Thursday, July 9, 2026

Suspected Russian Threat Actor Impersonates Legitimate Crypto Wallets to Deploy Remote Utilities

Author(s): Vlad Pasca

Executive Summary

  • Threat actor distributes malicious cryptocurrency wallets (Anchor, Zec, Iota, Onto, Dark, and Stellar) as oversized Advanced Installer packages exceeding 600MB to evade detection.

  • Attacker-controlled domains achieve first page search engine rankings for targeted wallet names, intercepting users searching for legitimate cryptocurrency wallets.

  • The campaign exhibits cross-platform targeting with Windows, Linux, and macOS variants, though Linux and macOS versions of certain wallets remain non-malicious in some instances.

  • Initial executable files are signed with valid code signing certificates to establish false legitimacy and bypass security controls.

  • The campaign's objective is deploying Remote Utilities (RuRAT) remote management tool to establish persistent access on compromised systems.

  • Low-confidence attribution to a Russian-aligned threat actor based on Remote Utilities binary hash correlation with Ukraine CERT-UA report 5961 and Russian-language strings identified in analyzed samples.

Domain registration timelines demonstrate the campaign's extended operational lifespan, spanning multiple years from initial infrastructure establishment to ongoing activity.


Timeline of distribution domains registration


The infection vector utilizes Advanced Installer executables containing batch scripts that orchestrate the download and execution of MSI files from threat actor infrastructure. This layered deployment mechanism culminates in the installation of Remote Utilities (RuRAT) for persistent remote access. Persistence is achieved by creating multiple scheduled tasks on the infected host.


RuRAT (RMS) is a legitimate Russian-made remote management utility that is publicly available for trial and purchase. The tool offers a full suite of features that allows the threat actors to deploy additional malware, exfiltrate data, and perform other activities.


The following fake crypto wallets were created and distributed by the threat actor:


A Deeper Dive

We analyzed the 600MB+ null-padded Advanced Installer package that can be downloaded from the fake cryptocurrency wallet domain anchorwallet[.]org (SHA256: 553e3f0483580289f64e55d6646be3c4b530fe275519e510f659460d3bacfa08). This impersonates the legitimate Anchor Wallet that can be downloaded from greymass[.]com/anchor#download (Windows, Linux, and macOS versions).

The hash of the fake Anchor Wallet is displayed on the downloading page, however, the Windows hash is different from the real hash of the file downloaded from the domain. The Linux and macOS hashes are the same as that of the legitimate Anchor Wallet.

Figure 1 - Download page of anchorwallet[.]org

All versions of the fake DarkWallet from darkwallet[.]is are malicious. The Linux and macOS installers are Electron-based and drop an infostealer.

Figure 2 - Download page of darkwallet[.]is


The Python script can be used to extract the embedded files from Advanced Installer executables in most cases. The extracted file called “Anchors.ini” contains an MSI file that will be downloaded from zorvexion24[.]com/file/install.msi. Similar “.ini” files can be extracted from all Advanced Installer executables representing the other fake wallets.


Filename

Description

1display.bat

Hide notification area and kill explorer.exe

3.1setuphd.bat

Verify whether Task Manager is active and stop two RMM processes called rutserv and rfusclient

4h.bat 

Hide multiple components of the malicious activity on the infected machine

6last.bat, 9last.bat

Hide multiple components of the malicious activity on the infected machine

7SecurityCenter.bat

Restart explorer.exe

8display2.bat

Show notification area

10setup2.bat

Download and deploy the RMM tools on the host

Setup3.bat

Establish persistence using scheduled tasks


The batch file “1display.bat” hides the notification area by setting the “NoTrayItemsDisplay” registry value to 1. It also kills the explorer.exe process using PowerShell:

Figure 3 - 1display.bat

The file named 3.1setuphd.bat” creates a PowerShell script called “hd.ps1” in the “C:\Users\Public” directory. The purpose of the newly created script is to verify whether Task Manager is running and kills two processes called “rutserv” and “rfusclient”. We’ll see during the analysis that these two files are RMM tools that are installed by the malicious process.

Figure 4 - 3.1setuphd.bat

The malware adds the “System” and “Hidden” flags to multiple files and directories that are created during the malicious activity. It also modifies the “ShowSuperHidden” registry value to 2 and hides the installed application from Control Panel (Figure 5).

Figure 5 - 4h.bat

Files “6last.bat” and “9last.bat” are identical and set the same flags to a new directory called “Remote Utilities” from the “ProgramData” folder:

Figure 6 - 6last.bat

Using the “7SecurityCenter.bat” script, the malware creates a batch script in the Startup folder that restarts the explorer process.

Figure 7 - 7SecurityCenter.bat

The batch file “8display2.bat” shows the notification area by setting the “NoTrayItemsDisplay” registry value to 0:

Figure 8 - 8display2.bat

The malicious binary uses the “10setup2.bat” script to download multiple files. It downloads and executes an MSI file called “s.msi”, and two RMM files called “ruliserv.exe” and “rustclient.exe” that are saved in the “C:\Program Files (x86)\Remote Utilities – Host” directory. 

Figure 9 - 10setup2.bat

The installer creates multiple XML files corresponding to scheduled tasks that are created: \Update, \Startup, \Hd, and \Started (see Figure 10).

Figure 10 - Setup3.bat

The interface of the fake APT wallet is displayed in Figure 11.

Figure 11 - Fake APT Wallet interface

The Linux and macOS versions of the Idex Wallet are not malicious and were built using Electron-Vite. We can identify the username “junki” and the Russian word “Робочий стіл” (Workstation) in the config file of the applications.

Figure 12 - Config file contains words in Russian

The hashes of “rfusclient.exe” (SHA256: 02003563373af3215195ca0c23af03f845921fcfa31f58770927266b03c2ac40) and “rutserv.exe” (SHA256: f2a5023cd559597a1b70a7e02345fb9c80b740377fcf7341d5df2d462efafda5) can be found in the Ukraine CERT-UA report 5961 and were attributed to UAC-0096 (Russian-aligned threat actor). While the samples correlate with UAC-0096 activity documented in the 2023 CERT-UA report, this connection does not extend to all Remote Utilities deployments observed in the campaign. Moreover, other technical indicators were insufficient to confirm Russian threat actor involvement.

Basically, the threat actor deploys the legitimate RMM (Remote Monitoring and Management) tool called Remote Utilities (RuRAT) to the infected machines.

The Dark Wallet macOS version functions as a stealer that extracts information such as crypto wallets, browser cookies, passwords, a screenshot of the machine, FTP configs, SSH keys, and the clipboard’s content. The stolen data is exfiltrated to the haramejr3n[.]pw domain. The same stealer is implemented by the fake Electrum Doge wallet downloaded from electrum-dogecoin[.]org.

Figure 13 - Fake wallet extracts information to be exfiltrated to the C2 server

  

Mapping the Infrastructure

The threat actor registered domains for fake crypto wallets that look like legitimate crypto wallets such as Anchor and Zec Wallets (Windows, Linux, and macOS versions), Iota and Onto Wallets (Google Chrome extensions), a defunct wallet called Dark Wallet, and others.

Domain

zecwallet[.]com

idexwallet[.]com

anchorwallet[.]org

aptwallet[.]org

arkwallet[.]org

iotawallet[.]org 

ontwallet[.]org

electrum-dogecoin[.]org 

stratiswallet[.]org

heliumwallet[.]org

neowallet[.]org

stellarwallet[.]org

solletwallet[.]org

darkwallet[.]is



Code Signing Certificates

The initial Advanced Installer packages and downloaded files were signed with valid certificates:

Name

Serial Number

Shanghai Yusen Logistics Service(w.g.q) Co., Ltd.

00db087138d4669f36647e5975c3b9e384 

Hefei Xuxuan New Energy Technology Co., Ltd. 

46ae0713b1973afd7efeaac19b815b06

Hefei Fanchun Cultural Communication Co., Ltd. 

0091929de2700952a16ec4a63d9d815e9d

PIXEL PLAY PRIVATE LIMITED

505112bb8c61117fd1f062ff 

Yixing Guhao Ceramics Co., Ltd.

3cbe9d4011670300d1997db20ad1468e

Shanghai Longan YUE Metals Industry Co., Ltd.

4cb893988f46e7dd3e3c49b07486047e

MALA ENGICON PRIVATE LIMITED

194675a325fe355ea306b8aa

JAGNANI CREATIONS PVT. LTD

6e4da2a3cfa63a68b1259ad5

Wuxi Junhang Metal Materials Technology Co., Ltd.

00fac1893ddd1269e2fff8df609f973fa1

Gaomi Degao Machinery Technology Co., Ltd.

008d1aa13900e5593ad72ca20d844b5301

ENRRICHONE WELL-BEING PRIVATE LIMITED

02d7c777ae05bfd426232467

Yihua Yiye Education Technology (Wuhan) Co., Ltd.

6b01f6b50c12816c8330a9c9dae18430



 

Indicators of Compromise

C2 domains

haramejr3n[.]pw

electrum-doge[.]online


Github repository

github[.]com/hachshiba/electrum-doge


Distribution Domains


zecwallet[.]com

arkwallet[.]org

stratiswallet[.]org

darkwallet[.]is

idexwallet[.]com

iotawallet[.]org

heliumwallet[.]org

solletwallet[.]org

anchorwallet[.]org

ontwallet[.]org

neowallet[.]org


aptwallet[.]org

electrum-dogecoin[.]org

stellarwallet[.]org



Malicious domains hosting installers/additional malicious files


hdload[.]org

solletwallet-updates[.]com

softupdate[.]app

scatternode[.]top

multibitup[.]org

t8gridrelay[.]com

minisoftupdate[.]app

dough-app[.]top

multiupdate[.]org

unlstupdate[.]com

updates[.]solutions

mistethcrypto[.]top

idxservice[.]org

ethupdate[.]com

zupdate[.]icu

bchcore[.]top

velmorixan67[.]org

tethrupdate[.]com

zupdate[.]help

dogeportal[.]top

zarnovexil42[.]org

usdtupdate[.]com

mulpdate[.]icu

onlocalapp[.]top

noupdates[.]store

qv12meshlink[.]com

mupdate[.]icu

cronosapp[.]top

anchorupdate[.]com

datastreamrelay24[.]com

mbupdate[.]icu

heliumupdate[.]top

arkupdate[.]com

a1673dscrakamay[.]com

n4update[.]icu

vergecore[.]top

dogepush[.]com

networkvectorcore8[.]net

ancupdate[.]top

neupdate[.]xyz

straxupdate[.]com

zr9fluxnode[.]net

ethupdate[.]top

neo3update[.]xyz

drkupdate[.]com

mbiupdate[.]info

xlmworld[.]top

trwatch[.]xyz

multibitupdate[.]com

anchorv2[.]info

xrprelay[.]top

iotupdate[.]xyz

simpleoswallet-updates[.]com

dogeupdate[.]app

iconupdate[.]top

ontnode[.]sbs


SHA256


964f4fa8ef92aaecafeb599ffc2fa179d77e635cee72b3d0b68f431ece6b1271

ce4cfce1a53b7699acd6c64a2e3db771085f84b3815771c8c5c6b6ec01a29351

ee6e0c971610a62d07076076ad925095357b3ac84494c2d23913e328092f3a66

deca06d34c052fd7595d0fdd8e307412d6a6c67162852048dbc691f6d00843c5

986bd279f22b199112947f8b354020584a714e053ded35d240d9d2564f905431

89fdd7a989139ad9d78cd1167f4d5d0b7d5ae35507c46018a07d0e409ab04668

9eb8fadaf8c766972a690ac705d6a4af32db75d84d290aa8a8584885e59204dd

dd346703480c4e0204a647b0f56dec31bd3bb180d858dcbda8b962104c653b3b

e7713dc5dded5bd08686319b006a2e6ceabfefbe0d309a0fa56996160f067e7e

e04cf91b4e088e570c99004a446ccdae73a70e2bd3570d3ed796d107fa0d7b7b

96ac6a64c5f2aefa9f7a5818a14f3ed532b8201a787784153a5eb79f68160cb0

b5be0a680f2484786683bb835157571579299f89783443e8b88876d186ea0e72

42e24c93289c4a52785f030dcee9fe5390b246b675b6d31b67b0e295a77fc997

ff37e762431cfd61b13151d52af0e20703fc2178091ab6dfca33d036cc5e0fee

a6c14f647d138f0164c084e2738253903921ad2f01d77c6ccb19b9b5cbaaf32f

69edda5828de06f461521b2290b076d88d4e7268d7093cd0122f6473c42cc281

de54bddfc6c7113e497185c01e922bfa0e8c7dbeb5bee894a05d65359ba951f9

354a1e79cc4dd2f06d94e40f3d532933434b9f07cfee5443e9369498bcb85bf2

aa588c9a8a81938b6fefb47e9ab088734f73500916dab01ce7998f1778d1c6c5

aaa7ef802dd4a0839247ff775159908dbbea0650df576fe489a7c46210dff6c6

11e106fb70df51ef6eb56b53db702ecec3fcdfb9abe9fb613cb82ff444e9200d

3166c45ee0ef22679532dfd38e122673651ddd9dac06c42dec80c77557971cbc

e3737ee6a1108faab3222fa7626fd819de83151a90310a2c9224e4678c70f99d

9d93d2180c00ebdae5a4af618f2d0afd2fc29f599e662809a498f90c346e3280

7ae8037aebd0bb69b7c001fb0a84f354ef48567cc437c55d7db0a63f6748cbad

2d5cc00c84332b2d4a22c6be556ef7a4b864b9cbc884387aeb143f6c965697df

dc3448737bdc2262620419b9c92e793764ee1c8ad66d0e897ca64ee594659a6d

876538da922976743c40a8d49723cda325463c6f1a6baf1c28027a383ff14c6b

bbc0a82f06947649032a226fd75d36d6c70c9d7283db1a1b1359c1b3dfbd4c0b

3a29267ee5d96e167f1870d29cba74bb91fb5eb4af9d6f9cbfb066b468bf4eee

eebed33306b97dbfdd066fba682d58bcf93143f2b85fcaedf9956ea815e545bf

729f60e71f41d20618c744eefe8bcdf6e92544e7d6432f7c971d08d9f356b344

827a12c439e285709cdf832cf14ed2c5764967f04325588707655a35fab8f69f

37b4a10aa37ce8af7c69a1b3905ef0625cc243cc11785a37ea64fd8ba9c748b1

d42ca0eed4d9ca130c671bc6a89756bd2b671404fef63d4f182917e000afe376

43e141ee2c3a4981c0afc6c23899073b65d594f5c5216c7ca078a39299f1f8d8

aa1bc94a7053974b68fd2d670b51fee79ef696ada0d501a271a4fb64f92a8094

e6a2f4d1cc72b174a9b0024c8010f03ec89d9ddc7b2c7ddbaf817a0725126afa

1c76d39f0f6a2b11b6740a99aea91f22617cf319cf1eb13cd45e99b13d34f15b

6c44123a591711f74223b237928a96e1ae0b2634ddf908e94678147c99bb6f48

ed03feedd1e1e0e231d59806b232c25a6908305bab16ccf9f275cdc3bbe46eab

820c4d9a7502d230da0b2fa86caeedb9ea7baf4c54571908b466398c6ed79c56

94a247ad1bab952f96d4e9f1e98b16119703b93de3fe3e208aec4c7727bb4a61

de1ffd81f6a0c8304de9f1a1d5580ab03a83fbcd4d8c37e0ad3398181933e48b

56bb3f5c0024a8d70ff466546891a62dca0f026974604a148a0fbf2bed8978fe

cda75236ab8d8fec2f2a9e9b5c55c40c52f306d995f69ef57f9555b85f136be2

b57afb109ff4c3b8e0ddab3f3755fe59e9cf69d86c89a3addf76e0a0059178d7

9f34d6b4d4e50861585f6a92d4d1bc902eed77490ef4589fae6c8e8afa76b275

5e1fda4db98cf525f05f7eecbdf17fedbed11c4aaa183a5d56aaf48653c270a5

a427a07611d06c8d275f9e7f9472296d64efc69728c52493e0ee87e185294973

84e9d413f0e1bb69679241ce8fe3ddafda8702b846f73c4859ab283cf0f0d0b9

6e8bd12c4f91805fe40c1fa2bdfac86e5cec0f773d59e40d18a8cb36ec2961f5

3f01b255f64dae77e6bdeaf917fe88c0bad973fbda6e785ccd5bfca9637c6870

37667c462bd8886b762e686ddbb39c55914f303b244f40373172b201cccc48c1

f850a36a7947a00b26e22ac16f3184761d0428a9f31f8ebfc2ec41cd360b5965

0402816f3934e80e07eaedbad54cdec5430a3e42f4160b78b26bc27b48c5c5d8

db2a192cddda52fc13391800f444fd1646da2a7378edb9761fea213b6c5eb355

f9293bdf7d702ba35975d1ba250352f365d0deeb9f6451b78320f958838526e2

fe541ad0783f7b60d18acd75b6d60d4570903c38671d0f0f3d571f5147563e17

f0a637405491bfa9f50cd5bcb568ec7c6e0b03244a634cad80ad5b0c150f3128

1c43aad827b19ccd3f7825cf3f0693de5d3ac3b3028db6affe78dbf16e0615e1

cea11bde8f163dd76f139df7d1fecf0e491e1e5db243091b5401033d4422b66e

dbd91b94e3583dc487a96d43441329144b087302ce575608dd1d5ea7f781c0ab

ce52abe92e747250f672542939664beb45dc48d190ebba057a8d4e2fb5715ff4

43a8c1b43e946a20e1bfc549a38fd7a0b9f1efab2fe3e6a3c0b874584ddf0171

18931450e1a6b5e83788d03a748ffc8722ecd14045d492180f57ee77f310b429

24f3bb8783f9cb157047beba03032751b0af04a40a00accda912c3d0d40f428f

317c9896cd998cce553d93c908f42d2de6f909d77336d1983a9cbc0369517752

a03e5e6c809712883ec3bafa68e9d1923281cbf8f55f39905a601746cfe4464a

202a50879a596789e7e81ceba0c8aaa16e80871d28ac6aa8a8acfadf15a9fcd9

1bc024b20e19d5febeb62160bbf9ab9465e3e1dc4f93168a2b8daf304aa2777d

55bb2aa62e6d65c3cd6fe2d577843c309fb16e7908164fa576035f47c2185c05

db4f7272a491be96b6e547b2bcc7808101dca0d929943aeaafb3a17f363053aa

a8897ec67360d988e6282f9f48143b7b2228eb8062be44cdf7e2fc05a8371cbb

0fc1e4748cf4ed894b878af8b6fc2933b282f7aed977b96b68a7f10caaa6e018

f51d0b2b267a785d095a8d864806e6bc0da591be490f26ddcb3c4cd079f188a9

10ac291868de15712fb32100f25f5c0331fba5e70ef0347b953474d9b153bb81

c1257c7b87ce35f1f8c6aed25cea20ebc88fc38c9848c591d2aa7cef82e2086a

18f25ebdcacc82ab01f4d53151cd575ec1f21cfd2eda5539eb1af9a9dec139ba

3652651b1e09beca43aa18a8e575a0c01a1ab5f1d950d318f7902794c14ce1c9

4659ff8e08e4fb9004c28eff6c8276e1c1cc5c59c2c517c7e8a010fe9338bfe6

f19eebffd959c264f2ebf692df7858f6380155966c8026c8e68e733e6b38b868

f2de89b2e066fd492d992f623819281e7f9d05519a8c1ed381c03444adb189e1

87ef147b28582e47c5bc7d5b4c90651084aa5a26c1507c2b5291ef03ee613192

e37a3f62f55f3b2fe4e7e4ffef38bd074849b6ee5db8ef2096aba8f3de180b9b

143a027c77c4e717edcc36fdff31556a54ccabfafd4fb62c216cbf24b3a9fc0d

a14b3e2f85a42fce29cc00e53c60c2bba3414c1e88ee19496a792fb01dbc468e

1129029e266dfd6dac7c7b77a19e823af463433219e77b59bd5cfdd98c6580ba

920e6e73e817f20d4bfe52dac7664356b39c58e710adf5cd434a171c8c959622

6e67574beae8b2ee8f444ec01131ab4bf04a23db58853faeb0fc22074c48887b

0b127666be52c78d1f302dfa8dffc44648092be87ce8d6a020f8b1d9f393ac0c

545f5bc1806b5fb9b266cbe76102de85272c2256e23be0a318b7743ecc4c66a2

2182d32d8021812c98847c3ce37a2e3b64e930b1ce7c7bc97ff72a00712976ed

de1ea4ce0bd9be80b5ae356be69d0fdf1541664ccb495f0fe267e91671f5dd44

aca8ee4778a68fb0220eb927e091f5c61d2e93fd09ba53a5222b49bd1a88252d

8728dab5be7622aeb5f9bc554edd05841da385957b4d525b081c2b437ff35e6b

f505ba61a6e953960f95079798e257bd7be1a3885074c8818795875018d6064c

dceb595e74b61126ccb241c94f844e4477c0a615d1fa8278d46ccd57f6223298

8a5fa6fc3b11466799547f6f2da5d892e48439eafe41166b3479ea2d94f3a4ea

872e29469057b137282ed54879338624d3d629c1716c222ce9eb78523bf4dbf4

129c436809218eeac98a765c085f27ddbcbd2b99b4e755ac40afa77a1fe3038c

05962da5a51443a7f68ca7d91cace4caeeebb858081d5a7562e6ed02fe42e811

6463474689335f62449d9b2e611dbe783648ee05700c49f442b38d7a6dd2a497

2a0c10b121820075221c4730337417cf3aca0f2f326b53059f435a1dc11e0fb1

500969e2e2d9536099d40b189667f1dbca3514654bd417699c9d758f3117f313

9ff10bf03a4ca067c3d78846edfb94e1a0bed02f5d833cc18e11ac86d9fcb99a

028475763a1ca5bf5d0166d2b980d0fa1850c8ad3a923d4b1a535ddad8b7cda7

a26c5ce1b9aa3fae8b453c340456aa0f4c2cce4535d510724fb70db85facc904

5d7930377356fca45896de52bbb1bb6cc937910f135e545af2335c94b5988fb2

691b2275f0d8a8282f81f891c99179474baf9088b4ebb2fafa601e88579623a0

12a696a76cdd14665812dc71998d1601e22cdc6c943e208869bb7b519af2bf6f

a46a34499e4be306845935e7ef3618a4bf02fbdc090804fef47d4e9691239211

8157e3e2f24f42ae95442ec30c5fe1ec45bbb2e250e60df65f52506ebb5da9c2

b3ff290247eca6163d18fe4d082c4a5e6dff7cedc0c1b6e76acd3f898e0a19fd

41bf53415dc48c88c11417d78649cdcb9d11703f3a6c3b4761b4a6d763ab29a5

2e6c9d19f33af9a50f327356ace598dad5d226673a5512a30ceaa2c1bc9a23d8

92f5b5abd23222cfaefb761347bf8399faf3c15022f54135e6b78c6636de3e78

4fafb63da43a696872f0566df5725cc12b7599c235b5557113f077308b33d5fe

f71c692c61e1542c90b234a010b2167e25dab7176e6d8c215e2e2ada009dda66

0172d3b9f79c9f91907ba085d3840818a2571c004668db28209a324f5bd463d9

b718f2bd190c13f69066957af3bb0be02a4c9b9fdd294b844ed307abb1d7c655

c12f7122c6f12580c43c8e9699ba52965379bcb157565b825de5df8a5edf27b5

4e6e00395922695a92807f600b0b9a23b9b0575422eb907a3c64832c4eac27b4

621b64a7318d238cdc78e7a961719ff77fb50f18fe386ba088d470ad73435cd3

c80e61a2ab69f816fba9ddfd3bf93ef569c08db35e1a6ffa1d95da140ecaf9f3

11b7a18b617876c34d98a8ec362f6a08c3e7308b5e7c6d792d4c417e55ce3814

3b2df007a63e449e1bc4240c29b8c64c39c1b86c27213bde876f8ffb271446cb

fffb1b551c027e1d34d5af72e5f311a0f1ed21fa8b49bf37b5dcb1b13b65db77

cc0efd56fad8bfc05a19b26a64f6988c29d138e996112d448ff413f0a000f408

7600248548d7b90e38ce8dd275c4f65dfc6e795fabd270f0a1e60b5af064b324

113a6b1db1537349d2557011677d4c102364f1b1543ae512ae6e5b2426610f1d

6e83e48742c89362152b1298d8efe6139d2fbbbaf167d6992163d1ac02424ff6

db60f1d3a4e5fbf6386f76fedd78dc8e1ee9b1c1caf2c943fd085160638c6e73

3cb7d90e6ace13edda4a80219e2b19737617ef248f6bf4fd39cbfa6fd31a996a

03ab4e9a3bd4e385319bbc9f998de44b222e2238ed182bc4a7b68b86604df523

0a80d1cde2e5ef2a58a2f6363f94b4fd1b8bcc81b7e0a976f98b3bce56eb7610

e02690db2a2a432c6ec952eb9c1f4755e1bd21710e15198b910412ab364a5a36

2f1653b7fe34db2080550480f55d7e3acaeec85d9784a196f56b5bf7523254ca

afe0d86adb096af2d19db836ff56305cb62a33eed19528e1b39e3e1942fd4199

b89926d884745c7e6608aa42a8eefa4e744c79f2be751b6e445f230f990a9f96

f081ae7817b24c0f7391a14b7e24984f978cb2a89105f8924169191aad4abe35

434d36f2e03106492c80ed3a171b4659e4eecab9411cd19d94bd6207b9ad117c

ba0f09137b4cbf7f1635d601366233c8b6f859b595a5eb11c49e2b80b19d5005

3d47d08759dcb2f04eb24e2c59b80a391002a7884ebb6650af2f022254b00698

f2da761fade1ff6cd55e6f82916ec6e70c938df486223d92e7a6d50e16741345

809cc44477f12b6356fdeb248578d204dd5aeaae55da21595d48dfc0387aa64c

9105d4e123f496d4ced0c21cd8590ddd232eae636b00557cf18c49e7892d6e92

1f118154a6f03f9dff646cbfb394b35ecd573346aac6ce31917fbe6d892c5d18

91264c13754782b83a35f5da7cc81cbf401e915d957d95ffd20a69107b9063dc

86b7e79ba5fd6338b60863aa1d045dd02f4390c502ada1bc4d734a21ae8e5945

0ab105990df69a1ed785849b7b0e067dd8c4094fb0b0dd6ec5229c038a61a654

97e8896c17aac2db3dc06e1b3d782020be5ef27537a7d7ef8740846dbff1bd43

c68dee9f88e1eddbd6bfcd233f8c136becd1c7418ce9ae06ba457fb5cd5061db

b31dbe342668fef2db65cef72fc92981e351b2d449389bc7e558c0fd7c6a4de6

c1ec42abf050d35a25129b0366346f1871d7bbc720af06547f5fdde6d35e6868

439d7f7097b6dae2f91eb178ec1ccd72bd27055cf0ef009db5495bf1c642c98e

c045ba517967c058d7991ee74c12cc5a2f3fb6d982422b5ead20afa104202287

d0445fcc6bf0efe53d9490a9669e78280da07c4c9f2376eb72ab5e753ce6093c

64b6d3302a7804fec022b37332f0eebbb8f516e02c52e1db8c45e399f52664e5

cc3b976b2bcb90a058d575e54ffe9162c56d82519bc534b8b7f73a42be43e0ed

74eac4ff60257db6dcbef047e8b9f23f03f3c328573aadf7091093504405b3a8

dec7c5f1c5e6b9a322091a6e6b3ddc29cb65f18e639bc281fc756a4d1c991b74

4f55c34f37b1881ff46a27354262a657a7edfed898852974fc6b42aad6190028

4433275435e9e68b6aca180eaf1c9776d31b2f354a337063b5a2af04efd2e7a1

95c9b5e09e9c9602955ce47bb688fe737e2236f7872a913bbc0f4d20e5e451d2

df382190451bf8f8fcd0a479d865eb496a91122b73da0097ae7a0eee06224a95

33249913aaff8172a459eba02c38d10ebbb7644c9b3d09c4bcc5ccd1a1e4bfa1

317f6e06b83e727ffbcd4012bdf5cc6424dc17588d86924a31632781838d51d8

41de37c11219fd9db676192141ffefaa62840d91a6a06475508fa5539ce9674f

5fca969d498442e55de2921a9147fd41a1873dd527d6f1df255e80bcfd4b662d

a81ef6204bb28c75f396047db2505f0d1c0a14f869c8dc4637ea9ba7771c1f62

2271e21df4cfb18f2c77eeb049befd39b2a740b5565979f95fd1126b7c592304