D0037004200450038002D0031003100440031002D0041004200450036002D003000300041003000430039003000350046003300370035007D000000000040006400650076006900630065003A00730077003A007B00300038003300380036003300460031002D0037003000440045002D0031003100440030002D0042004400340030002D003000300041003000430039003100310043004500380036007D005C007B00340038003000320035003200340033002D0032004400330039002D0031003100430045002D0038003700350044002D003000300036003000380043004200370038003000360036007D000000000040006400650076006900630065003A00730077003A007B00300038003300380036003300460031002D0037003000440045002D0031003100440030002D0042004400340030002D003000300041003000430039003100310043004500380036007D005C007B00340041003200320038003600450030002D0037004200450046002D0031003100430045002D0039004200440039002D003000300030003000450032003000320035003900390043007D000000000040006400650076006900630065003A00730077003A007B00300038003300380036003300460031002D0037003000440045002D0031003100440030002D0042004400340030002D003000300041003000430039003100310043004500380036007D005C007B00340045004200330031003600370030002D0039004600430036002D0031003100430046002D0041004600360045002D003000300041004100300030004200360037004100340032007D000000000040006400650076006900630065003A00730077003A007B00300038003300380036003300460031002D0037003000440045002D0031003100440030002D0042004400340030002D003000300041003000430039003100310043004500380036007D005C007B00360041003000380043004600380030002D0030004500310038002D0031003100430046002D0041003200340044002D003000300032003000410046004400370039003700360037007D000000000040006400650076006900630065003A00730077003A007B00300038003300380036003300460031002D0037003000440045002D0031003100440030002D0042004400340030002D003000300041003000430039003100310043004500380036007D005C007B00360042004300310043004600460041002D0038004600430031002D0034003200360031002D0041004300320032002D004300460042003400430043003300380044004200350030007D000000000040006400650076006900630065003A00730077003A007B00300038003300380036003300460031002D0037003000440045002D0031003100440030002D0042004400340030002D003000300041003000430039003100310043004500380036007D005C007B00360045003800440034004100320030002D0033003100300043002D0031003100440030002D0042003700390041002D003000300041004100300030003300370036003700410037007D000000000040006400650076006900630065003A00730077003A007B00300038003300380036003300460031002D0037003000440045002D0031003100440030002D0042004400340030002D003000300041003000430039003100310043004500380036007D005C007B00360046003200360041003600430044002D0039003600370042002D0034003700460044002D0038003700340041002D003700410045004400320043003900440032003500410032007D000000000040006400650076006900630065003A00730077003A007B00300038003300380036003300460031002D0037003000440045002D0031003100440030002D0042004400340030002D003000300041003000430039003100310043004500380036007D005C007B00370030004500310030003200420030002D0035003500350036002D0031003100430045002D0039003700430030002D003000300041004100300030003500350035003900350041007D000000000040006400650076006900630065003A00730077003A007B00300038003300380036003300460031002D0037003000440045002D0031003100440030002D0042004400340030002D003000300041003000430039003100310043004500380036007D005C007B00370043003200330032003200300045002D0035003500420042002D0031003100440033002D0038004200310036002D003000300043003000340046004200360042004400330044007D000000000040006400650076006900630065003A00730077003A007B00300038003300380036003300460031002D0037003000440045002D0031003100440030002D0042004400340030002D003000300041003000430039003100310043004500380036007D005C007B00380031003400420039003800300030002D0031004300380038002D0031003100440031002D0042004100440039002D003000300036003000390037003400340031003100310041007D000000000040006400650076006900630065003A00730077003A007B00300038003300380036003300460031002D0037003000440045002D0031003100440030002D0042004400340030002D003000300041003000430039003100310043004500380036007D005C007B00380038004500420043003100450045002D0046003900300041002D0034003800340041002D0042003900430035002D003800460039004300300046003300370041003800320038007D000000000040006400650076006900630065003A00730077003A007B00300038003300380036003300460031002D0037003000440045002D0031003100440030002D0042004400340030002D003000300041003000430039003100310043004500380036007D005C007B00380041003500310044004300320037002D0035004100330035002D0034004500300032002D0039003500410033002D003400320038004200430036003200340034004100330043007D000000000040006400650076006900630065003A00730077003A007B00300038003300380036003300460031002D0037003000440045002D0031003100440030002D0042004400340030002D003000300041003000430039003100310043004500380036007D005C007B00390046003200320043004600450041002D0043004500300037002D0034003100610062002D0038004200410030002D004300370033003600340041004600390030004100460039007D000000000040006400650076006900630065003A00730077003A007B00300038003300380036003300460031002D0037003000440045002D0031003100440030002D0042004400340030002D003000300041003000430039003100310043004500380036007D005C007B00410038003800380044004600360030002D0031004500390030002D0031003100430046002D0041004300390038002D003000300041004100300030003400430030004600410039007D000000000040006400650076006900630065003A00730077003A007B00300038003300380036003300460031002D0037003000440045002D0031003100440030002D0042004400340030002D003000300041003000430039003100310043004500380036007D005C007B00410042003900440036003400370032002D0037003500320046002D0034003300460036002D0042003200390045002D003600310032003000370042004400410038004500300036007D000000000040006400650076006900630065003A00730077003A007B00300038003300380036003300460031002D0037003000440045002D0031003100440030002D0042004400340030002D003000300041003000430039003100310043004500380036007D005C007B00410046004200360043003200380030002D0032004300340031002D0031003100440033002D0038004100360030002D003000300030003000460038003100450030004500340041007D000000000040006400650076006900630065003A00730077003A007B00300038003300380036003300460031002D0037003000440045002D0031003100440030002D0042004400340030002D003000300041003000430039003100310043004500380036007D005C007B00420031004200370037004300300030002D0043003300450034002D0031003100430046002D0041004600370039002D003000300041004100300030004200360037004100340032007D000000000040006400650076006900630065003A00730077003A007B00300038003300380036003300460031002D0037003000440045002D0031003100440030002D0042004400340030002D003000300041003000430039003100310043004500380036007D005C007B00430036003600360045003100310035002D0042004200360032002D0034003000320037002D0041003100310033002D003800320044003600340033004600450032004400390039007D000000000040006400650076006900630065003A00730077003A007B00300038003300380036003300460031002D0037003000440045002D0031003100440030002D0042004400340030002D003000300041003000430039003100310043004500380036007D005C007B00430046003400390044003400450030002D0031003100310035002D0031003100430045002D0042003000330041002D003000300032003000410046003000420041003700370030007D000000000040006400650076006900630065003A00730077003A007B00300038003300380036003300460031002D0037003000440045002D0031003100440030002D0042004400340030002D003000300041003000430039003100310043004500380036007D005C007B00440033003500380038004100420030002D0030003700380031002D0031003100430045002D0042003000330041002D003000300032003000410046003000420041003700370030007D000000000040006400650076006900630065003A00730077003A007B00300038003300380036003300460031002D0037003000440045002D0031003100440030002D0042004400340030002D003000300041003000430039003100310043004500380036007D005C007B00440035003100420044003500410031002D0037003500340038002D0031003100430046002D0041003500320030002D003000300038003000430037003700450046003500380041007D000000000040006400650076006900630065003A00730077003A007B00300038003300380036003300460031002D0037003000440045002D0031003100440030002D0042004400340030002D003000300041003000430039003100310043004500380036007D005C007B00440035003100420044003500410032002D0037003500340038002D0031003100430046002D0041003500320030002D003000300038003000430037003700450046003500380041007D000000000040006400650076006900630065003A00730077003A007B00300038003300380036003300460031002D0037003000440045002D0031003100440030002D0042004400340030002D003000300041003000430039003100310043004500380036007D005C007B00440035003100420044003500410033002D0037003500340038002D0031003100430046002D0041003500320030002D003000300038003000430037003700450046003500380041007D000000000040006400650076006900630065003A00730077003A007B00300038003300380036003300460031002D0037003000440045002D0031003100440030002D0042004400340030002D003000300041003000430039003100310043004500380036007D005C007B00440035003100420044003500410035002D0037003500340038002D0031003100430046002D0041003500320030002D003000300038003000430037003700450046003500380041007D000000000040006400650076006900630065003A00730077003A007B00300038003300380036003300460031002D0037003000440045002D0031003100440030002D0042004400340030002D003000300041003000430039003100310043004500380036007D005C007B00450031004600310041003000420038002D0042004500450045002D0034003900300044002D0042004100370043002D003000360036004300340030004200350045003200420039007D000000000040006400650076006900630065003A00730077003A007B00300038003300380036003300460031002D0037003000440045002D0031003100440030002D0042004400340030002D003000300041003000430039003100310043004500380036007D005C007B00450034003200300036003400330032002D0030003100410031002D0034004200450045002D0042003300450031002D003300370030003200430038004500440043003500370034007D000000000040006400650076006900630065003A00730077003A007B00300038003300380036003300460031002D0037003000440045002D0031003100440030002D0042004400340030002D003000300041003000430039003100310043004500380036007D005C007B00450034003300360045004200420035002D0035003200340046002D0031003100430045002D0039004600350033002D003000300032003000410046003000420041003700370030007D000000000040006400650076006900630065003A00730077003A007B00300038003300380036003300460031002D0037003000440045002D0031003100440030002D0042004400340030002D003000300041003000430039003100310043004500380036007D005C007B00450034003300360045004200420036002D0035003200340046002D0031003100430045002D0039004600350033002D003000300032003000410046003000420041003700370030007D000000000040006400650076006900630065003A00730077003A007B00300038003300380036003300460031002D0037003000440045002D0031003100440030002D0042004400340030002D003000300041003000430039003100310043004500380036007D005C007B00460045004200350030003700340030002D0037004200450046002D0031003100430045002D0039004200440039002D003000300030003000450032003000320035003900390043007D000000000040006400650076006900630065003A00730077003A007B00340041003500360041004600330032002D0043003200310046002D0031003100440042002D0039003600460041002D003000300035003000350036004300300030003000300038007D005C005000420044004100200044005400460069006C00740065007200000040006400650076006900630065003A0063006D003A007B00340045004600450032003400350032002D0031003600380041002D0031003100440031002D0042004300370036002D003000300043003000340046004200390034003500330042007D005C00440065006600610075006C00740020004D006900640069004F007500740020004400650076006900630065000000000040006400650076006900630065003A00730077003A007B00390043003200340041003900370037002D0030003900350031002D0034003500310041002D0038003000300036002D003000450034003900420044003200380043004400350046007D005C00560042004900200043006F00640065006300000040006400650076006900630065003A00730077003A007B00410032004500330030003700340046002D0036004300330044002D0031003100440033002D0042003600350033002D003000300043003000340046003700390034003900380045007D005C0042004400410020004D00500045004700320020005400720061006E00730070006F0072007400200049006E0066006F0072006D006100740069006F006E002000460069006C007400650072000000000040006400650076006900630065003A00730077003A007B00410032004500330030003700340046002D0036004300330044002D0031003100440033002D0042003600350033002D003000300043003000340046003700390034003900380045007D005C004D005000450047002D0032002000530065006300740069006F006E007300200061006E00640020005400610062006C00650073000000000040006400650076006900630065003A00730077003A007B00430034004300340043003400460043002D0030003000340039002D0034004500320042002D0039003800460042002D003900350033003700460036004300450035003100360044007D005C0044006500630072007900700074002F00540061006700000040006400650076006900630065003A0063006D003A007B00450030004600310035003800450031002D0043004200300034002D0031003100440030002D0042004400340045002D003000300041003000430039003100310043004500380036007D005C00440065006600610075006C007400200044006900720065006300740053006F0075006E00640020004400650076006900630065000000000074616466020000000008800002000000000000003070693300000000000000000400000000000000000000003074793300000000082200001822000031747933000000000822000028220000327479330000000008220000382200003374793300000000082200004822000031706933080000000000000002000000000000000000000030747933000000000822000058220000317479330000000008220000682200000200000000086000020000000000000030706933000000000000000001000000000000000000000030747933000000000822000038220000317069330800000000000000010000000000000000000000307479330000000008220000782200000200000000086000020000000000000030706933000000000000000002000000000000000000000030747933000000000822000088220000317479330000000008220000982200003170693308000000000000000100000000000000000000003074793300000000082200005822000002000000000860000200000000000000307069330000000000000000010000000000000000000000307479330000000008220000A822000031706933080000000000000001000000000000000000000030747933000000000822000058220000020000000100800002000000000000003070693300000000000000000A00000000000000000000003074793300000000B8220000C82200003174793300000000B8220000D82200003274793300000000B8220000E82200003374793300000000B8220000F82200003474793300000000B8220000082300003574793300000000B8220000182300003674793300000000B8220000282300003774793300000000B8220000382300003874793300000000B8220000482300003974793300000000B8220000582300003170693308000000000000000A00000000000000000000003074793300000000B8220000682300003174793300000000B8220000782300003274793300000000B8220000882300003374793300000000B8220000982300003474793300000000B8220000A82300003574793300000000B8220000B82300003674793300000000B8220000C82300003774793300000000B8220000D82300003874793300000000B8220000E82300003974793300000000B8220000F8230000020000000008600002000000000000003070693300000000000000000200000000000000000000003074793300000000B8220000082400003174793300000000B8220000182400003170693308000000000000000600000000000000000000003074793300000000B8220000D82300003174793300000000B8220000C82300003274793300000000B8220000282400003374793300000000B8220000E82300003474793300000000B8220000F82300003574793300000000B822000038240000020000000100800002000000000000003070693300000000000000000700000000000000000000003074793300000000B8220000482400003174793300000000B8220000582400003274793300000000B8220000682400003374793300000000B8220000782400003474793300000000B8220000882400003574793300000000B8220000982400003674793300000000B8220000A82400003170693308000000000000000A00000000000000000000003074793300000000B8220000682300003174793300000000B8220000782300003274793300000000B8220000882300003374793300000000B8220000982300003474793300000000B8220000A82300003574793300000000B8220000B82300003674793300000000B8220000C82300003774793300000000B8220000D82300003874793300000000B8220000E82300003974793300000000B8220000F8230000020000000100800002000000000000003070693300000000000000000200000000000000000000003074793300000000B8220000B82400003174793300000000B8220000C82400003170693308000000000000000900000000000000000000003074793300000000B8220000782300003174793300000000B8220000882300003274793300000000B8220000982300003374793300000000B8220000A82300003474793300000000B8220000C82300003574793300000000B8220000D82300003674793300000000B8220000E82300003774793300000000B8220000F82300003874793300000000B822000038240000020000000100800002000000000000003070693300000000000000000400000000000000000000003074793300000000B8220000D82400003174793300000000B8220000E82400003274793300000000B8220000F82400003374793300000000B8220000082500003170693308000000000000000900000000000000000000003074793300000000B8220000782300003174793300000000B8220000882300003274793300000000B8220000982300003374793300000000B8220000A82300003474793300000000B8220000C82300003574793300000000B8220000D82300003674793300000000B8220000E82300003774793300000000B8220000F82300003874793300000000B82200003824000002000000000040000000000000000000020000000100400002000000000000003070693300000000000000000600000000000000000000003074793300000000B8220000382400003174793300000000B8220000F82300003274793300000000B8220000E82300003374793300000000B8220000D82300003474793300000000B8220000C82300003574793300000000B8220000282400003170693308000000000000000600000000000000000000003074793300000000B8220000382400003174793300000000B8220000F82300003274793300000000B8220000E82300003374793300000000B8220000D82300003474793300000000B8220000C82300003574793300000000B8220000282400000200000000004000000000000000000002000000000060000200000000000000307069330000000000000000010000000000000000000000307479330000000018250000282500003170693308000000000000000100000000000000000000003074793300000000B822000038250000020000000000400002000000000000003070693300000000000000000100000000000000000000003074793300000000B8220000382400003170693308000000000000000100000000000000000000003074793300000000B82200004825000002000000FFFF5F0006000000000000003070693300000000000000000A0000000000000000000000307479330000000058250000682500003174793300000000B822000068250000327479330000000078250000682500003374793300000000B8220000882500003474793300000000B8220000982500003574793300000000B8220000A82500003674793300000000B8220000B82500003774793300000000B8220000C82500003874793300000000B8220000D82500003974793300000000B8220000E8250000317069330000000000000000010000000000000000000000307479330000000058250000F82500003270693308000000000000000A00000000000000000000003074793300000000B8220000082600003174793300000000B8220000182600003274793300000000B8220000B82300003374793300000000B8220000282600003474793300000000B8220000782300003574793300000000B8220000682300003674793300000000B8220000382600003774793300000000B8220000482600003874793300000000B8220000582600003974793300000000B822000068260000337069330800000000000000010000000000000000000000307479330000000078260000882600003470693308000000000000000400000000000000000000003074793300000000B8220000982600003174793300000000B8220000A82600003274793300000000B8220000B82600003374793300000000B8220000282400003570693308000000000000000A00000000000000000000003074793300000000B8220000082600003174793300000000B8220000182600003274793300000000B8220000B82300003374793300000000B8220000282600003474793300000000B8220000782300003574793300000000B8220000682300003674793300000000B8220000382600003774793300000000B8220000482600003874793300000000B8220000582600003974793300000000B82200006826000002000000000060000200000000000000307069330900000000000000010000000000000000000000307479330000000008220000C8260000317069330000000000000000010000000000000000000000307479330000000018250000C8260000020000000100200001000000000000003070693302000000000000000200000000000000000000003074793300000000D8260000382500003174793300000000E826000038250000020000000000600002000000000000003070693300000000000000000100000000000000000000003074793300000000B8220000F82600003170693308000000000000000100000000000000000000003074793300000000B822000038250000020000000000600003000000000000003070693300000000000000000400000000000000000000003074793300000000182500000827000031747933000000001825000018270000327479330000000018250000282700003374793300000000182500003827000031706933090000000000000002000000000000000000000030747933000000000822000088250000317479330000000008220000482700003270693309000000000000000200000000000000000000003074793300000000B8220000882500003174793300000000B822000098250000020000000000400002000000000000003070693300000000000000000100000000000000000000003074793300000000182500005827000031706933080000000000000001000000000000000000000030747933000000006827000038250000020000000000600005000000000000003070693300000000000000000100000000000000000000003074793300000000782700008827000031706933080000000000000001000000000000000000000030747933000000007827000098270000327069330800000000000000010000000000000000000000307479330000000078270000A8270000337069330800000000000000010000000000000000000000307479330000000078270000B8270000347069330800000000000000010000000000000000000000307479330000000078260000C827000002000000FFFF5F000100000000000000307069330000000000000000020000000000000000000000307479330000000018250000D827000031747933000000001825000028270000020000000100800001000000000000003070693302000000000000000200000000000000000000003074793300000000E827000038250000317479330000000068270000382500000200000001006803020000000000000030706933000000000000000003000000000000000000000030747933000000000822000088250000317479330000000008220000982500003274793300000000082200004827000031706933080000000000000001000000000000000000000030747933000000000822000058220000020000000000600003000000000000003070693300000000000000000300000000000000000000003074793300000000F8270000082800003174793300000000F8270000182800003274793300000000F827000028280000317069330900000000000000010000000000000000000000307479330000000008220000582200003270693309000000000000000100000000000000000000003074793300000000B822000038250000020000000000600002000000000000003070693300000000000000000100000000000000000000003074793300000000082200003825000031706933080000000000000001000000000000000000000030747933000000000822000038250000020000000100800001000000000000003070693302000000000000000100000000000000000000003074793300000000B82200003825000002000000000060000200000000000000307069330000000000000000010000000000000000000000307479330000000078260000382500003170693308000000000000000100000000000000000000003074793300000000B822000038250000020000000000600003000000000000003070693300000000000000000100000000000000000000003074793300000000B8220000382800003170693300000000000000000100000000000000000000003074793300000000B8220000482800003270693308000000000000000100000000000000000000003074793300000000B822000038250000020000000000400001000000000000003070693302000000000000000100000000000000000000003074793300000000B82200003825000002000000000040000000000000000000020000000000600002000000000000003070693300000000000000000100000000000000000000003074793300000000B822000048280000317069330800000000000000010000000000000000000000307479330000000038250000382500000200000000006000010000000000000030706933020000000000000001000000000000000000000030747933000000005828000068280000020000000000600002000000000000003070693300000000000000000100000000000000000000003074793300000000582800006828000031706933080000000000000001000000000000000000000030747933000000005828000068280000020000000100200001000000000000003070693302000000000000000100000000000000000000003074793300000000782500007828000002000000640060000A000000000000003070693300000000000000000100000000000000000000003074793300000000B8220000F82600003170693300000000000000000100000000000000000000003074793300000000B8220000882800003270693300000000000000000100000000000000000000003074793300000000B8220000982800003370693300000000000000000100000000000000000000003074793300000000B8220000A82800003470693300000000000000000100000000000000000000003074793300000000B8220000B82800003570693300000000000000000100000000000000000000003074793300000000B8220000C82800003670693300000000000000000100000000000000000000003074793300000000B8220000D82800003770693300000000000000000100000000000000000000003074793300000000B8220000E82800003870693300000000000000000100000000000000000000003074793300000000B8220000F82800003970693308000000000000000100000000000000000000003074793300000000B82200003825000002000000FFFFFFFF010000000000000030706933020000000000000001000000000000000000000030747933000000003825000038250000020000000000600002000000000000003070693300000000000000000300000000000000000000003074793300000000182500000829000031747933000000001825000018290000327479330000000018250000D8270000317069330800000000000000000000000000000000000000020000000000800002000000000000003070693300000000000000000200000000000000000000003074793300000000B8220000082800003174793300000000B8220000282900003170693308000000000000000100000000000000000000003074793300000000B82200003825000002000000FFFF5F00010000000000000030706933000000000000000001000000000000000000000030747933000000005828000038290000020000000000600002000000000000003070693300000000000000000100000000000000000000003074793300000000B8220000382500003170693308000000000000000100000000000000000000003074793300000000B82200003825000002000000000040000200000000000000307069330D000000000000000100000000000000000000003074793300000000B822000038250000317069330D000000000000000100000000000000000000003074793300000000082200003825000002000000000040000200000000000000307069330000000000000000030000000000000000000000307479330000000018250000482900003174793300000000182500005829000032747933000000001825000068290000317069330800000000000000010000000000000000000000307479330000000008220000382500000200000000004000020000000000000030706933000000000000000001000000000000000000000030747933000000001825000078290000317069330800000000000000010000000000000000000000307479330000000078290000382500000200000000004000020000000000000030706933000000000000000001000000000000000000000030747933000000001825000088290000317069330C000000000000000100000000000000000000003074793300000000382500003825000002000000000040000200000000000000307069330000000000000000010000000000000000000000307479330000000098290000382500003170693308000000000000000100000000000000000000003074793300000000382500003825000002000000FFFF5F0002000000000000003070693300000000000000001A0000000000000000000000307479330000000058250000C8260000317479330000000058250000A8290000327479330000000058250000B8290000337479330000000058250000C8290000347479330000000078250000C8260000357479330000000078250000A8290000367479330000000078250000B8290000377479330000000078250000C829000038747933000000000822000098250000397479330000000008220000382700003A7479330000000008220000482700003B7479330000000008220000A82900003C7479330000000008220000B82900003D7479330000000008220000D82900003E7479330000000018250000382700003F7479330000000018250000A8290000407479330000000018250000C8260000417479330000000018250000E8290000427479330000000008220000C8260000437479330000000008220000F8290000447479330000000008220000E8290000457479330000000018250000082A0000467479330000000018250000182A0000477479330000000008220000282A0000487479330000000008220000082A0000497479330000000008220000182A0000317069330800000000000000040000000000000000000000307479330000000008220000382A0000317479330000000008220000482A0000327479330000000008220000682200003374793300000000082200005822000002000000020060000200000000000000307069330000000000000000010000000000000000000000307479330000000078260000382500003170693308000000000000000100000000000000000000003074793300000000B82200003825000002000000000040000100000000000000307069330800000000000000010000000000000000000000307479330000000018250000382500000200000000004000010000000000000030706933080000000000000001000000000000000000000030747933000000001825000038250000020000000100004002000000000000003070693300000000000000000200000000000000000000003074793300000000B8220000882500003174793300000000B8220000982500003170693308000000000000000100000000000000000000003074793300000000B82200003825000002000000000060000200000000000000307069330000000000000000040000000000000000000000307479330000000008220000582A00003174793300000000B8220000582A00003274793300000000D8260000582A0000337479330000000058280000582A00003170693308000000000000000E00000000000000000000003074793300000000B8220000682500003174793300000000B8220000A825000032747933000000000822000098250000337479330000000008220000C8260000347479330000000008220000A8290000357479330000000008220000082A0000367479330000000008220000182A000037747933000000005828000038290000387479330000000058280000682A0000397479330000000058280000682800003A7479330000000078250000982700003B7479330000000078250000782800003C7479330000000078250000782A00003D7479330000000078250000882A00000200000000008000010000000000000030706933020000000000000001000000000000000000000030747933000000007829000038250000020000000000600005000000000000003070693300000000000000000100000000000000000000003074793300000000782700008827000031706933080000000000000001000000000000000000000030747933000000007827000098270000327069330800000000000000010000000000000000000000307479330000000078270000A8270000337069330800000000000000010000000000000000000000307479330000000078270000B8270000347069330800000000000000010000000000000000000000307479330000000078260000C82700000200000000006000020000000000000030706933000000000000000001000000000000000000000030747933000000005828000038250000317069330000000000000000010000000000000000000000307479330000000058280000982A0000020000000000600001000000000000003070693300000000000000000100000000000000000000003074793300000000582800003829000002000000000060000200000000000000307069330000000000000000030000000000000000000000307479330000000008220000A82A00003174793300000000B8220000A82A0000327479330000000078260000A82A00003170693308000000000000000A00000000000000000000003074793300000000B82200006825000031747933000000000822000098250000327479330000000008220000C8260000337479330000000008220000A8290000347479330000000008220000082A0000357479330000000008220000182A000036747933000000005828000038290000377479330000000058280000682A000038747933000000007825000098270000397479330000000078250000782800000200000000008000010000000000000030706933020000000000000013000000000000000000000030747933000000000822000058220000317479330000000008220000B82A000032747933000000000822000068220000337479330000000008220000C82A0000347479330000000008220000D82A0000357479330000000008220000E82A0000367479330000000008220000F82A0000377479330000000008220000082B0000387479330000000008220000182B0000397479330000000008220000282B00003A7479330000000008220000382B00003B7479330000000008220000482B00003C7479330000000008220000582B00003D7479330000000008220000682B00003E7479330000000008220000782B00003F7479330000000008220000882B0000407479330000000008220000482A0000417479330000000008220000382A0000427479330000000008220000782200006175647300001000800000AA00389B716001000000001000800000AA00389B716101000000001000800000AA00389B716201000000001000800000AA00389B716301000000001000800000AA00389B710100000000001000800000AA00389B710300000000001000800000AA00389B716401000000001000800000AA00389B710A00000000001000800000AA00389B710B00000000001000800000AA00389B715500000000001000800000AA00389B717669647300001000800000AA00389B716D70347300001000800000AA00389B714D50345300001000800000AA00389B716D34733200001000800000AA00389B714D34533200001000800000AA00389B714D50345600001000800000AA00389B716D70347600001000800000AA00389B715856494400001000800000AA00389B717876696400001000800000AA00389B714449565800001000800000AA00389B714458353000001000800000AA00389B715956313200001000800000AA00389B715955593200001000800000AA00389B715559565900001000800000AA00389B715956595500001000800000AA00389B714E56313100001000800000AA00389B714E56313200001000800000AA00389B717EEB36E44F52CE119F530020AF0BA7707DEB36E44F52CE119F530020AF0BA7707BEB36E44F52CE119F530020AF0BA7707CEB36E44F52CE119F530020AF0BA7704D53533100001000800000AA00389B714D53533200001000800000AA00389B71C09A3C777432D011B72400AA006C1A017AEB36E44F52CE119F530020AF0BA770574D563100001000800000AA00389B71574D563200001000800000AA00389B71574D563300001000800000AA00389B71574D564100001000800000AA00389B715756433100001000800000AA00389B71574D565000001000800000AA00389B715756503200001000800000AA00389B716D70343300001000800000AA00389B714D50343300001000800000AA00389B714D50473400001000800000AA00389B716D70673400001000800000AA00389B716D70343200001000800000AA00389B714D50343200001000800000AA00389B7183EB36E44F52CE119F530020AF0BA77088EB36E44F52CE119F530020AF0BA7700000000000000000000000000000000079EB36E44F52CE119F530020AF0BA7706A910BED4D04D111AA7800C04FC31D6026806DE046DBCF11B4D100805F6CBBEA20806DE046DBCF11B4D100805F6CBBEA80EB36E44F52CE119F530020AF0BA77081EB36E44F52CE119F530020AF0BA7704832363400001000800000AA00389B716832363400001000800000AA00389B714156433100001000800000AA00389B715832363400001000800000AA00389B717832363400001000800000AA00389B712D806DE046DBCF11B4D100805F6CBBEA0ABE811BC7A0D311B98400C04F2E73C50CBE811BC7A0D311B98400C04F2E73C54934323000001000800000AA00389B71494D433400001000800000AA00389B71494D433300001000800000AA00389B715333343000001000800000AA00389B714E56323400001000800000AA00389B7180EA0A67823AD011B79B00AA003767A7234A8D6E0C31D011B79A00AA003767A74149343400001000800000AA00389B714159555600001000800000AA00389B71E615646E245C5F4293CD80102B3D1CCA2C806DE046DBCF11B4D100805F6CBBEA898A8BB849B0804CADCF5898985E22C1CB4A2611DE37BA4E8C357F04A1A683324D4A504700001000800000AA00389B7184EB36E44F52CE119F530020AF0BA77085EB36E44F52CE119F530020AF0BA77086EB36E44F52CE119F530020AF0BA77087EB36E44F52CE119F530020AF0BA7705000000000001000800000AA00389B71E0CFFA33BEA9D011A52000A0D10129C07478747300001000800000AA00389B71E1762AF70AEBD011ACE40000C0CC16BAA0D920CA3E3ED1119BF900C04FBBDEBFE3762AF70AEBD011ACE40000C0CC16BA20F6B3A192978D4D81A486AF2577209076D591277A8E6F469E905D3F3083738B224A8D6E0C31D011B79A00AA003767A722806DE046DBCF11B4D100805F6CBBEA646D637300001000800000AA00389B716961767300001000800000AA00389B716476736400001000800000AA00389B716476686400001000800000AA00389B716476736C00001000800000AA00389B71406A9B5A221AD111BAD900609744111A416A9B5A221AD111BAD900609744111A6C175F45064BCE479AEF8CAEF73DF7B579859F4AF86B92438A6DD2DD09FA7861C3CBFF34B3D571419002D4C60301697F54564D4A00001000800000AA00389B7157414B4500001000800000AA00389B714346434300001000800000AA00389B71494A504700001000800000AA00389B71506C756D00001000800000AA00389B714456435300001000800000AA00389B714456534400001000800000AA00389B714D44564600001000800000AA00389B7123806DE046DBCF11B4D100805F6CBBEA42B3AEF42903DD4FA8FD4AFF4926C9786476632000001000800000AA00389B715BE592C82D25B542A316D997E7A5D9958BEB36E44F52CE119F530020AF0BA7708CEB36E44F52CE119F530020AF0BA7708DEB36E44F52CE119F530020AF0BA7706D69647300001000800000AA00389B71A3D51BD54875CF11A5200080C77EF58A66696C6500001000800000AA00389B712B806DE046DBCF11B4D100805F6CBBEA32806DE046DBCF11B4D100805F6CBBEA33806DE046DBCF11B4D100805F6CBBEA0120000000001000800000AA00389B71AF87FBA7022DFB42A4D405CD93843BDD0020000000001000800000AA00389B710016000000001000800000AA00389B710216000000001000800000AA00389B71FF00000000001000800000AA00389B719200000000001000800000AA00389B710800000000001000800000AA00389B7128BDAD46D06F964793B2155C51DC048DB088D91EFC3F23458725347BEEC1A8A07DD69D05552E414D8D1B01F5E4F50607286DDC36A6F1164290489CFCEFEB5EBADB271795CED2284596F63301FABB2DE0D0C4C4C449002B4E98FB9537F6CE516D0900000000001000800000AA00389B714902000000001000800000AA00389B714002000000001000800000AA00389B714102000000001000800000AA00389B7103000000EA0C1000800000AA00389B7104000000EA0C1000800000AA00389B7105000000EA0C1000800000AA00389B7106000000EA0C1000800000AA00389B7108000000EA0C1000800000AA00389B7109000000EA0C1000800000AA00389B710A000000EA0C1000800000AA00389B710B000000EA0C1000800000AA00389B710C000000EA0C1000800000AA00389B710D000000EA0C1000800000AA00389B71
(PID) Process:(3828) setup_wm.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Multimedia\ActiveMovie\Filter Cache
Operation:delete valueName:1
Value:
Executable files
1
Suspicious files
296
Text files
79
Unknown types
31

Dropped files

PID
Process
Filename
Type
2268chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old~RF1bea1e.TMP
MD5:
SHA256:
2268chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
2268chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old
MD5:456D3EF989973A7C218E338A6CFFAD25
SHA256:75631D994431F254B94255C50038A3657BFC45D76FCE9D794D514E57CA678872
2268chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old~RF1bea1e.TMP
MD5:358570F689377CE6838812643E03734B
SHA256:5B41FCC2E1A843AEAB9437B06E27B798870FF10D86A51B163BF48862BCD32590
2268chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
MD5:9C016064A1F864C8140915D77CF3389A
SHA256:0E7265D4A8C16223538EDD8CD620B8820611C74538E420A88E333BE7F62AC787
2268chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old
MD5:825B582C78EC88D54C215EFDF1EAD639
SHA256:367995D01A8F13E5C30C79499F86B034775BFD009D83DC97635DE438D47DFA37
2268chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF1bea2d.TMP
MD5:ECD3386BCC950E73B86EB128A5F57622
SHA256:C9A068EAFBC587EDFC89392F64DDD350EEB96C5CF195CDB030BAB8F6DD33833B
2268chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG.old~RF1beb18.TMP
MD5:65239F35CB63C76EA1F59EF64F7AAFF4
SHA256:252EF82CC03FDE4BEF13CF81CD1AC5CE45854212D1A7359035E7A5D6BEDBE229
2268chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\66420b34-ea3d-49d6-8791-0ff407cd75f1.tmp
MD5:5058F1AF8388633F609CADB75A75DC9D
SHA256:
2268chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\coupon_db\LOG.old~RF1bec8f.TMP
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
16
TCP/UDP connections
53
DNS requests
74
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1784
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAzlnDD9eoNTLi0BRrMy%2BWU%3D
unknown
unknown
1784
iexplore.exe
GET
304
87.248.204.0:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?d756f063ef0bd3d3
unknown
unknown
1784
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
unknown
1080
svchost.exe
GET
200
87.248.204.0:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?403d3d678564740a
unknown
unknown
1080
svchost.exe
GET
304
87.248.204.0:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?2b80dc4c9e8ba945
unknown
unknown
3828
setup_wm.exe
GET
302
2.16.164.98:80
http://redir.metaservices.microsoft.com/redir/allservices/?sv=5&version=12.0.7601.17514&locale=409&userlocale=409&geoid=f4&parch=x86&arch=x86
unknown
unknown
3828
setup_wm.exe
GET
200
2.16.241.10:80
http://onlinestores.metaservices.microsoft.com/serviceswitching/AllServices.aspx?sv=5&version=12.0.7601.17514&locale=409&userlocale=409&geoid=f4&parch=x86&arch=x86
unknown
unknown
3828
setup_wm.exe
GET
200
2.16.241.10:80
http://onlinestores.metaservices.microsoft.com/bing/bing.xml
unknown
unknown
1264
wmplayer.exe
GET
204.79.197.203:80
http://www.msn.com/sqm/wmp/sqmserver.dll
unknown
unknown
1264
wmplayer.exe
GET
302
2.16.164.98:80
http://redir.metaservices.microsoft.com/redir/allservices/?sv=5&locale=409&geoid=f4&version=12.0.7601.24499&userlocale=409
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted
3828
setup_wm.exe
2.16.164.98:80
redir.metaservices.microsoft.com
Akamai International B.V.
NL
unknown
3828
setup_wm.exe
2.16.241.10:80
onlinestores.metaservices.microsoft.com
Akamai International B.V.
DE
unknown
2268
chrome.exe
239.255.255.250:1900
unknown
4092
chrome.exe
142.250.184.195:443
clientservices.googleapis.com
GOOGLE
US
whitelisted
4092
chrome.exe
74.125.133.84:443
accounts.google.com
GOOGLE
US
unknown
4092
chrome.exe
142.250.186.68:443
www.google.com
GOOGLE
US
whitelisted
3772
msedge.exe
13.107.21.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown

DNS requests

Domain
IP
Reputation
redir.metaservices.microsoft.com
  • 2.16.164.98
  • 2.16.164.64
whitelisted
onlinestores.metaservices.microsoft.com
  • 2.16.241.10
  • 2.16.241.15
whitelisted
clientservices.googleapis.com
  • 142.250.184.195
whitelisted
accounts.google.com
  • 74.125.133.84
shared
www.google.com
  • 142.250.186.68
whitelisted
ntp.msn.com
  • 204.79.197.203
whitelisted
edge.microsoft.com
  • 13.107.21.239
  • 204.79.197.239
whitelisted
config.edge.skype.com
  • 52.123.243.214
  • 52.123.243.69
  • 52.123.243.204
whitelisted
assets.msn.com
  • 2.23.209.7
  • 2.23.209.57
  • 2.23.209.3
  • 2.23.209.25
  • 2.23.209.29
  • 2.23.209.20
  • 2.23.209.30
  • 2.23.209.28
  • 2.23.209.23
whitelisted
img-s-msn-com.akamaized.net
  • 2.16.164.74
  • 2.16.164.32
whitelisted

Threats

PID
Process
Class
Message
1264
wmplayer.exe
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
cryptosetup.dll